@cognite/cli 1.3.2-alpha.53 → 1.3.2-alpha.https2

package/_templates/app/new/config/vite.config.ts.ejs.t

@@ -3,17 +3,20 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>vite.config.ts'
 ---
 import path from 'node:path';
 
-import { fusionOpenPlugin, manifestCspPlugin } from '@cognite/app-sdk/vite';
+import {
+  fusionOpenPlugin,
+  manifestCspPlugin,
+  mkcertPlugin,
+} from '@cognite/app-sdk/vite';
 import tailwindcss from '@tailwindcss/vite';
 import react from '@vitejs/plugin-react';
 import { defineConfig } from 'vite';
-import mkcert from 'vite-plugin-mkcert';
 
 export default defineConfig({
   base: './',
   // manifestCspPlugin() must stay first — its middleware sets the
   // Content-Security-Policy header before any HTML response is sent.
-  plugins: [manifestCspPlugin(), react(), mkcert(), fusionOpenPlugin(), tailwindcss()],
+  plugins: [manifestCspPlugin(), react(), mkcertPlugin(), fusionOpenPlugin(), tailwindcss()],
   resolve: {
     alias: {
       '@': path.resolve(__dirname, './src'),

package/_templates/app/new/root/.npmrc.ejs.t

@@ -2,3 +2,4 @@
 to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>.npmrc'
 ---
 engine-strict=true
+# min-release-age=2

package/_templates/app/new/root/AGENTS.md.ejs.t

@@ -10,6 +10,7 @@ This app uses [github/spec-kit](https://github.com/github/spec-kit) for spec-dri
 
 - To start a new feature, run `/speckit.specify <description>` in Claude Code or Cursor. It generates a properly numbered feature directory and a spec to fill in. Then run `/speckit.clarify` → `/speckit.plan` → `/speckit.tasks` → `/speckit.implement`.
 - When user-visible behavior changes in an existing feature, update its `specs/<NNN>-<feature>/spec.md` before or alongside the code change.
+- When a feature touches Cognite Data Fusion data, the spec must document existing CDF views read from, new views needed, and spaces used.
 <% } else { -%>
 ## 0. Product Spec (SPEC.md)
 
@@ -21,62 +22,13 @@ This app uses [github/spec-kit](https://github.com/github/spec-kit) for spec-dri
 
 ---
 
-## 1. CDF Data & Generated SDK
-
-Before writing any feature code that reads CDF data model instances, check whether a generated SDK exists:
-
-```bash
-ls src/generated_sdks/
-```
-
-### If the SDK does not exist
-
-Stop. Do not write placeholder code or stub SDK calls. Tell the user:
-
-> To read data from your CDF data model, you'll need to generate a typed SDK first. Run this from the app root (where `app.json` lives):
->
-> ```bash
-> npx @cognite/cli@<%= cliVersion %> apps sdk --interactive
-> ```
->
-> The wizard will log you in via the browser, let you pick a data model, and write the generated files into `src/generated_sdks/`. Come back when it's done.
-
-Wait for the user to confirm generation is complete before continuing.
-
-### If the SDK exists
-
-Use `createSdk(client)` from `src/generated_sdks/<name>/index.ts` for all reads. Rules:
-
-- **Read the generated TypeScript types first** (`src/generated_sdks/<name>/*.generated.ts`) to understand what views, fields, and relations are available — the return types show exactly which fields exist on list vs detail queries, including relation fields
-- **Do not call `client.instances.list`, `client.instances.query`, or `client.instances.search` directly** — always go through the generated SDK for reads
-- The SDK is **read-only**: `queryX`, `getByIdX`, `searchX`, `countX`, `aggregateX` — no write operations
-- Relation fields appear only where the type exposes them: list/search results include direct relations as references; `getByIdX` additionally includes reverse relations and edges as connection objects (`{ items: [...], pageInfo: {...} }`)
-- For writes, use `client.instances.upsert` / `client.instances.delete` directly
-
-```ts
-import { createSdk } from '../generated_sdks/<name>';
-
-const sdk = createSdk(client); // no network call — instantiation is synchronous
-
-const result = await sdk.queryMyView({
-  filter: { status: { eq: 'active' } },
-  limit: 25,
-});
-// result.items[0].relatedView  ← direct relation fields resolve in the same call
-
-const detail = await sdk.getByIdMyView({ space: '...', externalId: '...' });
-// detail.reverseRelationField.items  ← reverse/edge relations only available here
-```
-
----
-
-## 2. UI Components
+## 1. UI Components
 
