From 32e843c614175993be6a13fbe26d78cc4d8c66cf Mon Sep 17 00:00:00 2001
From: Kaz Wesley <kaz@lambdaverse.org>
Date: Wed, 10 Jul 2024 14:04:37 -0700
Subject: [PATCH] Expose backend API to IDE (#10442)

Move `Backend` and supporting APIs from `dashboard` to `enso-common`.

Closes #10400.

# Important Notes
- The utility modules required by `Backend` have been moved to `enso-common`. Those defining general-purpose helpers for working with standard types are now in a submodule `utilities/data` to match the IDE organization; in the future we can merge them with the `util/data` gui2 subtree. Moved utilities are reexported from their dashboard locations, so that moved and not-yet-moved modules can be imported consistently.
- The `text` module has been moved to `enso-common`; the IDE doesn't have any localization mechanism yet, so we can share this one.
---
 app/ide-desktop/lib/common/package.json       |    9 +-
 .../lib/common/src/services/Backend.ts        | 1473 ++++++++++++++++
 .../src/text/english.json                     |    0
 app/ide-desktop/lib/common/src/text/index.ts  |  136 ++
 .../lib/common/src/utilities/data/array.ts    |   65 +
 .../lib/common/src/utilities/data/dateTime.ts |   78 +
 .../lib/common/src/utilities/data/newtype.ts  |   64 +
 .../lib/common/src/utilities/permissions.ts   |  248 +++
 .../lib/common/src/utilities/uniqueString.ts  |   14 +
 app/ide-desktop/lib/common/tsconfig.json      |    2 +-
 .../dashboard/src/components/MenuEntry.tsx    |    3 +-
 .../components/PaywallBulletPoints.tsx        |    3 +-
 .../components/dashboard/KeyboardShortcut.tsx |    3 +-
 .../src/components/dashboard/Permission.tsx   |    2 +-
 .../dashboard/column/columnUtils.ts           |    3 +-
 .../hooks/billing/FeaturesConfiguration.ts    |    2 +-
 .../dashboard/src/hooks/toastAndLogHooks.ts   |    2 +-
 .../src/layouts/CategorySwitcher.tsx          |    3 +-
 .../src/layouts/Settings/settingsData.tsx     |    3 +-
 .../lib/dashboard/src/layouts/TabBar.tsx      |    2 +-
 .../lib/dashboard/src/modals/AboutModal.tsx   |    3 +-
 .../subscribe/Subscribe/components/Card.tsx   |    3 +-
 .../Subscribe/getComponentForPlan.tsx         |    2 +-
 .../src/pages/subscribe/constants.ts          |    2 +-
 .../dashboard/src/providers/TextProvider.tsx  |    2 +-
 .../lib/dashboard/src/services/Backend.ts     | 1474 +----------------
 .../dashboard/src/services/RemoteBackend.ts   |    3 +-
 .../lib/dashboard/src/text/index.ts           |  136 --
 .../lib/dashboard/src/utilities/array.ts      |   64 +-
 .../lib/dashboard/src/utilities/dateTime.ts   |   77 +-
 .../lib/dashboard/src/utilities/newtype.ts    |   63 +-
 .../dashboard/src/utilities/permissions.ts    |  247 +--
 .../dashboard/src/utilities/uniqueString.ts   |   13 +-
 33 files changed, 2110 insertions(+), 2094 deletions(-)
 create mode 100644 app/ide-desktop/lib/common/src/services/Backend.ts
 rename app/ide-desktop/lib/{dashboard => common}/src/text/english.json (100%)
 create mode 100644 app/ide-desktop/lib/common/src/text/index.ts
 create mode 100644 app/ide-desktop/lib/common/src/utilities/data/array.ts
 create mode 100644 app/ide-desktop/lib/common/src/utilities/data/dateTime.ts
 create mode 100644 app/ide-desktop/lib/common/src/utilities/data/newtype.ts
 create mode 100644 app/ide-desktop/lib/common/src/utilities/permissions.ts
 create mode 100644 app/ide-desktop/lib/common/src/utilities/uniqueString.ts
 delete mode 100644 app/ide-desktop/lib/dashboard/src/text/index.ts

