npm - @cognite/cli - Versions diffs - 1.3.2-alpha.https1 → 1.3.2-alpha.winurl1 - Mend

@cognite/cli 1.3.2-alpha.https1 → 1.3.2-alpha.winurl1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/_templates/app/new/config/vite.config.ts.ejs.t +3 -6
package/_templates/app/new/patches/app-sdk.patch.ejs.t +20 -0
package/_templates/app/new/root/package.json.ejs.t +3 -1
package/dist/cli/cli.js +64 -66
package/package.json +1 -1

package/_templates/app/new/config/vite.config.ts.ejs.t CHANGED Viewed

@@ -3,20 +3,17 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>vite.config.ts'
 ---
 import path from 'node:path';
-import {
-  fusionOpenPlugin,
-  manifestCspPlugin,
-  mkcertPlugin,
-} from '@cognite/app-sdk/vite';
+import { fusionOpenPlugin, manifestCspPlugin } from '@cognite/app-sdk/vite';
 import tailwindcss from '@tailwindcss/vite';
 import react from '@vitejs/plugin-react';
 import { defineConfig } from 'vite';
+import mkcert from 'vite-plugin-mkcert';
 export default defineConfig({
   base: './',
   // manifestCspPlugin() must stay first — its middleware sets the
   // Content-Security-Policy header before any HTML response is sent.
-  plugins: [manifestCspPlugin(), react(), mkcertPlugin(), fusionOpenPlugin(), tailwindcss()],
+  plugins: [manifestCspPlugin(), react(), mkcert(), fusionOpenPlugin(), tailwindcss()],
   resolve: {
     alias: {
       '@': path.resolve(__dirname, './src'),

package/_templates/app/new/patches/app-sdk.patch.ejs.t ADDED Viewed

@@ -0,0 +1,20 @@
+---
+to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>patches/@cognite+app-sdk+0.5.1.patch'
+---
+diff --git a/node_modules/@cognite/app-sdk/dist/vite/fusion-open-plugin.js b/node_modules/@cognite/app-sdk/dist/vite/fusion-open-plugin.js
+index a43509c..3518d90 100644
+--- a/node_modules/@cognite/app-sdk/dist/vite/fusion-open-plugin.js
++++ b/node_modules/@cognite/app-sdk/dist/vite/fusion-open-plugin.js
+@@ -3,7 +3,11 @@ import l from "node:fs";
+ import m from "node:path";
+ import { FLOWS_SUBAPP_PATH as u } from "./constants.js";
+ const g = (o) => {
+-  const e = process.platform === "darwin" ? "open" : process.platform === "win32" ? "explorer" : "xdg-open";
++  if (process.platform === "win32") {
++    d("cmd", ["/c", "start", "", o], { stdio: "ignore", detached: !0 }).unref();
++    return;
++  }
++  const e = process.platform === "darwin" ? "open" : "xdg-open";
+   d(e, [o], { stdio: "ignore", detached: !0 }).unref();
+ }, h = () => ({
+   name: "fusion-open",

package/_templates/app/new/root/package.json.ejs.t CHANGED Viewed

@@ -23,7 +23,7 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>package.json'
     "lint:fix": "eslint . --fix --ext .js,.mjs,.cjs,.ts,.tsx",
     "deploy": "npx @cognite/cli@latest apps deploy --interactive",
     "activate": "npx @cognite/cli@latest apps activate --interactive",
-    "setup-https": "npx @cognite/cli@latest apps setup-https"
+    "postinstall": "patch-package"
   },
   "dependencies": {
     "@cognite/aura": "^0.1.7",
@@ -56,11 +56,13 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>package.json'
     "eslint-plugin-react-refresh": "^0.5.2",
     "globals": "^16.5.0",
     "happy-dom": "^20.9.0",
+    "patch-package": "^8.0.1",
     "postcss": "^8.5.6",
     "tailwindcss": "^4.1.17",
     "typescript": "^5.0.0",
     "typescript-eslint": "^8.46.4",
     "vite": "7.3.2",
+    "vite-plugin-mkcert": "^1.17.9",
     "vitest": "^2.1.8"
   }
 }

package/dist/cli/cli.js CHANGED Viewed

@@ -1,14 +1,14 @@
 #!/usr/bin/env node
-import{a as o,e as gt}from"../chunk-A5ASLC6T.js";import{writeSync as ha}from"fs";import{Command as Sa}from"commander";import{createReadStream as Go,existsSync as Jo,readFileSync as Yo,writeFileSync as qo}from"fs";import{basename as zo,dirname as Wo,join as Xo,resolve as he}from"path";import{hashDevSignature as Zo,parseScope as Qo,signBundle as ei,validateScopes as ti}from"@cognite/app-sdk/codesigning";var ft="https://docs.cognite.com/cdf/access/";function L(e){return e!==null&&typeof e=="object"}o(L,"isRecord");function X(e){return e instanceof Error&&"status"in e&&typeof e.status=="number"}o(X,"isHttpError");function yn(e){switch(e){case 401:return`Your credentials are invalid or expired. Check your client ID and secret.
+import{a as o,e as gt}from"../chunk-A5ASLC6T.js";import{writeSync as ca}from"fs";import{Command as la}from"commander";import{createReadStream as Go,existsSync as Jo,readFileSync as Yo,writeFileSync as qo}from"fs";import{basename as zo,dirname as Wo,join as Xo,resolve as he}from"path";import{hashDevSignature as Zo,parseScope as Qo,signBundle as ei,validateScopes as ti}from"@cognite/app-sdk/codesigning";var ft="https://docs.cognite.com/cdf/access/";function K(e){return e!==null&&typeof e=="object"}o(K,"isRecord");function X(e){return e instanceof Error&&"status"in e&&typeof e.status=="number"}o(X,"isHttpError");function hr(e){switch(e){case 401:return`Your credentials are invalid or expired. Check your client ID and secret.
   See: ${ft}`;case 403:return`You don't have the required CDF capabilities. Please contact your CDF admin.
-  See: ${ft}`;default:return}}o(yn,"httpStatusHint");function M(e){let t=e instanceof Error?e:new Error(String(e));if(!X(t))return null;let r=yn(t.status);return r?Object.assign(new Error(`${t.message}
-  ${r}`),{cause:t}):null}o(M,"enrichedHttpError");function hn(e){if(!L(e))return null;let t=e.missing;if(Array.isArray(t))return t;let r=e.data;if(L(r)){let n=r.error;if(L(n)&&Array.isArray(n.missing))return n.missing;if(Array.isArray(r.missing))return r.missing}return null}o(hn,"findMissingArray");function Sn(e,t){if(!X(e)||e.status!==400)return!1;let r=hn(e);return r?r.some(n=>L(n)&&typeof n.externalId=="string"&&t.includes(n.externalId)):!1}o(Sn,"isMissingExternalIdError");function Ie(e,t){return X(e)&&e.status===404||Sn(e,t)}o(Ie,"isNotFoundError");var ht=["DRAFT","PUBLISHED","DEPRECATED","ARCHIVED"],St=["ACTIVE","PREVIEW"],$e=class $e extends Error{constructor(t,r){super(`Version ${r} of app ${t} not found`),this.name="AppVersionNotFoundError",this.appExternalId=t,this.version=r}};o($e,"AppVersionNotFoundError");var T=$e;function wt(e,t){return e.includes(t)}o(wt,"includesValue");function wn(e){return wt(ht,e)}o(wn,"isAppVersionLifecycleState");function vn(e){return wt(St,e)}o(vn,"isAppVersionAlias");function Cn(e){return typeof e.version=="string"&&wn(e.lifecycleState)&&typeof e.entrypoint=="string"&&typeof e.createdTime=="number"&&typeof e.createdBy=="string"&&typeof e.appExternalId=="string"&&(e.alias===void 0||vn(e.alias))&&(e.comment===void 0||typeof e.comment=="string")}o(Cn,"isAppVersion");function yt(e){if(!L(e))throw new Error("Invalid version response: not an object");if(!Cn(e))throw new Error("Invalid version response: missing or malformed fields");return e}o(yt,"parseAppVersion");var Fe=class Fe{constructor(t){this.client=t}get appsBasePath(){return`/api/v1/projects/${encodeURIComponent(this.client.project)}/apphosting/apps`}async createApp(t,r,n){try{await this.client.post(this.appsBasePath,{data:{items:[{externalId:t,name:r,description:n}]}})}catch(i){throw M(i)??i}}async uploadVersion(t,r,n,i,a="index.html"){console.log(`\u{1F4E4} Uploading version ${r}...`);let s=new FormData;s.append("file",new Blob([new Uint8Array(n)]),i),s.append("version",r),s.append("entryPath",a);let p=encodeURIComponent(t),c=`${this.appsBasePath}/${p}/versions`,l=await this.client.authenticate(),d=`${this.client.getBaseUrl()}${c}`,m=new AbortController,g=setTimeout(()=>m.abort(),300*1e3),u;try{u=await fetch(d,{method:"POST",headers:{Authorization:`Bearer ${l}`},body:s,signal:m.signal})}catch(f){throw f instanceof Error&&f.name==="AbortError"?new Error("Upload timed out after 5 minutes"):f}finally{clearTimeout(g)}if(!u.ok){let f=await u.text(),S=f;try{let y=JSON.parse(f);if(L(y)){let C=y.error;if(typeof C=="string")S=C;else if(L(C)){let $=C.message,w=C.code;S=typeof $=="string"?$:w!=null?`Unknown error (code: ${w})`:f}else{let $=y.message;S=typeof $=="string"?$:f}}}catch{}let v=u.headers.get("x-request-id"),h=v?` | X-Request-ID: ${v}`:"",k=Object.assign(new Error(`Upload failed: ${u.status} \u2014 ${S}${h}`),{status:u.status});throw M(k)??k}console.log(`\u2705 Version ${r} uploaded`)}async getVersion(t,r){let n=encodeURIComponent(t),i=encodeURIComponent(r),a=`${this.appsBasePath}/${n}/versions/${i}`;try{let s=await this.client.get(a);return yt(s.data)}catch(s){throw Ie(s,[t,r])?new T(t,r):M(s)??s}}async getActiveVersion(t){let r=encodeURIComponent(t),n=`${this.appsBasePath}/${r}/active`;try{let i=await this.client.get(n);return yt(i.data)}catch(i){if(Ie(i,[t]))return null;throw M(i)??i}}async updateVersions(t,r){let n=encodeURIComponent(t),i=`${this.appsBasePath}/${n}/versions/update`;try{await this.client.post(i,{data:{items:r}})}catch(a){throw M(a)??a}}async submitSignatures(t,r,n){let i=encodeURIComponent(t),a=encodeURIComponent(r),s=`${this.appsBasePath}/${i}/versions/${a}/signatures`;try{await this.client.post(s,{data:{items:n}})}catch(p){throw M(p)??p}}};o(Fe,"AppHostingApi");var de=Fe;var Te=class Te{constructor(t){this.api=new de(t)}getVersion(t,r){return this.api.getVersion(t,r)}uploadVersion(t,r,n,i,a){return this.api.uploadVersion(t,r,n,i,a)}async ensureApp(t,r,n){console.log("\u{1F50D} Ensuring app exists...");try{await this.api.createApp(t,r,n),console.log(`\u2705 App '${t}' created`)}catch(i){if(X(i)&&i.status===409){console.log(`\u2705 App '${t}' already exists`);return}throw i}}async submitSignatures(t,r,n){n.length!==0&&(console.log(`\u{1F50F} Submitting ${n.length} signature${n.length===1?"":"s"} for version ${r}...`),await this.api.submitSignatures(t,r,n),console.log("\u2705 Signatures stored"))}async publishVersion(t,r){await this.api.updateVersions(t,[{version:r,update:{lifecycleState:{set:"PUBLISHED"}}}])}async publishAndActivate(t,r){console.log(`\u{1F680} Publishing and activating version ${r}...`),await this.api.updateVersions(t,[{version:r,update:{lifecycleState:{set:"PUBLISHED"},alias:{set:"ACTIVE"}}}]),console.log(`\u2705 Version ${r} is now PUBLISHED and ACTIVE`)}getActiveVersion(t){return this.api.getActiveVersion(t)}async deactivateVersion(t,r){await this.api.updateVersions(t,[{version:r,update:{alias:{setNull:!0}}}])}async activateVersion(t,r){let n=null;try{n=await this.api.getActiveVersion(t)}catch{n=null}let i=n&&n.version!==r?n.version:void 0;return await this.api.updateVersions(t,[{version:r,update:{alias:{set:"ACTIVE"}}}]),{supersededVersion:i}}async deploy(t,r,n,i,a,s,p=!1){console.log(`
+  See: ${ft}`;default:return}}o(hr,"httpStatusHint");function M(e){let t=e instanceof Error?e:new Error(String(e));if(!X(t))return null;let n=hr(t.status);return n?Object.assign(new Error(`${t.message}
+  ${n}`),{cause:t}):null}o(M,"enrichedHttpError");function Sr(e){if(!K(e))return null;let t=e.missing;if(Array.isArray(t))return t;let n=e.data;if(K(n)){let r=n.error;if(K(r)&&Array.isArray(r.missing))return r.missing;if(Array.isArray(n.missing))return n.missing}return null}o(Sr,"findMissingArray");function wr(e,t){if(!X(e)||e.status!==400)return!1;let n=Sr(e);return n?n.some(r=>K(r)&&typeof r.externalId=="string"&&t.includes(r.externalId)):!1}o(wr,"isMissingExternalIdError");function Ie(e,t){return X(e)&&e.status===404||wr(e,t)}o(Ie,"isNotFoundError");var ht=["DRAFT","PUBLISHED","DEPRECATED","ARCHIVED"],St=["ACTIVE","PREVIEW"],$e=class $e extends Error{constructor(t,n){super(`Version ${n} of app ${t} not found`),this.name="AppVersionNotFoundError",this.appExternalId=t,this.version=n}};o($e,"AppVersionNotFoundError");var T=$e;function wt(e,t){return e.includes(t)}o(wt,"includesValue");function vr(e){return wt(ht,e)}o(vr,"isAppVersionLifecycleState");function Cr(e){return wt(St,e)}o(Cr,"isAppVersionAlias");function Pr(e){return typeof e.version=="string"&&vr(e.lifecycleState)&&typeof e.entrypoint=="string"&&typeof e.createdTime=="number"&&typeof e.createdBy=="string"&&typeof e.appExternalId=="string"&&(e.alias===void 0||Cr(e.alias))&&(e.comment===void 0||typeof e.comment=="string")}o(Pr,"isAppVersion");function yt(e){if(!K(e))throw new Error("Invalid version response: not an object");if(!Pr(e))throw new Error("Invalid version response: missing or malformed fields");return e}o(yt,"parseAppVersion");var Fe=class Fe{constructor(t){this.client=t}get appsBasePath(){return`/api/v1/projects/${encodeURIComponent(this.client.project)}/apphosting/apps`}async createApp(t,n,r){try{await this.client.post(this.appsBasePath,{data:{items:[{externalId:t,name:n,description:r}]}})}catch(i){throw M(i)??i}}async uploadVersion(t,n,r,i,s="index.html"){console.log(`\u{1F4E4} Uploading version ${n}...`);let a=new FormData;a.append("file",new Blob([new Uint8Array(r)]),i),a.append("version",n),a.append("entryPath",s);let p=encodeURIComponent(t),c=`${this.appsBasePath}/${p}/versions`,l=await this.client.authenticate(),d=`${this.client.getBaseUrl()}${c}`,m=new AbortController,g=setTimeout(()=>m.abort(),300*1e3),u;try{u=await fetch(d,{method:"POST",headers:{Authorization:`Bearer ${l}`},body:a,signal:m.signal})}catch(f){throw f instanceof Error&&f.name==="AbortError"?new Error("Upload timed out after 5 minutes"):f}finally{clearTimeout(g)}if(!u.ok){let f=await u.text(),S=f;try{let y=JSON.parse(f);if(K(y)){let C=y.error;if(typeof C=="string")S=C;else if(K(C)){let $=C.message,w=C.code;S=typeof $=="string"?$:w!=null?`Unknown error (code: ${w})`:f}else{let $=y.message;S=typeof $=="string"?$:f}}}catch{}let v=u.headers.get("x-request-id"),h=v?` | X-Request-ID: ${v}`:"",b=Object.assign(new Error(`Upload failed: ${u.status} \u2014 ${S}${h}`),{status:u.status});throw M(b)??b}console.log(`\u2705 Version ${n} uploaded`)}async getVersion(t,n){let r=encodeURIComponent(t),i=encodeURIComponent(n),s=`${this.appsBasePath}/${r}/versions/${i}`;try{let a=await this.client.get(s);return yt(a.data)}catch(a){throw Ie(a,[t,n])?new T(t,n):M(a)??a}}async getActiveVersion(t){let n=encodeURIComponent(t),r=`${this.appsBasePath}/${n}/active`;try{let i=await this.client.get(r);return yt(i.data)}catch(i){if(Ie(i,[t]))return null;throw M(i)??i}}async updateVersions(t,n){let r=encodeURIComponent(t),i=`${this.appsBasePath}/${r}/versions/update`;try{await this.client.post(i,{data:{items:n}})}catch(s){throw M(s)??s}}async submitSignatures(t,n,r){let i=encodeURIComponent(t),s=encodeURIComponent(n),a=`${this.appsBasePath}/${i}/versions/${s}/signatures`;try{await this.client.post(a,{data:{items:r}})}catch(p){throw M(p)??p}}};o(Fe,"AppHostingApi");var de=Fe;var Te=class Te{constructor(t){this.api=new de(t)}getVersion(t,n){return this.api.getVersion(t,n)}uploadVersion(t,n,r,i,s){return this.api.uploadVersion(t,n,r,i,s)}async ensureApp(t,n,r){console.log("\u{1F50D} Ensuring app exists...");try{await this.api.createApp(t,n,r),console.log(`\u2705 App '${t}' created`)}catch(i){if(X(i)&&i.status===409){console.log(`\u2705 App '${t}' already exists`);return}throw i}}async submitSignatures(t,n,r){r.length!==0&&(console.log(`\u{1F50F} Submitting ${r.length} signature${r.length===1?"":"s"} for version ${n}...`),await this.api.submitSignatures(t,n,r),console.log("\u2705 Signatures stored"))}async publishVersion(t,n){await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"}}}])}async publishAndActivate(t,n){console.log(`\u{1F680} Publishing and activating version ${n}...`),await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"},alias:{set:"ACTIVE"}}}]),console.log(`\u2705 Version ${n} is now PUBLISHED and ACTIVE`)}getActiveVersion(t){return this.api.getActiveVersion(t)}async deactivateVersion(t,n){await this.api.updateVersions(t,[{version:n,update:{alias:{setNull:!0}}}])}async activateVersion(t,n){let r=null;try{r=await this.api.getActiveVersion(t)}catch{r=null}let i=r&&r.version!==n?r.version:void 0;return await this.api.updateVersions(t,[{version:n,update:{alias:{set:"ACTIVE"}}}]),{supersededVersion:i}}async deploy(t,n,r,i,s,a,p=!1){console.log(`
 \u{1F680} Deploying application via App Hosting API...
