@treeseed/sdk 0.10.24 → 0.10.26

package/dist/operations/services/config-runtime.js

@@ -2123,6 +2123,7 @@ async function syncTreeseedGitHubEnvironment({
   dryRun = false,
   repository: repositoryInput,
   valuesOverlay = {},
+  entryIds,
   managedHostMode = "auto",
   execution = "parallel",
   concurrency = 4,
@@ -2145,8 +2146,10 @@ async function syncTreeseedGitHubEnvironment({
   }) : null;
   const allowedSecrets = allowed ? new Set(allowed.secrets) : null;
   const allowedVariables = allowed ? new Set(allowed.variables) : null;
+  const entryFilter = Array.isArray(entryIds) && entryIds.length > 0 ? new Set(entryIds) : null;
   const relevant = registry.entries.filter((entry) => {
     if (!entry.scopes.includes(scope)) return false;
+    if (entryFilter && !entryFilter.has(entry.id)) return false;
     if (!managedBoundary) return true;
     if (entry.sensitivity === "secret") {
       return Boolean(entry.targets.includes("github-secret") && allowedSecrets?.has(entry.id));
@@ -2218,25 +2221,48 @@ async function syncTreeseedGitHubEnvironment({
     repository,
     scope,
     environment,
+    entryIds: entryFilter ? [...entryFilter] : void 0,
     ...synced
   };
 }
-function syncTreeseedCloudflareEnvironment({ tenantRoot, scope = "prod", dryRun = false } = {}) {
-  const values = resolveTreeseedMachineEnvironmentValues(tenantRoot, scope);
+function syncTreeseedCloudflareEnvironment({
+  tenantRoot,
+  scope = "prod",
+  dryRun = false,
+  valuesOverlay = {},
+  entryIds,
+  onProgress
+}) {
+  const values = {
+    ...resolveTreeseedMachineEnvironmentValues(tenantRoot, scope),
+    ...nonEmptyEnvironmentValues(valuesOverlay)
+  };
   const target = createPersistentDeployTarget(scope);
+  const progress = (message, stream = "stdout") => onProgress?.(message, stream);
   for (const [key, value] of Object.entries(values)) {
     if (typeof value === "string" && value.length > 0) {
       process.env[key] = value;
     }
   }
+  progress(`[${scope}][cloudflare][config] Generating Wrangler config...`);
   const { wranglerPath } = ensureGeneratedWranglerConfig(tenantRoot, { target });
-  const syncedSecrets = syncCloudflareSecrets(tenantRoot, { dryRun, target });
   const registry = collectTreeseedEnvironmentContext(tenantRoot);
-  const cloudflareVars = registry.entries.filter((entry) => entry.scopes.includes(scope) && entry.targets.includes("cloudflare-var")).map((entry) => entry.id).filter((key) => typeof values[key] === "string" && values[key].length > 0);
+  const entryFilter = Array.isArray(entryIds) && entryIds.length > 0 ? new Set(entryIds) : null;
+  const cloudflareSecrets = Object.fromEntries(registry.entries.filter((entry) => entry.scopes.includes(scope) && entry.targets.includes("cloudflare-secret") && (!entryFilter || entryFilter.has(entry.id))).map((entry) => [entry.id, values[entry.id]]).filter(([, value]) => typeof value === "string" && value.length > 0));
+  progress(`[${scope}][cloudflare][sync] Syncing Cloudflare secrets...`);
+  const syncedSecrets = syncCloudflareSecrets(tenantRoot, {
+    dryRun,
+    target,
+    extraSecrets: cloudflareSecrets,
+    entryIds
+  });
+  const cloudflareVars = registry.entries.filter((entry) => entry.scopes.includes(scope) && entry.targets.includes("cloudflare-var") && (!entryFilter || entryFilter.has(entry.id))).map((entry) => entry.id).filter((key) => typeof values[key] === "string" && values[key].length > 0);
+  progress(`[${scope}][cloudflare][sync] Complete: ${syncedSecrets.length} secrets, ${cloudflareVars.length} vars.`);
   return {
     scope,
     target,
     wranglerPath,
