action

type ChartLintOptions struct {
	// Embedded option groups for connection, chart repo, values, and secrets
	common.KubeConnectionOptions
	common.ChartRepoConnectionOptions
	common.ValuesOptions
	common.SecretValuesOptions

	// Chart specifies the chart to lint. Can be a local directory path, chart archive,
	// OCI registry URL (oci://registry/chart), or chart repository reference (repo/chart).
	// Defaults to current directory if not specified.
	Chart string
	// ChartAppVersion overrides the appVersion field in Chart.yaml.
	// Used to set application version metadata without modifying the chart file.
	ChartAppVersion string
	// ChartDirPath is deprecated (TODO v2: remove). Use Chart instead.
	ChartDirPath string // TODO(v2): get rid
	// ChartProvenanceKeyring is the path to a keyring file containing public keys
	// used to verify chart provenance signatures. Used with signed charts for security.
	ChartProvenanceKeyring string
	// ChartProvenanceStrategy defines how to verify chart provenance.
	// Defaults to DefaultChartProvenanceStrategy if not set.
	ChartProvenanceStrategy string
	// ChartRepoSkipUpdate, when true, skips updating the chart repository cache before fetching the chart.
	// Useful for offline operations or when repository is known to be up-to-date.
	ChartRepoSkipUpdate bool
	// ChartVersion specifies the version of the chart to lint (e.g., "1.2.3").
	// If not specified, the latest version is used.
	ChartVersion string
	// DefaultChartAPIVersion sets the default Chart API version when Chart.yaml doesn't specify one.
	DefaultChartAPIVersion string
	// DefaultChartName sets the default chart name when Chart.yaml doesn't specify one.
	DefaultChartName string
	// DefaultChartVersion sets the default chart version when Chart.yaml doesn't specify one.
	DefaultChartVersion string
	// DefaultDeletePropagation sets the deletion propagation policy for resource deletions.
	DefaultDeletePropagation string
	// ExtraAPIVersions is a list of additional Kubernetes API versions to include during linting.
	// Used by Capabilities.APIVersions in templates to check for API availability.
	ExtraAPIVersions []string
	// ExtraAnnotations are additional Kubernetes annotations to add to all chart resources during validation.
	// These are used for the validation dry-run.
	ExtraAnnotations map[string]string
	// ExtraLabels are additional Kubernetes labels to add to all chart resources during validation.
	// These are used for the validation dry-run.
	ExtraLabels map[string]string
	// ExtraRuntimeAnnotations are additional annotations to add to resources during validation.
	// These are used for the validation dry-run but not stored.
	ExtraRuntimeAnnotations map[string]string
	// ExtraRuntimeLabels are additional labels to add to resources during validation.
	// These are used for the validation dry-run but not stored.
	ExtraRuntimeLabels map[string]string
	// ForceAdoption, when true, allows adopting resources during validation that belong to a different Helm release.
	// Used during the validation phase to check if resources could be adopted.
	ForceAdoption bool
	// LegacyChartType specifies the chart type for legacy compatibility.
	// Used internally for backward compatibility with werf integration.
	LegacyChartType helmopts.ChartType
	// LegacyExtraValues provides additional values programmatically.
	// Used internally for backward compatibility with werf integration.
	LegacyExtraValues map[string]interface{}
	// LegacyLogRegistryStreamOut is the output writer for Helm registry client logs.
	// Defaults to io.Discard if not set. Used for debugging registry operations.
	LegacyLogRegistryStreamOut io.Writer
	// LocalKubeVersion specifies the Kubernetes version to use for linting when not connected to a cluster.
	// Format: "major.minor.patch" (e.g., "1.28.0"). Defaults to DefaultLocalKubeVersion if not set.
	LocalKubeVersion string
	// NetworkParallelism limits the number of concurrent network-related operations (API calls, resource fetches).
	// Defaults to DefaultNetworkParallelism if not set or <= 0.
	NetworkParallelism int
	// NoFinalTracking, when true, disables final tracking operations during validation to speed up linting.
	NoFinalTracking bool
	// NoRemoveManualChanges, when true, preserves fields during validation that would be manually added.
	// Used in the validation dry-run to check resource compatibility.
	NoRemoveManualChanges bool
	// RegistryCredentialsPath is the path to Docker config.json file with registry credentials.
	// Defaults to DefaultRegistryCredentialsPath (~/.docker/config.json) if not set.
	// Used for authenticating to OCI registries when pulling charts.
	RegistryCredentialsPath string
	// ReleaseName is the name of the release to use for linting.
	// Available as .Release.Name in chart templates. Defaults to a stub value if not specified.
	ReleaseName string
	// ReleaseNamespace is the namespace where the release would be installed for linting purposes.
	// Available as .Release.Namespace in chart templates. Defaults to a stub value if not specified.
	ReleaseNamespace string
	// ReleaseStorageDriver specifies how release metadata would be stored (affects validation).
	// Valid values: "secret" (default), "configmap", "sql", "memory".
	// Set to "memory" automatically when Remote is false.
	ReleaseStorageDriver string
	// ReleaseStorageSQLConnection is the SQL connection string when using SQL storage driver.
	// Only used when ReleaseStorageDriver is "sql".
	ReleaseStorageSQLConnection string
	// Remote, when true, connects to a real Kubernetes cluster for validation.
	// When false, performs only local validation without cluster connectivity.
	Remote bool
	// TempDirPath is the directory for temporary files during the operation.
	// A temporary directory is created automatically if not specified.
	TempDirPath string
	// TemplatesAllowDNS, when true, enables DNS lookups in chart templates using template functions.
	// WARNING: This can make template rendering non-deterministic and slower.
	TemplatesAllowDNS bool
}

