npm - @cognite/cli - Versions diffs - 1.1.0 → 1.2.0 - Mend

@cognite/cli 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +12 -0
package/_templates/app/new/claude/mcp.json.ejs.t +11 -0
package/_templates/app/new/config/vitest.config.ts.ejs.t +5 -0
package/_templates/app/new/cursor/mcp.json.ejs.t +10 -0
package/_templates/app/new/root/.npmrc.ejs.t +1 -0
package/_templates/app/new/root/AGENTS.md.ejs.t +12 -6
package/_templates/app/new/root/gitignore.ejs.t +1 -0
package/_templates/app/new/root/package.json.ejs.t +2 -0
package/_templates/app/new/vscode/mcp.json.ejs.t +11 -0
package/dist/{chunk-VJMFH4MH.js → chunk-PT2DTNGD.js} +4 -4
package/dist/cli/cli.js +46 -46
package/dist/deploy/index.d.ts +4 -2
package/dist/deploy/index.js +1 -1
package/dist/index.js +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -47,6 +47,18 @@ Browse available skills at [cognitedata/builder-skills](https://github.com/cogni
 - Node.js ≥ 20
 - React ≥ 18 (optional peer dependency — only needed for auth components)
+## Telemetry
+`@cognite/cli` collects anonymous usage data (commands run, success/failure, CLI and Node.js versions) to help improve the tool.
+To opt out:
+```bash
+export COGNITE_TELEMETRY_DISABLED=1
+```
+`DO_NOT_TRACK=1` is also honoured.
 ## Development
 ### Running tests

package/_templates/app/new/claude/mcp.json.ejs.t ADDED Viewed

@@ -0,0 +1,11 @@
+---
+to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>.mcp.json'
+---
+{
+  "mcpServers": {
+    "cognite-docs": {
+      "type": "http",
+      "url": "https://docs.cognite.com/mcp"
+    }
+  }
+}

package/_templates/app/new/config/vitest.config.ts.ejs.t CHANGED Viewed

@@ -10,5 +10,10 @@ export default defineConfig({
     globals: true,
     environment: 'happy-dom',
     setupFiles: ['vitest.setup.ts'],
+    coverage: {
+      provider: 'v8',
+      reporter: ['text', 'json', 'html', 'lcov'],
+      exclude: ['node_modules/', 'dist/', 'vitest.setup.ts', '**/*.config.ts', '**/*.d.ts'],
+    },
   },
 });

package/_templates/app/new/cursor/mcp.json.ejs.t ADDED Viewed

@@ -0,0 +1,10 @@
+---
+to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>.cursor/mcp.json'
+---
+{
+  "mcpServers": {
+    "cognite-docs": {
+      "url": "https://docs.cognite.com/mcp"
+    }
+  }
+}

package/_templates/app/new/root/.npmrc.ejs.t CHANGED Viewed

@@ -2,3 +2,4 @@
 to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>.npmrc'
 ---
 engine-strict=true
+min-release-age=2

package/_templates/app/new/root/AGENTS.md.ejs.t CHANGED Viewed

@@ -22,7 +22,13 @@ This app uses [github/spec-kit](https://github.com/github/spec-kit) for spec-dri
 ---
-## 1. Dependency Injection
+## 1. UI Components
+Always check `@cognite/aura/components` before reaching for a raw HTML element or custom CSS/Tailwind solution. If Aura has a component that covers the need, use it. Only fall back to custom solutions when Aura genuinely doesn't cover the use case.
+---
+## 2. Dependency Injection
 Inject dependencies via React context (hooks/components) or factory-override pattern (plain functions). Never hard-code dependencies.
@@ -51,7 +57,7 @@ export const doWork = async (props: Props, overrides?: Partial<Deps>) => {
 ---
-## 2. Interface-Based Services
+## 3. Interface-Based Services
 Define an interface; implement with a class. Never reference the concrete class outside its own file.
@@ -68,7 +74,7 @@ export class ApiDataService implements DataService {
 ---
-## 3. ViewModel Pattern
+## 4. ViewModel Pattern
 Business logic lives in `use<Name>ViewModel`. Components only render.
@@ -91,7 +97,7 @@ export const TodoView = () => {
 ---
-## 4. Test-First Development
+## 5. Test-First Development
 Write tests before implementation for all non-trivial behavior changes.
@@ -187,7 +193,7 @@ Place reusable factories in `src/__mocks__/`. Use `.test` TLD for fake URLs (RFC
 ---
-## 5. TypeScript Rules
+## 6. TypeScript Rules
 - Never use `any`; prefer `unknown` or explicit strong types
 - Never use `as unknown as T`; for partial test doubles use `{ ...defaults, ...overrides } as T`
@@ -201,7 +207,7 @@ function createMockWindow(overrides: Partial<Window> = {}): Window {
 ---
-## 6. Commits and pull requests
+## 7. Commits and pull requests
 Use [Conventional Commits v1.0.0](https://www.conventionalcommits.org/en/v1.0.0/).

package/_templates/app/new/root/gitignore.ejs.t CHANGED Viewed

@@ -6,6 +6,7 @@ node_modules
 # Build output
 dist
+coverage
 # Environment variables
 .env

package/_templates/app/new/root/package.json.ejs.t CHANGED Viewed

@@ -18,6 +18,7 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>package.json'
     "test": "vitest run",
     "test:watch": "vitest",
     "test:ui": "vitest --ui",
+    "test:coverage": "vitest run --coverage",
     "lint": "eslint . --ext .js,.mjs,.cjs,.ts,.tsx",
     "lint:fix": "eslint . --fix --ext .js,.mjs,.cjs,.ts,.tsx",
     "deploy": "npx @cognite/cli@latest apps deploy --interactive",
@@ -44,6 +45,7 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>package.json'
     "@types/react": "^18.3.1",
     "@types/react-dom": "^18.3.1",
     "@vitejs/plugin-react": "^5.1.1",
+    "@vitest/coverage-v8": "^2.1.8",
     "@vitest/ui": "^2.1.8",
     "autoprefixer": "^10.4.22",
     "eslint": "9.39.4",

package/_templates/app/new/vscode/mcp.json.ejs.t ADDED Viewed

@@ -0,0 +1,11 @@
+---
+to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>.vscode/mcp.json'
+---
+{
+  "servers": {
+    "cognite-docs": {
+      "type": "http",
+      "url": "https://docs.cognite.com/mcp"
+    }
+  }
+}

package/dist/{chunk-VJMFH4MH.js → chunk-PT2DTNGD.js} RENAMED Viewed

@@ -1,9 +1,9 @@
 var W=Object.defineProperty;var s=(e,t)=>W(e,"name",{value:t,configurable:!0});import Y from"fs";import gt from"path";var N="https://docs.cognite.com/cdf/access/";function m(e){return e!==null&&typeof e=="object"}s(m,"isRecord");function S(e){return e instanceof Error&&"status"in e&&typeof e.status=="number"}s(S,"isHttpError");function Z(e){switch(e){case 401:return`Your credentials are invalid or expired. Check your client ID and secret.
   See: ${N}`;case 403:return`You don't have the required CDF capabilities. Please contact your CDF admin.
-  See: ${N}`;default:return}}s(Z,"httpStatusHint");function w(e){let t=e instanceof Error?e:new Error(String(e));if(!S(t))return null;let n=Z(t.status);return n?Object.assign(new Error(`${t.message}
-  ${n}`),{cause:t}):null}s(w,"enrichedHttpError");function X(e){if(!m(e))return null;let t=e.missing;if(Array.isArray(t))return t;let n=e.data;if(m(n)){let r=n.error;if(m(r)&&Array.isArray(r.missing))return r.missing;if(Array.isArray(n.missing))return n.missing}return null}s(X,"findMissingArray");function Q(e,t){if(!S(e)||e.status!==400)return!1;let n=X(e);return n?n.some(r=>m(r)&&typeof r.externalId=="string"&&t.includes(r.externalId)):!1}s(Q,"isMissingExternalIdError");function v(e,t){return S(e)&&e.status===404||Q(e,t)}s(v,"isNotFoundError");var M=["DRAFT","PUBLISHED","DEPRECATED","ARCHIVED"],J=["ACTIVE","PREVIEW"],I=class I extends Error{constructor(t,n){super(`Version ${n} of app ${t} not found`),this.name="AppVersionNotFoundError",this.appExternalId=t,this.version=n}};s(I,"AppVersionNotFoundError");var C=I;function q(e,t){return e.includes(t)}s(q,"includesValue");function tt(e){return q(M,e)}s(tt,"isAppVersionLifecycleState");function et(e){return q(J,e)}s(et,"isAppVersionAlias");function nt(e){return typeof e.version=="string"&&tt(e.lifecycleState)&&typeof e.entrypoint=="string"&&typeof e.createdTime=="number"&&typeof e.createdBy=="string"&&typeof e.appExternalId=="string"&&(e.alias===void 0||et(e.alias))&&(e.comment===void 0||typeof e.comment=="string")}s(nt,"isAppVersion");function H(e){if(!m(e))throw new Error("Invalid version response: not an object");if(!nt(e))throw new Error("Invalid version response: missing or malformed fields");return e}s(H,"parseAppVersion");var T=class T{constructor(t){this.client=t}get appsBasePath(){return`/api/v1/projects/${encodeURIComponent(this.client.project)}/apphosting/apps`}async createApp(t,n,r){try{await this.client.post(this.appsBasePath,{data:{items:[{externalId:t,name:n,description:r}]}})}catch(o){throw w(o)??o}}async uploadVersion(t,n,r,o,i="index.html"){console.log(`\u{1F4E4} Uploading version ${n}...`);let a=new FormData;a.append("file",new Blob([new Uint8Array(r)]),o),a.append("version",n),a.append("entryPath",i);let l=encodeURIComponent(t),c=`${this.appsBasePath}/${l}/versions`,p=await this.client.authenticate(),g=`${this.client.getBaseUrl()}${c}`,u=new AbortController,G=setTimeout(()=>u.abort(),300*1e3),y;try{y=await fetch(g,{method:"POST",headers:{Authorization:`Bearer ${p}`},body:a,signal:u.signal})}catch(f){throw f instanceof Error&&f.name==="AbortError"?new Error("Upload timed out after 5 minutes"):f}finally{clearTimeout(G)}if(!y.ok){let f=await y.text(),k=f;try{let $=JSON.parse(f);if(m($)){let A=$.error;if(typeof A=="string")k=A;else if(m(A)){let E=A.message,F=A.code;k=typeof E=="string"?E:F!=null?`Unknown error (code: ${F})`:f}else{let E=$.message;k=typeof E=="string"?E:f}}}catch{}let j=y.headers.get("x-request-id"),K=j?` | X-Request-ID: ${j}`:"",B=Object.assign(new Error(`Upload failed: ${y.status} \u2014 ${k}${K}`),{status:y.status});throw w(B)??B}console.log(`\u2705 Version ${n} uploaded`)}async getVersion(t,n){let r=encodeURIComponent(t),o=encodeURIComponent(n),i=`${this.appsBasePath}/${r}/versions/${o}`;try{let a=await this.client.get(i);return H(a.data)}catch(a){throw v(a,[t,n])?new C(t,n):w(a)??a}}async getActiveVersion(t){let n=encodeURIComponent(t),r=`${this.appsBasePath}/${n}/active`;try{let o=await this.client.get(r);return H(o.data)}catch(o){if(v(o,[t]))return null;throw w(o)??o}}async updateVersions(t,n){let r=encodeURIComponent(t),o=`${this.appsBasePath}/${r}/versions/update`;try{await this.client.post(o,{data:{items:n}})}catch(i){throw w(i)??i}}};s(T,"AppHostingApi");var x=T;var b=class b{constructor(t){this.api=new x(t)}getVersion(t,n){return this.api.getVersion(t,n)}uploadVersion(t,n,r,o,i){return this.api.uploadVersion(t,n,r,o,i)}async ensureApp(t,n,r){console.log("\u{1F50D} Ensuring app exists...");try{await this.api.createApp(t,n,r),console.log(`\u2705 App '${t}' created`)}catch(o){if(S(o)&&o.status===409){console.log(`\u2705 App '${t}' already exists`);return}throw o}}async publishVersion(t,n){await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"}}}])}async publishAndActivate(t,n){console.log(`\u{1F680} Publishing and activating version ${n}...`),await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"},alias:{set:"ACTIVE"}}}]),console.log(`\u2705 Version ${n} is now PUBLISHED and ACTIVE`)}async activateVersion(t,n){let r=null;try{r=await this.api.getActiveVersion(t)}catch{r=null}let o=r&&r.version!==n?r.version:void 0;return await this.api.updateVersions(t,[{version:n,update:{alias:{set:"ACTIVE"}}}]),{supersededVersion:o}}async deploy(t,n,r,o,i,a,l=!1){console.log(`
+  See: ${N}`;default:return}}s(Z,"httpStatusHint");function A(e){let t=e instanceof Error?e:new Error(String(e));if(!S(t))return null;let n=Z(t.status);return n?Object.assign(new Error(`${t.message}
+  ${n}`),{cause:t}):null}s(A,"enrichedHttpError");function X(e){if(!m(e))return null;let t=e.missing;if(Array.isArray(t))return t;let n=e.data;if(m(n)){let r=n.error;if(m(r)&&Array.isArray(r.missing))return r.missing;if(Array.isArray(n.missing))return n.missing}return null}s(X,"findMissingArray");function Q(e,t){if(!S(e)||e.status!==400)return!1;let n=X(e);return n?n.some(r=>m(r)&&typeof r.externalId=="string"&&t.includes(r.externalId)):!1}s(Q,"isMissingExternalIdError");function $(e,t){return S(e)&&e.status===404||Q(e,t)}s($,"isNotFoundError");var M=["DRAFT","PUBLISHED","DEPRECATED","ARCHIVED"],J=["ACTIVE","PREVIEW"],I=class I extends Error{constructor(t,n){super(`Version ${n} of app ${t} not found`),this.name="AppVersionNotFoundError",this.appExternalId=t,this.version=n}};s(I,"AppVersionNotFoundError");var V=I;function q(e,t){return e.includes(t)}s(q,"includesValue");function tt(e){return q(M,e)}s(tt,"isAppVersionLifecycleState");function et(e){return q(J,e)}s(et,"isAppVersionAlias");function nt(e){return typeof e.version=="string"&&tt(e.lifecycleState)&&typeof e.entrypoint=="string"&&typeof e.createdTime=="number"&&typeof e.createdBy=="string"&&typeof e.appExternalId=="string"&&(e.alias===void 0||et(e.alias))&&(e.comment===void 0||typeof e.comment=="string")}s(nt,"isAppVersion");function H(e){if(!m(e))throw new Error("Invalid version response: not an object");if(!nt(e))throw new Error("Invalid version response: missing or malformed fields");return e}s(H,"parseAppVersion");var T=class T{constructor(t){this.client=t}get appsBasePath(){return`/api/v1/projects/${encodeURIComponent(this.client.project)}/apphosting/apps`}async createApp(t,n,r){try{await this.client.post(this.appsBasePath,{data:{items:[{externalId:t,name:n,description:r}]}})}catch(o){throw A(o)??o}}async uploadVersion(t,n,r,o,i="index.html"){console.log(`\u{1F4E4} Uploading version ${n}...`);let a=new FormData;a.append("file",new Blob([new Uint8Array(r)]),o),a.append("version",n),a.append("entryPath",i);let l=encodeURIComponent(t),c=`${this.appsBasePath}/${l}/versions`,p=await this.client.authenticate(),g=`${this.client.getBaseUrl()}${c}`,u=new AbortController,G=setTimeout(()=>u.abort(),300*1e3),h;try{h=await fetch(g,{method:"POST",headers:{Authorization:`Bearer ${p}`},body:a,signal:u.signal})}catch(f){throw f instanceof Error&&f.name==="AbortError"?new Error("Upload timed out after 5 minutes"):f}finally{clearTimeout(G)}if(!h.ok){let f=await h.text(),k=f;try{let x=JSON.parse(f);if(m(x)){let w=x.error;if(typeof w=="string")k=w;else if(m(w)){let E=w.message,F=w.code;k=typeof E=="string"?E:F!=null?`Unknown error (code: ${F})`:f}else{let E=x.message;k=typeof E=="string"?E:f}}}catch{}let j=h.headers.get("x-request-id"),K=j?` | X-Request-ID: ${j}`:"",B=Object.assign(new Error(`Upload failed: ${h.status} \u2014 ${k}${K}`),{status:h.status});throw A(B)??B}console.log(`\u2705 Version ${n} uploaded`)}async getVersion(t,n){let r=encodeURIComponent(t),o=encodeURIComponent(n),i=`${this.appsBasePath}/${r}/versions/${o}`;try{let a=await this.client.get(i);return H(a.data)}catch(a){throw $(a,[t,n])?new V(t,n):A(a)??a}}async getActiveVersion(t){let n=encodeURIComponent(t),r=`${this.appsBasePath}/${n}/active`;try{let o=await this.client.get(r);return H(o.data)}catch(o){if($(o,[t]))return null;throw A(o)??o}}async updateVersions(t,n){let r=encodeURIComponent(t),o=`${this.appsBasePath}/${r}/versions/update`;try{await this.client.post(o,{data:{items:n}})}catch(i){throw A(i)??i}}};s(T,"AppHostingApi");var v=T;var b=class b{constructor(t){this.api=new v(t)}getVersion(t,n){return this.api.getVersion(t,n)}uploadVersion(t,n,r,o,i){return this.api.uploadVersion(t,n,r,o,i)}async ensureApp(t,n,r){console.log("\u{1F50D} Ensuring app exists...");try{await this.api.createApp(t,n,r),console.log(`\u2705 App '${t}' created`)}catch(o){if(S(o)&&o.status===409){console.log(`\u2705 App '${t}' already exists`);return}throw o}}async publishVersion(t,n){await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"}}}])}async publishAndActivate(t,n){console.log(`\u{1F680} Publishing and activating version ${n}...`),await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"},alias:{set:"ACTIVE"}}}]),console.log(`\u2705 Version ${n} is now PUBLISHED and ACTIVE`)}async activateVersion(t,n){let r=null;try{r=await this.api.getActiveVersion(t)}catch{r=null}let o=r&&r.version!==n?r.version:void 0;return await this.api.updateVersions(t,[{version:n,update:{alias:{set:"ACTIVE"}}}]),{supersededVersion:o}}async deploy(t,n,r,o,i,a,l=!1){console.log(`
 \u{1F680} Deploying application via App Hosting API...
 `);try{await this.ensureApp(t,n,r),await this.uploadVersion(t,o,i,a),l&&await this.publishAndActivate(t,o),console.log(`
-\u2705 Deployment successful!`)}catch(c){let p=c instanceof Error?c.message:String(c);throw Object.assign(new Error(`Deployment failed: ${p}`),{cause:c})}}};s(b,"AppHostingClient");var P=b;import h from"fs";import d from"path";import{parseAndValidateManifestConfig as rt}from"@cognite/app-sdk/vite";import{BlobReader as ot,Uint8ArrayWriter as st,ZipWriter as it}from"@zip.js/zip.js";var R="package.json",D="package-lock.json",z="manifest.json",_=".cognite",L=class L{constructor(t="dist"){this.distPath=d.isAbsolute(t)?t:d.join(process.cwd(),t),this.appRoot=d.dirname(this.distPath)}validateBuildDirectory(){if(!h.existsSync(this.distPath))throw new Error(`Build directory "${this.distPath}" not found. Run build first.`);let t=d.join(this.appRoot,R);if(!h.existsSync(t))throw new Error(`"${t}" not found. It is required for deployment.`);let n=d.join(this.appRoot,D);if(!h.existsSync(n))throw new Error(`"${n}" not found. It is required for deployment.`)}async createZip(t="app.zip",n=!1){this.validateBuildDirectory(),console.log("\u{1F4E6} Packaging application...");let r=new it(new st,{level:9}),o=s(async(c,p)=>{await r.add(p,new ot(await h.openAsBlob(c))),n&&console.log(`  \u{1F4C4} ${p}`)},"addFile"),i=s(async c=>{let p=await h.promises.readdir(c,{withFileTypes:!0});for(let g of p){let u=d.join(c,g.name);g.isDirectory()?await i(u):await o(u,d.relative(this.distPath,u).replace(/\\/g,"/"))}},"addDir"),a;try{await i(this.distPath);let c=d.join(this.appRoot,R);await o(c,d.posix.join(_,R));let p=d.join(this.appRoot,z);if(h.existsSync(p)){let u=h.readFileSync(p,"utf-8");rt(u,p),await o(p,d.posix.join(_,z))}let g=d.join(this.appRoot,D);await o(g,d.posix.join(_,D)),a=await r.close()}catch(c){let p=c instanceof Error?c.message:String(c);throw new Error(`Failed to create zip: ${p}`)}await h.promises.writeFile(t,a);let l=(a.byteLength/1024/1024).toFixed(2);return console.log(`\u2705 App packaged: ${t} (${l} MB)`),t}};s(L,"ApplicationPackager");var V=L;import{CogniteClient as ut}from"@cognite/sdk";var at=s(()=>{let e=process.env.DEPLOYMENT_SECRETS;if(!e)return{};try{let t=JSON.parse(e),n={};for(let[r,o]of Object.entries(t))if(typeof o=="string"){let i=r.toLowerCase().replace(/_/g,"-");n[i]=o}return n}catch(t){return console.error("Error parsing DEPLOYMENT_SECRETS:",t),{}}},"loadSecretsFromEnv"),ct=s(e=>{let t;if(process.env.DEPLOYMENT_SECRET&&(t=process.env.DEPLOYMENT_SECRET),t||(t=at()[e]),t||(t=process.env[e]),!t)throw new Error(`Secret not found in environment: ${e}`);return t},"getSecretFromEnv"),pt=s(e=>{if(!e)return"";try{return new URL(e).hostname.replace(/\.cognitedata\.com$/,"")}catch{let t=e.replace(/^https?:\/\//,"");return t=t.split("/")[0],t=t.split(":")[0],t=t.replace(/\.cognitedata\.com$/,""),t}},"extractClusterFromUrl"),lt=s(async(e,t)=>{let n=`Basic ${btoa(`${e}:${t}`)}`,r=await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:n,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})});if(!r.ok){let i=await r.text();throw new Error(`Failed to get token from CDF: ${r.status} ${r.statusText}
+\u2705 Deployment successful!`)}catch(c){let p=c instanceof Error?c.message:String(c);throw Object.assign(new Error(`Deployment failed: ${p}`),{cause:c})}}};s(b,"AppHostingClient");var P=b;import y from"fs";import d from"path";import{parseAndValidateManifestConfig as rt}from"@cognite/app-sdk/vite";import{BlobReader as ot,Uint8ArrayWriter as st,ZipWriter as it}from"@zip.js/zip.js";var R="package.json",D="package-lock.json",z="manifest.json",_=".cognite",L=class L{constructor(t="dist"){this.distPath=d.isAbsolute(t)?t:d.join(process.cwd(),t),this.appRoot=d.dirname(this.distPath)}validateBuildDirectory(){if(!y.existsSync(this.distPath))throw new Error(`Build directory "${this.distPath}" not found. Run build first.`);let t=d.join(this.appRoot,R);if(!y.existsSync(t))throw new Error(`"${t}" not found. It is required for deployment.`);let n=d.join(this.appRoot,D);if(!y.existsSync(n))throw new Error(`"${n}" not found. It is required for deployment.`)}async createZip(t="app.zip",n=!1){this.validateBuildDirectory(),console.log("\u{1F4E6} Packaging application...");let r=new it(new st,{level:9}),o=s(async(c,p)=>{await r.add(p,new ot(await y.openAsBlob(c))),n&&console.log(`  \u{1F4C4} ${p}`)},"addFile"),i=s(async c=>{let p=await y.promises.readdir(c,{withFileTypes:!0});for(let g of p){let u=d.join(c,g.name);g.isDirectory()?await i(u):await o(u,d.relative(this.distPath,u).replace(/\\/g,"/"))}},"addDir"),a;try{await i(this.distPath);let c=d.join(this.appRoot,R);await o(c,d.posix.join(_,R));let p=d.join(this.appRoot,z);if(y.existsSync(p)){let u=y.readFileSync(p,"utf-8");rt(u,p),await o(p,d.posix.join(_,z))}let g=d.join(this.appRoot,D);await o(g,d.posix.join(_,D)),a=await r.close()}catch(c){let p=c instanceof Error?c.message:String(c);throw new Error(`Failed to create zip: ${p}`)}await y.promises.writeFile(t,a);let l=(a.byteLength/1024/1024).toFixed(2);return console.log(`\u2705 App packaged: ${t} (${l} MB)`),t}};s(L,"ApplicationPackager");var C=L;import{CogniteClient as ut}from"@cognite/sdk";var at=s(()=>{let e=process.env.DEPLOYMENT_SECRETS;if(!e)return{};try{let t=JSON.parse(e),n={};for(let[r,o]of Object.entries(t))if(typeof o=="string"){let i=r.toLowerCase().replace(/_/g,"-");n[i]=o}return n}catch(t){return console.error("Error parsing DEPLOYMENT_SECRETS:",t),{}}},"loadSecretsFromEnv"),ct=s(e=>{let t;if(process.env.DEPLOYMENT_SECRET&&(t=process.env.DEPLOYMENT_SECRET),t||(t=at()[e]),t||(t=process.env[e]),!t)throw new Error(`Secret not found in environment: ${e}`);return t},"getSecretFromEnv"),pt=s(e=>{if(!e)return"";try{return new URL(e).hostname.replace(/\.cognitedata\.com$/,"")}catch{let t=e.replace(/^https?:\/\//,"");return t=t.split("/")[0],t=t.split(":")[0],t=t.replace(/\.cognitedata\.com$/,""),t}},"extractClusterFromUrl"),lt=s(async(e,t)=>{let n=`Basic ${btoa(`${e}:${t}`)}`,r=await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:n,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})});if(!r.ok){let i=await r.text();throw new Error(`Failed to get token from CDF: ${r.status} ${r.statusText}
 ${i}`)}let o=await r.json();if(!o.access_token)throw new Error("No access token returned from CDF authentication");return o.access_token},"getTokenCdf"),dt=s(async(e,t,n,r)=>{if(!r)throw new Error("Entra ID authentication requires 'baseUrl' to be set in deployment configuration");let o=pt(r);if(!o)throw new Error(`Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${r}`);let i=`https://login.microsoftonline.com/${n}/oauth2/v2.0/token`,a=`https://${o}.cognitedata.com/.default`,l=await fetch(i,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:e,client_secret:t,scope:a,grant_type:"client_credentials"})});if(!l.ok){let p=await l.text();throw new Error(`Failed to get token from Entra ID: ${l.status} ${l.statusText}
-${p}`)}let c=await l.json();if(!c.access_token)throw new Error("No access token returned from Entra ID authentication");return c.access_token},"getTokenEntra"),U=s(async(e,t=process.env)=>{if(t.COGNITE_TOKEN)return t.COGNITE_TOKEN;let{deployClientId:n,deploySecretName:r,idpType:o="cdf",tenantId:i,baseUrl:a}=e,l=ct(r);if(o==="entra_id"){if(!i)throw new Error("Entra ID authentication requires 'tenantId' in deployment configuration");return dt(n,l,i,a)}return lt(n,l)},"getToken");var O=s(async(e,t,n=process.env)=>{let r=await U(e,n),o=n.COGNITE_BASE_URL??e.baseUrl,i=new ut({appId:t,project:e.project,baseUrl:o,oidcTokenProvider:s(async()=>r,"oidcTokenProvider")});return await i.authenticate(),i},"getSdk");var ft=s(async(e,t,n)=>{let r=await new V(`${n}/dist`).createZip("app.zip",!0);try{let{externalId:o,name:i,description:a,versionTag:l}=t,c=await O(e,n),p=new P(c),g=Y.readFileSync(r),u=gt.basename(r);await p.deploy(o,i,a,l,g,u,e.published)}finally{try{Y.unlinkSync(r)}catch{}}},"deploy");export{P as a,V as b,U as c,O as d,ft as e};
+${p}`)}let c=await l.json();if(!c.access_token)throw new Error("No access token returned from Entra ID authentication");return c.access_token},"getTokenEntra"),O=s(async(e,t=process.env)=>{if(t.COGNITE_TOKEN)return t.COGNITE_TOKEN;let{deployClientId:n,deploySecretName:r,idpType:o="cdf",tenantId:i,baseUrl:a}=e,l=ct(r);if(o==="entra_id"){if(!i)throw new Error("Entra ID authentication requires 'tenantId' in deployment configuration");return dt(n,l,i,a)}return lt(n,l)},"getToken");async function U(e,t,n=process.env,r){let o=await O(e,n),i=n.COGNITE_BASE_URL??e.baseUrl,a=(r??(l=>new ut(l)))({appId:t,project:e.project,baseUrl:i,oidcTokenProvider:s(async()=>o,"oidcTokenProvider")});return await a.authenticate(),a}s(U,"getSdk");var ft=s(async(e,t,n)=>{let r=await new C(`${n}/dist`).createZip("app.zip",!0);try{let{externalId:o,name:i,description:a,versionTag:l}=t,c=await U(e,n),p=new P(c),g=Y.readFileSync(r),u=gt.basename(r);await p.deploy(o,i,a,l,g,u,e.published)}finally{try{Y.unlinkSync(r)}catch{}}},"deploy");export{P as a,C as b,O as c,U as d,ft as e};