-`);try{await this.ensureApp(t,r,n),await this.uploadVersion(t,i,a,s),p&&await this.publishAndActivate(t,i),console.log(`
-\u2705 Deployment successful!`)}catch(c){let l=c instanceof Error?c.message:String(c);throw Object.assign(new Error(`Deployment failed: ${l}`),{cause:c})}}};o(Te,"AppHostingClient");var P=Te;import Pn from"path";var vt=".cognite-bundles";function Ct(e,t){return`${e}-${t}.zip`}o(Ct,"bundleFileName");function H(e,t,r){return Pn.join(e,vt,Ct(t,r))}o(H,"bundlePath");import{existsSync as En,readFileSync as kn}from"fs";var Pt=[".dev.sig",".cert.sig"];function Z(e,t={}){let r=t.existsSync??En,n=t.readFileSync??((a,s)=>kn(a,s)),i=[];for(let a of Pt){let s=`${e}${a}`;if(!r(s))continue;let p=n(s,"utf8").trim();p.length>0&&i.push(p)}return i}o(Z,"discoverSignatures");import{existsSync as _n,readFileSync as Un}from"fs";import{resolve as Ln}from"path";import{array as bn,boolean as xn,check as Et,forward as kt,literal as An,maxLength as Dn,minLength as In,nonEmpty as z,object as bt,optional as V,picklist as $n,pipe as K,safeParse as Fn,string as O,url as Tn}from"valibot";var Oe=K(O(),z("must not be empty")),Re=K(O(),z("must not be empty"),Dn(256,"must be 256 characters or fewer")),_e=K(O(),z("must not be empty"),Tn("must be a valid URL")),Ue=K(O(),z("must not be empty")),Le=K(O(),z("must not be empty")),On=K(bt({org:Ue,project:Le,baseUrl:_e,deployClientId:V(O(),""),deploySecretName:V(O(),""),published:V(xn(),!1),idpType:V($n(["cdf","entra_id"]),"cdf"),tenantId:V(O())}),kt(Et(e=>e.idpType!=="entra_id"||!!e.tenantId,'must be set when idpType is "entra_id"'),["tenantId"]),kt(Et(e=>!e.deployClientId||!!e.deploySecretName,"must be set when deployClientId is set"),["deploySecretName"])),Rn=bt({name:Oe,externalId:Re,versionTag:K(O(),z("must not be empty")),description:V(O(),""),deployments:K(bn(On),In(1,"must contain at least one deployment")),infra:V(An("appsApi"))});function Ke(e){let t=Fn(Rn,e);if(t.success)return t.output;let r=t.issues[0],n=r.path?.map(a=>a.key).join(".")??"",i=n?`"${n}" `:"";throw new Error(`app.json: ${i}${r.message}`)}o(Ke,"validateAppConfig");function E(e,t={}){let{validator:r=Ke,existsSync:n=_n,readFileSync:i=Un}=t,a=Ln(e,"app.json");if(!n(a))throw new Error("No app.json found in current directory. Make sure you're running this command from your app's root directory.");let s=i(a,"utf-8"),p;try{p=JSON.parse(s)}catch{throw new Error("Failed to parse app.json \u2014 check that it contains valid JSON.")}return r(p)}o(E,"loadAppConfig");import{CogniteClient as po}from"@cognite/sdk";import{CogniteClient as Vn}from"@cognite/sdk";var Kn=o(()=>{let e=process.env.DEPLOYMENT_SECRETS;if(!e)return{};try{let t=JSON.parse(e),r={};for(let[n,i]of Object.entries(t))if(typeof i=="string"){let a=n.toLowerCase().replace(/_/g,"-");r[a]=i}return r}catch(t){return console.error("Error parsing DEPLOYMENT_SECRETS:",t),{}}},"loadSecretsFromEnv"),jn=o(e=>{let t;if(process.env.DEPLOYMENT_SECRET&&(t=process.env.DEPLOYMENT_SECRET),t||(t=Kn()[e]),t||(t=process.env[e]),!t)throw new Error(`Secret not found in environment: ${e}`);return t},"getSecretFromEnv"),Nn=o(e=>{if(!e)return"";try{return new URL(e).hostname.replace(/\.cognitedata\.com$/,"")}catch{let t=e.replace(/^https?:\/\//,"");return t=t.split("/")[0],t=t.split(":")[0],t=t.replace(/\.cognitedata\.com$/,""),t}},"extractClusterFromUrl"),Mn=o(async(e,t)=>{let r=`Basic ${btoa(`${e}:${t}`)}`,n=await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:r,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})});if(!n.ok){let a=await n.text();throw new Error(`Failed to get token from CDF: ${n.status} ${n.statusText}
-${a}`)}let i=await n.json();if(!i.access_token)throw new Error("No access token returned from CDF authentication");return i.access_token},"getTokenCdf"),Hn=o(async(e,t,r,n)=>{if(!n)throw new Error("Entra ID authentication requires 'baseUrl' to be set in deployment configuration");let i=Nn(n);if(!i)throw new Error(`Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${n}`);let a=`https://login.microsoftonline.com/${r}/oauth2/v2.0/token`,s=`https://${i}.cognitedata.com/.default`,p=await fetch(a,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:e,client_secret:t,scope:s,grant_type:"client_credentials"})});if(!p.ok){let l=await p.text();throw new Error(`Failed to get token from Entra ID: ${p.status} ${p.statusText}
-${l}`)}let c=await p.json();if(!c.access_token)throw new Error("No access token returned from Entra ID authentication");return c.access_token},"getTokenEntra"),je=o(async(e,t=process.env)=>{if(t.COGNITE_TOKEN)return t.COGNITE_TOKEN;let{deployClientId:r,deploySecretName:n,idpType:i="cdf",tenantId:a,baseUrl:s}=e,p=jn(n);if(i==="entra_id"){if(!a)throw new Error("Entra ID authentication requires 'tenantId' in deployment configuration");return Hn(r,p,a,s)}return Mn(r,p)},"getToken");async function Q(e,t,r=process.env,n){let i=await je(e,r),a=r.COGNITE_BASE_URL??e.baseUrl,s=(n??(p=>new Vn(p)))({appId:t,project:e.project,baseUrl:a,oidcTokenProvider:o(async()=>i,"oidcTokenProvider")});return await s.authenticate(),s}o(Q,"getSdk");import Xn from"os";import Zn from"path";import Qn from"open";import{buildAuthorizationUrl as eo,calculatePKCECodeChallenge as to,discovery as ro,None as no,randomPKCECodeVerifier as oo,randomState as io}from"openid-client";import Bn from"https";import{authorizationCodeGrant as Gn}from"openid-client";function xt(e){return e.replace(/[&<>"']/g,t=>({"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;"})[t]??t)}o(xt,"escapeHtml");function Ne(e,t,r){let n=xt(t),i=xt(r);return`<html><body style="font-family: system-ui; padding: 40px; text-align: center;">
-    <h1>${n}</h1><p>${i}</p><p>You can close this window.</p>${e==="success"?`<style>
+`);try{await this.ensureApp(t,n,r),await this.uploadVersion(t,i,s,a),p&&await this.publishAndActivate(t,i),console.log(`
+\u2705 Deployment successful!`)}catch(c){let l=c instanceof Error?c.message:String(c);throw Object.assign(new Error(`Deployment failed: ${l}`),{cause:c})}}};o(Te,"AppHostingClient");var P=Te;import Er from"path";var vt=".cognite-bundles";function Ct(e,t){return`${e}-${t}.zip`}o(Ct,"bundleFileName");function V(e,t,n){return Er.join(e,vt,Ct(t,n))}o(V,"bundlePath");import{existsSync as br,readFileSync as kr}from"fs";var Pt=[".dev.sig",".cert.sig"];function Z(e,t={}){let n=t.existsSync??br,r=t.readFileSync??((s,a)=>kr(s,a)),i=[];for(let s of Pt){let a=`${e}${s}`;if(!n(a))continue;let p=r(a,"utf8").trim();p.length>0&&i.push(p)}return i}o(Z,"discoverSignatures");import{existsSync as Ur,readFileSync as Kr}from"fs";import{resolve as Lr}from"path";import{array as xr,boolean as Ar,check as Et,forward as bt,literal as Dr,maxLength as Ir,minLength as $r,nonEmpty as z,object as kt,optional as H,picklist as Fr,pipe as L,safeParse as Tr,string as O,url as Or}from"valibot";var Oe=L(O(),z("must not be empty")),Re=L(O(),z("must not be empty"),Ir(256,"must be 256 characters or fewer")),_e=L(O(),z("must not be empty"),Or("must be a valid URL")),Ue=L(O(),z("must not be empty")),Ke=L(O(),z("must not be empty")),Rr=L(kt({org:Ue,project:Ke,baseUrl:_e,deployClientId:H(O(),""),deploySecretName:H(O(),""),published:H(Ar(),!1),idpType:H(Fr(["cdf","entra_id"]),"cdf"),tenantId:H(O())}),bt(Et(e=>e.idpType!=="entra_id"||!!e.tenantId,'must be set when idpType is "entra_id"'),["tenantId"]),bt(Et(e=>!e.deployClientId||!!e.deploySecretName,"must be set when deployClientId is set"),["deploySecretName"])),_r=kt({name:Oe,externalId:Re,versionTag:L(O(),z("must not be empty")),description:H(O(),""),deployments:L(xr(Rr),$r(1,"must contain at least one deployment")),infra:H(Dr("appsApi"))});function Le(e){let t=Tr(_r,e);if(t.success)return t.output;let n=t.issues[0],r=n.path?.map(s=>s.key).join(".")??"",i=r?`"${r}" `:"";throw new Error(`app.json: ${i}${n.message}`)}o(Le,"validateAppConfig");function E(e,t={}){let{validator:n=Le,existsSync:r=Ur,readFileSync:i=Kr}=t,s=Lr(e,"app.json");if(!r(s))throw new Error("No app.json found in current directory. Make sure you're running this command from your app's root directory.");let a=i(s,"utf-8"),p;try{p=JSON.parse(a)}catch{throw new Error("Failed to parse app.json \u2014 check that it contains valid JSON.")}return n(p)}o(E,"loadAppConfig");import{CogniteClient as po}from"@cognite/sdk";import{CogniteClient as Br}from"@cognite/sdk";var jr=o(()=>{let e=process.env.DEPLOYMENT_SECRETS;if(!e)return{};try{let t=JSON.parse(e),n={};for(let[r,i]of Object.entries(t))if(typeof i=="string"){let s=r.toLowerCase().replace(/_/g,"-");n[s]=i}return n}catch(t){return console.error("Error parsing DEPLOYMENT_SECRETS:",t),{}}},"loadSecretsFromEnv"),Nr=o(e=>{let t;if(process.env.DEPLOYMENT_SECRET&&(t=process.env.DEPLOYMENT_SECRET),t||(t=jr()[e]),t||(t=process.env[e]),!t)throw new Error(`Secret not found in environment: ${e}`);return t},"getSecretFromEnv"),Mr=o(e=>{if(!e)return"";try{return new URL(e).hostname.replace(/\.cognitedata\.com$/,"")}catch{let t=e.replace(/^https?:\/\//,"");return t=t.split("/")[0],t=t.split(":")[0],t=t.replace(/\.cognitedata\.com$/,""),t}},"extractClusterFromUrl"),Vr=o(async(e,t)=>{let n=`Basic ${btoa(`${e}:${t}`)}`,r=await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:n,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})});if(!r.ok){let s=await r.text();throw new Error(`Failed to get token from CDF: ${r.status} ${r.statusText}
+${s}`)}let i=await r.json();if(!i.access_token)throw new Error("No access token returned from CDF authentication");return i.access_token},"getTokenCdf"),Hr=o(async(e,t,n,r)=>{if(!r)throw new Error("Entra ID authentication requires 'baseUrl' to be set in deployment configuration");let i=Mr(r);if(!i)throw new Error(`Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${r}`);let s=`https://login.microsoftonline.com/${n}/oauth2/v2.0/token`,a=`https://${i}.cognitedata.com/.default`,p=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:e,client_secret:t,scope:a,grant_type:"client_credentials"})});if(!p.ok){let l=await p.text();throw new Error(`Failed to get token from Entra ID: ${p.status} ${p.statusText}
+${l}`)}let c=await p.json();if(!c.access_token)throw new Error("No access token returned from Entra ID authentication");return c.access_token},"getTokenEntra"),je=o(async(e,t=process.env)=>{if(t.COGNITE_TOKEN)return t.COGNITE_TOKEN;let{deployClientId:n,deploySecretName:r,idpType:i="cdf",tenantId:s,baseUrl:a}=e,p=Nr(r);if(i==="entra_id"){if(!s)throw new Error("Entra ID authentication requires 'tenantId' in deployment configuration");return Hr(n,p,s,a)}return Vr(n,p)},"getToken");async function Q(e,t,n=process.env,r){let i=await je(e,n),s=n.COGNITE_BASE_URL??e.baseUrl,a=(r??(p=>new Br(p)))({appId:t,project:e.project,baseUrl:s,oidcTokenProvider:o(async()=>i,"oidcTokenProvider")});return await a.authenticate(),a}o(Q,"getSdk");import Xr from"os";import Zr from"path";import Qr from"open";import{buildAuthorizationUrl as eo,calculatePKCECodeChallenge as to,discovery as no,None as ro,randomPKCECodeVerifier as oo,randomState as io}from"openid-client";import Gr from"https";import{authorizationCodeGrant as Jr}from"openid-client";function xt(e){return e.replace(/[&<>"']/g,t=>({"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;"})[t]??t)}o(xt,"escapeHtml");function Ne(e,t,n){let r=xt(t),i=xt(n);return`<html><body style="font-family: system-ui; padding: 40px; text-align: center;">
+    <h1>${r}</h1><p>${i}</p><p>You can close this window.</p>${e==="success"?`<style>
       @keyframes checkmark {
         0% { transform: scale(0); }
         50% { transform: scale(1.2); }
@@ -16,29 +16,32 @@ ${l}`)}let c=await p.json();if(!c.access_token)throw new Error("No access token
       }
       h1 { animation: checkmark 0.5s ease-out; }
     </style>`:""}
-  </body></html>`}o(Ne,"generateHtml");async function Jn(e,t,r,n,i,a){let s=new URL(e.url??"/",`https://${e.headers.host??"localhost"}`);if(s.pathname!=="/")return t.writeHead(404),t.end("Not found"),{shouldClose:!1};try{console.log("\u{1F504} Exchanging authorization code for tokens...");let p=await a.authorizationCodeGrant(r,s,{pkceCodeVerifier:n,expectedState:i});return t.writeHead(200,{"Content-Type":"text/html"}),t.end(Ne("success","Login Successful!","You can close this window and return to the terminal.")),{shouldClose:!0,tokens:p}}catch(p){let c=p instanceof Error?p:new Error(String(p));return t.writeHead(400,{"Content-Type":"text/html"}),t.end(Ne("error","Authentication Error",c.message)),{shouldClose:!0,error:c}}}o(Jn,"handleCallback");function Yn(e){let t=e/6e4,r=Math.round(t*10)/10;return`${r} ${r===1?"minute":"minutes"}`}o(Yn,"formatTimeoutMinutes");function At(e,t,r,n,i,a={createServer:Bn.createServer,setTimeout:globalThis.setTimeout,clearTimeout:globalThis.clearTimeout,authorizationCodeGrant:Gn}){return new Promise((s,p)=>{let c=a.createServer(t,async(m,g)=>{try{let u=await Jn(m,g,r,n,i,a);u.shouldClose&&(d(),u.error?p(u.error):u.tokens?s(u.tokens):p(new Error("No tokens received")))}catch(u){d(),p(u instanceof Error?u:new Error(String(u)))}}),l=a.setTimeout(()=>{d(),p(new Error(`Login timeout - no response received within ${Yn(e.loginTimeout)}`))},e.loginTimeout);function d(){a.clearTimeout(l),c.close()}o(d,"cleanup"),c.on("error",m=>{d(),m.code==="EADDRINUSE"?console.error(`\u274C Port ${e.port} is already in use.`):console.error(`\u274C Server error: ${m.message}`),p(m)}),c.listen(e.port,"127.0.0.1",()=>{console.log(`\u{1F310} Local HTTPS server started on https://localhost:${e.port}`)})})}o(At,"startCallbackServer");import{mkdirSync as qn}from"fs";import{loadLocalCertificates as zn}from"@cognite/app-sdk/https";var Wn={loadLocalCertificates:zn,mkdirSync:qn,logger:console};async function Dt(e,t=Wn){t.mkdirSync(e,{recursive:!0});let{cert:r,key:n,source:i}=await t.loadLocalCertificates({certDir:e});return i==="mkcert"?t.logger.log("\u{1F510} Using mkcert certificates for HTTPS"):(t.logger.log("\u{1F510} Using in-memory self-signed certificate for HTTPS \u2014 your browser will warn."),t.logger.log("   Run `npx @cognite/cli@latest apps setup-https` to install trusted local certs.")),{cert:r,key:n}}o(Dt,"getOrCreateCertificates");var so={authority:"https://auth.cognite.com",clientId:"0404baaa-0a90-43a2-aba7-a110b53fb41c",redirectUri:"https://localhost:3000/",port:3e3,loginTimeout:300*1e3,certDir:Zn.join(Xn.homedir(),".cdf-login")},ao={open:Qn,getOrCreateCertificates:Dt,startCallbackServer:At,discovery:ro,buildAuthorizationUrl:eo,randomPKCECodeVerifier:oo,calculatePKCECodeChallenge:to,randomState:io,logger:console};async function $t(e,t=so,r){return r===void 0?It(e,t,ao):It(e,t,r)}o($t,"login");async function It(e,t,r){r.logger.log(`\u{1F510} Starting CDF login flow...
-`),r.logger.log(`\u{1F4E1} Fetching OpenID configuration from ${t.authority}...`);let n=await r.discovery(new URL(t.authority),t.clientId,void 0,no()),i=r.randomPKCECodeVerifier(),a=await r.calculatePKCECodeChallenge(i),s=r.randomState(),p={redirect_uri:t.redirectUri,scope:"openid profile email",code_challenge:a,code_challenge_method:"S256",state:s};e&&(p.organization_hint=e);let c=r.buildAuthorizationUrl(n,p).toString(),l=await r.getOrCreateCertificates(t.certDir);e&&r.logger.log(`\u{1F3E2} Organization: ${e}`),r.logger.log(`\u{1F680} Opening browser for authentication...
-`);try{await r.open(c)}catch(d){let m=d instanceof Error?d.message:String(d);r.logger.error("\u274C Failed to open browser automatically."),r.logger.error(`  Reason: ${m}`),r.logger.error(`Please open this URL manually:
-`),r.logger.error(c),r.logger.error("")}return r.startCallbackServer(t,l,n,i,s)}o(It,"loginImpl");async function A(e,t,r={}){let{login:n=$t,getSdk:i=Q,createClient:a=o(s=>new po(s),"createClient")}=r;if(t.interactive){let s=t.orgHint||e.org||void 0,p=await n(s),c=a({appId:t.appId,project:e.project,baseUrl:e.baseUrl,getToken:o(async()=>p.access_token,"getToken")});return await c.authenticate(),c}return i(e,t.appId)}o(A,"getClientForDeployment");import Ft from"enquirer";var Tt="Enter custom target...";function Ot(e,t){let r=t.map((n,i)=>`  ${i}: ${n.org}/${n.project}`).join(`
+  </body></html>`}o(Ne,"generateHtml");async function Yr(e,t,n,r,i,s){let a=new URL(e.url??"/",`https://${e.headers.host??"localhost"}`);if(a.pathname!=="/")return t.writeHead(404),t.end("Not found"),{shouldClose:!1};try{console.log("\u{1F504} Exchanging authorization code for tokens...");let p=await s.authorizationCodeGrant(n,a,{pkceCodeVerifier:r,expectedState:i});return t.writeHead(200,{"Content-Type":"text/html"}),t.end(Ne("success","Login Successful!","You can close this window and return to the terminal.")),{shouldClose:!0,tokens:p}}catch(p){let c=p instanceof Error?p:new Error(String(p));return t.writeHead(400,{"Content-Type":"text/html"}),t.end(Ne("error","Authentication Error",c.message)),{shouldClose:!0,error:c}}}o(Yr,"handleCallback");function qr(e){let t=e/6e4,n=Math.round(t*10)/10;return`${n} ${n===1?"minute":"minutes"}`}o(qr,"formatTimeoutMinutes");function At(e,t,n,r,i,s={createServer:Gr.createServer,setTimeout:globalThis.setTimeout,clearTimeout:globalThis.clearTimeout,authorizationCodeGrant:Jr}){return new Promise((a,p)=>{let c=s.createServer(t,async(m,g)=>{try{let u=await Yr(m,g,n,r,i,s);u.shouldClose&&(d(),u.error?p(u.error):u.tokens?a(u.tokens):p(new Error("No tokens received")))}catch(u){d(),p(u instanceof Error?u:new Error(String(u)))}}),l=s.setTimeout(()=>{d(),p(new Error(`Login timeout - no response received within ${qr(e.loginTimeout)}`))},e.loginTimeout);function d(){s.clearTimeout(l),c.close()}o(d,"cleanup"),c.on("error",m=>{d(),m.code==="EADDRINUSE"?console.error(`\u274C Port ${e.port} is already in use.`):console.error(`\u274C Server error: ${m.message}`),p(m)}),c.listen(e.port,"127.0.0.1",()=>{console.log(`\u{1F310} Local HTTPS server started on https://localhost:${e.port}`)})})}o(At,"startCallbackServer");import{execFileSync as zr}from"child_process";import Me from"fs";import Dt from"path";function It(e,t,n){return{key:n.readFileSync(e),cert:n.readFileSync(t)}}o(It,"loadCertificates");function Wr(e,t,n,r){console.log("\u{1F510} Generating self-signed certificate for HTTPS..."),r.existsSync(e)||r.mkdirSync(e,{recursive:!0});try{return r.execFileSync("openssl",["req","-x509","-newkey","rsa:2048","-nodes","-sha256","-subj","/CN=localhost","-keyout",t,"-out",n,"-days","365"],{stdio:["ignore","pipe","ignore"]}),console.log("\u2705 Certificate generated and saved locally"),It(t,n,r)}catch{throw new Error(`Failed to generate self-signed certificate. Make sure openssl is installed.
+  On macOS: openssl is pre-installed
+  On Linux: sudo apt-get install openssl
+  On Windows: Install OpenSSL or use WSL`)}}o(Wr,"generateCertificate");function $t(e,t={existsSync:Me.existsSync,readFileSync:o(n=>Me.readFileSync(n),"readFileSync"),mkdirSync:o((n,r)=>{Me.mkdirSync(n,r)},"mkdirSync"),execFileSync:zr}){let n=Dt.join(e,"localhost-key.pem"),r=Dt.join(e,"localhost-cert.pem");return t.existsSync(n)&&t.existsSync(r)?It(n,r,t):Wr(e,n,r,t)}o($t,"getOrCreateCertificates");var so={authority:"https://auth.cognite.com",clientId:"0404baaa-0a90-43a2-aba7-a110b53fb41c",redirectUri:"https://localhost:3000/",port:3e3,loginTimeout:300*1e3,certDir:Zr.join(Xr.homedir(),".cdf-login")},ao={open:Qr,getOrCreateCertificates:$t,startCallbackServer:At,discovery:no,buildAuthorizationUrl:eo,randomPKCECodeVerifier:oo,calculatePKCECodeChallenge:to,randomState:io,logger:console};async function Tt(e,t=so,n){return n===void 0?Ft(e,t,ao):Ft(e,t,n)}o(Tt,"login");async function Ft(e,t,n){n.logger.log(`\u{1F510} Starting CDF login flow...
+`),n.logger.log(`\u{1F4E1} Fetching OpenID configuration from ${t.authority}...`);let r=await n.discovery(new URL(t.authority),t.clientId,void 0,ro()),i=n.randomPKCECodeVerifier(),s=await n.calculatePKCECodeChallenge(i),a=n.randomState(),p={redirect_uri:t.redirectUri,scope:"openid profile email",code_challenge:s,code_challenge_method:"S256",state:a};e&&(p.organization_hint=e);let c=n.buildAuthorizationUrl(r,p).toString(),l=n.getOrCreateCertificates(t.certDir);e&&n.logger.log(`\u{1F3E2} Organization: ${e}`),n.logger.log(`\u{1F680} Opening browser for authentication...