diff --git a/app/ide-desktop/lib/common/package.json b/app/ide-desktop/lib/common/package.json
index 8a5a5b7eee..dad074fcbd 100644
--- a/app/ide-desktop/lib/common/package.json
+++ b/app/ide-desktop/lib/common/package.json
@@ -11,7 +11,14 @@
     "./src/detect": "./src/detect.ts",
     "./src/gtag": "./src/gtag.ts",
     "./src/load": "./src/load.ts",
-    "./src/queryClient": "./src/queryClient.ts"
+    "./src/queryClient": "./src/queryClient.ts",
+    "./src/utilities/data/array": "./src/utilities/data/array.ts",
+    "./src/utilities/data/dateTime": "./src/utilities/data/dateTime.ts",
+    "./src/utilities/data/newtype": "./src/utilities/data/newtype.ts",
+    "./src/utilities/uniqueString": "./src/utilities/uniqueString.ts",
+    "./src/text": "./src/text/index.ts",
+    "./src/utilities/permissions": "./src/utilities/permissions.ts",
+    "./src/services/Backend": "./src/services/Backend.ts"
   },
   "peerDependencies": {
     "@tanstack/query-core": "5.45.0",
diff --git a/app/ide-desktop/lib/common/src/services/Backend.ts b/app/ide-desktop/lib/common/src/services/Backend.ts
new file mode 100644
index 0000000000..23c69b5acd
--- /dev/null
+++ b/app/ide-desktop/lib/common/src/services/Backend.ts
@@ -0,0 +1,1473 @@
+/** @file Type definitions common between all backends. */
+
+import * as array from '../utilities/data/array'
+import * as dateTime from '../utilities/data/dateTime'
+import * as newtype from '../utilities/data/newtype'
+import * as permissions from '../utilities/permissions'
+import * as uniqueString from '../utilities/uniqueString'
+
+// ================
+// === Newtypes ===
+// ================
+
+// These are constructor functions that construct values of the type they are named after.
+/* eslint-disable @typescript-eslint/no-redeclare */
+
+/** Unique identifier for an organization. */
+export type OrganizationId = newtype.Newtype<string, 'OrganizationId'>
+export const OrganizationId = newtype.newtypeConstructor<OrganizationId>()
+
+/** Unique identifier for a user in an organization. */
+export type UserId = newtype.Newtype<string, 'UserId'>
+export const UserId = newtype.newtypeConstructor<UserId>()
+
+/** Unique identifier for a user group. */
+export type UserGroupId = newtype.Newtype<string, 'UserGroupId'>
+export const UserGroupId = newtype.newtypeConstructor<UserGroupId>()
+
+/** Unique identifier for a directory. */
+export type DirectoryId = newtype.Newtype<string, 'DirectoryId'>
+export const DirectoryId = newtype.newtypeConstructor<DirectoryId>()
+
+/** Unique identifier for an asset representing the items inside a directory for which the
+ * request to retrive the items has not yet completed. */
+export type LoadingAssetId = newtype.Newtype<string, 'LoadingAssetId'>
+export const LoadingAssetId = newtype.newtypeConstructor<LoadingAssetId>()
+
+/** Unique identifier for an asset representing the nonexistent children of an empty directory. */
+export type EmptyAssetId = newtype.Newtype<string, 'EmptyAssetId'>
+export const EmptyAssetId = newtype.newtypeConstructor<EmptyAssetId>()
+
+/** Unique identifier for a user's project. */
+export type ProjectId = newtype.Newtype<string, 'ProjectId'>
+export const ProjectId = newtype.newtypeConstructor<ProjectId>()
+
+/** Unique identifier for an uploaded file. */
+export type FileId = newtype.Newtype<string, 'FileId'>
+export const FileId = newtype.newtypeConstructor<FileId>()
+
+/** Unique identifier for a secret environment variable. */
+export type SecretId = newtype.Newtype<string, 'SecretId'>
+export const SecretId = newtype.newtypeConstructor<SecretId>()
+
+/** Unique identifier for a project session. */
+export type ProjectSessionId = newtype.Newtype<string, 'ProjectSessionId'>
+export const ProjectSessionId = newtype.newtypeConstructor<ProjectSessionId>()
+
+/** Unique identifier for a Datalink. */
+export type DatalinkId = newtype.Newtype<string, 'DatalinkId'>
+export const DatalinkId = newtype.newtypeConstructor<DatalinkId>()
+
+/** Unique identifier for a version of an S3 object. */
+export type S3ObjectVersionId = newtype.Newtype<string, 'S3ObjectVersionId'>
+export const S3ObjectVersionId = newtype.newtypeConstructor<S3ObjectVersionId>()
+
+/** Unique identifier for an arbitrary asset. */
+export type AssetId = IdType[keyof IdType]
+
+/** Unique identifier for a payment checkout session. */
+export type CheckoutSessionId = newtype.Newtype<string, 'CheckoutSessionId'>
+export const CheckoutSessionId = newtype.newtypeConstructor<CheckoutSessionId>()
+
+/**
+ * Unique identifier for a subscription.
+ */
+export type SubscriptionId = newtype.Newtype<string, 'SubscriptionId'>
+export const SubscriptionId = newtype.newtypeConstructor<SubscriptionId>()
+
+/** The name of an asset label. */
+export type LabelName = newtype.Newtype<string, 'LabelName'>
+export const LabelName = newtype.newtypeConstructor<LabelName>()
+
+/** Unique identifier for a label. */
+export type TagId = newtype.Newtype<string, 'TagId'>
+export const TagId = newtype.newtypeConstructor<TagId>()
+
+/** A URL. */
+export type Address = newtype.Newtype<string, 'Address'>
+export const Address = newtype.newtypeConstructor<Address>()
+
+/** A HTTPS URL. */
+export type HttpsUrl = newtype.Newtype<string, 'HttpsUrl'>
+export const HttpsUrl = newtype.newtypeConstructor<HttpsUrl>()
+
+/** An email address. */
+export type EmailAddress = newtype.Newtype<string, 'EmailAddress'>
+export const EmailAddress = newtype.newtypeConstructor<EmailAddress>()
+
+/** An AWS S3 file path. */
+export type S3FilePath = newtype.Newtype<string, 'S3FilePath'>
+export const S3FilePath = newtype.newtypeConstructor<S3FilePath>()
+
+/** An AWS machine configuration. */
+export type Ami = newtype.Newtype<string, 'Ami'>
+export const Ami = newtype.newtypeConstructor<Ami>()
+
+/** An identifier for an entity with an {@link AssetPermission} for an {@link Asset}. */
+export type UserPermissionIdentifier = UserGroupId | UserId
+
+/** An filesystem path. Only present on the local backend. */
+export type Path = newtype.Newtype<string, 'Path'>
+export const Path = newtype.newtypeConstructor<Path>()
+
+/* eslint-enable @typescript-eslint/no-redeclare */
+
+/** Whether a given {@link string} is an {@link UserId}. */
+export function isUserId(id: string): id is UserId {
+    return id.startsWith('user-')
+}
+
+/** Whether a given {@link string} is an {@link UserGroupId}. */
+export function isUserGroupId(id: string): id is UserGroupId {
+    return id.startsWith('usergroup-')
+}
+
+const PLACEHOLDER_USER_GROUP_PREFIX = 'usergroup-placeholder-'
+
+/** Whether a given {@link UserGroupId} represents a user group that does not yet exist on the
+ * server. */
+export function isPlaceholderUserGroupId(id: string) {
+    return id.startsWith(PLACEHOLDER_USER_GROUP_PREFIX)
+}
+
+/** Return a new {@link UserGroupId} that represents a placeholder user group that is yet to finish
+ * being created on the backend. */
+export function newPlaceholderUserGroupId() {
+    return UserGroupId(`${PLACEHOLDER_USER_GROUP_PREFIX}${uniqueString.uniqueString()}`)
+}
+
+// =============
+// === Types ===
+// =============
+
+/** The {@link Backend} variant. If a new variant is created, it should be added to this enum. */
+export enum BackendType {
+    local = 'local',
+    remote = 'remote',
+}
+
+/** Metadata uniquely identifying a user inside an organization. */
+export interface UserInfo {
+    /** The ID of the parent organization. If this is a sole user, they are implicitly in an
+     * organization consisting of only themselves. */
+    readonly organizationId: OrganizationId
+    /** The name of the parent organization. */
+    readonly organizationName?: string
+    /** The ID of this user.
+     *
+     * The user ID is globally unique. Thus, the user ID is always sufficient to uniquely identify a
+     * user. The user ID is guaranteed to never change, once assigned. For these reasons, the user ID
+     * should be the preferred way to uniquely refer to a user. That is, when referring to a user,
+     * prefer this field over `name`, `email`, `subject`, or any other mechanism, where possible. */
+    readonly userId: UserId
+    readonly name: string
+    readonly email: EmailAddress
+}
+
+/** A user in the application. These are the primary owners of a project. */
+export interface User extends UserInfo {
+    /** If `false`, this account is awaiting acceptance from an administrator, and endpoints other than
+     * `usersMe` will not work. */
+    readonly isEnabled: boolean
+    readonly rootDirectoryId: DirectoryId
+    readonly profilePicture?: HttpsUrl
+    readonly userGroups: readonly UserGroupId[] | null
+    readonly removeAt?: dateTime.Rfc3339DateTime | null
+    readonly plan?: Plan | undefined
+}
+
+/** A `Directory` returned by `createDirectory`. */
+export interface CreatedDirectory {
+    readonly id: DirectoryId
+    readonly parentId: DirectoryId
+    readonly title: string
+}
+
+/** Possible states that a project can be in. */
+export enum ProjectState {
+    created = 'Created',
+    new = 'New',
+    scheduled = 'Scheduled',
+    openInProgress = 'OpenInProgress',
+    provisioned = 'Provisioned',
+    opened = 'Opened',
+    closed = 'Closed',
+    /** A frontend-specific state, representing a project that should be displayed as
+     * `openInProgress`, but has not yet been added to the backend. */
+    placeholder = 'Placeholder',
+    /** A frontend-specific state, representing a project that should be displayed as `closed`,
+     * but is still in the process of shutting down. */
+    closing = 'Closing',
+}
+
+/** Wrapper around a project state value. */
+export interface ProjectStateType {
+    readonly type: ProjectState
+    readonly volumeId: string
+    readonly instanceId?: string
+    readonly executeAsync?: boolean
+    readonly address?: string
+    readonly securityGroupId?: string
+    readonly ec2Id?: string
+    readonly ec2PublicIpAddress?: string
+    readonly currentSessionId?: string
+    readonly openedBy?: EmailAddress
+    /** Only present on the Local backend. */
+    readonly path?: Path
+}
+
+export const IS_OPENING: Readonly<Record<ProjectState, boolean>> = {
+    [ProjectState.created]: false,
+    [ProjectState.new]: false,
+    [ProjectState.scheduled]: true,
+    [ProjectState.openInProgress]: true,
+    [ProjectState.provisioned]: true,
+    [ProjectState.opened]: false,
+    [ProjectState.closed]: false,
+    [ProjectState.placeholder]: true,
+    [ProjectState.closing]: false,
+}
+
+export const IS_OPENING_OR_OPENED: Readonly<Record<ProjectState, boolean>> = {
+    [ProjectState.created]: false,
+    [ProjectState.new]: false,
+    [ProjectState.scheduled]: true,
+    [ProjectState.openInProgress]: true,
+    [ProjectState.provisioned]: true,
+    [ProjectState.opened]: true,
+    [ProjectState.closed]: false,
+    [ProjectState.placeholder]: true,
+    [ProjectState.closing]: false,
+}
+
+/** Common `Project` fields returned by all `Project`-related endpoints. */
+export interface BaseProject {
+    readonly organizationId: string
+    readonly projectId: ProjectId
+    readonly name: string
+}
+
+/** A `Project` returned by `createProject`. */
+export interface CreatedProject extends BaseProject {
+    readonly state: ProjectStateType
+    readonly packageName: string
+}
+
+/** A `Project` returned by the `listProjects` endpoint. */
+export interface ListedProjectRaw extends CreatedProject {
+    readonly address?: Address
+}
+
+/** A `Project` returned by `listProjects`. */
+export interface ListedProject extends CreatedProject {
+    readonly binaryAddress: Address | null
+    readonly jsonAddress: Address | null
+}
+
+/** A `Project` returned by `updateProject`. */
+export interface UpdatedProject extends BaseProject {
+    readonly ami: Ami | null
+    readonly ideVersion: VersionNumber | null
+    readonly engineVersion: VersionNumber | null
+}
+
+/** A user/organization's project containing and/or currently executing code. */
+export interface ProjectRaw extends ListedProjectRaw {
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    readonly ide_version: VersionNumber | null
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    readonly engine_version: VersionNumber | null
+}
+
+/** A user/organization's project containing and/or currently executing code. */
+export interface Project extends ListedProject {
+    readonly ideVersion: VersionNumber | null
+    readonly engineVersion: VersionNumber | null
+    readonly openedBy?: EmailAddress
+    /** On the Remote (Cloud) Backend, this is a S3 url that is valid for only 120 seconds. */
+    readonly url?: HttpsUrl
+}
+
+/** A user/organization's project containing and/or currently executing code. */
+export interface BackendProject extends Project {
+    /** This must not be null as it is required to determine the base URL for backend assets. */
+    readonly ideVersion: VersionNumber
+}
+
+/** A specific session of a project being opened and used. */
+export interface ProjectSession {
+    readonly projectId: ProjectId
+    readonly projectSessionId: ProjectSessionId
+    readonly createdAt: dateTime.Rfc3339DateTime
+    readonly closedAt?: dateTime.Rfc3339DateTime
+    readonly userEmail: EmailAddress
+}
+
+/** Metadata describing the location of an uploaded file. */
+export interface FileLocator {
+    readonly fileId: FileId
+    readonly fileName: string | null
+    readonly path: S3FilePath
+}
+
+/** Metadata uniquely identifying an uploaded file. */
+export interface FileInfo {
+    /* TODO: Should potentially be S3FilePath,
+     * but it's just string on the backend. */
+    readonly path: string
+    readonly id: FileId
+    readonly project: CreatedProject | null
+}
+
+/** Metadata for a file. */
+export interface FileMetadata {
+    readonly size: number
+}
+
+/** All metadata related to a file. */
+export interface FileDetails {
+    readonly file: FileLocator
+    readonly metadata: FileMetadata
+    /** On the Remote (Cloud) Backend, this is a S3 url that is valid for only 120 seconds. */
+    readonly url?: string
+}
+
+/** A secret environment variable. */
+export interface Secret {
+    readonly id: SecretId
+    readonly value: string
+}
+
+/** A secret environment variable and metadata uniquely identifying it. */
+export interface SecretAndInfo {
+    readonly id: SecretId
+    readonly name: string
+    readonly value: string
+}
+
+/** Metadata uniquely identifying a secret environment variable. */
+export interface SecretInfo {
+    readonly name: string
+    readonly id: SecretId
+    readonly path: string
+}
+
+/** A Datalink. */
+export type Datalink = newtype.Newtype<unknown, 'Datalink'>
+
+/** Metadata uniquely identifying a Datalink. */
+export interface DatalinkInfo {
+    readonly id: DatalinkId
+}
+
+/** A label. */
+export interface Label {
+    readonly id: TagId
+    readonly value: LabelName
+    readonly color: LChColor
+}
+
+/** Type of application that a {@link Version} applies to.
+ *
+ * We keep track of both backend and IDE versions, so that we can update the two independently.
+ * However the format of the version numbers is the same for both, so we can use the same type for
+ * both. We just need this enum to disambiguate. */
+export enum VersionType {
+    backend = 'Backend',
+    ide = 'Ide',
+}
+
+/** Stability of an IDE or backend version. */
+export enum VersionLifecycle {
+    stable = 'Stable',
+    releaseCandidate = 'ReleaseCandidate',
+    nightly = 'Nightly',
+    development = 'Development',
+}
+
+/** Version number of an IDE or backend. */
+export interface VersionNumber {
+    readonly value: string
+    readonly lifecycle: VersionLifecycle
+}
+
+/** A version describing a release of the backend or IDE. */
+export interface Version {
+    readonly number: VersionNumber
+    readonly ami: Ami | null
+    readonly created: dateTime.Rfc3339DateTime
+    // This does not follow our naming convention because it's defined this way in the backend,
+    // so we need to match it.
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    readonly version_type: VersionType
+}
+
+/** Credentials that need to be passed to libraries to give them access to the Cloud API. */
+export interface CognitoCredentials {
+    readonly accessToken: string
+    readonly refreshToken: string
+    readonly refreshUrl: string
+    readonly clientId: string
+    readonly expireAt: dateTime.Rfc3339DateTime
+}
+
+/** Subscription plans. */
+export enum Plan {
+    solo = 'solo',
+    team = 'team',
+    enterprise = 'enterprise',
+}
+
+export const PLANS = Object.values(Plan)
+
+// This is a function, even though it does not look like one.
+// eslint-disable-next-line no-restricted-syntax
+export const isPlan = array.includesPredicate(PLANS)
+
+/** Metadata uniquely describing a payment checkout session. */
+export interface CheckoutSession {
+    /** ID of the checkout session, suffixed with a secret value. */
+    readonly clientSecret: string
+    /** ID of the checkout session. */
+    readonly id: CheckoutSessionId
+}
+
+/** Metadata describing the status of a payment checkout session. */
+export interface CheckoutSessionStatus {
+    /** Status of the payment for the checkout session. */
+    readonly paymentStatus: string
+    /** Status of the checkout session. */
+    readonly status: string
+}
+
+/** Resource usage of a VM. */
+export interface ResourceUsage {
+    /** Percentage of memory used. */
+    readonly memory: number
+    /** Percentage of CPU time used since boot. */
+    readonly cpu: number
+    /** Percentage of disk space used. */
+    readonly storage: number
+}
+
+/**
+ * Metadata for a subscription.
+ */
+export interface Subscription {
+    readonly id?: SubscriptionId
+    readonly plan?: Plan
+    readonly trialStart?: dateTime.Rfc3339DateTime | null
+    readonly trialEnd?: dateTime.Rfc3339DateTime | null
+}
+
+/** Metadata for an organization. */
+export interface OrganizationInfo {
+    readonly id: OrganizationId
+    readonly name: string | null
+    readonly email: EmailAddress | null
+    readonly website: HttpsUrl | null
+    readonly address: string | null
+    readonly picture: HttpsUrl | null
+    readonly subscription: Subscription
+}
+
+/** A user group and its associated metadata. */
+export interface UserGroupInfo {
+    readonly organizationId: OrganizationId
+    readonly id: UserGroupId
+    readonly groupName: string
+}
+
+/** User permission for a specific user. */
+export interface UserPermission {
+    readonly user: UserInfo
+    readonly permission: permissions.PermissionAction
+}
+
+/** User permission for a specific user group. */
+export interface UserGroupPermission {
+    readonly userGroup: UserGroupInfo
+    readonly permission: permissions.PermissionAction
+}
+
+/** User permission for a specific user or user group. */
+export type AssetPermission = UserGroupPermission | UserPermission
+
+/** Whether an {@link AssetPermission} is a {@link UserPermission}. */
+export function isUserPermission(permission: AssetPermission): permission is UserPermission {
+    return 'user' in permission
+}
+
+/** Whether an {@link AssetPermission} is a {@link UserPermission} with an additional predicate. */
+export function isUserPermissionAnd(predicate: (permission: UserPermission) => boolean) {
+    return (permission: AssetPermission): permission is UserPermission =>
+        isUserPermission(permission) && predicate(permission)
+}
+
+/** Whether an {@link AssetPermission} is a {@link UserGroupPermission}. */
+export function isUserGroupPermission(
+    permission: AssetPermission
+): permission is UserGroupPermission {
+    return 'userGroup' in permission
+}
+
+/** Whether an {@link AssetPermission} is a {@link UserGroupPermission} with an additional predicate. */
+export function isUserGroupPermissionAnd(predicate: (permission: UserGroupPermission) => boolean) {
+    return (permission: AssetPermission): permission is UserGroupPermission =>
+        isUserGroupPermission(permission) && predicate(permission)
+}
+
+/** Get the property representing the name on an arbitrary variant of {@link UserPermission}. */
+export function getAssetPermissionName(permission: AssetPermission) {
+    return isUserPermission(permission) ? permission.user.name : permission.userGroup.groupName
+}
+
+/** Get the property representing the id on an arbitrary variant of {@link UserPermission}. */
+export function getAssetPermissionId(permission: AssetPermission): UserPermissionIdentifier {
+    return isUserPermission(permission) ? permission.user.userId : permission.userGroup.id
+}
+
+/** The type returned from the "update directory" endpoint. */
+export interface UpdatedDirectory {
+    readonly id: DirectoryId
+    readonly parentId: DirectoryId
+    readonly title: string
+}
+
+/** The type returned from the "create directory" endpoint. */
+export interface Directory extends DirectoryAsset {}
+
+/** The subset of asset fields returned by the "copy asset" endpoint. */
+export interface CopiedAsset {
+    readonly id: AssetId
+    readonly parentId: DirectoryId
+    readonly title: string
+}
+
+/** The type returned from the "copy asset" endpoint. */
+export interface CopyAssetResponse {
+    readonly asset: CopiedAsset
+}
+
+/** Possible filters for the "list directory" endpoint. */
+export enum FilterBy {
+    all = 'All',
+    active = 'Active',
+    recent = 'Recent',
+    trashed = 'Trashed',
+}
+
+/** An event in an audit log. */
+export interface Event {
+    readonly organizationId: OrganizationId
+    readonly userEmail: EmailAddress
+    readonly timestamp: dateTime.Rfc3339DateTime | null
+    // Called `EventKind` in the backend.
+    readonly metadata: EventMetadata
+}
+
+/** Possible types of event in an audit log. */
+export enum EventType {
+    GetSecret = 'getSecret',
+    DeleteAssets = 'deleteAssets',
+    ListSecrets = 'listSecrets',
+    OpenProject = 'openProject',
+    UploadFile = 'uploadFile',
+}
+
+export const EVENT_TYPES = Object.freeze(Object.values(EventType))
+
+/** An event indicating that a secret was accessed. */
+interface GetSecretEventMetadata {
+    readonly type: EventType.GetSecret
+    readonly secretId: SecretId
+}
+
+/** An event indicating that one or more assets were deleted. */
+interface DeleteAssetsEventMetadata {
+    readonly type: EventType.DeleteAssets
+}
+
+/** An event indicating that all secrets were listed. */
+interface ListSecretsEventMetadata {
+    readonly type: EventType.ListSecrets
+}
+
+/** An event indicating that a project was opened. */
+interface OpenProjectEventMetadata {
+    readonly type: EventType.OpenProject
+}
+
+/** An event indicating that a file was uploaded. */
+interface UploadFileEventMetadata {
+    readonly type: EventType.UploadFile
+}
+
+/** All possible types of metadata for an event in the audit log. */
+export type EventMetadata =
+    | DeleteAssetsEventMetadata
+    | GetSecretEventMetadata
+    | ListSecretsEventMetadata
+    | OpenProjectEventMetadata
+    | UploadFileEventMetadata
+
+/** A color in the LCh colorspace. */
+export interface LChColor {
+    readonly lightness: number
+    readonly chroma: number
+    readonly hue: number
+    readonly alpha?: number
+}
+
+/** A pre-selected list of colors to be used in color pickers. */
+export const COLORS: readonly [LChColor, ...LChColor[]] = [
+    /* eslint-disable @typescript-eslint/no-magic-numbers */
+    // Red
+    { lightness: 50, chroma: 66, hue: 7 },
+    // Orange
+    { lightness: 50, chroma: 66, hue: 34 },
+    // Yellow
+    { lightness: 50, chroma: 66, hue: 80 },
+    // Turquoise
+    { lightness: 50, chroma: 66, hue: 139 },
+    // Teal
+    { lightness: 50, chroma: 66, hue: 172 },
+    // Blue
+    { lightness: 50, chroma: 66, hue: 271 },
+    // Lavender
+    { lightness: 50, chroma: 66, hue: 295 },
+    // Pink
+    { lightness: 50, chroma: 66, hue: 332 },
+    // Light blue
+    { lightness: 50, chroma: 22, hue: 252 },
+    // Dark blue
+    { lightness: 22, chroma: 13, hue: 252 },
+    /* eslint-enable @typescript-eslint/no-magic-numbers */
+]
+
+/** Converts a {@link LChColor} to a CSS color string. */
+export function lChColorToCssColor(color: LChColor): string {
+    const alpha = 'alpha' in color ? ` / ${color.alpha}` : ''
+    return `lch(${color.lightness}% ${color.chroma} ${color.hue}${alpha})`
+}
+
+export const COLOR_STRING_TO_COLOR = new Map(
+    COLORS.map(color => [lChColorToCssColor(color), color])
+)
+
+export const INITIAL_COLOR_COUNTS = new Map(COLORS.map(color => [lChColorToCssColor(color), 0]))
+
+/** The color that is used for the least labels. Ties are broken by order. */
+export function leastUsedColor(labels: Iterable<Label>) {
+    const colorCounts = new Map(INITIAL_COLOR_COUNTS)
+    for (const label of labels) {
+        const colorString = lChColorToCssColor(label.color)
+        colorCounts.set(colorString, (colorCounts.get(colorString) ?? 0) + 1)
+    }
+    const min = Math.min(...colorCounts.values())
+    const [minColor] = [...colorCounts.entries()].find(kv => kv[1] === min) ?? []
+    return minColor == null ? COLORS[0] : COLOR_STRING_TO_COLOR.get(minColor) ?? COLORS[0]
+}
+
+// =================
+// === AssetType ===
+// =================
+
+/** All possible types of directory entries. */
+export enum AssetType {
+    project = 'project',
+    file = 'file',
+    secret = 'secret',
+    datalink = 'datalink',
+    directory = 'directory',
+    /** A special {@link AssetType} representing the unknown items of a directory, before the
+     * request to retrieve the items completes. */
+    specialLoading = 'specialLoading',
+    /** A special {@link AssetType} representing the sole child of an empty directory. */
+    specialEmpty = 'specialEmpty',
+}
+
+/** The corresponding ID newtype for each {@link AssetType}. */
+export interface IdType {
+    readonly [AssetType.project]: ProjectId
+    readonly [AssetType.file]: FileId
+    readonly [AssetType.datalink]: DatalinkId
+    readonly [AssetType.secret]: SecretId
+    readonly [AssetType.directory]: DirectoryId
+    readonly [AssetType.specialLoading]: LoadingAssetId
+    readonly [AssetType.specialEmpty]: EmptyAssetId
+}
+
+/** Integers (starting from 0) corresponding to the order in which each asset type should appear
+ * in a directory listing. */
+export const ASSET_TYPE_ORDER: Readonly<Record<AssetType, number>> = {
+    // This is a sequence of numbers, not magic numbers. `999` and `1000` are arbitrary numbers
+    // that are higher than the number of possible asset types.
+    /* eslint-disable @typescript-eslint/no-magic-numbers */
+    [AssetType.directory]: 0,
+    [AssetType.project]: 1,
+    [AssetType.file]: 2,
+    [AssetType.datalink]: 3,
+    [AssetType.secret]: 4,
+    [AssetType.specialLoading]: 999,
+    [AssetType.specialEmpty]: 1000,
+    /* eslint-enable @typescript-eslint/no-magic-numbers */
+}
+
+// =============
+// === Asset ===
+// =============
+
+/** Metadata uniquely identifying a directory entry.
+ * These can be Projects, Files, Secrets, or other directories. */
+export interface BaseAsset {
+    readonly id: AssetId
+    readonly title: string
+    readonly modifiedAt: dateTime.Rfc3339DateTime
+    /** This is defined as a generic {@link AssetId} in the backend, however it is more convenient
+     * (and currently safe) to assume it is always a {@link DirectoryId}. */
+    readonly parentId: DirectoryId
+    readonly permissions: AssetPermission[] | null
+    readonly labels: LabelName[] | null
+    readonly description: string | null
+}
+
+/** Metadata uniquely identifying a directory entry.
+ * These can be Projects, Files, Secrets, or other directories. */
+export interface Asset<Type extends AssetType = AssetType> extends BaseAsset {
+    readonly type: Type
+    readonly id: IdType[Type]
+    readonly projectState: Type extends AssetType.project ? ProjectStateType : null
+}
+
+/** A convenience alias for {@link Asset}<{@link AssetType.directory}>. */
+export interface DirectoryAsset extends Asset<AssetType.directory> {}
+
+/** A convenience alias for {@link Asset}<{@link AssetType.project}>. */
+export interface ProjectAsset extends Asset<AssetType.project> {}
+
+/** A convenience alias for {@link Asset}<{@link AssetType.file}>. */
+export interface FileAsset extends Asset<AssetType.file> {}
+
+/** A convenience alias for {@link Asset}<{@link AssetType.datalink}>. */
+export interface DatalinkAsset extends Asset<AssetType.datalink> {}
+
+/** A convenience alias for {@link Asset}<{@link AssetType.secret}>. */
+export interface SecretAsset extends Asset<AssetType.secret> {}
+
+/** A convenience alias for {@link Asset}<{@link AssetType.specialLoading}>. */
+export interface SpecialLoadingAsset extends Asset<AssetType.specialLoading> {}
+
+/** A convenience alias for {@link Asset}<{@link AssetType.specialEmpty}>. */
+export interface SpecialEmptyAsset extends Asset<AssetType.specialEmpty> {}
+
+/** Creates a {@link DirectoryAsset} representing the root directory for the organization,
+ * with all irrelevant fields initialized to default values. */
+export function createRootDirectoryAsset(directoryId: DirectoryId): DirectoryAsset {
+    return {
+        type: AssetType.directory,
+        title: '(root)',
+        id: directoryId,
+        modifiedAt: dateTime.toRfc3339(new Date()),
+        parentId: DirectoryId(''),
+        permissions: [],
+        projectState: null,
+        labels: [],
+        description: null,
+    }
+}
+
+/** Creates a {@link FileAsset} using the given values. */
+export function createPlaceholderFileAsset(
+    title: string,
+    parentId: DirectoryId,
+    assetPermissions: AssetPermission[]
+): FileAsset {
+    return {
+        type: AssetType.file,
+        id: FileId(uniqueString.uniqueString()),
+        title,
+        parentId,
+        permissions: assetPermissions,
+        modifiedAt: dateTime.toRfc3339(new Date()),
+        projectState: null,
+        labels: [],
+        description: null,
+    }
+}
+
+/** Creates a {@link ProjectAsset} using the given values. */
+export function createPlaceholderProjectAsset(
+    title: string,
+    parentId: DirectoryId,
+    assetPermissions: AssetPermission[],
+    organization: User | null,
+    path: Path | null
+): ProjectAsset {
+    return {
+        type: AssetType.project,
+        id: ProjectId(uniqueString.uniqueString()),
+        title,
+        parentId,
+        permissions: assetPermissions,
+        modifiedAt: dateTime.toRfc3339(new Date()),
+        projectState: {
+            type: ProjectState.new,
+            volumeId: '',
+            ...(organization != null ? { openedBy: organization.email } : {}),
+            ...(path != null ? { path } : {}),
+        },
+        labels: [],
+        description: null,
+    }
+}
+
+/** Creates a {@link SpecialLoadingAsset}, with all irrelevant fields initialized to default
+ * values. */
+export function createSpecialLoadingAsset(directoryId: DirectoryId): SpecialLoadingAsset {
+    return {
+        type: AssetType.specialLoading,
+        title: '',
+        id: LoadingAssetId(uniqueString.uniqueString()),
+        modifiedAt: dateTime.toRfc3339(new Date()),
+        parentId: directoryId,
+        permissions: [],
+        projectState: null,
+        labels: [],
+        description: null,
+    }
+}
+
+/** Creates a {@link SpecialEmptyAsset}, with all irrelevant fields initialized to default
+ * values. */
+export function createSpecialEmptyAsset(directoryId: DirectoryId): SpecialEmptyAsset {
+    return {
+        type: AssetType.specialEmpty,
+        title: '',
+        id: EmptyAssetId(uniqueString.uniqueString()),
+        modifiedAt: dateTime.toRfc3339(new Date()),
+        parentId: directoryId,
+        permissions: [],
+        projectState: null,
+        labels: [],
+        description: null,
+    }
+}
+
+/** Any object with a `type` field matching the given `AssetType`. */
+interface HasType<Type extends AssetType> {
+    readonly type: Type
+}
+
+/** A union of all possible {@link Asset} variants. */
+export type AnyAsset<Type extends AssetType = AssetType> = Extract<
+    | DatalinkAsset
+    | DirectoryAsset
+    | FileAsset
+    | ProjectAsset
+    | SecretAsset
+    | SpecialEmptyAsset
+    | SpecialLoadingAsset,
+    HasType<Type>
+>
+
+/** A type guard that returns whether an {@link Asset} is a specific type of asset. */
+export function assetIsType<Type extends AssetType>(type: Type) {
+    return (asset: AnyAsset): asset is Extract<AnyAsset, Asset<Type>> => asset.type === type
+}
+
+/** Creates a new placeholder asset id for the given asset type. */
+export function createPlaceholderAssetId<Type extends AssetType>(
+    type: Type,
+    id?: string
+): IdType[Type] {
+    // This is required so that TypeScript can check the `switch` for exhaustiveness.
+    const assetType: AssetType = type
+    id ??= uniqueString.uniqueString()
+    let result: AssetId
+    switch (assetType) {
+        case AssetType.directory: {
+            result = DirectoryId(id)
+            break
+        }
+        case AssetType.project: {
+            result = ProjectId(id)
+            break
+        }
+        case AssetType.file: {
+            result = FileId(id)
+            break
+        }
+        case AssetType.datalink: {
+            result = DatalinkId(id)
+            break
+        }
+        case AssetType.secret: {
+            result = SecretId(id)
+            break
+        }
+        case AssetType.specialLoading: {
+            result = LoadingAssetId(id)
+            break
+        }
+        case AssetType.specialEmpty: {
+            result = EmptyAssetId(id)
+            break
+        }
+    }
+    // This is SAFE, just too dynamic for TypeScript to correctly typecheck.
+    // eslint-disable-next-line no-restricted-syntax
+    return result as IdType[Type]
+}
+
+// These are functions, and so their names should be camelCase.
+/* eslint-disable no-restricted-syntax */
+/** A type guard that returns whether an {@link Asset} is a {@link ProjectAsset}. */
+export const assetIsProject = assetIsType(AssetType.project)
+/** A type guard that returns whether an {@link Asset} is a {@link DirectoryAsset}. */
+export const assetIsDirectory = assetIsType(AssetType.directory)
+/** A type guard that returns whether an {@link Asset} is a {@link DatalinkAsset}. */
+export const assetIsDatalink = assetIsType(AssetType.datalink)
+/** A type guard that returns whether an {@link Asset} is a {@link SecretAsset}. */
+export const assetIsSecret = assetIsType(AssetType.secret)
+/** A type guard that returns whether an {@link Asset} is a {@link FileAsset}. */
+export const assetIsFile = assetIsType(AssetType.file)
+/* eslint-enable no-restricted-syntax */
+
+/** Metadata describing a specific version of an asset. */
+export interface S3ObjectVersion {
+    readonly versionId: S3ObjectVersionId
+    readonly lastModified: dateTime.Rfc3339DateTime
+    readonly isLatest: boolean
+    /** An archive containing the all the project files object in the S3 bucket. */
+    readonly key: string
+}
+
+/** A list of asset versions. */
+export interface AssetVersions {
+    readonly versions: S3ObjectVersion[]
+}
+
+// ===============================
+// === compareAssetPermissions ===
+// ===============================
+
+/** Return a positive number when `a > b`, a negative number when `a < b`, and `0`
+ * when `a === b`. */
+export function compareAssetPermissions(a: AssetPermission, b: AssetPermission) {
+    const relativePermissionPrecedence =
+        permissions.PERMISSION_ACTION_PRECEDENCE[a.permission] -
+        permissions.PERMISSION_ACTION_PRECEDENCE[b.permission]
+    if (relativePermissionPrecedence !== 0) {
+        return relativePermissionPrecedence
+    } else {
+        // NOTE [NP]: Although `userId` is unique, and therefore sufficient to sort permissions, sort
+        // name first, so that it's easier to find a permission in a long list (i.e., for readability).
+        const aName = 'user' in a ? a.user.name : a.userGroup.groupName
+        const bName = 'user' in b ? b.user.name : b.userGroup.groupName
+        const aUserId = 'user' in a ? a.user.userId : a.userGroup.id
+        const bUserId = 'user' in b ? b.user.userId : b.userGroup.id
+        return aName < bName
+            ? -1
+            : aName > bName
+              ? 1
+              : aUserId < bUserId
+                ? -1
+                : aUserId > bUserId
+                  ? 1
+                  : 0
+    }
+}
+
+// =================
+// === Endpoints ===
+// =================
+
+/** HTTP request body for the "set username" endpoint. */
+export interface CreateUserRequestBody {
+    readonly userName: string
+    readonly userEmail: EmailAddress
+    readonly organizationId: OrganizationId | null
+}
+
+/** HTTP request body for the "update user" endpoint. */
+export interface UpdateUserRequestBody {
+    readonly username: string | null
+}
+
+/** HTTP request body for the "change user group" endpoint. */
+export interface ChangeUserGroupRequestBody {
+    readonly userGroups: UserGroupId[]
+}
+
+/** HTTP request body for the "update organization" endpoint. */
+export interface UpdateOrganizationRequestBody {
+    readonly name?: string
+    readonly email?: EmailAddress
+    readonly website?: HttpsUrl
+    readonly address?: string
+}
+
+/** HTTP request body for the "invite user" endpoint. */
+export interface InviteUserRequestBody {
+    readonly organizationId: OrganizationId
+    readonly userEmail: EmailAddress
+}
+
+/** HTTP response body for the "list invitations" endpoint. */
+export interface ListInvitationsResponseBody {
+    readonly invitations: readonly Invitation[]
+}
+
+/** Invitation to join an organization. */
+export interface Invitation {
+    readonly organizationId: OrganizationId
+    readonly userEmail: EmailAddress
+    readonly expireAt: dateTime.Rfc3339DateTime
+}
+
+/** HTTP request body for the "create permission" endpoint. */
+export interface CreatePermissionRequestBody {
+    readonly actorsIds: readonly UserPermissionIdentifier[]
+    readonly resourceId: AssetId
+    readonly action: permissions.PermissionAction | null
+}
+
+/** HTTP request body for the "create directory" endpoint. */
+export interface CreateDirectoryRequestBody {
+    readonly title: string
+    readonly parentId: DirectoryId | null
+}
+
+/** HTTP request body for the "update directory" endpoint. */
+export interface UpdateDirectoryRequestBody {
+    readonly title: string
+}
+
+/** HTTP request body for the "update file" endpoint. */
+export interface UpdateFileRequestBody {
+    readonly title: string
+}
+
+/** HTTP request body for the "update asset" endpoint. */
+export interface UpdateAssetRequestBody {
+    readonly parentDirectoryId: DirectoryId | null
+    readonly description: string | null
+    /** Only present on the Local backend. */
+    readonly projectPath?: Path
+}
+
+/** HTTP request body for the "delete asset" endpoint. */
+export interface DeleteAssetRequestBody {
+    readonly force: boolean
+    /** Only used by the Local backend. */
+    readonly parentId: DirectoryId
+}
+
+/** HTTP request body for the "create project" endpoint. */
+export interface CreateProjectRequestBody {
+    readonly projectName: string
+    readonly projectTemplateName?: string
+    readonly parentDirectoryId?: DirectoryId
+    readonly datalinkId?: DatalinkId
+}
+
+/** HTTP request body for the "update project" endpoint.
+ * Only updates of the `projectName` or `ami` are allowed. */
+export interface UpdateProjectRequestBody {
+    readonly projectName: string | null
+    readonly ami: Ami | null
+    readonly ideVersion: VersionNumber | null
+    /** Only used by the Local backend. */
+    readonly parentId: DirectoryId
+}
+
+/** HTTP request body for the "open project" endpoint. */
+export interface OpenProjectRequestBody {
+    readonly executeAsync: boolean
+    /** MUST be present on Remote backend; NOT REQUIRED on Local backend. */
+    readonly cognitoCredentials: CognitoCredentials | null
+    /** Only used by the Local backend. */
+    readonly parentId: DirectoryId
+}
+
+/** HTTP request body for the "create secret" endpoint. */
+export interface CreateSecretRequestBody {
+    readonly name: string
+    readonly value: string
+    readonly parentDirectoryId: DirectoryId | null
+}
+
+/** HTTP request body for the "update secret" endpoint. */
+export interface UpdateSecretRequestBody {
+    readonly value: string
+}
+
+/** HTTP request body for the "create datalink" endpoint. */
+export interface CreateDatalinkRequestBody {
+    readonly name: string
+    readonly value: unknown
+    readonly parentDirectoryId: DirectoryId | null
+    readonly datalinkId: DatalinkId | null
+}
+
+/** HTTP request body for the "create tag" endpoint. */