+    entryIds: entryFilter ? [...entryFilter] : void 0,
     secrets: syncedSecrets,
     varsManagedByWranglerConfig: cloudflareVars
   };
@@ -2245,18 +2271,30 @@ function environmentEntryTargetsService(entry, serviceKey) {
   const targets = Array.isArray(entry.serviceTargets) ? entry.serviceTargets.map((value) => String(value).trim()).filter(Boolean) : [];
   return targets.length === 0 || targets.includes(serviceKey);
 }
-function railwayEnvironmentEntryIdsForService(registry, values, scope, target, serviceKey) {
-  return registry.entries.filter((entry) => entry.scopes.includes(scope) && entry.targets.includes(target) && environmentEntryTargetsService(entry, serviceKey)).map((entry) => entry.id).filter((key) => typeof values[key] === "string" && values[key].length > 0);
+function railwayEnvironmentEntryIdsForService(registry, values, scope, target, serviceKey, entryFilter = null) {
+  return registry.entries.filter((entry) => entry.scopes.includes(scope) && entry.targets.includes(target) && (!entryFilter || entryFilter.has(entry.id)) && environmentEntryTargetsService(entry, serviceKey)).map((entry) => entry.id).filter((key) => typeof values[key] === "string" && values[key].length > 0);
 }
-function syncTreeseedRailwayEnvironment({ tenantRoot, scope = "prod", dryRun = false } = {}) {
+function syncTreeseedRailwayEnvironment({
+  tenantRoot,
+  scope = "prod",
+  dryRun = false,
+  valuesOverlay = {},
+  entryIds,
+  onProgress
+}) {
   const config = syncManagedServiceSettingsFromDeployConfig(tenantRoot);
-  const values = resolveTreeseedMachineEnvironmentValues(tenantRoot, scope);
+  const values = {
+    ...resolveTreeseedMachineEnvironmentValues(tenantRoot, scope),
+    ...nonEmptyEnvironmentValues(valuesOverlay)
+  };
   const deployConfig = loadCliDeployConfig(tenantRoot);
   const marketDatabaseService = deployConfig.services?.marketDatabase;
   const marketDatabaseBaseName = typeof marketDatabaseService?.railway?.serviceName === "string" && marketDatabaseService.railway.serviceName.trim() ? marketDatabaseService.railway.serviceName.trim() : `${deployConfig.slug ?? "treeseed-market"}-postgres`;
   const marketDatabaseServiceName = `${marketDatabaseBaseName.replace(/-(staging|prod|production)$/u, "")}-${scope === "prod" ? "prod" : scope}`;
   const marketDatabaseUrl = typeof values.TREESEED_MARKET_DATABASE_URL === "string" && values.TREESEED_MARKET_DATABASE_URL.length > 0 ? values.TREESEED_MARKET_DATABASE_URL : marketDatabaseService?.enabled !== false && marketDatabaseService?.provider === "railway" ? `\${{${marketDatabaseServiceName}.DATABASE_URL}}` : "";
   const registry = collectTreeseedEnvironmentContext(tenantRoot);
+  const entryFilter = Array.isArray(entryIds) && entryIds.length > 0 ? new Set(entryIds) : null;
+  const progress = (message, stream = "stdout") => onProgress?.(message, stream);
   const serviceValuesByName = /* @__PURE__ */ new Map();
   const services = configuredRailwayServices(tenantRoot, scope).map((service) => {
     const fallbackServiceName = service.key === "api" ? config.settings.services.railway.apiServiceName : service.serviceName;
@@ -2281,13 +2319,14 @@ function syncTreeseedRailwayEnvironment({ tenantRoot, scope = "prod", dryRun = f
       rootDir: service.rootDir,
       baseUrl: service.publicBaseUrl ?? "(unset)",
       environmentName,
-      secrets: railwayEnvironmentEntryIdsForService(registry, serviceValues, scope, "railway-secret", service.key),
-      variables: railwayEnvironmentEntryIdsForService(registry, serviceValues, scope, "railway-var", service.key),
+      secrets: railwayEnvironmentEntryIdsForService(registry, serviceValues, scope, "railway-secret", service.key, entryFilter),
