@cognite/cli 1.3.2-alpha.https1 → 1.3.3-alpha-zendesk

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/_templates/app/new/config/vite.config.ts.ejs.t +3 -6
  2. package/_templates/app/new/root/package.json.ejs.t +2 -2
  3. package/dist/chunk-5R5NRM2C.js +13 -0
  4. package/dist/cli/cli.js +92 -80
  5. package/dist/deploy/index.d.ts +1 -0
  6. package/dist/deploy/index.js +1 -1
  7. package/dist/index.js +1 -1
  8. package/package.json +1 -2
  9. package/dist/chunk-TYYH4NWG.js +0 -9
package/_templates/app/new/config/vite.config.ts.ejs.t CHANGED
@@ -3,20 +3,17 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>vite.config.ts'
3
3
  ---
4
4
  import path from 'node:path';
5
5
 
6
- import {
7
- fusionOpenPlugin,
8
- manifestCspPlugin,
9
- mkcertPlugin,
10
- } from '@cognite/app-sdk/vite';
6
+ import { fusionOpenPlugin, manifestCspPlugin } from '@cognite/app-sdk/vite';
11
7
  import tailwindcss from '@tailwindcss/vite';
12
8
  import react from '@vitejs/plugin-react';
13
9
  import { defineConfig } from 'vite';
10
+ import mkcert from 'vite-plugin-mkcert';
14
11
 
15
12
  export default defineConfig({
16
13
  base: './',
17
14
  // manifestCspPlugin() must stay first — its middleware sets the
18
15
  // Content-Security-Policy header before any HTML response is sent.
19
- plugins: [manifestCspPlugin(), react(), mkcertPlugin(), fusionOpenPlugin(), tailwindcss()],
16
+ plugins: [manifestCspPlugin(), react(), mkcert(), fusionOpenPlugin(), tailwindcss()],
20
17
  resolve: {
21
18
  alias: {
22
19
  '@': path.resolve(__dirname, './src'),
package/_templates/app/new/root/package.json.ejs.t CHANGED
@@ -22,8 +22,7 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>package.json'
22
22
  "lint": "eslint . --ext .js,.mjs,.cjs,.ts,.tsx",
23
23
  "lint:fix": "eslint . --fix --ext .js,.mjs,.cjs,.ts,.tsx",
24
24
  "deploy": "npx @cognite/cli@latest apps deploy --interactive",
25
- "activate": "npx @cognite/cli@latest apps activate --interactive",
26
- "setup-https": "npx @cognite/cli@latest apps setup-https"
25
+ "activate": "npx @cognite/cli@latest apps activate --interactive"
27
26
  },
28
27
  "dependencies": {
29
28
  "@cognite/aura": "^0.1.7",
@@ -61,6 +60,7 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>package.json'
61
60
  "typescript": "^5.0.0",
62
61
  "typescript-eslint": "^8.46.4",
63
62
  "vite": "7.3.2",
63
+ "vite-plugin-mkcert": "^1.17.9",
64
64
  "vitest": "^2.1.8"
65
65
  }
66
66
  }
package/dist/chunk-5R5NRM2C.js ADDED
@@ -0,0 +1,13 @@
1
+ var et=Object.defineProperty;var s=(n,t)=>et(n,"name",{value:t,configurable:!0});import{mkdir as Et,readFile as St}from"fs/promises";import{basename as Pt,dirname as vt}from"path";var J="https://docs.cognite.com/cdf/access/";function y(n){return n!==null&&typeof n=="object"}s(y,"isRecord");function P(n){return n instanceof Error&&"status"in n&&typeof n.status=="number"}s(P,"isHttpError");function nt(n){switch(n){case 401:return`Your credentials are invalid or expired. Check your client ID and secret.
2
+ See: ${J}`;case 403:return`You don't have the required CDF capabilities. Please contact your CDF admin.
3
+ See: ${J}`;default:return}}s(nt,"httpStatusHint");function w(n){let t=n instanceof Error?n:new Error(String(n));if(!P(t))return null;let e=nt(t.status);return e?Object.assign(new Error(`${t.message}
4
+ ${e}`),{cause:t}):null}s(w,"enrichedHttpError");function rt(n){if(!y(n))return null;let t=n.missing;if(Array.isArray(t))return t;let e=n.data;if(y(e)){let r=e.error;if(y(r)&&Array.isArray(r.missing))return r.missing;if(Array.isArray(e.missing))return e.missing}return null}s(rt,"findMissingArray");function ot(n,t){if(!P(n)||n.status!==400)return!1;let e=rt(n);return e?e.some(r=>y(r)&&typeof r.externalId=="string"&&t.includes(r.externalId)):!1}s(ot,"isMissingExternalIdError");function b(n,t){return P(n)&&n.status===404||ot(n,t)}s(b,"isNotFoundError");var q=["DRAFT","PUBLISHED","DEPRECATED","ARCHIVED"],Y=["ACTIVE","PREVIEW"],I=class I extends Error{constructor(t,e){super(`Version ${e} of app ${t} not found`),this.name="AppVersionNotFoundError",this.appExternalId=t,this.version=e}};s(I,"AppVersionNotFoundError");var C=I;function G(n,t){return n.includes(t)}s(G,"includesValue");function st(n){return G(q,n)}s(st,"isAppVersionLifecycleState");function it(n){return G(Y,n)}s(it,"isAppVersionAlias");function at(n){return typeof n.version=="string"&&st(n.lifecycleState)&&typeof n.entrypoint=="string"&&typeof n.createdTime=="number"&&typeof n.createdBy=="string"&&typeof n.appExternalId=="string"&&(n.alias===void 0||it(n.alias))&&(n.comment===void 0||typeof n.comment=="string")}s(at,"isAppVersion");function z(n){if(!y(n))throw new Error("Invalid version response: not an object");if(!at(n))throw new Error("Invalid version response: missing or malformed fields");return n}s(z,"parseAppVersion");var R=class R{constructor(t){this.client=t}get appsBasePath(){return`/api/v1/projects/${encodeURIComponent(this.client.project)}/apphosting/apps`}async createApp(t,e,r){try{await this.client.post(this.appsBasePath,{data:{items:[{externalId:t,name:e,description:r}]}})}catch(o){throw w(o)??o}}async uploadVersion(t,e,r,o,a="index.html"){console.log(`\u{1F4E4} Uploading version ${e}...