 Always check `@cognite/aura/components` before reaching for a raw HTML element or custom CSS/Tailwind solution. If Aura has a component that covers the need, use it. Only fall back to custom solutions when Aura genuinely doesn't cover the use case.
 
 ---
 
-## 3. Host integration (`@cognite/app-sdk`)
+## 2. Host integration (`@cognite/app-sdk`)
 
 The Fusion host exposes a `HostAppAPI` (imported as `HostAppAPI` from `@cognite/app-sdk`) via `connectToHostApp(...)`. Reach for it whenever the situation calls for it — don't hand-roll an equivalent or read browser globals directly.
 
@@ -123,7 +75,7 @@ async function updateState(next: AppState, api: HostAppAPI) {
 
 ---
 
-## 4. Dependency Injection
+## 3. Dependency Injection
 
 **All non-stateless dependencies must be injected.** Never import and call a service, SDK client, or stateful module directly inside a component or hook — it makes the code untestable and tightly coupled.
 
@@ -157,7 +109,7 @@ export const doWork = async (props: Props, overrides?: Partial<Deps>) => {
 
 ---
 
-## 5. Interface-Based Services
+## 4. Interface-Based Services
 
 Define an interface; implement with a class. Never reference the concrete class outside its own file.
 
@@ -174,7 +126,7 @@ export class ApiDataService implements DataService {
 
 ---
 
-## 6. ViewModel Pattern
+## 5. ViewModel Pattern
 
 Business logic lives in `use<Name>ViewModel`. Components only render.
 
@@ -210,11 +162,11 @@ This matters because each call to a `useState`-backed hook creates an **independ
 
 ### Host-synced state inside a ViewModel
 
-When a ViewModel exposes state that falls under §3's "host-synced" category, the **ViewModel** — not the view component — is responsible for seeding from `initialState` and pushing changes via `syncInternalState`. The state itself still lives in the shared storage layer described above; the ViewModel just owns the read/write contract with the host.
+When a ViewModel exposes state that falls under §2's "host-synced" category, the **ViewModel** — not the view component — is responsible for seeding from `initialState` and pushing changes via `syncInternalState`. The state itself still lives in the shared storage layer described above; the ViewModel just owns the read/write contract with the host.
 
 ---
 
-## 7. Test-First Development
+## 6. Test-First Development
 
 Write tests before implementation for all non-trivial behavior changes.
 
@@ -310,7 +262,7 @@ Place reusable factories in `src/__mocks__/`. Use `.test` TLD for fake URLs (RFC
 
 ---
 
-## 8. TypeScript Rules
+## 7. TypeScript Rules
 
 - Never use `any`; prefer `unknown` or explicit strong types
 - Never use `as` casts — they silence the compiler without providing safety. Use type guards instead.
@@ -337,14 +289,14 @@ const mock = { postMessage: vi.fn() } as Partial<Window> as Window;
 
 ---
 
-## 9. CogniteClient / authentication
+## 8. CogniteClient / authentication
 
 Auth is handled by `CogniteSdkProvider` from `@cognite/app-sdk/react` (see `App.tsx`). Nested components get the client via `useCogniteSdk()`. To wire up or migrate auth, run the `/setup-flows-auth` skill.
 
 ---
 
 
-## 10. Commits and pull requests
+## 9. Commits and pull requests
 
 Use [Conventional Commits v1.0.0](https://www.conventionalcommits.org/en/v1.0.0/).
 