+      variables: railwayEnvironmentEntryIdsForService(registry, serviceValues, scope, "railway-var", service.key, entryFilter),
       dryRun
     };
   }).filter(Boolean);
   for (const service of services) {
     const serviceValues = serviceValuesByName.get(service.serviceName || service.serviceId || service.instanceKey || service.service) ?? values;
+    progress(`[${scope}][railway][${service.service}] Syncing ${service.secrets.length} secrets and ${service.variables.length} variables...`);
     for (const key of service.secrets) {
       runRailway(
         ["variable", "set", "--service", service.serviceName || service.serviceId, "--environment", service.environmentName, "--stdin", "--skip-deploys", key],
@@ -2300,9 +2339,11 @@ function syncTreeseedRailwayEnvironment({ tenantRoot, scope = "prod", dryRun = f
         { cwd: service.rootDir, dryRun, input: serviceValues[key] }
       );
     }
+    progress(`[${scope}][railway][${service.service}] Complete.`);
   }
   return {
     scope,
+    entryIds: entryFilter ? [...entryFilter] : void 0,
     services
   };
 }
@@ -2477,7 +2518,8 @@ function formatTreeseedConfigValidationFailure(validations, scopes) {
     lines.push(`${scope}:`);
     for (const problem of [...validation.missing, ...validation.invalid]) {
       const targets = problem.entry.targets.length > 0 ? ` Targets: ${problem.entry.targets.join(", ")}.` : "";
-      lines.push(`- ${problem.id}: ${problem.message}${targets}`);
+      const source = problem.entry.sourceRequirement ? ` Source: ${problem.entry.sourceRequirement}${problem.entry.sourceProvider ? ` (${problem.entry.sourceProvider})` : ""}.` : "";
+      lines.push(`- ${problem.id}: ${problem.message}${targets}${source}`);
     }
   }
   return lines.join("\n");
@@ -2596,6 +2638,9 @@ function buildConfigEntrySnapshot(scope, entry, currentValue, suggestedValue) {
     purposes: [...entry.purposes],
     storage: entry.storage ?? "scoped",
     validation: entry.validation,
+    sourceRequirement: entry.sourceRequirement,
+    sourceHostType: entry.sourceHostType ?? null,
+    sourceProvider: entry.sourceProvider ?? null,
     scope,
     sharedScopes: entry.storage === "shared" ? [...entry.scopes] : [scope],
     required: false,
@@ -3046,7 +3091,10 @@ function collectTreeseedPrintEnvReport({
         sensitivity: entry.sensitivity,
         value: rawValue,
         displayValue: rawValue ? entry.sensitivity === "secret" && !revealSecrets ? maskValue(rawValue) : rawValue : "(unset)",
-        source: sources[entry.id] ?? "unset"
+        source: sources[entry.id] ?? "unset",
+        sourceRequirement: entry.sourceRequirement,
+        sourceHostType: entry.sourceHostType ?? null,
+        sourceProvider: entry.sourceProvider ?? null
       };
     })
   };

package/dist/operations/services/deploy.js

@@ -2916,7 +2916,12 @@ function syncCloudflareSecrets(tenantRoot, options = {}) {
   const env = {
     CLOUDFLARE_ACCOUNT_ID: resolveConfiguredCloudflareAccountId(deployConfig)
   };
-  const secrets = buildSecretMap(deployConfig, state);
+  const entryFilter = Array.isArray(options.entryIds) && options.entryIds.length > 0 ? new Set(options.entryIds) : null;
+  const extraSecrets = options.extraSecrets && typeof options.extraSecrets === "object" ? Object.fromEntries(Object.entries(options.extraSecrets).filter(([key, value]) => (!entryFilter || entryFilter.has(key)) && typeof value === "string" && value.length > 0)) : {};
+  const secrets = {
+    ...buildSecretMap(deployConfig, state),
+    ...extraSecrets
+  };
   const synced = [];