+export interface CreateTagRequestBody {
+    readonly value: string
+    readonly color: LChColor
+}
+
+/** HTTP request body for the "create user group" endpoint. */
+export interface CreateUserGroupRequestBody {
+    readonly name: string
+}
+
+/** HTTP request body for the "create checkout session" endpoint. */
+export interface CreateCheckoutSessionRequestBody {
+    readonly plan: Plan
+    readonly paymentMethodId: string
+}
+
+/** URL query string parameters for the "list directory" endpoint. */
+export interface ListDirectoryRequestParams {
+    readonly parentId: DirectoryId | null
+    readonly filterBy: FilterBy | null
+    readonly labels: LabelName[] | null
+    readonly recentProjects: boolean
+}
+
+/** URL query string parameters for the "upload file" endpoint. */
+export interface UploadFileRequestParams {
+    readonly fileId: AssetId | null
+    // Marked as optional in the data type, however it is required by the actual route handler.
+    readonly fileName: string
+    readonly parentDirectoryId: DirectoryId | null
+}
+
+/** URL query string parameters for the "upload profile picture" endpoint. */
+export interface UploadPictureRequestParams {
+    readonly fileName: string | null
+}
+
+/** URL query string parameters for the "list versions" endpoint. */
+export interface ListVersionsRequestParams {
+    readonly versionType: VersionType
+    readonly default: boolean
+}
+
+/**
+ * POST request body for the "create checkout session" endpoint.
+ */
+export interface CreateCheckoutSessionRequestParams {
+    readonly plan: Plan
+    readonly paymentMethodId: string
+}
+
+// ==============================
+// === detectVersionLifecycle ===
+// ==============================
+
+/** Extract the {@link VersionLifecycle} from a version string. */
+export function detectVersionLifecycle(version: string) {
+    if (/rc/i.test(version)) {
+        return VersionLifecycle.releaseCandidate
+    } else if (/\bnightly\b/i.test(version)) {
+        return VersionLifecycle.nightly
+    } else if (/\bdev\b|\balpha\b/i.test(version)) {
+        return VersionLifecycle.development
+    } else {
+        return VersionLifecycle.stable
+    }
+}
+
+// =====================
+// === compareAssets ===
+// =====================
+
+/** Return a positive number if `a > b`, a negative number if `a < b`, and zero if `a === b`. */
+export function compareAssets(a: AnyAsset, b: AnyAsset) {
+    const relativeTypeOrder = ASSET_TYPE_ORDER[a.type] - ASSET_TYPE_ORDER[b.type]
+    if (relativeTypeOrder !== 0) {
+        return relativeTypeOrder
+    } else {
+        const aModified = Number(new Date(a.modifiedAt))
+        const bModified = Number(new Date(b.modifiedAt))
+        const modifiedDelta = aModified - bModified
+        if (modifiedDelta !== 0) {
+            // Sort by date descending, rather than ascending.
+            return -modifiedDelta
+        } else {
+            return a.title > b.title ? 1 : a.title < b.title ? -1 : 0
+        }
+    }
+}
+
+// ==================
+// === getAssetId ===
+// ==================
+
+/** A convenience function to get the `id` of an {@link Asset}.
+ * This is useful to avoid React re-renders as it is not re-created on each function call. */
+export function getAssetId<Type extends AssetType>(asset: Asset<Type>) {
+    return asset.id
+}
+
+// =====================
+// === fileIsProject ===
+// =====================
+
+/** A subset of properties of the JS `File` type. */
+interface JSFile {
+    readonly name: string
+}
+
+/** Whether a `File` is a project. */
+export function fileIsProject(file: JSFile) {
+    return (
+        file.name.endsWith('.tar.gz') ||
+        file.name.endsWith('.zip') ||
+        file.name.endsWith('.enso-project')
+    )
+}
+
+/** Whether a `File` is not a project. */
+export function fileIsNotProject(file: JSFile) {
+    return !fileIsProject(file)
+}
+
+// =============================
+// === stripProjectExtension ===
+// =============================
+
+/** Remove the extension of the project file name (if any). */
+export function stripProjectExtension(name: string) {
+    return name.replace(/[.](?:tar[.]gz|zip|enso-project)$/, '')
+}
+
+/** Return both the name and extension of the project file name (if any).
+ * Otherwise, returns the entire name as the basename. */
+export function extractProjectExtension(name: string) {
+    const [, basename, extension] = name.match(/^(.*)[.](tar[.]gz|zip|enso-project)$/) ?? []
+    return { basename: basename ?? name, extension: extension ?? '' }
+}
+
+/**
+ * Network error class.
+ */
+export class NetworkError extends Error {
+    /**
+     * Create a new instance of the {@link NetworkError} class.
+     * @param message - The error message.
+     * @param status - The HTTP status code.
+     */
+    constructor(
+        message: string,
+        readonly status?: number
+    ) {
+        super(message)
+    }
+}
+/**
+ * Error class for when the user is not authorized to access a resource.
+ */
+export class NotAuthorizedError extends NetworkError {}
+
+// ===============
+// === Backend ===
+// ===============
+
+/** Interface for sending requests to a backend that manages assets and runs projects. */
+export default abstract class Backend {
+    abstract readonly type: BackendType
+
+    /** The path to the root directory of this {@link Backend}. */
+    abstract readonly rootPath: string
+    /** Return the ID of the root directory, if known. */
+    abstract rootDirectoryId(user: User | null): DirectoryId | null
+    /** Return a list of all users in the same organization. */
+    abstract listUsers(): Promise<readonly User[]>
+    /** Set the username of the current user. */
+    abstract createUser(body: CreateUserRequestBody): Promise<User>
+    /** Change the username of the current user. */
+    abstract updateUser(body: UpdateUserRequestBody): Promise<void>
+    /** Restore the current user. */
+    abstract restoreUser(): Promise<void>
+    /** Delete the current user. */
+    abstract deleteUser(): Promise<void>
+    /** Delete a user. */
+    abstract removeUser(userId: UserId): Promise<void>
+    /** Upload a new profile picture for the current user. */
+    abstract uploadUserPicture(params: UploadPictureRequestParams, file: Blob): Promise<User>
+    /** Set the list of groups a user is in. */
+    abstract changeUserGroup(
+        userId: UserId,
+        userGroups: ChangeUserGroupRequestBody,
+        name: string | null
+    ): Promise<User>
+    /** Invite a new user to the organization by email. */
+    abstract inviteUser(body: InviteUserRequestBody): Promise<void>
+    /** Return a list of invitations to the organization. */
+    abstract listInvitations(): Promise<readonly Invitation[]>
+    /** Delete an invitation. */
+    abstract deleteInvitation(userEmail: EmailAddress): Promise<void>
+    /** Resend an invitation. */
+    abstract resendInvitation(userEmail: EmailAddress): Promise<void>
+    /** Get the details of the current organization. */
+    abstract getOrganization(): Promise<OrganizationInfo | null>
+    /** Change the details of the current organization. */
+    abstract updateOrganization(
+        body: UpdateOrganizationRequestBody
+    ): Promise<OrganizationInfo | null>
+    /** Upload a new profile picture for the current organization. */
+    abstract uploadOrganizationPicture(
+        params: UploadPictureRequestParams,
+        file: Blob
+    ): Promise<OrganizationInfo>
+    /** Adds a permission for a specific user on a specific asset. */
+    abstract createPermission(body: CreatePermissionRequestBody): Promise<void>
+    /** Return user details for the current user. */
+    abstract usersMe(): Promise<User | null>
+    /** Return a list of assets in a directory. */
+    abstract listDirectory(query: ListDirectoryRequestParams, title: string): Promise<AnyAsset[]>
+    /** Create a directory. */
+    abstract createDirectory(body: CreateDirectoryRequestBody): Promise<CreatedDirectory>
+    /** Change the name of a directory. */
+    abstract updateDirectory(
+        directoryId: DirectoryId,
+        body: UpdateDirectoryRequestBody,
+        title: string
+    ): Promise<UpdatedDirectory>
+    /** List previous versions of an asset. */
+    abstract listAssetVersions(assetId: AssetId, title: string | null): Promise<AssetVersions>
+    /** Change the parent directory of an asset. */
+    abstract updateAsset(
+        assetId: AssetId,
+        body: UpdateAssetRequestBody,
+        title: string
+    ): Promise<void>
+    /** Delete an arbitrary asset. */
+    abstract deleteAsset(
+        assetId: AssetId,
+        body: DeleteAssetRequestBody,
+        title: string
+    ): Promise<void>
+    /** Restore an arbitrary asset from the trash. */
+    abstract undoDeleteAsset(assetId: AssetId, title: string): Promise<void>
+    /** Copy an arbitrary asset to another directory. */
+    abstract copyAsset(
+        assetId: AssetId,
+        parentDirectoryId: DirectoryId,
+        title: string,
+        parentDirectoryTitle: string
+    ): Promise<CopyAssetResponse>
+    /** Return a list of projects belonging to the current user. */
+    abstract listProjects(): Promise<ListedProject[]>
+    /** Create a project for the current user. */
+    abstract createProject(body: CreateProjectRequestBody): Promise<CreatedProject>
+    /** Close a project. */
+    abstract closeProject(projectId: ProjectId, title: string): Promise<void>
+    /** Return a list of sessions for the current project. */
+    abstract listProjectSessions(projectId: ProjectId, title: string): Promise<ProjectSession[]>
+    /** Restore a project from a different version. */
+    abstract restoreProject(
+        projectId: ProjectId,
+        versionId: S3ObjectVersionId,
+        title: string
+    ): Promise<void>
+    /** Duplicate a specific version of a project. */
+    abstract duplicateProject(
+        projectId: ProjectId,
+        versionId: S3ObjectVersionId,
+        title: string
+    ): Promise<CreatedProject>
+    /** Return project details. */
+    abstract getProjectDetails(
+        projectId: ProjectId,
+        directoryId: DirectoryId | null,
+        title: string
+    ): Promise<Project>
+    /** Return Language Server logs for a project session. */
+    abstract getProjectSessionLogs(
+        projectSessionId: ProjectSessionId,
+        title: string
+    ): Promise<string[]>
+    /** Set a project to an open state. */
+    abstract openProject(
+        projectId: ProjectId,
+        body: OpenProjectRequestBody | null,
+        title: string
+    ): Promise<void>
+    /** Change the AMI or IDE version of a project. */
+    abstract updateProject(
+        projectId: ProjectId,
+        body: UpdateProjectRequestBody,
+        title: string
+    ): Promise<UpdatedProject>
+    /** Fetch the content of the `Main.enso` file of a project. */
+    abstract getFileContent(projectId: ProjectId, version: string, title: string): Promise<string>
+    /** Return project memory, processor and storage usage. */
+    abstract checkResources(projectId: ProjectId, title: string): Promise<ResourceUsage>
+    /** Return a list of files accessible by the current user. */
+    abstract listFiles(): Promise<FileLocator[]>
+    /** Upload a file. */
+    abstract uploadFile(params: UploadFileRequestParams, file: Blob): Promise<FileInfo>
+    /** Change the name of a file. */
+    abstract updateFile(fileId: FileId, body: UpdateFileRequestBody, title: string): Promise<void>
+    /** Return file details. */
+    abstract getFileDetails(fileId: FileId, title: string): Promise<FileDetails>
+    /** Create a Datalink. */
+    abstract createDatalink(body: CreateDatalinkRequestBody): Promise<DatalinkInfo>
+    /** Return a Datalink. */
+    abstract getDatalink(datalinkId: DatalinkId, title: string | null): Promise<Datalink>
+    /** Delete a Datalink. */
+    abstract deleteDatalink(datalinkId: DatalinkId, title: string | null): Promise<void>
+    /** Create a secret environment variable. */
+    abstract createSecret(body: CreateSecretRequestBody): Promise<SecretId>
+    /** Return a secret environment variable. */
+    abstract getSecret(secretId: SecretId, title: string): Promise<Secret>
+    /** Change the value of a secret. */
+    abstract updateSecret(
+        secretId: SecretId,
+        body: UpdateSecretRequestBody,
+        title: string
+    ): Promise<void>
+    /** Return the secret environment variables accessible by the user. */
+    abstract listSecrets(): Promise<SecretInfo[]>
+    /** Create a label used for categorizing assets. */
+    abstract createTag(body: CreateTagRequestBody): Promise<Label>
+    /** Return all labels accessible by the user. */
+    abstract listTags(): Promise<Label[]>
+    /** Set the full list of labels for a specific asset. */
+    abstract associateTag(assetId: AssetId, tagIds: LabelName[], title: string): Promise<void>
+    /** Delete a label. */
+    abstract deleteTag(tagId: TagId, value: LabelName): Promise<void>
+    /** Create a user group. */
+    abstract createUserGroup(body: CreateUserGroupRequestBody): Promise<UserGroupInfo>
+    /** Delete a user group. */
+    abstract deleteUserGroup(userGroupId: UserGroupId, name: string): Promise<void>
+    /** Return all user groups in the organization. */
+    abstract listUserGroups(): Promise<UserGroupInfo[]>
+    /** Return a list of backend or IDE versions. */
+    abstract listVersions(params: ListVersionsRequestParams): Promise<Version[]>
+    /** Create a payment checkout session. */
+    abstract createCheckoutSession(
+        params: CreateCheckoutSessionRequestParams
+    ): Promise<CheckoutSession>
+    /** Get the status of a payment checkout session. */
+    abstract getCheckoutSession(sessionId: CheckoutSessionId): Promise<CheckoutSessionStatus>
+    /** List events in the organization's audit log. */
+    abstract getLogEvents(): Promise<Event[]>
+    /** Log an event that will be visible in the organization audit log. */
+    abstract logEvent(
+        message: string,
+        projectId?: string | null,
+        metadata?: object | null
+    ): Promise<void>
+    /** Return a {@link Promise} that resolves only when a project is ready to open. */
+    abstract waitUntilProjectIsReady(
+        projectId: ProjectId,
+        directory: DirectoryId | null,
+        title: string,
+        abortSignal?: AbortSignal
+    ): Promise<Project>
+}
diff --git a/app/ide-desktop/lib/dashboard/src/text/english.json b/app/ide-desktop/lib/common/src/text/english.json
similarity index 100%
rename from app/ide-desktop/lib/dashboard/src/text/english.json
rename to app/ide-desktop/lib/common/src/text/english.json
diff --git a/app/ide-desktop/lib/common/src/text/index.ts b/app/ide-desktop/lib/common/src/text/index.ts
new file mode 100644
index 0000000000..d04bd61ffb
--- /dev/null
+++ b/app/ide-desktop/lib/common/src/text/index.ts
@@ -0,0 +1,136 @@
+/** @file Functions related to displaying text. */
+
+import ENGLISH from './english.json' assert { type: 'json' }
+
+// =============
+// === Types ===
+// =============
+
+/** Possible languages in which to display text. */
+export enum Language {
+    english = 'english',
+}
+
+export const LANGUAGE_TO_LOCALE: Record<Language, string> = {
+    [Language.english]: 'en-US',
+}
+
+/** An object containing the corresponding localized text for each text ID. */
+type Texts = typeof ENGLISH
+/** All possible text IDs. */
+export type TextId = keyof Texts
+
+/** Overrides the default number of placeholders (0). */
+interface PlaceholderOverrides {
+    readonly copyAssetError: [assetName: string]
+    readonly moveAssetError: [assetName: string]
+    readonly findProjectError: [projectName: string]
+    readonly openProjectError: [projectName: string]
+    readonly deleteAssetError: [assetName: string]
+    readonly restoreAssetError: [assetName: string]
+    readonly restoreProjectError: [projectName: string]
+    readonly unknownThreadIdError: [threadId: string]
+    readonly needsOwnerError: [assetType: string]
+    readonly inviteSuccess: [userEmail: string]
+    readonly inviteManyUsersSuccess: [userCount: number]
+
+    readonly deleteLabelActionText: [labelName: string]
+    readonly deleteSelectedAssetActionText: [assetName: string]
+    readonly deleteSelectedAssetsActionText: [count: number]
+    readonly deleteSelectedAssetForeverActionText: [assetName: string]
+    readonly deleteSelectedAssetsForeverActionText: [count: number]
+    readonly deleteUserActionText: [userName: string]
+    readonly deleteUserGroupActionText: [groupName: string]
+    readonly removeUserFromUserGroupActionText: [userName: string, groupName: string]
+    readonly confirmPrompt: [action: string]
+    readonly deleteTheAssetTypeTitle: [assetType: string, assetName: string]
+    readonly couldNotInviteUser: [userEmail: string]
+    readonly filesWithoutConflicts: [fileCount: number]
+    readonly projectsWithoutConflicts: [projectCount: number]
+    readonly andOtherFiles: [fileCount: number]
+    readonly andOtherProjects: [projectCount: number]
+    readonly emailIsNotAValidEmail: [userEmail: string]
+    readonly userIsAlreadyInTheOrganization: [userEmail: string]
+    readonly youAreAlreadyAddingUser: [userEmail: string]
+    readonly lastModifiedOn: [dateString: string]
+    readonly versionX: [version: number | string]
+    readonly buildX: [build: string]
+    readonly electronVersionX: [electronVersion: string]
+    readonly chromeVersionX: [chromeVersion: string]
+    readonly userAgentX: [userAgent: string]
+    readonly compareVersionXWithLatest: [versionNumber: number]
+    readonly onDateX: [dateString: string]
+    readonly xUsersAndGroupsSelected: [usersAndGroupsCount: number]
+    readonly upgradeTo: [planName: string]
+    readonly enterTheNewKeyboardShortcutFor: [actionName: string]
+    readonly downloadProjectError: [projectName: string]
+    readonly downloadFileError: [fileName: string]
+    readonly downloadDatalinkError: [datalinkName: string]
+    readonly deleteUserGroupError: [userGroupName: string]
+    readonly removeUserFromUserGroupError: [userName: string, userGroupName: string]
+    readonly deleteUserError: [userName: string]
+
+    readonly inviteUserBackendError: [string]
+    readonly changeUserGroupsBackendError: [string]
+    readonly listFolderBackendError: [string]
+    readonly createFolderBackendError: [string]
+    readonly updateFolderBackendError: [string]
+    readonly listAssetVersionsBackendError: [string]
+    readonly getFileContentsBackendError: [string]
+    readonly updateAssetBackendError: [string]
+    readonly deleteAssetBackendError: [string]
+    readonly undoDeleteAssetBackendError: [string]
+    readonly copyAssetBackendError: [string, string]
+    readonly createProjectBackendError: [string]
+    readonly restoreProjectBackendError: [string]
+    readonly duplicateProjectBackendError: [string]
+    readonly closeProjectBackendError: [string]
+    readonly listProjectSessionsBackendError: [string]
+    readonly getProjectDetailsBackendError: [string]
+    readonly getProjectLogsBackendError: [string]
+    readonly openProjectBackendError: [string]
+    readonly openProjectMissingCredentialsBackendError: [string]
+    readonly updateProjectBackendError: [string]
+    readonly checkResourcesBackendError: [string]
+    readonly uploadFileWithNameBackendError: [string]
+    readonly getFileDetailsBackendError: [string]
+    readonly createDatalinkBackendError: [string]
+    readonly getDatalinkBackendError: [string]
+    readonly deleteDatalinkBackendError: [string]
+    readonly createSecretBackendError: [string]
+    readonly getSecretBackendError: [string]
+    readonly updateSecretBackendError: [string]
+    readonly createLabelBackendError: [string]
+    readonly associateLabelsBackendError: [string]
+    readonly deleteLabelBackendError: [string]
+    readonly createUserGroupBackendError: [string]
+    readonly deleteUserGroupBackendError: [string]
+    readonly listVersionsBackendError: [string]
+    readonly createCheckoutSessionBackendError: [string]
+    readonly getCheckoutSessionBackendError: [string]
+    readonly getDefaultVersionBackendError: [string]
+    readonly logEventBackendError: [string]
+
+    readonly subscribeSuccessSubtitle: [string]
+    readonly assetsDropFilesDescription: [count: number]
+
+    readonly paywallAvailabilityLevel: [plan: string]
+    readonly paywallScreenDescription: [plan: string]
+    readonly userGroupsLimitMessage: [limit: number]
+    readonly inviteFormSeatsLeftError: [exceedBy: number]
+    readonly inviteFormSeatsLeft: [seatsLeft: number]
+    readonly seatsLeft: [seatsLeft: number, seatsTotal: number]
+}
+
+/** An tuple of `string` for placeholders for each {@link TextId}. */
+export interface Replacements
+    extends PlaceholderOverrides,
+        Record<Exclude<TextId, keyof PlaceholderOverrides>, []> {}
+
+// =================
+// === Constants ===
+// =================
+
+export const TEXTS: Readonly<Record<Language, Texts>> = {
+    [Language.english]: ENGLISH,
+}
diff --git a/app/ide-desktop/lib/common/src/utilities/data/array.ts b/app/ide-desktop/lib/common/src/utilities/data/array.ts
new file mode 100644
index 0000000000..abca1f0c36
--- /dev/null
+++ b/app/ide-desktop/lib/common/src/utilities/data/array.ts
@@ -0,0 +1,65 @@
+/** @file Utilities for manipulating arrays. */
+
+// ====================
+// === shallowEqual ===
+// ====================
+
+/** Whether both arrays contain the same items. Does not recurse into the items. */
+export function shallowEqual<T>(a: readonly T[], b: readonly T[]) {
+    return a.length === b.length && a.every((item, i) => item === b[i])
+}
+
+// ================
+// === includes ===
+// ================
+
+/** Returns a type predicate that returns true if and only if the value is in the array.
+ * The array MUST contain every element of `T`. */
+export function includes<T>(array: T[], item: unknown): item is T {
+    const arrayOfUnknown: unknown[] = array
+    return arrayOfUnknown.includes(item)
+}
+
+/** Returns a type predicate that returns true if and only if the value is in the iterable.
+ * The iterable MUST contain every element of `T`. */
+export function includesPredicate<T>(array: Iterable<T>) {
+    const set: Set<unknown> = array instanceof Set ? array : new Set<T>(array)
+    return (item: unknown): item is T => set.has(item)
+}
+
+// ======================
+// === splice helpers ===
+// ======================
+
+/** The value returned when {@link Array.findIndex} fails. */
+const NOT_FOUND = -1
+
+/** Insert items before the first index `i` for which `predicate(array[i])` is `true`.
+ * Insert the items at the end if the `predicate` never returns `true`. */
+export function spliceBefore<T>(array: T[], items: T[], predicate: (value: T) => boolean) {
+    const index = array.findIndex(predicate)
+    array.splice(index === NOT_FOUND ? array.length : index, 0, ...items)
+    return array
+}
+
+/** Return a copy of the array, with items inserted before the first index `i` for which
+ * `predicate(array[i])` is `true`. The items are inserted at the end if the `predicate` never
+ * returns `true`. */
+export function splicedBefore<T>(array: T[], items: T[], predicate: (value: T) => boolean) {
+    return spliceBefore(Array.from(array), items, predicate)
+}
+
+/** Insert items after the first index `i` for which `predicate(array[i])` is `true`.
+ * Insert the items at the end if the `predicate` never returns `true`. */
+export function spliceAfter<T>(array: T[], items: T[], predicate: (value: T) => boolean) {
+    const index = array.findIndex(predicate)
+    array.splice(index === NOT_FOUND ? array.length : index + 1, 0, ...items)
+    return array
+}
+
+/** Return a copy of the array, with items inserted after the first index `i` for which
+ * `predicate(array[i])` is `true`. The items are inserted at the end if the `predicate` never
+ * returns `true`. */
+export function splicedAfter<T>(array: T[], items: T[], predicate: (value: T) => boolean) {
+    return spliceAfter(Array.from(array), items, predicate)
+}
diff --git a/app/ide-desktop/lib/common/src/utilities/data/dateTime.ts b/app/ide-desktop/lib/common/src/utilities/data/dateTime.ts
new file mode 100644
index 0000000000..41c69c3fba
--- /dev/null
+++ b/app/ide-desktop/lib/common/src/utilities/data/dateTime.ts
@@ -0,0 +1,78 @@
+/** @file Utilities for manipulating and displaying dates and times. */
+import * as newtype from './newtype'
+
+// =================
+// === Constants ===
+// =================
+
+/** The number of hours in half a day. This is used to get the number of hours for AM/PM time. */
+const HALF_DAY_HOURS = 12
+
+/** A mapping from the month index returned by {@link Date.getMonth} to its full name. */
+export const MONTH_NAMES = [
+    'January',
+    'February',
+    'March',
+    'April',
+    'May',
+    'June',
+    'July',
+    'August',
+    'September',
+    'October',
+    'November',
+    'December',
+]
+
+// ================
+// === DateTime ===
+// ================
+
+/** A string with date and time, following the RFC3339 specification. */
+export type Rfc3339DateTime = newtype.Newtype<string, 'Rfc3339DateTime'>
+/** Create a {@link Rfc3339DateTime}. */
+// This is a constructor function that constructs values of the type it is named after.
+// eslint-disable-next-line @typescript-eslint/no-redeclare
+export const Rfc3339DateTime = newtype.newtypeConstructor<Rfc3339DateTime>()
+
+/** Return a new {@link Date} with units below days (hours, minutes, seconds and milliseconds)
+ * set to `0`. */
+export function toDate(dateTime: Date) {
+    return new Date(dateTime.getFullYear(), dateTime.getMonth(), dateTime.getDate())
+}
+
+/** Format a {@link Date} into the preferred date format: `YYYY-MM-DD`. */
+export function formatDate(date: Date) {
+    const year = date.getFullYear()
+    const month = (date.getMonth() + 1).toString().padStart(2, '0')
+    const dayOfMonth = date.getDate().toString().padStart(2, '0')
+    return `${year}-${month}-${dayOfMonth}`
+}
+
+/** Format a {@link Date} into the preferred date-time format: `YYYY-MM-DD, hh:mm`. */
+export function formatDateTime(date: Date) {
+    const hour = date.getHours().toString().padStart(2, '0')
+    const minute = date.getMinutes().toString().padStart(2, '0')
+    return `${formatDate(date)}, ${hour}:${minute}`
+}
+
+/** Format a {@link Date} into the preferred chat-frienly format: `DD/MM/YYYY, hh:mm PM`. */
+export function formatDateTimeChatFriendly(date: Date) {
+    const year = date.getFullYear()
+    const month = (date.getMonth() + 1).toString().padStart(2, '0')
+    const dayOfMonth = date.getDate().toString().padStart(2, '0')
+    let hourRaw = date.getHours()
+    let amOrPm = 'AM'
+    if (hourRaw > HALF_DAY_HOURS) {
+        hourRaw -= HALF_DAY_HOURS
+        amOrPm = 'PM'
+    }
+    const hour = hourRaw.toString().padStart(2, '0')
+    const minute = date.getMinutes().toString().padStart(2, '0')
+    return `${dayOfMonth}/${month}/${year} ${hour}:${minute} ${amOrPm}`
+}
+
+/** Format a {@link Date} as a {@link Rfc3339DateTime}. */
+export function toRfc3339(date: Date) {
+    return Rfc3339DateTime(date.toISOString())
+}
diff --git a/app/ide-desktop/lib/common/src/utilities/data/newtype.ts b/app/ide-desktop/lib/common/src/utilities/data/newtype.ts
new file mode 100644
index 0000000000..512b67e153
--- /dev/null
+++ b/app/ide-desktop/lib/common/src/utilities/data/newtype.ts
@@ -0,0 +1,64 @@
+/** @file Emulates `newtype`s in TypeScript. */
+
+// ===============
+// === Newtype ===
+// ===============
+
+/** An interface specifying the variant of a newtype. */
+export interface NewtypeVariant<TypeName extends string> {
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    readonly _$type: TypeName
+}
+
+/** An interface specifying the variant of a newtype, where the discriminator is mutable.
+ * This is safe, as the discriminator should be a string literal type anyway. */
+// This is required for compatibility with the dependency `enso-chat`.
+// eslint-disable-next-line no-restricted-syntax
+export interface MutableNewtypeVariant<TypeName extends string> {
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    _$type: TypeName
+}
+
+/** Used to create a "branded type",
+ * which contains a property that only exists at compile time.
+ *
+ * `Newtype<string, 'A'>` and `Newtype<string, 'B'>` are not compatible with each other,
+ * however both are regular `string`s at runtime.
+ *
+ * This is useful in parameters that require values from a certain source,
+ * for example IDs for a specific object type.
+ *
+ * It is similar to a `newtype` in other languages.
+ * Note however because TypeScript is structurally typed,
+ * a branded type is assignable to its base type:
+ * `a: string = asNewtype<Newtype<string, 'Name'>>(b)` successfully typechecks. */
+export type Newtype<T, TypeName extends string> = NewtypeVariant<TypeName> & T
+
+/** Extracts the original type out of a {@link Newtype}.
+ * Its only use is in {@link newtypeConstructor}. */
+export type UnNewtype<T extends Newtype<unknown, string>> = T extends infer U &
+    NewtypeVariant<T['_$type']>
+    ? U extends infer V & MutableNewtypeVariant<T['_$type']>
+        ? V
+        : U
+    : NotNewtype & Omit<T, '_$type'>
+
+/** An interface that matches a type if and only if it is not a newtype. */
+export interface NotNewtype {
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    readonly _$type?: never
+}
+
+/** Converts a value that is not a newtype, to a value that is a newtype.
+ * This function intentionally returns another function, to ensure that each function instance
+ * is only used for one type, avoiding the de-optimization caused by polymorphic functions. */
+export function newtypeConstructor<T extends Newtype<unknown, string>>() {
+    // This cast is unsafe.
+    // `T` has an extra property `_$type` which is used purely for typechecking
+    // and does not exist at runtime.
+    //
+    // The property name is specifically chosen to trigger eslint's `naming-convention` lint,
+    // so it should not be possible to accidentally create a value with such a type.
+    // eslint-disable-next-line no-restricted-syntax
+    return (s: NotNewtype & UnNewtype<T>) => s as unknown as T
+}
diff --git a/app/ide-desktop/lib/common/src/utilities/permissions.ts b/app/ide-desktop/lib/common/src/utilities/permissions.ts
new file mode 100644
index 0000000000..92c39e300b
--- /dev/null
+++ b/app/ide-desktop/lib/common/src/utilities/permissions.ts
@@ -0,0 +1,248 @@
+/** @file Utilities for working with permissions. */
+import type * as text from 'enso-common/src/text'
+
+import type * as backend from '../services/Backend'
+
+// ========================
+// === PermissionAction ===
+// ========================
+
+/** Backend representation of user permission types. */
+export enum PermissionAction {
+    own = 'Own',
+    admin = 'Admin',
+    edit = 'Edit',
+    read = 'Read',
+    readAndDocs = 'Read_docs',
+    readAndExec = 'Read_exec',
+    view = 'View',
+    viewAndDocs = 'View_docs',
+    viewAndExec = 'View_exec',
+}
+
+/** Whether each {@link PermissionAction} can execute a project. */
+export const PERMISSION_ACTION_CAN_EXECUTE: Readonly<Record<PermissionAction, boolean>> = {
+    [PermissionAction.own]: true,
+    [PermissionAction.admin]: true,
+    [PermissionAction.edit]: true,
+    [PermissionAction.read]: false,
+    [PermissionAction.readAndDocs]: false,
+    [PermissionAction.readAndExec]: true,
+    [PermissionAction.view]: false,
+    [PermissionAction.viewAndDocs]: false,
+    [PermissionAction.viewAndExec]: true,
+}
+
+// ==================
+// === Permission ===
+// ==================
+
+/** Type of permission. This determines what kind of border is displayed. */
+export enum Permission {
+    owner = 'owner',
+    admin = 'admin',
+    edit = 'edit',
+    read = 'read',
+    view = 'view',
+    delete = 'delete',
+}
+
+/** CSS classes for each permission. */
+export const PERMISSION_CLASS_NAME: Readonly<Record<Permission, string>> = {
+    [Permission.owner]: 'text-tag-text bg-permission-owner',
+    [Permission.admin]: 'text-tag-text bg-permission-admin',
+    [Permission.edit]: 'text-tag-text bg-permission-edit',
+    [Permission.read]: 'text-tag-text bg-permission-read',
+    [Permission.view]: 'text-tag-text-2 bg-permission-view',
+    [Permission.delete]: 'text-tag-text bg-delete',
+}
+
+/** Precedences for each permission. A lower number means a higher priority. */
+export const PERMISSION_PRECEDENCE: Readonly<Record<Permission, number>> = {
+    // These are not magic numbers - they are just a sequence of numbers.
+    /* eslint-disable @typescript-eslint/no-magic-numbers */
+    [Permission.owner]: 0,
+    [Permission.admin]: 1,
+    [Permission.edit]: 2,
+    [Permission.read]: 3,
+    [Permission.view]: 4,
+    [Permission.delete]: 1000,
+    /* eslint-enable @typescript-eslint/no-magic-numbers */
+}
+
+/** Precedences for each permission action. A lower number means a higher priority. */
+export const PERMISSION_ACTION_PRECEDENCE: Readonly<Record<PermissionAction, number>> = {
+    // These are not magic numbers - they are just a sequence of numbers.
+    /* eslint-disable @typescript-eslint/no-magic-numbers */
+    [PermissionAction.own]: 0,
+    [PermissionAction.admin]: 1,
+    [PermissionAction.edit]: 2,
+    [PermissionAction.read]: 3,
+    [PermissionAction.readAndDocs]: 4,
+    [PermissionAction.readAndExec]: 5,
+    [PermissionAction.view]: 6,
+    [PermissionAction.viewAndDocs]: 7,
+    [PermissionAction.viewAndExec]: 8,
+    /* eslint-enable @typescript-eslint/no-magic-numbers */
+}
+
+/** CSS classes for the docs permission. */
+export const DOCS_CLASS_NAME = 'text-tag-text bg-permission-docs'
+/** CSS classes for the execute permission. */
+export const EXEC_CLASS_NAME = 'text-tag-text bg-permission-exec'
+
+/** The corresponding {@link Permissions} for each {@link PermissionAction}. */
+export const FROM_PERMISSION_ACTION: Readonly<Record<PermissionAction, Permissions>> = {
+    [PermissionAction.own]: { type: Permission.owner },
+    [PermissionAction.admin]: { type: Permission.admin },
+    [PermissionAction.edit]: { type: Permission.edit },
+    [PermissionAction.read]: {
+        type: Permission.read,
+        execute: false,
+        docs: false,
+    },
+    [PermissionAction.readAndDocs]: {
+        type: Permission.read,
+        execute: false,
+        docs: true,
+    },
+    [PermissionAction.readAndExec]: {
+        type: Permission.read,
+        execute: true,
+        docs: false,
+    },
+    [PermissionAction.view]: {
+        type: Permission.view,
+        execute: false,
+        docs: false,
+    },
+    [PermissionAction.viewAndDocs]: {
+        type: Permission.view,
+        execute: false,
+        docs: true,
+    },
+    [PermissionAction.viewAndExec]: {
+        type: Permission.view,
+        execute: true,
+        docs: false,
+    },
+}
+
+/** The corresponding {@link PermissionAction} for each {@link Permission}.
+ * Assumes no docs sub-permission and no execute sub-permission. */
+export const TYPE_TO_PERMISSION_ACTION: Readonly<Record<Permission, PermissionAction>> = {
+    [Permission.owner]: PermissionAction.own,
+    [Permission.admin]: PermissionAction.admin,
+    [Permission.edit]: PermissionAction.edit,
+    [Permission.read]: PermissionAction.read,
+    [Permission.view]: PermissionAction.view,
+    // Should never happen, but provide a fallback just in case.
+    [Permission.delete]: PermissionAction.view,
+}
+
+/** The corresponding {@link text.TextId} for each {@link Permission}.
+ * Assumes no docs sub-permission and no execute sub-permission. */
+export const TYPE_TO_TEXT_ID: Readonly<Record<Permission, text.TextId>> = {
+    [Permission.owner]: 'ownerPermissionType',
+    [Permission.admin]: 'adminPermissionType',
+    [Permission.edit]: 'editPermissionType',
+    [Permission.read]: 'readPermissionType',
+    [Permission.view]: 'viewPermissionType',
+    [Permission.delete]: 'deletePermissionType',
+} satisfies { [P in Permission]: `${P}PermissionType` }
+
+/** The equivalent backend `PermissionAction` for a `Permissions`. */
+export function toPermissionAction(permissions: Permissions): PermissionAction {
+    switch (permissions.type) {
+        case Permission.owner: {
+            return PermissionAction.own
+        }
+        case Permission.admin: {
+            return PermissionAction.admin
+        }
+        case Permission.edit: {
+            return PermissionAction.edit
+        }
+        case Permission.read: {
+            return permissions.execute
+                ? permissions.docs
+                    ? /* should never happen, but use a fallback value */
+                      PermissionAction.readAndExec
+                    : PermissionAction.readAndExec
+                : permissions.docs
+                  ? PermissionAction.readAndDocs
+                  : PermissionAction.read
+        }
+        case Permission.view: {
+            return permissions.execute
+                ? permissions.docs
+                    ? /* should never happen, but use a fallback value */
+                      PermissionAction.viewAndExec
+                    : PermissionAction.viewAndExec
+                : permissions.docs
+                  ? PermissionAction.viewAndDocs
+                  : PermissionAction.view
+        }
+    }
+}
+
+// ===================
+// === Permissions ===
+// ===================
+
+/** Properties common to all permissions. */
+interface BasePermissions<T extends Permission> {
+    readonly type: T
+}
+
+/** Owner permissions for an asset. */
+interface OwnerPermissions extends BasePermissions<Permission.owner> {}
+
+/** Admin permissions for an asset. */
+interface AdminPermissions extends BasePermissions<Permission.admin> {}
+
+/** Editor permissions for an asset. */
+interface EditPermissions extends BasePermissions<Permission.edit> {}
+
+/** Reader permissions for an asset. */
+interface ReadPermissions extends BasePermissions<Permission.read> {
+    readonly docs: boolean
+    readonly execute: boolean
+}
+
+/** Viewer permissions for an asset. */
+interface ViewPermissions extends BasePermissions<Permission.view> {
+    readonly docs: boolean
+    readonly execute: boolean
+}
+
+/** Detailed permission information. This is used to draw the border. */
+export type Permissions =
+    | AdminPermissions
+    | EditPermissions
+    | OwnerPermissions
+    | ReadPermissions
+    | ViewPermissions
+
+export const DEFAULT_PERMISSIONS: Permissions = Object.freeze({
+    type: Permission.view,
+    docs: false,
+    execute: false,
+})
+
+// ======================================
+// === tryGetSingletonOwnerPermission ===
+// ======================================
+
+/** Return an array containing the owner permission if `owner` is not `null`,
+ * else return an empty array (`[]`). */
+export function tryGetSingletonOwnerPermission(
+    owner: backend.User | null
+): backend.UserPermission[] {
+    if (owner != null) {
+        const { organizationId, userId, name, email } = owner
+        return [{ user: { organizationId, userId, name, email }, permission: PermissionAction.own }]
+    } else {
+        return []
+    }
+}
diff --git a/app/ide-desktop/lib/common/src/utilities/uniqueString.ts b/app/ide-desktop/lib/common/src/utilities/uniqueString.ts
new file mode 100644
index 0000000000..10e5a1bb65
--- /dev/null
+++ b/app/ide-desktop/lib/common/src/utilities/uniqueString.ts
@@ -0,0 +1,14 @@
+/** @file A function that generates a unique string. */
+
+// ====================
+// === uniqueString ===
+// ====================
+
+// This is initialized to an unusual number, to minimize the chances of collision.
+let counter = Number(new Date()) >>> 2
+
+/** Returns a new, mostly unique string. */
+export function uniqueString(): string {
+    counter += 1
+    return counter.toString()
+}
diff --git a/app/ide-desktop/lib/common/tsconfig.json b/app/ide-desktop/lib/common/tsconfig.json
index 3a319d3b29..ffb4957828 100644
--- a/app/ide-desktop/lib/common/tsconfig.json
+++ b/app/ide-desktop/lib/common/tsconfig.json
@@ -5,5 +5,5 @@
     "checkJs": false,
     "skipLibCheck": false
   },
-  "include": ["./src/", "../types/"]
+  "include": ["./src/", "./src/text/english.json", "../types/"]
 }
diff --git a/app/ide-desktop/lib/dashboard/src/components/MenuEntry.tsx b/app/ide-desktop/lib/dashboard/src/components/MenuEntry.tsx
index 2a4648dd38..4982412b26 100644
--- a/app/ide-desktop/lib/dashboard/src/components/MenuEntry.tsx
+++ b/app/ide-desktop/lib/dashboard/src/components/MenuEntry.tsx
@@ -3,8 +3,7 @@ import * as React from 'react'
 