`);let i=new FormData;i.append("file",new Blob([new Uint8Array(r)]),o),i.append("version",e),i.append("entryPath",a);let c=encodeURIComponent(t),p=`${this.appsBasePath}/${c}/versions`,l=await this.client.authenticate(),A=`${this.client.getBaseUrl()}${p}`,m=new AbortController,d=setTimeout(()=>m.abort(),300*1e3),g;try{g=await fetch(A,{method:"POST",headers:{Authorization:`Bearer ${l}`},body:i,signal:m.signal})}catch(h){throw h instanceof Error&&h.name==="AbortError"?new Error("Upload timed out after 5 minutes"):h}finally{clearTimeout(d)}if(!g.ok){let h=await g.text(),k=h;try{let V=JSON.parse(h);if(y(V)){let E=V.error;if(typeof E=="string")k=E;else if(y(E)){let S=E.message,M=E.code;k=typeof S=="string"?S:M!=null?`Unknown error (code: ${M})`:h}else{let S=V.message;k=typeof S=="string"?S:h}}}catch{}let j=g.headers.get("x-request-id"),tt=j?` | X-Request-ID: ${j}`:"",H=Object.assign(new Error(`Upload failed: ${g.status} \u2014 ${k}${tt}`),{status:g.status});throw w(H)??H}console.log(`\u2705 Version ${e} uploaded`)}async getVersion(t,e){let r=encodeURIComponent(t),o=encodeURIComponent(e),a=`${this.appsBasePath}/${r}/versions/${o}`;try{let i=await this.client.get(a);return z(i.data)}catch(i){throw b(i,[t,e])?new C(t,e):w(i)??i}}async getActiveVersion(t){let e=encodeURIComponent(t),r=`${this.appsBasePath}/${e}/active`;try{let o=await this.client.get(r);return z(o.data)}catch(o){if(b(o,[t]))return null;throw w(o)??o}}async updateVersions(t,e){let r=encodeURIComponent(t),o=`${this.appsBasePath}/${r}/versions/update`;try{await this.client.post(o,{data:{items:e}})}catch(a){throw w(a)??a}}async submitSignatures(t,e,r){let o=encodeURIComponent(t),a=encodeURIComponent(e),i=`${this.appsBasePath}/${o}/versions/${a}/signatures`;try{await this.client.post(i,{data:{items:r}})}catch(c){throw w(c)??c}}};s(R,"AppHostingApi");var $=R;var T=class T{constructor(t){this.api=new $(t)}getVersion(t,e){return this.api.getVersion(t,e)}uploadVersion(t,e,r,o,a){return this.api.uploadVersion(t,e,r,o,a)}async ensureApp(t,e,r){console.log("\u{1F50D} Ensuring app exists...");try{await this.api.createApp(t,e,r),console.log(`\u2705 App '${t}' created`)}catch(o){if(P(o)&&o.status===409){console.log(`\u2705 App '${t}' already exists`);return}throw o}}async submitSignatures(t,e,r){r.length!==0&&(console.log(`\u{1F50F} Submitting ${r.length} signature${r.length===1?"":"s"} for version ${e}...`),await this.api.submitSignatures(t,e,r),console.log("\u2705 Signatures stored"))}async publishVersion(t,e){await this.api.updateVersions(t,[{version:e,update:{lifecycleState:{set:"PUBLISHED"}}}])}async publishAndActivate(t,e){console.log(`\u{1F680} Publishing and activating version ${e}...`),await this.api.updateVersions(t,[{version:e,update:{lifecycleState:{set:"PUBLISHED"},alias:{set:"ACTIVE"}}}]),console.log(`\u2705 Version ${e} is now PUBLISHED and ACTIVE`)}getActiveVersion(t){return this.api.getActiveVersion(t)}async deactivateVersion(t,e){await this.api.updateVersions(t,[{version:e,update:{alias:{setNull:!0}}}])}async activateVersion(t,e){let r=null;try{r=await this.api.getActiveVersion(t)}catch{r=null}let o=r&&r.version!==e?r.version:void 0;return await this.api.updateVersions(t,[{version:e,update:{alias:{set:"ACTIVE"}}}]),{supersededVersion:o}}async deploy(t,e,r,o,a,i,c=!1){console.log(`
5
+ \u{1F680} Deploying application via App Hosting API...
6
+ `);try{await this.ensureApp(t,e,r),await this.uploadVersion(t,o,a,i),c&&await this.publishAndActivate(t,o),console.log(`
7
+ \u2705 Deployment successful!`)}catch(p){let l=p instanceof Error?p.message:String(p);throw Object.assign(new Error(`Deployment failed: ${l}`),{cause:p})}}};s(T,"AppHostingClient");var v=T;import{execFileSync as D}from"child_process";import f from"fs";import u from"path";import{parseAndValidateManifestConfig as ct}from"@cognite/app-sdk/vite";import{BlobReader as pt,Uint8ArrayWriter as lt,ZipWriter as dt}from"@zip.js/zip.js";var F="package.json",U="package-lock.json",K="manifest.json",_=".cognite",ut=[/^\.env(\..+)?$/,/^\.secrets?$/,/\.(key|pem|p12|pfx|jks|crt)$/i],N=class N{constructor(t="dist"){this.distPath=u.isAbsolute(t)?t:u.join(process.cwd(),t),this.appRoot=u.dirname(this.distPath)}validateBuildDirectory(){if(!f.existsSync(this.distPath))throw new Error(`Build directory "${this.distPath}" not found. Run build first.`);let t=u.join(this.appRoot,F);if(!f.existsSync(t))throw new Error(`"${t}" not found. It is required for deployment.`);let e=u.join(this.appRoot,U);if(!f.existsSync(e))throw new Error(`"${e}" not found. It is required for deployment.`)}async createZip(t="app.zip",e=!1){this.validateBuildDirectory(),console.log("\u{1F4E6} Packaging application...");let r=new dt(new lt,{level:9}),o=s(async(p,l)=>{await r.add(l,new pt(await f.openAsBlob(p))),e&&console.log(` \u{1F4C4} ${l}`)},"addFile"),a=s(async p=>{let l=await f.promises.readdir(p,{withFileTypes:!0});for(let A of l){let m=u.join(p,A.name);A.isDirectory()?await a(m):await o(m,u.relative(this.distPath,m).replace(/\\/g,"/"))}},"addDir"),i;try{await a(this.distPath);let p=u.join(this.appRoot,F);await o(p,u.posix.join(_,F));let l=u.join(this.appRoot,K);if(f.existsSync(l)){let m=f.readFileSync(l,"utf-8");ct(m,l),await o(l,u.posix.join(_,K))}let A=u.join(this.appRoot,U);await o(A,u.posix.join(_,U)),i=await r.close()}catch(p){let l=p instanceof Error?p.message:String(p);throw new Error(`Failed to create zip: ${l}`)}await f.promises.writeFile(t,i);let c=(i.byteLength/1024/1024).toFixed(2);return console.log(`\u2705 App packaged: ${t} (${c} MB)`),t}async createSourceArchive(t){console.log("\u{1F4E6} Packaging source for review...");let e;try{e=D("git",["-C",this.appRoot,"rev-parse","--show-toplevel"],{encoding:"utf-8",stdio:["pipe","pipe","pipe"]}).trim()}catch(d){throw d instanceof Error&&"code"in d&&d.code==="ENOENT"?new Error("git not found. Install git and ensure it is in your PATH."):new Error("Source packaging requires a git repository. Run `git init` first.")}let r=f.realpathSync(e),o=f.realpathSync(this.appRoot),a=u.relative(r,o)||".",i=a.replace(/\\/g,"/"),c=a==="."?"":`${i}/`,l=D("git",["-C",e,"ls-files","--",i],{encoding:"utf-8",stdio:["pipe","pipe","pipe"]}).trim().split(`