type ChartRenderOptions struct {
	// Embedded option groups for connection, chart repo, values, and secrets
	common.KubeConnectionOptions
	common.ChartRepoConnectionOptions
	common.ValuesOptions
	common.SecretValuesOptions

	// Chart specifies the chart to render. Can be a local directory path, chart archive,
	// OCI registry URL (oci://registry/chart), or chart repository reference (repo/chart).
	// Defaults to current directory if not specified.
	Chart string
	// ChartAppVersion overrides the appVersion field in Chart.yaml.
	// Used to set application version metadata without modifying the chart file.
	ChartAppVersion string
	// ChartDirPath is deprecated (TODO v2: remove). Use Chart instead.
	ChartDirPath string // TODO(v2): get rid
	// ChartProvenanceKeyring is the path to a keyring file containing public keys
	// used to verify chart provenance signatures. Used with signed charts for security.
	ChartProvenanceKeyring string
	// ChartProvenanceStrategy defines how to verify chart provenance.
	// Defaults to DefaultChartProvenanceStrategy if not set.
	ChartProvenanceStrategy string
	// ChartRepoSkipUpdate, when true, skips updating the chart repository cache before fetching the chart.
	// Useful for offline operations or when repository is known to be up-to-date.
	ChartRepoSkipUpdate bool
	// ChartVersion specifies the version of the chart to render (e.g., "1.2.3").
	// If not specified, the latest version is used.
	ChartVersion string
	// DefaultChartAPIVersion sets the default Chart API version when Chart.yaml doesn't specify one.
	DefaultChartAPIVersion string
	// DefaultChartName sets the default chart name when Chart.yaml doesn't specify one.
	DefaultChartName string
	// DefaultChartVersion sets the default chart version when Chart.yaml doesn't specify one.
	DefaultChartVersion string
	// ExtraAPIVersions is a list of additional Kubernetes API versions to include when rendering.
	// Used by Capabilities.APIVersions in templates to check for API availability.
	ExtraAPIVersions []string
	// ExtraAnnotations are additional Kubernetes annotations to add to all chart resources.
	// These are added during chart rendering.
	ExtraAnnotations map[string]string
	// ExtraLabels are additional Kubernetes labels to add to all chart resources.
	// These are added during chart rendering.
	ExtraLabels map[string]string
	// ExtraRuntimeAnnotations are additional annotations to add to resources at runtime.
	// TODO(v2): remove or implement custom logic for this field.
	ExtraRuntimeAnnotations map[string]string // TODO(v2): get rid?? or do custom logic
	// ForceAdoption is currently unused in chart rendering.
	// TODO(v2): remove this useless field.
	ForceAdoption bool // TODO(v2): get rid, useless
	// LegacyChartType specifies the chart type for legacy compatibility.
	// Used internally for backward compatibility with werf integration.
	LegacyChartType helmopts.ChartType
	// LegacyExtraValues provides additional values programmatically.
	// Used internally for backward compatibility with werf integration.
	LegacyExtraValues map[string]interface{}
	// LegacyLogRegistryStreamOut is the output writer for Helm registry client logs.
	// Defaults to io.Discard if not set. Used for debugging registry operations.
	LegacyLogRegistryStreamOut io.Writer
	// LocalKubeVersion specifies the Kubernetes version to use for template rendering when not connected to a cluster.
	// Format: "major.minor.patch" (e.g., "1.28.0"). Defaults to DefaultLocalKubeVersion if not set.
	LocalKubeVersion string
	// NetworkParallelism limits the number of concurrent network-related operations (API calls, resource fetches).
	// Defaults to DefaultNetworkParallelism if not set or <= 0.
	NetworkParallelism int
	// OutputFilePath, if specified, writes the rendered manifests to this file instead of stdout.
	OutputFilePath string
	// OutputNoPrint, when true, suppresses printing the rendered manifests to stdout.
	// Useful when only the result data structure is needed.
	OutputNoPrint bool
	// RegistryCredentialsPath is the path to Docker config.json file with registry credentials.
	// Defaults to DefaultRegistryCredentialsPath (~/.docker/config.json) if not set.
	// Used for authenticating to OCI registries when pulling charts.
	RegistryCredentialsPath string
	// ReleaseName is the name of the release to use in templates.
	// Available as .Release.Name in chart templates.
	ReleaseName string
	// ReleaseNamespace is the namespace where the release would be installed.
	// Available as .Release.Namespace in chart templates.
	ReleaseNamespace string
	// ReleaseStorageDriver specifies how release metadata would be stored (affects template rendering).
	// Valid values: "secret" (default), "configmap", "sql", "memory".
	ReleaseStorageDriver string
	// ReleaseStorageSQLConnection is the SQL connection string when using SQL storage driver.
	// Only used when ReleaseStorageDriver is "sql".
	ReleaseStorageSQLConnection string
	// Remote, when true, connects to a real Kubernetes cluster to fetch capabilities and validate API versions.
	// When false, uses local/stub Kubernetes version for rendering.
	Remote bool
	// ShowOnlyFiles, if specified, filters output to only show resources from these file paths.
	// Paths are relative to the chart directory (e.g., "templates/deployment.yaml").
	ShowOnlyFiles []string
	// ShowStandaloneCRDs, when true, includes CustomResourceDefinitions from the "crds/" directory in the output.
	// By default, CRDs are hidden from rendered output.
	ShowStandaloneCRDs bool
	// TempDirPath is the directory for temporary files during the operation.
	// A temporary directory is created automatically if not specified.
	TempDirPath string
	// TemplatesAllowDNS, when true, enables DNS lookups in chart templates using template functions.
	// WARNING: This can make template rendering non-deterministic and slower.
	TemplatesAllowDNS bool
}