package/dist/cli/cli.js CHANGED Viewed

@@ -1,13 +1,13 @@
 #!/usr/bin/env node
-import{a as o,e as He}from"../chunk-A5ASLC6T.js";import{writeSync as Ki}from"fs";import{Command as ji}from"commander";var Be="https://docs.cognite.com/cdf/access/";function k(e){return e!==null&&typeof e=="object"}o(k,"isRecord");function G(e){return e instanceof Error&&"status"in e&&typeof e.status=="number"}o(G,"isHttpError");function $n(e){switch(e){case 401:return`Your credentials are invalid or expired. Check your client ID and secret.
-  See: ${Be}`;case 403:return`You don't have the required CDF capabilities. Please contact your CDF admin.
-  See: ${Be}`;default:return}}o($n,"httpStatusHint");function V(e){let t=e instanceof Error?e:new Error(String(e));if(!G(t))return null;let n=$n(t.status);return n?Object.assign(new Error(`${t.message}
-  ${n}`),{cause:t}):null}o(V,"enrichedHttpError");function Fn(e){if(!k(e))return null;let t=e.missing;if(Array.isArray(t))return t;let n=e.data;if(k(n)){let r=n.error;if(k(r)&&Array.isArray(r.missing))return r.missing;if(Array.isArray(n.missing))return n.missing}return null}o(Fn,"findMissingArray");function Rn(e,t){if(!G(e)||e.status!==400)return!1;let n=Fn(e);return n?n.some(r=>k(r)&&typeof r.externalId=="string"&&t.includes(r.externalId)):!1}o(Rn,"isMissingExternalIdError");function ce(e,t){return G(e)&&e.status===404||Rn(e,t)}o(ce,"isNotFoundError");var Ye=["DRAFT","PUBLISHED","DEPRECATED","ARCHIVED"],Je=["ACTIVE","PREVIEW"],pe=class pe extends Error{constructor(t,n){super(`Version ${n} of app ${t} not found`),this.name="AppVersionNotFoundError",this.appExternalId=t,this.version=n}};o(pe,"AppVersionNotFoundError");var S=pe;function Xe(e,t){return e.includes(t)}o(Xe,"includesValue");function On(e){return Xe(Ye,e)}o(On,"isAppVersionLifecycleState");function _n(e){return Xe(Je,e)}o(_n,"isAppVersionAlias");function Un(e){return typeof e.version=="string"&&On(e.lifecycleState)&&typeof e.entrypoint=="string"&&typeof e.createdTime=="number"&&typeof e.createdBy=="string"&&typeof e.appExternalId=="string"&&(e.alias===void 0||_n(e.alias))&&(e.comment===void 0||typeof e.comment=="string")}o(Un,"isAppVersion");function Ge(e){if(!k(e))throw new Error("Invalid version response: not an object");if(!Un(e))throw new Error("Invalid version response: missing or malformed fields");return e}o(Ge,"parseAppVersion");var le=class le{constructor(t){this.client=t}get appsBasePath(){return`/api/v1/projects/${encodeURIComponent(this.client.project)}/apphosting/apps`}async createApp(t,n,r){try{await this.client.post(this.appsBasePath,{data:{items:[{externalId:t,name:n,description:r}]}})}catch(i){throw V(i)??i}}async uploadVersion(t,n,r,i,s="index.html"){console.log(`\u{1F4E4} Uploading version ${n}...`);let a=new FormData;a.append("file",new Blob([new Uint8Array(r)]),i),a.append("version",n),a.append("entryPath",s);let c=encodeURIComponent(t),p=`${this.appsBasePath}/${c}/versions`,l=await this.client.authenticate(),m=`${this.client.getBaseUrl()}${p}`,d=new AbortController,u=setTimeout(()=>d.abort(),300*1e3),f;try{f=await fetch(m,{method:"POST",headers:{Authorization:`Bearer ${l}`},body:a,signal:d.signal})}catch(g){throw g instanceof Error&&g.name==="AbortError"?new Error("Upload timed out after 5 minutes"):g}finally{clearTimeout(u)}if(!f.ok){let g=await f.text(),b=g;try{let _=JSON.parse(g);if(k(_)){let x=_.error;if(typeof x=="string")b=x;else if(k(x)){let A=x.message,y=x.code;b=typeof A=="string"?A:y!=null?`Unknown error (code: ${y})`:g}else{let A=_.message;b=typeof A=="string"?A:g}}}catch{}let v=f.headers.get("x-request-id"),Z=v?` | X-Request-ID: ${v}`:"",M=Object.assign(new Error(`Upload failed: ${f.status} \u2014 ${b}${Z}`),{status:f.status});throw V(M)??M}console.log(`\u2705 Version ${n} uploaded`)}async getVersion(t,n){let r=encodeURIComponent(t),i=encodeURIComponent(n),s=`${this.appsBasePath}/${r}/versions/${i}`;try{let a=await this.client.get(s);return Ge(a.data)}catch(a){throw ce(a,[t,n])?new S(t,n):V(a)??a}}async getActiveVersion(t){let n=encodeURIComponent(t),r=`${this.appsBasePath}/${n}/active`;try{let i=await this.client.get(r);return Ge(i.data)}catch(i){if(ce(i,[t]))return null;throw V(i)??i}}async updateVersions(t,n){let r=encodeURIComponent(t),i=`${this.appsBasePath}/${r}/versions/update`;try{await this.client.post(i,{data:{items:n}})}catch(s){throw V(s)??s}}};o(le,"AppHostingApi");var ee=le;var me=class me{constructor(t){this.api=new ee(t)}getVersion(t,n){return this.api.getVersion(t,n)}uploadVersion(t,n,r,i,s){return this.api.uploadVersion(t,n,r,i,s)}async ensureApp(t,n,r){console.log("\u{1F50D} Ensuring app exists...");try{await this.api.createApp(t,n,r),console.log(`\u2705 App '${t}' created`)}catch(i){if(G(i)&&i.status===409){console.log(`\u2705 App '${t}' already exists`);return}throw i}}async publishVersion(t,n){await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"}}}])}async publishAndActivate(t,n){console.log(`\u{1F680} Publishing and activating version ${n}...`),await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"},alias:{set:"ACTIVE"}}}]),console.log(`\u2705 Version ${n} is now PUBLISHED and ACTIVE`)}async activateVersion(t,n){let r=null;try{r=await this.api.getActiveVersion(t)}catch{r=null}let i=r&&r.version!==n?r.version:void 0;return await this.api.updateVersions(t,[{version:n,update:{alias:{set:"ACTIVE"}}}]),{supersededVersion:i}}async deploy(t,n,r,i,s,a,c=!1){console.log(`
+import{a as o,e as Be}from"../chunk-A5ASLC6T.js";import{writeSync as Yi}from"fs";import{Command as Ji}from"commander";var Ye="https://docs.cognite.com/cdf/access/";function k(e){return e!==null&&typeof e=="object"}o(k,"isRecord");function B(e){return e instanceof Error&&"status"in e&&typeof e.status=="number"}o(B,"isHttpError");function Ln(e){switch(e){case 401:return`Your credentials are invalid or expired. Check your client ID and secret.
+  See: ${Ye}`;case 403:return`You don't have the required CDF capabilities. Please contact your CDF admin.
+  See: ${Ye}`;default:return}}o(Ln,"httpStatusHint");function V(e){let t=e instanceof Error?e:new Error(String(e));if(!B(t))return null;let n=Ln(t.status);return n?Object.assign(new Error(`${t.message}
+  ${n}`),{cause:t}):null}o(V,"enrichedHttpError");function Nn(e){if(!k(e))return null;let t=e.missing;if(Array.isArray(t))return t;let n=e.data;if(k(n)){let r=n.error;if(k(r)&&Array.isArray(r.missing))return r.missing;if(Array.isArray(n.missing))return n.missing}return null}o(Nn,"findMissingArray");function Kn(e,t){if(!B(e)||e.status!==400)return!1;let n=Nn(e);return n?n.some(r=>k(r)&&typeof r.externalId=="string"&&t.includes(r.externalId)):!1}o(Kn,"isMissingExternalIdError");function le(e,t){return B(e)&&e.status===404||Kn(e,t)}o(le,"isNotFoundError");var Xe=["DRAFT","PUBLISHED","DEPRECATED","ARCHIVED"],ze=["ACTIVE","PREVIEW"],me=class me extends Error{constructor(t,n){super(`Version ${n} of app ${t} not found`),this.name="AppVersionNotFoundError",this.appExternalId=t,this.version=n}};o(me,"AppVersionNotFoundError");var E=me;function We(e,t){return e.includes(t)}o(We,"includesValue");function jn(e){return We(Xe,e)}o(jn,"isAppVersionLifecycleState");function Mn(e){return We(ze,e)}o(Mn,"isAppVersionAlias");function Vn(e){return typeof e.version=="string"&&jn(e.lifecycleState)&&typeof e.entrypoint=="string"&&typeof e.createdTime=="number"&&typeof e.createdBy=="string"&&typeof e.appExternalId=="string"&&(e.alias===void 0||Mn(e.alias))&&(e.comment===void 0||typeof e.comment=="string")}o(Vn,"isAppVersion");function Je(e){if(!k(e))throw new Error("Invalid version response: not an object");if(!Vn(e))throw new Error("Invalid version response: missing or malformed fields");return e}o(Je,"parseAppVersion");var de=class de{constructor(t){this.client=t}get appsBasePath(){return`/api/v1/projects/${encodeURIComponent(this.client.project)}/apphosting/apps`}async createApp(t,n,r){try{await this.client.post(this.appsBasePath,{data:{items:[{externalId:t,name:n,description:r}]}})}catch(i){throw V(i)??i}}async uploadVersion(t,n,r,i,s="index.html"){console.log(`\u{1F4E4} Uploading version ${n}...`);let a=new FormData;a.append("file",new Blob([new Uint8Array(r)]),i),a.append("version",n),a.append("entryPath",s);let c=encodeURIComponent(t),p=`${this.appsBasePath}/${c}/versions`,l=await this.client.authenticate(),m=`${this.client.getBaseUrl()}${p}`,d=new AbortController,u=setTimeout(()=>d.abort(),300*1e3),f;try{f=await fetch(m,{method:"POST",headers:{Authorization:`Bearer ${l}`},body:a,signal:d.signal})}catch(g){throw g instanceof Error&&g.name==="AbortError"?new Error("Upload timed out after 5 minutes"):g}finally{clearTimeout(u)}if(!f.ok){let g=await f.text(),b=g;try{let _=JSON.parse(g);if(k(_)){let x=_.error;if(typeof x=="string")b=x;else if(k(x)){let A=x.message,y=x.code;b=typeof A=="string"?A:y!=null?`Unknown error (code: ${y})`:g}else{let A=_.message;b=typeof A=="string"?A:g}}}catch{}let v=f.headers.get("x-request-id"),Z=v?` | X-Request-ID: ${v}`:"",M=Object.assign(new Error(`Upload failed: ${f.status} \u2014 ${b}${Z}`),{status:f.status});throw V(M)??M}console.log(`\u2705 Version ${n} uploaded`)}async getVersion(t,n){let r=encodeURIComponent(t),i=encodeURIComponent(n),s=`${this.appsBasePath}/${r}/versions/${i}`;try{let a=await this.client.get(s);return Je(a.data)}catch(a){throw le(a,[t,n])?new E(t,n):V(a)??a}}async getActiveVersion(t){let n=encodeURIComponent(t),r=`${this.appsBasePath}/${n}/active`;try{let i=await this.client.get(r);return Je(i.data)}catch(i){if(le(i,[t]))return null;throw V(i)??i}}async updateVersions(t,n){let r=encodeURIComponent(t),i=`${this.appsBasePath}/${r}/versions/update`;try{await this.client.post(i,{data:{items:n}})}catch(s){throw V(s)??s}}};o(de,"AppHostingApi");var ee=de;var ue=class ue{constructor(t){this.api=new ee(t)}getVersion(t,n){return this.api.getVersion(t,n)}uploadVersion(t,n,r,i,s){return this.api.uploadVersion(t,n,r,i,s)}async ensureApp(t,n,r){console.log("\u{1F50D} Ensuring app exists...");try{await this.api.createApp(t,n,r),console.log(`\u2705 App '${t}' created`)}catch(i){if(B(i)&&i.status===409){console.log(`\u2705 App '${t}' already exists`);return}throw i}}async publishVersion(t,n){await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"}}}])}async publishAndActivate(t,n){console.log(`\u{1F680} Publishing and activating version ${n}...`),await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"},alias:{set:"ACTIVE"}}}]),console.log(`\u2705 Version ${n} is now PUBLISHED and ACTIVE`)}async activateVersion(t,n){let r=null;try{r=await this.api.getActiveVersion(t)}catch{r=null}let i=r&&r.version!==n?r.version:void 0;return await this.api.updateVersions(t,[{version:n,update:{alias:{set:"ACTIVE"}}}]),{supersededVersion:i}}async deploy(t,n,r,i,s,a,c=!1){console.log(`
 \u{1F680} Deploying application via App Hosting API...
 `);try{await this.ensureApp(t,n,r),await this.uploadVersion(t,i,s,a),c&&await this.publishAndActivate(t,i),console.log(`
-\u2705 Deployment successful!`)}catch(p){let l=p instanceof Error?p.message:String(p);throw Object.assign(new Error(`Deployment failed: ${l}`),{cause:p})}}};o(me,"AppHostingClient");var h=me;import{existsSync as Jn,readFileSync as Xn}from"fs";import{resolve as zn}from"path";import{array as Ln,boolean as Nn,check as ze,forward as We,literal as Kn,maxLength as jn,minLength as Mn,nonEmpty as H,object as qe,optional as U,picklist as Vn,pipe as D,safeParse as Hn,string as C,url as Bn}from"valibot";var de=D(C(),H("must not be empty")),ue=D(C(),H("must not be empty"),jn(256,"must be 256 characters or fewer")),ge=D(C(),H("must not be empty"),Bn("must be a valid URL")),fe=D(C(),H("must not be empty")),ye=D(C(),H("must not be empty")),Gn=D(qe({org:fe,project:ye,baseUrl:ge,deployClientId:U(C(),""),deploySecretName:U(C(),""),published:U(Nn(),!1),idpType:U(Vn(["cdf","entra_id"]),"cdf"),tenantId:U(C())}),We(ze(e=>e.idpType!=="entra_id"||!!e.tenantId,'must be set when idpType is "entra_id"'),["tenantId"]),We(ze(e=>!e.deployClientId||!!e.deploySecretName,"must be set when deployClientId is set"),["deploySecretName"])),Yn=qe({name:de,externalId:ue,versionTag:D(C(),H("must not be empty")),description:U(C(),""),deployments:D(Ln(Gn),Mn(1,"must contain at least one deployment")),infra:U(Kn("appsApi"))});function he(e){let t=Hn(Yn,e);if(t.success)return t.output;let n=t.issues[0],r=n.path?.map(s=>s.key).join(".")??"",i=r?`"${r}" `:"";throw new Error(`app.json: ${i}${n.message}`)}o(he,"validateAppConfig");function w(e,t={}){let{validator:n=he,existsSync:r=Jn,readFileSync:i=Xn}=t,s=zn(e,"app.json");if(!r(s))throw new Error("No app.json found in current directory. Make sure you're running this command from your app's root directory.");let a=i(s,"utf-8"),c;try{c=JSON.parse(a)}catch{throw new Error("Failed to parse app.json \u2014 check that it contains valid JSON.")}return n(c)}o(w,"loadAppConfig");import{CogniteClient as wr}from"@cognite/sdk";import{CogniteClient as tr}from"@cognite/sdk";var Wn=o(()=>{let e=process.env.DEPLOYMENT_SECRETS;if(!e)return{};try{let t=JSON.parse(e),n={};for(let[r,i]of Object.entries(t))if(typeof i=="string"){let s=r.toLowerCase().replace(/_/g,"-");n[s]=i}return n}catch(t){return console.error("Error parsing DEPLOYMENT_SECRETS:",t),{}}},"loadSecretsFromEnv"),qn=o(e=>{let t;if(process.env.DEPLOYMENT_SECRET&&(t=process.env.DEPLOYMENT_SECRET),t||(t=Wn()[e]),t||(t=process.env[e]),!t)throw new Error(`Secret not found in environment: ${e}`);return t},"getSecretFromEnv"),Qn=o(e=>{if(!e)return"";try{return new URL(e).hostname.replace(/\.cognitedata\.com$/,"")}catch{let t=e.replace(/^https?:\/\//,"");return t=t.split("/")[0],t=t.split(":")[0],t=t.replace(/\.cognitedata\.com$/,""),t}},"extractClusterFromUrl"),Zn=o(async(e,t)=>{let n=`Basic ${btoa(`${e}:${t}`)}`,r=await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:n,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})});if(!r.ok){let s=await r.text();throw new Error(`Failed to get token from CDF: ${r.status} ${r.statusText}
-${s}`)}let i=await r.json();if(!i.access_token)throw new Error("No access token returned from CDF authentication");return i.access_token},"getTokenCdf"),er=o(async(e,t,n,r)=>{if(!r)throw new Error("Entra ID authentication requires 'baseUrl' to be set in deployment configuration");let i=Qn(r);if(!i)throw new Error(`Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${r}`);let s=`https://login.microsoftonline.com/${n}/oauth2/v2.0/token`,a=`https://${i}.cognitedata.com/.default`,c=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:e,client_secret:t,scope:a,grant_type:"client_credentials"})});if(!c.ok){let l=await c.text();throw new Error(`Failed to get token from Entra ID: ${c.status} ${c.statusText}
-${l}`)}let p=await c.json();if(!p.access_token)throw new Error("No access token returned from Entra ID authentication");return p.access_token},"getTokenEntra"),Ee=o(async(e,t=process.env)=>{if(t.COGNITE_TOKEN)return t.COGNITE_TOKEN;let{deployClientId:n,deploySecretName:r,idpType:i="cdf",tenantId:s,baseUrl:a}=e,c=qn(r);if(i==="entra_id"){if(!s)throw new Error("Entra ID authentication requires 'tenantId' in deployment configuration");return er(n,c,s,a)}return Zn(n,c)},"getToken");var Y=o(async(e,t,n=process.env)=>{let r=await Ee(e,n),i=n.COGNITE_BASE_URL??e.baseUrl,s=new tr({appId:t,project:e.project,baseUrl:i,oidcTokenProvider:o(async()=>r,"oidcTokenProvider")});return await s.authenticate(),s},"getSdk");import cr from"os";import pr from"path";import lr from"open";import{buildAuthorizationUrl as mr,calculatePKCECodeChallenge as dr,discovery as ur,None as gr,randomPKCECodeVerifier as fr,randomState as yr}from"openid-client";import nr from"https";import{authorizationCodeGrant as rr}from"openid-client";function Qe(e){return e.replace(/[&<>"']/g,t=>({"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;"})[t]??t)}o(Qe,"escapeHtml");function we(e,t,n){let r=Qe(t),i=Qe(n);return`<html><body style="font-family: system-ui; padding: 40px; text-align: center;">
+\u2705 Deployment successful!`)}catch(p){let l=p instanceof Error?p.message:String(p);throw Object.assign(new Error(`Deployment failed: ${l}`),{cause:p})}}};o(ue,"AppHostingClient");var h=ue;import{existsSync as Zn,readFileSync as er}from"fs";import{resolve as tr}from"path";import{array as Hn,boolean as Gn,check as qe,forward as Qe,literal as Bn,maxLength as Yn,minLength as Jn,nonEmpty as H,object as Ze,optional as U,picklist as Xn,pipe as D,safeParse as zn,string as S,url as Wn}from"valibot";var ge=D(S(),H("must not be empty")),fe=D(S(),H("must not be empty"),Yn(256,"must be 256 characters or fewer")),ye=D(S(),H("must not be empty"),Wn("must be a valid URL")),he=D(S(),H("must not be empty")),we=D(S(),H("must not be empty")),qn=D(Ze({org:he,project:we,baseUrl:ye,deployClientId:U(S(),""),deploySecretName:U(S(),""),published:U(Gn(),!1),idpType:U(Xn(["cdf","entra_id"]),"cdf"),tenantId:U(S())}),Qe(qe(e=>e.idpType!=="entra_id"||!!e.tenantId,'must be set when idpType is "entra_id"'),["tenantId"]),Qe(qe(e=>!e.deployClientId||!!e.deploySecretName,"must be set when deployClientId is set"),["deploySecretName"])),Qn=Ze({name:ge,externalId:fe,versionTag:D(S(),H("must not be empty")),description:U(S(),""),deployments:D(Hn(qn),Jn(1,"must contain at least one deployment")),infra:U(Bn("appsApi"))});function Ce(e){let t=zn(Qn,e);if(t.success)return t.output;let n=t.issues[0],r=n.path?.map(s=>s.key).join(".")??"",i=r?`"${r}" `:"";throw new Error(`app.json: ${i}${n.message}`)}o(Ce,"validateAppConfig");function C(e,t={}){let{validator:n=Ce,existsSync:r=Zn,readFileSync:i=er}=t,s=tr(e,"app.json");if(!r(s))throw new Error("No app.json found in current directory. Make sure you're running this command from your app's root directory.");let a=i(s,"utf-8"),c;try{c=JSON.parse(a)}catch{throw new Error("Failed to parse app.json \u2014 check that it contains valid JSON.")}return n(c)}o(C,"loadAppConfig");import{CogniteClient as br}from"@cognite/sdk";import{CogniteClient as ar}from"@cognite/sdk";var nr=o(()=>{let e=process.env.DEPLOYMENT_SECRETS;if(!e)return{};try{let t=JSON.parse(e),n={};for(let[r,i]of Object.entries(t))if(typeof i=="string"){let s=r.toLowerCase().replace(/_/g,"-");n[s]=i}return n}catch(t){return console.error("Error parsing DEPLOYMENT_SECRETS:",t),{}}},"loadSecretsFromEnv"),rr=o(e=>{let t;if(process.env.DEPLOYMENT_SECRET&&(t=process.env.DEPLOYMENT_SECRET),t||(t=nr()[e]),t||(t=process.env[e]),!t)throw new Error(`Secret not found in environment: ${e}`);return t},"getSecretFromEnv"),or=o(e=>{if(!e)return"";try{return new URL(e).hostname.replace(/\.cognitedata\.com$/,"")}catch{let t=e.replace(/^https?:\/\//,"");return t=t.split("/")[0],t=t.split(":")[0],t=t.replace(/\.cognitedata\.com$/,""),t}},"extractClusterFromUrl"),ir=o(async(e,t)=>{let n=`Basic ${btoa(`${e}:${t}`)}`,r=await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:n,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})});if(!r.ok){let s=await r.text();throw new Error(`Failed to get token from CDF: ${r.status} ${r.statusText}