+`);try{await n.open(c)}catch(d){let m=d instanceof Error?d.message:String(d);n.logger.error("\u274C Failed to open browser automatically."),n.logger.error(`  Reason: ${m}`),n.logger.error(`Please open this URL manually:
+`),n.logger.error(c),n.logger.error("")}return n.startCallbackServer(t,l,r,i,a)}o(Ft,"loginImpl");async function A(e,t,n={}){let{login:r=Tt,getSdk:i=Q,createClient:s=o(a=>new po(a),"createClient")}=n;if(t.interactive){let a=t.orgHint||e.org||void 0,p=await r(a),c=s({appId:t.appId,project:e.project,baseUrl:e.baseUrl,getToken:o(async()=>p.access_token,"getToken")});return await c.authenticate(),c}return i(e,t.appId)}o(A,"getClientForDeployment");import Ot from"enquirer";var Rt="Enter custom target...";function _t(e,t){let n=t.map((r,i)=>`  ${i}: ${r.org}/${r.project}`).join(`
 `);throw new Error(`Deployment "${e}" not found. Available deployments:
-${r}`)}o(Ot,"deploymentNotFoundError");function b(e,t){if(e.length===0)throw new Error("No deployments configured in app.json");if(t===void 0)return e[0];if(/^\d+$/.test(t)){let n=e[Number.parseInt(t)];if(n)return n;Ot(t,e)}let r=e.find(n=>n.project===t||`${n.org}/${n.project}`===t);if(r)return r;Ot(t,e)}o(b,"findDeployment");function D(e){let t=[];return e.deployClientId||t.push("deployClientId"),e.deploySecretName||t.push("deploySecretName"),t}o(D,"getMissingCredentials");async function I(e,t){if(t.baseUrl&&t.project)return{org:t.org??"",project:t.project,baseUrl:t.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"};if(t.deployment!==void 0)return b(e.deployments,t.deployment);let r=[...e.deployments.map(a=>`${a.org}/${a.project}`),Tt],{selected:n}=await Ft.prompt({type:"select",name:"selected",message:"Select deployment target",choices:r});if(n!==Tt){let a=e.deployments.find(s=>`${s.org}/${s.project}`===n);if(a)return a;throw new Error(`Deployment "${n}" could not be resolved from app.json.`)}let i=await Ft.prompt([{type:"input",name:"baseUrl",message:"CDF Base URL",initial:"https://api.cognitedata.com"},{type:"input",name:"project",message:"CDF Project",validate:o(a=>a?!0:"Project is required","validate")},{type:"input",name:"org",message:"Organization (for login hint)",initial:""}]);return{org:i.org||"",project:i.project,baseUrl:i.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"}}o(I,"resolveDeployment");import{existsSync as Ho,readFileSync as Vo}from"fs";import{execFile as lo}from"child_process";import{promisify as mo}from"util";import{platform as co}from"os";function B(e,t={}){let{platform:r=co}=t;switch(r()){case"darwin":return e==="macos";case"win32":return e==="windows";default:return e==="other"}}o(B,"isOS");var _t="cognite-flows",uo=mo(lo),Ut=o((e,t)=>uo(e,t),"defaultExecFile"),go=-25300,fo=go&255;function yo(e){if(!(e instanceof Error)||!("code"in e)||e.code!==fo)return!1;let t="stderr"in e?String(e.stderr):"";return/could not be found/i.test(t)||t===""}o(yo,"isKeychainNotFoundError");async function Lt(e,t,r={}){if(!B("macos",r))throw new Error("Keychain storage is only supported on macOS");let{execFile:n=Ut}=r;await n("security",["add-generic-password","-a",e,"-s",_t,"-w",Buffer.from(t,"utf-8").toString("base64"),"-U"])}o(Lt,"storeKeyInKeychain");async function me(e,t={}){if(!B("macos",t))return null;let{execFile:r=Ut}=t;try{let{stdout:n}=await r("security",["find-generic-password","-a",e,"-s",_t,"-w"]);return Buffer.from(n.trim(),"base64").toString("utf-8")}catch(n){if(yo(n))return null;throw n}}o(me,"readKeyFromKeychain");import{pbkdf2 as wo,randomBytes as vo}from"crypto";import{promisify as Co}from"util";import{CompactEncrypt as Po,base64url as Kt,compactDecrypt as Eo}from"jose";var ho=new TextEncoder,So=new TextDecoder,Me={encode:o(e=>ho.encode(e),"encode"),decode:o(e=>So.decode(e),"decode")};var ko=Co(wo),Be=6e5,bo="sha512",He="PBKDF2-HMAC-SHA512",Ve=16,ue="A256GCM",xo=32,ge=2e6;async function jt(e,t,r){return await ko(e,t,r,xo,bo)}o(jt,"deriveKey");async function Nt(e,t,r=Be){if(!Number.isInteger(r)||r<1||r>ge)throw new Error(`Invalid iterations: must be an integer between 1 and ${ge}`);let n=vo(Ve),i=await jt(t,n,r);return await new Po(Me.encode(e)).setProtectedHeader({alg:"dir",enc:ue,kdf:He,kdf_iter:r,kdf_salt:Kt.encode(n)}).encrypt(i)}o(Nt,"encryptStringAsJwe");async function Mt(e,t){let{plaintext:r}=await Eo(e,async n=>{if(!e.length)throw new Error("Unexpected JWE empty value");if(t.length<15)throw new Error(`Invalid passphrase it should be at least ${15} but got ${t.length}`);if(n.alg!=="dir")throw new Error(`Unexpected JWE alg "${String(n.alg)}"; only "dir" is supported`);if(n.enc!==ue)throw new Error(`Unexpected JWE enc "${String(n.enc)}"; only "${ue}" is supported`);if(n.kdf!==He)throw new Error(`Unexpected KDF "${String(n.kdf)}"; only "${He}" is supported`);let i=Number(n.kdf_iter);if(!Number.isInteger(i)||i<1||i>ge)throw new Error(`Invalid kdf_iter in JWE header: must be an integer between 1 and ${ge}`);if(typeof n.kdf_salt!="string")throw new Error("Missing kdf_salt in JWE header");let a=Kt.decode(n.kdf_salt);if(a.length!==Ve)throw new Error(`Invalid kdf_salt length in JWE header: expected ${Ve} bytes, got ${a.length}`);return await jt(t,a,i)},{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:[ue]});return Me.decode(r)}o(Mt,"decryptJweAsString");function Ao(e){let t=e.trim();return t.startsWith("eyJ")&&t.split(".").length===5}o(Ao,"isJweCompact");var Ht=Ao;import{existsSync as Io,readdirSync as $o,readFileSync as Fo}from"fs";import{join as Ge}from"path";import{homedir as Do}from"os";import{join as Vt}from"path";function F(e={}){let{env:t=process.env,homedir:r=Do}=e,n=t.COGNITE_CLI_HOME?.trim()||Vt(r(),".cognite-cli");return{home:n,keysDir:Vt(n,"keys")}}o(F,"getConfig");var ee=".pub.pem",Je=".key.jwe",Ye=".meta.json";function fe(e){switch(e.kind){case"keychain":return"Keychain";case"encrypted-file":return e.path;case"public-only":return"public-only (private key missing)"}}o(fe,"formatLocalKeySource");function To(e){return{existsSync:e.existsSync??Io,readdirSync:e.readdirSync??$o,readFileSync:e.readFileSync??((t,r)=>Fo(t,r)),isOS:e.isOS??(t=>B(t)),readKeyFromKeychain:e.readKeyFromKeychain??(t=>me(t))}}o(To,"resolveDeps");function Oo(e){try{let t=JSON.parse(e);if(typeof t=="object"&&t!==null&&!Array.isArray(t)&&"email"in t&&typeof t.email=="string")return t.email}catch{}}o(Oo,"readEmailFromMeta");function Ro(e,t){return t.existsSync(e)?t.readdirSync(e).filter(r=>r.endsWith(ee)):[]}o(Ro,"publicKeyEntries");function _o(e){return e.slice(0,-ee.length)}o(_o,"kidFromPublicKeyFilename");async function Uo(e,t,r){if(r.isOS("macos")&&await r.readKeyFromKeychain(e).catch(()=>null)!==null)return{kind:"keychain"};let n=Ge(t,`${e}${Je}`);return r.existsSync(n)?{kind:"encrypted-file",path:n}:{kind:"public-only"}}o(Uo,"resolveSource");async function ye(e=F().keysDir,t={}){let r=To(t),n=new Set,i=Ro(e,r).flatMap(a=>{let s=_o(a);return!s||n.has(s)?[]:(n.add(s),[{kid:s,entry:a}])});return Promise.all(i.map(async({kid:a,entry:s})=>{let p=await Uo(a,e,r),c=Ge(e,`${a}${Ye}`),l;try{l=Oo(r.readFileSync(c,"utf8"))}catch{}return{kid:a,source:p,publicKeyPath:Ge(e,s),email:l}}))}o(ye,"discoverLocalKeys");import Lo from"enquirer";async function Ko(e){return Lo.prompt(e)}o(Ko,"defaultPrompt");async function Bt(e,t={}){let{prompt:r=Ko}=t,{passphrase:n}=await r({type:"password",name:"passphrase",message:e});return n}o(Bt,"promptPassphrase");import No from"enquirer";import{statSync as jo}from"fs";function Gt(e,t=jo){return e.map(r=>({key:r,mtime:t(r.publicKeyPath).mtimeMs})).sort((r,n)=>n.mtime-r.mtime).map(({key:r})=>r)}o(Gt,"sortByMtime");async function Mo(e){return No.prompt(e)}o(Mo,"defaultPrompt");async function Jt(e,t={}){if(e.length===1)return e[0];let{prompt:r=Mo,sortByMtime:n=Gt}=t,i=n(e),a=i[0],{choice:s}=await r({type:"select",name:"choice",message:"Select signing identity",choices:[{name:"latest",message:`Use latest: ${a.kid}`},{name:"pick",message:"Pick from list"}]});if(s==="latest")return a;if(s==="pick"){let{kid:p}=await r({type:"select",name:"kid",message:"Select signing identity",choices:i.map(l=>({name:l.kid,message:[l.kid,l.email,fe(l.source)].filter(Boolean).join("  \u2014  ")}))}),c=i.find(l=>l.kid===p);if(!c)throw new Error("No signing identity selected");return c}else throw new Error(`Unexpected choice: "${s}"`)}o(Jt,"promptSigningIdentity");function Bo(e){return{existsSync:e.existsSync??Ho,readFileSync:e.readFileSync??((t,r)=>Vo(t,r)),readKeyFromKeychain:e.readKeyFromKeychain??me,decryptJweAsString:e.decryptJweAsString??Mt,discoverLocalKeys:e.discoverLocalKeys??ye,keysDir:e.keysDir??F().keysDir,promptPassphrase:e.promptPassphrase??Bt,promptSigningIdentity:e.promptSigningIdentity??Jt}}o(Bo,"resolveDeps");async function Yt(e,t={}){let r=Bo(t);if(e.keyPath){if(!r.existsSync(e.keyPath))throw new Error(`Key file not found: ${e.keyPath}`);if(!e.kid)throw new Error("--signing-identity <kid> is required when using --key");let a=r.readFileSync(e.keyPath,"utf-8").trim();if(Ht(a)){let s=await r.promptPassphrase(`Passphrase for key ${e.kid}: `);return{privateKeyPem:await r.decryptJweAsString(a,s),kid:e.kid}}return{privateKeyPem:a,kid:e.kid}}let n=await r.discoverLocalKeys(r.keysDir);if(n.length===0)throw new Error("No signing keys found. Run `cognite keys generate` or pass --key.");let i=e.kid?n.find(a=>a.kid===e.kid):await r.promptSigningIdentity(n);if(!i)throw new Error(`No key found with kid "${e.kid}"`);switch(i.source.kind){case"keychain":{let a=await r.readKeyFromKeychain(i.kid);if(!a)throw new Error(`Key "${i.kid}" not found in Keychain`);return{privateKeyPem:a,kid:i.kid}}case"encrypted-file":{let a=await r.promptPassphrase(`Passphrase for key ${i.kid}: `);return{privateKeyPem:await r.decryptJweAsString(r.readFileSync(i.source.path,"utf-8"),a),kid:i.kid}}case"public-only":throw new Error(`Key "${i.kid}" has no private key on this machine (public-only).`)}}o(Yt,"resolvePrivateKey");var ri=o(async(e,t,r,n,i)=>{let a=await A(e,{interactive:i.interactive??!1,appId:t,orgHint:i.org});await new P(a).submitSignatures(t,r,n)},"defaultSubmitSignatures");function ni(e){let t=Go(e);return new ReadableStream({start(r){t.on("data",n=>{let i=typeof n=="string"?Buffer.from(n):n;r.enqueue(new Uint8Array(i))}),t.on("end",()=>r.close()),t.on("error",n=>r.error(n))},cancel(){t.destroy()}})}o(ni,"createWebStreamFromFile");function oi(e){return{existsSync:e.existsSync??Jo,readFileSync:e.readFileSync??((t,r)=>Yo(t,r)),writeFileSync:e.writeFileSync??qo,createBundleStream:e.createBundleStream??ni,signBundle:e.signBundle??ei,hashDevSignature:e.hashDevSignature??Zo,parseScope:e.parseScope??Qo,validateScopes:e.validateScopes??ti,loadAppConfig:e.loadAppConfig??E,resolvePrivateKey:e.resolvePrivateKey??(t=>Yt(t)),submitSignatures:e.submitSignatures??ri,discoverSignatures:e.discoverSignatures??Z}}o(oi,"resolveDeps");async function qt(e,t,r={},n=process.cwd()){let i=oi(r),a=t.appid,s=t.appVersion,p=[],c=i.loadAppConfig(n);if(a=a??c.externalId,s=s??c.versionTag,t.scope&&t.scope.length>0?p=t.scope.map(i.parseScope):p=c.deployments.map(y=>({org:y.org,project:y.project})),!a)throw new Error("--appid is required (or set externalId in app.json)");if(!s)throw new Error("--app-version is required (or set versionTag in app.json)");let l=e?he(n,e):H(n,a,s);if(!i.existsSync(l)){let y=e?"":" (default derived from app.json \u2014 pass [bundle] explicitly to override, or run `cognite apps deploy` first to populate .cognite-bundles/)";throw new Error(`Bundle not found: ${l}${y}`)}let d=i.validateScopes(p);if(d.length>0)throw new Error(`Invalid scopes:
+${n}`)}o(_t,"deploymentNotFoundError");function k(e,t){if(e.length===0)throw new Error("No deployments configured in app.json");if(t===void 0)return e[0];if(/^\d+$/.test(t)){let r=e[Number.parseInt(t)];if(r)return r;_t(t,e)}let n=e.find(r=>r.project===t||`${r.org}/${r.project}`===t);if(n)return n;_t(t,e)}o(k,"findDeployment");function D(e){let t=[];return e.deployClientId||t.push("deployClientId"),e.deploySecretName||t.push("deploySecretName"),t}o(D,"getMissingCredentials");async function I(e,t){if(t.baseUrl&&t.project)return{org:t.org??"",project:t.project,baseUrl:t.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"};if(t.deployment!==void 0)return k(e.deployments,t.deployment);let n=[...e.deployments.map(s=>`${s.org}/${s.project}`),Rt],{selected:r}=await Ot.prompt({type:"select",name:"selected",message:"Select deployment target",choices:n});if(r!==Rt){let s=e.deployments.find(a=>`${a.org}/${a.project}`===r);if(s)return s;throw new Error(`Deployment "${r}" could not be resolved from app.json.`)}let i=await Ot.prompt([{type:"input",name:"baseUrl",message:"CDF Base URL",initial:"https://api.cognitedata.com"},{type:"input",name:"project",message:"CDF Project",validate:o(s=>s?!0:"Project is required","validate")},{type:"input",name:"org",message:"Organization (for login hint)",initial:""}]);return{org:i.org||"",project:i.project,baseUrl:i.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"}}o(I,"resolveDeployment");import{existsSync as Vo,readFileSync as Ho}from"fs";import{execFile as lo}from"child_process";import{promisify as mo}from"util";import{platform as co}from"os";function B(e,t={}){let{platform:n=co}=t;switch(n()){case"darwin":return e==="macos";case"win32":return e==="windows";default:return e==="other"}}o(B,"isOS");var Kt="cognite-flows",uo=mo(lo),Lt=o((e,t)=>uo(e,t),"defaultExecFile"),go=-25300,fo=go&255;function yo(e){if(!(e instanceof Error)||!("code"in e)||e.code!==fo)return!1;let t="stderr"in e?String(e.stderr):"";return/could not be found/i.test(t)||t===""}o(yo,"isKeychainNotFoundError");async function jt(e,t,n={}){if(!B("macos",n))throw new Error("Keychain storage is only supported on macOS");let{execFile:r=Lt}=n;await r("security",["add-generic-password","-a",e,"-s",Kt,"-w",Buffer.from(t,"utf-8").toString("base64"),"-U"])}o(jt,"storeKeyInKeychain");async function me(e,t={}){if(!B("macos",t))return null;let{execFile:n=Lt}=t;try{let{stdout:r}=await n("security",["find-generic-password","-a",e,"-s",Kt,"-w"]);return Buffer.from(r.trim(),"base64").toString("utf-8")}catch(r){if(yo(r))return null;throw r}}o(me,"readKeyFromKeychain");import{pbkdf2 as wo,randomBytes as vo}from"crypto";import{promisify as Co}from"util";import{CompactEncrypt as Po,base64url as Nt,compactDecrypt as Eo}from"jose";var ho=new TextEncoder,So=new TextDecoder,Ve={encode:o(e=>ho.encode(e),"encode"),decode:o(e=>So.decode(e),"decode")};var bo=Co(wo),Ge=6e5,ko="sha512",He="PBKDF2-HMAC-SHA512",Be=16,ue="A256GCM",xo=32,ge=2e6;async function Mt(e,t,n){return await bo(e,t,n,xo,ko)}o(Mt,"deriveKey");async function Vt(e,t,n=Ge){if(!Number.isInteger(n)||n<1||n>ge)throw new Error(`Invalid iterations: must be an integer between 1 and ${ge}`);let r=vo(Be),i=await Mt(t,r,n);return await new Po(Ve.encode(e)).setProtectedHeader({alg:"dir",enc:ue,kdf:He,kdf_iter:n,kdf_salt:Nt.encode(r)}).encrypt(i)}o(Vt,"encryptStringAsJwe");async function Ht(e,t){let{plaintext:n}=await Eo(e,async r=>{if(!e.length)throw new Error("Unexpected JWE empty value");if(t.length<15)throw new Error(`Invalid passphrase it should be at least ${15} but got ${t.length}`);if(r.alg!=="dir")throw new Error(`Unexpected JWE alg "${String(r.alg)}"; only "dir" is supported`);if(r.enc!==ue)throw new Error(`Unexpected JWE enc "${String(r.enc)}"; only "${ue}" is supported`);if(r.kdf!==He)throw new Error(`Unexpected KDF "${String(r.kdf)}"; only "${He}" is supported`);let i=Number(r.kdf_iter);if(!Number.isInteger(i)||i<1||i>ge)throw new Error(`Invalid kdf_iter in JWE header: must be an integer between 1 and ${ge}`);if(typeof r.kdf_salt!="string")throw new Error("Missing kdf_salt in JWE header");let s=Nt.decode(r.kdf_salt);if(s.length!==Be)throw new Error(`Invalid kdf_salt length in JWE header: expected ${Be} bytes, got ${s.length}`);return await Mt(t,s,i)},{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:[ue]});return Ve.decode(n)}o(Ht,"decryptJweAsString");function Ao(e){let t=e.trim();return t.startsWith("eyJ")&&t.split(".").length===5}o(Ao,"isJweCompact");var Bt=Ao;import{existsSync as Io,readdirSync as $o,readFileSync as Fo}from"fs";import{join as Je}from"path";import{homedir as Do}from"os";import{join as Gt}from"path";function F(e={}){let{env:t=process.env,homedir:n=Do}=e,r=t.COGNITE_CLI_HOME?.trim()||Gt(n(),".cognite-cli");return{home:r,keysDir:Gt(r,"keys")}}o(F,"getConfig");var ee=".pub.pem",Ye=".key.jwe",qe=".meta.json";function fe(e){switch(e.kind){case"keychain":return"Keychain";case"encrypted-file":return e.path;case"public-only":return"public-only (private key missing)"}}o(fe,"formatLocalKeySource");function To(e){return{existsSync:e.existsSync??Io,readdirSync:e.readdirSync??$o,readFileSync:e.readFileSync??((t,n)=>Fo(t,n)),isOS:e.isOS??(t=>B(t)),readKeyFromKeychain:e.readKeyFromKeychain??