type ChartRenderResultV2 struct {
	APIVersion string               `json:"apiVersion,omitempty"`
	Resources  []*spec.ResourceSpec `json:"resources,omitempty"`
}

type LegacyReleaseUninstallOptions struct {
	common.KubeConnectionOptions
	common.TrackingOptions

	NoDeleteHooks          bool
	DeleteReleaseNamespace bool
	NetworkParallelism     int
	ReleaseHistoryLimit    int
	ReleaseStorageDriver   string
	TempDirPath            string
	Timeout                time.Duration
}

type ReleaseGetOptions struct {
	common.KubeConnectionOptions

	// NetworkParallelism limits the number of concurrent network-related operations (API calls, resource fetches).
	// Defaults to DefaultNetworkParallelism if not set or <= 0.
	NetworkParallelism int
	// OutputFormat specifies the output format for the release information.
	// Valid values: "yaml" (default), "json", "table".
	// Defaults to DefaultReleaseGetOutputFormat (yaml) if not specified.
	OutputFormat string
	// OutputNoPrint, when true, suppresses printing the output and only returns the result data structure.
	// Useful when calling this programmatically.
	OutputNoPrint bool
	// PrintValues, when true, includes the computed values used to render the release in the output.
	// These are the merged values from all sources (values.yaml, --set flags, etc.).
	PrintValues bool
	// ReleaseStorageDriver specifies how release metadata is stored in Kubernetes.
	// Valid values: "secret" (default), "configmap", "sql".
	// Defaults to "secret" if not specified or set to "default".
	ReleaseStorageDriver string
	// ReleaseStorageSQLConnection is the SQL connection string when using SQL storage driver.
	// Only used when ReleaseStorageDriver is "sql".
	ReleaseStorageSQLConnection string
	// Revision specifies which release revision to retrieve.
	// If 0, retrieves the latest deployed revision.
	Revision int
	// TempDirPath is the directory for temporary files during the operation.
	// A temporary directory is created automatically if not specified.
	TempDirPath string
}

type ReleaseGetResultChart struct {
	Name       string `json:"name"`
	Version    string `json:"version"`
	AppVersion string `json:"appVersion"`
}

type ReleaseGetResultDeployedAt struct {
	Human string `json:"human"`
	Unix  int    `json:"unix"`
}

type ReleaseGetResultRelease struct {
	Name          string                      `json:"name"`
	Namespace     string                      `json:"namespace"`
	Revision      int                         `json:"revision"`
	Status        helmrelease.Status          `json:"status"`
	DeployedAt    *ReleaseGetResultDeployedAt `json:"deployedAt"`
	Annotations   map[string]string           `json:"annotations"`
	StorageLabels map[string]string           `json:"storageLabels"`
}

type ReleaseGetResultV1 struct {
	APIVersion string                   `json:"apiVersion"`
	Release    *ReleaseGetResultRelease `json:"release"`
	Chart      *ReleaseGetResultChart   `json:"chart"`
	Notes      string                   `json:"notes,omitempty"`
	Values     map[string]interface{}   `json:"values,omitempty"`
	// TODO(v2): Join Hooks and Resources together as ResourceSpecs?
	Hooks     []map[string]interface{} `json:"hooks,omitempty"`
	Resources []map[string]interface{} `json:"resources,omitempty"`
}

type ReleaseInstallOptions struct {
	common.KubeConnectionOptions
	common.ChartRepoConnectionOptions
	common.ValuesOptions
	common.SecretValuesOptions
	common.TrackingOptions