+${s}`)}let i=await r.json();if(!i.access_token)throw new Error("No access token returned from CDF authentication");return i.access_token},"getTokenCdf"),sr=o(async(e,t,n,r)=>{if(!r)throw new Error("Entra ID authentication requires 'baseUrl' to be set in deployment configuration");let i=or(r);if(!i)throw new Error(`Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${r}`);let s=`https://login.microsoftonline.com/${n}/oauth2/v2.0/token`,a=`https://${i}.cognitedata.com/.default`,c=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:e,client_secret:t,scope:a,grant_type:"client_credentials"})});if(!c.ok){let l=await c.text();throw new Error(`Failed to get token from Entra ID: ${c.status} ${c.statusText}
+${l}`)}let p=await c.json();if(!p.access_token)throw new Error("No access token returned from Entra ID authentication");return p.access_token},"getTokenEntra"),Ee=o(async(e,t=process.env)=>{if(t.COGNITE_TOKEN)return t.COGNITE_TOKEN;let{deployClientId:n,deploySecretName:r,idpType:i="cdf",tenantId:s,baseUrl:a}=e,c=rr(r);if(i==="entra_id"){if(!s)throw new Error("Entra ID authentication requires 'tenantId' in deployment configuration");return sr(n,c,s,a)}return ir(n,c)},"getToken");async function Y(e,t,n=process.env,r){let i=await Ee(e,n),s=n.COGNITE_BASE_URL??e.baseUrl,a=(r??(c=>new ar(c)))({appId:t,project:e.project,baseUrl:s,oidcTokenProvider:o(async()=>i,"oidcTokenProvider")});return await a.authenticate(),a}o(Y,"getSdk");import gr from"os";import fr from"path";import yr from"open";import{buildAuthorizationUrl as hr,calculatePKCECodeChallenge as wr,discovery as Cr,None as Er,randomPKCECodeVerifier as Sr,randomState as vr}from"openid-client";import cr from"https";import{authorizationCodeGrant as pr}from"openid-client";function et(e){return e.replace(/[&<>"']/g,t=>({"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;"})[t]??t)}o(et,"escapeHtml");function Se(e,t,n){let r=et(t),i=et(n);return`<html><body style="font-family: system-ui; padding: 40px; text-align: center;">
     <h1>${r}</h1><p>${i}</p><p>You can close this window.</p>${e==="success"?`<style>
       @keyframes checkmark {
         0% { transform: scale(0); }
@@ -16,27 +16,27 @@ ${l}`)}let p=await c.json();if(!p.access_token)throw new Error("No access token
       }
       h1 { animation: checkmark 0.5s ease-out; }
     </style>`:""}
-  </body></html>`}o(we,"generateHtml");async function or(e,t,n,r,i,s){let a=new URL(e.url??"/",`https://${e.headers.host??"localhost"}`);if(a.pathname!=="/")return t.writeHead(404),t.end("Not found"),{shouldClose:!1};try{console.log("\u{1F504} Exchanging authorization code for tokens...");let c=await s.authorizationCodeGrant(n,a,{pkceCodeVerifier:r,expectedState:i});return t.writeHead(200,{"Content-Type":"text/html"}),t.end(we("success","Login Successful!","You can close this window and return to the terminal.")),{shouldClose:!0,tokens:c}}catch(c){let p=c instanceof Error?c:new Error(String(c));return t.writeHead(400,{"Content-Type":"text/html"}),t.end(we("error","Authentication Error",p.message)),{shouldClose:!0,error:p}}}o(or,"handleCallback");function ir(e){let t=e/6e4,n=Math.round(t*10)/10;return`${n} ${n===1?"minute":"minutes"}`}o(ir,"formatTimeoutMinutes");function Ze(e,t,n,r,i,s={createServer:nr.createServer,setTimeout:globalThis.setTimeout,clearTimeout:globalThis.clearTimeout,authorizationCodeGrant:rr}){return new Promise((a,c)=>{let p,l=s.setTimeout(()=>{p?.close(),c(new Error(`Login timeout - no response received within ${ir(e.loginTimeout)}`))},e.loginTimeout);p=s.createServer(t,async(m,d)=>{try{let u=await or(m,d,n,r,i,s);u.shouldClose&&(s.clearTimeout(l),p?.close(),u.error?c(u.error):u.tokens?a(u.tokens):c(new Error("No tokens received")))}catch(u){s.clearTimeout(l),p?.close(),c(u instanceof Error?u:new Error(String(u)))}}),p.on("error",m=>{s.clearTimeout(l),m.code==="EADDRINUSE"?console.error(`\u274C Port ${e.port} is already in use.`):console.error(`\u274C Server error: ${m.message}`),c(m)}),p.listen(e.port,"127.0.0.1",()=>{console.log(`\u{1F310} Local HTTPS server started on https://localhost:${e.port}`)})})}o(Ze,"startCallbackServer");import{execFileSync as sr}from"child_process";import Se from"fs";import et from"path";function tt(e,t,n){return{key:n.readFileSync(e),cert:n.readFileSync(t)}}o(tt,"loadCertificates");function ar(e,t,n,r){console.log("\u{1F510} Generating self-signed certificate for HTTPS..."),r.existsSync(e)||r.mkdirSync(e,{recursive:!0});try{return r.execFileSync("openssl",["req","-x509","-newkey","rsa:2048","-nodes","-sha256","-subj","/CN=localhost","-keyout",t,"-out",n,"-days","365"],{stdio:["ignore","pipe","ignore"]}),console.log("\u2705 Certificate generated and saved locally"),tt(t,n,r)}catch{throw new Error(`Failed to generate self-signed certificate. Make sure openssl is installed.
+  </body></html>`}o(Se,"generateHtml");async function lr(e,t,n,r,i,s){let a=new URL(e.url??"/",`https://${e.headers.host??"localhost"}`);if(a.pathname!=="/")return t.writeHead(404),t.end("Not found"),{shouldClose:!1};try{console.log("\u{1F504} Exchanging authorization code for tokens...");let c=await s.authorizationCodeGrant(n,a,{pkceCodeVerifier:r,expectedState:i});return t.writeHead(200,{"Content-Type":"text/html"}),t.end(Se("success","Login Successful!","You can close this window and return to the terminal.")),{shouldClose:!0,tokens:c}}catch(c){let p=c instanceof Error?c:new Error(String(c));return t.writeHead(400,{"Content-Type":"text/html"}),t.end(Se("error","Authentication Error",p.message)),{shouldClose:!0,error:p}}}o(lr,"handleCallback");function mr(e){let t=e/6e4,n=Math.round(t*10)/10;return`${n} ${n===1?"minute":"minutes"}`}o(mr,"formatTimeoutMinutes");function tt(e,t,n,r,i,s={createServer:cr.createServer,setTimeout:globalThis.setTimeout,clearTimeout:globalThis.clearTimeout,authorizationCodeGrant:pr}){return new Promise((a,c)=>{let p,l=s.setTimeout(()=>{p?.close(),c(new Error(`Login timeout - no response received within ${mr(e.loginTimeout)}`))},e.loginTimeout);p=s.createServer(t,async(m,d)=>{try{let u=await lr(m,d,n,r,i,s);u.shouldClose&&(s.clearTimeout(l),p?.close(),u.error?c(u.error):u.tokens?a(u.tokens):c(new Error("No tokens received")))}catch(u){s.clearTimeout(l),p?.close(),c(u instanceof Error?u:new Error(String(u)))}}),p.on("error",m=>{s.clearTimeout(l),m.code==="EADDRINUSE"?console.error(`\u274C Port ${e.port} is already in use.`):console.error(`\u274C Server error: ${m.message}`),c(m)}),p.listen(e.port,"127.0.0.1",()=>{console.log(`\u{1F310} Local HTTPS server started on https://localhost:${e.port}`)})})}o(tt,"startCallbackServer");import{execFileSync as dr}from"child_process";import ve from"fs";import nt from"path";function rt(e,t,n){return{key:n.readFileSync(e),cert:n.readFileSync(t)}}o(rt,"loadCertificates");function ur(e,t,n,r){console.log("\u{1F510} Generating self-signed certificate for HTTPS..."),r.existsSync(e)||r.mkdirSync(e,{recursive:!0});try{return r.execFileSync("openssl",["req","-x509","-newkey","rsa:2048","-nodes","-sha256","-subj","/CN=localhost","-keyout",t,"-out",n,"-days","365"],{stdio:["ignore","pipe","ignore"]}),console.log("\u2705 Certificate generated and saved locally"),rt(t,n,r)}catch{throw new Error(`Failed to generate self-signed certificate. Make sure openssl is installed.
   On macOS: openssl is pre-installed
   On Linux: sudo apt-get install openssl
-  On Windows: Install OpenSSL or use WSL`)}}o(ar,"generateCertificate");function nt(e,t={existsSync:Se.existsSync,readFileSync:o(n=>Se.readFileSync(n),"readFileSync"),mkdirSync:o((n,r)=>{Se.mkdirSync(n,r)},"mkdirSync"),execFileSync:sr}){let n=et.join(e,"localhost-key.pem"),r=et.join(e,"localhost-cert.pem");return t.existsSync(n)&&t.existsSync(r)?tt(n,r,t):ar(e,n,r,t)}o(nt,"getOrCreateCertificates");var hr={authority:"https://auth.cognite.com",clientId:"0404baaa-0a90-43a2-aba7-a110b53fb41c",redirectUri:"https://localhost:3000/",port:3e3,loginTimeout:300*1e3,certDir:pr.join(cr.homedir(),".cdf-login")},Er={open:lr,getOrCreateCertificates:nt,startCallbackServer:Ze,discovery:ur,buildAuthorizationUrl:mr,randomPKCECodeVerifier:fr,calculatePKCECodeChallenge:dr,randomState:yr,logger:console};async function ot(e,t=hr,n){return n===void 0?rt(e,t,Er):rt(e,t,n)}o(ot,"login");async function rt(e,t,n){n.logger.log(`\u{1F510} Starting CDF login flow...
-`),n.logger.log(`\u{1F4E1} Fetching OpenID configuration from ${t.authority}...`);let r=await n.discovery(new URL(t.authority),t.clientId,void 0,gr()),i=n.randomPKCECodeVerifier(),s=await n.calculatePKCECodeChallenge(i),a=n.randomState(),c={redirect_uri:t.redirectUri,scope:"openid profile email",code_challenge:s,code_challenge_method:"S256",state:a};e&&(c.organization_hint=e);let p=n.buildAuthorizationUrl(r,c).toString(),l=n.getOrCreateCertificates(t.certDir);e&&n.logger.log(`\u{1F3E2} Organization: ${e}`),n.logger.log(`\u{1F680} Opening browser for authentication...
+  On Windows: Install OpenSSL or use WSL`)}}o(ur,"generateCertificate");function ot(e,t={existsSync:ve.existsSync,readFileSync:o(n=>ve.readFileSync(n),"readFileSync"),mkdirSync:o((n,r)=>{ve.mkdirSync(n,r)},"mkdirSync"),execFileSync:dr}){let n=nt.join(e,"localhost-key.pem"),r=nt.join(e,"localhost-cert.pem");return t.existsSync(n)&&t.existsSync(r)?rt(n,r,t):ur(e,n,r,t)}o(ot,"getOrCreateCertificates");var xr={authority:"https://auth.cognite.com",clientId:"0404baaa-0a90-43a2-aba7-a110b53fb41c",redirectUri:"https://localhost:3000/",port:3e3,loginTimeout:300*1e3,certDir:fr.join(gr.homedir(),".cdf-login")},Pr={open:yr,getOrCreateCertificates:ot,startCallbackServer:tt,discovery:Cr,buildAuthorizationUrl:hr,randomPKCECodeVerifier:Sr,calculatePKCECodeChallenge:wr,randomState:vr,logger:console};async function st(e,t=xr,n){return n===void 0?it(e,t,Pr):it(e,t,n)}o(st,"login");async function it(e,t,n){n.logger.log(`\u{1F510} Starting CDF login flow...
+`),n.logger.log(`\u{1F4E1} Fetching OpenID configuration from ${t.authority}...`);let r=await n.discovery(new URL(t.authority),t.clientId,void 0,Er()),i=n.randomPKCECodeVerifier(),s=await n.calculatePKCECodeChallenge(i),a=n.randomState(),c={redirect_uri:t.redirectUri,scope:"openid profile email",code_challenge:s,code_challenge_method:"S256",state:a};e&&(c.organization_hint=e);let p=n.buildAuthorizationUrl(r,c).toString(),l=n.getOrCreateCertificates(t.certDir);e&&n.logger.log(`\u{1F3E2} Organization: ${e}`),n.logger.log(`\u{1F680} Opening browser for authentication...
 `);try{await n.open(p)}catch(m){let d=m instanceof Error?m.message:String(m);n.logger.error("\u274C Failed to open browser automatically."),n.logger.error(`  Reason: ${d}`),n.logger.error(`Please open this URL manually:
-`),n.logger.error(p),n.logger.error("")}return n.startCallbackServer(t,l,r,i,a)}o(rt,"loginImpl");async function I(e,t,n={}){let{login:r=ot,getSdk:i=Y,createClient:s=o(a=>new wr(a),"createClient")}=n;if(t.interactive){let a=t.orgHint||e.org||void 0,c=await r(a),p=s({appId:t.appId,project:e.project,baseUrl:e.baseUrl,getToken:o(async()=>c.access_token,"getToken")});return await p.authenticate(),p}return i(e,t.appId)}o(I,"getClientForDeployment");import it from"enquirer";var st="Enter custom target...";function at(e,t){let n=t.map((r,i)=>`  ${i}: ${r.org}/${r.project}`).join(`
+`),n.logger.error(p),n.logger.error("")}return n.startCallbackServer(t,l,r,i,a)}o(it,"loginImpl");async function I(e,t,n={}){let{login:r=st,getSdk:i=Y,createClient:s=o(a=>new br(a),"createClient")}=n;if(t.interactive){let a=t.orgHint||e.org||void 0,c=await r(a),p=s({appId:t.appId,project:e.project,baseUrl:e.baseUrl,getToken:o(async()=>c.access_token,"getToken")});return await p.authenticate(),p}return i(e,t.appId)}o(I,"getClientForDeployment");import at from"enquirer";var ct="Enter custom target...";function pt(e,t){let n=t.map((r,i)=>`  ${i}: ${r.org}/${r.project}`).join(`
 `);throw new Error(`Deployment "${e}" not found. Available deployments:
-${n}`)}o(at,"deploymentNotFoundError");function P(e,t){if(e.length===0)throw new Error("No deployments configured in app.json");if(t===void 0)return e[0];if(/^\d+$/.test(t)){let r=e[Number.parseInt(t)];if(r)return r;at(t,e)}let n=e.find(r=>r.project===t||`${r.org}/${r.project}`===t);if(n)return n;at(t,e)}o(P,"findDeployment");function T(e){let t=[];return e.deployClientId||t.push("deployClientId"),e.deploySecretName||t.push("deploySecretName"),t}o(T,"getMissingCredentials");async function $(e,t){if(t.baseUrl&&t.project)return{org:t.org??"",project:t.project,baseUrl:t.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"};if(t.deployment!==void 0)return P(e.deployments,t.deployment);let n=[...e.deployments.map(s=>`${s.org}/${s.project}`),st],{selected:r}=await it.prompt({type:"select",name:"selected",message:"Select deployment target",choices:n});if(r!==st){let s=e.deployments.find(a=>`${a.org}/${a.project}`===r);if(s)return s;throw new Error(`Deployment "${r}" could not be resolved from app.json.`)}let i=await it.prompt([{type:"input",name:"baseUrl",message:"CDF Base URL",initial:"https://api.cognitedata.com"},{type:"input",name:"project",message:"CDF Project",validate:o(s=>s?!0:"Project is required","validate")},{type:"input",name:"org",message:"Organization (for login hint)",initial:""}]);return{org:i.org||"",project:i.project,baseUrl:i.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"}}o($,"resolveDeployment");import{existsSync as Sr}from"fs";import{resolve as Cr}from"path";import{config as vr}from"dotenv";function F(e,t={existsSync:Sr,config:vr}){let n=Cr(e,".env");t.existsSync(n)&&(console.log(`Loading environment variables from ${n}`),t.config({path:n}))}o(F,"loadEnvFile");function R(e){e.infra!=="appsApi"&&(console.error(`
+${n}`)}o(pt,"deploymentNotFoundError");function P(e,t){if(e.length===0)throw new Error("No deployments configured in app.json");if(t===void 0)return e[0];if(/^\d+$/.test(t)){let r=e[Number.parseInt(t)];if(r)return r;pt(t,e)}let n=e.find(r=>r.project===t||`${r.org}/${r.project}`===t);if(n)return n;pt(t,e)}o(P,"findDeployment");function T(e){let t=[];return e.deployClientId||t.push("deployClientId"),e.deploySecretName||t.push("deploySecretName"),t}o(T,"getMissingCredentials");async function $(e,t){if(t.baseUrl&&t.project)return{org:t.org??"",project:t.project,baseUrl:t.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"};if(t.deployment!==void 0)return P(e.deployments,t.deployment);let n=[...e.deployments.map(s=>`${s.org}/${s.project}`),ct],{selected:r}=await at.prompt({type:"select",name:"selected",message:"Select deployment target",choices:n});if(r!==ct){let s=e.deployments.find(a=>`${a.org}/${a.project}`===r);if(s)return s;throw new Error(`Deployment "${r}" could not be resolved from app.json.`)}let i=await at.prompt([{type:"input",name:"baseUrl",message:"CDF Base URL",initial:"https://api.cognitedata.com"},{type:"input",name:"project",message:"CDF Project",validate:o(s=>s?!0:"Project is required","validate")},{type:"input",name:"org",message:"Organization (for login hint)",initial:""}]);return{org:i.org||"",project:i.project,baseUrl:i.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"}}o($,"resolveDeployment");import{existsSync as Ar}from"fs";import{resolve as kr}from"path";import{config as Dr}from"dotenv";function F(e,t={existsSync:Ar,config:Dr}){let n=kr(e,".env");t.existsSync(n)&&(console.log(`Loading environment variables from ${n}`),t.config({path:n}))}o(F,"loadEnvFile");function O(e){e.infra!=="appsApi"&&(console.error(`
 \u26A0\uFE0F  Legacy infrastructure is no longer supported.
 Your app.json is missing \`"infra": "appsApi"\`, which means it was created for
 the old CDF Application Registry. This deploy path has been removed.
 To migrate: add \`"infra": "appsApi"\` to your app.json, wire up the correct authentication and re-deploy.
-`),process.exit(1))}o(R,"assertAppHostingInfra");async function xr(e){let t=process.cwd();F(t);let n=w(t);R(n);let r=e.interactive?await $(n,e):P(n.deployments,e.deployment);if(!e.interactive){let m=T(r);if(m.length>0)throw new Error(`Deployment ${r.org}/${r.project} is missing ${m.join(" and ")} in app.json. Use \`npx @cognite/cli@latest apps activate --interactive\` for browser-based authentication instead.`)}let i=await I(r,{interactive:e.interactive,appId:n.externalId,orgHint:e.org}),s=new h(i),{externalId:a,versionTag:c}=n,p;try{p=await s.getVersion(a,c)}catch(m){throw m instanceof S?new Error(`Version ${c} of ${a} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):m}if(p.alias==="ACTIVE"){console.log(`  ${a} @ ${c} is already ACTIVE \u2014 nothing to do.`);return}if(p.lifecycleState==="DEPRECATED"||p.lifecycleState==="ARCHIVED")throw new Error(`Cannot activate ${a} @ ${c}: version is ${p.lifecycleState} (terminal).`);p.lifecycleState==="DRAFT"&&(await s.publishVersion(a,c),console.log(`\u2713 Published  ${a} @ ${c} is now PUBLISHED`));let{supersededVersion:l}=await s.activateVersion(a,c);console.log(`\u2713 Activated   ${a} @ ${c} is now ACTIVE`),l&&console.log(`  Superseded  ${l} \u2192 PUBLISHED`)}o(xr,"handleActivate");function ct(e){return e.command("activate").description("Activate the current app version (publish if needed, then set ACTIVE alias)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