 import BlankIcon from 'enso-assets/blank.svg'
 import * as detect from 'enso-common/src/detect'
-
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import type * as inputBindings from '#/configurations/inputBindings'
 
diff --git a/app/ide-desktop/lib/dashboard/src/components/Paywall/components/PaywallBulletPoints.tsx b/app/ide-desktop/lib/dashboard/src/components/Paywall/components/PaywallBulletPoints.tsx
index 2109a8dd09..ddcb70fdb6 100644
--- a/app/ide-desktop/lib/dashboard/src/components/Paywall/components/PaywallBulletPoints.tsx
+++ b/app/ide-desktop/lib/dashboard/src/components/Paywall/components/PaywallBulletPoints.tsx
@@ -8,8 +8,7 @@ import * as React from 'react'
 import * as tw from 'tailwind-merge'
 
 import Check from 'enso-assets/check_mark.svg'
-
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import * as textProvider from '#/providers/TextProvider'
 
diff --git a/app/ide-desktop/lib/dashboard/src/components/dashboard/KeyboardShortcut.tsx b/app/ide-desktop/lib/dashboard/src/components/dashboard/KeyboardShortcut.tsx
index 76f087f5d2..f440b5f192 100644
--- a/app/ide-desktop/lib/dashboard/src/components/dashboard/KeyboardShortcut.tsx
+++ b/app/ide-desktop/lib/dashboard/src/components/dashboard/KeyboardShortcut.tsx
@@ -7,8 +7,7 @@ import OptionKeyIcon from 'enso-assets/option_key.svg'
 import ShiftKeyIcon from 'enso-assets/shift_key.svg'
 import WindowsKeyIcon from 'enso-assets/windows_key.svg'
 import * as detect from 'enso-common/src/detect'
-
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import type * as dashboardInputBindings from '#/configurations/inputBindings'
 
diff --git a/app/ide-desktop/lib/dashboard/src/components/dashboard/Permission.tsx b/app/ide-desktop/lib/dashboard/src/components/dashboard/Permission.tsx
index 15a7941b49..450e2bcc5a 100644
--- a/app/ide-desktop/lib/dashboard/src/components/dashboard/Permission.tsx
+++ b/app/ide-desktop/lib/dashboard/src/components/dashboard/Permission.tsx
@@ -1,7 +1,7 @@
 /** @file Permissions for a specific user or user group on a specific asset. */
 import * as React from 'react'
 