	// AutoRollback, when true, automatically rolls back to the previous deployed release on installation failure.
	// Only works if there is a previously successfully deployed release.
	AutoRollback bool
	// Chart specifies the chart to install. Can be a local directory path, chart archive,
	// OCI registry URL (oci://registry/chart), or chart repository reference (repo/chart).
	// Defaults to current directory if not specified.
	Chart string
	// ChartAppVersion overrides the appVersion field in Chart.yaml.
	// Used to set application version metadata without modifying the chart file.
	ChartAppVersion string
	// ChartDirPath is deprecated
	ChartDirPath string // TODO(v2): get rid
	// ChartProvenanceKeyring is the path to a keyring file containing public keys
	// used to verify chart provenance signatures. Used with signed charts for security.
	ChartProvenanceKeyring string
	// ChartProvenanceStrategy defines how to verify chart provenance.
	// Defaults to DefaultChartProvenanceStrategy if not set.
	ChartProvenanceStrategy string
	// ChartRepoSkipUpdate, when true, skips updating the chart repository cache before fetching the chart.
	// Useful for offline operations or when repository is known to be up-to-date.
	ChartRepoSkipUpdate bool
	// ChartVersion specifies the version of the chart to install (e.g., "1.2.3").
	// If not specified, the latest version is used.
	ChartVersion string
	// DefaultChartAPIVersion sets the default Chart API version when Chart.yaml doesn't specify one.
	DefaultChartAPIVersion string
	// DefaultChartName sets the default chart name when Chart.yaml doesn't specify one.
	DefaultChartName string
	// DefaultChartVersion sets the default chart version when Chart.yaml doesn't specify one.
	DefaultChartVersion string
	// DefaultDeletePropagation sets the deletion propagation policy for resource deletions.
	DefaultDeletePropagation string
	// ExtraAnnotations are additional Kubernetes annotations to add to all chart resources.
	// These are added during chart rendering, before resources are stored in the release.
	ExtraAnnotations map[string]string
	// ExtraLabels are additional Kubernetes labels to add to all chart resources.
	// These are added during chart rendering, before resources are stored in the release.
	ExtraLabels map[string]string
	// ExtraRuntimeAnnotations are additional annotations to add to resources at runtime.
	// These are added during resource creation/update but not stored in the release.
	ExtraRuntimeAnnotations map[string]string
	// ExtraRuntimeLabels are additional labels to add to resources at runtime.
	// These are added during resource creation/update but not stored in the release.
	ExtraRuntimeLabels map[string]string
	// ForceAdoption, when true, allows adopting resources that belong to a different Helm release.
	// WARNING: This can lead to conflicts if resources are managed by multiple releases.
	ForceAdoption bool
	// InstallGraphPath, if specified, saves the Graphviz representation of the install plan to this file path.
	// Useful for debugging and visualizing the dependency graph of resource operations.
	InstallGraphPath string
	// InstallReportPath, if specified, saves a JSON report of the installation results to this file path.
	// The report includes the release status and lists of completed, canceled, and failed operations.
	InstallReportPath string
	// LegacyChartType specifies the chart type for legacy compatibility.
	// Used internally for backward compatibility with werf integration.
	LegacyChartType helmopts.ChartType
	// LegacyExtraValues provides additional values programmatically.
	// Used internally for backward compatibility with werf integration.
	LegacyExtraValues map[string]interface{}
	// LegacyLogRegistryStreamOut is the output writer for Helm registry client logs.
	// Defaults to io.Discard if not set. Used for debugging registry operations.
	LegacyLogRegistryStreamOut io.Writer
	// NetworkParallelism limits the number of concurrent network-related operations (API calls, resource fetches).
	// Defaults to DefaultNetworkParallelism if not set or <= 0.
	NetworkParallelism int
	// NoInstallStandaloneCRDs, when true, skips installation of CustomResourceDefinitions from the "crds/" directory.
	// By default, CRDs are installed first before other chart resources.
	NoInstallStandaloneCRDs bool
	// NoRemoveManualChanges, when true, preserves fields manually added to resources in the cluster
	// that are not present in the chart manifests. By default, such fields are removed during updates.
	NoRemoveManualChanges bool
	// NoShowNotes, when true, suppresses printing of NOTES.txt after successful installation.
	// NOTES.txt typically contains usage instructions and next steps.
	NoShowNotes bool
	// RegistryCredentialsPath is the path to Docker config.json file with registry credentials.
	// Defaults to DefaultRegistryCredentialsPath (~/.docker/config.json) if not set.
	// Used for authenticating to OCI registries when pulling charts.
	RegistryCredentialsPath string
	// ReleaseHistoryLimit sets the maximum number of release revisions to keep in storage.
	// When exceeded, the oldest revisions are deleted. Defaults to DefaultReleaseHistoryLimit if not set or <= 0.
	// Note: Only release metadata is deleted; actual Kubernetes resources are not affected.
	ReleaseHistoryLimit int
	// ReleaseInfoAnnotations are custom annotations to add to the release metadata (stored in Secret/ConfigMap).
	// These do not affect resources but can be used for tagging releases.
	ReleaseInfoAnnotations map[string]string
	// ReleaseLabels are labels to add to the release storage object (Secret/ConfigMap).
	// Used for filtering and organizing releases in storage.
	ReleaseLabels map[string]string
	// ReleaseStorageDriver specifies how release metadata is stored in Kubernetes.
	// Valid values: "secret" (default), "configmap", "sql".
	// Defaults to "secret" if not specified or set to "default".
	ReleaseStorageDriver string
	// ReleaseStorageSQLConnection is the SQL connection string when using SQL storage driver.
	// Only used when ReleaseStorageDriver is "sql".
	ReleaseStorageSQLConnection string
	// RollbackGraphPath, if specified, saves the Graphviz representation of the rollback plan (if auto-rollback occurs)
	// to this file path. Only used when AutoRollback is true and rollback is triggered.
	RollbackGraphPath string
	// ShowSubchartNotes, when true, shows NOTES.txt from subcharts in addition to the main chart's notes.
	// By default, only the parent chart's NOTES.txt is displayed.
	ShowSubchartNotes bool
	// TempDirPath is the directory for temporary files during the operation.
	// A temporary directory is created automatically if not specified.
	TempDirPath string
	// TemplatesAllowDNS, when true, enables DNS lookups in chart templates using template functions.
	// WARNING: This can make template rendering non-deterministic and slower.
	TemplatesAllowDNS bool
	// Timeout is the maximum duration for the entire release installation operation.
	// If 0, no timeout is applied and the operation runs until completion or error.
	Timeout time.Duration
}