   const dryRun = options.dryRun ?? false;
   for (const [key, value] of Object.entries(secrets)) {

package/dist/operations/services/hub-launch.js

@@ -223,6 +223,7 @@ function phaseFromProviderLaunch(entry) {
     repo_provision: "repository_create",
     content_repository: "content_repository_create",
     content_bootstrap: "starting_shape_apply",
+    host_binding_config: "host_binding_config",
     workflow_bootstrap: "config_sync",
     hosting_registration: "cloudflare_reconcile",
     runtime_connection: "backend_processing_connect"

package/dist/operations/services/hub-provider-launch.d.ts

@@ -1,7 +1,9 @@
 import { checkTreeseedProviderConnections, syncTreeseedGitHubEnvironment } from './config-runtime.ts';
 import { configuredRailwayServices, deployRailwayService, ensureRailwayScheduledJobs, verifyRailwayScheduledJobs } from './railway-deploy.ts';
+import { type ProjectLaunchSecretSyncResult } from './template-secret-sync.ts';
 import { buildKnowledgePackMarketPackage, buildTemplateMarketPackage } from './market-packaging.ts';
-export type KnowledgeHubProviderLaunchFailurePhase = 'repo_provision_failed' | 'content_bootstrap_failed' | 'workflow_bootstrap_failed' | 'hosting_registration_failed' | 'runtime_connection_failed';
+import type { ProjectLaunchConfigWritePlanItem, ProjectLaunchResolvedHostBinding, ProjectLaunchSecretDeploymentPlanItem } from '../../template-launch-requirements.ts';
+export type KnowledgeHubProviderLaunchFailurePhase = 'repo_provision_failed' | 'content_bootstrap_failed' | 'workflow_bootstrap_failed' | 'hosting_registration_failed' | 'host_binding_secret_sync_failed' | 'runtime_connection_failed';
 export interface KnowledgeHubProviderLaunchInput {
     projectId: string;
     teamId: string;
@@ -47,6 +49,13 @@ export interface KnowledgeHubProviderLaunchInput {
         manageDns?: boolean;
         provider?: string | null;
     } | null;
+    hostBindings?: Record<string, ProjectLaunchResolvedHostBinding>;
+    hostBindingPlans?: {
+        configWrites?: ProjectLaunchConfigWritePlanItem[];
+        secretDeployment?: {
+            items?: ProjectLaunchSecretDeploymentPlanItem[];
+        };
+    };
 }
 export interface KnowledgeHubCloudflareHostConfig {
     CLOUDFLARE_API_TOKEN?: string;
@@ -110,6 +119,7 @@ export interface KnowledgeHubProviderLaunchResult {
             created: string[];
         };
         environmentSync?: Array<Awaited<ReturnType<typeof syncTreeseedGitHubEnvironment>>>;
+        hostBindingSecretSync?: ProjectLaunchSecretSyncResult | null;
     };
     cloudflare: {
         staging: ReturnType<typeof provisionCloudflareResources>;

package/dist/operations/services/hub-provider-launch.js

@@ -17,8 +17,14 @@ import { configuredRailwayServices, deployRailwayService, ensureRailwayScheduled
 import { loadCliDeployConfig } from "./runtime-tools.js";
 import { templateCatalogRoot } from "./runtime-paths.js";
 import { scaffoldTemplateProject } from "./template-registry.js";
+import { applyProjectLaunchHostBindingConfig } from "./template-host-bindings.js";
+import {
+  ProjectLaunchSecretSyncError,
+  syncProjectLaunchHostBindingSecrets
+} from "./template-secret-sync.js";
 import { buildKnowledgePackMarketPackage, buildTemplateMarketPackage, importKnowledgePack } from "./market-packaging.js";
 import { resolveTreeseedToolBinary } from "../../managed-dependencies.js";
+import { TREESEED_DEFAULT_STARTER_TEMPLATE_ID } from "../../sdk-types.js";
 class KnowledgeHubProviderLaunchError extends Error {
   phase;
   phases;
@@ -609,10 +615,10 @@ function buildCloudflareHostEnvironmentOverlay(input, scope) {
 }