(t=>me(t))}}o(To,"resolveDeps");function Oo(e){try{let t=JSON.parse(e);if(typeof t=="object"&&t!==null&&!Array.isArray(t)&&"email"in t&&typeof t.email=="string")return t.email}catch{}}o(Oo,"readEmailFromMeta");function Ro(e,t){return t.existsSync(e)?t.readdirSync(e).filter(n=>n.endsWith(ee)):[]}o(Ro,"publicKeyEntries");function _o(e){return e.slice(0,-ee.length)}o(_o,"kidFromPublicKeyFilename");async function Uo(e,t,n){if(n.isOS("macos")&&await n.readKeyFromKeychain(e).catch(()=>null)!==null)return{kind:"keychain"};let r=Je(t,`${e}${Ye}`);return n.existsSync(r)?{kind:"encrypted-file",path:r}:{kind:"public-only"}}o(Uo,"resolveSource");async function ye(e=F().keysDir,t={}){let n=To(t),r=new Set,i=Ro(e,n).flatMap(s=>{let a=_o(s);return!a||r.has(a)?[]:(r.add(a),[{kid:a,entry:s}])});return Promise.all(i.map(async({kid:s,entry:a})=>{let p=await Uo(s,e,n),c=Je(e,`${s}${qe}`),l;try{l=Oo(n.readFileSync(c,"utf8"))}catch{}return{kid:s,source:p,publicKeyPath:Je(e,a),email:l}}))}o(ye,"discoverLocalKeys");import Ko from"enquirer";async function Lo(e){return Ko.prompt(e)}o(Lo,"defaultPrompt");async function Jt(e,t={}){let{prompt:n=Lo}=t,{passphrase:r}=await n({type:"password",name:"passphrase",message:e});return r}o(Jt,"promptPassphrase");import No from"enquirer";import{statSync as jo}from"fs";function Yt(e,t=jo){return e.map(n=>({key:n,mtime:t(n.publicKeyPath).mtimeMs})).sort((n,r)=>r.mtime-n.mtime).map(({key:n})=>n)}o(Yt,"sortByMtime");async function Mo(e){return No.prompt(e)}o(Mo,"defaultPrompt");async function qt(e,t={}){if(e.length===1)return e[0];let{prompt:n=Mo,sortByMtime:r=Yt}=t,i=r(e),s=i[0],{choice:a}=await n({type:"select",name:"choice",message:"Select signing identity",choices:[{name:"latest",message:`Use latest: ${s.kid}`},{name:"pick",message:"Pick from list"}]});if(a==="latest")return s;if(a==="pick"){let{kid:p}=await n({type:"select",name:"kid",message:"Select signing identity",choices:i.map(l=>({name:l.kid,message:[l.kid,l.email,fe(l.source)].filter(Boolean).join("  \u2014  ")}))}),c=i.find(l=>l.kid===p);if(!c)throw new Error("No signing identity selected");return c}else throw new Error(`Unexpected choice: "${a}"`)}o(qt,"promptSigningIdentity");function Bo(e){return{existsSync:e.existsSync??Vo,readFileSync:e.readFileSync??((t,n)=>Ho(t,n)),readKeyFromKeychain:e.readKeyFromKeychain??me,decryptJweAsString:e.decryptJweAsString??Ht,discoverLocalKeys:e.discoverLocalKeys??ye,keysDir:e.keysDir??F().keysDir,promptPassphrase:e.promptPassphrase??Jt,promptSigningIdentity:e.promptSigningIdentity??qt}}o(Bo,"resolveDeps");async function zt(e,t={}){let n=Bo(t);if(e.keyPath){if(!n.existsSync(e.keyPath))throw new Error(`Key file not found: ${e.keyPath}`);if(!e.kid)throw new Error("--signing-identity <kid> is required when using --key");let s=n.readFileSync(e.keyPath,"utf-8").trim();if(Bt(s)){let a=await n.promptPassphrase(`Passphrase for key ${e.kid}: `);return{privateKeyPem:await n.decryptJweAsString(s,a),kid:e.kid}}return{privateKeyPem:s,kid:e.kid}}let r=await n.discoverLocalKeys(n.keysDir);if(r.length===0)throw new Error("No signing keys found. Run `cognite keys generate` or pass --key.");let i=e.kid?r.find(s=>s.kid===e.kid):await n.promptSigningIdentity(r);if(!i)throw new Error(`No key found with kid "${e.kid}"`);switch(i.source.kind){case"keychain":{let s=await n.readKeyFromKeychain(i.kid);if(!s)throw new Error(`Key "${i.kid}" not found in Keychain`);return{privateKeyPem:s,kid:i.kid}}case"encrypted-file":{let s=await n.promptPassphrase(`Passphrase for key ${i.kid}: `);return{privateKeyPem:await n.decryptJweAsString(n.readFileSync(i.source.path,"utf-8"),s),kid:i.kid}}case"public-only":throw new Error(`Key "${i.kid}" has no private key on this machine (public-only).`)}}o(zt,"resolvePrivateKey");var ni=o(async(e,t,n,r,i)=>{let s=await A(e,{interactive:i.interactive??!1,appId:t,orgHint:i.org});await new P(s).submitSignatures(t,n,r)},"defaultSubmitSignatures");function ri(e){let t=Go(e);return new ReadableStream({start(n){t.on("data",r=>{let i=typeof r=="string"?Buffer.from(r):r;n.enqueue(new Uint8Array(i))}),t.on("end",()=>n.close()),t.on("error",r=>n.error(r))},cancel(){t.destroy()}})}o(ri,"createWebStreamFromFile");function oi(e){return{existsSync:e.existsSync??Jo,readFileSync:e.readFileSync??((t,n)=>Yo(t,n)),writeFileSync:e.writeFileSync??qo,createBundleStream:e.createBundleStream??ri,signBundle:e.signBundle??ei,hashDevSignature:e.hashDevSignature??Zo,parseScope:e.parseScope??Qo,validateScopes:e.validateScopes??ti,loadAppConfig:e.loadAppConfig??E,resolvePrivateKey:e.resolvePrivateKey??(t=>zt(t)),submitSignatures:e.submitSignatures??ni,discoverSignatures:e.discoverSignatures??Z}}o(oi,"resolveDeps");async function Wt(e,t,n={},r=process.cwd()){let i=oi(n),s=t.appid,a=t.appVersion,p=[],c=i.loadAppConfig(r);if(s=s??c.externalId,a=a??c.versionTag,t.scope&&t.scope.length>0?p=t.scope.map(i.parseScope):p=c.deployments.map(y=>({org:y.org,project:y.project})),!s)throw new Error("--appid is required (or set externalId in app.json)");if(!a)throw new Error("--app-version is required (or set versionTag in app.json)");let l=e?he(r,e):V(r,s,a);if(!i.existsSync(l)){let y=e?"":" (default derived from app.json \u2014 pass [bundle] explicitly to override, or run `cognite apps deploy` first to populate .cognite-bundles/)";throw new Error(`Bundle not found: ${l}${y}`)}let d=i.validateScopes(p);if(d.length>0)throw new Error(`Invalid scopes:
   ${d.join(`
-  `)}`);let{privateKeyPem:m,kid:g}=await i.resolvePrivateKey({keyPath:t.key?he(n,t.key):void 0,kid:t.signingIdentity}),u;if(t.devSig){let y=he(n,t.devSig);if(!i.existsSync(y))throw new Error(`Dev signature file not found: ${y}`);let C=i.readFileSync(y,"utf-8").trim();u=await i.hashDevSignature(C)}let f=i.createBundleStream(l),S=await i.signBundle({privateKeyPem:m,kid:g,appId:a,version:s,bundleStream:f,role:t.asCertifier?"certifier":"developer",scopes:p,devSignatureSha256:u}),v=t.output?he(n,t.output):Xo(Wo(l),`${zo(l)}.${t.asCertifier?"cert":"dev"}.sig`);i.writeFileSync(v,S.token,"utf-8"),console.log(`\u2705 Signed: ${v}`),console.log(`   kid:    ${S.kid}`),console.log(`   bundle: ${S.payload.bundleSha256}`),console.log(`   scopes: ${S.payload.scopes.map(y=>`${y.org}/${y.project}`).join(", ")}`),t.verbose&&console.log(`
-Payload:`,JSON.stringify(S.payload,null,2));let h=Array.from(new Set([...i.discoverSignatures(l),S.token])),k=t.interactive?await I(c,{deployment:t.deployment,baseUrl:t.baseUrl,project:t.project,org:t.org}):b(c.deployments,t.deployment);if(!t.interactive){let y=D(k);if(y.length>0)throw new Error(`Deployment ${k.org}/${k.project} is missing ${y.join(" and ")} in app.json. Use \`cognite apps sign --interactive\` for browser-based authentication instead.`)}await i.submitSignatures(k,a,s,h,t),console.log(`
-To publish:  npx @cognite/cli apps publish .`)}o(qt,"handleSign");function zt(e,t={}){return e.command("sign [bundle]").description("Sign an app bundle (defaults to .cognite-bundles/<app>-<version>.zip)").option("--key <path>","Private key PEM file path").option("-s, --signing-identity <kid>","Key ID for Keychain or file lookup").option("--appid <id>","Application ID (default: externalId from app.json)").option("-i, --identifier <id>","Alias for --appid").option("--app-version <version>","App version (default: versionTag from app.json)").option("--scope <org/project...>","Deployment scope(s) (default: deployments from app.json)").option("-r, --requirements <org/project...>","Alias for --scope").option("-o, --output <path>","Output file path (default: <bundle>.<dev|cert>.sig)").option("-v, --verbose","Display full payload after signing").option("--as-certifier","Counter-sign a developer signature as certifier").option("--interactive","After signing, submit the signature to App Hosting using browser-based auth",!1).option("-d, --deployment <target>","Deployment target from app.json (index or name; submit step only)").option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").action((r,n)=>{let i={...n,appid:n.identifier??n.appid,scope:n.requirements??n.scope};return qt(r,i,t)})}o(zt,"registerSignCommand");import{existsSync as ii}from"fs";import{resolve as si}from"path";import{config as ai}from"dotenv";function R(e,t={existsSync:ii,config:ai}){let r=si(e,".env");t.existsSync(r)&&(console.log(`Loading environment variables from ${r}`),t.config({path:r}))}o(R,"loadEnvFile");function _(e){e.infra!=="appsApi"&&(console.error(`
+  `)}`);let{privateKeyPem:m,kid:g}=await i.resolvePrivateKey({keyPath:t.key?he(r,t.key):void 0,kid:t.signingIdentity}),u;if(t.devSig){let y=he(r,t.devSig);if(!i.existsSync(y))throw new Error(`Dev signature file not found: ${y}`);let C=i.readFileSync(y,"utf-8").trim();u=await i.hashDevSignature(C)}let f=i.createBundleStream(l),S=await i.signBundle({privateKeyPem:m,kid:g,appId:s,version:a,bundleStream:f,role:t.asCertifier?"certifier":"developer",scopes:p,devSignatureSha256:u}),v=t.output?he(r,t.output):Xo(Wo(l),`${zo(l)}.${t.asCertifier?"cert":"dev"}.sig`);i.writeFileSync(v,S.token,"utf-8"),console.log(`\u2705 Signed: ${v}`),console.log(`   kid:    ${S.kid}`),console.log(`   bundle: ${S.payload.bundleSha256}`),console.log(`   scopes: ${S.payload.scopes.map(y=>`${y.org}/${y.project}`).join(", ")}`),t.verbose&&console.log(`
+Payload:`,JSON.stringify(S.payload,null,2));let h=Array.from(new Set([...i.discoverSignatures(l),S.token])),b=t.interactive?await I(c,{deployment:t.deployment,baseUrl:t.baseUrl,project:t.project,org:t.org}):k(c.deployments,t.deployment);if(!t.interactive){let y=D(b);if(y.length>0)throw new Error(`Deployment ${b.org}/${b.project} is missing ${y.join(" and ")} in app.json. Use \`cognite apps sign --interactive\` for browser-based authentication instead.`)}await i.submitSignatures(b,s,a,h,t),console.log(`
+To publish:  npx @cognite/cli apps publish .`)}o(Wt,"handleSign");function Xt(e,t={}){return e.command("sign [bundle]").description("Sign an app bundle (defaults to .cognite-bundles/<app>-<version>.zip)").option("--key <path>","Private key PEM file path").option("-s, --signing-identity <kid>","Key ID for Keychain or file lookup").option("--appid <id>","Application ID (default: externalId from app.json)").option("-i, --identifier <id>","Alias for --appid").option("--app-version <version>","App version (default: versionTag from app.json)").option("--scope <org/project...>","Deployment scope(s) (default: deployments from app.json)").option("-r, --requirements <org/project...>","Alias for --scope").option("-o, --output <path>","Output file path (default: <bundle>.<dev|cert>.sig)").option("-v, --verbose","Display full payload after signing").option("--as-certifier","Counter-sign a developer signature as certifier").option("--interactive","After signing, submit the signature to App Hosting using browser-based auth",!1).option("-d, --deployment <target>","Deployment target from app.json (index or name; submit step only)").option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").action((n,r)=>{let i={...r,appid:r.identifier??r.appid,scope:r.requirements??r.scope};return Wt(n,i,t)})}o(Xt,"registerSignCommand");import{existsSync as ii}from"fs";import{resolve as si}from"path";import{config as ai}from"dotenv";function R(e,t={existsSync:ii,config:ai}){let n=si(e,".env");t.existsSync(n)&&(console.log(`Loading environment variables from ${n}`),t.config({path:n}))}o(R,"loadEnvFile");function _(e){e.infra!=="appsApi"&&(console.error(`
 \u26A0\uFE0F  Legacy infrastructure is no longer supported.
 Your app.json is missing \`"infra": "appsApi"\`, which means it was created for
 the old CDF Application Registry. This deploy path has been removed.
 To migrate: add \`"infra": "appsApi"\` to your app.json, wire up the correct authentication and re-deploy.
-`),process.exit(1))}o(_,"assertAppHostingInfra");async function pi(e){let t=process.cwd();R(t);let r=E(t);_(r);let n=e.interactive?await I(r,e):b(r.deployments,e.deployment);if(!e.interactive){let d=D(n);if(d.length>0)throw new Error(`Deployment ${n.org}/${n.project} is missing ${d.join(" and ")} in app.json. Use \`npx @cognite/cli@latest apps activate --interactive\` for browser-based authentication instead.`)}let i=await A(n,{interactive:e.interactive,appId:r.externalId,orgHint:e.org}),a=new P(i),{externalId:s,versionTag:p}=r,c;try{c=await a.getVersion(s,p)}catch(d){throw d instanceof T?new Error(`Version ${p} of ${s} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):d}if(c.alias==="ACTIVE"){console.log(`  ${s} @ ${p} is already ACTIVE \u2014 nothing to do.`);return}if(c.lifecycleState==="DEPRECATED"||c.lifecycleState==="ARCHIVED")throw new Error(`Cannot activate ${s} @ ${p}: version is ${c.lifecycleState} (terminal).`);c.lifecycleState==="DRAFT"&&(await a.publishVersion(s,p),console.log(`\u2713 Published  ${s} @ ${p} is now PUBLISHED`));let{supersededVersion:l}=await a.activateVersion(s,p);console.log(`\u2713 Activated   ${s} @ ${p} is now ACTIVE`),l&&console.log(`  Superseded  ${l} \u2192 PUBLISHED`)}o(pi,"handleActivate");function Wt(e){return e.command("activate").description("Activate the current app version (publish if needed, then set ACTIVE alias)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
+`),process.exit(1))}o(_,"assertAppHostingInfra");async function pi(e){let t=process.cwd();R(t);let n=E(t);_(n);let r=e.interactive?await I(n,e):k(n.deployments,e.deployment);if(!e.interactive){let d=D(r);if(d.length>0)throw new Error(`Deployment ${r.org}/${r.project} is missing ${d.join(" and ")} in app.json. Use \`npx @cognite/cli@latest apps activate --interactive\` for browser-based authentication instead.`)}let i=await A(r,{interactive:e.interactive,appId:n.externalId,orgHint:e.org}),s=new P(i),{externalId:a,versionTag:p}=n,c;try{c=await s.getVersion(a,p)}catch(d){throw d instanceof T?new Error(`Version ${p} of ${a} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):d}if(c.alias==="ACTIVE"){console.log(`  ${a} @ ${p} is already ACTIVE \u2014 nothing to do.`);return}if(c.lifecycleState==="DEPRECATED"||c.lifecycleState==="ARCHIVED")throw new Error(`Cannot activate ${a} @ ${p}: version is ${c.lifecycleState} (terminal).`);c.lifecycleState==="DRAFT"&&(await s.publishVersion(a,p),console.log(`\u2713 Published  ${a} @ ${p} is now PUBLISHED`));let{supersededVersion:l}=await s.activateVersion(a,p);console.log(`\u2713 Activated   ${a} @ ${p} is now ACTIVE`),l&&console.log(`  Superseded  ${l} \u2192 PUBLISHED`)}o(pi,"handleActivate");function Zt(e){return e.command("activate").description("Activate the current app version (publish if needed, then set ACTIVE alias)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
 Examples:
   npx @cognite/cli apps activate .                   Activate using env-var auth
-  npx @cognite/cli apps activate . --interactive     Activate using browser auth (no secrets needed)`).action((t,r)=>pi(r))}o(Wt,"registerActivateCommand");import{readdirSync as bi}from"fs";import{basename as dr,dirname as xi,normalize as Ai,resolve as re}from"path";import{fileURLToPath as Di,pathToFileURL as Ii}from"url";import{Logger as $i,runner as Fi}from"hygen";import{execFileSync as Se}from"child_process";function Xt(e={}){let{execFileSync:t=Se}=e;try{return t("git",["--version"],{stdio:"ignore"}),!0}catch{return!1}}o(Xt,"isGitInstalled");function Zt(e,t={}){let{execFileSync:r=Se}=t;try{return r("git",["-C",e,"status"],{stdio:"ignore"}),!0}catch{return!1}}o(Zt,"isInsideGitRepo");function Qt(e,t={}){let{execFileSync:r=Se}=t;r("git",["-C",e,"init"],{stdio:"pipe"}),r("git",["-C",e,"add","."],{stdio:"pipe"}),r("git",["-C",e,"commit","-m","Initial commit","--no-gpg-sign","--no-verify"],{stdio:"pipe"})}o(Qt,"gitInitAndCommit");function er(e={}){let{execFileSync:t=Se}=e;try{return String(t("git",["config","--get","user.email"],{encoding:"utf-8",stdio:["ignore","pipe","ignore"]})).trim()||void 0}catch{return}}o(er,"gitUserEmail");import{safeParse as ci}from"valibot";function te(e,t){return r=>{let n=ci(t,r);return n.success?!0:`${e} ${n.issues[0].message}`}}o(te,"toPromptValidator");var tr={name:te("App name",Re),displayName:te("Display name",Oe),baseUrl:te("Base URL",_e),org:te("Org",Ue),project:te("Project",Le)};function li(e,t){return e?async r=>{let n=t(r);return n===!0?e(r):n}:t}o(li,"composeValidators");function we(e){return e.map(t=>{if(!(t.name in tr))return t;let r=tr[t.name];return{...t,validate:li(t.validate,r)}})}o(we,"applySchemaValidators");import{basename as nr}from"path";import or from"enquirer";function rr(e){return e.replace(/[A-Z]/g,(t,r)=>r===0?t.toLowerCase():`-${t.toLowerCase()}`)}o(rr,"kebabCase");var di={type:"confirm",name:"useSpecKit",message:["Enable spec-driven development?","  Adds the github/spec-kit slash commands (/speckit.specify, .clarify, .plan, .tasks, .implement)","  to your app for use in Claude Code or Cursor. They walk you through writing SPEC.md and","  generating a plan, tasks, and implementation."].join(`