8
+ `).filter(Boolean).map(d=>c?d.slice(c.length):d).filter(d=>ut.some(g=>g.test(u.basename(d))));if(l.length>0)throw new Error(`Source archive would include sensitive files \u2014 remove them from git tracking first:
9
+ `+l.map(d=>` ${d}`).join(`
10
+ `)+`
11
+ Hint: git rm --cached <file>`);try{D("git",["-C",e,"archive","--format=zip",`--output=${t}`,"HEAD","--",i])}catch(d){let g=d instanceof Error?d.message:String(d);throw new Error(`Failed to create source archive: ${g}`)}let m=(f.statSync(t).size/1024/1024).toFixed(2);return console.log(`\u2705 Source packaged: ${u.basename(t)} (${m} MB)`),t}};s(N,"ApplicationPackager");var x=N;import gt from"path";var W=".cognite-bundles";function X(n,t){return`${n}-${t}.zip`}s(X,"bundleFileName");function L(n,t,e){return gt.join(n,W,X(t,e))}s(L,"bundlePath");import{CogniteClient as wt}from"@cognite/sdk";var ft=s(()=>{let n=process.env.DEPLOYMENT_SECRETS;if(!n)return{};try{let t=JSON.parse(n),e={};for(let[r,o]of Object.entries(t))if(typeof o=="string"){let a=r.toLowerCase().replace(/_/g,"-");e[a]=o}return e}catch(t){return console.error("Error parsing DEPLOYMENT_SECRETS:",t),{}}},"loadSecretsFromEnv"),mt=s(n=>{let t;if(process.env.DEPLOYMENT_SECRET&&(t=process.env.DEPLOYMENT_SECRET),t||(t=ft()[n]),t||(t=process.env[n]),!t)throw new Error(`Secret not found in environment: ${n}`);return t},"getSecretFromEnv"),ht=s(n=>{if(!n)return"";try{return new URL(n).hostname.replace(/\.cognitedata\.com$/,"")}catch{let t=n.replace(/^https?:\/\//,"");return t=t.split("/")[0],t=t.split(":")[0],t=t.replace(/\.cognitedata\.com$/,""),t}},"extractClusterFromUrl"),yt=s(async(n,t)=>{let e=`Basic ${btoa(`${n}:${t}`)}`,r=await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:e,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})});if(!r.ok){let a=await r.text();throw new Error(`Failed to get token from CDF: ${r.status} ${r.statusText}
12
+ ${a}`)}let o=await r.json();if(!o.access_token)throw new Error("No access token returned from CDF authentication");return o.access_token},"getTokenCdf"),At=s(async(n,t,e,r)=>{if(!r)throw new Error("Entra ID authentication requires 'baseUrl' to be set in deployment configuration");let o=ht(r);if(!o)throw new Error(`Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${r}`);let a=`https://login.microsoftonline.com/${e}/oauth2/v2.0/token`,i=`https://${o}.cognitedata.com/.default`,c=await fetch(a,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:n,client_secret:t,scope:i,grant_type:"client_credentials"})});if(!c.ok){let l=await c.text();throw new Error(`Failed to get token from Entra ID: ${c.status} ${c.statusText}
13
+ ${l}`)}let p=await c.json();if(!p.access_token)throw new Error("No access token returned from Entra ID authentication");return p.access_token},"getTokenEntra"),O=s(async(n,t=process.env)=>{if(t.COGNITE_TOKEN)return t.COGNITE_TOKEN;let{deployClientId:e,deploySecretName:r,idpType:o="cdf",tenantId:a,baseUrl:i}=n,c=mt(r);if(o==="entra_id"){if(!a)throw new Error("Entra ID authentication requires 'tenantId' in deployment configuration");return At(e,c,a,i)}return yt(e,c)},"getToken");async function B(n,t,e=process.env,r){let o=await O(n,e),a=e.COGNITE_BASE_URL??n.baseUrl,i=(r??(c=>new wt(c)))({appId:t,project:n.project,baseUrl:a,oidcTokenProvider:s(async()=>o,"oidcTokenProvider")});return await i.authenticate(),i}s(B,"getSdk");async function Z(n,t,e,r){let{externalId:o,name:a,description:i,versionTag:c}=t,p=L(e,o,c);await Et(vt(p),{recursive:!0}),await new x(`${e}/dist`).createZip(p,!0);let l=await St(p);await new v(n).deploy(o,a,i,c,l,Pt(p),r)}s(Z,"packageAndUpload");var xt=s(async(n,t,e)=>{let r=await B(n,e);await Z(r,t,e,n.published)},"deploy");import{existsSync as kt,readFileSync as Ct}from"fs";var Q=[".dev.sig",".cert.sig"];function $t(n,t={}){let e=t.existsSync??kt,r=t.readFileSync??((a,i)=>Ct(a,i)),o=[];for(let a of Q){let i=`${n}${a}`;if(!e(i))continue;let c=r(i,"utf8").trim();c.length>0&&o.push(c)}return o}s($t,"discoverSignatures");export{v as a,x as b,W as c,X as d,L as e,O as f,B as g,Z as h,xt as i,Q as j,$t as k};
package/dist/cli/cli.js CHANGED
@@ -1,14 +1,14 @@
1
1
  #!/usr/bin/env node
2
- import{a as o,e as gt}from"../chunk-A5ASLC6T.js";import{writeSync as ha}from"fs";import{Command as Sa}from"commander";import{createReadStream as Go,existsSync as Jo,readFileSync as Yo,writeFileSync as qo}from"fs";import{basename as zo,dirname as Wo,join as Xo,resolve as he}from"path";import{hashDevSignature as Zo,parseScope as Qo,signBundle as ei,validateScopes as ti}from"@cognite/app-sdk/codesigning";var ft="https://docs.cognite.com/cdf/access/";function L(e){return e!==null&&typeof e=="object"}o(L,"isRecord");function X(e){return e instanceof Error&&"status"in e&&typeof e.status=="number"}o(X,"isHttpError");function yn(e){switch(e){case 401:return`Your credentials are invalid or expired. Check your client ID and secret.
3
- See: ${ft}`;case 403:return`You don't have the required CDF capabilities. Please contact your CDF admin.