 function scaffoldLaunchSource(projectRoot, input) {
   const repositoryName = slugify(input.repoName ?? input.projectSlug, "project");
-  const templateId = input.sourceKind === "template" ? slugify(input.sourceRef ?? "starter-basic", "starter-basic") : "starter-basic";
+  const templateId = input.sourceKind === "template" ? slugify(input.sourceRef ?? TREESEED_DEFAULT_STARTER_TEMPLATE_ID, TREESEED_DEFAULT_STARTER_TEMPLATE_ID) : TREESEED_DEFAULT_STARTER_TEMPLATE_ID;
   const templateCatalogEnv = { TREESEED_TEMPLATE_CATALOG_URL: currentTemplateCatalogUrl() };
   if (input.sourceKind === "knowledge_pack") {
-    return scaffoldTemplateProject("starter-basic", projectRoot, {
+    return scaffoldTemplateProject(TREESEED_DEFAULT_STARTER_TEMPLATE_ID, projectRoot, {
       target: input.projectSlug,
       name: input.projectName,
       slug: input.projectSlug,
@@ -769,6 +775,26 @@ async function executeKnowledgeHubProviderLaunch(input, options = {}) {
     await scaffoldLaunchSource(workingRoot, input);
     ensureHostedProjectFiles(workingRoot);
     const managedDefaults = applyManagedProjectDefaults(workingRoot, input);
+    const hostBindingConfig = applyProjectLaunchHostBindingConfig({
+      projectRoot: workingRoot,
+      hostBindings: input.hostBindings,
+      hostBindingPlans: input.hostBindingPlans,
+      launchInput: input,
+      derived: {
+        projectSlug: slugify(input.projectSlug, "project"),
+        projectName: input.projectName,
+        repositoryName: repoName
+      }
+    });
+    if (hostBindingConfig.configWrites.length > 0 || hostBindingConfig.environmentWrites.length > 0) {
+      await appendPhase(
+        phases,
+        "host_binding_config",
+        "completed",
+        `Applied ${hostBindingConfig.configWrites.length} host config write${hostBindingConfig.configWrites.length === 1 ? "" : "s"} and ${hostBindingConfig.environmentWrites.length} environment overlay entr${hostBindingConfig.environmentWrites.length === 1 ? "y" : "ies"}.`,
+        reportPhase
+      );
+    }
     const seed = seedLaunchContent(workingRoot, input);
     packageSourceRoot = mkdtempSync(join(tmpdir(), `market-package-${slugify(input.projectSlug, "project")}-`));
     cpSync(workingRoot, packageSourceRoot, { recursive: true });
@@ -823,7 +849,11 @@ async function executeKnowledgeHubProviderLaunch(input, options = {}) {
     const workflows = await ensureGitHubDeployAutomation(workingRoot, { valuesOverlay: prodEnvOverlay });
     commitAndPushLaunchRepository(workingRoot, `Configure ${input.projectName} deployment`, { forcePush: !input.existingRepository?.url });
     pushDefaultWorkstreamBranch(workingRoot);
-    let workflowSummary = { ...workflows, environmentSync: [] };
+    let workflowSummary = {
+      ...workflows,
+      environmentSync: [],
+      hostBindingSecretSync: null
+    };
     await appendPhase(phases, "workflow_bootstrap", "completed", "Configured GitHub workflows.", reportPhase);
     await appendPhase(phases, "hosting_registration", "running", "Provisioning Cloudflare resources and deploy state.", reportPhase);
     const staging = await reconcileTreeseedTarget({
@@ -844,11 +874,51 @@ async function executeKnowledgeHubProviderLaunch(input, options = {}) {
         ...typeof widget.secret === "string" && widget.secret.length > 0 ? { TREESEED_TURNSTILE_SECRET_KEY: widget.secret } : {}
       };
     };
-    const githubEnvironmentSync = [];
-    for (const [scope, valuesOverlay] of [
+    const scopedEnvironmentOverlays = [
       ["staging", turnstileOverlay(staging.state, stagingEnvOverlay)],
       ["prod", turnstileOverlay(prod.state, prodEnvOverlay)]