+`),process.exit(1))}o(O,"assertAppHostingInfra");async function Ir(e){let t=process.cwd();F(t);let n=C(t);O(n);let r=e.interactive?await $(n,e):P(n.deployments,e.deployment);if(!e.interactive){let m=T(r);if(m.length>0)throw new Error(`Deployment ${r.org}/${r.project} is missing ${m.join(" and ")} in app.json. Use \`npx @cognite/cli@latest apps activate --interactive\` for browser-based authentication instead.`)}let i=await I(r,{interactive:e.interactive,appId:n.externalId,orgHint:e.org}),s=new h(i),{externalId:a,versionTag:c}=n,p;try{p=await s.getVersion(a,c)}catch(m){throw m instanceof E?new Error(`Version ${c} of ${a} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):m}if(p.alias==="ACTIVE"){console.log(`  ${a} @ ${c} is already ACTIVE \u2014 nothing to do.`);return}if(p.lifecycleState==="DEPRECATED"||p.lifecycleState==="ARCHIVED")throw new Error(`Cannot activate ${a} @ ${c}: version is ${p.lifecycleState} (terminal).`);p.lifecycleState==="DRAFT"&&(await s.publishVersion(a,c),console.log(`\u2713 Published  ${a} @ ${c} is now PUBLISHED`));let{supersededVersion:l}=await s.activateVersion(a,c);console.log(`\u2713 Activated   ${a} @ ${c} is now ACTIVE`),l&&console.log(`  Superseded  ${l} \u2192 PUBLISHED`)}o(Ir,"handleActivate");function lt(e){return e.command("activate").description("Activate the current app version (publish if needed, then set ACTIVE alias)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
 Examples:
   npx @cognite/cli apps activate .                   Activate using env-var auth
-  npx @cognite/cli apps activate . --interactive     Activate using browser auth (no secrets needed)`).action((t,n)=>xr(n))}o(ct,"registerActivateCommand");import{readdirSync as Ur}from"fs";import{basename as Et,dirname as Lr,normalize as Nr,resolve as X}from"path";import{fileURLToPath as Kr,pathToFileURL as jr}from"url";import{Logger as Mr,runner as Vr}from"hygen";import{safeParse as Pr}from"valibot";function J(e,t){return n=>{let r=Pr(t,n);return r.success?!0:`${e} ${r.issues[0].message}`}}o(J,"toPromptValidator");var pt={name:J("App name",ue),displayName:J("Display name",de),baseUrl:J("Base URL",ge),org:J("Org",fe),project:J("Project",ye)};function br(e,t){return e?async n=>{let r=t(n);return r===!0?e(n):r}:t}o(br,"composeValidators");function te(e){return e.map(t=>{if(!(t.name in pt))return t;let n=pt[t.name];return{...t,validate:br(t.validate,n)}})}o(te,"applySchemaValidators");import{basename as mt}from"path";import dt from"enquirer";function lt(e){return e.replace(/[A-Z]/g,(t,n)=>n===0?t.toLowerCase():`-${t.toLowerCase()}`)}o(lt,"kebabCase");var Ar={type:"confirm",name:"useSpecKit",message:["Enable spec-driven development?","  Adds the github/spec-kit slash commands (/speckit.specify, .clarify, .plan, .tasks, .implement)","  to your app for use in Claude Code or Cursor. They walk you through writing SPEC.md and","  generating a plan, tasks, and implementation."].join(`
-`),initial:!1};async function kr(e){return!!(await e([Ar])).useSpecKit}o(kr,"promptForSpecKit");async function Dr(e,t,n){return e!==void 0?e:t?kr(n):!1}o(Dr,"resolveSpecKit");function ut({isCurrentDir:e,dirName:t,onAppName:n,onUseSpecKit:r,presets:i={},specKit:s,prompt:a=dt.prompt.bind(dt)}){return()=>({prompt:o(async c=>{if(!Array.isArray(c))return a([c]);let p=Object.fromEntries(Object.entries(i).filter(y=>y[1]!==void 0)),l=Object.keys(p).length>0,m=e?mt(process.cwd()):t?mt(t):null,d=l&&m!==null,u=!d&&m?c.map(y=>y.name==="name"?{...y,initial:m}:y):c,f=te(u),g=d?{...p,name:m}:p,b=new Set(Object.keys(g)),v=f.filter(y=>!b.has(y.name)),Z=v.findIndex(y=>y.name==="baseUrl"),M;if(Z!==-1){let y=v.filter(Tn=>Tn.name!=="baseUrl"),ae=y.length>0?await a(y):{},bn=typeof ae.cluster=="string"?ae.cluster:"",An=typeof g.cluster=="string"?g.cluster:"",kn=`https://${(bn||An).trim().replace(/\/+$/,"")||"api"}.cognitedata.com`,Dn=v[Z],In=await a([{...Dn,initial:kn}]);M={...ae,...In}}else M=v.length>0?await a(v):{};let _={...g,...M},x=typeof _.name=="string"?_.name:"";x&&n(x);let A=await Dr(s,v.length>0,a);return r?.(A),{..._,name:x,useCurrentDir:e,directoryName:e?void 0:t??void 0,useSpecKit:A}},"prompt")})}o(ut,"createAppPrompter");async function gt(e,t,n){let r=[];Object.values(t).some(s=>s!==void 0)&&n!==null&&r.push({key:"name",value:n,label:"directory"});for(let[s,a]of Object.entries(t))a!==void 0&&r.push({key:s,value:a,label:`--${lt(s)}`});for(let{key:s,value:a,label:c}of r){let p=e.find(m=>m.name===s)?.validate;if(!p)continue;let l=await p(a);if(l!==!0)throw new Error(`Invalid ${c}: ${l}`)}}o(gt,"validatePresets");import{cpSync as Tr,mkdirSync as ft,writeFileSync as $r}from"fs";import{dirname as yt,resolve as L}from"path";import{fileURLToPath as Fr}from"url";import{symlinkSync as Ir}from"fs";function ne({target:e,linkPath:t,label:n,symlink:r=Ir}){try{return r(e,t),!0}catch(i){if(i instanceof Error&&"code"in i&&i.code==="EEXIST")return!0;let s=i instanceof Error?i.message:String(i);return console.warn(`\u26A0\uFE0F  Could not create ${n} symlink:`,s),!1}}o(ne,"symlinkOrWarn");var Rr=L(yt(Fr(import.meta.url)),"..","..","_vendor","spec-kit"),Or={branch_numbering:"sequential"},_r=[{from:"templates",to:".specify/templates"},{from:"scripts/bash",to:".specify/scripts/bash"},{from:"commands",to:".claude/commands"},{from:"commands",to:".cursor/commands"}];function ht({appDir:e,vendorDir:t=Rr}){let n=L(e,".specify"),r=L(n,"memory"),i=`prepare spec-kit install for appDir=${e}`;try{for(let{from:s,to:a}of _r){let c=L(e,a);i=`copy ${s} to ${a}`,ft(yt(c),{recursive:!0}),Tr(L(t,s),c,{recursive:!0})}i=`write init-options.json under specifyDir=${n}`,$r(L(n,"init-options.json"),`${JSON.stringify(Or,null,2)}
-`),i=`link .specify/memory/constitution.md in specifyDir=${n}`,ft(r,{recursive:!0}),ne({target:"../../AGENTS.md",linkPath:L(r,"constitution.md"),label:".specify/memory/constitution.md"})}catch(s){let a=s instanceof Error?s.message:String(s);throw new Error(`installSpecKit failed while ${i} (appDir=${e}, vendorDir=${t}): ${a}`,{cause:s})}}o(ht,"installSpecKit");var wt=X(Lr(Kr(import.meta.url)),"..","..","_templates");async function Hr(){let e=X(wt,"app","new","prompt.js");return(await import(jr(e).href)).default}o(Hr,"loadPromptDefs");function Br(e,t){return!e||t?null:Nr(e)}o(Br,"resolveDirName");function Gr(e,t,n){if(e)return{cwd:process.cwd(),display:"."};let r=t??n;if(!r)throw new Error("App creation completed without a target directory or name.");return{cwd:X(process.cwd(),r),display:r}}o(Gr,"resolveAppLocation");function Yr(e,t,n){let r=`  npm install
+  npx @cognite/cli apps activate . --interactive     Activate using browser auth (no secrets needed)`).action((t,n)=>Ir(n))}o(lt,"registerActivateCommand");import{readdirSync as Vr}from"fs";import{basename as Pt,dirname as Hr,normalize as Gr,resolve as X}from"path";import{fileURLToPath as Br,pathToFileURL as Yr}from"url";import{Logger as Jr,runner as Xr}from"hygen";import{safeParse as Tr}from"valibot";function J(e,t){return n=>{let r=Tr(t,n);return r.success?!0:`${e} ${r.issues[0].message}`}}o(J,"toPromptValidator");var mt={name:J("App name",fe),displayName:J("Display name",ge),baseUrl:J("Base URL",ye),org:J("Org",he),project:J("Project",we)};function $r(e,t){return e?async n=>{let r=t(n);return r===!0?e(n):r}:t}o($r,"composeValidators");function te(e){return e.map(t=>{if(!(t.name in mt))return t;let n=mt[t.name];return{...t,validate:$r(t.validate,n)}})}o(te,"applySchemaValidators");import{execFileSync as ne}from"child_process";function dt(e={}){let{execFileSync:t=ne}=e;try{return t("git",["--version"],{stdio:"ignore"}),!0}catch{return!1}}o(dt,"isGitInstalled");function ut(e,t={}){let{execFileSync:n=ne}=t;try{return n("git",["-C",e,"status"],{stdio:"ignore"}),!0}catch{return!1}}o(ut,"isInsideGitRepo");function gt(e,t={}){let{execFileSync:n=ne}=t;n("git",["-C",e,"init"],{stdio:"pipe"}),n("git",["-C",e,"add","."],{stdio:"pipe"}),n("git",["-C",e,"commit","-m","Initial commit","--no-gpg-sign","--no-verify"],{stdio:"pipe"})}o(gt,"gitInitAndCommit");function ft(e={}){let{execFileSync:t=ne}=e;try{return String(t("git",["config","--get","user.email"],{encoding:"utf-8",stdio:["ignore","pipe","ignore"]})).trim()||void 0}catch{return}}o(ft,"gitUserEmail");import{basename as ht}from"path";import wt from"enquirer";function yt(e){return e.replace(/[A-Z]/g,(t,n)=>n===0?t.toLowerCase():`-${t.toLowerCase()}`)}o(yt,"kebabCase");var Fr={type:"confirm",name:"useSpecKit",message:["Enable spec-driven development?","  Adds the github/spec-kit slash commands (/speckit.specify, .clarify, .plan, .tasks, .implement)","  to your app for use in Claude Code or Cursor. They walk you through writing SPEC.md and","  generating a plan, tasks, and implementation."].join(`
+`),initial:!1};async function Or(e){return!!(await e([Fr])).useSpecKit}o(Or,"promptForSpecKit");async function Rr(e,t,n){return e!==void 0?e:t?Or(n):!1}o(Rr,"resolveSpecKit");function Ct({isCurrentDir:e,dirName:t,onAppName:n,onUseSpecKit:r,presets:i={},specKit:s,prompt:a=wt.prompt.bind(wt)}){return()=>({prompt:o(async c=>{if(!Array.isArray(c))return a([c]);let p=Object.fromEntries(Object.entries(i).filter(y=>y[1]!==void 0)),l=Object.keys(p).length>0,m=e?ht(process.cwd()):t?ht(t):null,d=l&&m!==null,u=!d&&m?c.map(y=>y.name==="name"?{...y,initial:m}:y):c,f=te(u),g=d?{...p,name:m}:p,b=new Set(Object.keys(g)),v=f.filter(y=>!b.has(y.name)),Z=v.findIndex(y=>y.name==="baseUrl"),M;if(Z!==-1){let y=v.filter(Un=>Un.name!=="baseUrl"),pe=y.length>0?await a(y):{},$n=typeof pe.cluster=="string"?pe.cluster:"",Fn=typeof g.cluster=="string"?g.cluster:"",On=`https://${($n||Fn).trim().replace(/\/+$/,"")||"api"}.cognitedata.com`,Rn=v[Z],_n=await a([{...Rn,initial:On}]);M={...pe,..._n}}else M=v.length>0?await a(v):{};let _={...g,...M},x=typeof _.name=="string"?_.name:"";x&&n(x);let A=await Rr(s,v.length>0,a);return r?.(A),{..._,name:x,useCurrentDir:e,directoryName:e?void 0:t??void 0,useSpecKit:A}},"prompt")})}o(Ct,"createAppPrompter");async function Et(e,t,n){let r=[];Object.values(t).some(s=>s!==void 0)&&n!==null&&r.push({key:"name",value:n,label:"directory"});for(let[s,a]of Object.entries(t))a!==void 0&&r.push({key:s,value:a,label:`--${yt(s)}`});for(let{key:s,value:a,label:c}of r){let p=e.find(m=>m.name===s)?.validate;if(!p)continue;let l=await p(a);if(l!==!0)throw new Error(`Invalid ${c}: ${l}`)}}o(Et,"validatePresets");import{cpSync as Ur,mkdirSync as St,writeFileSync as Lr}from"fs";import{dirname as vt,resolve as L}from"path";import{fileURLToPath as Nr}from"url";import{symlinkSync as _r}from"fs";function re({target:e,linkPath:t,label:n,symlink:r=_r}){try{return r(e,t),!0}catch(i){if(i instanceof Error&&"code"in i&&i.code==="EEXIST")return!0;let s=i instanceof Error?i.message:String(i);return console.warn(`\u26A0\uFE0F  Could not create ${n} symlink:`,s),!1}}o(re,"symlinkOrWarn");var Kr=L(vt(Nr(import.meta.url)),"..","..","_vendor","spec-kit"),jr={branch_numbering:"sequential"},Mr=[{from:"templates",to:".specify/templates"},{from:"scripts/bash",to:".specify/scripts/bash"},{from:"commands",to:".claude/commands"},{from:"commands",to:".cursor/commands"}];function xt({appDir:e,vendorDir:t=Kr}){let n=L(e,".specify"),r=L(n,"memory"),i=`prepare spec-kit install for appDir=${e}`;try{for(let{from:s,to:a}of Mr){let c=L(e,a);i=`copy ${s} to ${a}`,St(vt(c),{recursive:!0}),Ur(L(t,s),c,{recursive:!0})}i=`write init-options.json under specifyDir=${n}`,Lr(L(n,"init-options.json"),`${JSON.stringify(jr,null,2)}
+`),i=`link .specify/memory/constitution.md in specifyDir=${n}`,St(r,{recursive:!0}),re({target:"../../AGENTS.md",linkPath:L(r,"constitution.md"),label:".specify/memory/constitution.md"})}catch(s){let a=s instanceof Error?s.message:String(s);throw new Error(`installSpecKit failed while ${i} (appDir=${e}, vendorDir=${t}): ${a}`,{cause:s})}}o(xt,"installSpecKit");var bt=X(Hr(Br(import.meta.url)),"..","..","_templates");async function zr(){let e=X(bt,"app","new","prompt.js");return(await import(Yr(e).href)).default}o(zr,"loadPromptDefs");function Wr(e,t){return!e||t?null:Gr(e)}o(Wr,"resolveDirName");function qr(e,t,n){if(e)return{cwd:process.cwd(),display:"."};let r=t??n;if(!r)throw new Error("App creation completed without a target directory or name.");return{cwd:X(process.cwd(),r),display:r}}o(qr,"resolveAppLocation");function Qr(e,t,n){let r=`  npm install
   npm run dev`,i="To deploy your app:",s="npx @cognite/cli apps deploy --interactive",a=n?`
 To start spec-driven development:
   Run /speckit.specify in Claude Code or Cursor and describe your app.
@@ -63,8 +63,8 @@ ${i}
   cd "${t}"
   ${s}
 ${c}
-`)}o(Yr,"printSuccessMessage");async function Jr(e){try{let{execSkillsCli:t,pullAllArgs:n}=await import("../skills-GQ5TZKCM.js");console.log("\u{1F9E0} Pulling skills into your app..."),t(n(),{cwd:e,timeout:3e4,stdio:["pipe","pipe","inherit"]});let r=X(e,".agents","skills"),i=0;try{i=Ur(r).length}catch{console.warn(`Skills directory not found after pull \u2014 no skills may have been installed (expected: ${r})`)}let s=i>0?`${i} skills`:"skills";console.log(`\u2705 Installed ${s} successfully to
- ${r}`)}catch(t){let n=t instanceof Error?t.message:String(t);console.warn("\u26A0\uFE0F  Could not pull skills:",n)}}o(Jr,"pullSkillsInto");async function Xr(e,t){let n=e==="."||e==="./",r=Br(e,n),i=null,s=!1,a={displayName:t.displayName,description:t.description,org:t.org,project:t.project,cluster:t.cluster,baseUrl:t.baseUrl},c=await Hr(),p=te(c),l=n?Et(process.cwd()):r?Et(r):null;await gt(p,a,l);let m=ut({isCurrentDir:n,dirName:r,onAppName:o(u=>{i=u},"onAppName"),onUseSpecKit:o(u=>{s=u},"onUseSpecKit"),presets:a,specKit:t.specKit});await Vr(["app","new"],{templates:wt,cwd:process.cwd(),logger:new Mr(console.log.bind(console)),createPrompter:m,debug:!!process.env.DEBUG});let d=Gr(n,r,i);ne({target:"AGENTS.md",linkPath:X(d.cwd,"CLAUDE.md"),label:"CLAUDE.md"}),s&&ht({appDir:d.cwd}),Yr(n,d.display,s),await Jr(d.cwd)}o(Xr,"handleCreate");function St(e){return e.command("create").description("Create a new application.").argument("[directory]","Target directory (. for current, or subdirectory name)").option("--display-name <name>","App display name (skips the prompt)").option("--description <description>","App description (skips the prompt)").option("--org <org>","Deployment org (skips the prompt)").option("--project <project>","Deployment project (skips the prompt)").option("--cluster <cluster>","CDF cluster, e.g. greenfield (skips the prompt)").option("--base-url <url>","CDF base URL, e.g. https://greenfield.cognitedata.com (skips the prompt; defaults to cluster-derived URL when omitted)").option("--spec-kit","Install spec-kit slash commands (skips the prompt)").option("--no-spec-kit","Skip spec-kit installation (skips the prompt)").addHelpText("after",`
+`)}o(Qr,"printSuccessMessage");async function Zr(e){try{let{execSkillsCli:t,pullAllArgs:n}=await import("../skills-GQ5TZKCM.js");console.log("\u{1F9E0} Pulling skills into your app..."),t(n(),{cwd:e,timeout:3e4,stdio:["pipe","pipe","inherit"]});let r=X(e,".agents","skills"),i=0;try{i=Vr(r).length}catch{console.warn(`Skills directory not found after pull \u2014 no skills may have been installed (expected: ${r})`)}let s=i>0?`${i} skills`:"skills";console.log(`\u2705 Installed ${s} successfully to
+ ${r}`)}catch(t){let n=t instanceof Error?t.message:String(t);console.warn("\u26A0\uFE0F  Could not pull skills:",n)}}o(Zr,"pullSkillsInto");function eo(e,t={}){let{isGitInstalled:n=dt,isInsideGitRepo:r=ut,gitInitAndCommit:i=gt}=t;if(!n()){console.warn("git not found \u2014 skipping git repository initialisation");return}if(!r(e)){console.log("Initialising git repository...");try{i(e)}catch(s){let c=(s&&typeof s=="object"&&"stderr"in s&&s.stderr?String(s.stderr).trim():"")||(s instanceof Error?s.message:String(s));console.warn("Could not initialise git repository:",c)}}}o(eo,"maybeInitGit");async function to(e,t){let n=e==="."||e==="./",r=Wr(e,n),i=null,s=!1,a={displayName:t.displayName,description:t.description,org:t.org,project:t.project,cluster:t.cluster,baseUrl:t.baseUrl},c=await zr(),p=te(c),l=n?Pt(process.cwd()):r?Pt(r):null;await Et(p,a,l);let m=Ct({isCurrentDir:n,dirName:r,onAppName:o(u=>{i=u},"onAppName"),onUseSpecKit:o(u=>{s=u},"onUseSpecKit"),presets:a,specKit:t.specKit});await Xr(["app","new"],{templates:bt,cwd:process.cwd(),logger:new Jr(console.log.bind(console)),createPrompter:m,debug:!!process.env.DEBUG});let d=qr(n,r,i);re({target:"AGENTS.md",linkPath:X(d.cwd,"CLAUDE.md"),label:"CLAUDE.md"}),s&&xt({appDir:d.cwd}),await Zr(d.cwd),eo(d.cwd),Qr(n,d.display,s)}o(to,"handleCreate");function At(e){return e.command("create").description("Create a new application.").argument("[directory]","Target directory (. for current, or subdirectory name)").option("--display-name <name>","App display name (skips the prompt)").option("--description <description>","App description (skips the prompt)").option("--org <org>","Deployment org (skips the prompt)").option("--project <project>","Deployment project (skips the prompt)").option("--cluster <cluster>","CDF cluster, e.g. greenfield (skips the prompt)").option("--base-url <url>","CDF base URL, e.g. https://greenfield.cognitedata.com (skips the prompt; defaults to cluster-derived URL when omitted)").option("--spec-kit","Install spec-kit slash commands (skips the prompt)").option("--no-spec-kit","Skip spec-kit installation (skips the prompt)").addHelpText("after",`
 Non-interactive use (CI, scripts, AI agents):
   Pass [directory] plus --display-name, --description, --org, --project, --cluster, --base-url
   to skip every prompt. Missing flags fall back to the interactive prompt.
@@ -77,14 +77,14 @@ Examples:
     --display-name "My App" --description "My app" \\