4
- See: ${ft}`;default:return}}o(yn,"httpStatusHint");function M(e){let t=e instanceof Error?e:new Error(String(e));if(!X(t))return null;let r=yn(t.status);return r?Object.assign(new Error(`${t.message}
5
- ${r}`),{cause:t}):null}o(M,"enrichedHttpError");function hn(e){if(!L(e))return null;let t=e.missing;if(Array.isArray(t))return t;let r=e.data;if(L(r)){let n=r.error;if(L(n)&&Array.isArray(n.missing))return n.missing;if(Array.isArray(r.missing))return r.missing}return null}o(hn,"findMissingArray");function Sn(e,t){if(!X(e)||e.status!==400)return!1;let r=hn(e);return r?r.some(n=>L(n)&&typeof n.externalId=="string"&&t.includes(n.externalId)):!1}o(Sn,"isMissingExternalIdError");function Ie(e,t){return X(e)&&e.status===404||Sn(e,t)}o(Ie,"isNotFoundError");var ht=["DRAFT","PUBLISHED","DEPRECATED","ARCHIVED"],St=["ACTIVE","PREVIEW"],$e=class $e extends Error{constructor(t,r){super(`Version ${r} of app ${t} not found`),this.name="AppVersionNotFoundError",this.appExternalId=t,this.version=r}};o($e,"AppVersionNotFoundError");var T=$e;function wt(e,t){return e.includes(t)}o(wt,"includesValue");function wn(e){return wt(ht,e)}o(wn,"isAppVersionLifecycleState");function vn(e){return wt(St,e)}o(vn,"isAppVersionAlias");function Cn(e){return typeof e.version=="string"&&wn(e.lifecycleState)&&typeof e.entrypoint=="string"&&typeof e.createdTime=="number"&&typeof e.createdBy=="string"&&typeof e.appExternalId=="string"&&(e.alias===void 0||vn(e.alias))&&(e.comment===void 0||typeof e.comment=="string")}o(Cn,"isAppVersion");function yt(e){if(!L(e))throw new Error("Invalid version response: not an object");if(!Cn(e))throw new Error("Invalid version response: missing or malformed fields");return e}o(yt,"parseAppVersion");var Fe=class Fe{constructor(t){this.client=t}get appsBasePath(){return`/api/v1/projects/${encodeURIComponent(this.client.project)}/apphosting/apps`}async createApp(t,r,n){try{await this.client.post(this.appsBasePath,{data:{items:[{externalId:t,name:r,description:n}]}})}catch(i){throw M(i)??i}}async uploadVersion(t,r,n,i,a="index.html"){console.log(`\u{1F4E4} Uploading version ${r}...`);let s=new FormData;s.append("file",new Blob([new Uint8Array(n)]),i),s.append("version",r),s.append("entryPath",a);let p=encodeURIComponent(t),c=`${this.appsBasePath}/${p}/versions`,l=await this.client.authenticate(),d=`${this.client.getBaseUrl()}${c}`,m=new AbortController,g=setTimeout(()=>m.abort(),300*1e3),u;try{u=await fetch(d,{method:"POST",headers:{Authorization:`Bearer ${l}`},body:s,signal:m.signal})}catch(f){throw f instanceof Error&&f.name==="AbortError"?new Error("Upload timed out after 5 minutes"):f}finally{clearTimeout(g)}if(!u.ok){let f=await u.text(),S=f;try{let y=JSON.parse(f);if(L(y)){let C=y.error;if(typeof C=="string")S=C;else if(L(C)){let $=C.message,w=C.code;S=typeof $=="string"?$:w!=null?`Unknown error (code: ${w})`:f}else{let $=y.message;S=typeof $=="string"?$:f}}}catch{}let v=u.headers.get("x-request-id"),h=v?` | X-Request-ID: ${v}`:"",k=Object.assign(new Error(`Upload failed: ${u.status} \u2014 ${S}${h}`),{status:u.status});throw M(k)??k}console.log(`\u2705 Version ${r} uploaded`)}async getVersion(t,r){let n=encodeURIComponent(t),i=encodeURIComponent(r),a=`${this.appsBasePath}/${n}/versions/${i}`;try{let s=await this.client.get(a);return yt(s.data)}catch(s){throw Ie(s,[t,r])?new T(t,r):M(s)??s}}async getActiveVersion(t){let r=encodeURIComponent(t),n=`${this.appsBasePath}/${r}/active`;try{let i=await this.client.get(n);return yt(i.data)}catch(i){if(Ie(i,[t]))return null;throw M(i)??i}}async updateVersions(t,r){let n=encodeURIComponent(t),i=`${this.appsBasePath}/${n}/versions/update`;try{await this.client.post(i,{data:{items:r}})}catch(a){throw M(a)??a}}async submitSignatures(t,r,n){let i=encodeURIComponent(t),a=encodeURIComponent(r),s=`${this.appsBasePath}/${i}/versions/${a}/signatures`;try{await this.client.post(s,{data:{items:n}})}catch(p){throw M(p)??p}}};o(Fe,"AppHostingApi");var de=Fe;var Te=class Te{constructor(t){this.api=new de(t)}getVersion(t,r){return this.api.getVersion(t,r)}uploadVersion(t,r,n,i,a){return this.api.uploadVersion(t,r,n,i,a)}async ensureApp(t,r,n){console.log("\u{1F50D} Ensuring app exists...");try{await this.api.createApp(t,r,n),console.log(`\u2705 App '${t}' created`)}catch(i){if(X(i)&&i.status===409){console.log(`\u2705 App '${t}' already exists`);return}throw i}}async submitSignatures(t,r,n){n.length!==0&&(console.log(`\u{1F50F} Submitting ${n.length} signature${n.length===1?"":"s"} for version ${r}...`),await this.api.submitSignatures(t,r,n),console.log("\u2705 Signatures stored"))}async publishVersion(t,r){await this.api.updateVersions(t,[{version:r,update:{lifecycleState:{set:"PUBLISHED"}}}])}async publishAndActivate(t,r){console.log(`\u{1F680} Publishing and activating version ${r}...`),await this.api.updateVersions(t,[{version:r,update:{lifecycleState:{set:"PUBLISHED"},alias:{set:"ACTIVE"}}}]),console.log(`\u2705 Version ${r} is now PUBLISHED and ACTIVE`)}getActiveVersion(t){return this.api.getActiveVersion(t)}async deactivateVersion(t,r){await this.api.updateVersions(t,[{version:r,update:{alias:{setNull:!0}}}])}async activateVersion(t,r){let n=null;try{n=await this.api.getActiveVersion(t)}catch{n=null}let i=n&&n.version!==r?n.version:void 0;return await this.api.updateVersions(t,[{version:r,update:{alias:{set:"ACTIVE"}}}]),{supersededVersion:i}}async deploy(t,r,n,i,a,s,p=!1){console.log(`
2
+ import{a as o,e as vt}from"../chunk-A5ASLC6T.js";import{writeSync as ba}from"fs";import{Command as ka}from"commander";import{createReadStream as ii,existsSync as si,readFileSync as ai,writeFileSync as pi}from"fs";import{basename as ci,dirname as li,join as di,resolve as ve}from"path";import{hashDevSignature as mi,parseScope as ui,signBundle as gi,validateScopes as fi}from"@cognite/app-sdk/codesigning";var wt="https://docs.cognite.com/cdf/access/";function L(e){return e!==null&&typeof e=="object"}o(L,"isRecord");function Z(e){return e instanceof Error&&"status"in e&&typeof e.status=="number"}o(Z,"isHttpError");function Fr(e){switch(e){case 401:return`Your credentials are invalid or expired. Check your client ID and secret.
3
+ See: ${wt}`;case 403:return`You don't have the required CDF capabilities. Please contact your CDF admin.