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import * as backendHooks from '#/hooks/backendHooks'
 import * as toastAndLogHooks from '#/hooks/toastAndLogHooks'
diff --git a/app/ide-desktop/lib/dashboard/src/components/dashboard/column/columnUtils.ts b/app/ide-desktop/lib/dashboard/src/components/dashboard/column/columnUtils.ts
index 17baec8cd7..a3865d7527 100644
--- a/app/ide-desktop/lib/dashboard/src/components/dashboard/column/columnUtils.ts
+++ b/app/ide-desktop/lib/dashboard/src/components/dashboard/column/columnUtils.ts
@@ -6,8 +6,7 @@ import DocsIcon from 'enso-assets/docs.svg'
 import PeopleIcon from 'enso-assets/people.svg'
 import TagIcon from 'enso-assets/tag.svg'
 import TimeIcon from 'enso-assets/time.svg'
-
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import * as backend from '#/services/Backend'
 
diff --git a/app/ide-desktop/lib/dashboard/src/hooks/billing/FeaturesConfiguration.ts b/app/ide-desktop/lib/dashboard/src/hooks/billing/FeaturesConfiguration.ts
index b576875ec9..6c9028818e 100644
--- a/app/ide-desktop/lib/dashboard/src/hooks/billing/FeaturesConfiguration.ts
+++ b/app/ide-desktop/lib/dashboard/src/hooks/billing/FeaturesConfiguration.ts
@@ -4,7 +4,7 @@
  * Paywall configuration for different plans.
  */
 
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import * as backend from '#/services/Backend'
 
diff --git a/app/ide-desktop/lib/dashboard/src/hooks/toastAndLogHooks.ts b/app/ide-desktop/lib/dashboard/src/hooks/toastAndLogHooks.ts
index bff17836f1..702bc98474 100644
--- a/app/ide-desktop/lib/dashboard/src/hooks/toastAndLogHooks.ts
+++ b/app/ide-desktop/lib/dashboard/src/hooks/toastAndLogHooks.ts
@@ -3,7 +3,7 @@ import * as React from 'react'
 
 import * as toastify from 'react-toastify'
 
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import * as loggerProvider from '#/providers/LoggerProvider'
 import * as textProvider from '#/providers/TextProvider'
diff --git a/app/ide-desktop/lib/dashboard/src/layouts/CategorySwitcher.tsx b/app/ide-desktop/lib/dashboard/src/layouts/CategorySwitcher.tsx
index 8bfb3174bc..78b4af4f92 100644
--- a/app/ide-desktop/lib/dashboard/src/layouts/CategorySwitcher.tsx
+++ b/app/ide-desktop/lib/dashboard/src/layouts/CategorySwitcher.tsx
@@ -5,8 +5,7 @@ import CloudIcon from 'enso-assets/cloud.svg'
 import ComputerIcon from 'enso-assets/computer.svg'
 import RecentIcon from 'enso-assets/recent.svg'
 import Trash2Icon from 'enso-assets/trash2.svg'
-
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import * as mimeTypes from '#/data/mimeTypes'
 
diff --git a/app/ide-desktop/lib/dashboard/src/layouts/Settings/settingsData.tsx b/app/ide-desktop/lib/dashboard/src/layouts/Settings/settingsData.tsx
index 6188217b9d..7017437c92 100644
--- a/app/ide-desktop/lib/dashboard/src/layouts/Settings/settingsData.tsx
+++ b/app/ide-desktop/lib/dashboard/src/layouts/Settings/settingsData.tsx
@@ -9,8 +9,7 @@ import LogIcon from 'enso-assets/log.svg'
 import PeopleSettingsIcon from 'enso-assets/people_settings.svg'
 import PeopleIcon from 'enso-assets/people.svg'
 import SettingsIcon from 'enso-assets/settings.svg'
-
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import * as inputBindings from '#/configurations/inputBindings'
 
diff --git a/app/ide-desktop/lib/dashboard/src/layouts/TabBar.tsx b/app/ide-desktop/lib/dashboard/src/layouts/TabBar.tsx
index c5f64ab4fd..7821fd6f3e 100644
--- a/app/ide-desktop/lib/dashboard/src/layouts/TabBar.tsx
+++ b/app/ide-desktop/lib/dashboard/src/layouts/TabBar.tsx
@@ -4,7 +4,7 @@ import * as React from 'react'
 import * as reactQuery from '@tanstack/react-query'
 import invariant from 'tiny-invariant'
 
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import * as textProvider from '#/providers/TextProvider'
 
diff --git a/app/ide-desktop/lib/dashboard/src/modals/AboutModal.tsx b/app/ide-desktop/lib/dashboard/src/modals/AboutModal.tsx
index a9e69152b8..9d4a69e366 100644
--- a/app/ide-desktop/lib/dashboard/src/modals/AboutModal.tsx
+++ b/app/ide-desktop/lib/dashboard/src/modals/AboutModal.tsx
@@ -2,8 +2,7 @@
 import * as React from 'react'
 
 import LogoIcon from 'enso-assets/enso_logo.svg'
-
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import * as backendProvider from '#/providers/BackendProvider'
 import * as textProvider from '#/providers/TextProvider'
diff --git a/app/ide-desktop/lib/dashboard/src/pages/subscribe/Subscribe/components/Card.tsx b/app/ide-desktop/lib/dashboard/src/pages/subscribe/Subscribe/components/Card.tsx
index 62b87b3d2c..8df72f03d5 100644
--- a/app/ide-desktop/lib/dashboard/src/pages/subscribe/Subscribe/components/Card.tsx
+++ b/app/ide-desktop/lib/dashboard/src/pages/subscribe/Subscribe/components/Card.tsx
@@ -6,8 +6,7 @@
 import * as React from 'react'
 
 import Check from 'enso-assets/check_mark.svg'
-
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import * as textProvider from '#/providers/TextProvider'
 
diff --git a/app/ide-desktop/lib/dashboard/src/pages/subscribe/Subscribe/getComponentForPlan.tsx b/app/ide-desktop/lib/dashboard/src/pages/subscribe/Subscribe/getComponentForPlan.tsx
index c64ea73dce..eb8d810a35 100644
--- a/app/ide-desktop/lib/dashboard/src/pages/subscribe/Subscribe/getComponentForPlan.tsx
+++ b/app/ide-desktop/lib/dashboard/src/pages/subscribe/Subscribe/getComponentForPlan.tsx
@@ -6,9 +6,9 @@
 import * as React from 'react'
 
 import OpenInNewTabIcon from 'enso-assets/open.svg'
+import type * as text from 'enso-common/src/text'
 
 import * as appUtils from '#/appUtils'
-import type * as text from '#/text'
 
 import * as textProvider from '#/providers/TextProvider'
 
diff --git a/app/ide-desktop/lib/dashboard/src/pages/subscribe/constants.ts b/app/ide-desktop/lib/dashboard/src/pages/subscribe/constants.ts
index 453883bc85..556b2a957e 100644
--- a/app/ide-desktop/lib/dashboard/src/pages/subscribe/constants.ts
+++ b/app/ide-desktop/lib/dashboard/src/pages/subscribe/constants.ts
@@ -1,7 +1,7 @@
 /**
  * @file Constants for the subscribe page.
  */
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import * as backendModule from '#/services/Backend'
 
diff --git a/app/ide-desktop/lib/dashboard/src/providers/TextProvider.tsx b/app/ide-desktop/lib/dashboard/src/providers/TextProvider.tsx
index 62723d2e36..8718b3a152 100644
--- a/app/ide-desktop/lib/dashboard/src/providers/TextProvider.tsx
+++ b/app/ide-desktop/lib/dashboard/src/providers/TextProvider.tsx
@@ -2,7 +2,7 @@
  * React context. */
 import * as React from 'react'
 
-import * as text from '#/text'
+import * as text from 'enso-common/src/text'
 
 import * as object from '#/utilities/object'
 
diff --git a/app/ide-desktop/lib/dashboard/src/services/Backend.ts b/app/ide-desktop/lib/dashboard/src/services/Backend.ts
index a142357589..a2b3a6afee 100644
--- a/app/ide-desktop/lib/dashboard/src/services/Backend.ts
+++ b/app/ide-desktop/lib/dashboard/src/services/Backend.ts
@@ -1,1474 +1,4 @@
 /** @file Type definitions common between all backends. */
-import type * as React from 'react'
 