     --org cog-atlas --project atlas-greenfield --cluster greenfield \\
     --base-url https://greenfield.cognitedata.com
-                                             Fully non-interactive`).action(Xr)}o(St,"registerCreateCommand");import{readFile as to,unlink as no}from"fs/promises";import{basename as ro}from"path";import vt from"fs";import Zr from"path";import O from"fs";import E from"path";import{parseAndValidateManifestConfig as zr}from"@cognite/app-sdk/vite";import{BlobReader as Wr,Uint8ArrayWriter as qr,ZipWriter as Qr}from"@zip.js/zip.js";var Ce="package.json",ve="package-lock.json",Ct="manifest.json",xe=".cognite",Pe=class Pe{constructor(t="dist"){this.distPath=E.isAbsolute(t)?t:E.join(process.cwd(),t),this.appRoot=E.dirname(this.distPath)}validateBuildDirectory(){if(!O.existsSync(this.distPath))throw new Error(`Build directory "${this.distPath}" not found. Run build first.`);let t=E.join(this.appRoot,Ce);if(!O.existsSync(t))throw new Error(`"${t}" not found. It is required for deployment.`);let n=E.join(this.appRoot,ve);if(!O.existsSync(n))throw new Error(`"${n}" not found. It is required for deployment.`)}async createZip(t="app.zip",n=!1){this.validateBuildDirectory(),console.log("\u{1F4E6} Packaging application...");let r=new Qr(new qr,{level:9}),i=o(async(p,l)=>{await r.add(l,new Wr(await O.openAsBlob(p))),n&&console.log(`  \u{1F4C4} ${l}`)},"addFile"),s=o(async p=>{let l=await O.promises.readdir(p,{withFileTypes:!0});for(let m of l){let d=E.join(p,m.name);m.isDirectory()?await s(d):await i(d,E.relative(this.distPath,d).replace(/\\/g,"/"))}},"addDir"),a;try{await s(this.distPath);let p=E.join(this.appRoot,Ce);await i(p,E.posix.join(xe,Ce));let l=E.join(this.appRoot,Ct);if(O.existsSync(l)){let d=O.readFileSync(l,"utf-8");zr(d,l),await i(l,E.posix.join(xe,Ct))}let m=E.join(this.appRoot,ve);await i(m,E.posix.join(xe,ve)),a=await r.close()}catch(p){let l=p instanceof Error?p.message:String(p);throw new Error(`Failed to create zip: ${l}`)}await O.promises.writeFile(t,a);let c=(a.byteLength/1024/1024).toFixed(2);return console.log(`\u2705 App packaged: ${t} (${c} MB)`),t}};o(Pe,"ApplicationPackager");var N=Pe;var be=o(async(e,t,n)=>{let r=await new N(`${n}/dist`).createZip("app.zip",!0);try{let{externalId:i,name:s,description:a,versionTag:c}=t,p=await Y(e,n),l=new h(p),m=vt.readFileSync(r),d=Zr.basename(r);await l.deploy(i,s,a,c,m,d,e.published)}finally{try{vt.unlinkSync(r)}catch{}}},"deploy");import{execSync as eo}from"child_process";function Ae(e,t=!0,n={execSync:eo}){console.log("\u{1F4E6} Building app with npm..."),n.execSync("npm run build",{cwd:e,stdio:t?"inherit":"pipe"}),console.log("\u2705 Build successful")}o(Ae,"buildApp");function xt(e,t){let{org:n,project:r,baseUrl:i}=e,s;try{s=new URL(i).hostname}catch{return null}let{externalId:a,versionTag:c}=t,p=new URLSearchParams({cluster:s,customAppVersion:c,workspace:"industrial-tools"});return`https://${n}.fusion.cognite.com/${r}/flows-apps/app/${encodeURIComponent(a)}?${p}`}o(xt,"generateFusionUrl");function Pt(e,t,n){let r=n?"\u{1F680} Deploy (Interactive)":"\u{1F680} Deploy",i=n?`${t.project} @ ${t.baseUrl}`:`${t.org}/${t.project}`;console.log(["",r,"=".repeat(r.length),`App: ${e.name} (${e.externalId})`,`Version: ${e.versionTag}`,`Target: ${i}`,""].join(`
-`))}o(Pt,"printDeployInfo");function bt(e,t){console.log(`
+                                             Fully non-interactive`).action(to)}o(At,"registerCreateCommand");import{readFile as co,unlink as po}from"fs/promises";import{basename as lo}from"path";import Dt from"fs";import so from"path";import R from"fs";import w from"path";import{parseAndValidateManifestConfig as no}from"@cognite/app-sdk/vite";import{BlobReader as ro,Uint8ArrayWriter as oo,ZipWriter as io}from"@zip.js/zip.js";var xe="package.json",Pe="package-lock.json",kt="manifest.json",be=".cognite",Ae=class Ae{constructor(t="dist"){this.distPath=w.isAbsolute(t)?t:w.join(process.cwd(),t),this.appRoot=w.dirname(this.distPath)}validateBuildDirectory(){if(!R.existsSync(this.distPath))throw new Error(`Build directory "${this.distPath}" not found. Run build first.`);let t=w.join(this.appRoot,xe);if(!R.existsSync(t))throw new Error(`"${t}" not found. It is required for deployment.`);let n=w.join(this.appRoot,Pe);if(!R.existsSync(n))throw new Error(`"${n}" not found. It is required for deployment.`)}async createZip(t="app.zip",n=!1){this.validateBuildDirectory(),console.log("\u{1F4E6} Packaging application...");let r=new io(new oo,{level:9}),i=o(async(p,l)=>{await r.add(l,new ro(await R.openAsBlob(p))),n&&console.log(`  \u{1F4C4} ${l}`)},"addFile"),s=o(async p=>{let l=await R.promises.readdir(p,{withFileTypes:!0});for(let m of l){let d=w.join(p,m.name);m.isDirectory()?await s(d):await i(d,w.relative(this.distPath,d).replace(/\\/g,"/"))}},"addDir"),a;try{await s(this.distPath);let p=w.join(this.appRoot,xe);await i(p,w.posix.join(be,xe));let l=w.join(this.appRoot,kt);if(R.existsSync(l)){let d=R.readFileSync(l,"utf-8");no(d,l),await i(l,w.posix.join(be,kt))}let m=w.join(this.appRoot,Pe);await i(m,w.posix.join(be,Pe)),a=await r.close()}catch(p){let l=p instanceof Error?p.message:String(p);throw new Error(`Failed to create zip: ${l}`)}await R.promises.writeFile(t,a);let c=(a.byteLength/1024/1024).toFixed(2);return console.log(`\u2705 App packaged: ${t} (${c} MB)`),t}};o(Ae,"ApplicationPackager");var N=Ae;var ke=o(async(e,t,n)=>{let r=await new N(`${n}/dist`).createZip("app.zip",!0);try{let{externalId:i,name:s,description:a,versionTag:c}=t,p=await Y(e,n),l=new h(p),m=Dt.readFileSync(r),d=so.basename(r);await l.deploy(i,s,a,c,m,d,e.published)}finally{try{Dt.unlinkSync(r)}catch{}}},"deploy");import{execSync as ao}from"child_process";function De(e,t=!0,n={execSync:ao}){console.log("\u{1F4E6} Building app with npm..."),n.execSync("npm run build",{cwd:e,stdio:t?"inherit":"pipe"}),console.log("\u2705 Build successful")}o(De,"buildApp");function It(e,t){let{org:n,project:r,baseUrl:i}=e,s;try{s=new URL(i).hostname}catch{return null}let{externalId:a,versionTag:c}=t,p=new URLSearchParams({cluster:s,customAppVersion:c,workspace:"industrial-tools"});return`https://${n}.fusion.cognite.com/${r}/flows-apps/app/${encodeURIComponent(a)}?${p}`}o(It,"generateFusionUrl");function Tt(e,t,n){let r=n?"\u{1F680} Deploy (Interactive)":"\u{1F680} Deploy",i=n?`${t.project} @ ${t.baseUrl}`:`${t.org}/${t.project}`;console.log(["",r,"=".repeat(r.length),`App: ${e.name} (${e.externalId})`,`Version: ${e.versionTag}`,`Target: ${i}`,""].join(`
+`))}o(Tt,"printDeployInfo");function $t(e,t){console.log(`
 \u2705 Successfully deployed ${e.name} version ${e.versionTag} to ${t.org?`${t.org}/`:""}${t.project}`),console.log("\u{1F512} App is deployed in draft mode");let n=e.deployments.length>1?` -d ${t.project}`:"";console.log(`
-To publish:  npx @cognite/cli apps publish .${n}`),console.log(`To activate: npx @cognite/cli apps activate .${n}`);let r=xt(t,e);r&&console.log(`
+To publish:  npx @cognite/cli apps publish .${n}`),console.log(`To activate: npx @cognite/cli apps activate .${n}`);let r=It(t,e);r&&console.log(`
 \u{1F517} Open your app:
-   ${r}`)}o(bt,"printDeployResult");async function oo(e,t,n,r,i){let s=T(t);if(s.length>0)throw new Error(`Deployment ${t.org}/${t.project} is missing ${s.join(" and ")} in app.json. Use \`cognite apps deploy --interactive\` for browser-based authentication instead.`);Pt(e,t,!1),r.skipBuild||Ae(n),console.log(`
-\u{1F4E4} Deploying to ${t.org}/${t.project}...`),await i({...t,published:!1},{externalId:e.externalId,name:e.name,description:e.description,versionTag:e.versionTag},n),bt(e,t)}o(oo,"handleDeployNonInteractive");async function io(e,t,n,r){Pt(e,t,!0),r.skipBuild||Ae(n);let i=await I(t,{interactive:!0,appId:e.externalId,orgHint:r.org});console.log(`
-\u{1F4E4} Deploying to ${t.project}...`);let s=await new N(`${n}/dist`).createZip("app.zip",!0);try{let a=await to(s);await new h(i).deploy(e.externalId,e.name,e.description,e.versionTag,a,ro(s),!1),bt(e,t)}finally{await no(s).catch(()=>{})}}o(io,"handleDeployInteractive");async function so(e,t=process.cwd(),n={}){let{loadEnvFile:r=F,loadAppConfig:i=w,deploy:s=be}=n;r(t);let a=i(t);if(R(a),e.interactive){let p=await $(a,e);await io(a,p,t,e);return}let c=P(a.deployments,e.deployment);await oo(a,c,t,e,s)}o(so,"handleDeploy");function At(e){return e.command("deploy").description("Deploy your app to Cognite Data Fusion. Use --interactive for browser-based login (no env-var secrets required).").option("-d, --deployment <target>","Deployment target (index or project name)").option("--skip-build","Skip the build step",!1).option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
+   ${r}`)}o($t,"printDeployResult");async function mo(e,t,n,r,i){let s=T(t);if(s.length>0)throw new Error(`Deployment ${t.org}/${t.project} is missing ${s.join(" and ")} in app.json. Use \`cognite apps deploy --interactive\` for browser-based authentication instead.`);Tt(e,t,!1),r.skipBuild||De(n),console.log(`
+\u{1F4E4} Deploying to ${t.org}/${t.project}...`),await i({...t,published:!1},{externalId:e.externalId,name:e.name,description:e.description,versionTag:e.versionTag},n),$t(e,t)}o(mo,"handleDeployNonInteractive");async function uo(e,t,n,r){Tt(e,t,!0),r.skipBuild||De(n);let i=await I(t,{interactive:!0,appId:e.externalId,orgHint:r.org});console.log(`
+\u{1F4E4} Deploying to ${t.project}...`);let s=await new N(`${n}/dist`).createZip("app.zip",!0);try{let a=await co(s);await new h(i).deploy(e.externalId,e.name,e.description,e.versionTag,a,lo(s),!1),$t(e,t)}finally{await po(s).catch(()=>{})}}o(uo,"handleDeployInteractive");async function go(e,t=process.cwd(),n={}){let{loadEnvFile:r=F,loadAppConfig:i=C,deploy:s=ke}=n;r(t);let a=i(t);if(O(a),e.interactive){let p=await $(a,e);await uo(a,p,t,e);return}let c=P(a.deployments,e.deployment);await mo(a,c,t,e,s)}o(go,"handleDeploy");function Ft(e){return e.command("deploy").description("Deploy your app to Cognite Data Fusion. Use --interactive for browser-based login (no env-var secrets required).").option("-d, --deployment <target>","Deployment target (index or project name)").option("--skip-build","Skip the build step",!1).option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
 Environment (non-interactive):
   deployClientId and deploySecretName are configured per deployment in app.json.
   deploySecretName is the name of the environment variable that holds the client
@@ -98,42 +98,42 @@ Examples:
   npx @cognite/cli apps deploy -d my-project      Deploy to project by name
   npx @cognite/cli apps deploy --skip-build       Deploy without rebuilding
   npx @cognite/cli apps deploy --interactive      Browser auth, prompts for target
-  npx @cognite/cli apps deploy --interactive -d 0 Browser auth, target chosen non-interactively`).action(t=>so(t))}o(At,"registerDeployCommand");async function ao(e){let t=process.cwd();F(t);let n=w(t);R(n);let r=e.interactive?await $(n,e):P(n.deployments,e.deployment);if(!e.interactive){let l=T(r);if(l.length>0)throw new Error(`Deployment ${r.org}/${r.project} is missing ${l.join(" and ")} in app.json. Use \`cognite apps publish --interactive\` for browser-based authentication instead.`)}let i=await I(r,{interactive:e.interactive,appId:n.externalId,orgHint:e.org}),s=new h(i),{externalId:a,versionTag:c}=n,p;try{p=await s.getVersion(a,c)}catch(l){throw l instanceof S?new Error(`Version ${c} of ${a} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):l}if(p.alias==="ACTIVE"){console.log(`  ${a} @ ${c} is already ACTIVE \u2014 nothing to do.`);return}if(p.lifecycleState==="PUBLISHED"){console.log(`  ${a} @ ${c} is already PUBLISHED \u2014 nothing to do.`);return}if(p.lifecycleState==="DEPRECATED"||p.lifecycleState==="ARCHIVED")throw new Error(`Cannot publish ${a} @ ${c}: version is ${p.lifecycleState} (terminal).`);await s.publishVersion(a,c),console.log(`\u2713 Published  ${a} @ ${c} is now PUBLISHED`),console.log(""),console.log("Run `npx @cognite/cli apps activate .` to make it active.")}o(ao,"handlePublish");function kt(e){return e.command("publish").description("Publish the current app version (transition DRAFT \u2192 PUBLISHED)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
+  npx @cognite/cli apps deploy --interactive -d 0 Browser auth, target chosen non-interactively`).action(t=>go(t))}o(Ft,"registerDeployCommand");async function fo(e){let t=process.cwd();F(t);let n=C(t);O(n);let r=e.interactive?await $(n,e):P(n.deployments,e.deployment);if(!e.interactive){let l=T(r);if(l.length>0)throw new Error(`Deployment ${r.org}/${r.project} is missing ${l.join(" and ")} in app.json. Use \`cognite apps publish --interactive\` for browser-based authentication instead.`)}let i=await I(r,{interactive:e.interactive,appId:n.externalId,orgHint:e.org}),s=new h(i),{externalId:a,versionTag:c}=n,p;try{p=await s.getVersion(a,c)}catch(l){throw l instanceof E?new Error(`Version ${c} of ${a} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):l}if(p.alias==="ACTIVE"){console.log(`  ${a} @ ${c} is already ACTIVE \u2014 nothing to do.`);return}if(p.lifecycleState==="PUBLISHED"){console.log(`  ${a} @ ${c} is already PUBLISHED \u2014 nothing to do.`);return}if(p.lifecycleState==="DEPRECATED"||p.lifecycleState==="ARCHIVED")throw new Error(`Cannot publish ${a} @ ${c}: version is ${p.lifecycleState} (terminal).`);await s.publishVersion(a,c),console.log(`\u2713 Published  ${a} @ ${c} is now PUBLISHED`),console.log(""),console.log("Run `npx @cognite/cli apps activate .` to make it active.")}o(fo,"handlePublish");function Ot(e){return e.command("publish").description("Publish the current app version (transition DRAFT \u2192 PUBLISHED)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
 Examples:
   npx @cognite/cli apps publish .                    Publish using env-var auth
-  npx @cognite/cli apps publish . --interactive      Publish using browser auth (no secrets needed)`).action((t,n)=>ao(n))}o(kt,"registerPublishCommand");function co(e){return e.alias==="ACTIVE"?"ACTIVE":e.lifecycleState}o(co,"describeStatus");async function po(e){let t=process.cwd();F(t);let n=w(t);R(n);let r=e.interactive?await $(n,e):P(n.deployments,e.deployment);if(!e.interactive){let a=T(r);if(a.length>0)throw new Error(`Deployment ${r.org}/${r.project} is missing ${a.join(" and ")} in app.json. Use \`cognite apps status --interactive\` for browser-based authentication instead.`)}let i=await I(r,{interactive:e.interactive,appId:n.externalId,orgHint:e.org}),s=new h(i);console.log(""),console.log(`App:     ${n.name} (${n.externalId})`),console.log(`Version: ${n.versionTag}  (local)`);try{let a=await s.getVersion(n.externalId,n.versionTag),c=co(a);console.log(`Status:  ${c}`),a.lifecycleState==="DRAFT"&&(console.log(""),console.log("Run `npx @cognite/cli apps publish .` to publish this version."))}catch(a){if(a instanceof S){console.log("Status:  not deployed yet"),console.log(""),console.log("Run `npx @cognite/cli apps deploy` to upload this version.");return}throw a}}o(po,"handleStatus");function Dt(e){return e.command("status").description("Show the deployment status of the current app version").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
+  npx @cognite/cli apps publish . --interactive      Publish using browser auth (no secrets needed)`).action((t,n)=>fo(n))}o(Ot,"registerPublishCommand");function yo(e){return e.alias==="ACTIVE"?"ACTIVE":e.lifecycleState}o(yo,"describeStatus");async function ho(e){let t=process.cwd();F(t);let n=C(t);O(n);let r=e.interactive?await $(n,e):P(n.deployments,e.deployment);if(!e.interactive){let a=T(r);if(a.length>0)throw new Error(`Deployment ${r.org}/${r.project} is missing ${a.join(" and ")} in app.json. Use \`cognite apps status --interactive\` for browser-based authentication instead.`)}let i=await I(r,{interactive:e.interactive,appId:n.externalId,orgHint:e.org}),s=new h(i);console.log(""),console.log(`App:     ${n.name} (${n.externalId})`),console.log(`Version: ${n.versionTag}  (local)`);try{let a=await s.getVersion(n.externalId,n.versionTag),c=yo(a);console.log(`Status:  ${c}`),a.lifecycleState==="DRAFT"&&(console.log(""),console.log("Run `npx @cognite/cli apps publish .` to publish this version."))}catch(a){if(a instanceof E){console.log("Status:  not deployed yet"),console.log(""),console.log("Run `npx @cognite/cli apps deploy` to upload this version.");return}throw a}}o(ho,"handleStatus");function Rt(e){return e.command("status").description("Show the deployment status of the current app version").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
 Examples:
   npx @cognite/cli apps status .                     Status using env-var auth
