`import content` exposes the runtime-backed domain types that represent
validated public content. Every type has a private constructor; the only
way to produce a value is the corresponding `Type.validate(raw)` call.

| Domain type | Purpose |
|---|---|
| `IssueTitle` | Bounded length, no control characters, no markup. |
| `MarkdownBody` | Bounded length; safe for `Markdown.render_body(...)`. |
| `SafeHtml` | Output of trusted HTML producers (see below). |
| `PlainText` | Bounded text with control characters stripped. |
| `Username` | Length, allowed characters, reserved-name list. |
| `EmailAddress` | Length and format check. |
| `LabelName` | Issue label rules. |
| `PublicUrl` | URL parsing plus `UrlPolicy` checks. |
| `SearchText` | Search-friendly text (normalized, length bound). |
| `SearchIndex` | Normalized search input ready to feed the search index. |

## Content-type selection

The Vary HTTP runtime emits the correct response `Content-Type` for the
declared response shape:

| Response form | Content-Type |
|---|---|
| `response NameResponse { ... }` | `application/json; charset=utf-8` |
| Handler returning a JSON envelope from `api_response` | `application/json; charset=utf-8` |
| `Markdown.render_body(...).safe_html()` | `text/html; charset=utf-8` |
| `xml_document(root)` | `application/atom+xml` or `application/xml` |
| Plain text body | `text/plain; charset=utf-8` |

For routes that need a non-default media type, use the `raw_content`
endpoint clause (see [HTTP services](/docs/http/)). The boundary refuses
to mix declared media types with hand-built `Str` bodies that pass
through unchecked.

## Security constraints

`content` is the only safe source for the typed HTML and Markdown sinks.
Direct `Str` flow into `Markdown.render_body`, the SafeHtml sink, or the
HTML response body is a compile error - the type checker rejects it before
code generation. Validate at the boundary, work with the domain type, and
let the runtime render.