@@ -355,4 +307,4 @@ Use [Conventional Commits v1.0.0](https://www.conventionalcommits.org/en/v1.0.0/
 - **Pull requests:** title and **Summary** should match the same vocabulary; do not replace conventional commits with only a PR headline.
 - Before committing: review **`git status`** and **`git diff`** (including staged); unstage and commit separately if the index mixes unrelated concerns.
 
----
+---

package/_templates/app/new/root/SPEC.md.ejs.t

@@ -51,29 +51,27 @@ to: '<%= useSpecKit ? null : (useCurrentDir ? "" : ((directoryName || name) + "/
 
 ---
 
-## CDF Data *(mandatory)*
+## Data Models & CDF Integration *(mandatory)*
 
 <!--
-  Which data model does this app connect to? If you haven't already, generate a
-  typed SDK by running from the app root:
-
-    npx @cognite/cli@<%= cliVersion %> apps sdk --interactive
-
-  Once generated, src/generated_sdks/<name>/schema.graphql is the source of truth
-  for what views, fields, and relations are available.
-
-  Describe below what data this feature reads and why — in plain terms, not view IDs.
-  Example: "Reads active work orders and their assigned assets."
+  Capture how this app integrates with Cognite Data Fusion data models.
+  Every Flows app should fill this in.
 -->
 
-### Data model
+### Existing views
 
-<!-- Which data model: name, space, version. -->
+<!--
+  CDF views this app reads from. Format: `<space>.<view>:<version>`.
+-->
 
-### What this app reads
+### New views
 
-<!-- Plain-language description of the data this feature needs and any key filters. -->
+<!--
+  Views this app needs that don't yet exist. Describe properties and relationships.
+-->
 
-### Writes
+### Spaces
 
-<!-- Does this feature write back to CDF? If so, what and under what conditions? If read-only, note that here. -->
+<!--
+  CDF spaces this app uses, and what each contains.
+-->

package/_templates/app/new/root/gitignore.ejs.t

@@ -8,6 +8,9 @@ node_modules
 dist
 coverage
 
+# Retained app bundles from `cognite apps deploy` (signed before publish)
+.cognite-bundles
+
 # Environment variables
 .env
 .env.local

package/_templates/app/new/root/package.json.ejs.t

@@ -22,18 +22,16 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>package.json'
     "lint": "eslint . --ext .js,.mjs,.cjs,.ts,.tsx",
     "lint:fix": "eslint . --fix --ext .js,.mjs,.cjs,.ts,.tsx",
     "deploy": "npx @cognite/cli@latest apps deploy --interactive",
-    "activate": "npx @cognite/cli@latest apps activate --interactive"
+    "activate": "npx @cognite/cli@latest apps activate --interactive",
+    "setup-https": "npx @cognite/cli@latest apps setup-https"
   },
   "dependencies": {
     "@cognite/aura": "^0.1.7",
     "@cognite/sdk": "^10.3.0",
-    "@cognite/cli": "<%= cliVersion %>",
     "@cognite/app-sdk": "^0.5.1",
     "@tabler/icons-react": "^3.35.0",
     "@tanstack/react-query": "^5.90.10",
     "clsx": "^2.1.1",
-    "graphql": "^16.14.0",
-    "graphql-tag": "^2.12.6",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "tailwind-merge": "^3.4.0"
@@ -63,7 +61,6 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>package.json'
     "typescript": "^5.0.0",
     "typescript-eslint": "^8.46.4",
     "vite": "7.3.2",
-    "vite-plugin-mkcert": "^1.17.9",
     "vitest": "^2.1.8"
   }
 }