-`),initial:!1};async function mi(e){return!!(await e([di])).useSpecKit}o(mi,"promptForSpecKit");async function ui(e,t,r){return e!==void 0?e:t?mi(r):!1}o(ui,"resolveSpecKit");function ir({isCurrentDir:e,dirName:t,onAppName:r,onUseSpecKit:n,presets:i={},specKit:a,prompt:s=or.prompt.bind(or)}){return()=>({prompt:o(async p=>{if(!Array.isArray(p))return s([p]);let c=Object.fromEntries(Object.entries(i).filter(w=>w[1]!==void 0)),l=Object.keys(c).length>0,d=e?nr(process.cwd()):t?nr(t):null,m=l&&d!==null,g=!m&&d?p.map(w=>w.name==="name"?{...w,initial:d}:w):p,u=we(g),f=m?{...c,name:d}:c,S=new Set(Object.keys(f)),v=u.filter(w=>!S.has(w.name)),h=v.findIndex(w=>w.name==="baseUrl"),k;if(h!==-1){let w=v.filter(fn=>fn.name!=="baseUrl"),N=w.length>0?await s(w):{},ce=typeof N.cluster=="string"?N.cluster:"",Y=typeof f.cluster=="string"?f.cluster:"",le=`https://${(ce||Y).trim().replace(/\/+$/,"")||"api"}.cognitedata.com`,U=v[h],De=await s([{...U,initial:le}]);k={...N,...De}}else k=v.length>0?await s(v):{};let y={...f,...k},C=typeof y.name=="string"?y.name:"";C&&r(C);let $=await ui(a,v.length>0,s);return n?.($),{...y,name:C,useCurrentDir:e,directoryName:e?void 0:t??void 0,useSpecKit:$}},"prompt")})}o(ir,"createAppPrompter");async function sr(e,t,r){let n=[];Object.values(t).some(a=>a!==void 0)&&r!==null&&n.push({key:"name",value:r,label:"directory"});for(let[a,s]of Object.entries(t))s!==void 0&&n.push({key:a,value:s,label:`--${rr(a)}`});for(let{key:a,value:s,label:p}of n){let c=e.find(d=>d.name===a)?.validate;if(!c)continue;let l=await c(s);if(l!==!0)throw new Error(`Invalid ${p}: ${l}`)}}o(sr,"validatePresets");import{cpSync as wi,mkdirSync as pr,writeFileSync as vi}from"fs";import{dirname as cr,resolve as J}from"path";import{fileURLToPath as Ci}from"url";import{copyFileSync as gi,symlinkSync as fi}from"fs";import{dirname as yi,join as hi}from"path";function Si(e){if(e&&typeof e=="object"&&"code"in e&&typeof e.code=="string")return e.code}o(Si,"errno");function ar(e){return e instanceof Error?e.message:String(e)}o(ar,"messageOf");function ve({target:e,linkPath:t,label:r,symlink:n=fi,copyFile:i=gi}){try{return n(e,t),!0}catch(a){let s=Si(a);if(s==="EEXIST")return!0;let p=ar(a);if(s==="EPERM"||s==="EACCES")try{let c=hi(yi(t),e);return i(c,t),console.log(`\u2139\uFE0F  Wrote ${r} as a copy of ${e} (symlinks need Developer Mode or an elevated shell on Windows).`),!0}catch(c){return console.warn(`\u26A0\uFE0F  Could not create ${r} symlink: ${p} (copy fallback also failed: ${ar(c)})`),!1}return console.warn(`\u26A0\uFE0F  Could not create ${r} symlink:`,p),!1}}o(ve,"linkOrCopyOrWarn");var Pi=J(cr(Ci(import.meta.url)),"..","..","_vendor","spec-kit"),Ei={branch_numbering:"sequential"},ki=[{from:"templates",to:".specify/templates"},{from:"scripts/bash",to:".specify/scripts/bash"},{from:"commands",to:".claude/commands"},{from:"commands",to:".cursor/commands"}];function lr({appDir:e,vendorDir:t=Pi}){let r=J(e,".specify"),n=J(r,"memory"),i=`prepare spec-kit install for appDir=${e}`;try{for(let{from:a,to:s}of ki){let p=J(e,s);i=`copy ${a} to ${s}`,pr(cr(p),{recursive:!0}),wi(J(t,a),p,{recursive:!0})}i=`write init-options.json under specifyDir=${r}`,vi(J(r,"init-options.json"),`${JSON.stringify(Ei,null,2)}
-`),i=`link .specify/memory/constitution.md in specifyDir=${r}`,pr(n,{recursive:!0}),ve({target:"../../AGENTS.md",linkPath:J(n,"constitution.md"),label:".specify/memory/constitution.md"})}catch(a){let s=a instanceof Error?a.message:String(a);throw new Error(`installSpecKit failed while ${i} (appDir=${e}, vendorDir=${t}): ${s}`,{cause:a})}}o(lr,"installSpecKit");var mr=re(xi(Di(import.meta.url)),"..","..","_templates");async function Ti(){let e=re(mr,"app","new","prompt.js");return(await import(Ii(e).href)).default}o(Ti,"loadPromptDefs");function Oi(e,t){return!e||t?null:Ai(e)}o(Oi,"resolveDirName");function Ri(e,t,r){if(e)return{cwd:process.cwd(),display:"."};let n=t??r;if(!n)throw new Error("App creation completed without a target directory or name.");return{cwd:re(process.cwd(),n),display:n}}o(Ri,"resolveAppLocation");function _i(e,t,r){let n=`  npm install
-  npm run dev`,i="To deploy your app:",a="npx @cognite/cli apps deploy --interactive",s=r?`
+  npx @cognite/cli apps activate . --interactive     Activate using browser auth (no secrets needed)`).action((t,n)=>pi(n))}o(Zt,"registerActivateCommand");import{readdirSync as ki}from"fs";import{basename as gn,dirname as xi,normalize as Ai,resolve as ne}from"path";import{fileURLToPath as Di,pathToFileURL as Ii}from"url";import{Logger as $i,runner as Fi}from"hygen";import{execFileSync as Se}from"child_process";function Qt(e={}){let{execFileSync:t=Se}=e;try{return t("git",["--version"],{stdio:"ignore"}),!0}catch{return!1}}o(Qt,"isGitInstalled");function en(e,t={}){let{execFileSync:n=Se}=t;try{return n("git",["-C",e,"status"],{stdio:"ignore"}),!0}catch{return!1}}o(en,"isInsideGitRepo");function tn(e,t={}){let{execFileSync:n=Se}=t;n("git",["-C",e,"init"],{stdio:"pipe"}),n("git",["-C",e,"add","."],{stdio:"pipe"}),n("git",["-C",e,"commit","-m","Initial commit","--no-gpg-sign","--no-verify"],{stdio:"pipe"})}o(tn,"gitInitAndCommit");function nn(e={}){let{execFileSync:t=Se}=e;try{return String(t("git",["config","--get","user.email"],{encoding:"utf-8",stdio:["ignore","pipe","ignore"]})).trim()||void 0}catch{return}}o(nn,"gitUserEmail");import{safeParse as ci}from"valibot";function te(e,t){return n=>{let r=ci(t,n);return r.success?!0:`${e} ${r.issues[0].message}`}}o(te,"toPromptValidator");var rn={name:te("App name",Re),displayName:te("Display name",Oe),baseUrl:te("Base URL",_e),org:te("Org",Ue),project:te("Project",Ke)};function li(e,t){return e?async n=>{let r=t(n);return r===!0?e(n):r}:t}o(li,"composeValidators");function we(e){return e.map(t=>{if(!(t.name in rn))return t;let n=rn[t.name];return{...t,validate:li(t.validate,n)}})}o(we,"applySchemaValidators");import{basename as sn}from"path";import an from"enquirer";function on(e){return e.replace(/[A-Z]/g,(t,n)=>n===0?t.toLowerCase():`-${t.toLowerCase()}`)}o(on,"kebabCase");var di={type:"confirm",name:"useSpecKit",message:["Enable spec-driven development?","  Adds the github/spec-kit slash commands (/speckit.specify, .clarify, .plan, .tasks, .implement)","  to your app for use in Claude Code or Cursor. They walk you through writing SPEC.md and","  generating a plan, tasks, and implementation."].join(`
+`),initial:!1};async function mi(e){return!!(await e([di])).useSpecKit}o(mi,"promptForSpecKit");async function ui(e,t,n){return e!==void 0?e:t?mi(n):!1}o(ui,"resolveSpecKit");function pn({isCurrentDir:e,dirName:t,onAppName:n,onUseSpecKit:r,presets:i={},specKit:s,prompt:a=an.prompt.bind(an)}){return()=>({prompt:o(async p=>{if(!Array.isArray(p))return a([p]);let c=Object.fromEntries(Object.entries(i).filter(w=>w[1]!==void 0)),l=Object.keys(c).length>0,d=e?sn(process.cwd()):t?sn(t):null,m=l&&d!==null,g=!m&&d?p.map(w=>w.name==="name"?{...w,initial:d}:w):p,u=we(g),f=m?{...c,name:d}:c,S=new Set(Object.keys(f)),v=u.filter(w=>!S.has(w.name)),h=v.findIndex(w=>w.name==="baseUrl"),b;if(h!==-1){let w=v.filter(yr=>yr.name!=="baseUrl"),N=w.length>0?await a(w):{},ce=typeof N.cluster=="string"?N.cluster:"",Y=typeof f.cluster=="string"?f.cluster:"",le=`https://${(ce||Y).trim().replace(/\/+$/,"")||"api"}.cognitedata.com`,U=v[h],De=await a([{...U,initial:le}]);b={...N,...De}}else b=v.length>0?await a(v):{};let y={...f,...b},C=typeof y.name=="string"?y.name:"";C&&n(C);let $=await ui(s,v.length>0,a);return r?.($),{...y,name:C,useCurrentDir:e,directoryName:e?void 0:t??void 0,useSpecKit:$}},"prompt")})}o(pn,"createAppPrompter");async function cn(e,t,n){let r=[];Object.values(t).some(s=>s!==void 0)&&n!==null&&r.push({key:"name",value:n,label:"directory"});for(let[s,a]of Object.entries(t))a!==void 0&&r.push({key:s,value:a,label:`--${on(s)}`});for(let{key:s,value:a,label:p}of r){let c=e.find(d=>d.name===s)?.validate;if(!c)continue;let l=await c(a);if(l!==!0)throw new Error(`Invalid ${p}: ${l}`)}}o(cn,"validatePresets");import{cpSync as wi,mkdirSync as dn,writeFileSync as vi}from"fs";import{dirname as mn,resolve as J}from"path";import{fileURLToPath as Ci}from"url";import{copyFileSync as gi,symlinkSync as fi}from"fs";import{dirname as yi,join as hi}from"path";function Si(e){if(e&&typeof e=="object"&&"code"in e&&typeof e.code=="string")return e.code}o(Si,"errno");function ln(e){return e instanceof Error?e.message:String(e)}o(ln,"messageOf");function ve({target:e,linkPath:t,label:n,symlink:r=fi,copyFile:i=gi}){try{return r(e,t),!0}catch(s){let a=Si(s);if(a==="EEXIST")return!0;let p=ln(s);if(a==="EPERM"||a==="EACCES")try{let c=hi(yi(t),e);return i(c,t),console.log(`\u2139\uFE0F  Wrote ${n} as a copy of ${e} (symlinks need Developer Mode or an elevated shell on Windows).`),!0}catch(c){return console.warn(`\u26A0\uFE0F  Could not create ${n} symlink: ${p} (copy fallback also failed: ${ln(c)})`),!1}return console.warn(`\u26A0\uFE0F  Could not create ${n} symlink:`,p),!1}}o(ve,"linkOrCopyOrWarn");var Pi=J(mn(Ci(import.meta.url)),"..","..","_vendor","spec-kit"),Ei={branch_numbering:"sequential"},bi=[{from:"templates",to:".specify/templates"},{from:"scripts/bash",to:".specify/scripts/bash"},{from:"commands",to:".claude/commands"},{from:"commands",to:".cursor/commands"}];function un({appDir:e,vendorDir:t=Pi}){let n=J(e,".specify"),r=J(n,"memory"),i=`prepare spec-kit install for appDir=${e}`;try{for(let{from:s,to:a}of bi){let p=J(e,a);i=`copy ${s} to ${a}`,dn(mn(p),{recursive:!0}),wi(J(t,s),p,{recursive:!0})}i=`write init-options.json under specifyDir=${n}`,vi(J(n,"init-options.json"),`${JSON.stringify(Ei,null,2)}
+`),i=`link .specify/memory/constitution.md in specifyDir=${n}`,dn(r,{recursive:!0}),ve({target:"../../AGENTS.md",linkPath:J(r,"constitution.md"),label:".specify/memory/constitution.md"})}catch(s){let a=s instanceof Error?s.message:String(s);throw new Error(`installSpecKit failed while ${i} (appDir=${e}, vendorDir=${t}): ${a}`,{cause:s})}}o(un,"installSpecKit");var fn=ne(xi(Di(import.meta.url)),"..","..","_templates");async function Ti(){let e=ne(fn,"app","new","prompt.js");return(await import(Ii(e).href)).default}o(Ti,"loadPromptDefs");function Oi(e,t){return!e||t?null:Ai(e)}o(Oi,"resolveDirName");function Ri(e,t,n){if(e)return{cwd:process.cwd(),display:"."};let r=t??n;if(!r)throw new Error("App creation completed without a target directory or name.");return{cwd:ne(process.cwd(),r),display:r}}o(Ri,"resolveAppLocation");function _i(e,t,n){let r=`  npm install
+  npm run dev`,i="To deploy your app:",s="npx @cognite/cli apps deploy --interactive",a=n?`
 To start spec-driven development:
   Run /speckit.specify in Claude Code or Cursor and describe your app.
 `:"",p=`  # Or fully non-interactive (deploys first target from app.json):
@@ -46,10 +49,10 @@ To start spec-driven development:
 \u2705 App created successfully in current directory!
 Next steps:
-${n}
-${s}
+${r}
+${a}
 ${i}
-  ${a}
+  ${s}
 ${p}
 `);return}console.log(`
 \u2705 App created successfully!
@@ -58,14 +61,14 @@ To open in Cursor:
   cursor "${t}"
 Or:
   cd "${t}"
-${n}
-${s}
+${r}
+${a}
 ${i}
   cd "${t}"
-  ${a}
+  ${s}
 ${p}
-`)}o(_i,"printSuccessMessage");async function Ui(e){try{let{execSkillsCli:t,pullAllArgs:r}=await import("../skills-GQ5TZKCM.js");console.log("\u{1F9E0} Pulling skills into your app..."),t(r(),{cwd:e,timeout:3e4,stdio:["pipe","pipe","inherit"]});let n=re(e,".agents","skills"),i=0;try{i=bi(n).length}catch{console.warn(`Skills directory not found after pull \u2014 no skills may have been installed (expected: ${n})`)}let a=i>0?`${i} skills`:"skills";console.log(`\u2705 Installed ${a} successfully to
- ${n}`)}catch(t){let r=t instanceof Error?t.message:String(t);console.warn("\u26A0\uFE0F  Could not pull skills:",r)}}o(Ui,"pullSkillsInto");function Li(e,t={}){let{isGitInstalled:r=Xt,isInsideGitRepo:n=Zt,gitInitAndCommit:i=Qt}=t;if(!r()){console.warn("git not found \u2014 skipping git repository initialisation");return}if(!n(e)){console.log("Initialising git repository...");try{i(e)}catch(a){let p=(a&&typeof a=="object"&&"stderr"in a&&a.stderr?String(a.stderr).trim():"")||(a instanceof Error?a.message:String(a));console.warn("Could not initialise git repository:",p)}}}o(Li,"maybeInitGit");async function Ki(e,t){let r=e==="."||e==="./",n=Oi(e,r),i=null,a=!1,s={displayName:t.displayName,description:t.description,org:t.org,project:t.project,cluster:t.cluster,baseUrl:t.baseUrl},p=await Ti(),c=we(p),l=r?dr(process.cwd()):n?dr(n):null;await sr(c,s,l);let d=ir({isCurrentDir:r,dirName:n,onAppName:o(g=>{i=g},"onAppName"),onUseSpecKit:o(g=>{a=g},"onUseSpecKit"),presets:s,specKit:t.specKit});await Fi(["app","new"],{templates:mr,cwd:process.cwd(),logger:new $i(console.log.bind(console)),createPrompter:d,debug:!!process.env.DEBUG});let m=Ri(r,n,i);ve({target:"AGENTS.md",linkPath:re(m.cwd,"CLAUDE.md"),label:"CLAUDE.md"}),a&&lr({appDir:m.cwd}),await Ui(m.cwd),Li(m.cwd),_i(r,m.display,a)}o(Ki,"handleCreate");function ur(e){return e.command("create").description("Create a new application.").argument("[directory]","Target directory (. for current, or subdirectory name)").option("--display-name <name>","App display name (skips the prompt)").option("--description <description>","App description (skips the prompt)").option("--org <org>","Deployment org (skips the prompt)").option("--project <project>","Deployment project (skips the prompt)").option("--cluster <cluster>","CDF cluster, e.g. greenfield (skips the prompt)").option("--base-url <url>","CDF base URL, e.g. https://greenfield.cognitedata.com (skips the prompt; defaults to cluster-derived URL when omitted)").option("--spec-kit","Install spec-kit slash commands (skips the prompt)").option("--no-spec-kit","Skip spec-kit installation (skips the prompt)").addHelpText("after",`
+`)}o(_i,"printSuccessMessage");async function Ui(e){try{let{execSkillsCli:t,pullAllArgs:n}=await import("../skills-GQ5TZKCM.js");console.log("\u{1F9E0} Pulling skills into your app..."),t(n(),{cwd:e,timeout:3e4,stdio:["pipe","pipe","inherit"]});let r=ne(e,".agents","skills"),i=0;try{i=ki(r).length}catch{console.warn(`Skills directory not found after pull \u2014 no skills may have been installed (expected: ${r})`)}let s=i>0?`${i} skills`:"skills";console.log(`\u2705 Installed ${s} successfully to
+ ${r}`)}catch(t){let n=t instanceof Error?t.message:String(t);console.warn("\u26A0\uFE0F  Could not pull skills:",n)}}o(Ui,"pullSkillsInto");function Ki(e,t={}){let{isGitInstalled:n=Qt,isInsideGitRepo:r=en,gitInitAndCommit:i=tn}=t;if(!n()){console.warn("git not found \u2014 skipping git repository initialisation");return}if(!r(e)){console.log("Initialising git repository...");try{i(e)}catch(s){let p=(s&&typeof s=="object"&&"stderr"in s&&s.stderr?String(s.stderr).trim():"")||(s instanceof Error?s.message:String(s));console.warn("Could not initialise git repository:",p)}}}o(Ki,"maybeInitGit");async function Li(e,t){let n=e==="."||e==="./",r=Oi(e,n),i=null,s=!1,a={displayName:t.displayName,description:t.description,org:t.org,project:t.project,cluster:t.cluster,baseUrl:t.baseUrl},p=await Ti(),c=we(p),l=n?gn(process.cwd()):r?gn(r):null;await cn(c,a,l);let d=pn({isCurrentDir:n,dirName:r,onAppName:o(g=>{i=g},"onAppName"),onUseSpecKit:o(g=>{s=g},"onUseSpecKit"),presets:a,specKit:t.specKit});await Fi(["app","new"],{templates:fn,cwd:process.cwd(),logger:new $i(console.log.bind(console)),createPrompter:d,debug:!!process.env.DEBUG});let m=Ri(n,r,i);ve({target:"AGENTS.md",linkPath:ne(m.cwd,"CLAUDE.md"),label:"CLAUDE.md"}),s&&un({appDir:m.cwd}),await Ui(m.cwd),Ki(m.cwd),_i(n,m.display,s)}o(Li,"handleCreate");function yn(e){return e.command("create").description("Create a new application.").argument("[directory]","Target directory (. for current, or subdirectory name)").option("--display-name <name>","App display name (skips the prompt)").option("--description <description>","App description (skips the prompt)").option("--org <org>","Deployment org (skips the prompt)").option("--project <project>","Deployment project (skips the prompt)").option("--cluster <cluster>","CDF cluster, e.g. greenfield (skips the prompt)").option("--base-url <url>","CDF base URL, e.g. https://greenfield.cognitedata.com (skips the prompt; defaults to cluster-derived URL when omitted)").option("--spec-kit","Install spec-kit slash commands (skips the prompt)").option("--no-spec-kit","Skip spec-kit installation (skips the prompt)").addHelpText("after",`
 Non-interactive use (CI, scripts, AI agents):
   Pass [directory] plus --display-name, --description, --org, --project, --cluster, --base-url
   to skip every prompt. Missing flags fall back to the interactive prompt.