-import * as array from '#/utilities/array'
-import * as dateTime from '#/utilities/dateTime'
-import * as newtype from '#/utilities/newtype'
-import * as permissions from '#/utilities/permissions'
-import * as uniqueString from '#/utilities/uniqueString'
-
-// ================
-// === Newtypes ===
-// ================
-
-// These are constructor functions that construct values of the type they are named after.
-/* eslint-disable @typescript-eslint/no-redeclare */
-
-/** Unique identifier for an organization. */
-export type OrganizationId = newtype.Newtype<string, 'OrganizationId'>
-export const OrganizationId = newtype.newtypeConstructor<OrganizationId>()
-
-/** Unique identifier for a user in an organization. */
-export type UserId = newtype.Newtype<string, 'UserId'>
-export const UserId = newtype.newtypeConstructor<UserId>()
-
-/** Unique identifier for a user group. */
-export type UserGroupId = newtype.Newtype<string, 'UserGroupId'>
-export const UserGroupId = newtype.newtypeConstructor<UserGroupId>()
-
-/** Unique identifier for a directory. */
-export type DirectoryId = newtype.Newtype<string, 'DirectoryId'>
-export const DirectoryId = newtype.newtypeConstructor<DirectoryId>()
-
-/** Unique identifier for an asset representing the items inside a directory for which the
- * request to retrive the items has not yet completed. */
-export type LoadingAssetId = newtype.Newtype<string, 'LoadingAssetId'>
-export const LoadingAssetId = newtype.newtypeConstructor<LoadingAssetId>()
-
-/** Unique identifier for an asset representing the nonexistent children of an empty directory. */
-export type EmptyAssetId = newtype.Newtype<string, 'EmptyAssetId'>
-export const EmptyAssetId = newtype.newtypeConstructor<EmptyAssetId>()
-
-/** Unique identifier for a user's project. */
-export type ProjectId = newtype.Newtype<string, 'ProjectId'>
-export const ProjectId = newtype.newtypeConstructor<ProjectId>()
-
-/** Unique identifier for an uploaded file. */
-export type FileId = newtype.Newtype<string, 'FileId'>
-export const FileId = newtype.newtypeConstructor<FileId>()
-
-/** Unique identifier for a secret environment variable. */
-export type SecretId = newtype.Newtype<string, 'SecretId'>
-export const SecretId = newtype.newtypeConstructor<SecretId>()
-
-/** Unique identifier for a project session. */
-export type ProjectSessionId = newtype.Newtype<string, 'ProjectSessionId'>
-export const ProjectSessionId = newtype.newtypeConstructor<ProjectSessionId>()
-
-/** Unique identifier for a Datalink. */
-export type DatalinkId = newtype.Newtype<string, 'DatalinkId'>
-export const DatalinkId = newtype.newtypeConstructor<DatalinkId>()
-
-/** Unique identifier for a version of an S3 object. */
-export type S3ObjectVersionId = newtype.Newtype<string, 'S3ObjectVersionId'>
-export const S3ObjectVersionId = newtype.newtypeConstructor<S3ObjectVersionId>()
-
-/** Unique identifier for an arbitrary asset. */
-export type AssetId = IdType[keyof IdType]
-
-/** Unique identifier for a payment checkout session. */
-export type CheckoutSessionId = newtype.Newtype<string, 'CheckoutSessionId'>
-export const CheckoutSessionId = newtype.newtypeConstructor<CheckoutSessionId>()
-
-/**
- * Unique identifier for a subscription.
- */
-export type SubscriptionId = newtype.Newtype<string, 'SubscriptionId'>
-export const SubscriptionId = newtype.newtypeConstructor<SubscriptionId>()
-
-/** The name of an asset label. */
-export type LabelName = newtype.Newtype<string, 'LabelName'>
-export const LabelName = newtype.newtypeConstructor<LabelName>()
-
-/** Unique identifier for a label. */
-export type TagId = newtype.Newtype<string, 'TagId'>
-export const TagId = newtype.newtypeConstructor<TagId>()
-
-/** A URL. */
-export type Address = newtype.Newtype<string, 'Address'>
-export const Address = newtype.newtypeConstructor<Address>()
-
-/** A HTTPS URL. */
-export type HttpsUrl = newtype.Newtype<string, 'HttpsUrl'>
-export const HttpsUrl = newtype.newtypeConstructor<HttpsUrl>()
-
-/** An email address. */
-export type EmailAddress = newtype.Newtype<string, 'EmailAddress'>
-export const EmailAddress = newtype.newtypeConstructor<EmailAddress>()
-
-/** An AWS S3 file path. */
-export type S3FilePath = newtype.Newtype<string, 'S3FilePath'>
-export const S3FilePath = newtype.newtypeConstructor<S3FilePath>()
-
-/** An AWS machine configuration. */
-export type Ami = newtype.Newtype<string, 'Ami'>
-export const Ami = newtype.newtypeConstructor<Ami>()
-
-/** An identifier for an entity with an {@link AssetPermission} for an {@link Asset}. */
-export type UserPermissionIdentifier = UserGroupId | UserId
-
-/** An filesystem path. Only present on the local backend. */
-export type Path = newtype.Newtype<string, 'Path'>
-export const Path = newtype.newtypeConstructor<Path>()
-
-/* eslint-enable @typescript-eslint/no-redeclare */
-
-/** Whether a given {@link string} is an {@link UserId}. */
-export function isUserId(id: string): id is UserId {
-  return id.startsWith('user-')
-}
-
-/** Whether a given {@link string} is an {@link UserGroupId}. */
-export function isUserGroupId(id: string): id is UserGroupId {
-  return id.startsWith('usergroup-')
-}
-
-const PLACEHOLDER_USER_GROUP_PREFIX = 'usergroup-placeholder-'
-
-/** Whether a given {@link UserGroupId} represents a user group that does not yet exist on the
- * server. */
-export function isPlaceholderUserGroupId(id: string) {
-  return id.startsWith(PLACEHOLDER_USER_GROUP_PREFIX)
-}
-
-/** Return a new {@link UserGroupId} that represents a placeholder user group that is yet to finish
- * being created on the backend. */
-export function newPlaceholderUserGroupId() {
-  return UserGroupId(`${PLACEHOLDER_USER_GROUP_PREFIX}${uniqueString.uniqueString()}`)
-}
-
-// =============
-// === Types ===
-// =============
-
-/** The {@link Backend} variant. If a new variant is created, it should be added to this enum. */
-export enum BackendType {
-  local = 'local',
-  remote = 'remote',
-}
-
-/** Metadata uniquely identifying a user inside an organization. */
-export interface UserInfo {
-  /** The ID of the parent organization. If this is a sole user, they are implicitly in an
-   * organization consisting of only themselves. */
-  readonly organizationId: OrganizationId
-  /** The name of the parent organization. */
-  readonly organizationName?: string
-  /** The ID of this user.
-   *
-   * The user ID is globally unique. Thus, the user ID is always sufficient to uniquely identify a
-   * user. The user ID is guaranteed to never change, once assigned. For these reasons, the user ID
-   * should be the preferred way to uniquely refer to a user. That is, when referring to a user,
-   * prefer this field over `name`, `email`, `subject`, or any other mechanism, where possible. */
-  readonly userId: UserId
-  readonly name: string
-  readonly email: EmailAddress
-}
-
-/** A user in the application. These are the primary owners of a project. */
-export interface User extends UserInfo {
-  /** If `false`, this account is awaiting acceptance from an administrator, and endpoints other than
-   * `usersMe` will not work. */
-  readonly isEnabled: boolean
-  readonly rootDirectoryId: DirectoryId
-  readonly profilePicture?: HttpsUrl
-  readonly userGroups: readonly UserGroupId[] | null
-  readonly removeAt?: dateTime.Rfc3339DateTime | null
-  readonly plan?: Plan | undefined
-}
-
-/** A `Directory` returned by `createDirectory`. */
-export interface CreatedDirectory {
-  readonly id: DirectoryId
-  readonly parentId: DirectoryId
-  readonly title: string
-}
-
-/** Possible states that a project can be in. */
-export enum ProjectState {
-  created = 'Created',
-  new = 'New',
-  scheduled = 'Scheduled',
-  openInProgress = 'OpenInProgress',
-  provisioned = 'Provisioned',
-  opened = 'Opened',
-  closed = 'Closed',
-  /** A frontend-specific state, representing a project that should be displayed as
-   * `openInProgress`, but has not yet been added to the backend. */
-  placeholder = 'Placeholder',
-  /** A frontend-specific state, representing a project that should be displayed as `closed`,
-   * but is still in the process of shutting down. */
-  closing = 'Closing',
-}
-
-/** Wrapper around a project state value. */
-export interface ProjectStateType {
-  readonly type: ProjectState
-  readonly volumeId: string
-  readonly instanceId?: string
-  readonly executeAsync?: boolean
-  readonly address?: string
-  readonly securityGroupId?: string
-  readonly ec2Id?: string
-  readonly ec2PublicIpAddress?: string
-  readonly currentSessionId?: string
-  readonly openedBy?: EmailAddress
-  /** Only present on the Local backend. */
-  readonly path?: Path
-}
-
-export const IS_OPENING: Readonly<Record<ProjectState, boolean>> = {
-  [ProjectState.created]: false,
-  [ProjectState.new]: false,
-  [ProjectState.scheduled]: true,
-  [ProjectState.openInProgress]: true,
-  [ProjectState.provisioned]: true,
-  [ProjectState.opened]: false,
-  [ProjectState.closed]: false,
-  [ProjectState.placeholder]: true,
-  [ProjectState.closing]: false,
-}
-
-export const IS_OPENING_OR_OPENED: Readonly<Record<ProjectState, boolean>> = {
-  [ProjectState.created]: false,
-  [ProjectState.new]: false,
-  [ProjectState.scheduled]: true,
-  [ProjectState.openInProgress]: true,
-  [ProjectState.provisioned]: true,
-  [ProjectState.opened]: true,
-  [ProjectState.closed]: false,
-  [ProjectState.placeholder]: true,
-  [ProjectState.closing]: false,
-}
-
-/** Common `Project` fields returned by all `Project`-related endpoints. */
-export interface BaseProject {
-  readonly organizationId: string
-  readonly projectId: ProjectId
-  readonly name: string
-}
-
-/** A `Project` returned by `createProject`. */
-export interface CreatedProject extends BaseProject {
-  readonly state: ProjectStateType
-  readonly packageName: string
-}
-
-/** A `Project` returned by the `listProjects` endpoint. */
-export interface ListedProjectRaw extends CreatedProject {
-  readonly address?: Address
-}
-
-/** A `Project` returned by `listProjects`. */
-export interface ListedProject extends CreatedProject {
-  readonly binaryAddress: Address | null
-  readonly jsonAddress: Address | null
-}
-
-/** A `Project` returned by `updateProject`. */
-export interface UpdatedProject extends BaseProject {
-  readonly ami: Ami | null
-  readonly ideVersion: VersionNumber | null
-  readonly engineVersion: VersionNumber | null
-}
-
-/** A user/organization's project containing and/or currently executing code. */
-export interface ProjectRaw extends ListedProjectRaw {
-  // eslint-disable-next-line @typescript-eslint/naming-convention
-  readonly ide_version: VersionNumber | null
-  // eslint-disable-next-line @typescript-eslint/naming-convention
-  readonly engine_version: VersionNumber | null
-}
-
-/** A user/organization's project containing and/or currently executing code. */
-export interface Project extends ListedProject {
-  readonly ideVersion: VersionNumber | null
-  readonly engineVersion: VersionNumber | null
-  readonly openedBy?: EmailAddress
-  /** On the Remote (Cloud) Backend, this is a S3 url that is valid for only 120 seconds. */
-  readonly url?: HttpsUrl
-}
-
-/** A user/organization's project containing and/or currently executing code. */
-export interface BackendProject extends Project {
-  /** This must not be null as it is required to determine the base URL for backend assets. */
-  readonly ideVersion: VersionNumber
-}
-
-/** Information required to open a project. */
-export interface ProjectStartupInfo {
-  readonly project: Promise<Project>
-  readonly projectAsset: ProjectAsset
-  // This MUST BE optional because it is lost when `JSON.stringify`ing to put in `localStorage`.
-  readonly setProjectAsset?: React.Dispatch<React.SetStateAction<ProjectAsset>>
-  readonly backendType: BackendType
-  readonly accessToken: string | null
-}
-
-/** A specific session of a project being opened and used. */
-export interface ProjectSession {
-  readonly projectId: ProjectId
-  readonly projectSessionId: ProjectSessionId
-  readonly createdAt: dateTime.Rfc3339DateTime
-  readonly closedAt?: dateTime.Rfc3339DateTime
-  readonly userEmail: EmailAddress
-}
-
-/** Metadata describing the location of an uploaded file. */
-export interface FileLocator {
-  readonly fileId: FileId
-  readonly fileName: string | null
-  readonly path: S3FilePath
-}
-
-/** Metadata uniquely identifying an uploaded file. */
-export interface FileInfo {
-  /* TODO: Should potentially be S3FilePath,
-   * but it's just string on the backend. */
-  readonly path: string
-  readonly id: FileId
-  readonly project: CreatedProject | null
-}
-
-/** Metadata for a file. */
-export interface FileMetadata {
-  readonly size: number
-}
-
-/** All metadata related to a file. */
-export interface FileDetails {
-  readonly file: FileLocator
-  readonly metadata: FileMetadata
-  /** On the Remote (Cloud) Backend, this is a S3 url that is valid for only 120 seconds. */
-  readonly url?: string
-}
-
-/** A secret environment variable. */
-export interface Secret {
-  readonly id: SecretId
-  readonly value: string
-}
-
-/** A secret environment variable and metadata uniquely identifying it. */
-export interface SecretAndInfo {
-  readonly id: SecretId
-  readonly name: string
-  readonly value: string
-}
-
-/** Metadata uniquely identifying a secret environment variable. */
-export interface SecretInfo {
-  readonly name: string
-  readonly id: SecretId
-  readonly path: string
-}
-
-/** A Datalink. */
-export type Datalink = newtype.Newtype<unknown, 'Datalink'>
-
-/** Metadata uniquely identifying a Datalink. */
-export interface DatalinkInfo {
-  readonly id: DatalinkId
-}
-
-/** A label. */
-export interface Label {
-  readonly id: TagId
-  readonly value: LabelName
-  readonly color: LChColor
-}
-
-/** Type of application that a {@link Version} applies to.
- *
- * We keep track of both backend and IDE versions, so that we can update the two independently.
- * However the format of the version numbers is the same for both, so we can use the same type for
- * both. We just need this enum to disambiguate. */
-export enum VersionType {
-  backend = 'Backend',
-  ide = 'Ide',
-}
-
-/** Stability of an IDE or backend version. */
-export enum VersionLifecycle {
-  stable = 'Stable',
-  releaseCandidate = 'ReleaseCandidate',
-  nightly = 'Nightly',
-  development = 'Development',
-}
-
-/** Version number of an IDE or backend. */
-export interface VersionNumber {
-  readonly value: string
-  readonly lifecycle: VersionLifecycle
-}
-
-/** A version describing a release of the backend or IDE. */
-export interface Version {
-  readonly number: VersionNumber
-  readonly ami: Ami | null
-  readonly created: dateTime.Rfc3339DateTime
-  // This does not follow our naming convention because it's defined this way in the backend,
-  // so we need to match it.
-  // eslint-disable-next-line @typescript-eslint/naming-convention
-  readonly version_type: VersionType
-}
-
-/** Credentials that need to be passed to libraries to give them access to the Cloud API. */
-export interface CognitoCredentials {
-  readonly accessToken: string
-  readonly refreshToken: string
-  readonly refreshUrl: string
-  readonly clientId: string
-  readonly expireAt: dateTime.Rfc3339DateTime
-}
-
-/** Subscription plans. */
-export enum Plan {
-  solo = 'solo',
-  team = 'team',
-  enterprise = 'enterprise',
-}
-
-export const PLANS = Object.values(Plan)
-
-// This is a function, even though it does not look like one.
-// eslint-disable-next-line no-restricted-syntax
-export const isPlan = array.includesPredicate(PLANS)
-
-/** Metadata uniquely describing a payment checkout session. */
-export interface CheckoutSession {
-  /** ID of the checkout session, suffixed with a secret value. */
-  readonly clientSecret: string
-  /** ID of the checkout session. */
-  readonly id: CheckoutSessionId
-}
-
-/** Metadata describing the status of a payment checkout session. */
-export interface CheckoutSessionStatus {
-  /** Status of the payment for the checkout session. */
-  readonly paymentStatus: string
-  /** Status of the checkout session. */
-  readonly status: string
-}
-
-/** Resource usage of a VM. */
-export interface ResourceUsage {
-  /** Percentage of memory used. */
-  readonly memory: number
-  /** Percentage of CPU time used since boot. */
-  readonly cpu: number
-  /** Percentage of disk space used. */
-  readonly storage: number
-}
-
-/**
- * Metadata for a subscription.
- */
-export interface Subscription {
-  readonly id?: SubscriptionId
-  readonly plan?: Plan
-  readonly trialStart?: dateTime.Rfc3339DateTime | null
-  readonly trialEnd?: dateTime.Rfc3339DateTime | null
-}
-
-/** Metadata for an organization. */
-export interface OrganizationInfo {
-  readonly id: OrganizationId
-  readonly name: string | null
-  readonly email: EmailAddress | null
-  readonly website: HttpsUrl | null
-  readonly address: string | null
-  readonly picture: HttpsUrl | null
-  readonly subscription: Subscription
-}
-
-/** A user group and its associated metadata. */
-export interface UserGroupInfo {
-  readonly organizationId: OrganizationId
-  readonly id: UserGroupId
-  readonly groupName: string
-}
-
-/** User permission for a specific user. */
-export interface UserPermission {
-  readonly user: UserInfo
-  readonly permission: permissions.PermissionAction
-}
-
-/** User permission for a specific user group. */
-export interface UserGroupPermission {
-  readonly userGroup: UserGroupInfo
-  readonly permission: permissions.PermissionAction
-}
-
-/** User permission for a specific user or user group. */
-export type AssetPermission = UserGroupPermission | UserPermission
-
-/** Whether an {@link AssetPermission} is a {@link UserPermission}. */
-export function isUserPermission(permission: AssetPermission): permission is UserPermission {
-  return 'user' in permission
-}
-
-/** Whether an {@link AssetPermission} is a {@link UserPermission} with an additional predicate. */
-export function isUserPermissionAnd(predicate: (permission: UserPermission) => boolean) {
-  return (permission: AssetPermission): permission is UserPermission =>
-    isUserPermission(permission) && predicate(permission)
-}
-
-/** Whether an {@link AssetPermission} is a {@link UserGroupPermission}. */
-export function isUserGroupPermission(
-  permission: AssetPermission
-): permission is UserGroupPermission {
-  return 'userGroup' in permission
-}
-
-/** Whether an {@link AssetPermission} is a {@link UserGroupPermission} with an additional predicate. */
-export function isUserGroupPermissionAnd(predicate: (permission: UserGroupPermission) => boolean) {
-  return (permission: AssetPermission): permission is UserGroupPermission =>
-    isUserGroupPermission(permission) && predicate(permission)
-}
-
-/** Get the property representing the name on an arbitrary variant of {@link UserPermission}. */
-export function getAssetPermissionName(permission: AssetPermission) {
-  return isUserPermission(permission) ? permission.user.name : permission.userGroup.groupName
-}
-
-/** Get the property representing the id on an arbitrary variant of {@link UserPermission}. */
-export function getAssetPermissionId(permission: AssetPermission): UserPermissionIdentifier {
-  return isUserPermission(permission) ? permission.user.userId : permission.userGroup.id
-}
-
-/** The type returned from the "update directory" endpoint. */
-export interface UpdatedDirectory {
-  readonly id: DirectoryId
-  readonly parentId: DirectoryId
-  readonly title: string
-}
-
-/** The type returned from the "create directory" endpoint. */
-export interface Directory extends DirectoryAsset {}
-
-/** The subset of asset fields returned by the "copy asset" endpoint. */
-export interface CopiedAsset {
-  readonly id: AssetId
-  readonly parentId: DirectoryId
-  readonly title: string
-}
-
-/** The type returned from the "copy asset" endpoint. */
-export interface CopyAssetResponse {
-  readonly asset: CopiedAsset
-}
-
-/** Possible filters for the "list directory" endpoint. */
-export enum FilterBy {
-  all = 'All',
-  active = 'Active',
-  recent = 'Recent',
-  trashed = 'Trashed',
-}
-
-/** An event in an audit log. */
-export interface Event {
-  readonly organizationId: OrganizationId
-  readonly userEmail: EmailAddress
-  readonly timestamp: dateTime.Rfc3339DateTime | null
-  // Called `EventKind` in the backend.
-  readonly metadata: EventMetadata
-}
-
-/** Possible types of event in an audit log. */
-export enum EventType {
-  GetSecret = 'getSecret',
-  DeleteAssets = 'deleteAssets',
-  ListSecrets = 'listSecrets',
-  OpenProject = 'openProject',
-  UploadFile = 'uploadFile',
-}
-
-export const EVENT_TYPES = Object.freeze(Object.values(EventType))
-
-/** An event indicating that a secret was accessed. */
-interface GetSecretEventMetadata {
-  readonly type: EventType.GetSecret
-  readonly secretId: SecretId
-}
-
-/** An event indicating that one or more assets were deleted. */
-interface DeleteAssetsEventMetadata {
-  readonly type: EventType.DeleteAssets
-}
-
-/** An event indicating that all secrets were listed. */
-interface ListSecretsEventMetadata {
-  readonly type: EventType.ListSecrets
-}
-
-/** An event indicating that a project was opened. */
-interface OpenProjectEventMetadata {
-  readonly type: EventType.OpenProject
-}
-
-/** An event indicating that a file was uploaded. */
-interface UploadFileEventMetadata {
-  readonly type: EventType.UploadFile
-}
-
-/** All possible types of metadata for an event in the audit log. */
-export type EventMetadata =
-  | DeleteAssetsEventMetadata
-  | GetSecretEventMetadata
-  | ListSecretsEventMetadata
-  | OpenProjectEventMetadata
-  | UploadFileEventMetadata
-
-/** A color in the LCh colorspace. */
-export interface LChColor {
-  readonly lightness: number
-  readonly chroma: number
-  readonly hue: number
-  readonly alpha?: number
-}
-
-/** A pre-selected list of colors to be used in color pickers. */
-export const COLORS: readonly [LChColor, ...LChColor[]] = [
-  /* eslint-disable @typescript-eslint/no-magic-numbers */
-  // Red
-  { lightness: 50, chroma: 66, hue: 7 },
-  // Orange
-  { lightness: 50, chroma: 66, hue: 34 },
-  // Yellow
-  { lightness: 50, chroma: 66, hue: 80 },
-  // Turquoise
-  { lightness: 50, chroma: 66, hue: 139 },
-  // Teal
-  { lightness: 50, chroma: 66, hue: 172 },
-  // Blue
-  { lightness: 50, chroma: 66, hue: 271 },
-  // Lavender
-  { lightness: 50, chroma: 66, hue: 295 },
-  // Pink
-  { lightness: 50, chroma: 66, hue: 332 },
-  // Light blue
-  { lightness: 50, chroma: 22, hue: 252 },
-  // Dark blue
-  { lightness: 22, chroma: 13, hue: 252 },
-  /* eslint-enable @typescript-eslint/no-magic-numbers */
-]
-
-/** Converts a {@link LChColor} to a CSS color string. */
-export function lChColorToCssColor(color: LChColor): string {
-  const alpha = 'alpha' in color ? ` / ${color.alpha}` : ''
-  return `lch(${color.lightness}% ${color.chroma} ${color.hue}${alpha})`
-}
-
-export const COLOR_STRING_TO_COLOR = new Map(
-  COLORS.map(color => [lChColorToCssColor(color), color])
-)
-
-export const INITIAL_COLOR_COUNTS = new Map(COLORS.map(color => [lChColorToCssColor(color), 0]))
-
-/** The color that is used for the least labels. Ties are broken by order. */
-export function leastUsedColor(labels: Iterable<Label>) {
-  const colorCounts = new Map(INITIAL_COLOR_COUNTS)
-  for (const label of labels) {
-    const colorString = lChColorToCssColor(label.color)
-    colorCounts.set(colorString, (colorCounts.get(colorString) ?? 0) + 1)
-  }
-  const min = Math.min(...colorCounts.values())
-  const [minColor] = [...colorCounts.entries()].find(kv => kv[1] === min) ?? []
-  return minColor == null ? COLORS[0] : COLOR_STRING_TO_COLOR.get(minColor) ?? COLORS[0]
-}
-
-// =================
-// === AssetType ===
-// =================
-
-/** All possible types of directory entries. */
-export enum AssetType {
-  project = 'project',
-  file = 'file',
-  secret = 'secret',
-  datalink = 'datalink',
-  directory = 'directory',
-  /** A special {@link AssetType} representing the unknown items of a directory, before the
-   * request to retrieve the items completes. */
-  specialLoading = 'specialLoading',
-  /** A special {@link AssetType} representing the sole child of an empty directory. */
-  specialEmpty = 'specialEmpty',
-}
-
-/** The corresponding ID newtype for each {@link AssetType}. */
-export interface IdType {
-  readonly [AssetType.project]: ProjectId
-  readonly [AssetType.file]: FileId
-  readonly [AssetType.datalink]: DatalinkId
-  readonly [AssetType.secret]: SecretId
-  readonly [AssetType.directory]: DirectoryId
-  readonly [AssetType.specialLoading]: LoadingAssetId
-  readonly [AssetType.specialEmpty]: EmptyAssetId
-}
-
-/** Integers (starting from 0) corresponding to the order in which each asset type should appear
- * in a directory listing. */
-export const ASSET_TYPE_ORDER: Readonly<Record<AssetType, number>> = {
-  // This is a sequence of numbers, not magic numbers. `999` and `1000` are arbitrary numbers
-  // that are higher than the number of possible asset types.
-  /* eslint-disable @typescript-eslint/no-magic-numbers */
-  [AssetType.directory]: 0,
-  [AssetType.project]: 1,
-  [AssetType.file]: 2,
-  [AssetType.datalink]: 3,
-  [AssetType.secret]: 4,
-  [AssetType.specialLoading]: 999,
-  [AssetType.specialEmpty]: 1000,
-  /* eslint-enable @typescript-eslint/no-magic-numbers */
-}
-
-// =============
-// === Asset ===
-// =============
-
-/** Metadata uniquely identifying a directory entry.
- * These can be Projects, Files, Secrets, or other directories. */
-export interface BaseAsset {
-  readonly id: AssetId
-  readonly title: string
-  readonly modifiedAt: dateTime.Rfc3339DateTime
-  /** This is defined as a generic {@link AssetId} in the backend, however it is more convenient
-   * (and currently safe) to assume it is always a {@link DirectoryId}. */
-  readonly parentId: DirectoryId
-  readonly permissions: AssetPermission[] | null
-  readonly labels: LabelName[] | null
-  readonly description: string | null
-}
-
-/** Metadata uniquely identifying a directory entry.
- * These can be Projects, Files, Secrets, or other directories. */
-export interface Asset<Type extends AssetType = AssetType> extends BaseAsset {
-  readonly type: Type
-  readonly id: IdType[Type]
-  readonly projectState: Type extends AssetType.project ? ProjectStateType : null
-}
-
-/** A convenience alias for {@link Asset}<{@link AssetType.directory}>. */
-export interface DirectoryAsset extends Asset<AssetType.directory> {}
-
-/** A convenience alias for {@link Asset}<{@link AssetType.project}>. */
-export interface ProjectAsset extends Asset<AssetType.project> {}
-
-/** A convenience alias for {@link Asset}<{@link AssetType.file}>. */
-export interface FileAsset extends Asset<AssetType.file> {}
-
-/** A convenience alias for {@link Asset}<{@link AssetType.datalink}>. */
-export interface DatalinkAsset extends Asset<AssetType.datalink> {}
-
-/** A convenience alias for {@link Asset}<{@link AssetType.secret}>. */
-export interface SecretAsset extends Asset<AssetType.secret> {}
-
-/** A convenience alias for {@link Asset}<{@link AssetType.specialLoading}>. */
-export interface SpecialLoadingAsset extends Asset<AssetType.specialLoading> {}
-
-/** A convenience alias for {@link Asset}<{@link AssetType.specialEmpty}>. */
-export interface SpecialEmptyAsset extends Asset<AssetType.specialEmpty> {}
-
-/** Creates a {@link DirectoryAsset} representing the root directory for the organization,
- * with all irrelevant fields initialized to default values. */
-export function createRootDirectoryAsset(directoryId: DirectoryId): DirectoryAsset {
-  return {
-    type: AssetType.directory,
-    title: '(root)',
-    id: directoryId,
-    modifiedAt: dateTime.toRfc3339(new Date()),
-    parentId: DirectoryId(''),
-    permissions: [],
-    projectState: null,
-    labels: [],
-    description: null,
-  }
-}
-
-/** Creates a {@link FileAsset} using the given values. */
-export function createPlaceholderFileAsset(
-  title: string,
-  parentId: DirectoryId,
-  assetPermissions: AssetPermission[]
-): FileAsset {
-  return {
-    type: AssetType.file,
-    id: FileId(uniqueString.uniqueString()),
-    title,
-    parentId,
-    permissions: assetPermissions,
-    modifiedAt: dateTime.toRfc3339(new Date()),
-    projectState: null,
-    labels: [],
-    description: null,
-  }
-}
-
-/** Creates a {@link ProjectAsset} using the given values. */
-export function createPlaceholderProjectAsset(
-  title: string,
-  parentId: DirectoryId,
-  assetPermissions: AssetPermission[],
-  organization: User | null,
-  path: Path | null
-): ProjectAsset {
-  return {
-    type: AssetType.project,
-    id: ProjectId(uniqueString.uniqueString()),
-    title,
-    parentId,
-    permissions: assetPermissions,
-    modifiedAt: dateTime.toRfc3339(new Date()),
-    projectState: {
-      type: ProjectState.new,
-      volumeId: '',
-      ...(organization != null ? { openedBy: organization.email } : {}),
-      ...(path != null ? { path } : {}),
-    },
-    labels: [],
-    description: null,
-  }
-}
-
-/** Creates a {@link SpecialLoadingAsset}, with all irrelevant fields initialized to default
- * values. */
-export function createSpecialLoadingAsset(directoryId: DirectoryId): SpecialLoadingAsset {
-  return {
-    type: AssetType.specialLoading,
-    title: '',
-    id: LoadingAssetId(uniqueString.uniqueString()),
-    modifiedAt: dateTime.toRfc3339(new Date()),
-    parentId: directoryId,
-    permissions: [],
-    projectState: null,
-    labels: [],
-    description: null,
-  }
-}
-
-/** Creates a {@link SpecialEmptyAsset}, with all irrelevant fields initialized to default
- * values. */
-export function createSpecialEmptyAsset(directoryId: DirectoryId): SpecialEmptyAsset {
-  return {
-    type: AssetType.specialEmpty,
-    title: '',
-    id: EmptyAssetId(uniqueString.uniqueString()),
-    modifiedAt: dateTime.toRfc3339(new Date()),
-    parentId: directoryId,
-    permissions: [],
-    projectState: null,
-    labels: [],
-    description: null,
-  }
-}
-
-/** Any object with a `type` field matching the given `AssetType`. */
-interface HasType<Type extends AssetType> {
-  readonly type: Type
-}
-
-/** A union of all possible {@link Asset} variants. */
-export type AnyAsset<Type extends AssetType = AssetType> = Extract<
-  | DatalinkAsset
-  | DirectoryAsset
-  | FileAsset
-  | ProjectAsset
-  | SecretAsset
-  | SpecialEmptyAsset
-  | SpecialLoadingAsset,
-  HasType<Type>
->
-
-/** A type guard that returns whether an {@link Asset} is a specific type of asset. */
-export function assetIsType<Type extends AssetType>(type: Type) {
-  return (asset: AnyAsset): asset is Extract<AnyAsset, Asset<Type>> => asset.type === type
-}
-
-/** Creates a new placeholder asset id for the given asset type. */
-export function createPlaceholderAssetId<Type extends AssetType>(
-  type: Type,
-  id?: string
-): IdType[Type] {
-  // This is required so that TypeScript can check the `switch` for exhaustiveness.
-  const assetType: AssetType = type
-  id ??= uniqueString.uniqueString()
-  let result: AssetId
-  switch (assetType) {
-    case AssetType.directory: {
-      result = DirectoryId(id)
-      break
-    }
-    case AssetType.project: {
-      result = ProjectId(id)
-      break
-    }
-    case AssetType.file: {
-      result = FileId(id)
-      break
-    }
-    case AssetType.datalink: {
-      result = DatalinkId(id)
-      break
-    }
-    case AssetType.secret: {
-      result = SecretId(id)
-      break
-    }
-    case AssetType.specialLoading: {
-      result = LoadingAssetId(id)
-      break
-    }
-    case AssetType.specialEmpty: {
-      result = EmptyAssetId(id)
-      break
-    }
-  }
-  // This is SAFE, just too dynamic for TypeScript to correctly typecheck.
-  // eslint-disable-next-line no-restricted-syntax
-  return result as IdType[Type]
-}
-
-// These are functions, and so their names should be camelCase.
-/* eslint-disable no-restricted-syntax */
-/** A type guard that returns whether an {@link Asset} is a {@link ProjectAsset}. */
-export const assetIsProject = assetIsType(AssetType.project)
-/** A type guard that returns whether an {@link Asset} is a {@link DirectoryAsset}. */
-export const assetIsDirectory = assetIsType(AssetType.directory)
-/** A type guard that returns whether an {@link Asset} is a {@link DatalinkAsset}. */
-export const assetIsDatalink = assetIsType(AssetType.datalink)
-/** A type guard that returns whether an {@link Asset} is a {@link SecretAsset}. */
-export const assetIsSecret = assetIsType(AssetType.secret)
-/** A type guard that returns whether an {@link Asset} is a {@link FileAsset}. */
-export const assetIsFile = assetIsType(AssetType.file)
-/* eslint-enable no-restricted-syntax */
-
-/** Metadata describing a specific version of an asset. */
-export interface S3ObjectVersion {
-  readonly versionId: S3ObjectVersionId
-  readonly lastModified: dateTime.Rfc3339DateTime
-  readonly isLatest: boolean
-  /** An archive containing the all the project files object in the S3 bucket. */
-  readonly key: string
-}
-
-/** A list of asset versions. */
-export interface AssetVersions {
-  readonly versions: S3ObjectVersion[]
-}
-
-// ===============================
-// === compareAssetPermissions ===
-// ===============================
-
-/** Return a positive number when `a > b`, a negative number when `a < b`, and `0`
- * when `a === b`. */
-export function compareAssetPermissions(a: AssetPermission, b: AssetPermission) {
-  const relativePermissionPrecedence =
-    permissions.PERMISSION_ACTION_PRECEDENCE[a.permission] -
-    permissions.PERMISSION_ACTION_PRECEDENCE[b.permission]
-  if (relativePermissionPrecedence !== 0) {
-    return relativePermissionPrecedence
-  } else {
-    // NOTE [NP]: Although `userId` is unique, and therefore sufficient to sort permissions, sort
-    // name first, so that it's easier to find a permission in a long list (i.e., for readability).
-    const aName = 'user' in a ? a.user.name : a.userGroup.groupName
-    const bName = 'user' in b ? b.user.name : b.userGroup.groupName
-    const aUserId = 'user' in a ? a.user.userId : a.userGroup.id
-    const bUserId = 'user' in b ? b.user.userId : b.userGroup.id
-    return aName < bName
-      ? -1
-      : aName > bName
-        ? 1
-        : aUserId < bUserId
-          ? -1
-          : aUserId > bUserId
-            ? 1
-            : 0
-  }
-}
-
-// =================
-// === Endpoints ===
-// =================
-
-/** HTTP request body for the "set username" endpoint. */
-export interface CreateUserRequestBody {
-  readonly userName: string
-  readonly userEmail: EmailAddress
-  readonly organizationId: OrganizationId | null
-}
-
-/** HTTP request body for the "update user" endpoint. */
-export interface UpdateUserRequestBody {
-  readonly username: string | null
-}
-
-/** HTTP request body for the "change user group" endpoint. */
-export interface ChangeUserGroupRequestBody {
-  readonly userGroups: UserGroupId[]
-}
-
-/** HTTP request body for the "update organization" endpoint. */
-export interface UpdateOrganizationRequestBody {
-  readonly name?: string
-  readonly email?: EmailAddress
-  readonly website?: HttpsUrl
-  readonly address?: string
-}
-
-/** HTTP request body for the "invite user" endpoint. */
-export interface InviteUserRequestBody {
-  readonly organizationId: OrganizationId
-  readonly userEmail: EmailAddress
-}
-
-/** HTTP response body for the "list invitations" endpoint. */
-export interface ListInvitationsResponseBody {
-  readonly invitations: readonly Invitation[]
-}
-
-/** Invitation to join an organization. */
-export interface Invitation {
-  readonly organizationId: OrganizationId
-  readonly userEmail: EmailAddress
-  readonly expireAt: dateTime.Rfc3339DateTime
-}
-
-/** HTTP request body for the "create permission" endpoint. */
-export interface CreatePermissionRequestBody {
-  readonly actorsIds: readonly UserPermissionIdentifier[]
-  readonly resourceId: AssetId
-  readonly action: permissions.PermissionAction | null
-}
-
-/** HTTP request body for the "create directory" endpoint. */
-export interface CreateDirectoryRequestBody {
-  readonly title: string
-  readonly parentId: DirectoryId | null
-}
-
-/** HTTP request body for the "update directory" endpoint. */
-export interface UpdateDirectoryRequestBody {
-  readonly title: string
-}
-
-/** HTTP request body for the "update file" endpoint. */
-export interface UpdateFileRequestBody {
-  readonly title: string
-}
-
-/** HTTP request body for the "update asset" endpoint. */
-export interface UpdateAssetRequestBody {
-  readonly parentDirectoryId: DirectoryId | null
-  readonly description: string | null
-  /** Only present on the Local backend. */
-  readonly projectPath?: Path
-}
-
-/** HTTP request body for the "delete asset" endpoint. */
-export interface DeleteAssetRequestBody {
-  readonly force: boolean
-  /** Only used by the Local backend. */
-  readonly parentId: DirectoryId
-}
-
-/** HTTP request body for the "create project" endpoint. */
-export interface CreateProjectRequestBody {
-  readonly projectName: string
-  readonly projectTemplateName?: string
-  readonly parentDirectoryId?: DirectoryId
-  readonly datalinkId?: DatalinkId
-}
-
-/** HTTP request body for the "update project" endpoint.
- * Only updates of the `projectName` or `ami` are allowed. */
-export interface UpdateProjectRequestBody {
-  readonly projectName: string | null
-  readonly ami: Ami | null
-  readonly ideVersion: VersionNumber | null
-  /** Only used by the Local backend. */
-  readonly parentId: DirectoryId
-}
-
-/** HTTP request body for the "open project" endpoint. */
-export interface OpenProjectRequestBody {
-  readonly executeAsync: boolean
-  /** MUST be present on Remote backend; NOT REQUIRED on Local backend. */
-  readonly cognitoCredentials: CognitoCredentials | null
-  /** Only used by the Local backend. */
-  readonly parentId: DirectoryId
-}
-
-/** HTTP request body for the "create secret" endpoint. */
-export interface CreateSecretRequestBody {
-  readonly name: string
-  readonly value: string
-  readonly parentDirectoryId: DirectoryId | null
-}
-
-/** HTTP request body for the "update secret" endpoint. */
-export interface UpdateSecretRequestBody {
-  readonly value: string
-}
-
-/** HTTP request body for the "create datalink" endpoint. */
-export interface CreateDatalinkRequestBody {
-  readonly name: string
-  readonly value: unknown
-  readonly parentDirectoryId: DirectoryId | null
-  readonly datalinkId: DatalinkId | null
-}
-
-/** HTTP request body for the "create tag" endpoint. */
-export interface CreateTagRequestBody {
-  readonly value: string
-  readonly color: LChColor
-}
-
-/** HTTP request body for the "create user group" endpoint. */
-export interface CreateUserGroupRequestBody {
-  readonly name: string
-}
-
-/** HTTP request body for the "create checkout session" endpoint. */
-export interface CreateCheckoutSessionRequestBody {
-  readonly plan: Plan
-  readonly paymentMethodId: string
-}
-
-/** URL query string parameters for the "list directory" endpoint. */
-export interface ListDirectoryRequestParams {
-  readonly parentId: DirectoryId | null
-  readonly filterBy: FilterBy | null
-  readonly labels: LabelName[] | null
-  readonly recentProjects: boolean
-}
-
-/** URL query string parameters for the "upload file" endpoint. */
-export interface UploadFileRequestParams {
-  readonly fileId: AssetId | null
-  // Marked as optional in the data type, however it is required by the actual route handler.
-  readonly fileName: string
-  readonly parentDirectoryId: DirectoryId | null
-}
-
-/** URL query string parameters for the "upload profile picture" endpoint. */
-export interface UploadPictureRequestParams {
-  readonly fileName: string | null
-}
-
-/** URL query string parameters for the "list versions" endpoint. */
-export interface ListVersionsRequestParams {
-  readonly versionType: VersionType
-  readonly default: boolean
-}
-
-/**
- * POST request body for the "create checkout session" endpoint.
- */
-export interface CreateCheckoutSessionRequestParams {
-  readonly plan: Plan
-  readonly paymentMethodId: string
-}
-
-// ==============================
-// === detectVersionLifecycle ===
-// ==============================
-
-/** Extract the {@link VersionLifecycle} from a version string. */
-export function detectVersionLifecycle(version: string) {
-  if (/rc/i.test(version)) {
-    return VersionLifecycle.releaseCandidate
-  } else if (/\bnightly\b/i.test(version)) {
-    return VersionLifecycle.nightly
-  } else if (/\bdev\b|\balpha\b/i.test(version)) {
-    return VersionLifecycle.development
-  } else {
-    return VersionLifecycle.stable
-  }
-}
-
-// =====================
-// === compareAssets ===
-// =====================
-
-/** Return a positive number if `a > b`, a negative number if `a < b`, and zero if `a === b`. */
-export function compareAssets(a: AnyAsset, b: AnyAsset) {
-  const relativeTypeOrder = ASSET_TYPE_ORDER[a.type] - ASSET_TYPE_ORDER[b.type]
-  if (relativeTypeOrder !== 0) {
-    return relativeTypeOrder
-  } else {
-    const aModified = Number(new Date(a.modifiedAt))
-    const bModified = Number(new Date(b.modifiedAt))
-    const modifiedDelta = aModified - bModified
-    if (modifiedDelta !== 0) {
-      // Sort by date descending, rather than ascending.
-      return -modifiedDelta
-    } else {
-      return a.title > b.title ? 1 : a.title < b.title ? -1 : 0
-    }
-  }
-}
-
-// ==================
-// === getAssetId ===
-// ==================
-
-/** A convenience function to get the `id` of an {@link Asset}.
- * This is useful to avoid React re-renders as it is not re-created on each function call. */
-export function getAssetId<Type extends AssetType>(asset: Asset<Type>) {
-  return asset.id
-}
-
-// =====================
-// === fileIsProject ===
-// =====================
-
-/** A subset of properties of the JS `File` type. */
-interface JSFile {
-  readonly name: string
-}
-
-/** Whether a `File` is a project. */
-export function fileIsProject(file: JSFile) {
-  return (
-    file.name.endsWith('.tar.gz') ||
-    file.name.endsWith('.zip') ||
-    file.name.endsWith('.enso-project')
-  )
-}
-
-/** Whether a `File` is not a project. */
-export function fileIsNotProject(file: JSFile) {
-  return !fileIsProject(file)
-}
-
-// =============================
-// === stripProjectExtension ===
-// =============================
-
-/** Remove the extension of the project file name (if any). */
-export function stripProjectExtension(name: string) {
-  return name.replace(/[.](?:tar[.]gz|zip|enso-project)$/, '')
-}
-
-/** Return both the name and extension of the project file name (if any).
- * Otherwise, returns the entire name as the basename. */
-export function extractProjectExtension(name: string) {
-  const [, basename, extension] = name.match(/^(.*)[.](tar[.]gz|zip|enso-project)$/) ?? []
-  return { basename: basename ?? name, extension: extension ?? '' }
-}
-
-/**
- * Network error class.
- */
-export class NetworkError extends Error {
-  /**
-   * Create a new instance of the {@link NetworkError} class.
-   * @param message - The error message.
-   * @param status - The HTTP status code.
-   */
-  constructor(
-    message: string,
-    readonly status?: number
-  ) {
-    super(message)
-  }
-}
-/**
- * Error class for when the user is not authorized to access a resource.
- */
-export class NotAuthorizedError extends NetworkError {}
-
-// ===============
-// === Backend ===
-// ===============
-
-/** Interface for sending requests to a backend that manages assets and runs projects. */
-export default abstract class Backend {
-  abstract readonly type: BackendType
-
-  /** The path to the root directory of this {@link Backend}. */
-  abstract readonly rootPath: string
-  /** Return the ID of the root directory, if known. */
-  abstract rootDirectoryId(user: User | null): DirectoryId | null
-  /** Return a list of all users in the same organization. */
-  abstract listUsers(): Promise<readonly User[]>
-  /** Set the username of the current user. */
-  abstract createUser(body: CreateUserRequestBody): Promise<User>
-  /** Change the username of the current user. */
-  abstract updateUser(body: UpdateUserRequestBody): Promise<void>
-  /** Restore the current user. */
-  abstract restoreUser(): Promise<void>
-  /** Delete the current user. */
-  abstract deleteUser(): Promise<void>
-  /** Delete a user. */
-  abstract removeUser(userId: UserId): Promise<void>
-  /** Upload a new profile picture for the current user. */
-  abstract uploadUserPicture(params: UploadPictureRequestParams, file: Blob): Promise<User>
-  /** Set the list of groups a user is in. */
-  abstract changeUserGroup(
-    userId: UserId,
-    userGroups: ChangeUserGroupRequestBody,
-    name: string | null
-  ): Promise<User>
-  /** Invite a new user to the organization by email. */
-  abstract inviteUser(body: InviteUserRequestBody): Promise<void>
-  /** Return a list of invitations to the organization. */
-  abstract listInvitations(): Promise<readonly Invitation[]>
-  /** Delete an invitation. */
-  abstract deleteInvitation(userEmail: EmailAddress): Promise<void>
-  /** Resend an invitation. */
-  abstract resendInvitation(userEmail: EmailAddress): Promise<void>
-  /** Get the details of the current organization. */
-  abstract getOrganization(): Promise<OrganizationInfo | null>
-  /** Change the details of the current organization. */
-  abstract updateOrganization(body: UpdateOrganizationRequestBody): Promise<OrganizationInfo | null>
-  /** Upload a new profile picture for the current organization. */
-  abstract uploadOrganizationPicture(
-    params: UploadPictureRequestParams,
-    file: Blob
-  ): Promise<OrganizationInfo>
-  /** Adds a permission for a specific user on a specific asset. */
-  abstract createPermission(body: CreatePermissionRequestBody): Promise<void>
-  /** Return user details for the current user. */
-  abstract usersMe(): Promise<User | null>
-  /** Return a list of assets in a directory. */
-  abstract listDirectory(query: ListDirectoryRequestParams, title: string): Promise<AnyAsset[]>
-  /** Create a directory. */
-  abstract createDirectory(body: CreateDirectoryRequestBody): Promise<CreatedDirectory>
-  /** Change the name of a directory. */
-  abstract updateDirectory(
-    directoryId: DirectoryId,
-    body: UpdateDirectoryRequestBody,
-    title: string
-  ): Promise<UpdatedDirectory>
-  /** List previous versions of an asset. */
-  abstract listAssetVersions(assetId: AssetId, title: string | null): Promise<AssetVersions>
-  /** Change the parent directory of an asset. */
-  abstract updateAsset(assetId: AssetId, body: UpdateAssetRequestBody, title: string): Promise<void>
-  /** Delete an arbitrary asset. */
-  abstract deleteAsset(assetId: AssetId, body: DeleteAssetRequestBody, title: string): Promise<void>
-  /** Restore an arbitrary asset from the trash. */
-  abstract undoDeleteAsset(assetId: AssetId, title: string): Promise<void>
-  /** Copy an arbitrary asset to another directory. */
-  abstract copyAsset(
-    assetId: AssetId,
-    parentDirectoryId: DirectoryId,
-    title: string,
-    parentDirectoryTitle: string
-  ): Promise<CopyAssetResponse>
-  /** Return a list of projects belonging to the current user. */
-  abstract listProjects(): Promise<ListedProject[]>
-  /** Create a project for the current user. */
-  abstract createProject(body: CreateProjectRequestBody): Promise<CreatedProject>
-  /** Close a project. */
-  abstract closeProject(projectId: ProjectId, title: string): Promise<void>
-  /** Return a list of sessions for the current project. */
-  abstract listProjectSessions(projectId: ProjectId, title: string): Promise<ProjectSession[]>
-  /** Restore a project from a different version. */
-  abstract restoreProject(
-    projectId: ProjectId,
-    versionId: S3ObjectVersionId,
-    title: string
-  ): Promise<void>
-  /** Duplicate a specific version of a project. */
-  abstract duplicateProject(
-    projectId: ProjectId,
-    versionId: S3ObjectVersionId,
-    title: string
-  ): Promise<CreatedProject>
-  /** Return project details. */
-  abstract getProjectDetails(
-    projectId: ProjectId,
-    directoryId: DirectoryId | null,
-    title: string
-  ): Promise<Project>
-  /** Return Language Server logs for a project session. */
-  abstract getProjectSessionLogs(
-    projectSessionId: ProjectSessionId,
-    title: string
-  ): Promise<string[]>
-  /** Set a project to an open state. */
-  abstract openProject(
-    projectId: ProjectId,
-    body: OpenProjectRequestBody | null,
-    title: string
-  ): Promise<void>
-  /** Change the AMI or IDE version of a project. */
-  abstract updateProject(
-    projectId: ProjectId,
-    body: UpdateProjectRequestBody,
-    title: string
-  ): Promise<UpdatedProject>
-  /** Fetch the content of the `Main.enso` file of a project. */
-  abstract getFileContent(projectId: ProjectId, version: string, title: string): Promise<string>
-  /** Return project memory, processor and storage usage. */
-  abstract checkResources(projectId: ProjectId, title: string): Promise<ResourceUsage>
-  /** Return a list of files accessible by the current user. */
-  abstract listFiles(): Promise<FileLocator[]>
-  /** Upload a file. */
-  abstract uploadFile(params: UploadFileRequestParams, file: Blob): Promise<FileInfo>
-  /** Change the name of a file. */
-  abstract updateFile(fileId: FileId, body: UpdateFileRequestBody, title: string): Promise<void>
-  /** Return file details. */
-  abstract getFileDetails(fileId: FileId, title: string): Promise<FileDetails>
-  /** Create a Datalink. */
-  abstract createDatalink(body: CreateDatalinkRequestBody): Promise<DatalinkInfo>
-  /** Return a Datalink. */
-  abstract getDatalink(datalinkId: DatalinkId, title: string | null): Promise<Datalink>
-  /** Delete a Datalink. */
-  abstract deleteDatalink(datalinkId: DatalinkId, title: string | null): Promise<void>
-  /** Create a secret environment variable. */
-  abstract createSecret(body: CreateSecretRequestBody): Promise<SecretId>
-  /** Return a secret environment variable. */
-  abstract getSecret(secretId: SecretId, title: string): Promise<Secret>
-  /** Change the value of a secret. */
-  abstract updateSecret(
-    secretId: SecretId,
-    body: UpdateSecretRequestBody,
-    title: string
-  ): Promise<void>
-  /** Return the secret environment variables accessible by the user. */
-  abstract listSecrets(): Promise<SecretInfo[]>
-  /** Create a label used for categorizing assets. */
-  abstract createTag(body: CreateTagRequestBody): Promise<Label>
-  /** Return all labels accessible by the user. */
-  abstract listTags(): Promise<Label[]>
-  /** Set the full list of labels for a specific asset. */
-  abstract associateTag(assetId: AssetId, tagIds: LabelName[], title: string): Promise<void>
-  /** Delete a label. */
-  abstract deleteTag(tagId: TagId, value: LabelName): Promise<void>
-  /** Create a user group. */
-  abstract createUserGroup(body: CreateUserGroupRequestBody): Promise<UserGroupInfo>
-  /** Delete a user group. */
-  abstract deleteUserGroup(userGroupId: UserGroupId, name: string): Promise<void>
-  /** Return all user groups in the organization. */
-  abstract listUserGroups(): Promise<UserGroupInfo[]>
-  /** Return a list of backend or IDE versions. */
-  abstract listVersions(params: ListVersionsRequestParams): Promise<Version[]>
-  /** Create a payment checkout session. */
-  abstract createCheckoutSession(
-    params: CreateCheckoutSessionRequestParams
-  ): Promise<CheckoutSession>
-  /** Get the status of a payment checkout session. */
-  abstract getCheckoutSession(sessionId: CheckoutSessionId): Promise<CheckoutSessionStatus>
-  /** List events in the organization's audit log. */
-  abstract getLogEvents(): Promise<Event[]>
-  /** Log an event that will be visible in the organization audit log. */
-  abstract logEvent(
-    message: string,
-    projectId?: string | null,
-    metadata?: object | null
-  ): Promise<void>
-  /** Return a {@link Promise} that resolves only when a project is ready to open. */
-  abstract waitUntilProjectIsReady(
-    projectId: ProjectId,
-    directory: DirectoryId | null,
-    title: string,
-    abortSignal?: AbortSignal
-  ): Promise<Project>
-}
+export * from 'enso-common/src/services/Backend'
+export { default } from 'enso-common/src/services/Backend'
diff --git a/app/ide-desktop/lib/dashboard/src/services/RemoteBackend.ts b/app/ide-desktop/lib/dashboard/src/services/RemoteBackend.ts
index 9aac9cc60e..58707a7390 100644
--- a/app/ide-desktop/lib/dashboard/src/services/RemoteBackend.ts
+++ b/app/ide-desktop/lib/dashboard/src/services/RemoteBackend.ts
@@ -4,8 +4,7 @@
  * an API endpoint. The functions are asynchronous and return a {@link Promise} that resolves to
  * the response from the API. */
 import * as detect from 'enso-common/src/detect'
-
-import type * as text from '#/text'
+import type * as text from 'enso-common/src/text'
 