-  npx @cognite/cli apps status . --interactive       Status using browser auth (no secrets needed)`).action((t,n)=>po(n))}o(Dt,"registerStatusCommand");function It(e){let t=e.command("apps").description("Manage Fusion Custom Apps \u2014 create, deploy, and manage version lifecycle");return St(t),At(t),Dt(t),kt(t),ct(t),He(t),t}o(It,"registerAppsCommand");import{existsSync as oi,mkdirSync as ii,writeFileSync as si}from"fs";import{dirname as _e,join as Ue}from"path";import{execFile as mo}from"child_process";import{promisify as uo}from"util";import{platform as lo}from"os";function K(e={}){let{platform:t=lo}=e;return t()==="darwin"}o(K,"isMacOS");var Tt="cognite-flows",go=uo(mo),$t=o((e,t)=>go(e,t),"defaultExecFile"),fo=-25300,yo=fo&255;function ho(e){if(!(e instanceof Error)||!("code"in e)||e.code!==yo)return!1;let t="stderr"in e?String(e.stderr):"";return/could not be found/i.test(t)||t===""}o(ho,"isKeychainNotFoundError");async function Ft(e,t,n={}){if(!K(n))throw new Error("Keychain storage is only supported on macOS");let{execFile:r=$t}=n;await r("security",["add-generic-password","-a",e,"-s",Tt,"-w",Buffer.from(t,"utf-8").toString("base64"),"-U"])}o(Ft,"storeKeyInKeychain");async function Rt(e,t={}){if(!K(t))return null;let{execFile:n=$t}=t;try{let{stdout:r}=await n("security",["find-generic-password","-a",e,"-s",Tt,"-w"]);return Buffer.from(r.trim(),"base64").toString("utf-8")}catch(r){if(ho(r))return null;throw r}}o(Rt,"readKeyFromKeychain");import{pbkdf2 as So,randomBytes as Co}from"crypto";import{promisify as vo}from"util";import{CompactEncrypt as xo,base64url as Po,compactDecrypt as tp}from"jose";var Eo=new TextEncoder,wo=new TextDecoder,Ot={encode:o(e=>Eo.encode(e),"encode"),decode:o(e=>wo.decode(e),"decode")};var bo=vo(So),ke=6e5,Ao="sha512",ko="PBKDF2-HMAC-SHA512",Do=16,Io="A256GCM",To=32,_t=2e6;async function $o(e,t,n){return await bo(e,t,n,To,Ao)}o($o,"deriveKey");async function Ut(e,t,n=ke){if(!Number.isInteger(n)||n<1||n>_t)throw new Error(`Invalid iterations: must be an integer between 1 and ${_t}`);let r=Co(Do),i=await $o(t,r,n);return await new xo(Ot.encode(e)).setProtectedHeader({alg:"dir",enc:Io,kdf:ko,kdf_iter:n,kdf_salt:Po.encode(r)}).encrypt(i)}o(Ut,"encryptStringAsJwe");import{calculateJwkThumbprint as Fo,exportJWK as Ro,exportPKCS8 as Oo,exportSPKI as _o,generateKeyPair as Uo}from"jose";async function Lt(){let{publicKey:e,privateKey:t}=await Uo("EdDSA",{extractable:!0}),n=await Oo(t),r=await _o(e),i=await Ro(e),s=await Fo(i);return{privateKeyPem:n,publicKeyPem:r,kid:s}}o(Lt,"generateSigningKeyPair");import{existsSync as No,readdirSync as Ko,readFileSync as jo}from"fs";import{join as re}from"path";import{homedir as Lo}from"os";import{join as Nt}from"path";function j(e={}){let{env:t=process.env,homedir:n=Lo}=e,r=t.DUNE_HOME?.trim()||Nt(n(),".dune");return{home:r,keysDir:Nt(r,"keys")}}o(j,"getConfig");var oe=".pub.pem",De=".key.jwe",Mo=".pem",Ie=".meta.json";function Kt(e){switch(e.kind){case"keychain":return"Keychain";case"encrypted-file":return e.path;case"legacy-unencrypted-file":return`${e.path} (unencrypted \u2014 rotate)`;case"public-only":return"public-only (private key missing)"}}o(Kt,"formatLocalKeySource");function Vo(e){return{existsSync:e.existsSync??No,readdirSync:e.readdirSync??Ko,readFileSync:e.readFileSync??((t,n)=>jo(t,n)),isMacOS:e.isMacOS??(()=>K()),readKeyFromKeychain:e.readKeyFromKeychain??(t=>Rt(t))}}o(Vo,"resolveDeps");function Ho(e){try{let t=JSON.parse(e);if(typeof t=="object"&&t!==null&&!Array.isArray(t)&&"email"in t&&typeof t.email=="string")return t.email}catch{}}o(Ho,"readEmailFromMeta");function Bo(e,t){return t.existsSync(e)?t.readdirSync(e).filter(n=>n.endsWith(oe)):[]}o(Bo,"publicKeyEntries");function Go(e){return e.slice(0,-oe.length)}o(Go,"kidFromPublicKeyFilename");async function Yo(e,t,n){if(n.isMacOS()&&await n.readKeyFromKeychain(e).catch(()=>null)!==null)return{kind:"keychain"};let r=re(t,`${e}${De}`);if(n.existsSync(r))return{kind:"encrypted-file",path:r};let i=re(t,`${e}${Mo}`);return n.existsSync(i)?{kind:"legacy-unencrypted-file",path:i}:{kind:"public-only"}}o(Yo,"resolveSource");async function jt(e=j().keysDir,t={}){let n=Vo(t),r=new Set,i=Bo(e,n).flatMap(s=>{let a=Go(s);return!a||r.has(a)?[]:(r.add(a),[{kid:a,entry:s}])});return Promise.all(i.map(async({kid:s,entry:a})=>{let c=await Yo(s,e,n),p=re(e,`${s}${Ie}`),l;try{l=Ho(n.readFileSync(p,"utf8"))}catch{}return{kid:s,source:c,publicKeyPath:re(e,a),email:l}}))}o(jt,"discoverLocalKeys");function Mt(e,t){let n=e.getUTCFullYear(),r=e.getUTCMonth()+t,i=new Date(Date.UTC(n,r+1,0)).getUTCDate(),s=Math.min(e.getUTCDate(),i);return new Date(Date.UTC(n,r,s))}o(Mt,"addMonthsClamped");function Te(e){return e.toISOString().slice(0,10)}o(Te,"formatIsoDate");function Vt(e=new Date){return Te(e)}o(Vt,"todayIso");import Jo,{Chalk as Xo}from"chalk";var $e=new Xo({level:0});function Ht(e){return e.isTTY?Jo:$e}o(Ht,"chalkForStream");function zo(e){return e.replace(/-----BEGIN [^-]+-----/g,"").replace(/-----END [^-]+-----/g,"").replace(/\s+/g,"")}o(zo,"pemBodyOneLine");function Bt(e,t=$e,n=new Date){let r=e.issuedAt??Vt(n),i=zo(e.publicKeyPem),s="  ",a=o((p,l)=>`${s}${t.cyan(p)}${t.dim(":")} ${l}
+  npx @cognite/cli apps status . --interactive       Status using browser auth (no secrets needed)`).action((t,n)=>ho(n))}o(Rt,"registerStatusCommand");function _t(e){let t=e.command("apps").description("Manage Fusion Custom Apps \u2014 create, deploy, and manage version lifecycle");return At(t),Ft(t),Rt(t),Ot(t),lt(t),Be(t),t}o(_t,"registerAppsCommand");import{existsSync as li,mkdirSync as mi,writeFileSync as di}from"fs";import{dirname as Le,join as Ne}from"path";import{execFile as Co}from"child_process";import{promisify as Eo}from"util";import{platform as wo}from"os";function K(e={}){let{platform:t=wo}=e;return t()==="darwin"}o(K,"isMacOS");var Ut="cognite-flows",So=Eo(Co),Lt=o((e,t)=>So(e,t),"defaultExecFile"),vo=-25300,xo=vo&255;function Po(e){if(!(e instanceof Error)||!("code"in e)||e.code!==xo)return!1;let t="stderr"in e?String(e.stderr):"";return/could not be found/i.test(t)||t===""}o(Po,"isKeychainNotFoundError");async function Nt(e,t,n={}){if(!K(n))throw new Error("Keychain storage is only supported on macOS");let{execFile:r=Lt}=n;await r("security",["add-generic-password","-a",e,"-s",Ut,"-w",Buffer.from(t,"utf-8").toString("base64"),"-U"])}o(Nt,"storeKeyInKeychain");async function Kt(e,t={}){if(!K(t))return null;let{execFile:n=Lt}=t;try{let{stdout:r}=await n("security",["find-generic-password","-a",e,"-s",Ut,"-w"]);return Buffer.from(r.trim(),"base64").toString("utf-8")}catch(r){if(Po(r))return null;throw r}}o(Kt,"readKeyFromKeychain");import{pbkdf2 as ko,randomBytes as Do}from"crypto";import{promisify as Io}from"util";import{CompactEncrypt as To,base64url as $o,compactDecrypt as dp}from"jose";var bo=new TextEncoder,Ao=new TextDecoder,jt={encode:o(e=>bo.encode(e),"encode"),decode:o(e=>Ao.decode(e),"decode")};var Fo=Io(ko),Ie=6e5,Oo="sha512",Ro="PBKDF2-HMAC-SHA512",_o=16,Uo="A256GCM",Lo=32,Mt=2e6;async function No(e,t,n){return await Fo(e,t,n,Lo,Oo)}o(No,"deriveKey");async function Vt(e,t,n=Ie){if(!Number.isInteger(n)||n<1||n>Mt)throw new Error(`Invalid iterations: must be an integer between 1 and ${Mt}`);let r=Do(_o),i=await No(t,r,n);return await new To(jt.encode(e)).setProtectedHeader({alg:"dir",enc:Uo,kdf:Ro,kdf_iter:n,kdf_salt:$o.encode(r)}).encrypt(i)}o(Vt,"encryptStringAsJwe");import{calculateJwkThumbprint as Ko,exportJWK as jo,exportPKCS8 as Mo,exportSPKI as Vo,generateKeyPair as Ho}from"jose";async function Ht(){let{publicKey:e,privateKey:t}=await Ho("EdDSA",{extractable:!0}),n=await Mo(t),r=await Vo(e),i=await jo(e),s=await Ko(i);return{privateKeyPem:n,publicKeyPem:r,kid:s}}o(Ht,"generateSigningKeyPair");import{existsSync as Bo,readdirSync as Yo,readFileSync as Jo}from"fs";import{join as oe}from"path";import{homedir as Go}from"os";import{join as Gt}from"path";function j(e={}){let{env:t=process.env,homedir:n=Go}=e,r=t.DUNE_HOME?.trim()||Gt(n(),".dune");return{home:r,keysDir:Gt(r,"keys")}}o(j,"getConfig");var ie=".pub.pem",Te=".key.jwe",Xo=".pem",$e=".meta.json";function Bt(e){switch(e.kind){case"keychain":return"Keychain";case"encrypted-file":return e.path;case"legacy-unencrypted-file":return`${e.path} (unencrypted \u2014 rotate)`;case"public-only":return"public-only (private key missing)"}}o(Bt,"formatLocalKeySource");function zo(e){return{existsSync:e.existsSync??Bo,readdirSync:e.readdirSync??Yo,readFileSync:e.readFileSync??((t,n)=>Jo(t,n)),isMacOS:e.isMacOS??(()=>K()),readKeyFromKeychain:e.readKeyFromKeychain??(t=>Kt(t))}}o(zo,"resolveDeps");function Wo(e){try{let t=JSON.parse(e);if(typeof t=="object"&&t!==null&&!Array.isArray(t)&&"email"in t&&typeof t.email=="string")return t.email}catch{}}o(Wo,"readEmailFromMeta");function qo(e,t){return t.existsSync(e)?t.readdirSync(e).filter(n=>n.endsWith(ie)):[]}o(qo,"publicKeyEntries");function Qo(e){return e.slice(0,-ie.length)}o(Qo,"kidFromPublicKeyFilename");async function Zo(e,t,n){if(n.isMacOS()&&await n.readKeyFromKeychain(e).catch(()=>null)!==null)return{kind:"keychain"};let r=oe(t,`${e}${Te}`);if(n.existsSync(r))return{kind:"encrypted-file",path:r};let i=oe(t,`${e}${Xo}`);return n.existsSync(i)?{kind:"legacy-unencrypted-file",path:i}:{kind:"public-only"}}o(Zo,"resolveSource");async function Yt(e=j().keysDir,t={}){let n=zo(t),r=new Set,i=qo(e,n).flatMap(s=>{let a=Qo(s);return!a||r.has(a)?[]:(r.add(a),[{kid:a,entry:s}])});return Promise.all(i.map(async({kid:s,entry:a})=>{let c=await Zo(s,e,n),p=oe(e,`${s}${$e}`),l;try{l=Wo(n.readFileSync(p,"utf8"))}catch{}return{kid:s,source:c,publicKeyPath:oe(e,a),email:l}}))}o(Yt,"discoverLocalKeys");function Jt(e,t){let n=e.getUTCFullYear(),r=e.getUTCMonth()+t,i=new Date(Date.UTC(n,r+1,0)).getUTCDate(),s=Math.min(e.getUTCDate(),i);return new Date(Date.UTC(n,r,s))}o(Jt,"addMonthsClamped");function Fe(e){return e.toISOString().slice(0,10)}o(Fe,"formatIsoDate");function Xt(e=new Date){return Fe(e)}o(Xt,"todayIso");import ei,{Chalk as ti}from"chalk";var Oe=new ti({level:0});function zt(e){return e.isTTY?ei:Oe}o(zt,"chalkForStream");function ni(e){return e.replace(/-----BEGIN [^-]+-----/g,"").replace(/-----END [^-]+-----/g,"").replace(/\s+/g,"")}o(ni,"pemBodyOneLine");function Wt(e,t=Oe,n=new Date){let r=e.issuedAt??Xt(n),i=ni(e.publicKeyPem),s="  ",a=o((p,l)=>`${s}${t.cyan(p)}${t.dim(":")} ${l}
 `,"kv"),c="";return c+=`
 ${t.bold("Add this entry to")} ${t.magenta("services/app-hosting/config/signing-keys.yaml")} ${t.bold("under")} ${t.cyan("public_keys:")}
 `,c+=`${t.dim("-")} ${t.cyan("kid")}${t.dim(":")} ${t.green(e.kid)}
-`,c+=a("public_key",t.green(i)),c+=a("email",t.yellow(e.email)),c+=a("capabilities",`${t.dim("[")}${t.yellow("developer")}${t.dim("]")}`),c+=a("issued_at",t.green(r)),c+=a("expires",t.green(e.expires)),c+=a("revoked_at",t.dim("null")),c}o(Bt,"renderRegistryEntry");import{email as Wo,pipe as qo,safeParse as Qo,string as Zo}from"valibot";var ei=qo(Zo(),Wo());function W(e,t="email"){let n=e.trim();if(!n)throw new Error(`${t} is required`);if(!Qo(ei,n).success)throw new Error(`${t} must look like an email (user@example.com); got "${e}"`);return n}o(W,"parseEmail");function q(e,t="--expires"){let n=Number(e);if(!Number.isInteger(n)||n<1||n>12)throw new Error(`${t} must be an integer between 1 and 12 (months); got "${e}"`);return n}o(q,"parseExpiryMonths");import ri from"enquirer";import{execFileSync as ti}from"child_process";function Gt(e={}){let{execFileSync:t=ti}=e;try{return String(t("git",["config","--get","user.email"],{encoding:"utf-8",stdio:["ignore","pipe","ignore"]})).trim()||void 0}catch{return}}o(Gt,"gitUserEmail");var ie=3,Yt=`Key expiry in months (${1}-${12})`,Jt="Email address for the registry entry",Xt=`Passphrase for the encrypted private key (min ${15} chars)`,zt="Confirm passphrase",Wt=o(()=>`Passphrase must be at least ${15} characters`,"passphraseTooShortMsg"),qt=o(e=>`Passphrases do not match (attempt ${e}/${ie}).
-`,"passphraseMismatchMsg"),Qt=`Passphrase confirmation failed after ${ie} attempts`;async function Oe(e){return ri.prompt(e)}o(Oe,"defaultPrompt");function Zt(e){return t=>{try{return e(t),!0}catch(n){return n instanceof Error?n.message:"Invalid"}}}o(Zt,"parserAsValidator");async function en(e={}){let{prompt:t=Oe}=e,{months:n}=await t({type:"input",name:"months",message:Yt,initial:String(6),validate:Zt(r=>q(r,"expiry"))});return q(n,"expiry")}o(en,"promptExpiryMonths");async function tn(e={}){let{prompt:t=Oe,gitUserEmail:n=Gt}=e,{email:r}=await t({type:"input",name:"email",message:Jt,initial:n(),validate:Zt(i=>W(i,"email"))});return W(r,"email")}o(tn,"promptEmail");async function nn(e={}){let{prompt:t=Oe,stderr:n=process.stderr}=e;for(let r=1;r<=ie;r+=1){let{passphrase:i}=await t({type:"password",name:"passphrase",message:Xt,validate:o(a=>a.length>=15?!0:Wt(),"validate")}),{confirm:s}=await t({type:"password",name:"confirm",message:zt});if(i===s)return i;n.write(qt(r))}throw new Error(Qt)}o(nn,"promptPassphrase");function ai(e){return{writeFileSync:e.writeFileSync??si,mkdirSync:e.mkdirSync??ii,existsSync:e.existsSync??oi,generateSigningKeyPair:e.generateSigningKeyPair??Lt,encryptStringAsJwe:e.encryptStringAsJwe??Ut,storeKeyInKeychain:e.storeKeyInKeychain??Ft,isMacOS:e.isMacOS??K,promptExpiryMonths:e.promptExpiryMonths??en,promptEmail:e.promptEmail??tn,promptPassphrase:e.promptPassphrase??nn,discoverLocalKeys:e.discoverLocalKeys??(()=>jt())}}o(ai,"resolveDeps");function on(e,t={}){let n=ai(t),r=e.command("keys").description("Manage code signing keys");r.command("generate").description("Generate an Ed25519 keypair for code signing").option("-o, --output <path>","Encrypted private key output path (forces file storage even on macOS)").option("--no-keychain","Skip macOS Keychain and write a passphrase-encrypted private key under ~/.dune/keys/ instead").option("-e, --expires <months>",`Validity in months (${1}-${12}); skips the interactive prompt`).option("--email <address>","Email address for the registry entry; skips the interactive prompt").action(i=>li(i,n)),r.command("list").description("List local signing identities and their storage location").action(()=>ci(n))}o(on,"registerKeysCommand");async function ci(e){let t=await e.discoverLocalKeys();if(t.length===0){process.stdout.write(`No signing identities found.
+`,c+=a("public_key",t.green(i)),c+=a("email",t.yellow(e.email)),c+=a("capabilities",`${t.dim("[")}${t.yellow("developer")}${t.dim("]")}`),c+=a("issued_at",t.green(r)),c+=a("expires",t.green(e.expires)),c+=a("revoked_at",t.dim("null")),c}o(Wt,"renderRegistryEntry");import{email as ri,pipe as oi,safeParse as ii,string as si}from"valibot";var ai=oi(si(),ri());function W(e,t="email"){let n=e.trim();if(!n)throw new Error(`${t} is required`);if(!ii(ai,n).success)throw new Error(`${t} must look like an email (user@example.com); got "${e}"`);return n}o(W,"parseEmail");function q(e,t="--expires"){let n=Number(e);if(!Number.isInteger(n)||n<1||n>12)throw new Error(`${t} must be an integer between 1 and 12 (months); got "${e}"`);return n}o(q,"parseExpiryMonths");import pi from"enquirer";var se=3,qt=`Key expiry in months (${1}-${12})`,Qt="Email address for the registry entry",Zt=`Passphrase for the encrypted private key (min ${15} chars)`,en="Confirm passphrase",tn=o(()=>`Passphrase must be at least ${15} characters`,"passphraseTooShortMsg"),nn=o(e=>`Passphrases do not match (attempt ${e}/${se}).
+`,"passphraseMismatchMsg"),rn=`Passphrase confirmation failed after ${se} attempts`;async function Ue(e){return pi.prompt(e)}o(Ue,"defaultPrompt");function on(e){return t=>{try{return e(t),!0}catch(n){return n instanceof Error?n.message:"Invalid"}}}o(on,"parserAsValidator");async function sn(e={}){let{prompt:t=Ue}=e,{months:n}=await t({type:"input",name:"months",message:qt,initial:String(6),validate:on(r=>q(r,"expiry"))});return q(n,"expiry")}o(sn,"promptExpiryMonths");async function an(e={}){let{prompt:t=Ue,gitUserEmail:n=ft}=e,{email:r}=await t({type:"input",name:"email",message:Qt,initial:n(),validate:on(i=>W(i,"email"))});return W(r,"email")}o(an,"promptEmail");async function cn(e={}){let{prompt:t=Ue,stderr:n=process.stderr}=e;for(let r=1;r<=se;r+=1){let{passphrase:i}=await t({type:"password",name:"passphrase",message:Zt,validate:o(a=>a.length>=15?!0:tn(),"validate")}),{confirm:s}=await t({type:"password",name:"confirm",message:en});if(i===s)return i;n.write(nn(r))}throw new Error(rn)}o(cn,"promptPassphrase");function ui(e){return{writeFileSync:e.writeFileSync??di,mkdirSync:e.mkdirSync??mi,existsSync:e.existsSync??li,generateSigningKeyPair:e.generateSigningKeyPair??Ht,encryptStringAsJwe:e.encryptStringAsJwe??Vt,storeKeyInKeychain:e.storeKeyInKeychain??Nt,isMacOS:e.isMacOS??K,promptExpiryMonths:e.promptExpiryMonths??sn,promptEmail:e.promptEmail??an,promptPassphrase:e.promptPassphrase??cn,discoverLocalKeys:e.discoverLocalKeys??(()=>Yt())}}o(ui,"resolveDeps");function ln(e,t={}){let n=ui(t),r=e.command("keys").description("Manage code signing keys");r.command("generate").description("Generate an Ed25519 keypair for code signing").option("-o, --output <path>","Encrypted private key output path (forces file storage even on macOS)").option("--no-keychain","Skip macOS Keychain and write a passphrase-encrypted private key under ~/.dune/keys/ instead").option("-e, --expires <months>",`Validity in months (${1}-${12}); skips the interactive prompt`).option("--email <address>","Email address for the registry entry; skips the interactive prompt").action(i=>yi(i,n)),r.command("list").description("List local signing identities and their storage location").action(()=>gi(n))}o(ln,"registerKeysCommand");async function gi(e){let t=await e.discoverLocalKeys();if(t.length===0){process.stdout.write(`No signing identities found.
 `),process.stdout.write(`Run \`cognite keys generate\` to create one (storage: ${j().keysDir}).
-`);return}let n=["KID","SOURCE","EMAIL"],r=t.map(a=>[a.kid,Kt(a.source),a.email??"\u2014"]),i=n.map((a,c)=>Math.max(a.length,...r.map(p=>p[c].length))),s=o(a=>a.map((c,p)=>c.padEnd(i[p])).join("  ").trimEnd(),"fmt");process.stdout.write(`${s(n)}
+`);return}let n=["KID","SOURCE","EMAIL"],r=t.map(a=>[a.kid,Bt(a.source),a.email??"\u2014"]),i=n.map((a,c)=>Math.max(a.length,...r.map(p=>p[c].length))),s=o(a=>a.map((c,p)=>c.padEnd(i[p])).join("  ").trimEnd(),"fmt");process.stdout.write(`${s(n)}
 `);for(let a of r)process.stdout.write(`${s(a)}
-`)}o(ci,"handleList");function rn(e,t,n){let r=Ue(j().keysDir,`${e}${oe}`);return n.mkdirSync(_e(r),{recursive:!0}),n.writeFileSync(r,t),r}o(rn,"writePublicKey");async function pi(e,t,n,r,i){let s=r??Ue(j().keysDir,`${e}${De}`);if(i.mkdirSync(_e(s),{recursive:!0}),i.existsSync(s))throw new Error(`Refusing to overwrite existing key at ${s}. Delete it first if you really want to regenerate: rm ${s}`);let a=await i.encryptStringAsJwe(t,n);return i.writeFileSync(s,a,{mode:384}),s}o(pi,"writeEncryptedPrivateKey");async function li(e,t,n=new Date){let r=e.keychain!==!1&&t.isMacOS()&&!e.output,i=e.expires!==void 0?q(e.expires):await t.promptExpiryMonths(),s=Te(Mt(n,i)),a=e.email!==void 0?W(e.email,"--email"):await t.promptEmail(),c=r?null:await t.promptPassphrase();process.stderr.write(`