@@ -78,17 +81,17 @@ Examples:
     --display-name "My App" --description "My app" \\
     --org cog-atlas --project atlas-greenfield --cluster greenfield \\
     --base-url https://greenfield.cognitedata.com
-                                             Fully non-interactive`).action(Ki)}o(ur,"registerCreateCommand");import ji from"path";async function Ni(e,t,r){let n=await A(e,{interactive:t.interactive,appId:r,orgHint:t.org});return new P(n)}o(Ni,"defaultGetApiClient");async function Mi(e,t,r={}){let{loadEnvFile:n=R,loadAppConfig:i=E,getApiClient:a=Ni}=r,s=ji.resolve(process.cwd(),e);n(s);let p=i(s);_(p);let c=t.interactive?await I(p,t):b(p.deployments,t.deployment);if(!t.interactive){let g=D(c);if(g.length>0)throw new Error(`Deployment ${c.org}/${c.project} is missing ${g.join(" and ")} in app.json. Use \`npx @cognite/cli@latest apps deactivate --interactive\` for browser-based authentication instead.`)}let l=await a(c,t,p.externalId),{externalId:d}=p,m=await l.getActiveVersion(d);if(!m){console.log(`  ${d} has no active version \u2014 nothing to deactivate.`);return}await l.deactivateVersion(d,m.version),console.log(`\u2713 Deactivated  ${d} @ ${m.version} \u2014 active alias removed`)}o(Mi,"handleDeactivate");function gr(e){return e.command("deactivate").description("Deactivate the app by removing its active version from service").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
+                                             Fully non-interactive`).action(Li)}o(yn,"registerCreateCommand");import ji from"path";async function Ni(e,t,n){let r=await A(e,{interactive:t.interactive,appId:n,orgHint:t.org});return new P(r)}o(Ni,"defaultGetApiClient");async function Mi(e,t,n={}){let{loadEnvFile:r=R,loadAppConfig:i=E,getApiClient:s=Ni}=n,a=ji.resolve(process.cwd(),e);r(a);let p=i(a);_(p);let c=t.interactive?await I(p,t):k(p.deployments,t.deployment);if(!t.interactive){let g=D(c);if(g.length>0)throw new Error(`Deployment ${c.org}/${c.project} is missing ${g.join(" and ")} in app.json. Use \`npx @cognite/cli@latest apps deactivate --interactive\` for browser-based authentication instead.`)}let l=await s(c,t,p.externalId),{externalId:d}=p,m=await l.getActiveVersion(d);if(!m){console.log(`  ${d} has no active version \u2014 nothing to deactivate.`);return}await l.deactivateVersion(d,m.version),console.log(`\u2713 Deactivated  ${d} @ ${m.version} \u2014 active alias removed`)}o(Mi,"handleDeactivate");function hn(e){return e.command("deactivate").description("Deactivate the app by removing its active version from service").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
 Examples:
   npx @cognite/cli apps deactivate .                   Deactivate using env-var auth
-  npx @cognite/cli apps deactivate . --interactive     Deactivate using browser auth (no secrets needed)`).action((t,r)=>Mi(t,r))}o(gr,"registerDeactivateCommand");import{mkdir as Ji,readFile as Yi}from"fs/promises";import{basename as qi,dirname as zi}from"path";import j from"fs";import x from"path";import{parseAndValidateManifestConfig as Hi}from"@cognite/app-sdk/vite";import{BlobReader as Vi,Uint8ArrayWriter as Bi,ZipWriter as Gi}from"@zip.js/zip.js";var qe="package.json",ze="package-lock.json",fr="manifest.json",We=".cognite",Xe=class Xe{constructor(t="dist"){this.distPath=x.isAbsolute(t)?t:x.join(process.cwd(),t),this.appRoot=x.dirname(this.distPath)}validateBuildDirectory(){if(!j.existsSync(this.distPath))throw new Error(`Build directory "${this.distPath}" not found. Run build first.`);let t=x.join(this.appRoot,qe);if(!j.existsSync(t))throw new Error(`"${t}" not found. It is required for deployment.`);let r=x.join(this.appRoot,ze);if(!j.existsSync(r))throw new Error(`"${r}" not found. It is required for deployment.`)}async createZip(t="app.zip",r=!1){this.validateBuildDirectory(),console.log("\u{1F4E6} Packaging application...");let n=new Gi(new Bi,{level:9}),i=o(async(c,l)=>{await n.add(l,new Vi(await j.openAsBlob(c))),r&&console.log(`  \u{1F4C4} ${l}`)},"addFile"),a=o(async c=>{let l=await j.promises.readdir(c,{withFileTypes:!0});for(let d of l){let m=x.join(c,d.name);d.isDirectory()?await a(m):await i(m,x.relative(this.distPath,m).replace(/\\/g,"/"))}},"addDir"),s;try{await a(this.distPath);let c=x.join(this.appRoot,qe);await i(c,x.posix.join(We,qe));let l=x.join(this.appRoot,fr);if(j.existsSync(l)){let m=j.readFileSync(l,"utf-8");Hi(m,l),await i(l,x.posix.join(We,fr))}let d=x.join(this.appRoot,ze);await i(d,x.posix.join(We,ze)),s=await n.close()}catch(c){let l=c instanceof Error?c.message:String(c);throw new Error(`Failed to create zip: ${l}`)}await j.promises.writeFile(t,s);let p=(s.byteLength/1024/1024).toFixed(2);return console.log(`\u2705 App packaged: ${t} (${p} MB)`),t}};o(Xe,"ApplicationPackager");var ne=Xe;async function Ce(e,t,r,n){let{externalId:i,name:a,description:s,versionTag:p}=t,c=H(r,i,p);await Ji(zi(c),{recursive:!0}),await new ne(`${r}/dist`).createZip(c,!0);let l=await Yi(c);await new P(e).deploy(i,a,s,p,l,qi(c),n)}o(Ce,"packageAndUpload");var Ze=o(async(e,t,r)=>{let n=await Q(e,r);await Ce(n,t,r,e.published)},"deploy");import{execSync as Wi}from"child_process";function Qe(e,t=!0,r={execSync:Wi}){console.log("\u{1F4E6} Building app with npm..."),r.execSync("npm run build",{cwd:e,stdio:t?"inherit":"pipe"}),console.log("\u2705 Build successful")}o(Qe,"buildApp");function yr(e,t){let{org:r,project:n,baseUrl:i}=e,a;try{a=new URL(i).hostname}catch{return null}let{externalId:s,versionTag:p}=t,c=new URLSearchParams({cluster:a,customAppVersion:p,workspace:"industrial-tools"});return`https://${r}.fusion.cognite.com/${n}/flows-apps/app/${encodeURIComponent(s)}?${c}`}o(yr,"generateFusionUrl");function hr(e,t,r){let n=r?"\u{1F680} Deploy (Interactive)":"\u{1F680} Deploy",i=r?`${t.project} @ ${t.baseUrl}`:`${t.org}/${t.project}`;console.log(["",n,"=".repeat(n.length),`App: ${e.name} (${e.externalId})`,`Version: ${e.versionTag}`,`Target: ${i}`,""].join(`
-`))}o(hr,"printDeployInfo");function Sr(e,t){console.log(`
-\u2705 Successfully deployed ${e.name} version ${e.versionTag} to ${t.org?`${t.org}/`:""}${t.project}`),console.log("\u{1F512} App is deployed in draft mode");let r=e.deployments.length>1?` -d ${t.project}`:"";console.log(`
-To sign:     npx @cognite/cli apps sign --interactive${r}`),console.log(`To publish:  npx @cognite/cli apps publish .${r}`),console.log(`To activate: npx @cognite/cli apps activate .${r}`);let n=yr(t,e);n&&console.log(`
+  npx @cognite/cli apps deactivate . --interactive     Deactivate using browser auth (no secrets needed)`).action((t,n)=>Mi(t,n))}o(hn,"registerDeactivateCommand");import{mkdir as Ji,readFile as Yi}from"fs/promises";import{basename as qi,dirname as zi}from"path";import j from"fs";import x from"path";import{parseAndValidateManifestConfig as Vi}from"@cognite/app-sdk/vite";import{BlobReader as Hi,Uint8ArrayWriter as Bi,ZipWriter as Gi}from"@zip.js/zip.js";var ze="package.json",We="package-lock.json",Sn="manifest.json",Xe=".cognite",Ze=class Ze{constructor(t="dist"){this.distPath=x.isAbsolute(t)?t:x.join(process.cwd(),t),this.appRoot=x.dirname(this.distPath)}validateBuildDirectory(){if(!j.existsSync(this.distPath))throw new Error(`Build directory "${this.distPath}" not found. Run build first.`);let t=x.join(this.appRoot,ze);if(!j.existsSync(t))throw new Error(`"${t}" not found. It is required for deployment.`);let n=x.join(this.appRoot,We);if(!j.existsSync(n))throw new Error(`"${n}" not found. It is required for deployment.`)}async createZip(t="app.zip",n=!1){this.validateBuildDirectory(),console.log("\u{1F4E6} Packaging application...");let r=new Gi(new Bi,{level:9}),i=o(async(c,l)=>{await r.add(l,new Hi(await j.openAsBlob(c))),n&&console.log(`  \u{1F4C4} ${l}`)},"addFile"),s=o(async c=>{let l=await j.promises.readdir(c,{withFileTypes:!0});for(let d of l){let m=x.join(c,d.name);d.isDirectory()?await s(m):await i(m,x.relative(this.distPath,m).replace(/\\/g,"/"))}},"addDir"),a;try{await s(this.distPath);let c=x.join(this.appRoot,ze);await i(c,x.posix.join(Xe,ze));let l=x.join(this.appRoot,Sn);if(j.existsSync(l)){let m=j.readFileSync(l,"utf-8");Vi(m,l),await i(l,x.posix.join(Xe,Sn))}let d=x.join(this.appRoot,We);await i(d,x.posix.join(Xe,We)),a=await r.close()}catch(c){let l=c instanceof Error?c.message:String(c);throw new Error(`Failed to create zip: ${l}`)}await j.promises.writeFile(t,a);let p=(a.byteLength/1024/1024).toFixed(2);return console.log(`\u2705 App packaged: ${t} (${p} MB)`),t}};o(Ze,"ApplicationPackager");var re=Ze;async function Ce(e,t,n,r){let{externalId:i,name:s,description:a,versionTag:p}=t,c=V(n,i,p);await Ji(zi(c),{recursive:!0}),await new re(`${n}/dist`).createZip(c,!0);let l=await Yi(c);await new P(e).deploy(i,s,a,p,l,qi(c),r)}o(Ce,"packageAndUpload");var Qe=o(async(e,t,n)=>{let r=await Q(e,n);await Ce(r,t,n,e.published)},"deploy");import{execSync as Wi}from"child_process";function et(e,t=!0,n={execSync:Wi}){console.log("\u{1F4E6} Building app with npm..."),n.execSync("npm run build",{cwd:e,stdio:t?"inherit":"pipe"}),console.log("\u2705 Build successful")}o(et,"buildApp");function wn(e,t){let{org:n,project:r,baseUrl:i}=e,s;try{s=new URL(i).hostname}catch{return null}let{externalId:a,versionTag:p}=t,c=new URLSearchParams({cluster:s,customAppVersion:p,workspace:"industrial-tools"});return`https://${n}.fusion.cognite.com/${r}/flows-apps/app/${encodeURIComponent(a)}?${c}`}o(wn,"generateFusionUrl");function vn(e,t,n){let r=n?"\u{1F680} Deploy (Interactive)":"\u{1F680} Deploy",i=n?`${t.project} @ ${t.baseUrl}`:`${t.org}/${t.project}`;console.log(["",r,"=".repeat(r.length),`App: ${e.name} (${e.externalId})`,`Version: ${e.versionTag}`,`Target: ${i}`,""].join(`
+`))}o(vn,"printDeployInfo");function Cn(e,t){console.log(`
+\u2705 Successfully deployed ${e.name} version ${e.versionTag} to ${t.org?`${t.org}/`:""}${t.project}`),console.log("\u{1F512} App is deployed in draft mode");let n=e.deployments.length>1?` -d ${t.project}`:"";console.log(`
+To sign:     npx @cognite/cli apps sign --interactive${n}`),console.log(`To publish:  npx @cognite/cli apps publish .${n}`),console.log(`To activate: npx @cognite/cli apps activate .${n}`);let r=wn(t,e);r&&console.log(`
 \u{1F517} Open your app:
-   ${n}`)}o(Sr,"printDeployResult");async function Xi(e,t,r,n,i){let a=D(t);if(a.length>0)throw new Error(`Deployment ${t.org}/${t.project} is missing ${a.join(" and ")} in app.json. Use \`cognite apps deploy --interactive\` for browser-based authentication instead.`);hr(e,t,!1),n.skipBuild||Qe(r),console.log(`
-\u{1F4E4} Deploying to ${t.org}/${t.project}...`),await i({...t,published:!1},{externalId:e.externalId,name:e.name,description:e.description,versionTag:e.versionTag},r),Sr(e,t)}o(Xi,"handleDeployNonInteractive");async function Zi(e,t,r,n){hr(e,t,!0),n.skipBuild||Qe(r);let i=await A(t,{interactive:!0,appId:e.externalId,orgHint:n.org});console.log(`
-\u{1F4E4} Deploying to ${t.project}...`),await Ce(i,{externalId:e.externalId,name:e.name,description:e.description,versionTag:e.versionTag},r,!1),Sr(e,t)}o(Zi,"handleDeployInteractive");async function Qi(e,t=process.cwd(),r={}){let{loadEnvFile:n=R,loadAppConfig:i=E,deploy:a=Ze}=r;n(t);let s=i(t);if(_(s),e.interactive){let c=await I(s,e);await Zi(s,c,t,e);return}let p=b(s.deployments,e.deployment);await Xi(s,p,t,e,a)}o(Qi,"handleDeploy");function wr(e){return e.command("deploy").description("Deploy your app to Cognite Data Fusion. Use --interactive for browser-based login (no env-var secrets required).").option("-d, --deployment <target>","Deployment target (index or project name)").option("--skip-build","Skip the build step",!1).option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
+   ${r}`)}o(Cn,"printDeployResult");async function Xi(e,t,n,r,i){let s=D(t);if(s.length>0)throw new Error(`Deployment ${t.org}/${t.project} is missing ${s.join(" and ")} in app.json. Use \`cognite apps deploy --interactive\` for browser-based authentication instead.`);vn(e,t,!1),r.skipBuild||et(n),console.log(`
+\u{1F4E4} Deploying to ${t.org}/${t.project}...`),await i({...t,published:!1},{externalId:e.externalId,name:e.name,description:e.description,versionTag:e.versionTag},n),Cn(e,t)}o(Xi,"handleDeployNonInteractive");async function Zi(e,t,n,r){vn(e,t,!0),r.skipBuild||et(n);let i=await A(t,{interactive:!0,appId:e.externalId,orgHint:r.org});console.log(`
+\u{1F4E4} Deploying to ${t.project}...`),await Ce(i,{externalId:e.externalId,name:e.name,description:e.description,versionTag:e.versionTag},n,!1),Cn(e,t)}o(Zi,"handleDeployInteractive");async function Qi(e,t=process.cwd(),n={}){let{loadEnvFile:r=R,loadAppConfig:i=E,deploy:s=Qe}=n;r(t);let a=i(t);if(_(a),e.interactive){let c=await I(a,e);await Zi(a,c,t,e);return}let p=k(a.deployments,e.deployment);await Xi(a,p,t,e,s)}o(Qi,"handleDeploy");function Pn(e){return e.command("deploy").description("Deploy your app to Cognite Data Fusion. Use --interactive for browser-based login (no env-var secrets required).").option("-d, --deployment <target>","Deployment target (index or project name)").option("--skip-build","Skip the build step",!1).option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
 Environment (non-interactive):
   deployClientId and deploySecretName are configured per deployment in app.json.
   deploySecretName is the name of the environment variable that holds the client
@@ -102,42 +105,37 @@ Examples:
   npx @cognite/cli apps deploy -d my-project      Deploy to project by name
   npx @cognite/cli apps deploy --skip-build       Deploy without rebuilding
   npx @cognite/cli apps deploy --interactive      Browser auth, prompts for target
-  npx @cognite/cli apps deploy --interactive -d 0 Browser auth, target chosen non-interactively`).action(t=>Qi(t))}o(wr,"registerDeployCommand");async function es(e,t,r){let n=await A(e,{interactive:t.interactive,appId:r.externalId,orgHint:t.org});return new P(n)}o(es,"defaultBuildApiClient");async function ts(e,t={}){let r=t.loadEnvFile??R,n=t.loadAppConfig??E,i=t.buildApiClient??es,a=t.discoverSignatures??Z,s=process.cwd();r(s);let p=n(s);_(p);let c=e.interactive?await I(p,e):b(p.deployments,e.deployment);if(!e.interactive){let f=D(c);if(f.length>0)throw new Error(`Deployment ${c.org}/${c.project} is missing ${f.join(" and ")} in app.json. Use \`cognite apps publish --interactive\` for browser-based authentication instead.`)}let l=await i(c,e,p),{externalId:d,versionTag:m}=p,g;try{g=await l.getVersion(d,m)}catch(f){throw f instanceof T?new Error(`Version ${m} of ${d} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):f}if(g.alias==="ACTIVE"){console.log(`  ${d} @ ${m} is already ACTIVE \u2014 nothing to do.`);return}if(g.lifecycleState==="PUBLISHED"){console.log(`  ${d} @ ${m} is already PUBLISHED \u2014 nothing to do.`);return}if(g.lifecycleState==="DEPRECATED"||g.lifecycleState==="ARCHIVED")throw new Error(`Cannot publish ${d} @ ${m}: version is ${g.lifecycleState} (terminal).`);let u=a(H(s,d,m));u.length>0&&await l.submitSignatures(d,m,u),await l.publishVersion(d,m),console.log(`\u2713 Published  ${d} @ ${m} is now PUBLISHED`),console.log(""),console.log("Run `npx @cognite/cli apps activate .` to make it active.")}o(ts,"handlePublish");function vr(e){return e.command("publish").description("Publish the current app version (transition DRAFT \u2192 PUBLISHED)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
+  npx @cognite/cli apps deploy --interactive -d 0 Browser auth, target chosen non-interactively`).action(t=>Qi(t))}o(Pn,"registerDeployCommand");async function es(e,t,n){let r=await A(e,{interactive:t.interactive,appId:n.externalId,orgHint:t.org});return new P(r)}o(es,"defaultBuildApiClient");async function ts(e,t={}){let n=t.loadEnvFile??R,r=t.loadAppConfig??E,i=t.buildApiClient??es,s=t.discoverSignatures??Z,a=process.cwd();n(a);let p=r(a);_(p);let c=e.interactive?await I(p,e):k(p.deployments,e.deployment);if(!e.interactive){let f=D(c);if(f.length>0)throw new Error(`Deployment ${c.org}/${c.project} is missing ${f.join(" and ")} in app.json. Use \`cognite apps publish --interactive\` for browser-based authentication instead.`)}let l=await i(c,e,p),{externalId:d,versionTag:m}=p,g;try{g=await l.getVersion(d,m)}catch(f){throw f instanceof T?new Error(`Version ${m} of ${d} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):f}if(g.alias==="ACTIVE"){console.log(`  ${d} @ ${m} is already ACTIVE \u2014 nothing to do.`);return}if(g.lifecycleState==="PUBLISHED"){console.log(`  ${d} @ ${m} is already PUBLISHED \u2014 nothing to do.`);return}if(g.lifecycleState==="DEPRECATED"||g.lifecycleState==="ARCHIVED")throw new Error(`Cannot publish ${d} @ ${m}: version is ${g.lifecycleState} (terminal).`);let u=s(V(a,d,m));u.length>0&&await l.submitSignatures(d,m,u),await l.publishVersion(d,m),console.log(`\u2713 Published  ${d} @ ${m} is now PUBLISHED`),console.log(""),console.log("Run `npx @cognite/cli apps activate .` to make it active.")}o(ts,"handlePublish");function En(e){return e.command("publish").description("Publish the current app version (transition DRAFT \u2192 PUBLISHED)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
 Examples:
   npx @cognite/cli apps publish .                    Publish using env-var auth
-  npx @cognite/cli apps publish . --interactive      Publish using browser auth (no secrets needed)`).action((t,r)=>ts(r))}o(vr,"registerPublishCommand");import{spawnSync as rs}from"child_process";import{mkdirSync as ns}from"fs";import{resolve as et}from"path";var os=["localhost","local.cognite.ai","*.local.cognite.ai"],is={info:o(e=>{process.stdout.write(`${e}
-`)},"info"),error:o(e=>{process.stderr.write(`${e}
-`)},"error")},ss={spawnSync:rs,mkdirSync:ns,logger:is};function as(e){let t=e("mkcert",["-help"],{stdio:"ignore"});return t.status===0||t.status===1}o(as,"hasMkcert");function ps({certDir:e=et(process.cwd(),"certificates/mkcert"),domains:t=os,deps:r={}}={}){let n={...ss,...r},{spawnSync:i,mkdirSync:a,logger:s}=n;if(!as(i))throw s.error("Error: mkcert is not installed."),s.error("Install it with: brew install mkcert (macOS, Linux, WSL)"),s.error("On Windows: choco install mkcert  (or scoop install mkcert)"),s.error("See https://github.com/FiloSottile/mkcert#installation for other methods."),new Error("mkcert is not installed");if(i("mkcert",["-install"],{stdio:"inherit"}).status!==0)throw new Error("`mkcert -install` failed");a(e,{recursive:!0});let c=et(e,"localhost.pem"),l=et(e,"localhost-key.pem");if(i("mkcert",["-cert-file",c,"-key-file",l,...t],{stdio:"inherit"}).status!==0)throw new Error("mkcert failed to generate certificates");return s.info(""),s.info("Certificates generated:"),s.info(`  cert: ${c}`),s.info(`  key:  ${l}`),{certFile:c,keyFile:l}}o(ps,"setupHttps");function cs(e){ps({certDir:e.certDir})}o(cs,"handleSetupHttps");function Cr(e){return e.command("setup-https").description("Generate trusted local HTTPS certificates via mkcert").option("--cert-dir <path>","Directory to write certs into (default: ./certificates/mkcert)").addHelpText("after",`
-Examples:
-  npx @cognite/cli@latest apps setup-https                     Generate certs in ./certificates/mkcert
-  npx @cognite/cli@latest apps setup-https --cert-dir certs    Use a custom directory`).action(t=>cs(t))}o(Cr,"registerSetupHttpsCommand");function ls(e){return e.alias==="ACTIVE"?"ACTIVE":e.lifecycleState}o(ls,"describeStatus");async function ds(e){let t=process.cwd();R(t);let r=E(t);_(r);let n=e.interactive?await I(r,e):b(r.deployments,e.deployment);if(!e.interactive){let s=D(n);if(s.length>0)throw new Error(`Deployment ${n.org}/${n.project} is missing ${s.join(" and ")} in app.json. Use \`cognite apps status --interactive\` for browser-based authentication instead.`)}let i=await A(n,{interactive:e.interactive,appId:r.externalId,orgHint:e.org}),a=new P(i);console.log(""),console.log(`App:     ${r.name} (${r.externalId})`),console.log(`Version: ${r.versionTag}  (local)`);try{let s=await a.getVersion(r.externalId,r.versionTag),p=ls(s);console.log(`Status:  ${p}`),s.lifecycleState==="DRAFT"&&(console.log(""),console.log("Run `npx @cognite/cli apps publish .` to publish this version."))}catch(s){if(s instanceof T){console.log("Status:  not deployed yet"),console.log(""),console.log("Run `npx @cognite/cli apps deploy` to upload this version.");return}throw s}}o(ds,"handleStatus");function Pr(e){return e.command("status").description("Show the deployment status of the current app version").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
+  npx @cognite/cli apps publish . --interactive      Publish using browser auth (no secrets needed)`).action((t,n)=>ts(n))}o(En,"registerPublishCommand");function ns(e){return e.alias==="ACTIVE"?"ACTIVE":e.lifecycleState}o(ns,"describeStatus");async function rs(e){let t=process.cwd();R(t);let n=E(t);_(n);let r=e.interactive?await I(n,e):k(n.deployments,e.deployment);if(!e.interactive){let a=D(r);if(a.length>0)throw new Error(`Deployment ${r.org}/${r.project} is missing ${a.join(" and ")} in app.json. Use \`cognite apps status --interactive\` for browser-based authentication instead.`)}let i=await A(r,{interactive:e.interactive,appId:n.externalId,orgHint:e.org}),s=new P(i);console.log(""),console.log(`App:     ${n.name} (${n.externalId})`),console.log(`Version: ${n.versionTag}  (local)`);try{let a=await s.getVersion(n.externalId,n.versionTag),p=ns(a);console.log(`Status:  ${p}`),a.lifecycleState==="DRAFT"&&(console.log(""),console.log("Run `npx @cognite/cli apps publish .` to publish this version."))}catch(a){if(a instanceof T){console.log("Status:  not deployed yet"),console.log(""),console.log("Run `npx @cognite/cli apps deploy` to upload this version.");return}throw a}}o(rs,"handleStatus");function bn(e){return e.command("status").description("Show the deployment status of the current app version").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
 Examples:
   npx @cognite/cli apps status .                     Status using env-var auth
-  npx @cognite/cli apps status . --interactive       Status using browser auth (no secrets needed)`).action((t,r)=>ds(r))}o(Pr,"registerStatusCommand");function Er(e){let t=e.command("apps").description("Manage Fusion Custom Apps \u2014 create, deploy, and manage version lifecycle");return ur(t),wr(t),Pr(t),vr(t),Wt(t),gr(t),Cr(t),gt(t),zt(t),t}o(Er,"registerAppsCommand");import{existsSync as Fs,mkdirSync as Ts,writeFileSync as Os}from"fs";import{dirname as at,join as be}from"path";import{generateSigningKeyPair as Rs}from"@cognite/app-sdk/codesigning";import _s from"open";function kr(e,t){let r=e.getUTCFullYear(),n=e.getUTCMonth()+t,i=new Date(Date.UTC(r,n+1,0)).getUTCDate(),a=Math.min(e.getUTCDate(),i);return new Date(Date.UTC(r,n,a))}o(kr,"addMonthsClamped");function tt(e){return e.toISOString().slice(0,10)}o(tt,"formatIsoDate");function br(e=new Date){return tt(e)}o(br,"todayIso");import ms,{Chalk as us}from"chalk";var oe=new us({level:0});function xr(e){return e.isTTY?ms:oe}o(xr,"chalkForStream");function gs(e){return e.replace(/-----BEGIN [^-]+-----/g,"").replace(/-----END [^-]+-----/g,"").replace(/\s+/g,"")}o(gs,"pemBodyOneLine");function rt(e,t=oe,r=new Date){let n=e.issuedAt??br(r),i=gs(e.publicKeyPem),a="  ",s=o((c,l)=>`${a}${t.cyan(c)}${t.dim(":")} ${l}
+  npx @cognite/cli apps status . --interactive       Status using browser auth (no secrets needed)`).action((t,n)=>rs(n))}o(bn,"registerStatusCommand");function kn(e){let t=e.command("apps").description("Manage Fusion Custom Apps \u2014 create, deploy, and manage version lifecycle");return yn(t),Pn(t),bn(t),En(t),Zt(t),hn(t),gt(t),Xt(t),t}o(kn,"registerAppsCommand");import{existsSync as Es,mkdirSync as bs,writeFileSync as ks}from"fs";import{dirname as at,join as ke}from"path";import{generateSigningKeyPair as xs}from"@cognite/app-sdk/codesigning";import As from"open";function xn(e,t){let n=e.getUTCFullYear(),r=e.getUTCMonth()+t,i=new Date(Date.UTC(n,r+1,0)).getUTCDate(),s=Math.min(e.getUTCDate(),i);return new Date(Date.UTC(n,r,s))}o(xn,"addMonthsClamped");function tt(e){return e.toISOString().slice(0,10)}o(tt,"formatIsoDate");function An(e=new Date){return tt(e)}o(An,"todayIso");import os,{Chalk as is}from"chalk";var oe=new is({level:0});function Dn(e){return e.isTTY?os:oe}o(Dn,"chalkForStream");function ss(e){return e.replace(/-----BEGIN [^-]+-----/g,"").replace(/-----END [^-]+-----/g,"").replace(/\s+/g,"")}o(ss,"pemBodyOneLine");function nt(e,t=oe,n=new Date){let r=e.issuedAt??An(n),i=ss(e.publicKeyPem),s="  ",a=o((c,l)=>`${s}${t.cyan(c)}${t.dim(":")} ${l}
 `,"kv"),p="";return p+=`
 ${t.bold("Add this entry to")} ${t.magenta("services/app-hosting/config/signing-keys.yaml")} ${t.bold("under")} ${t.cyan("public_keys:")}
 `,p+=`${t.dim("-")} ${t.cyan("kid")}${t.dim(":")} ${t.green(e.kid)}
-`,p+=s("public_key",t.green(i)),p+=s("email",t.yellow(e.email)),p+=s("capabilities",`${t.dim("[")}${t.yellow("developer")}${t.dim("]")}`),p+=s("issued_at",t.green(n)),p+=s("expires",t.green(e.expires)),p+=s("revoked_at",t.dim("null")),p}o(rt,"renderRegistryEntry");import fs from"clipboardy";function Ar(e){return fs.write(e)}o(Ar,"copyToClipboard");import{email as ys,pipe as hs,safeParse as Ss,string as ws}from"valibot";var vs=hs(ws(),ys());function ie(e,t="email"){let r=e.trim();if(!r)throw new Error(`${t} is required`);if(!Ss(vs,r).success)throw new Error(`${t} must look like an email (user@example.com); got "${e}"`);return r}o(ie,"parseEmail");function se(e,t="--expires"){let r=Number(e);if(!Number.isInteger(r)||r<1||r>12)throw new Error(`${t} must be an integer between 1 and 12 (months); got "${e}"`);return r}o(se,"parseExpiryMonths");var Cs="https://cognite.zendesk.com",Ps="360001234312",Es="tf_360015295097",ks="cognite_flows",bs="360004885031";function xs(e,t){let r=new URLSearchParams({locale:"en-us",brand_id:bs,return_to:e});return`${t}/access?${r}`}o(xs,"withLogin");function As(e,t,r){let n=new URLSearchParams({ticket_form_id:Ps,tf_priority:"normal",tf_subject:e,[Es]:ks,tf_description:t});return xs(`${r}/hc/en-us/requests/new?${n}`,r)}o(As,"buildUrl");function Ds(e){return e.join("<br>")}o(Ds,"toHtml");function Dr(e,t,r,n,i=Cs){return As(`Public Key Registration: ${t}`,Ds(["Dear Cognite Platform Team,","","I would like to register my Flows app signing key for certified deployments.","",`Key ID (kid): ${e}`,`Developer email: ${t}`,`Expires: ${r}`,"","Please add the following entry to signing-keys.yaml:","",...n.replace(/\r\n/g,`
+`,p+=a("public_key",t.green(i)),p+=a("email",t.yellow(e.email)),p+=a("capabilities",`${t.dim("[")}${t.yellow("developer")}${t.dim("]")}`),p+=a("issued_at",t.green(r)),p+=a("expires",t.green(e.expires)),p+=a("revoked_at",t.dim("null")),p}o(nt,"renderRegistryEntry");import as from"clipboardy";function In(e){return as.write(e)}o(In,"copyToClipboard");import{email as ps,pipe as cs,safeParse as ls,string as ds}from"valibot";var ms=cs(ds(),ps());function ie(e,t="email"){let n=e.trim();if(!n)throw new Error(`${t} is required`);if(!ls(ms,n).success)throw new Error(`${t} must look like an email (user@example.com); got "${e}"`);return n}o(ie,"parseEmail");function se(e,t="--expires"){let n=Number(e);if(!Number.isInteger(n)||n<1||n>12)throw new Error(`${t} must be an integer between 1 and 12 (months); got "${e}"`);return n}o(se,"parseExpiryMonths");var us="https://cognite.zendesk.com",gs="360001234312",fs="tf_360015295097",ys="cognite_flows",hs="360004885031";function Ss(e,t){let n=new URLSearchParams({locale:"en-us",brand_id:hs,return_to:e});return`${t}/access?${n}`}o(Ss,"withLogin");function ws(e,t,n){let r=new URLSearchParams({ticket_form_id:gs,tf_priority:"normal",tf_subject:e,[fs]:ys,tf_description:t});return Ss(`${n}/hc/en-us/requests/new?${r}`,n)}o(ws,"buildUrl");function vs(e){return e.join("<br>")}o(vs,"toHtml");function $n(e,t,n,r,i=us){return ws(`Public Key Registration: ${t}`,vs(["Dear Cognite Platform Team,","","I would like to register my Flows app signing key for certified deployments.","",`Key ID (kid): ${e}`,`Developer email: ${t}`,`Expires: ${n}`,"","Please add the following entry to signing-keys.yaml:","",...r.replace(/\r\n/g,`
 `).split(`
-`),"","Best Regards,","[Your name]","","(This registration request was generated by `npx @cognite/cli keys generate`.)"]),i)}o(Dr,"buildKeyRegistrationUrl");import it from"enquirer";var Pe=3,Ir="Signing identity (kid) \u2014 e.g. jsmith-dev-001 (lowercase letters, digits, hyphens)",$r=`Key expiry in months (${1}-${12})`,Fr="Email address for the registry entry",Tr=`Passphrase for the encrypted private key (min ${15} chars)`,Or="Confirm passphrase",Rr=o(()=>`Passphrase must be at least ${15} characters`,"passphraseTooShortMsg"),_r=o(e=>`Passphrases do not match (attempt ${e}/${Pe}).