-    ]) {
+    ];
+    const hostBindingSecretPlanItems = input.hostBindingPlans?.secretDeployment?.items ?? [];
+    if (hostBindingSecretPlanItems.length > 0) {
+      await appendPhase(
+        phases,
+        "host_binding_secret_sync",
+        "running",
+        `Syncing ${hostBindingSecretPlanItems.length} host-bound environment entr${hostBindingSecretPlanItems.length === 1 ? "y" : "ies"}.`,
+        reportPhase
+      );
+      try {
+        const hostBindingSecretSync = await syncProjectLaunchHostBindingSecrets({
+          projectRoot: workingRoot,
+          repository: repository.slug,
+          hostBindings: input.hostBindings,
+          secretDeploymentPlan: input.hostBindingPlans?.secretDeployment,
+          valuesByScope: Object.fromEntries(scopedEnvironmentOverlays),
+          onProgress: async (event) => {
+            await appendPhase(
+              phases,
+              `host_binding_secret_sync_${event.provider}_${event.scope}`,
+              event.status === "running" ? "running" : event.status,
+              event.message,
+              reportPhase
+            );
+          }
+        });
+        workflowSummary = { ...workflowSummary, hostBindingSecretSync };
+        await appendPhase(phases, "host_binding_secret_sync", "completed", "Synced host-bound environment entries.", reportPhase);
+      } catch (error) {
+        const result = error instanceof ProjectLaunchSecretSyncError ? error.result : null;
+        workflowSummary = { ...workflowSummary, hostBindingSecretSync: result };
+        await appendPhase(phases, "host_binding_secret_sync", "failed", error instanceof Error ? error.message : String(error), reportPhase);
+        throw new KnowledgeHubProviderLaunchError(
+          "host_binding_secret_sync_failed",
+          error instanceof Error ? error.message : String(error),
+          phases
+        );
+      }
+    }
+    const githubEnvironmentSync = [];
+    for (const [scope, valuesOverlay] of scopedEnvironmentOverlays) {
       githubEnvironmentSync.push(await syncTreeseedGitHubEnvironment({
         tenantRoot: workingRoot,
         scope,
@@ -960,8 +1030,11 @@ async function executeKnowledgeHubProviderLaunch(input, options = {}) {
     };
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);
-    const phase = error instanceof KnowledgeHubProviderLaunchError ? error.phase : phases.some((entry) => entry.phase === "runtime_connection" && entry.status === "running") ? "runtime_connection_failed" : phases.some((entry) => entry.phase === "hosting_registration" && entry.status === "running") ? "hosting_registration_failed" : phases.some((entry) => entry.phase === "workflow_bootstrap" && entry.status === "running") ? "workflow_bootstrap_failed" : phases.some((entry) => entry.phase === "content_bootstrap" && entry.status === "running") ? "content_bootstrap_failed" : "repo_provision_failed";
-    await appendPhase(phases, phase.replace(/_failed$/u, ""), "failed", message, reportPhase);
+    const phase = error instanceof KnowledgeHubProviderLaunchError ? error.phase : phases.some((entry) => entry.phase === "runtime_connection" && entry.status === "running") ? "runtime_connection_failed" : phases.some((entry) => entry.phase === "host_binding_secret_sync" && entry.status === "running") ? "host_binding_secret_sync_failed" : phases.some((entry) => entry.phase === "hosting_registration" && entry.status === "running") ? "hosting_registration_failed" : phases.some((entry) => entry.phase === "workflow_bootstrap" && entry.status === "running") ? "workflow_bootstrap_failed" : phases.some((entry) => entry.phase === "content_bootstrap" && entry.status === "running") ? "content_bootstrap_failed" : "repo_provision_failed";