type ReleaseListOptions struct {
	common.KubeConnectionOptions

	// NetworkParallelism limits the number of concurrent network-related operations (API calls, resource fetches).
	// Defaults to DefaultNetworkParallelism if not set or <= 0.
	NetworkParallelism int
	// OutputFormat specifies the output format for the release list.
	// Valid values: "table" (default), "yaml", "json".
	// Defaults to DefaultReleaseListOutputFormat (table) if not specified.
	OutputFormat string
	// OutputNoPrint, when true, suppresses printing the output and only returns the result data structure.
	// Useful when calling this programmatically.
	OutputNoPrint bool
	// ReleaseNamespace specifies the namespace to list releases from.
	// If empty, uses the namespace from kubeconfig context.
	ReleaseNamespace string
	// ReleaseStorageDriver specifies how release metadata is stored in Kubernetes.
	// Valid values: "secret" (default), "configmap", "sql".
	// Defaults to "secret" if not specified or set to "default".
	ReleaseStorageDriver string
	// ReleaseStorageSQLConnection is the SQL connection string when using SQL storage driver.
	// Only used when ReleaseStorageDriver is "sql".
	ReleaseStorageSQLConnection string
	// TempDirPath is the directory for temporary files during the operation.
	// A temporary directory is created automatically if not specified.
	TempDirPath string
}

type ReleaseListResultChart struct {
	Name       string `json:"name"`
	Version    string `json:"version"`
	AppVersion string `json:"appVersion"`
}

type ReleaseListResultDeployedAt struct {
	Human string `json:"human"`
	Unix  int    `json:"unix"`
}

type ReleaseListResultRelease struct {
	Name        string                       `json:"name"`
	Namespace   string                       `json:"namespace"`
	Revision    int                          `json:"revision"`
	Status      helmrelease.Status           `json:"status"`
	DeployedAt  *ReleaseListResultDeployedAt `json:"deployedAt"`
	Annotations map[string]string            `json:"annotations"`
	Chart       *ReleaseListResultChart      `json:"chart"`
}

type ReleaseListResultV1 struct {
	APIVersion string                      `json:"apiVersion"`
	Releases   []*ReleaseListResultRelease `json:"releases"`
}

type ReleaseNotFoundError struct {
	ReleaseName      string
	ReleaseNamespace string
}

type ReleasePlanInstallOptions struct {
	// Embedded option groups for connection, values, and secrets
	common.KubeConnectionOptions
	common.ChartRepoConnectionOptions
	common.ValuesOptions
	common.SecretValuesOptions