-`,"passphraseMismatchMsg"),Ur=`Passphrase confirmation failed after ${Pe} attempts`,Lr=o(e=>`A signing key with kid "${e}" already exists. Overwrite it?`,"confirmOverwriteMsg"),Kr="How would you like to submit your key registration?",jr="Open in browser",Nr="Copy link to clipboard";async function ke(e){return it.prompt(e)}o(ke,"defaultPrompt");function st(e){return t=>{try{return e(t),!0}catch(r){return r instanceof Error?r.message:"Invalid"}}}o(st,"parserAsValidator");var $s=/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/;function Ee(e){let t=e.trim();if(!t)throw new Error("--kid must not be empty");if(t.length>64)throw new Error("--kid must be 64 characters or fewer");if(!$s.test(t))throw new Error("--kid must contain only lowercase letters, digits, and hyphens, and must not start or end with a hyphen (e.g. jsmith-dev-001)");return t}o(Ee,"parseKid");async function Mr(e={}){let{prompt:t=ke}=e,{kid:r}=await t({type:"input",name:"kid",message:Ir,validate:st(Ee)});return Ee(r)}o(Mr,"promptKid");async function Hr(e={}){let{prompt:t=o(n=>it.prompt(n),"prompt")}=e,{action:r}=await t({type:"select",name:"action",message:Kr,choices:[{name:"browser",message:jr},{name:"clipboard",message:Nr}]});if(r!=="browser"&&r!=="clipboard")throw new Error(`Unexpected Zendesk action: ${r}`);return r}o(Hr,"promptZendeskAction");async function Vr(e={}){let{prompt:t=ke}=e,{months:r}=await t({type:"input",name:"months",message:$r,initial:String(6),validate:st(n=>se(n,"expiry"))});return se(r,"expiry")}o(Vr,"promptExpiryMonths");async function Br(e={}){let{prompt:t=ke,gitUserEmail:r=er}=e,{email:n}=await t({type:"input",name:"email",message:Fr,initial:r(),validate:st(i=>ie(i,"email"))});return ie(n,"email")}o(Br,"promptEmail");async function Gr(e={}){let{prompt:t=ke,stderr:r=process.stderr}=e;for(let n=1;n<=Pe;n+=1){let{passphrase:i}=await t({type:"password",name:"passphrase",message:Tr,validate:o(s=>s.length>=15?!0:Rr(),"validate")}),{confirm:a}=await t({type:"password",name:"confirm",message:Or});if(i===a)return i;r.write(_r(n))}throw new Error(Ur)}o(Gr,"promptPassphrase");async function Jr(e,t={}){let{prompt:r=o(i=>it.prompt(i),"prompt")}=t,{confirmed:n}=await r({type:"confirm",name:"confirmed",message:Lr(e),initial:!1});return n}o(Jr,"promptConfirmOverwrite");function Us(e){return{writeFileSync:e.writeFileSync??Os,mkdirSync:e.mkdirSync??Ts,existsSync:e.existsSync??Fs,generateSigningKeyPair:e.generateSigningKeyPair??Rs,encryptStringAsJwe:e.encryptStringAsJwe??Nt,storeKeyInKeychain:e.storeKeyInKeychain??Lt,isOS:e.isOS??(t=>B(t)),promptKid:e.promptKid??Mr,promptExpiryMonths:e.promptExpiryMonths??Vr,promptEmail:e.promptEmail??Br,promptPassphrase:e.promptPassphrase??Gr,promptConfirmOverwrite:e.promptConfirmOverwrite??Jr,discoverLocalKeys:e.discoverLocalKeys??(()=>ye()),promptZendeskAction:e.promptZendeskAction??Hr,openUrl:e.openUrl??(t=>_s(t)),copyToClipboard:e.copyToClipboard??Ar,isInteractive:e.isInteractive??(()=>process.stdout.isTTY===!0)}}o(Us,"resolveDeps");function qr(e,t={}){let r=Us(t),n=e.command("keys").description("Manage code signing keys");n.command("generate").description("Generate an Ed25519 keypair for code signing").option("-o, --output <path>","Encrypted private key output path (forces file storage even on macOS)").option("--no-keychain",`Skip macOS Keychain and write a passphrase-encrypted private key under ${F().keysDir} instead`).option("-e, --expires <months>",`Validity in months (${1}-${12}); skips the interactive prompt`).option("--email <address>","Email address for the registry entry; skips the interactive prompt").option("--kid <identifier>","Signing identity name for the registry (e.g. jsmith-dev-001); skips the interactive prompt").option("--force","Overwrite an existing key without prompting for confirmation").option("--copy-link","Copy the Zendesk registration link to the clipboard without prompting").action(i=>js(i,r)),n.command("list").description("List local signing identities and their storage location").action(()=>Ls(r))}o(qr,"registerKeysCommand");async function Ls(e){let t=await e.discoverLocalKeys();if(t.length===0){process.stdout.write(`No signing identities found.
+`),"","Best Regards,","[Your name]","","(This registration request was generated by `npx @cognite/cli keys generate`.)"]),i)}o($n,"buildKeyRegistrationUrl");import it from"enquirer";var Pe=3,Fn="Signing identity (kid) \u2014 e.g. jsmith-dev-001 (lowercase letters, digits, hyphens)",Tn=`Key expiry in months (${1}-${12})`,On="Email address for the registry entry",Rn=`Passphrase for the encrypted private key (min ${15} chars)`,_n="Confirm passphrase",Un=o(()=>`Passphrase must be at least ${15} characters`,"passphraseTooShortMsg"),Kn=o(e=>`Passphrases do not match (attempt ${e}/${Pe}).
+`,"passphraseMismatchMsg"),Ln=`Passphrase confirmation failed after ${Pe} attempts`,jn=o(e=>`A signing key with kid "${e}" already exists. Overwrite it?`,"confirmOverwriteMsg"),Nn="How would you like to submit your key registration?",Mn="Open in browser",Vn="Copy link to clipboard";async function be(e){return it.prompt(e)}o(be,"defaultPrompt");function st(e){return t=>{try{return e(t),!0}catch(n){return n instanceof Error?n.message:"Invalid"}}}o(st,"parserAsValidator");var Ps=/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/;function Ee(e){let t=e.trim();if(!t)throw new Error("--kid must not be empty");if(t.length>64)throw new Error("--kid must be 64 characters or fewer");if(!Ps.test(t))throw new Error("--kid must contain only lowercase letters, digits, and hyphens, and must not start or end with a hyphen (e.g. jsmith-dev-001)");return t}o(Ee,"parseKid");async function Hn(e={}){let{prompt:t=be}=e,{kid:n}=await t({type:"input",name:"kid",message:Fn,validate:st(Ee)});return Ee(n)}o(Hn,"promptKid");async function Bn(e={}){let{prompt:t=o(r=>it.prompt(r),"prompt")}=e,{action:n}=await t({type:"select",name:"action",message:Nn,choices:[{name:"browser",message:Mn},{name:"clipboard",message:Vn}]});if(n!=="browser"&&n!=="clipboard")throw new Error(`Unexpected Zendesk action: ${n}`);return n}o(Bn,"promptZendeskAction");async function Gn(e={}){let{prompt:t=be}=e,{months:n}=await t({type:"input",name:"months",message:Tn,initial:String(6),validate:st(r=>se(r,"expiry"))});return se(n,"expiry")}o(Gn,"promptExpiryMonths");async function Jn(e={}){let{prompt:t=be,gitUserEmail:n=nn}=e,{email:r}=await t({type:"input",name:"email",message:On,initial:n(),validate:st(i=>ie(i,"email"))});return ie(r,"email")}o(Jn,"promptEmail");async function Yn(e={}){let{prompt:t=be,stderr:n=process.stderr}=e;for(let r=1;r<=Pe;r+=1){let{passphrase:i}=await t({type:"password",name:"passphrase",message:Rn,validate:o(a=>a.length>=15?!0:Un(),"validate")}),{confirm:s}=await t({type:"password",name:"confirm",message:_n});if(i===s)return i;n.write(Kn(r))}throw new Error(Ln)}o(Yn,"promptPassphrase");async function qn(e,t={}){let{prompt:n=o(i=>it.prompt(i),"prompt")}=t,{confirmed:r}=await n({type:"confirm",name:"confirmed",message:jn(e),initial:!1});return r}o(qn,"promptConfirmOverwrite");function Ds(e){return{writeFileSync:e.writeFileSync??ks,mkdirSync:e.mkdirSync??bs,existsSync:e.existsSync??Es,generateSigningKeyPair:e.generateSigningKeyPair??xs,encryptStringAsJwe:e.encryptStringAsJwe??Vt,storeKeyInKeychain:e.storeKeyInKeychain??jt,isOS:e.isOS??(t=>B(t)),promptKid:e.promptKid??Hn,promptExpiryMonths:e.promptExpiryMonths??Gn,promptEmail:e.promptEmail??Jn,promptPassphrase:e.promptPassphrase??Yn,promptConfirmOverwrite:e.promptConfirmOverwrite??qn,discoverLocalKeys:e.discoverLocalKeys??(()=>ye()),promptZendeskAction:e.promptZendeskAction??Bn,openUrl:e.openUrl??(t=>As(t)),copyToClipboard:e.copyToClipboard??In,isInteractive:e.isInteractive??(()=>process.stdout.isTTY===!0)}}o(Ds,"resolveDeps");function Wn(e,t={}){let n=Ds(t),r=e.command("keys").description("Manage code signing keys");r.command("generate").description("Generate an Ed25519 keypair for code signing").option("-o, --output <path>","Encrypted private key output path (forces file storage even on macOS)").option("--no-keychain",`Skip macOS Keychain and write a passphrase-encrypted private key under ${F().keysDir} instead`).option("-e, --expires <months>",`Validity in months (${1}-${12}); skips the interactive prompt`).option("--email <address>","Email address for the registry entry; skips the interactive prompt").option("--kid <identifier>","Signing identity name for the registry (e.g. jsmith-dev-001); skips the interactive prompt").option("--force","Overwrite an existing key without prompting for confirmation").option("--copy-link","Copy the Zendesk registration link to the clipboard without prompting").action(i=>Fs(i,n)),r.command("list").description("List local signing identities and their storage location").action(()=>Is(n))}o(Wn,"registerKeysCommand");async function Is(e){let t=await e.discoverLocalKeys();if(t.length===0){process.stdout.write(`No signing identities found.
 `),process.stdout.write(`Run \`cognite keys generate\` to create one (storage: ${F().keysDir}).
-`);return}let r=["KID","SOURCE","EMAIL"],n=t.map(s=>[s.kid,fe(s.source),s.email??"\u2014"]),i=r.map((s,p)=>Math.max(s.length,...n.map(c=>c[p].length))),a=o(s=>s.map((p,c)=>p.padEnd(i[c])).join("  ").trimEnd(),"fmt");process.stdout.write(`${a(r)}
-`);for(let s of n)process.stdout.write(`${a(s)}
-`)}o(Ls,"handleList");function Yr(e,t,r){let n=be(F().keysDir,`${e}${ee}`);return r.mkdirSync(at(n),{recursive:!0}),r.writeFileSync(n,t),n}o(Yr,"writePublicKey");async function Ks(e,t,r,n,i,{force:a=!1}={}){let s=n??be(F().keysDir,`${e}${Je}`);if(i.mkdirSync(at(s),{recursive:!0}),!a&&i.existsSync(s))throw new Error(`Refusing to overwrite existing key at ${s}. Delete it first if you really want to regenerate: rm ${s}`);let p=await i.encryptStringAsJwe(t,r);return i.writeFileSync(s,p,{mode:384}),s}o(Ks,"writeEncryptedPrivateKey");async function js(e,t,r=new Date){let{isOS:n,existsSync:i,mkdirSync:a,writeFileSync:s,generateSigningKeyPair:p,storeKeyInKeychain:c,promptExpiryMonths:l,promptKid:d,promptEmail:m,promptPassphrase:g,promptConfirmOverwrite:u}=t,f=e.keychain!==!1&&n("macos")&&!e.output,S=e.expires!==void 0?se(e.expires):await l(),v=tt(kr(r,S)),h=e.kid!==void 0?Ee(e.kid):await d(),k=be(F().keysDir,`${h}${ee}`),y=i(k);if(y&&!e.force&&!await u(h)){process.stderr.write(`Aborted.
+`);return}let n=["KID","SOURCE","EMAIL"],r=t.map(a=>[a.kid,fe(a.source),a.email??"\u2014"]),i=n.map((a,p)=>Math.max(a.length,...r.map(c=>c[p].length))),s=o(a=>a.map((p,c)=>p.padEnd(i[c])).join("  ").trimEnd(),"fmt");process.stdout.write(`${s(n)}
+`);for(let a of r)process.stdout.write(`${s(a)}
+`)}o(Is,"handleList");function zn(e,t,n){let r=ke(F().keysDir,`${e}${ee}`);return n.mkdirSync(at(r),{recursive:!0}),n.writeFileSync(r,t),r}o(zn,"writePublicKey");async function $s(e,t,n,r,i,{force:s=!1}={}){let a=r??ke(F().keysDir,`${e}${Ye}`);if(i.mkdirSync(at(a),{recursive:!0}),!s&&i.existsSync(a))throw new Error(`Refusing to overwrite existing key at ${a}. Delete it first if you really want to regenerate: rm ${a}`);let p=await i.encryptStringAsJwe(t,n);return i.writeFileSync(a,p,{mode:384}),a}o($s,"writeEncryptedPrivateKey");async function Fs(e,t,n=new Date){let{isOS:r,existsSync:i,mkdirSync:s,writeFileSync:a,generateSigningKeyPair:p,storeKeyInKeychain:c,promptExpiryMonths:l,promptKid:d,promptEmail:m,promptPassphrase:g,promptConfirmOverwrite:u}=t,f=e.keychain!==!1&&r("macos")&&!e.output,S=e.expires!==void 0?se(e.expires):await l(),v=tt(xn(n,S)),h=e.kid!==void 0?Ee(e.kid):await d(),b=ke(F().keysDir,`${h}${ee}`),y=i(b);if(y&&!e.force&&!await u(h)){process.stderr.write(`Aborted.
 `);return}let C=e.email!==void 0?ie(e.email,"--email"):await m(),$=f?null:await g();process.stderr.write(`
 Generating Ed25519 keypair...
-`);let{privateKeyPem:w,publicKeyPem:N}=await p(h);if(f){await c(h,w);let U=Yr(h,N,t);process.stderr.write(`Public key:  ${U}
+`);let{privateKeyPem:w,publicKeyPem:N}=await p(h);if(f){await c(h,w);let U=zn(h,N,t);process.stderr.write(`Public key:  ${U}
 `),process.stderr.write(`Private key: macOS Keychain (service: cognite-dune, account: ${h})
-`)}else{if($===null)throw new Error("passphrase is required when not using Keychain");let U=await Ks(h,w,$,e.output,t,{force:y}),De=Yr(h,N,t);process.stderr.write(`Public key:  ${De}
-`),process.stderr.write(`Private key: ${U} (JWE, AES-256-GCM, PBKDF2-SHA512 x${Be.toLocaleString()})
-`),n("macos")||process.stderr.write(`   (macOS Keychain integration is the default on darwin; on this OS we use the file.)
-`)}let ce=be(F().keysDir,`${h}${Ye}`);a(at(ce),{recursive:!0}),s(ce,JSON.stringify({email:C}));let Y=xr(process.stderr);process.stderr.write(`
+`)}else{if($===null)throw new Error("passphrase is required when not using Keychain");let U=await $s(h,w,$,e.output,t,{force:y}),De=zn(h,N,t);process.stderr.write(`Public key:  ${De}
+`),process.stderr.write(`Private key: ${U} (JWE, AES-256-GCM, PBKDF2-SHA512 x${Ge.toLocaleString()})
+`),r("macos")||process.stderr.write(`   (macOS Keychain integration is the default on darwin; on this OS we use the file.)
+`)}let ce=ke(F().keysDir,`${h}${qe}`);s(at(ce),{recursive:!0}),a(ce,JSON.stringify({email:C}));let Y=Dn(process.stderr);process.stderr.write(`
 Signing identity (kid): ${Y.green(h)}
 `),process.stderr.write(`Expires: ${v} (${S} month${S===1?"":"s"} from today)
-`);let Ae={kid:h,publicKeyPem:N,email:C,expires:v};process.stderr.write(rt(Ae,Y,r));let q=Dr(h,C,v,rt(Ae,oe,r));process.stderr.write(`
+`);let Ae={kid:h,publicKeyPem:N,email:C,expires:v};process.stderr.write(nt(Ae,Y,n));let q=$n(h,C,v,nt(Ae,oe,n));process.stderr.write(`
 ${Y.bold("Next:")}
 `),process.stderr.write(`  1. Register your signing key \u2014 submit this pre-filled Zendesk request:
 `);let le=e.copyLink?"clipboard":t.isInteractive()?await t.promptZendeskAction():null;if(le==="browser")try{await t.openUrl(q),process.stderr.write(`     Opening in browser...