+    const failedPhase = phase.replace(/_failed$/u, "");
+    if (!phases.some((entry) => entry.phase === failedPhase && entry.status === "failed")) {
+      await appendPhase(phases, failedPhase, "failed", message, reportPhase);
+    }
     throw new KnowledgeHubProviderLaunchError(phase, message, phases);
   } finally {
     if (input.preserveWorkingTree === false) {

package/dist/operations/services/project-host-operations.d.ts

@@ -0,0 +1,153 @@
+import type { ProjectEnvironmentName, ProjectLaunchHostBindingInput, TemplateLaunchRequirements } from '../../sdk-types.ts';
+import { type PlatformRepositoryDescriptor } from '../repository-operations.ts';
+import { type ProjectLaunchSecretSyncProgressEvent, type ProjectLaunchSecretSyncResult } from './template-secret-sync.ts';
+import { type ProjectLaunchHostInventoryRecord, type ProjectLaunchResolvedHostBinding, type ResolveProjectLaunchHostBindingsResult } from '../../template-launch-requirements.ts';
+export type ProjectHostOperationKind = 'inspect' | 'audit' | 'resync' | 'replace' | 'rotate';
+export type ProjectHostOperationStatus = 'ok' | 'warning' | 'blocked';
+export interface ProjectHostOperationDiagnostic {
+    code: string;
+    status: ProjectHostOperationStatus;
+    message: string;
+    requirementKey?: string;
+    provider?: string | null;
+    hostId?: string | null;
+    path?: string | null;
+}
+export interface ProjectHostRequirementBindingView {
+    requirementKey: string;
+    displayName: string;
+    type: string;
+    required: boolean;
+    purpose: string;
+    compatibleProviders: string[];
+    binding: {
+        provider: string | null;
+        hostId: string | null;
+        managedHostKey: string | null;
+        mode: string | null;
+        displayName: string | null;
+        ownership: string | null;
+        status: string | null;
+        environmentScopes: ProjectEnvironmentName[];
+        selectedBy: string | null;
+        selectedAt: string | null;
+    } | null;
+    configWrites: Array<{
+        target: string;
+        path: string;
+        valueFrom: string;
+        provider: string | null;
+    }>;
+    secretTargets: Array<{
+        env: string;
+        targets: string[];
+        scopes: ProjectEnvironmentName[];
+        sensitivity: string;
+        provider: string | null;
+    }>;
+    audit: {
+        status: ProjectHostOperationStatus;
+        diagnostics: ProjectHostOperationDiagnostic[];
+        marketHostId: string | null;
+        repositoryConfig: 'planned' | 'not_declared';
+    };
+}
+export interface ProjectHostBindingsView {
+    requirements: ProjectHostRequirementBindingView[];
+    summary: {
+        status: ProjectHostOperationStatus;
+        total: number;
+        blocked: number;
+        warnings: number;
+    };
+    diagnostics: ProjectHostOperationDiagnostic[];
+}
+export interface PlanProjectHostBindingOperationOptions {
+    kind: ProjectHostOperationKind;
+    requirementKey?: string | null;
+    currentHostBindings?: Record<string, ProjectLaunchResolvedHostBinding> | null;
+    replacementHostBindings?: Record<string, ProjectLaunchHostBindingInput> | null;
+    launchRequirements?: TemplateLaunchRequirements | null;
+    repositoryHosts?: ProjectLaunchHostInventoryRecord[];
+    teamHosts?: ProjectLaunchHostInventoryRecord[];
+    managedHosts?: ProjectLaunchHostInventoryRecord[];
+    defaultHosts?: Record<string, unknown> | null;
+    projectSlug?: string | null;
+    projectName?: string | null;