4
+ See: ${wt}`;default:return}}o(Fr,"httpStatusHint");function M(e){let t=e instanceof Error?e:new Error(String(e));if(!Z(t))return null;let n=Fr(t.status);return n?Object.assign(new Error(`${t.message}
5
+ ${n}`),{cause:t}):null}o(M,"enrichedHttpError");function Tr(e){if(!L(e))return null;let t=e.missing;if(Array.isArray(t))return t;let n=e.data;if(L(n)){let r=n.error;if(L(r)&&Array.isArray(r.missing))return r.missing;if(Array.isArray(n.missing))return n.missing}return null}o(Tr,"findMissingArray");function Rr(e,t){if(!Z(e)||e.status!==400)return!1;let n=Tr(e);return n?n.some(r=>L(r)&&typeof r.externalId=="string"&&t.includes(r.externalId)):!1}o(Rr,"isMissingExternalIdError");function $e(e,t){return Z(e)&&e.status===404||Rr(e,t)}o($e,"isNotFoundError");var Et=["DRAFT","PUBLISHED","DEPRECATED","ARCHIVED"],Pt=["ACTIVE","PREVIEW"],Fe=class Fe extends Error{constructor(t,n){super(`Version ${n} of app ${t} not found`),this.name="AppVersionNotFoundError",this.appExternalId=t,this.version=n}};o(Fe,"AppVersionNotFoundError");var _=Fe;function bt(e,t){return e.includes(t)}o(bt,"includesValue");function Or(e){return bt(Et,e)}o(Or,"isAppVersionLifecycleState");function _r(e){return bt(Pt,e)}o(_r,"isAppVersionAlias");function Ur(e){return typeof e.version=="string"&&Or(e.lifecycleState)&&typeof e.entrypoint=="string"&&typeof e.createdTime=="number"&&typeof e.createdBy=="string"&&typeof e.appExternalId=="string"&&(e.alias===void 0||_r(e.alias))&&(e.comment===void 0||typeof e.comment=="string")}o(Ur,"isAppVersion");function Ct(e){if(!L(e))throw new Error("Invalid version response: not an object");if(!Ur(e))throw new Error("Invalid version response: missing or malformed fields");return e}o(Ct,"parseAppVersion");var Te=class Te{constructor(t){this.client=t}get appsBasePath(){return`/api/v1/projects/${encodeURIComponent(this.client.project)}/apphosting/apps`}async createApp(t,n,r){try{await this.client.post(this.appsBasePath,{data:{items:[{externalId:t,name:n,description:r}]}})}catch(i){throw M(i)??i}}async uploadVersion(t,n,r,i,s="index.html"){console.log(`\u{1F4E4} Uploading version ${n}...`);let a=new FormData;a.append("file",new Blob([new Uint8Array(r)]),i),a.append("version",n),a.append("entryPath",s);let p=encodeURIComponent(t),c=`${this.appsBasePath}/${p}/versions`,l=await this.client.authenticate(),d=`${this.client.getBaseUrl()}${c}`,m=new AbortController,u=setTimeout(()=>m.abort(),300*1e3),g;try{g=await fetch(d,{method:"POST",headers:{Authorization:`Bearer ${l}`},body:a,signal:m.signal})}catch(f){throw f instanceof Error&&f.name==="AbortError"?new Error("Upload timed out after 5 minutes"):f}finally{clearTimeout(u)}if(!g.ok){let f=await g.text(),S=f;try{let y=JSON.parse(f);if(L(y)){let P=y.error;if(typeof P=="string")S=P;else if(L(P)){let T=P.message,v=P.code;S=typeof T=="string"?T:v!=null?`Unknown error (code: ${v})`:f}else{let T=y.message;S=typeof T=="string"?T:f}}}catch{}let C=g.headers.get("x-request-id"),h=C?` | X-Request-ID: ${C}`:"",k=Object.assign(new Error(`Upload failed: ${g.status} \u2014 ${S}${h}`),{status:g.status});throw M(k)??k}console.log(`\u2705 Version ${n} uploaded`)}async getVersion(t,n){let r=encodeURIComponent(t),i=encodeURIComponent(n),s=`${this.appsBasePath}/${r}/versions/${i}`;try{let a=await this.client.get(s);return Ct(a.data)}catch(a){throw $e(a,[t,n])?new _(t,n):M(a)??a}}async getActiveVersion(t){let n=encodeURIComponent(t),r=`${this.appsBasePath}/${n}/active`;try{let i=await this.client.get(r);return Ct(i.data)}catch(i){if($e(i,[t]))return null;throw M(i)??i}}async updateVersions(t,n){let r=encodeURIComponent(t),i=`${this.appsBasePath}/${r}/versions/update`;try{await this.client.post(i,{data:{items:n}})}catch(s){throw M(s)??s}}async submitSignatures(t,n,r){let i=encodeURIComponent(t),s=encodeURIComponent(n),a=`${this.appsBasePath}/${i}/versions/${s}/signatures`;try{await this.client.post(a,{data:{items:r}})}catch(p){throw M(p)??p}}};o(Te,"AppHostingApi");var ue=Te;var Re=class Re{constructor(t){this.api=new ue(t)}getVersion(t,n){return this.api.getVersion(t,n)}uploadVersion(t,n,r,i,s){return this.api.uploadVersion(t,n,r,i,s)}async ensureApp(t,n,r){console.log("\u{1F50D} Ensuring app exists...");try{await this.api.createApp(t,n,r),console.log(`\u2705 App '${t}' created`)}catch(i){if(Z(i)&&i.status===409){console.log(`\u2705 App '${t}' already exists`);return}throw i}}async submitSignatures(t,n,r){r.length!==0&&(console.log(`\u{1F50F} Submitting ${r.length} signature${r.length===1?"":"s"} for version ${n}...`),await this.api.submitSignatures(t,n,r),console.log("\u2705 Signatures stored"))}async publishVersion(t,n){await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"}}}])}async publishAndActivate(t,n){console.log(`\u{1F680} Publishing and activating version ${n}...`),await this.api.updateVersions(t,[{version:n,update:{lifecycleState:{set:"PUBLISHED"},alias:{set:"ACTIVE"}}}]),console.log(`\u2705 Version ${n} is now PUBLISHED and ACTIVE`)}getActiveVersion(t){return this.api.getActiveVersion(t)}async deactivateVersion(t,n){await this.api.updateVersions(t,[{version:n,update:{alias:{setNull:!0}}}])}async activateVersion(t,n){let r=null;try{r=await this.api.getActiveVersion(t)}catch{r=null}let i=r&&r.version!==n?r.version:void 0;return await this.api.updateVersions(t,[{version:n,update:{alias:{set:"ACTIVE"}}}]),{supersededVersion:i}}async deploy(t,n,r,i,s,a,p=!1){console.log(`
6
6
  \u{1F680} Deploying application via App Hosting API...
7
- `);try{await this.ensureApp(t,r,n),await this.uploadVersion(t,i,a,s),p&&await this.publishAndActivate(t,i),console.log(`
8
- \u2705 Deployment successful!`)}catch(c){let l=c instanceof Error?c.message:String(c);throw Object.assign(new Error(`Deployment failed: ${l}`),{cause:c})}}};o(Te,"AppHostingClient");var P=Te;import Pn from"path";var vt=".cognite-bundles";function Ct(e,t){return`${e}-${t}.zip`}o(Ct,"bundleFileName");function H(e,t,r){return Pn.join(e,vt,Ct(t,r))}o(H,"bundlePath");import{existsSync as En,readFileSync as kn}from"fs";var Pt=[".dev.sig",".cert.sig"];function Z(e,t={}){let r=t.existsSync??En,n=t.readFileSync??((a,s)=>kn(a,s)),i=[];for(let a of Pt){let s=`${e}${a}`;if(!r(s))continue;let p=n(s,"utf8").trim();p.length>0&&i.push(p)}return i}o(Z,"discoverSignatures");import{existsSync as _n,readFileSync as Un}from"fs";import{resolve as Ln}from"path";import{array as bn,boolean as xn,check as Et,forward as kt,literal as An,maxLength as Dn,minLength as In,nonEmpty as z,object as bt,optional as V,picklist as $n,pipe as K,safeParse as Fn,string as O,url as Tn}from"valibot";var Oe=K(O(),z("must not be empty")),Re=K(O(),z("must not be empty"),Dn(256,"must be 256 characters or fewer")),_e=K(O(),z("must not be empty"),Tn("must be a valid URL")),Ue=K(O(),z("must not be empty")),Le=K(O(),z("must not be empty")),On=K(bt({org:Ue,project:Le,baseUrl:_e,deployClientId:V(O(),""),deploySecretName:V(O(),""),published:V(xn(),!1),idpType:V($n(["cdf","entra_id"]),"cdf"),tenantId:V(O())}),kt(Et(e=>e.idpType!