package/dist/chunk-A5ASLC6T.js

@@ -0,0 +1,7 @@
+var r=Object.defineProperty;var s=(l,i)=>r(l,"name",{value:i,configurable:!0});import{execFileSync as c}from"child_process";import{createRequire as a}from"module";import{InvalidArgumentError as p}from"commander";var e="cognitedata/builder-skills",o=["claude-code","cursor"],t=o.flatMap(l=>["-a",l]),u=a(import.meta.url).resolve("skills/bin/cli.mjs");function n(l,i={}){c(process.execPath,[u,...l],{stdio:"inherit",cwd:process.cwd(),...i})}s(n,"execSkillsCli");function S(){return["add",e,...t,"--skill","*","-y"]}s(S,"pullAllArgs");function d(l){if(!/^[\w.-]+\/[\w.-]+$/.test(l))throw new p("Expected owner/repo format (e.g., cognitedata/builder-skills)");return l}s(d,"validateSource");function m(l){let i=["add",l.source,...t];return l.skill?i.push("--skill",l.skill):l.interactive||i.push("--skill","*","-y"),l.global&&i.push("--global"),i}s(m,"buildPullArgs");function k(l){console.log(`\u{1F504} Pulling skills from ${l.source}...`),n(m(l)),console.log(`
+\u2705 Skills pulled successfully`)}s(k,"handlePull");function P(l){let i=l.command("skills").summary("Manage AI agent skills for your app").description(`Manage AI agent skills for your app.
+Supports: ${o.join(", ")}`).addHelpText("after",`
+Examples:
+  npx @cognite/cli apps skills pull                               Pull all skills
+  npx @cognite/cli apps skills pull --skill create-client-tool    Pull a specific skill
+  npx @cognite/cli apps skills list                               List installed skills`);return i.command("pull").description("Pull all skills into your project").option("--source <owner/repo>","Skills repository",d,e).option("--skill <name>","Pull a specific skill by name").option("-i, --interactive","Interactively select which skills to install",!1).option("--global","Install skills globally",!1).action(k),i.command("list").description("List installed skills").action(()=>{n(["list"])}),i}s(P,"registerSkillsCommand");export{s as a,n as b,S as c,m as d,P as e};