 import type * as loggerProvider from '#/providers/LoggerProvider'
 import type * as textProvider from '#/providers/TextProvider'
diff --git a/app/ide-desktop/lib/dashboard/src/text/index.ts b/app/ide-desktop/lib/dashboard/src/text/index.ts
deleted file mode 100644
index 6be737f478..0000000000
--- a/app/ide-desktop/lib/dashboard/src/text/index.ts
+++ /dev/null
@@ -1,136 +0,0 @@
-/** @file Functions related to displaying text. */
-
-import ENGLISH from '#/text/english.json' with { type: 'json' }
-
-// =============
-// === Types ===
-// =============
-
-/** Possible languages in which to display text. */
-export enum Language {
-  english = 'english',
-}
-
-export const LANGUAGE_TO_LOCALE: Record<Language, string> = {
-  [Language.english]: 'en-US',
-}
-
-/** An object containing the corresponding localized text for each text ID. */
-type Texts = typeof ENGLISH
-/** All possible text IDs. */
-export type TextId = keyof Texts
-
-/** Overrides the default number of placeholders (0). */
-interface PlaceholderOverrides {
-  readonly copyAssetError: [assetName: string]
-  readonly moveAssetError: [assetName: string]
-  readonly findProjectError: [projectName: string]
-  readonly openProjectError: [projectName: string]
-  readonly deleteAssetError: [assetName: string]
-  readonly restoreAssetError: [assetName: string]
-  readonly restoreProjectError: [projectName: string]
-  readonly unknownThreadIdError: [threadId: string]
-  readonly needsOwnerError: [assetType: string]
-  readonly inviteSuccess: [userEmail: string]
-  readonly inviteManyUsersSuccess: [userCount: number]
-
-  readonly deleteLabelActionText: [labelName: string]
-  readonly deleteSelectedAssetActionText: [assetName: string]
-  readonly deleteSelectedAssetsActionText: [count: number]
-  readonly deleteSelectedAssetForeverActionText: [assetName: string]
-  readonly deleteSelectedAssetsForeverActionText: [count: number]
-  readonly deleteUserActionText: [userName: string]
-  readonly deleteUserGroupActionText: [groupName: string]
-  readonly removeUserFromUserGroupActionText: [userName: string, groupName: string]
-  readonly confirmPrompt: [action: string]
-  readonly deleteTheAssetTypeTitle: [assetType: string, assetName: string]
-  readonly couldNotInviteUser: [userEmail: string]
-  readonly filesWithoutConflicts: [fileCount: number]
-  readonly projectsWithoutConflicts: [projectCount: number]
-  readonly andOtherFiles: [fileCount: number]
-  readonly andOtherProjects: [projectCount: number]
-  readonly emailIsNotAValidEmail: [userEmail: string]
-  readonly userIsAlreadyInTheOrganization: [userEmail: string]
-  readonly youAreAlreadyAddingUser: [userEmail: string]
-  readonly lastModifiedOn: [dateString: string]
-  readonly versionX: [version: number | string]
-  readonly buildX: [build: string]
-  readonly electronVersionX: [electronVersion: string]
-  readonly chromeVersionX: [chromeVersion: string]
-  readonly userAgentX: [userAgent: string]
-  readonly compareVersionXWithLatest: [versionNumber: number]
-  readonly onDateX: [dateString: string]
-  readonly xUsersAndGroupsSelected: [usersAndGroupsCount: number]
-  readonly upgradeTo: [planName: string]
-  readonly enterTheNewKeyboardShortcutFor: [actionName: string]
-  readonly downloadProjectError: [projectName: string]
-  readonly downloadFileError: [fileName: string]
-  readonly downloadDatalinkError: [datalinkName: string]
-  readonly deleteUserGroupError: [userGroupName: string]
-  readonly removeUserFromUserGroupError: [userName: string, userGroupName: string]
-  readonly deleteUserError: [userName: string]
-
-  readonly inviteUserBackendError: [string]
-  readonly changeUserGroupsBackendError: [string]
-  readonly listFolderBackendError: [string]
-  readonly createFolderBackendError: [string]
-  readonly updateFolderBackendError: [string]
-  readonly listAssetVersionsBackendError: [string]
-  readonly getFileContentsBackendError: [string]
-  readonly updateAssetBackendError: [string]
-  readonly deleteAssetBackendError: [string]
-  readonly undoDeleteAssetBackendError: [string]
-  readonly copyAssetBackendError: [string, string]
-  readonly createProjectBackendError: [string]
-  readonly restoreProjectBackendError: [string]
-  readonly duplicateProjectBackendError: [string]
-  readonly closeProjectBackendError: [string]
-  readonly listProjectSessionsBackendError: [string]
-  readonly getProjectDetailsBackendError: [string]
-  readonly getProjectLogsBackendError: [string]
-  readonly openProjectBackendError: [string]
-  readonly openProjectMissingCredentialsBackendError: [string]
-  readonly updateProjectBackendError: [string]
-  readonly checkResourcesBackendError: [string]
-  readonly uploadFileWithNameBackendError: [string]
-  readonly getFileDetailsBackendError: [string]
-  readonly createDatalinkBackendError: [string]
-  readonly getDatalinkBackendError: [string]
-  readonly deleteDatalinkBackendError: [string]
-  readonly createSecretBackendError: [string]
-  readonly getSecretBackendError: [string]
-  readonly updateSecretBackendError: [string]
-  readonly createLabelBackendError: [string]
-  readonly associateLabelsBackendError: [string]
-  readonly deleteLabelBackendError: [string]
-  readonly createUserGroupBackendError: [string]
-  readonly deleteUserGroupBackendError: [string]
-  readonly listVersionsBackendError: [string]
-  readonly createCheckoutSessionBackendError: [string]
-  readonly getCheckoutSessionBackendError: [string]
-  readonly getDefaultVersionBackendError: [string]
-  readonly logEventBackendError: [string]
-
-  readonly subscribeSuccessSubtitle: [string]
-  readonly assetsDropFilesDescription: [count: number]
-
-  readonly paywallAvailabilityLevel: [plan: string]
-  readonly paywallScreenDescription: [plan: string]
-  readonly userGroupsLimitMessage: [limit: number]
-  readonly inviteFormSeatsLeftError: [exceedBy: number]
-  readonly inviteFormSeatsLeft: [seatsLeft: number]
-  readonly seatsLeft: [seatsLeft: number, seatsTotal: number]
-}
-
-/** An tuple of `string` for placeholders for each {@link TextId}. */
-export interface Replacements
-  extends PlaceholderOverrides,
-    Record<Exclude<TextId, keyof PlaceholderOverrides>, []> {}
-
-// =================
-// === Constants ===
-// =================
-
-export const TEXTS: Readonly<Record<Language, Texts>> = {
-  [Language.english]: ENGLISH,
-}
diff --git a/app/ide-desktop/lib/dashboard/src/utilities/array.ts b/app/ide-desktop/lib/dashboard/src/utilities/array.ts
index 4de1f83b74..ddce463edb 100644
--- a/app/ide-desktop/lib/dashboard/src/utilities/array.ts
+++ b/app/ide-desktop/lib/dashboard/src/utilities/array.ts
@@ -1,65 +1,3 @@
 /** @file Utilities for manipulating arrays. */
 