@@ -148,13 +146,13 @@ ${Y.bold("Next:")}
 `);process.stderr.write(`
   2. Once your key is approved, sign your Dune app:
 `),process.stderr.write(`     ${Y.cyan(`cognite sign -s ${h}`)}
-`)}o(js,"handleGenerate");var zr=1e3,Ns=new Set(["baseUrl","url","project","deployment","source","path","name","displayName","description"]);function Ms(e){return Object.fromEntries(Object.entries(e).map(([t,r])=>typeof r=="boolean"?[t,r]:Ns.has(t)?[t,r]:[t,"[REDACTED]"]))}o(Ms,"sanitize");function Hs(e){let t=[],r=e;for(;r;)r.parent&&t.unshift(r.name()),r=r.parent;return t.join(" ")}o(Hs,"getCommandPath");function Wr(e){try{let t=e(process.cwd());return{appExternalId:t.externalId,appVersionTag:t.versionTag}}catch{return{}}}o(Wr,"tryLoadAppConfig");function pt(e){return e.filter(t=>!t.startsWith("-")).join(" ")||"unknown"}o(pt,"commandFromArgv");function Xr(e,t,r=E){e.hook("postAction",async(n,i)=>{try{let a={command:Hs(i),options:Ms(i.opts()),success:!0,...Wr(r)};t.track("Flows.CLI.Command",{...a}),await t.flush(zr)}catch{}})}o(Xr,"instrument");async function Zr(e,t,r=E){try{let n={command:pt(t),options:{},success:!1,...Wr(r)};e.track("Flows.CLI.Command",{...n}),await e.flush(zr)}catch{}}o(Zr,"trackFailure");var Vs="ERR_USE_AFTER_CLOSE";function en(e){return e instanceof Error&&"code"in e&&e.code===Vs}o(en,"isReadlineClosedError");function Bs(e){let t=Object.getPrototypeOf(e);return t===Object.prototype||t===null}o(Bs,"isPlainObject");function ct(e){return e==null||en(e)?!0:e instanceof Error?!1:!!(typeof e=="object"&&e!==null&&Bs(e)&&Object.keys(e).length===0)}o(ct,"isPromptCancel");var Qr=!1;function tn(){Qr||(Qr=!0,process.on("uncaughtException",e=>{en(e)&&(console.error(`
+`)}o(Fs,"handleGenerate");var Xn=1e3,Ts=new Set(["baseUrl","url","project","deployment","source","path","name","displayName","description"]);function Os(e){return Object.fromEntries(Object.entries(e).map(([t,n])=>typeof n=="boolean"?[t,n]:Ts.has(t)?[t,n]:[t,"[REDACTED]"]))}o(Os,"sanitize");function Rs(e){let t=[],n=e;for(;n;)n.parent&&t.unshift(n.name()),n=n.parent;return t.join(" ")}o(Rs,"getCommandPath");function Zn(e){try{let t=e(process.cwd());return{appExternalId:t.externalId,appVersionTag:t.versionTag}}catch{return{}}}o(Zn,"tryLoadAppConfig");function pt(e){return e.filter(t=>!t.startsWith("-")).join(" ")||"unknown"}o(pt,"commandFromArgv");function Qn(e,t,n=E){e.hook("postAction",async(r,i)=>{try{let s={command:Rs(i),options:Os(i.opts()),success:!0,...Zn(n)};t.track("Flows.CLI.Command",{...s}),await t.flush(Xn)}catch{}})}o(Qn,"instrument");async function er(e,t,n=E){try{let r={command:pt(t),options:{},success:!1,...Zn(n)};e.track("Flows.CLI.Command",{...r}),await e.flush(Xn)}catch{}}o(er,"trackFailure");var _s="ERR_USE_AFTER_CLOSE";function nr(e){return e instanceof Error&&"code"in e&&e.code===_s}o(nr,"isReadlineClosedError");function Us(e){let t=Object.getPrototypeOf(e);return t===Object.prototype||t===null}o(Us,"isPlainObject");function ct(e){return e==null||nr(e)?!0:e instanceof Error?!1:!!(typeof e=="object"&&e!==null&&Us(e)&&Object.keys(e).length===0)}o(ct,"isPromptCancel");var tr=!1;function rr(){tr||(tr=!0,process.on("uncaughtException",e=>{nr(e)&&(console.error(`
 Cancelled.`),process.exit(130)),console.error(e),process.exit(1)}),process.on("unhandledRejection",e=>{ct(e)&&(console.error(`
-Cancelled.`),process.exit(130)),console.error(e),process.exit(1)}))}o(tn,"installCancelHandler");import{homedir as zs}from"os";import rn from"mixpanel";var Gs="5c4d853e7c3b77b1eb4468d5329b278c",ae="cognite-cli",Js=2e3,nn={env:process.env,init:rn.init.bind(rn)},Ys={track:o(()=>{},"track"),flush:o(async()=>{},"flush")};function lt(e=process.env){return e.COGNITE_TELEMETRY_DISABLED==="1"||e.DO_NOT_TRACK==="1"}o(lt,"isTelemetryDisabled");function qs(e){return e.COGNITE_TELEMETRY_DEBUG==="1"}o(qs,"isDebug");function on(e={}){let t=e.env??nn.env,r=e.init??nn.init,n=e.packageName,i=e.cliVersion,a=qs(t);if(lt(t))return a&&process.stderr.write(`[telemetry] disabled \u2014 noop tracker
-`),Ys;let s,p=new Set;function c(){if(s)return s;try{return s=r(Gs,{geolocate:!1,keepAlive:!1}),s}catch{return}}return o(c,"getClient"),{track(l,d={}){let m=c();if(!m)return;let g={...d,applicationId:ae,...n&&{packageName:n},...i&&{cliVersion:i},nodeVersion:process.version,platform:process.platform};a&&process.stderr.write(`[telemetry] track ${l} ${JSON.stringify(g)}
-`);let u=o(()=>{},"finish"),f=new Promise(S=>{u=S});p.add(f);try{m.track(l,g,u)}catch{u()}f.finally(()=>p.delete(f))},async flush(l=Js){if(p.size===0)return;let d,m=new Promise(g=>{d=setTimeout(g,l),d.unref?.()});try{await Promise.race([Promise.allSettled([...p]),m])}finally{d&&clearTimeout(d)}a&&process.stderr.write(`[telemetry] flush done (${p.size} still pending)
-`)}}}o(on,"createTelemetry");var Ws=zs();function pe(e,t=Ws){if(!t||t==="/")return e;let r=e.replaceAll(t,"~"),n=t.replaceAll("\\","/");return n!==t&&(r=r.replaceAll(n,"~")),r=r.replace(/(?<![A-Za-z0-9_])[A-Za-z]:[/\\]Users[/\\][^\s/\\]+(?=[/\\]|$)/g,"~"),r=r.replace(/(?<![A-Za-z0-9_])\/(?:Users|home)\/[^\s/]+(?=[/\\]|$)/g,"~"),r}o(pe,"redactHomedir");var Xs=1e3,Zs="https://0a118cb02e3be57b1838bcfb5783a2bf@o4508040730968064.ingest.de.sentry.io/4510719268290640",Qs={captureError:o(async()=>{},"captureError"),flush:o(async()=>{},"flush")};function ea(e){return e.packageName&&e.cliVersion?`${e.packageName}@${e.cliVersion}`:e.cliVersion??"unknown"}o(ea,"buildRelease");var ta="192.0.2.0";function ra(e){return e?.map(t=>({...t,...t.filename!==void 0&&{filename:pe(t.filename)},...t.abs_path!==void 0&&{abs_path:pe(t.abs_path)},...t.module!==void 0&&{module:pe(t.module)}}))}o(ra,"scrubStackFrames");function na(e){let t={...e.user,email:void 0,username:void 0,ip_address:ta,id:void 0},r=e.exception?.values?.map(n=>({...n,value:n.value!==void 0?pe(n.value):n.value,...n.stacktrace!==void 0&&{stacktrace:{...n.stacktrace,frames:ra(n.stacktrace.frames)}}}));return{...e,message:e.message!==void 0?pe(e.message):e.message,user:t,server_name:void 0,...r!==void 0&&{exception:{...e.exception,values:r}}}}o(na,"scrubPii");function sn(e={}){let t=e.env??process.env;if(lt(t))return Qs;let r=ea(e),n="production",i=null,a=null;function s(){return{dsn:Zs,release:r,environment:n,defaultIntegrations:!1,integrations:[],sendDefaultPii:!1,enableLogs:!1,initialScope:{tags:{component:"cli",applicationId:ae},contexts:{cli:{applicationId:ae,node:process.version,platform:process.platform}}},beforeSend:na}}o(s,"buildInitOptions");async function p(){return i||(a||(a=(async()=>{try{let c=e.sdk??await import("@sentry/node");return c.init(s()),i=c,c}catch{return null}})()),a)}return o(p,"ensureSdk"),{async captureError(c,l){try{let d=await p();if(!d)return;let m={level:"fatal"};l?.command&&(m.tags={command:l.command},m.contexts={cli:{applicationId:ae,node:process.version,platform:process.platform,command:l.command}}),d.captureException(c,m)}catch{}},async flush(c=Xs){try{if(!i)return;await i.flush(c)}catch{}}}}o(sn,"createErrorReporter");import{mkdirSync as oa,readFileSync as ia,writeFileSync as sa}from"fs";import{homedir as aa}from"os";import{resolve as xe}from"path";import{debuglog as pa}from"util";import{lt as ca,parse as an}from"semver";var la="https://registry.npmjs.org/@cognite/cli/latest",da=1500,pn="upgrade-check.json",cn=xe(process.env.XDG_CACHE_HOME||xe(aa(),".cache"),"@cognite","cli"),dt=pa("cognite-flows");function ma(e,t){return!e||!t||!an(e)||!an(t)?!1:ca(e,t)}o(ma,"isOutdated");async function ua({timeout:e=da,registryUrl:t=la,fetchImpl:r=globalThis.fetch}={}){if(typeof r!="function")return null;try{let n=await r(t,{signal:AbortSignal.timeout(e)});if(!n?.ok)return null;let i=await n.json();return typeof i?.version=="string"?i.version:null}catch(n){return dt("fetchLatestVersion failed (%s): %O",t,n),null}}o(ua,"fetchLatestVersion");function ga(e=cn,t=864e5){try{let r=ia(xe(e,pn),"utf-8"),n=JSON.parse(r);return typeof n.latest!="string"||typeof n.fetchedAt!="number"||Date.now()-n.fetchedAt>t?null:{latest:n.latest,fetchedAt:n.fetchedAt}}catch(r){return dt("readUpgradeCheckCache failed (%s): %O",e,r),null}}o(ga,"readUpgradeCheckCache");function fa(e,t){try{oa(e,{recursive:!0});let r={latest:t,fetchedAt:Date.now()};sa(xe(e,pn),JSON.stringify(r))}catch(r){dt("writeUpgradeCheckCache failed (%s): %O",e,r)}}o(fa,"writeUpgradeCheckCache");async function ya({cacheDir:e=cn,...t}={}){let r=await ua(t);r&&fa(e,r)}o(ya,"startBackgroundUpgradeCheck");function ln(e,{onOutdated:t,cacheDir:r,...n}={}){let i=ga(r);if(i){ma(e,i.latest)&&t?.(e,i.latest);return}ya({cacheDir:r,...n})}o(ln,"preActionUpgradeCheck");import{default as Eu,chalkStderr as dn}from"chalk";function mn(e,t){let r=[`\u26A0  Update available: ${e} -> ${t}`,"   Run npx @cognite/cli@latest"],n=Math.max(...r.map(p=>[...p].length))+2,i="\u2500".repeat(n),a=o(p=>`\u2502 ${p}${" ".repeat(n-1-[...p].length)}\u2502`,"pad"),s=[`\u250C${i}\u2510`,...r.map(a),`\u2514${i}\u2518`].join(`
-`);return dn.bold.yellow(s)}o(mn,"formatUpgradeWarning");function wa(e){return e instanceof Error&&"code"in e&&typeof e.code=="string"&&e.code==="DEP0040"}o(wa,"isDep0040Warning");var ut=process,va=ut.emit.bind(ut);ut.emit=function(e,...t){return e==="warning"&&wa(t[0])?!1:va(e,...t)};tn();var W=new Sa;W.name("cognite").description("Build and deploy React apps to Cognite Data Fusion").version("1.3.2-alpha.https1").showHelpAfterError().configureOutput({writeOut:o(e=>ha(1,e),"writeOut")});W.hook("preAction",()=>{ln("1.3.2-alpha.https1",{onOutdated:o((e,t)=>{console.warn(`
-${mn(e,t)}
-`)},"onOutdated")})});Er(W);qr(W);var gn=on({packageName:"@cognite/cli",cliVersion:"1.3.2-alpha.https1"}),un=sn({packageName:"@cognite/cli",cliVersion:"1.3.2-alpha.https1"});Xr(W,gn);var mt=process.argv.slice(2);W.parseAsync(mt,{from:"user"}).catch(async e=>{await Zr(gn,mt),ct(e)&&(console.error(`
-Cancelled.`),process.exit(130)),await un.captureError(e,{command:pt(mt)}),await un.flush(),console.error(e instanceof Error?`\u274C ${e.message}`:e),process.exit(1)});
+Cancelled.`),process.exit(130)),console.error(e),process.exit(1)}))}o(rr,"installCancelHandler");import{homedir as Ms}from"os";import or from"mixpanel";var Ks="5c4d853e7c3b77b1eb4468d5329b278c",ae="cognite-cli",Ls=2e3,ir={env:process.env,init:or.init.bind(or)},js={track:o(()=>{},"track"),flush:o(async()=>{},"flush")};function lt(e=process.env){return e.COGNITE_TELEMETRY_DISABLED==="1"||e.DO_NOT_TRACK==="1"}o(lt,"isTelemetryDisabled");function Ns(e){return e.COGNITE_TELEMETRY_DEBUG==="1"}o(Ns,"isDebug");function sr(e={}){let t=e.env??ir.env,n=e.init??ir.init,r=e.packageName,i=e.cliVersion,s=Ns(t);if(lt(t))return s&&process.stderr.write(`[telemetry] disabled \u2014 noop tracker
+`),js;let a,p=new Set;function c(){if(a)return a;try{return a=n(Ks,{geolocate:!1,keepAlive:!1}),a}catch{return}}return o(c,"getClient"),{track(l,d={}){let m=c();if(!m)return;let g={...d,applicationId:ae,...r&&{packageName:r},...i&&{cliVersion:i},nodeVersion:process.version,platform:process.platform};s&&process.stderr.write(`[telemetry] track ${l} ${JSON.stringify(g)}
+`);let u=o(()=>{},"finish"),f=new Promise(S=>{u=S});p.add(f);try{m.track(l,g,u)}catch{u()}f.finally(()=>p.delete(f))},async flush(l=Ls){if(p.size===0)return;let d,m=new Promise(g=>{d=setTimeout(g,l),d.unref?.()});try{await Promise.race([Promise.allSettled([...p]),m])}finally{d&&clearTimeout(d)}s&&process.stderr.write(`[telemetry] flush done (${p.size} still pending)
+`)}}}o(sr,"createTelemetry");var Vs=Ms();function pe(e,t=Vs){if(!t||t==="/")return e;let n=e.replaceAll(t,"~"),r=t.replaceAll("\\","/");return r!==t&&(n=n.replaceAll(r,"~")),n=n.replace(/(?<![A-Za-z0-9_])[A-Za-z]:[/\\]Users[/\\][^\s/\\]+(?=[/\\]|$)/g,"~"),n=n.replace(/(?<![A-Za-z0-9_])\/(?:Users|home)\/[^\s/]+(?=[/\\]|$)/g,"~"),n}o(pe,"redactHomedir");var Hs=1e3,Bs="https://0a118cb02e3be57b1838bcfb5783a2bf@o4508040730968064.ingest.de.sentry.io/4510719268290640",Gs={captureError:o(async()=>{},"captureError"),flush:o(async()=>{},"flush")};function Js(e){return e.packageName&&e.cliVersion?`${e.packageName}@${e.cliVersion}`:e.cliVersion??"unknown"}o(Js,"buildRelease");var Ys="192.0.2.0";function qs(e){return e?.map(t=>({...t,...t.filename!==void 0&&{filename:pe(t.filename)},...t.abs_path!==void 0&&{abs_path:pe(t.abs_path)},...t.module!==void 0&&{module:pe(t.module)}}))}o(qs,"scrubStackFrames");function zs(e){let t={...e.user,email:void 0,username:void 0,ip_address:Ys,id:void 0},n=e.exception?.values?.map(r=>({...r,value:r.value!==void 0?pe(r.value):r.value,...r.stacktrace!==void 0&&{stacktrace:{...r.stacktrace,frames:qs(r.stacktrace.frames)}}}));return{...e,message:e.message!==void 0?pe(e.message):e.message,user:t,server_name:void 0,...n!==void 0&&{exception:{...e.exception,values:n}}}}o(zs,"scrubPii");function ar(e={}){let t=e.env??process.env;if(lt(t))return Gs;let n=Js(e),r="production",i=null,s=null;function a(){return{dsn:Bs,release:n,environment:r,defaultIntegrations:!1,integrations:[],sendDefaultPii:!1,enableLogs:!1,initialScope:{tags:{component:"cli",applicationId:ae},contexts:{cli:{applicationId:ae,node:process.version,platform:process.platform}}},beforeSend:zs}}o(a,"buildInitOptions");async function p(){return i||(s||(s=(async()=>{try{let c=e.sdk??await import("@sentry/node");return c.init(a()),i=c,c}catch{return null}})()),s)}return o(p,"ensureSdk"),{async captureError(c,l){try{let d=await p();if(!d)return;let m={level:"fatal"};l?.command&&(m.tags={command:l.command},m.contexts={cli:{applicationId:ae,node:process.version,platform:process.platform,command:l.command}}),d.captureException(c,m)}catch{}},async flush(c=Hs){try{if(!i)return;await i.flush(c)}catch{}}}}o(ar,"createErrorReporter");import{mkdirSync as Ws,readFileSync as Xs,writeFileSync as Zs}from"fs";import{homedir as Qs}from"os";import{resolve as xe}from"path";import{debuglog as ea}from"util";import{lt as ta,parse as pr}from"semver";var na="https://registry.npmjs.org/@cognite/cli/latest",ra=1500,cr="upgrade-check.json",lr=xe(process.env.XDG_CACHE_HOME||xe(Qs(),".cache"),"@cognite","cli"),dt=ea("cognite-flows");function oa(e,t){return!e||!t||!pr(e)||!pr(t)?!1:ta(e,t)}o(oa,"isOutdated");async function ia({timeout:e=ra,registryUrl:t=na,fetchImpl:n=globalThis.fetch}={}){if(typeof n!="function")return null;try{let r=await n(t,{signal:AbortSignal.timeout(e)});if(!r?.ok)return null;let i=await r.json();return typeof i?.version=="string"?i.version:null}catch(r){return dt("fetchLatestVersion failed (%s): %O",t,r),null}}o(ia,"fetchLatestVersion");function sa(e=lr,t=864e5){try{let n=Xs(xe(e,cr),"utf-8"),r=JSON.parse(n);return typeof r.latest!="string"||typeof r.fetchedAt!="number"||Date.now()-r.fetchedAt>t?null:{latest:r.latest,fetchedAt:r.fetchedAt}}catch(n){return dt("readUpgradeCheckCache failed (%s): %O",e,n),null}}o(sa,"readUpgradeCheckCache");function aa(e,t){try{Ws(e,{recursive:!0});let n={latest:t,fetchedAt:Date.now()};Zs(xe(e,cr),JSON.stringify(n))}catch(n){dt("writeUpgradeCheckCache failed (%s): %O",e,n)}}o(aa,"writeUpgradeCheckCache");async function pa({cacheDir:e=lr,...t}={}){let n=await ia(t);n&&aa(e,n)}o(pa,"startBackgroundUpgradeCheck");function dr(e,{onOutdated:t,cacheDir:n,...r}={}){let i=sa(n);if(i){oa(e,i.latest)&&t?.(e,i.latest);return}pa({cacheDir:n,...r})}o(dr,"preActionUpgradeCheck");import{default as lu,chalkStderr as mr}from"chalk";function ur(e,t){let n=[`\u26A0  Update available: ${e} -> ${t}`,"   Run npx @cognite/cli@latest"],r=Math.max(...n.map(p=>[...p].length))+2,i="\u2500".repeat(r),s=o(p=>`\u2502 ${p}${" ".repeat(r-1-[...p].length)}\u2502`,"pad"),a=[`\u250C${i}\u2510`,...n.map(s),`\u2514${i}\u2518`].join(`
+`);return mr.bold.yellow(a)}o(ur,"formatUpgradeWarning");function da(e){return e instanceof Error&&"code"in e&&typeof e.code=="string"&&e.code==="DEP0040"}o(da,"isDep0040Warning");var ut=process,ma=ut.emit.bind(ut);ut.emit=function(e,...t){return e==="warning"&&da(t[0])?!1:ma(e,...t)};rr();var W=new la;W.name("cognite").description("Build and deploy React apps to Cognite Data Fusion").version("1.3.2-alpha.winurl1").showHelpAfterError().configureOutput({writeOut:o(e=>ca(1,e),"writeOut")});W.hook("preAction",()=>{dr("1.3.2-alpha.winurl1",{onOutdated:o((e,t)=>{console.warn(`
+${ur(e,t)}
+`)},"onOutdated")})});kn(W);Wn(W);var fr=sr({packageName:"@cognite/cli",cliVersion:"1.3.2-alpha.winurl1"}),gr=ar({packageName:"@cognite/cli",cliVersion:"1.3.2-alpha.winurl1"});Qn(W,fr);var mt=process.argv.slice(2);W.parseAsync(mt,{from:"user"}).catch(async e=>{await er(fr,mt),ct(e)&&(console.error(`
+Cancelled.`),process.exit(130)),await gr.captureError(e,{command:pt(mt)}),await gr.flush(),console.error(e instanceof Error?`\u274C ${e.message}`:e),process.exit(1)});

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cognite/cli",
-  "version": "1.3.2-alpha.https1",
+  "version": "1.3.2-alpha.winurl1",
   "description": "CLI for Cognite Data Fusion",
   "license": "SEE LICENSE IN LICENSE.md",
   "author": "Cognite",