+`)}o(gi,"handleList");function pn(e,t,n){let r=Ne(j().keysDir,`${e}${ie}`);return n.mkdirSync(Le(r),{recursive:!0}),n.writeFileSync(r,t),r}o(pn,"writePublicKey");async function fi(e,t,n,r,i){let s=r??Ne(j().keysDir,`${e}${Te}`);if(i.mkdirSync(Le(s),{recursive:!0}),i.existsSync(s))throw new Error(`Refusing to overwrite existing key at ${s}. Delete it first if you really want to regenerate: rm ${s}`);let a=await i.encryptStringAsJwe(t,n);return i.writeFileSync(s,a,{mode:384}),s}o(fi,"writeEncryptedPrivateKey");async function yi(e,t,n=new Date){let r=e.keychain!==!1&&t.isMacOS()&&!e.output,i=e.expires!==void 0?q(e.expires):await t.promptExpiryMonths(),s=Fe(Jt(n,i)),a=e.email!==void 0?W(e.email,"--email"):await t.promptEmail(),c=r?null:await t.promptPassphrase();process.stderr.write(`
 Generating Ed25519 keypair...
-`);let{privateKeyPem:p,publicKeyPem:l,kid:m}=await t.generateSigningKeyPair();if(r){await t.storeKeyInKeychain(m,p);let f=rn(m,l,t);process.stderr.write(`Public key:  ${f}
+`);let{privateKeyPem:p,publicKeyPem:l,kid:m}=await t.generateSigningKeyPair();if(r){await t.storeKeyInKeychain(m,p);let f=pn(m,l,t);process.stderr.write(`Public key:  ${f}
 `),process.stderr.write(`Private key: macOS Keychain (service: cognite-dune, account: ${m})
-`)}else{if(c===null)throw new Error("passphrase is required when not using Keychain");let f=await pi(m,p,c,e.output,t),g=rn(m,l,t);process.stderr.write(`Public key:  ${g}
-`),process.stderr.write(`Private key: ${f} (JWE, AES-256-GCM, PBKDF2-SHA512 x${ke.toLocaleString()})
+`)}else{if(c===null)throw new Error("passphrase is required when not using Keychain");let f=await fi(m,p,c,e.output,t),g=pn(m,l,t);process.stderr.write(`Public key:  ${g}
+`),process.stderr.write(`Private key: ${f} (JWE, AES-256-GCM, PBKDF2-SHA512 x${Ie.toLocaleString()})
 `),t.isMacOS()||process.stderr.write(`   (macOS Keychain integration is the default on darwin; on this OS we use the file.)
-`)}let d=Ue(j().keysDir,`${m}${Ie}`);t.mkdirSync(_e(d),{recursive:!0}),t.writeFileSync(d,JSON.stringify({email:a}));let u=Ht(process.stderr);process.stderr.write(`
+`)}let d=Ne(j().keysDir,`${m}${$e}`);t.mkdirSync(Le(d),{recursive:!0}),t.writeFileSync(d,JSON.stringify({email:a}));let u=zt(process.stderr);process.stderr.write(`
 Signing identity (kid): ${u.green(m)}
 `),process.stderr.write(`Expires: ${s} (${i} month${i===1?"":"s"} from today)
-`),process.stderr.write(Bt({kid:m,publicKeyPem:l,email:a,expires:s},u,n)),process.stderr.write(`
+`),process.stderr.write(Wt({kid:m,publicKeyPem:l,email:a,expires:s},u,n)),process.stderr.write(`
 ${u.bold("Next:")} open a PR against the ${u.magenta("infrastructure")} repo with that block, then \`${u.cyan(`cognite sign -s ${m}`)}\`
-`)}o(li,"handleGenerate");var sn=1e3,mi=new Set(["baseUrl","url","project","deployment","source","path","name","displayName","description"]);function di(e){return Object.fromEntries(Object.entries(e).map(([t,n])=>typeof n=="boolean"?[t,n]:mi.has(t)?[t,n]:[t,"[REDACTED]"]))}o(di,"sanitize");function ui(e){let t=[],n=e;for(;n;)n.parent&&t.unshift(n.name()),n=n.parent;return t.join(" ")}o(ui,"getCommandPath");function an(e){try{let t=e(process.cwd());return{appExternalId:t.externalId,appVersionTag:t.versionTag}}catch{return{}}}o(an,"tryLoadAppConfig");function Le(e){return e.filter(t=>!t.startsWith("-")).join(" ")||"unknown"}o(Le,"commandFromArgv");function cn(e,t,n=w){e.hook("postAction",async(r,i)=>{try{let s={command:ui(i),options:di(i.opts()),success:!0,...an(n)};t.track("Flows.CLI.Command",s),await t.flush(sn)}catch{}})}o(cn,"instrument");async function pn(e,t,n=w){try{let r={command:Le(t),options:{},success:!1,...an(n)};e.track("Flows.CLI.Command",r),await e.flush(sn)}catch{}}o(pn,"trackFailure");var gi="ERR_USE_AFTER_CLOSE";function mn(e){return e instanceof Error&&"code"in e&&e.code===gi}o(mn,"isReadlineClosedError");function fi(e){let t=Object.getPrototypeOf(e);return t===Object.prototype||t===null}o(fi,"isPlainObject");function Ne(e){return e==null||mn(e)?!0:e instanceof Error?!1:!!(typeof e=="object"&&e!==null&&fi(e)&&Object.keys(e).length===0)}o(Ne,"isPromptCancel");var ln=!1;function dn(){ln||(ln=!0,process.on("uncaughtException",e=>{mn(e)&&(console.error(`
-Cancelled.`),process.exit(130)),console.error(e),process.exit(1)}),process.on("unhandledRejection",e=>{Ne(e)&&(console.error(`
-Cancelled.`),process.exit(130)),console.error(e),process.exit(1)}))}o(dn,"installCancelHandler");import un from"mixpanel";var yi="5c4d853e7c3b77b1eb4468d5329b278c",Q="cognite-cli",hi=2e3,gn={env:process.env,init:un.init.bind(un)},Ei={track:o(()=>{},"track"),flush:o(async()=>{},"flush")};function Ke(e=process.env){return e.COGNITE_TELEMETRY_DISABLED==="1"||e.DO_NOT_TRACK==="1"}o(Ke,"isTelemetryDisabled");function wi(e){return e.COGNITE_TELEMETRY_DEBUG==="1"}o(wi,"isDebug");function fn(e={}){let t=e.env??gn.env,n=e.init??gn.init,r=e.packageName,i=e.cliVersion,s=wi(t);if(Ke(t))return s&&process.stderr.write(`[telemetry] disabled \u2014 noop tracker
-`),Ei;let a,c=new Set;function p(){if(a)return a;try{return a=n(yi,{geolocate:!1,keepAlive:!1}),a}catch{return}}return o(p,"getClient"),{track(l,m={}){let d=p();if(!d)return;let u={...m,applicationId:Q,...r&&{packageName:r},...i&&{cliVersion:i},nodeVersion:process.version,platform:process.platform};s&&process.stderr.write(`[telemetry] track ${l} ${JSON.stringify(u)}
-`);let f=o(()=>{},"finish"),g=new Promise(b=>{f=b});c.add(g);try{d.track(l,u,f)}catch{f()}g.finally(()=>c.delete(g))},async flush(l=hi){if(c.size===0)return;let m,d=new Promise(u=>{m=setTimeout(u,l),m.unref?.()});try{await Promise.race([Promise.allSettled([...c]),d])}finally{m&&clearTimeout(m)}s&&process.stderr.write(`[telemetry] flush done (${c.size} still pending)
-`)}}}o(fn,"createTelemetry");var Si=1e3,Ci="https://0a118cb02e3be57b1838bcfb5783a2bf@o4508040730968064.ingest.de.sentry.io/4510719268290640",vi={captureError:o(async()=>{},"captureError"),flush:o(async()=>{},"flush")};function xi(e){return e.packageName&&e.cliVersion?`${e.packageName}@${e.cliVersion}`:e.cliVersion??"unknown"}o(xi,"buildRelease");var Pi="192.0.2.0";function bi(e){let t={...e.user,email:void 0,username:void 0,ip_address:Pi,id:void 0};return{...e,user:t,server_name:void 0}}o(bi,"scrubPii");function yn(e={}){let t=e.env??process.env;if(Ke(t))return vi;let n=xi(e),r="production",i=null,s=null;function a(){return{dsn:Ci,release:n,environment:r,defaultIntegrations:!1,integrations:[],sendDefaultPii:!1,enableLogs:!1,initialScope:{tags:{component:"cli",applicationId:Q},contexts:{cli:{applicationId:Q,node:process.version,platform:process.platform}}},beforeSend:bi}}o(a,"buildInitOptions");async function c(){return i||(s||(s=(async()=>{try{let p=e.sdk??await import("@sentry/node");return p.init(a()),i=p,p}catch{return null}})()),s)}return o(c,"ensureSdk"),{async captureError(p,l){try{let m=await c();if(!m)return;let d={level:"fatal"};l?.command&&(d.tags={command:l.command},d.contexts={cli:{applicationId:Q,node:process.version,platform:process.platform,command:l.command}}),m.captureException(p,d)}catch{}},async flush(p=Si){try{if(!i)return;await i.flush(p)}catch{}}}}o(yn,"createErrorReporter");import{mkdirSync as Ai,readFileSync as ki,writeFileSync as Di}from"fs";import{homedir as Ii}from"os";import{resolve as se}from"path";import{debuglog as Ti}from"util";import{lt as $i,parse as hn}from"semver";var Fi="https://registry.npmjs.org/@cognite/cli/latest",Ri=1500,En="upgrade-check.json",wn=se(process.env.XDG_CACHE_HOME||se(Ii(),".cache"),"@cognite","cli"),je=Ti("cognite-flows");function Oi(e,t){return!e||!t||!hn(e)||!hn(t)?!1:$i(e,t)}o(Oi,"isOutdated");async function _i({timeout:e=Ri,registryUrl:t=Fi,fetchImpl:n=globalThis.fetch}={}){if(typeof n!="function")return null;try{let r=await n(t,{signal:AbortSignal.timeout(e)});if(!r?.ok)return null;let i=await r.json();return typeof i?.version=="string"?i.version:null}catch(r){return je("fetchLatestVersion failed (%s): %O",t,r),null}}o(_i,"fetchLatestVersion");function Ui(e=wn,t=864e5){try{let n=ki(se(e,En),"utf-8"),r=JSON.parse(n);return typeof r.latest!="string"||typeof r.fetchedAt!="number"||Date.now()-r.fetchedAt>t?null:{latest:r.latest,fetchedAt:r.fetchedAt}}catch(n){return je("readUpgradeCheckCache failed (%s): %O",e,n),null}}o(Ui,"readUpgradeCheckCache");function Li(e,t){try{Ai(e,{recursive:!0});let n={latest:t,fetchedAt:Date.now()};Di(se(e,En),JSON.stringify(n))}catch(n){je("writeUpgradeCheckCache failed (%s): %O",e,n)}}o(Li,"writeUpgradeCheckCache");async function Ni({cacheDir:e=wn,...t}={}){let n=await _i(t);n&&Li(e,n)}o(Ni,"startBackgroundUpgradeCheck");function Sn(e,{onOutdated:t,cacheDir:n,...r}={}){let i=Ui(n);if(i){Oi(e,i.latest)&&t?.(e,i.latest);return}Ni({cacheDir:n,...r})}o(Sn,"preActionUpgradeCheck");import{default as $l,chalkStderr as Cn}from"chalk";function vn(e,t){let n=[`\u26A0  Update available: ${e} -> ${t}`,"   Run npx @cognite/cli@latest"],r=Math.max(...n.map(c=>[...c].length))+2,i="\u2500".repeat(r),s=o(c=>`\u2502 ${c}${" ".repeat(r-1-[...c].length)}\u2502`,"pad"),a=[`\u250C${i}\u2510`,...n.map(s),`\u2514${i}\u2518`].join(`
-`);return Cn.bold.yellow(a)}o(vn,"formatUpgradeWarning");function Mi(e){return e instanceof Error&&"code"in e&&typeof e.code=="string"&&e.code==="DEP0040"}o(Mi,"isDep0040Warning");var Ve=process,Vi=Ve.emit.bind(Ve);Ve.emit=function(e,...t){return e==="warning"&&Mi(t[0])?!1:Vi(e,...t)};dn();var B=new ji;B.name("cognite").description("Build and deploy React apps to Cognite Data Fusion").version("1.1.0").showHelpAfterError().configureOutput({writeOut:o(e=>Ki(1,e),"writeOut")});B.hook("preAction",()=>{Sn("1.1.0",{onOutdated:o((e,t)=>{console.warn(`
-${vn(e,t)}
-`)},"onOutdated")})});It(B);on(B);var Pn=fn({packageName:"@cognite/cli",cliVersion:"1.1.0"}),xn=yn({packageName:"@cognite/cli",cliVersion:"1.1.0"});cn(B,Pn);var Me=process.argv.slice(2);B.parseAsync(Me,{from:"user"}).catch(async e=>{await pn(Pn,Me),Ne(e)&&(console.error(`
-Cancelled.`),process.exit(130)),await xn.captureError(e,{command:Le(Me)}),await xn.flush(),console.error(e instanceof Error?`\u274C ${e.message}`:e),process.exit(1)});
+`)}o(yi,"handleGenerate");var mn=1e3,hi=new Set(["baseUrl","url","project","deployment","source","path","name","displayName","description"]);function wi(e){return Object.fromEntries(Object.entries(e).map(([t,n])=>typeof n=="boolean"?[t,n]:hi.has(t)?[t,n]:[t,"[REDACTED]"]))}o(wi,"sanitize");function Ci(e){let t=[],n=e;for(;n;)n.parent&&t.unshift(n.name()),n=n.parent;return t.join(" ")}o(Ci,"getCommandPath");function dn(e){try{let t=e(process.cwd());return{appExternalId:t.externalId,appVersionTag:t.versionTag}}catch{return{}}}o(dn,"tryLoadAppConfig");function Ke(e){return e.filter(t=>!t.startsWith("-")).join(" ")||"unknown"}o(Ke,"commandFromArgv");function un(e,t,n=C){e.hook("postAction",async(r,i)=>{try{let s={command:Ci(i),options:wi(i.opts()),success:!0,...dn(n)};t.track("Flows.CLI.Command",s),await t.flush(mn)}catch{}})}o(un,"instrument");async function gn(e,t,n=C){try{let r={command:Ke(t),options:{},success:!1,...dn(n)};e.track("Flows.CLI.Command",r),await e.flush(mn)}catch{}}o(gn,"trackFailure");var Ei="ERR_USE_AFTER_CLOSE";function yn(e){return e instanceof Error&&"code"in e&&e.code===Ei}o(yn,"isReadlineClosedError");function Si(e){let t=Object.getPrototypeOf(e);return t===Object.prototype||t===null}o(Si,"isPlainObject");function je(e){return e==null||yn(e)?!0:e instanceof Error?!1:!!(typeof e=="object"&&e!==null&&Si(e)&&Object.keys(e).length===0)}o(je,"isPromptCancel");var fn=!1;function hn(){fn||(fn=!0,process.on("uncaughtException",e=>{yn(e)&&(console.error(`
+Cancelled.`),process.exit(130)),console.error(e),process.exit(1)}),process.on("unhandledRejection",e=>{je(e)&&(console.error(`
+Cancelled.`),process.exit(130)),console.error(e),process.exit(1)}))}o(hn,"installCancelHandler");import{homedir as Ai}from"os";import wn from"mixpanel";var vi="5c4d853e7c3b77b1eb4468d5329b278c",Q="cognite-cli",xi=2e3,Cn={env:process.env,init:wn.init.bind(wn)},Pi={track:o(()=>{},"track"),flush:o(async()=>{},"flush")};function Me(e=process.env){return e.COGNITE_TELEMETRY_DISABLED==="1"||e.DO_NOT_TRACK==="1"}o(Me,"isTelemetryDisabled");function bi(e){return e.COGNITE_TELEMETRY_DEBUG==="1"}o(bi,"isDebug");function En(e={}){let t=e.env??Cn.env,n=e.init??Cn.init,r=e.packageName,i=e.cliVersion,s=bi(t);if(Me(t))return s&&process.stderr.write(`[telemetry] disabled \u2014 noop tracker
+`),Pi;let a,c=new Set;function p(){if(a)return a;try{return a=n(vi,{geolocate:!1,keepAlive:!1}),a}catch{return}}return o(p,"getClient"),{track(l,m={}){let d=p();if(!d)return;let u={...m,applicationId:Q,...r&&{packageName:r},...i&&{cliVersion:i},nodeVersion:process.version,platform:process.platform};s&&process.stderr.write(`[telemetry] track ${l} ${JSON.stringify(u)}
+`);let f=o(()=>{},"finish"),g=new Promise(b=>{f=b});c.add(g);try{d.track(l,u,f)}catch{f()}g.finally(()=>c.delete(g))},async flush(l=xi){if(c.size===0)return;let m,d=new Promise(u=>{m=setTimeout(u,l),m.unref?.()});try{await Promise.race([Promise.allSettled([...c]),d])}finally{m&&clearTimeout(m)}s&&process.stderr.write(`[telemetry] flush done (${c.size} still pending)
+`)}}}o(En,"createTelemetry");var ae=Ai();function Sn(e,t=ae){if(!t||t==="/")return e;let n=e.replaceAll(t,"~"),r=t.replaceAll("\\","/");return r!==t&&(n=n.replaceAll(r,"~")),n}o(Sn,"redactHomedir");var ki=1e3,Di="https://0a118cb02e3be57b1838bcfb5783a2bf@o4508040730968064.ingest.de.sentry.io/4510719268290640",Ii={captureError:o(async()=>{},"captureError"),flush:o(async()=>{},"flush")};function Ti(e){return e.packageName&&e.cliVersion?`${e.packageName}@${e.cliVersion}`:e.cliVersion??"unknown"}o(Ti,"buildRelease");var $i="192.0.2.0";function Fi(e){let t={...e.user,email:void 0,username:void 0,ip_address:$i,id:void 0},n=e.exception?.values?.map(r=>({...r,value:r.value!==void 0?Sn(r.value):r.value}));return{...e,message:e.message!==void 0?Sn(e.message):e.message,user:t,server_name:void 0,...n!==void 0&&{exception:{...e.exception,values:n}}}}o(Fi,"scrubPii");function vn(e={}){let t=e.env??process.env;if(Me(t))return Ii;let n=Ti(e),r="production",i=null,s=null;function a(p){let l=ae&&ae!=="/"?[p.rewriteFramesIntegration({root:ae})]:[];return{dsn:Di,release:n,environment:r,defaultIntegrations:!1,integrations:l,sendDefaultPii:!1,enableLogs:!1,initialScope:{tags:{component:"cli",applicationId:Q},contexts:{cli:{applicationId:Q,node:process.version,platform:process.platform}}},beforeSend:Fi}}o(a,"buildInitOptions");async function c(){return i||(s||(s=(async()=>{try{let p=e.sdk??await import("@sentry/node");return p.init(a(p)),i=p,p}catch{return null}})()),s)}return o(c,"ensureSdk"),{async captureError(p,l){try{let m=await c();if(!m)return;let d={level:"fatal"};l?.command&&(d.tags={command:l.command},d.contexts={cli:{applicationId:Q,node:process.version,platform:process.platform,command:l.command}}),m.captureException(p,d)}catch{}},async flush(p=ki){try{if(!i)return;await i.flush(p)}catch{}}}}o(vn,"createErrorReporter");import{mkdirSync as Oi,readFileSync as Ri,writeFileSync as _i}from"fs";import{homedir as Ui}from"os";import{resolve as ce}from"path";import{debuglog as Li}from"util";import{lt as Ni,parse as xn}from"semver";var Ki="https://registry.npmjs.org/@cognite/cli/latest",ji=1500,Pn="upgrade-check.json",bn=ce(process.env.XDG_CACHE_HOME||ce(Ui(),".cache"),"@cognite","cli"),Ve=Li("cognite-flows");function Mi(e,t){return!e||!t||!xn(e)||!xn(t)?!1:Ni(e,t)}o(Mi,"isOutdated");async function Vi({timeout:e=ji,registryUrl:t=Ki,fetchImpl:n=globalThis.fetch}={}){if(typeof n!="function")return null;try{let r=await n(t,{signal:AbortSignal.timeout(e)});if(!r?.ok)return null;let i=await r.json();return typeof i?.version=="string"?i.version:null}catch(r){return Ve("fetchLatestVersion failed (%s): %O",t,r),null}}o(Vi,"fetchLatestVersion");function Hi(e=bn,t=864e5){try{let n=Ri(ce(e,Pn),"utf-8"),r=JSON.parse(n);return typeof r.latest!="string"||typeof r.fetchedAt!="number"||Date.now()-r.fetchedAt>t?null:{latest:r.latest,fetchedAt:r.fetchedAt}}catch(n){return Ve("readUpgradeCheckCache failed (%s): %O",e,n),null}}o(Hi,"readUpgradeCheckCache");function Gi(e,t){try{Oi(e,{recursive:!0});let n={latest:t,fetchedAt:Date.now()};_i(ce(e,Pn),JSON.stringify(n))}catch(n){Ve("writeUpgradeCheckCache failed (%s): %O",e,n)}}o(Gi,"writeUpgradeCheckCache");async function Bi({cacheDir:e=bn,...t}={}){let n=await Vi(t);n&&Gi(e,n)}o(Bi,"startBackgroundUpgradeCheck");function An(e,{onOutdated:t,cacheDir:n,...r}={}){let i=Hi(n);if(i){Mi(e,i.latest)&&t?.(e,i.latest);return}Bi({cacheDir:n,...r})}o(An,"preActionUpgradeCheck");import{default as jl,chalkStderr as kn}from"chalk";function Dn(e,t){let n=[`\u26A0  Update available: ${e} -> ${t}`,"   Run npx @cognite/cli@latest"],r=Math.max(...n.map(c=>[...c].length))+2,i="\u2500".repeat(r),s=o(c=>`\u2502 ${c}${" ".repeat(r-1-[...c].length)}\u2502`,"pad"),a=[`\u250C${i}\u2510`,...n.map(s),`\u2514${i}\u2518`].join(`
+`);return kn.bold.yellow(a)}o(Dn,"formatUpgradeWarning");function Xi(e){return e instanceof Error&&"code"in e&&typeof e.code=="string"&&e.code==="DEP0040"}o(Xi,"isDep0040Warning");var Ge=process,zi=Ge.emit.bind(Ge);Ge.emit=function(e,...t){return e==="warning"&&Xi(t[0])?!1:zi(e,...t)};hn();var G=new Ji;G.name("cognite").description("Build and deploy React apps to Cognite Data Fusion").version("1.2.0").showHelpAfterError().configureOutput({writeOut:o(e=>Yi(1,e),"writeOut")});G.hook("preAction",()=>{An("1.2.0",{onOutdated:o((e,t)=>{console.warn(`
+${Dn(e,t)}
+`)},"onOutdated")})});_t(G);ln(G);var Tn=En({packageName:"@cognite/cli",cliVersion:"1.2.0"}),In=vn({packageName:"@cognite/cli",cliVersion:"1.2.0"});un(G,Tn);var He=process.argv.slice(2);G.parseAsync(He,{from:"user"}).catch(async e=>{await gn(Tn,He),je(e)&&(console.error(`
+Cancelled.`),process.exit(130)),await In.captureError(e,{command:Ke(He)}),await In.flush(),console.error(e instanceof Error?`\u274C ${e.message}`:e),process.exit(1)});