package/dist/chunk-TYYH4NWG.js

@@ -0,0 +1,9 @@
+var tt=Object.defineProperty;var s=(n,t)=>tt(n,"name",{value:t,configurable:!0});import{mkdir as At,readFile as wt}from"fs/promises";import{basename as Et,dirname as St}from"path";var H="https://docs.cognite.com/cdf/access/";function f(n){return n!==null&&typeof n=="object"}s(f,"isRecord");function S(n){return n instanceof Error&&"status"in n&&typeof n.status=="number"}s(S,"isHttpError");function et(n){switch(n){case 401:return`Your credentials are invalid or expired. Check your client ID and secret.
+  See: ${H}`;case 403:return`You don't have the required CDF capabilities. Please contact your CDF admin.
+  See: ${H}`;default:return}}s(et,"httpStatusHint");function h(n){let t=n instanceof Error?n:new Error(String(n));if(!S(t))return null;let e=et(t.status);return e?Object.assign(new Error(`${t.message}
+  ${e}`),{cause:t}):null}s(h,"enrichedHttpError");function nt(n){if(!f(n))return null;let t=n.missing;if(Array.isArray(t))return t;let e=n.data;if(f(e)){let r=e.error;if(f(r)&&Array.isArray(r.missing))return r.missing;if(Array.isArray(e.missing))return e.missing}return null}s(nt,"findMissingArray");function rt(n,t){if(!S(n)||n.status!==400)return!1;let e=nt(n);return e?e.some(r=>f(r)&&typeof r.externalId=="string"&&t.includes(r.externalId)):!1}s(rt,"isMissingExternalIdError");function $(n,t){return S(n)&&n.status===404||rt(n,t)}s($,"isNotFoundError");var J=["DRAFT","PUBLISHED","DEPRECATED","ARCHIVED"],q=["ACTIVE","PREVIEW"],I=class I extends Error{constructor(t,e){super(`Version ${e} of app ${t} not found`),this.name="AppVersionNotFoundError",this.appExternalId=t,this.version=e}};s(I,"AppVersionNotFoundError");var C=I;function z(n,t){return n.includes(t)}s(z,"includesValue");function ot(n){return z(J,n)}s(ot,"isAppVersionLifecycleState");function st(n){return z(q,n)}s(st,"isAppVersionAlias");function it(n){return typeof n.version=="string"&&ot(n.lifecycleState)&&typeof n.entrypoint=="string"&&typeof n.createdTime=="number"&&typeof n.createdBy=="string"&&typeof n.appExternalId=="string"&&(n.alias===void 0||st(n.alias))&&(n.comment===void 0||typeof n.comment=="string")}s(it,"isAppVersion");function M(n){if(!f(n))throw new Error("Invalid version response: not an object");if(!it(n))throw new Error("Invalid version response: missing or malformed fields");return n}s(M,"parseAppVersion");var b=class b{constructor(t){this.client=t}get appsBasePath(){return`/api/v1/projects/${encodeURIComponent(this.client.project)}/apphosting/apps`}async createApp(t,e,r){try{await this.client.post(this.appsBasePath,{data:{items:[{externalId:t,name:e,description:r}]}})}catch(o){throw h(o)??o}}async uploadVersion(t,e,r,o,i="index.html"){console.log(`\u{1F4E4} Uploading version ${e}...`);let a=new FormData;a.append("file",new Blob([new Uint8Array(r)]),o),a.append("version",e),a.append("entryPath",i);let c=encodeURIComponent(t),p=`${this.appsBasePath}/${c}/versions`,l=await this.client.authenticate(),y=`${this.client.getBaseUrl()}${p}`,u=new AbortController,Z=setTimeout(()=>u.abort(),300*1e3),A;try{A=await fetch(y,{method:"POST",headers:{Authorization:`Bearer ${l}`},body:a,signal:u.signal})}catch(g){throw g instanceof Error&&g.name==="AbortError"?new Error("Upload timed out after 5 minutes"):g}finally{clearTimeout(Z)}if(!A.ok){let g=await A.text(),v=g;try{let V=JSON.parse(g);if(f(V)){let w=V.error;if(typeof w=="string")v=w;else if(f(w)){let E=w.message,B=w.code;v=typeof E=="string"?E:B!=null?`Unknown error (code: ${B})`:g}else{let E=V.message;v=typeof E=="string"?E:g}}}catch{}let O=A.headers.get("x-request-id"),Q=O?