	// Chart specifies the chart to plan installation for. Can be a local directory path, chart archive,
	// OCI registry URL (oci://registry/chart), or chart repository reference (repo/chart).
	// Defaults to current directory if not specified.
	Chart string
	// ChartAppVersion overrides the appVersion field in Chart.yaml.
	// Used to set application version metadata without modifying the chart file.
	ChartAppVersion string
	// ChartDirPath is deprecated
	ChartDirPath string // TODO(v2): get rid
	// ChartProvenanceKeyring is the path to a keyring file containing public keys
	// used to verify chart provenance signatures. Used with signed charts for security.
	ChartProvenanceKeyring string
	// ChartProvenanceStrategy defines how to verify chart provenance.
	// Defaults to DefaultChartProvenanceStrategy if not set.
	ChartProvenanceStrategy string
	// ChartRepoSkipUpdate, when true, skips updating the chart repository cache before fetching the chart.
	// Useful for offline operations or when repository is known to be up-to-date.
	ChartRepoSkipUpdate bool
	// ChartVersion specifies the version of the chart to plan for (e.g., "1.2.3").
	// If not specified, the latest version is used.
	ChartVersion string
	// DefaultChartAPIVersion sets the default Chart API version when Chart.yaml doesn't specify one.
	DefaultChartAPIVersion string
	// DefaultChartName sets the default chart name when Chart.yaml doesn't specify one.
	DefaultChartName string
	// DefaultChartVersion sets the default chart version when Chart.yaml doesn't specify one.
	DefaultChartVersion string
	// DefaultDeletePropagation sets the deletion propagation policy for resource deletions.
	DefaultDeletePropagation string
	// DiffContextLines specifies the number of context lines to show around diffs in the output.
	// Defaults to DefaultDiffContextLines (3) if not set or < 0. Set to 0 to hide context.
	DiffContextLines int
	// ErrorIfChangesPlanned, when true, returns ErrChangesPlanned if any changes are detected.
	// Used with --exit-code flag to return exit code 2 if changes are planned, 0 if no changes, 1 on error.
	ErrorIfChangesPlanned bool
	// ExtraAnnotations are additional Kubernetes annotations to add to all chart resources.
	// These are added during chart rendering, before resources are stored in the release.
	ExtraAnnotations map[string]string
	// ExtraLabels are additional Kubernetes labels to add to all chart resources.
	// These are added during chart rendering, before resources are stored in the release.
	ExtraLabels map[string]string
	// ExtraRuntimeAnnotations are additional annotations to add to resources at runtime.
	// These are added during resource creation/update but not stored in the release.
	ExtraRuntimeAnnotations map[string]string
	// ExtraRuntimeLabels are additional labels to add to resources at runtime.
	// These are added during resource creation/update but not stored in the release.
	ExtraRuntimeLabels map[string]string
	// ForceAdoption, when true, allows adopting resources that belong to a different Helm release.
	// WARNING: This can lead to conflicts if resources are managed by multiple releases.
	ForceAdoption bool
	// InstallGraphPath, if specified, saves the Graphviz representation of the install plan to this file path.
	// Useful for debugging and visualizing the dependency graph of resource operations.
	InstallGraphPath string
	// LegacyChartType specifies the chart type for legacy compatibility.
	// Used internally for backward compatibility with werf integration.
	LegacyChartType helmopts.ChartType
	// LegacyExtraValues provides additional values programmatically.
	// Used internally for backward compatibility with werf integration.
	LegacyExtraValues map[string]interface{}
	// LegacyLogRegistryStreamOut is the output writer for Helm registry client logs.
	// Defaults to io.Discard if not set. Used for debugging registry operations.
	LegacyLogRegistryStreamOut io.Writer
	// NetworkParallelism limits the number of concurrent network-related operations (API calls, resource fetches).
	// Defaults to DefaultNetworkParallelism if not set or <= 0.
	NetworkParallelism int
	// NoFinalTracking, when true, disables final tracking operations in the plan that have no
	// create/update/delete resource operations after them. This speeds up plan generation.
	NoFinalTracking bool
	// NoInstallStandaloneCRDs, when true, skips installation of CustomResourceDefinitions from the "crds/" directory.
	// By default, CRDs are installed first before other chart resources.
	NoInstallStandaloneCRDs bool
	// NoRemoveManualChanges, when true, preserves fields manually added to resources in the cluster
	// that are not present in the chart manifests. By default, such fields are removed during updates.
	NoRemoveManualChanges bool
	// RegistryCredentialsPath is the path to Docker config.json file with registry credentials.
	// Defaults to DefaultRegistryCredentialsPath (~/.docker/config.json) if not set.
	// Used for authenticating to OCI registries when pulling charts.
	RegistryCredentialsPath string
	// ReleaseInfoAnnotations are custom annotations to add to the release metadata (stored in Secret/ConfigMap).
	// These do not affect resources but can be used for tagging releases.
	ReleaseInfoAnnotations map[string]string
	// ReleaseLabels are labels to add to the release storage object (Secret/ConfigMap).
	// Used for filtering and organizing releases in storage.
	ReleaseLabels map[string]string
	// ReleaseStorageDriver specifies how release metadata is stored in Kubernetes.
	// Valid values: "secret" (default), "configmap", "sql".
	// Defaults to "secret" if not specified or set to "default".
	ReleaseStorageDriver string
	// ReleaseStorageSQLConnection is the SQL connection string when using SQL storage driver.
	// Only used when ReleaseStorageDriver is "sql".
	ReleaseStorageSQLConnection string
	// ShowInsignificantDiffs, when true, includes insignificant changes in diff output.
	// Insignificant changes include: Helm SHA annotations, werf.io annotations, and managedFields.
	// By default, these are hidden to reduce noise in diffs.
	ShowInsignificantDiffs bool
	// ShowSensitiveDiffs, when true, shows diff content for sensitive resources (Secrets, resources with
	// werf.io/sensitive="true" annotation, or fields matching werf.io/sensitive-paths).
	// By default, sensitive data is redacted in diffs and shown as "<hidden N bytes, hash XXX>".
	ShowSensitiveDiffs bool
	// ShowVerboseCRDDiffs, when true, shows verbose diffs for CRD create/delete operations.
	// By default, CRD diffs are hidden with "<hidden verbose CRD changes>" to reduce noise.
	ShowVerboseCRDDiffs bool
	// ShowVerboseDiffs, when true, shows verbose diffs for resource create/delete operations.
	// Defaults to true. When false, create/delete diffs are hidden with "<hidden verbose changes>".
	ShowVerboseDiffs bool
	// TempDirPath is the directory for temporary files during the operation.
	// A temporary directory is created automatically if not specified.
	TempDirPath string
	// TemplatesAllowDNS, when true, enables DNS lookups in chart templates using template functions.
	// WARNING: This can make template rendering non-deterministic and slower.
	TemplatesAllowDNS bool
	// Timeout is the maximum duration for the entire plan operation.
	// If 0, no timeout is applied and the operation runs until completion or error.
	Timeout time.Duration
}