=="entra_id"||!!e.tenantId,'must be set when idpType is "entra_id"'),["tenantId"]),kt(Et(e=>!e.deployClientId||!!e.deploySecretName,"must be set when deployClientId is set"),["deploySecretName"])),Rn=bt({name:Oe,externalId:Re,versionTag:K(O(),z("must not be empty")),description:V(O(),""),deployments:K(bn(On),In(1,"must contain at least one deployment")),infra:V(An("appsApi"))});function Ke(e){let t=Fn(Rn,e);if(t.success)return t.output;let r=t.issues[0],n=r.path?.map(a=>a.key).join(".")??"",i=n?`"${n}" `:"";throw new Error(`app.json: ${i}${r.message}`)}o(Ke,"validateAppConfig");function E(e,t={}){let{validator:r=Ke,existsSync:n=_n,readFileSync:i=Un}=t,a=Ln(e,"app.json");if(!n(a))throw new Error("No app.json found in current directory. Make sure you're running this command from your app's root directory.");let s=i(a,"utf-8"),p;try{p=JSON.parse(s)}catch{throw new Error("Failed to parse app.json \u2014 check that it contains valid JSON.")}return r(p)}o(E,"loadAppConfig");import{CogniteClient as po}from"@cognite/sdk";import{CogniteClient as Vn}from"@cognite/sdk";var Kn=o(()=>{let e=process.env.DEPLOYMENT_SECRETS;if(!e)return{};try{let t=JSON.parse(e),r={};for(let[n,i]of Object.entries(t))if(typeof i=="string"){let a=n.toLowerCase().replace(/_/g,"-");r[a]=i}return r}catch(t){return console.error("Error parsing DEPLOYMENT_SECRETS:",t),{}}},"loadSecretsFromEnv"),jn=o(e=>{let t;if(process.env.DEPLOYMENT_SECRET&&(t=process.env.DEPLOYMENT_SECRET),t||(t=Kn()[e]),t||(t=process.env[e]),!t)throw new Error(`Secret not found in environment: ${e}`);return t},"getSecretFromEnv"),Nn=o(e=>{if(!e)return"";try{return new URL(e).hostname.replace(/\.cognitedata\.com$/,"")}catch{let t=e.replace(/^https?:\/\//,"");return t=t.split("/")[0],t=t.split(":")[0],t=t.replace(/\.cognitedata\.com$/,""),t}},"extractClusterFromUrl"),Mn=o(async(e,t)=>{let r=`Basic ${btoa(`${e}:${t}`)}`,n=await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:r,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})});if(!n.ok){let a=await n.text();throw new Error(`Failed to get token from CDF: ${n.status} ${n.statusText}
9
- ${a}`)}let i=await n.json();if(!i.access_token)throw new Error("No access token returned from CDF authentication");return i.access_token},"getTokenCdf"),Hn=o(async(e,t,r,n)=>{if(!n)throw new Error("Entra ID authentication requires 'baseUrl' to be set in deployment configuration");let i=Nn(n);if(!i)throw new Error(`Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${n}`);let a=`https://login.microsoftonline.com/${r}/oauth2/v2.0/token`,s=`https://${i}.cognitedata.com/.default`,p=await fetch(a,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:e,client_secret:t,scope:s,grant_type:"client_credentials"})});if(!p.ok){let l=await p.text();throw new Error(`Failed to get token from Entra ID: ${p.status} ${p.statusText}
10
- ${l}`)}let c=await p.json();if(!c.access_token)throw new Error("No access token returned from Entra ID authentication");return c.access_token},"getTokenEntra"),je=o(async(e,t=process.env)=>{if(t.COGNITE_TOKEN)return t.COGNITE_TOKEN;let{deployClientId:r,deploySecretName:n,idpType:i="cdf",tenantId:a,baseUrl:s}=e,p=jn(n);if(i==="entra_id"){if(!a)throw new Error("Entra ID authentication requires 'tenantId' in deployment configuration");return Hn(r,p,a,s)}return Mn(r,p)},"getToken");async function Q(e,t,r=process.env,n){let i=await je(e,r),a=r.COGNITE_BASE_URL??e.baseUrl,s=(n??(p=>new Vn(p)))({appId:t,project:e.project,baseUrl:a,oidcTokenProvider:o(async()=>i,"oidcTokenProvider")});return await s.authenticate(),s}o(Q,"getSdk");import Xn from"os";import Zn from"path";import Qn from"open";import{buildAuthorizationUrl as eo,calculatePKCECodeChallenge as to,discovery as ro,None as no,randomPKCECodeVerifier as oo,randomState as io}from"openid-client";import Bn from"https";import{authorizationCodeGrant as Gn}from"openid-client";function xt(e){return e.replace(/[&<>"']/g,t=>({"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;"})[t]??t)}o(xt,"escapeHtml");function Ne(e,t,r){let n=xt(t),i=xt(r);return`<html><body style="font-family: system-ui; padding: 40px; text-align: center;">
11
- <h1>${n}</h1><p>${i}</p><p>You can close this window.</p>${e==="success"?`<style>
7
+ `);try{await this.ensureApp(t,n,r),await this.uploadVersion(t,i,s,a),p&&await this.publishAndActivate(t,i),console.log(`
8
+ \u2705 Deployment successful!`)}catch(c){let l=c instanceof Error?c.message:String(c);throw Object.assign(new Error(`Deployment failed: ${l}`),{cause:c})}}};o(Re,"AppHostingClient");var b=Re;import Kr from"path";var kt=".cognite-bundles";function xt(e,t){return`${e}-${t}.zip`}o(xt,"bundleFileName");function V(e,t,n){return Kr.join(e,kt,xt(t,n))}o(V,"bundlePath");import{existsSync as Lr,readFileSync as jr}from"fs";var At=[".dev.sig",".cert.sig"];function Q(e,t={}){let n=t.existsSync??Lr,r=t.readFileSync??((s,a)=>jr(s,a)),i=[];for(let s of At){let a=`${e}${s}`;if(!n(a))continue;let p=r(a,"utf8").trim();p.length>0&&i.push(p)}return i}o(Q,"discoverSignatures");import{existsSync as Wr,readFileSync as Xr}from"fs";import{resolve as Zr}from"path";import{array as Nr,boolean as Mr,check as Dt,forward as It,literal as Vr,maxLength as Hr,minLength as Br,nonEmpty as W,object as $t,optional as H,picklist as Gr,pipe as j,safeParse as Jr,string as U,url as Yr}from"valibot";var Oe=j(U(),W("must not be empty")),_e=j(U(),W("must not be empty"),Hr(256,"must be 256 characters or fewer")),Ue=j(U(),W("must not be empty"),Yr("must be a valid URL")),Ke=j(U(),W("must not be empty")),Le=j(U(),W("must not be empty")),qr=j($t({org:Ke,project:Le,baseUrl:Ue,deployClientId:H(U(),""),deploySecretName:H(U(),""),published:H(Mr(),!1),idpType:H(Gr(["cdf","entra_id"]),"cdf"),tenantId:H(U())}),It(Dt(e=>e.idpType!=="entra_id"||!!e.tenantId,'must be set when idpType is "entra_id"'),["tenantId"]),It(Dt(e=>!e.deployClientId||!!e.deploySecretName,"must be set when deployClientId is set"),["deploySecretName"])),zr=$t({name:Oe,externalId:_e,versionTag:j(U(),W("must not be empty")),description:H(U(),""),deployments:j(Nr(qr),Br(1,"must contain at least one deployment")),infra:H(Vr("appsApi"))});function je(e){let t=Jr(zr,e);if(t.success)return t.output;let n=t.issues[0],r=n.path?.map(s=>s.key).join(".")??"",i=r?