+    selectedAt?: string;
+}
+export interface PlanProjectHostBindingOperationResult {
+    kind: ProjectHostOperationKind;
+    requirementKey: string | null;
+    previousHostBindings: Record<string, ProjectLaunchResolvedHostBinding>;
+    nextHostBindings: Record<string, ProjectLaunchResolvedHostBinding>;
+    compatibility: ResolveProjectLaunchHostBindingsResult['compatibility'];
+    hostBindingPlans: {
+        configWrites: ResolveProjectLaunchHostBindingsResult['configWritePlan'];
+        secretDeployment: ResolveProjectLaunchHostBindingsResult['secretDeploymentPlan'];
+    };
+    audit: ProjectHostBindingsView;
+    operationSummary: {
+        requiresRepositoryConfigWrite: boolean;
+        requiresSecretSync: boolean;
+        changedRequirementKeys: string[];
+    };
+}
+export interface ExecuteProjectHostBindingOperationInput {
+    projectId?: string | null;
+    teamId?: string | null;
+    kind: ProjectHostOperationKind;
+    requirementKey?: string | null;
+    repository: PlatformRepositoryDescriptor;
+    hostBindings: Record<string, ProjectLaunchResolvedHostBinding>;
+    previousHostBindings?: Record<string, ProjectLaunchResolvedHostBinding> | null;
+    hostBindingPlans: PlanProjectHostBindingOperationResult['hostBindingPlans'];
+    operationSummary?: PlanProjectHostBindingOperationResult['operationSummary'] | null;
+    projectSlug?: string | null;
+    projectName?: string | null;
+    repositoryName?: string | null;
+    commitMessage?: string | null;
+    approvalRequired?: boolean;
+    approvalId?: string | null;
+    dryRun?: boolean;
+}
+export interface ExecuteProjectHostBindingOperationContext {
+    workspaceRoot: string;
+    environment?: string;
+    valuesOverlay?: Record<string, string | undefined> | null;
+    valuesByScope?: Record<string, Record<string, string | undefined> | null> | null;
+    processEnv?: Record<string, string | undefined>;
+    onProgress?: (event: ProjectLaunchSecretSyncProgressEvent) => void | Promise<void>;
+}
+export interface ExecuteProjectHostBindingOperationResult {
+    ok: boolean;
+    kind: ProjectHostOperationKind;
+    requirementKey: string | null;
+    hostBindings: Record<string, ProjectLaunchResolvedHostBinding>;
+    previousHostBindings: Record<string, ProjectLaunchResolvedHostBinding>;
+    hostBindingPlans: PlanProjectHostBindingOperationResult['hostBindingPlans'];
+    repository: {
+        operation: string;
+        branch: string | null;
+        commitSha: string | null;
+        changedPaths: string[];
+        audit: unknown;
+        config: unknown;
+    };
+    secretSync: ProjectLaunchSecretSyncResult | null;
+    summary: {
+        requiresRepositoryConfigWrite: boolean;
+        requiresSecretSync: boolean;
+        changedRequirementKeys: string[];
+    };
+}
+export declare function deriveProjectHostBindingsView(options: {
+    launchRequirements?: TemplateLaunchRequirements | null;
+    hostBindings?: Record<string, ProjectLaunchResolvedHostBinding> | null;
+    hostBindingPlans?: {
+        configWrites?: ResolveProjectLaunchHostBindingsResult['configWritePlan'] | null;
+        secretDeployment?: ResolveProjectLaunchHostBindingsResult['secretDeploymentPlan'] | null;
+    } | null;
+}): ProjectHostBindingsView;
+export declare function planProjectHostBindingOperation(options: PlanProjectHostBindingOperationOptions): PlanProjectHostBindingOperationResult;
+export declare function executeProjectHostBindingOperation(input: ExecuteProjectHostBindingOperationInput, context: ExecuteProjectHostBindingOperationContext): Promise<ExecuteProjectHostBindingOperationResult>;