type ReleaseRevisionNotFoundError struct {
	ReleaseName      string
	ReleaseNamespace string
	Revision         int
}

type ReleaseRollbackOptions struct {
	common.KubeConnectionOptions
	common.TrackingOptions

	// DefaultDeletePropagation sets the deletion propagation policy for resource deletions.
	DefaultDeletePropagation string
	// ExtraRuntimeAnnotations are additional annotations to add to resources at runtime during rollback.
	// These are added during resource creation/update but not stored in the release.
	ExtraRuntimeAnnotations map[string]string
	// ExtraRuntimeLabels are additional labels to add to resources at runtime during rollback.
	// These are added during resource creation/update but not stored in the release.
	ExtraRuntimeLabels map[string]string
	// ForceAdoption, when true, allows adopting resources that belong to a different Helm release.
	// WARNING: This can lead to conflicts if resources are managed by multiple releases.
	ForceAdoption bool
	// NetworkParallelism limits the number of concurrent network-related operations (API calls, resource fetches).
	// Defaults to DefaultNetworkParallelism if not set or <= 0.
	NetworkParallelism int
	// NoRemoveManualChanges, when true, preserves fields manually added to resources in the cluster
	// that are not present in the chart manifests. By default, such fields are removed during rollback.
	NoRemoveManualChanges bool
	// NoShowNotes, when true, suppresses printing of NOTES.txt after successful rollback.
	// NOTES.txt typically contains usage instructions and next steps.
	NoShowNotes bool
	// ReleaseHistoryLimit sets the maximum number of release revisions to keep in storage.
	// When exceeded, the oldest revisions are deleted. Defaults to DefaultReleaseHistoryLimit if not set or <= 0.
	// Note: Only release metadata is deleted; actual Kubernetes resources are not affected.
	ReleaseHistoryLimit int
	// ReleaseInfoAnnotations are custom annotations to add to the new rollback release metadata (stored in Secret/ConfigMap).
	// These do not affect resources but can be used for tagging releases.
	ReleaseInfoAnnotations map[string]string
	// ReleaseLabels are labels to add to the new rollback release storage object (Secret/ConfigMap).
	// Used for filtering and organizing releases in storage.
	ReleaseLabels map[string]string
	// ReleaseStorageDriver specifies how release metadata is stored in Kubernetes.
	// Valid values: "secret" (default), "configmap", "sql".
	// Defaults to "secret" if not specified or set to "default".
	ReleaseStorageDriver string
	// ReleaseStorageSQLConnection is the SQL connection string when using SQL storage driver.
	// Only used when ReleaseStorageDriver is "sql".
	ReleaseStorageSQLConnection string
	// Revision specifies which release revision to roll back to.
	// If 0, rolls back to the previous deployed revision.
	Revision int
	// RollbackGraphPath, if specified, saves the Graphviz representation of the rollback plan to this file path.
	// Useful for debugging and visualizing the dependency graph of resource operations.
	RollbackGraphPath string
	// RollbackReportPath, if specified, saves a JSON report of the rollback results to this file path.
	// The report includes lists of completed, canceled, and failed operations.
	RollbackReportPath string
	// TempDirPath is the directory for temporary files during the operation.
	// A temporary directory is created automatically if not specified.
	TempDirPath string
	// Timeout is the maximum duration for the entire rollback operation.
	// If 0, no timeout is applied and the operation runs until completion or error.
	Timeout time.Duration
}