`"${r}" `:"";throw new Error(`app.json: ${i}${n.message}`)}o(je,"validateAppConfig");function w(e,t={}){let{validator:n=je,existsSync:r=Wr,readFileSync:i=Xr}=t,s=Zr(e,"app.json");if(!r(s))throw new Error("No app.json found in current directory. Make sure you're running this command from your app's root directory.");let a=i(s,"utf-8"),p;try{p=JSON.parse(a)}catch{throw new Error("Failed to parse app.json \u2014 check that it contains valid JSON.")}return n(p)}o(w,"loadAppConfig");import{CogniteClient as Po}from"@cognite/sdk";import{CogniteClient as oo}from"@cognite/sdk";var Qr=o(()=>{let e=process.env.DEPLOYMENT_SECRETS;if(!e)return{};try{let t=JSON.parse(e),n={};for(let[r,i]of Object.entries(t))if(typeof i=="string"){let s=r.toLowerCase().replace(/_/g,"-");n[s]=i}return n}catch(t){return console.error("Error parsing DEPLOYMENT_SECRETS:",t),{}}},"loadSecretsFromEnv"),eo=o(e=>{let t;if(process.env.DEPLOYMENT_SECRET&&(t=process.env.DEPLOYMENT_SECRET),t||(t=Qr()[e]),t||(t=process.env[e]),!t)throw new Error(`Secret not found in environment: ${e}`);return t},"getSecretFromEnv"),to=o(e=>{if(!e)return"";try{return new URL(e).hostname.replace(/\.cognitedata\.com$/,"")}catch{let t=e.replace(/^https?:\/\//,"");return t=t.split("/")[0],t=t.split(":")[0],t=t.replace(/\.cognitedata\.com$/,""),t}},"extractClusterFromUrl"),no=o(async(e,t)=>{let n=`Basic ${btoa(`${e}:${t}`)}`,r=await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:n,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})});if(!r.ok){let s=await r.text();throw new Error(`Failed to get token from CDF: ${r.status} ${r.statusText}
9
+ ${s}`)}let i=await r.json();if(!i.access_token)throw new Error("No access token returned from CDF authentication");return i.access_token},"getTokenCdf"),ro=o(async(e,t,n,r)=>{if(!r)throw new Error("Entra ID authentication requires 'baseUrl' to be set in deployment configuration");let i=to(r);if(!i)throw new Error(`Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${r}`);let s=`https://login.microsoftonline.com/${n}/oauth2/v2.0/token`,a=`https://${i}.cognitedata.com/.default`,p=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:e,client_secret:t,scope:a,grant_type:"client_credentials"})});if(!p.ok){let l=await p.text();throw new Error(`Failed to get token from Entra ID: ${p.status} ${p.statusText}
10
+ ${l}`)}let c=await p.json();if(!c.access_token)throw new Error("No access token returned from Entra ID authentication");return c.access_token},"getTokenEntra"),Ne=o(async(e,t=process.env)=>{if(t.COGNITE_TOKEN)return t.COGNITE_TOKEN;let{deployClientId:n,deploySecretName:r,idpType:i="cdf",tenantId:s,baseUrl:a}=e,p=eo(r);if(i==="entra_id"){if(!s)throw new Error("Entra ID authentication requires 'tenantId' in deployment configuration");return ro(n,p,s,a)}return no(n,p)},"getToken");async function ee(e,t,n=process.env,r){let i=await Ne(e,n),s=n.COGNITE_BASE_URL??e.baseUrl,a=(r??(p=>new oo(p)))({appId:t,project:e.project,baseUrl:s,oidcTokenProvider:o(async()=>i,"oidcTokenProvider")});return await a.authenticate(),a}o(ee,"getSdk");import mo from"os";import uo from"path";import go from"open";import{buildAuthorizationUrl as fo,calculatePKCECodeChallenge as yo,discovery as ho,None as So,randomPKCECodeVerifier as vo,randomState as wo}from"openid-client";import io from"https";import{authorizationCodeGrant as so}from"openid-client";function Ft(e){return e.replace(/[&<>"']/g,t=>({"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;"})[t]??t)}o(Ft,"escapeHtml");function Me(e,t,n){let r=Ft(t),i=Ft(n);return`<html><body style="font-family: system-ui; padding: 40px; text-align: center;">
11
+ <h1>${r}</h1><p>${i}</p><p>You can close this window.</p>${e==="success"?`<style>
12
12
  @keyframes checkmark {
13
13
  0% { transform: scale(0); }
14
14
  50% { transform: scale(1.2); }
@@ -16,29 +16,32 @@ ${l}`)}let c=await p.json();if(!c.access_token)throw new Error("No access token
16
16
  }
17
17
  h1 { animation: checkmark 0.5s ease-out; }
18
18
  </style>`:""}
19
- </body></html>`}o(Ne,"generateHtml");async function Jn(e,t,r,n,i,a){let s=new URL(e.url??"/",`https://${e.headers.host??"localhost"}`);if(s.pathname!=="/")return t.writeHead(404),t.end("Not found"),{shouldClose:!1};try{console.log("\u{1F504} Exchanging authorization code for tokens...");let p=await a.authorizationCodeGrant(r,s,{pkceCodeVerifier:n,expectedState:i});return t.writeHead(200,{"Content-Type":"text/html"}),t.end(Ne("success","Login Successful!","You can close this window and return to the terminal.")),{shouldClose:!0,tokens:p}}catch(p){let c=p instanceof Error?p:new Error(String(p));return t.writeHead(400,{"Content-Type":"text/html"}),t.end(Ne("error","Authentication Error",c.message)),{shouldClose:!0,error:c}}}o(Jn,"handleCallback");function Yn(e){let t=e/6e4,r=Math.round(t*10)/10;return`${r} ${r===1?"minute":"minutes"}`}o(Yn,"formatTimeoutMinutes");function At(e,t,r,n,i,a={createServer:Bn.createServer,setTimeout:globalThis.setTimeout,clearTimeout:globalThis.clearTimeout,authorizationCodeGrant:Gn}){return new Promise((s,p)=>{let c=a.createServer(t,async(m,g)=>{try{let u=await Jn(m,g,r,n,i,a);u.shouldClose&&(d(),u.error?p(u.error):u.tokens?s(u.tokens):p(new Error("No tokens received")))}catch(u){d(),p(u instanceof Error?u:new Error(String(u)))}}),l=a.setTimeout(()=>{d(),p(new Error(`Login timeout - no response received within ${Yn(e.loginTimeout)}`))},e.loginTimeout);function d(){a.clearTimeout(l),c.close()}o(d,"cleanup"),c.on("error",m=>{d(),m.code==="EADDRINUSE"?console.error(`\u274C Port ${e.port} is already in use.`):console.error(`\u274C Server error: ${m.message}`),p(m)}),c.listen(e.port,"127.0.0.1",()=>{console.log(`\u{1F310} Local HTTPS server started on https://localhost:${e.port}`)})})}o(At,"startCallbackServer");import{mkdirSync as qn}from"fs";import{loadLocalCertificates as zn}from"@cognite/app-sdk/https";var Wn={loadLocalCertificates:zn,mkdirSync:qn,logger:console};async function Dt(e,t=Wn){t.mkdirSync(e,{recursive:!0});let{cert:r,key:n,source:i}=await t.loadLocalCertificates({certDir:e});return i==="mkcert"?t.logger.log("\u{1F510} Using mkcert certificates for HTTPS"):(t.logger.log("\u{1F510} Using in-memory self-signed certificate for HTTPS \u2014 your browser will warn."),t.logger.log(" Run `npx @cognite/cli@latest apps setup-https` to install trusted local certs.")),{cert:r,key:n}}o(Dt,"getOrCreateCertificates");var so={authority:"https://auth.cognite.com",clientId:"0404baaa-0a90-43a2-aba7-a110b53fb41c",redirectUri:"https://localhost:3000/",port:3e3,loginTimeout:300*1e3,certDir:Zn.join(Xn.homedir(),".cdf-login")},ao={open:Qn,getOrCreateCertificates:Dt,startCallbackServer:At,discovery:ro,buildAuthorizationUrl:eo,randomPKCECodeVerifier:oo,calculatePKCECodeChallenge:to,randomState:io,logger:console};async function $t(e,t=so,r){return r===void 0?It(e,t,ao):It(e,t,r)}o($t,"login");async function It(e,t,r){r.logger.log(`\u{1F510} Starting CDF login flow...