-// ====================
-// === shallowEqual ===
-// ====================
-
-/** Whether both arrays contain the same items. Does not recurse into the items. */
-export function shallowEqual<T>(a: readonly T[], b: readonly T[]) {
-  return a.length === b.length && a.every((item, i) => item === b[i])
-}
-
-// ================
-// === includes ===
-// ================
-
-/** Returns a type predicate that returns true if and only if the value is in the array.
- * The array MUST contain every element of `T`. */
-export function includes<T>(array: T[], item: unknown): item is T {
-  const arrayOfUnknown: unknown[] = array
-  return arrayOfUnknown.includes(item)
-}
-
-/** Returns a type predicate that returns true if and only if the value is in the iterable.
- * The iterable MUST contain every element of `T`. */
-export function includesPredicate<T>(array: Iterable<T>) {
-  const set: Set<unknown> = array instanceof Set ? array : new Set<T>(array)
-  return (item: unknown): item is T => set.has(item)
-}
-
-// ======================
-// === splice helpers ===
-// ======================
-
-/** The value returned when {@link Array.findIndex} fails. */
-const NOT_FOUND = -1
-
-/** Insert items before the first index `i` for which `predicate(array[i])` is `true`.
- * Insert the items at the end if the `predicate` never returns `true`. */
-export function spliceBefore<T>(array: T[], items: T[], predicate: (value: T) => boolean) {
-  const index = array.findIndex(predicate)
-  array.splice(index === NOT_FOUND ? array.length : index, 0, ...items)
-  return array
-}
-
-/** Return a copy of the array, with items inserted before the first index `i` for which
- * `predicate(array[i])` is `true`. The items are inserted at the end if the `predicate` never
- * returns `true`. */
-export function splicedBefore<T>(array: T[], items: T[], predicate: (value: T) => boolean) {
-  return spliceBefore(Array.from(array), items, predicate)
-}
-
-/** Insert items after the first index `i` for which `predicate(array[i])` is `true`.
- * Insert the items at the end if the `predicate` never returns `true`. */
-export function spliceAfter<T>(array: T[], items: T[], predicate: (value: T) => boolean) {
-  const index = array.findIndex(predicate)
-  array.splice(index === NOT_FOUND ? array.length : index + 1, 0, ...items)
-  return array
-}
-
-/** Return a copy of the array, with items inserted after the first index `i` for which
- * `predicate(array[i])` is `true`. The items are inserted at the end if the `predicate` never
- * returns `true`. */
-export function splicedAfter<T>(array: T[], items: T[], predicate: (value: T) => boolean) {
-  return spliceAfter(Array.from(array), items, predicate)
-}
+export * from 'enso-common/src/utilities/data/array'
diff --git a/app/ide-desktop/lib/dashboard/src/utilities/dateTime.ts b/app/ide-desktop/lib/dashboard/src/utilities/dateTime.ts
index c763b34764..7c87e93b3d 100644
--- a/app/ide-desktop/lib/dashboard/src/utilities/dateTime.ts
+++ b/app/ide-desktop/lib/dashboard/src/utilities/dateTime.ts
@@ -1,78 +1,3 @@
 /** @file Utilities for manipulating and displaying dates and times. */
-import * as newtype from '#/utilities/newtype'
 
-// =================
-// === Constants ===
-// =================
-
-/** The number of hours in half a day. This is used to get the number of hours for AM/PM time. */
-const HALF_DAY_HOURS = 12
-
-/** A mapping from the month index returned by {@link Date.getMonth} to its full name. */
-export const MONTH_NAMES = [
-  'January',
-  'February',
-  'March',
-  'April',
-  'May',
-  'June',
-  'July',
-  'August',
-  'September',
-  'October',
-  'November',
-  'December',
-]
-
-// ================
-// === DateTime ===
-// ================
-
-/** A string with date and time, following the RFC3339 specification. */
-export type Rfc3339DateTime = newtype.Newtype<string, 'Rfc3339DateTime'>
-/** Create a {@link Rfc3339DateTime}. */
-// This is a constructor function that constructs values of the type it is named after.
-// eslint-disable-next-line @typescript-eslint/no-redeclare
-export const Rfc3339DateTime = newtype.newtypeConstructor<Rfc3339DateTime>()
-
-/** Return a new {@link Date} with units below days (hours, minutes, seconds and milliseconds)
- * set to `0`. */
-export function toDate(dateTime: Date) {
-  return new Date(dateTime.getFullYear(), dateTime.getMonth(), dateTime.getDate())
-}
-
-/** Format a {@link Date} into the preferred date format: `YYYY-MM-DD`. */
-export function formatDate(date: Date) {
-  const year = date.getFullYear()
-  const month = (date.getMonth() + 1).toString().padStart(2, '0')
-  const dayOfMonth = date.getDate().toString().padStart(2, '0')
-  return `${year}-${month}-${dayOfMonth}`
-}
-
-/** Format a {@link Date} into the preferred date-time format: `YYYY-MM-DD, hh:mm`. */
-export function formatDateTime(date: Date) {
-  const hour = date.getHours().toString().padStart(2, '0')
-  const minute = date.getMinutes().toString().padStart(2, '0')
-  return `${formatDate(date)}, ${hour}:${minute}`
-}
-
-/** Format a {@link Date} into the preferred chat-frienly format: `DD/MM/YYYY, hh:mm PM`. */
-export function formatDateTimeChatFriendly(date: Date) {
-  const year = date.getFullYear()
-  const month = (date.getMonth() + 1).toString().padStart(2, '0')
-  const dayOfMonth = date.getDate().toString().padStart(2, '0')
-  let hourRaw = date.getHours()
-  let amOrPm = 'AM'
-  if (hourRaw > HALF_DAY_HOURS) {
-    hourRaw -= HALF_DAY_HOURS
-    amOrPm = 'PM'
-  }
-  const hour = hourRaw.toString().padStart(2, '0')
-  const minute = date.getMinutes().toString().padStart(2, '0')
-  return `${dayOfMonth}/${month}/${year} ${hour}:${minute} ${amOrPm}`
-}
-
-/** Format a {@link Date} as a {@link Rfc3339DateTime}. */
-export function toRfc3339(date: Date) {
-  return Rfc3339DateTime(date.toISOString())
-}
+export * from 'enso-common/src/utilities/data/dateTime'
diff --git a/app/ide-desktop/lib/dashboard/src/utilities/newtype.ts b/app/ide-desktop/lib/dashboard/src/utilities/newtype.ts
index d6505a67a2..f754c29e1e 100644
--- a/app/ide-desktop/lib/dashboard/src/utilities/newtype.ts
+++ b/app/ide-desktop/lib/dashboard/src/utilities/newtype.ts
@@ -1,64 +1,3 @@
 /** @file Emulates `newtype`s in TypeScript. */
 
-// ===============
-// === Newtype ===
-// ===============
-
-/** An interface specifying the variant of a newtype. */
-export interface NewtypeVariant<TypeName extends string> {
-  // eslint-disable-next-line @typescript-eslint/naming-convention
-  readonly _$type: TypeName
-}
-
-/** An interface specifying the variant of a newtype, where the discriminator is mutable.
- * This is safe, as the discriminator should be a string literal type anyway. */
-// This is required for compatibility with the dependency `enso-chat`.
-// eslint-disable-next-line no-restricted-syntax
-export interface MutableNewtypeVariant<TypeName extends string> {
-  // eslint-disable-next-line @typescript-eslint/naming-convention
-  _$type: TypeName
-}
-
-/** Used to create a "branded type",
- * which contains a property that only exists at compile time.
- *
- * `Newtype<string, 'A'>` and `Newtype<string, 'B'>` are not compatible with each other,
- * however both are regular `string`s at runtime.
- *
- * This is useful in parameters that require values from a certain source,
- * for example IDs for a specific object type.
- *
- * It is similar to a `newtype` in other languages.
- * Note however because TypeScript is structurally typed,
- * a branded type is assignable to its base type:
- * `a: string = asNewtype<Newtype<string, 'Name'>>(b)` successfully typechecks. */
-export type Newtype<T, TypeName extends string> = NewtypeVariant<TypeName> & T
-
-/** Extracts the original type out of a {@link Newtype}.
- * Its only use is in {@link newtypeConstructor}. */
-export type UnNewtype<T extends Newtype<unknown, string>> = T extends infer U &
-  NewtypeVariant<T['_$type']>
-  ? U extends infer V & MutableNewtypeVariant<T['_$type']>
-    ? V
-    : U
-  : NotNewtype & Omit<T, '_$type'>
-
-/** An interface that matches a type if and only if it is not a newtype. */
-export interface NotNewtype {
-  // eslint-disable-next-line @typescript-eslint/naming-convention
-  readonly _$type?: never
-}
-
-/** Converts a value that is not a newtype, to a value that is a newtype.
- * This function intentionally returns another function, to ensure that each function instance
- * is only used for one type, avoiding the de-optimization caused by polymorphic functions. */
-export function newtypeConstructor<T extends Newtype<unknown, string>>() {
-  // This cast is unsafe.
-  // `T` has an extra property `_$type` which is used purely for typechecking
-  // and does not exist at runtime.
-  //
-  // The property name is specifically chosen to trigger eslint's `naming-convention` lint,
-  // so it should not be possible to accidentally create a value with such a type.
-  // eslint-disable-next-line no-restricted-syntax
-  return (s: NotNewtype & UnNewtype<T>) => s as unknown as T
-}
+export * from 'enso-common/src/utilities/data/newtype'
diff --git a/app/ide-desktop/lib/dashboard/src/utilities/permissions.ts b/app/ide-desktop/lib/dashboard/src/utilities/permissions.ts
index d6e2075430..dad372e3eb 100644
--- a/app/ide-desktop/lib/dashboard/src/utilities/permissions.ts
+++ b/app/ide-desktop/lib/dashboard/src/utilities/permissions.ts
@@ -1,248 +1,3 @@
 /** @file Utilities for working with permissions. */
-import type * as text from '#/text'
 
-import type * as backend from '#/services/Backend'
-
-// ========================
-// === PermissionAction ===
-// ========================
-
-/** Backend representation of user permission types. */
-export enum PermissionAction {
-  own = 'Own',
-  admin = 'Admin',
-  edit = 'Edit',
-  read = 'Read',
-  readAndDocs = 'Read_docs',
-  readAndExec = 'Read_exec',
-  view = 'View',
-  viewAndDocs = 'View_docs',
-  viewAndExec = 'View_exec',
-}
-
-/** Whether each {@link PermissionAction} can execute a project. */
-export const PERMISSION_ACTION_CAN_EXECUTE: Readonly<Record<PermissionAction, boolean>> = {
-  [PermissionAction.own]: true,
-  [PermissionAction.admin]: true,
-  [PermissionAction.edit]: true,
-  [PermissionAction.read]: false,
-  [PermissionAction.readAndDocs]: false,
-  [PermissionAction.readAndExec]: true,
-  [PermissionAction.view]: false,
-  [PermissionAction.viewAndDocs]: false,
-  [PermissionAction.viewAndExec]: true,
-}
-
-// ==================
-// === Permission ===
-// ==================
-
-/** Type of permission. This determines what kind of border is displayed. */
-export enum Permission {
-  owner = 'owner',
-  admin = 'admin',
-  edit = 'edit',
-  read = 'read',
-  view = 'view',
-  delete = 'delete',
-}
-
-/** CSS classes for each permission. */
-export const PERMISSION_CLASS_NAME: Readonly<Record<Permission, string>> = {
-  [Permission.owner]: 'text-tag-text bg-permission-owner',
-  [Permission.admin]: 'text-tag-text bg-permission-admin',
-  [Permission.edit]: 'text-tag-text bg-permission-edit',
-  [Permission.read]: 'text-tag-text bg-permission-read',
-  [Permission.view]: 'text-tag-text-2 bg-permission-view',
-  [Permission.delete]: 'text-tag-text bg-delete',
-}
-
-/** Precedences for each permission. A lower number means a higher priority. */
-export const PERMISSION_PRECEDENCE: Readonly<Record<Permission, number>> = {
-  // These are not magic numbers - they are just a sequence of numbers.
-  /* eslint-disable @typescript-eslint/no-magic-numbers */
-  [Permission.owner]: 0,
-  [Permission.admin]: 1,
-  [Permission.edit]: 2,
-  [Permission.read]: 3,
-  [Permission.view]: 4,
-  [Permission.delete]: 1000,
-  /* eslint-enable @typescript-eslint/no-magic-numbers */
-}
-
-/** Precedences for each permission action. A lower number means a higher priority. */
-export const PERMISSION_ACTION_PRECEDENCE: Readonly<Record<PermissionAction, number>> = {
-  // These are not magic numbers - they are just a sequence of numbers.
-  /* eslint-disable @typescript-eslint/no-magic-numbers */
-  [PermissionAction.own]: 0,
-  [PermissionAction.admin]: 1,
-  [PermissionAction.edit]: 2,
-  [PermissionAction.read]: 3,
-  [PermissionAction.readAndDocs]: 4,
-  [PermissionAction.readAndExec]: 5,
-  [PermissionAction.view]: 6,
-  [PermissionAction.viewAndDocs]: 7,
-  [PermissionAction.viewAndExec]: 8,
-  /* eslint-enable @typescript-eslint/no-magic-numbers */
-}
-
-/** CSS classes for the docs permission. */
-export const DOCS_CLASS_NAME = 'text-tag-text bg-permission-docs'
-/** CSS classes for the execute permission. */
-export const EXEC_CLASS_NAME = 'text-tag-text bg-permission-exec'
-
-/** The corresponding {@link Permissions} for each {@link PermissionAction}. */
-export const FROM_PERMISSION_ACTION: Readonly<Record<PermissionAction, Permissions>> = {
-  [PermissionAction.own]: { type: Permission.owner },
-  [PermissionAction.admin]: { type: Permission.admin },
-  [PermissionAction.edit]: { type: Permission.edit },
-  [PermissionAction.read]: {
-    type: Permission.read,
-    execute: false,
-    docs: false,
-  },
-  [PermissionAction.readAndDocs]: {
-    type: Permission.read,
-    execute: false,
-    docs: true,
-  },
-  [PermissionAction.readAndExec]: {
-    type: Permission.read,
-    execute: true,
-    docs: false,
-  },
-  [PermissionAction.view]: {
-    type: Permission.view,
-    execute: false,
-    docs: false,
-  },
-  [PermissionAction.viewAndDocs]: {
-    type: Permission.view,
-    execute: false,
-    docs: true,
-  },
-  [PermissionAction.viewAndExec]: {
-    type: Permission.view,
-    execute: true,
-    docs: false,
-  },
-}
-
-/** The corresponding {@link PermissionAction} for each {@link Permission}.
- * Assumes no docs sub-permission and no execute sub-permission. */
-export const TYPE_TO_PERMISSION_ACTION: Readonly<Record<Permission, PermissionAction>> = {
-  [Permission.owner]: PermissionAction.own,
-  [Permission.admin]: PermissionAction.admin,
-  [Permission.edit]: PermissionAction.edit,
-  [Permission.read]: PermissionAction.read,
-  [Permission.view]: PermissionAction.view,
-  // Should never happen, but provide a fallback just in case.
-  [Permission.delete]: PermissionAction.view,
-}
-
-/** The corresponding {@link text.TextId} for each {@link Permission}.
- * Assumes no docs sub-permission and no execute sub-permission. */
-export const TYPE_TO_TEXT_ID: Readonly<Record<Permission, text.TextId>> = {
-  [Permission.owner]: 'ownerPermissionType',
-  [Permission.admin]: 'adminPermissionType',
-  [Permission.edit]: 'editPermissionType',
-  [Permission.read]: 'readPermissionType',
-  [Permission.view]: 'viewPermissionType',
-  [Permission.delete]: 'deletePermissionType',
-} satisfies { [P in Permission]: `${P}PermissionType` }
-
-/** The equivalent backend `PermissionAction` for a `Permissions`. */
-export function toPermissionAction(permissions: Permissions): PermissionAction {
-  switch (permissions.type) {
-    case Permission.owner: {
-      return PermissionAction.own
-    }
-    case Permission.admin: {
-      return PermissionAction.admin
-    }
-    case Permission.edit: {
-      return PermissionAction.edit
-    }
-    case Permission.read: {
-      return permissions.execute
-        ? permissions.docs
-          ? /* should never happen, but use a fallback value */
-            PermissionAction.readAndExec
-          : PermissionAction.readAndExec
-        : permissions.docs
-          ? PermissionAction.readAndDocs
-          : PermissionAction.read
-    }
-    case Permission.view: {
-      return permissions.execute
-        ? permissions.docs
-          ? /* should never happen, but use a fallback value */
-            PermissionAction.viewAndExec
-          : PermissionAction.viewAndExec
-        : permissions.docs
-          ? PermissionAction.viewAndDocs
-          : PermissionAction.view
-    }
-  }
-}
-
-// ===================
-// === Permissions ===
-// ===================
-
-/** Properties common to all permissions. */
-interface BasePermissions<T extends Permission> {
-  readonly type: T
-}
-
-/** Owner permissions for an asset. */
-interface OwnerPermissions extends BasePermissions<Permission.owner> {}
-
-/** Admin permissions for an asset. */
-interface AdminPermissions extends BasePermissions<Permission.admin> {}
-
-/** Editor permissions for an asset. */
-interface EditPermissions extends BasePermissions<Permission.edit> {}
-
-/** Reader permissions for an asset. */
-interface ReadPermissions extends BasePermissions<Permission.read> {
-  readonly docs: boolean
-  readonly execute: boolean
-}
-
-/** Viewer permissions for an asset. */
-interface ViewPermissions extends BasePermissions<Permission.view> {
-  readonly docs: boolean
-  readonly execute: boolean
-}
-
-/** Detailed permission information. This is used to draw the border. */
-export type Permissions =
-  | AdminPermissions
-  | EditPermissions
-  | OwnerPermissions
-  | ReadPermissions
-  | ViewPermissions
-
-export const DEFAULT_PERMISSIONS: Permissions = Object.freeze({
-  type: Permission.view,
-  docs: false,
-  execute: false,
-})
-
-// ======================================
-// === tryGetSingletonOwnerPermission ===
-// ======================================
-
-/** Return an array containing the owner permission if `owner` is not `null`,
- * else return an empty array (`[]`). */
-export function tryGetSingletonOwnerPermission(
-  owner: backend.User | null
-): backend.UserPermission[] {
-  if (owner != null) {
-    const { organizationId, userId, name, email } = owner
-    return [{ user: { organizationId, userId, name, email }, permission: PermissionAction.own }]
-  } else {
-    return []
-  }
-}
+export * from 'enso-common/src/utilities/permissions'
diff --git a/app/ide-desktop/lib/dashboard/src/utilities/uniqueString.ts b/app/ide-desktop/lib/dashboard/src/utilities/uniqueString.ts
index 3d4a9bf77e..dee5be9106 100644
--- a/app/ide-desktop/lib/dashboard/src/utilities/uniqueString.ts
+++ b/app/ide-desktop/lib/dashboard/src/utilities/uniqueString.ts
@@ -1,14 +1,3 @@
 /** @file A function that generates a unique string. */
 
-// ====================
-// === uniqueString ===
-// ====================
-
-// This is initialized to an unusual number, to minimize the chances of collision.
-let counter = Number(new Date()) >>> 2
-
-/** Returns a new, mostly unique string. */
-export function uniqueString(): string {
-  counter += 1
-  return counter.toString()
-}
+export * from 'enso-common/src/utilities/uniqueString'