type ReleaseUninstallOptions struct {
	common.KubeConnectionOptions
	common.TrackingOptions

	// DefaultDeletePropagation sets the deletion propagation policy for resource deletions.
	DefaultDeletePropagation string
	// DeleteReleaseNamespace, when true, deletes the release namespace after uninstalling the release.
	// WARNING: This will delete the entire namespace including resources not managed by this release.
	DeleteReleaseNamespace bool
	// NetworkParallelism limits the number of concurrent network-related operations (API calls, resource fetches).
	// Defaults to DefaultNetworkParallelism if not set or <= 0.
	NetworkParallelism int
	// NoRemoveManualChanges, when true, preserves fields manually added to resources in the cluster
	// that are not present in the chart manifests. By default, such fields are removed during deletion.
	NoRemoveManualChanges bool
	// ReleaseHistoryLimit sets the maximum number of release revisions to keep in storage.
	// Defaults to DefaultReleaseHistoryLimit if not set or <= 0.
	// After uninstall, only the uninstall record itself is kept.
	ReleaseHistoryLimit int
	// ReleaseStorageDriver specifies how release metadata is stored in Kubernetes.
	// Valid values: "secret" (default), "configmap", "sql".
	// Defaults to "secret" if not specified or set to "default".
	ReleaseStorageDriver string
	// ReleaseStorageSQLConnection is the SQL connection string when using SQL storage driver.
	// Only used when ReleaseStorageDriver is "sql".
	ReleaseStorageSQLConnection string
	// TempDirPath is the directory for temporary files during the operation.
	// A temporary directory is created automatically if not specified.
	TempDirPath string
	// Timeout is the maximum duration for the entire uninstall operation.
	// If 0, no timeout is applied and the operation runs until completion or error.
	Timeout time.Duration
	// UninstallGraphPath, if specified, saves the Graphviz representation of the uninstall plan to this file path.
	// Useful for debugging and visualizing the dependency graph of resource deletion operations.
	UninstallGraphPath string
	// UninstallReportPath, if specified, saves a JSON report of the uninstallation results to this file path.
	// The report includes lists of completed, canceled, and failed operations.
	UninstallReportPath string
}

type SecretFileDecryptOptions struct {
	OutputFilePath string
	SecretKey      string
	SecretWorkDir  string
	TempDirPath    string
}

type SecretFileEditOptions struct {
	SecretKey     string
	SecretWorkDir string
	TempDirPath   string
}

type SecretFileEncryptOptions struct {
	OutputFilePath string
	SecretKey      string
	SecretWorkDir  string
	TempDirPath    string
}

type SecretKeyCreateOptions struct {
	OutputNoPrint bool
	TempDirPath   string
}

type SecretKeyRotateOptions struct {
	ChartDirPath      string
	NewSecretKey      string
	OldSecretKey      string
	SecretValuesFiles []string
	SecretWorkDir     string
	TempDirPath       string
}

type SecretValuesFileDecryptOptions struct {
	OutputFilePath string
	SecretKey      string
	SecretWorkDir  string
	TempDirPath    string
}

type SecretValuesFileEditOptions struct {
	SecretKey     string
	SecretWorkDir string
	TempDirPath   string
}

type SecretValuesFileEncryptOptions struct {
	OutputFilePath string
	SecretKey      string
	SecretWorkDir  string
	TempDirPath    string
}

type VersionOptions struct {
	// OutputFormat specifies the output format for version information.
	// Valid values: "yaml" (default), "json".
	// Defaults to DefaultVersionOutputFormat (yaml) if not specified.
	OutputFormat string
	// OutputNoPrint, when true, suppresses printing the output and only returns the result data structure.
	// Useful when calling this programmatically.
	OutputNoPrint bool
	// TempDirPath is the directory for temporary files during the operation.
	// A temporary directory is created automatically if not specified.
	TempDirPath string
}

type VersionResult struct {
	FullVersion  string `json:"full"`
	MajorVersion int    `json:"major"`
	MinorVersion int    `json:"minor"`
	PatchVersion int    `json:"patch"`
}