` | X-Request-ID: ${O}`:"",j=Object.assign(new Error(`Upload failed: ${A.status} \u2014 ${v}${Q}`),{status:A.status});throw h(j)??j}console.log(`\u2705 Version ${e} uploaded`)}async getVersion(t,e){let r=encodeURIComponent(t),o=encodeURIComponent(e),i=`${this.appsBasePath}/${r}/versions/${o}`;try{let a=await this.client.get(i);return M(a.data)}catch(a){throw $(a,[t,e])?new C(t,e):h(a)??a}}async getActiveVersion(t){let e=encodeURIComponent(t),r=`${this.appsBasePath}/${e}/active`;try{let o=await this.client.get(r);return M(o.data)}catch(o){if($(o,[t]))return null;throw h(o)??o}}async updateVersions(t,e){let r=encodeURIComponent(t),o=`${this.appsBasePath}/${r}/versions/update`;try{await this.client.post(o,{data:{items:e}})}catch(i){throw h(i)??i}}async submitSignatures(t,e,r){let o=encodeURIComponent(t),i=encodeURIComponent(e),a=`${this.appsBasePath}/${o}/versions/${i}/signatures`;try{await this.client.post(a,{data:{items:r}})}catch(c){throw h(c)??c}}};s(b,"AppHostingApi");var k=b;var T=class T{constructor(t){this.api=new k(t)}getVersion(t,e){return this.api.getVersion(t,e)}uploadVersion(t,e,r,o,i){return this.api.uploadVersion(t,e,r,o,i)}async ensureApp(t,e,r){console.log("\u{1F50D} Ensuring app exists...");try{await this.api.createApp(t,e,r),console.log(`\u2705 App '${t}' created`)}catch(o){if(S(o)&&o.status===409){console.log(`\u2705 App '${t}' already exists`);return}throw o}}async submitSignatures(t,e,r){r.length!==0&&(console.log(`\u{1F50F} Submitting ${r.length} signature${r.length===1?"":"s"} for version ${e}...`),await this.api.submitSignatures(t,e,r),console.log("\u2705 Signatures stored"))}async publishVersion(t,e){await this.api.updateVersions(t,[{version:e,update:{lifecycleState:{set:"PUBLISHED"}}}])}async publishAndActivate(t,e){console.log(`\u{1F680} Publishing and activating version ${e}...`),await this.api.updateVersions(t,[{version:e,update:{lifecycleState:{set:"PUBLISHED"},alias:{set:"ACTIVE"}}}]),console.log(`\u2705 Version ${e} is now PUBLISHED and ACTIVE`)}getActiveVersion(t){return this.api.getActiveVersion(t)}async deactivateVersion(t,e){await this.api.updateVersions(t,[{version:e,update:{alias:{setNull:!0}}}])}async activateVersion(t,e){let r=null;try{r=await this.api.getActiveVersion(t)}catch{r=null}let o=r&&r.version!==e?r.version:void 0;return await this.api.updateVersions(t,[{version:e,update:{alias:{set:"ACTIVE"}}}]),{supersededVersion:o}}async deploy(t,e,r,o,i,a,c=!1){console.log(`
+\u{1F680} Deploying application via App Hosting API...
+`);try{await this.ensureApp(t,e,r),await this.uploadVersion(t,o,i,a),c&&await this.publishAndActivate(t,o),console.log(`
+\u2705 Deployment successful!`)}catch(p){let l=p instanceof Error?p.message:String(p);throw Object.assign(new Error(`Deployment failed: ${l}`),{cause:p})}}};s(T,"AppHostingClient");var P=T;import m from"fs";import d from"path";import{parseAndValidateManifestConfig as at}from"@cognite/app-sdk/vite";import{BlobReader as ct,Uint8ArrayWriter as pt,ZipWriter as lt}from"@zip.js/zip.js";var R="package.json",D="package-lock.json",Y="manifest.json",U=".cognite",_=class _{constructor(t="dist"){this.distPath=d.isAbsolute(t)?t:d.join(process.cwd(),t),this.appRoot=d.dirname(this.distPath)}validateBuildDirectory(){if(!m.existsSync(this.distPath))throw new Error(`Build directory "${this.distPath}" not found. Run build first.`);let t=d.join(this.appRoot,R);if(!m.existsSync(t))throw new Error(`"${t}" not found. It is required for deployment.`);let e=d.join(this.appRoot,D);if(!m.existsSync(e))throw new Error(`"${e}" not found. It is required for deployment.