package/dist/deploy/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { CogniteClient } from '@cognite/sdk';
+import { CogniteClient, ClientOptions } from '@cognite/sdk';
 type Deployment = {
     org: string;
@@ -95,7 +95,9 @@ declare class ApplicationPackager {
     createZip(outputFilename?: string, verbose?: boolean): Promise<string>;
 }
-declare const getSdk: (deployment: Deployment, folder: string, env?: NodeJS.ProcessEnv) => Promise<CogniteClient>;
+type Authenticatable = Pick<CogniteClient, 'authenticate'>;
+declare function getSdk(deployment: Deployment, folder: string, env?: NodeJS.ProcessEnv): Promise<CogniteClient>;
+declare function getSdk<C extends Authenticatable>(deployment: Deployment, folder: string, env: NodeJS.ProcessEnv, createClient: (opts: ClientOptions) => C): Promise<C>;
 /**
  * Get access token for deployment using the appropriate identity provider.

package/dist/deploy/index.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{a,b,c,d,e}from"../chunk-~~VJMFH4MH~~.js";export{a as AppHostingClient,b as ApplicationPackager,e as deploy,d as getSdk,c as getToken};
1	+ import{a,b,c,d,e}from"../chunk-PT2DTNGD.js";export{a as AppHostingClient,b as ApplicationPackager,e as deploy,d as getSdk,c as getToken};

package/dist/index.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{a as o,b as r,c as e,d as f,e as m}from"./chunk-~~VJMFH4MH~~.js";export{o as AppHostingClient,r as ApplicationPackager,m as deploy,f as getSdk,e as getToken};
1	+ import{a as o,b as r,c as e,d as f,e as m}from"./chunk-PT2DTNGD.js";export{o as AppHostingClient,r as ApplicationPackager,m as deploy,f as getSdk,e as getToken};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cognite/cli",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "CLI for Cognite Data Fusion",
   "license": "Apache-2.0",
   "author": "Cognite",