`)}async createZip(t="app.zip",e=!1){this.validateBuildDirectory(),console.log("\u{1F4E6} Packaging application...");let r=new lt(new pt,{level:9}),o=s(async(p,l)=>{await r.add(l,new ct(await m.openAsBlob(p))),e&&console.log(`  \u{1F4C4} ${l}`)},"addFile"),i=s(async p=>{let l=await m.promises.readdir(p,{withFileTypes:!0});for(let y of l){let u=d.join(p,y.name);y.isDirectory()?await i(u):await o(u,d.relative(this.distPath,u).replace(/\\/g,"/"))}},"addDir"),a;try{await i(this.distPath);let p=d.join(this.appRoot,R);await o(p,d.posix.join(U,R));let l=d.join(this.appRoot,Y);if(m.existsSync(l)){let u=m.readFileSync(l,"utf-8");at(u,l),await o(l,d.posix.join(U,Y))}let y=d.join(this.appRoot,D);await o(y,d.posix.join(U,D)),a=await r.close()}catch(p){let l=p instanceof Error?p.message:String(p);throw new Error(`Failed to create zip: ${l}`)}await m.promises.writeFile(t,a);let c=(a.byteLength/1024/1024).toFixed(2);return console.log(`\u2705 App packaged: ${t} (${c} MB)`),t}};s(_,"ApplicationPackager");var x=_;import dt from"path";var G=".cognite-bundles";function K(n,t){return`${n}-${t}.zip`}s(K,"bundleFileName");function F(n,t,e){return dt.join(n,G,K(t,e))}s(F,"bundlePath");import{CogniteClient as yt}from"@cognite/sdk";var ut=s(()=>{let n=process.env.DEPLOYMENT_SECRETS;if(!n)return{};try{let t=JSON.parse(n),e={};for(let[r,o]of Object.entries(t))if(typeof o=="string"){let i=r.toLowerCase().replace(/_/g,"-");e[i]=o}return e}catch(t){return console.error("Error parsing DEPLOYMENT_SECRETS:",t),{}}},"loadSecretsFromEnv"),gt=s(n=>{let t;if(process.env.DEPLOYMENT_SECRET&&(t=process.env.DEPLOYMENT_SECRET),t||(t=ut()[n]),t||(t=process.env[n]),!t)throw new Error(`Secret not found in environment: ${n}`);return t},"getSecretFromEnv"),ft=s(n=>{if(!n)return"";try{return new URL(n).hostname.replace(/\.cognitedata\.com$/,"")}catch{let t=n.replace(/^https?:\/\//,"");return t=t.split("/")[0],t=t.split(":")[0],t=t.replace(/\.cognitedata\.com$/,""),t}},"extractClusterFromUrl"),mt=s(async(n,t)=>{let e=`Basic ${btoa(`${n}:${t}`)}`,r=await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:e,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})});if(!r.ok){let i=await r.text();throw new Error(`Failed to get token from CDF: ${r.status} ${r.statusText}
+${i}`)}let o=await r.json();if(!o.access_token)throw new Error("No access token returned from CDF authentication");return o.access_token},"getTokenCdf"),ht=s(async(n,t,e,r)=>{if(!r)throw new Error("Entra ID authentication requires 'baseUrl' to be set in deployment configuration");let o=ft(r);if(!o)throw new Error(`Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${r}`);let i=`https://login.microsoftonline.com/${e}/oauth2/v2.0/token`,a=`https://${o}.cognitedata.com/.default`,c=await fetch(i,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:n,client_secret:t,scope:a,grant_type:"client_credentials"})});if(!c.ok){let l=await c.text();throw new Error(`Failed to get token from Entra ID: ${c.status} ${c.statusText}
+${l}`)}let p=await c.json();if(!p.access_token)throw new Error("No access token returned from Entra ID authentication");return p.access_token},"getTokenEntra"),L=s(async(n,t=process.env)=>{if(t.COGNITE_TOKEN)return t.COGNITE_TOKEN;let{deployClientId:e,deploySecretName:r,idpType:o="cdf",tenantId:i,baseUrl:a}=n,c=gt(r);if(o==="entra_id"){if(!i)throw new Error("Entra ID authentication requires 'tenantId' in deployment configuration");return ht(e,c,i,a)}return mt(e,c)},"getToken");async function N(n,t,e=process.env,r){let o=await L(n,e),i=e.COGNITE_BASE_URL??n.baseUrl,a=(r??(c=>new yt(c)))({appId:t,project:n.project,baseUrl:i,oidcTokenProvider:s(async()=>o,"oidcTokenProvider")});return await a.authenticate(),a}s(N,"getSdk");async function W(n,t,e,r){let{externalId:o,name:i,description:a,versionTag:c}=t,p=F(e,o,c);await At(St(p),{recursive:!0}),await new x(`${e}/dist`).createZip(p,!0);let l=await wt(p);await new P(n).deploy(o,i,a,c,l,Et(p),r)}s(W,"packageAndUpload");var Pt=s(async(n,t,e)=>{let r=await N(n,e);await W(r,t,e,n.published)},"deploy");import{existsSync as xt,readFileSync as vt}from"fs";var X=[".dev.sig",".cert.sig"];function Ct(n,t={}){let e=t.existsSync??xt,r=t.readFileSync??((i,a)=>vt(i,a)),o=[];for(let i of X){let a=`${n}${i}`;if(!e(a))continue;let c=r(a,"utf8").trim();c.length>0&&o.push(c)}return o}s(Ct,"discoverSignatures");export{P as a,x as b,G as c,K as d,F as e,L as f,N as g,W as h,Pt as i,X as j,Ct as k};