20
- `),r.logger.log(`\u{1F4E1} Fetching OpenID configuration from ${t.authority}...`);let n=await r.discovery(new URL(t.authority),t.clientId,void 0,no()),i=r.randomPKCECodeVerifier(),a=await r.calculatePKCECodeChallenge(i),s=r.randomState(),p={redirect_uri:t.redirectUri,scope:"openid profile email",code_challenge:a,code_challenge_method:"S256",state:s};e&&(p.organization_hint=e);let c=r.buildAuthorizationUrl(n,p).toString(),l=await r.getOrCreateCertificates(t.certDir);e&&r.logger.log(`\u{1F3E2} Organization: ${e}`),r.logger.log(`\u{1F680} Opening browser for authentication...
21
- `);try{await r.open(c)}catch(d){let m=d instanceof Error?d.message:String(d);r.logger.error("\u274C Failed to open browser automatically."),r.logger.error(` Reason: ${m}`),r.logger.error(`Please open this URL manually:
22
- `),r.logger.error(c),r.logger.error("")}return r.startCallbackServer(t,l,n,i,s)}o(It,"loginImpl");async function A(e,t,r={}){let{login:n=$t,getSdk:i=Q,createClient:a=o(s=>new po(s),"createClient")}=r;if(t.interactive){let s=t.orgHint||e.org||void 0,p=await n(s),c=a({appId:t.appId,project:e.project,baseUrl:e.baseUrl,getToken:o(async()=>p.access_token,"getToken")});return await c.authenticate(),c}return i(e,t.appId)}o(A,"getClientForDeployment");import Ft from"enquirer";var Tt="Enter custom target...";function Ot(e,t){let r=t.map((n,i)=>` ${i}: ${n.org}/${n.project}`).join(`
19
+ </body></html>`}o(Me,"generateHtml");async function ao(e,t,n,r,i,s){let a=new URL(e.url??"/",`https://${e.headers.host??"localhost"}`);if(a.pathname!=="/")return t.writeHead(404),t.end("Not found"),{shouldClose:!1};try{console.log("\u{1F504} Exchanging authorization code for tokens...");let p=await s.authorizationCodeGrant(n,a,{pkceCodeVerifier:r,expectedState:i});return t.writeHead(200,{"Content-Type":"text/html"}),t.end(Me("success","Login Successful!","You can close this window and return to the terminal.")),{shouldClose:!0,tokens:p}}catch(p){let c=p instanceof Error?p:new Error(String(p));return t.writeHead(400,{"Content-Type":"text/html"}),t.end(Me("error","Authentication Error",c.message)),{shouldClose:!0,error:c}}}o(ao,"handleCallback");function po(e){let t=e/6e4,n=Math.round(t*10)/10;return`${n} ${n===1?"minute":"minutes"}`}o(po,"formatTimeoutMinutes");function Tt(e,t,n,r,i,s={createServer:io.createServer,setTimeout:globalThis.setTimeout,clearTimeout:globalThis.clearTimeout,authorizationCodeGrant:so}){return new Promise((a,p)=>{let c=s.createServer(t,async(m,u)=>{try{let g=await ao(m,u,n,r,i,s);g.shouldClose&&(d(),g.error?p(g.error):g.tokens?a(g.tokens):p(new Error("No tokens received")))}catch(g){d(),p(g instanceof Error?g:new Error(String(g)))}}),l=s.setTimeout(()=>{d(),p(new Error(`Login timeout - no response received within ${po(e.loginTimeout)}`))},e.loginTimeout);function d(){s.clearTimeout(l),c.close()}o(d,"cleanup"),c.on("error",m=>{d(),m.code==="EADDRINUSE"?console.error(`\u274C Port ${e.port} is already in use.`):console.error(`\u274C Server error: ${m.message}`),p(m)}),c.listen(e.port,"127.0.0.1",()=>{console.log(`\u{1F310} Local HTTPS server started on https://localhost:${e.port}`)})})}o(Tt,"startCallbackServer");import{execFileSync as co}from"child_process";import Ve from"fs";import Rt from"path";function Ot(e,t,n){return{key:n.readFileSync(e),cert:n.readFileSync(t)}}o(Ot,"loadCertificates");function lo(e,t,n,r){console.log("\u{1F510} Generating self-signed certificate for HTTPS..."),r.existsSync(e)||r.mkdirSync(e,{recursive:!0});try{return r.execFileSync("openssl",["req","-x509","-newkey","rsa:2048","-nodes","-sha256","-subj","/CN=localhost","-keyout",t,"-out",n,"-days","365"],{stdio:["ignore","pipe","ignore"]}),console.log("\u2705 Certificate generated and saved locally"),Ot(t,n,r)}catch{throw new Error(`Failed to generate self-signed certificate. Make sure openssl is installed.
20
+ On macOS: openssl is pre-installed
21
+ On Linux: sudo apt-get install openssl
22
+ On Windows: Install OpenSSL or use WSL`)}}o(lo,"generateCertificate");function _t(e,t={existsSync:Ve.existsSync,readFileSync:o(n=>Ve.readFileSync(n),"readFileSync"),mkdirSync:o((n,r)=>{Ve.mkdirSync(n,r)},"mkdirSync"),execFileSync:co}){let n=Rt.join(e,"localhost-key.pem"),r=Rt.join(e,"localhost-cert.pem");return t.existsSync(n)&&t.existsSync(r)?Ot(n,r,t):lo(e,n,r,t)}o(_t,"getOrCreateCertificates");var Co={authority:"https://auth.cognite.com",clientId:"0404baaa-0a90-43a2-aba7-a110b53fb41c",redirectUri:"https://localhost:3000/",port:3e3,loginTimeout:300*1e3,certDir:uo.join(mo.homedir(),".cdf-login")},Eo={open:go,getOrCreateCertificates:_t,startCallbackServer:Tt,discovery:ho,buildAuthorizationUrl:fo,randomPKCECodeVerifier:vo,calculatePKCECodeChallenge:yo,randomState:wo,logger:console};async function Kt(e,t=Co,n){return n===void 0?Ut(e,t,Eo):Ut(e,t,n)}o(Kt,"login");async function Ut(e,t,n){n.logger.log(`\u{1F510} Starting CDF login flow...
23
+ `),n.logger.log(`\u{1F4E1} Fetching OpenID configuration from ${t.authority}...`);let r=await n.discovery(new URL(t.authority),t.clientId,void 0,So()),i=n.randomPKCECodeVerifier(),s=await n.calculatePKCECodeChallenge(i),a=n.randomState(),p={redirect_uri:t.redirectUri,scope:"openid profile email",code_challenge:s,code_challenge_method:"S256",state:a};e&&(p.organization_hint=e);let c=n.buildAuthorizationUrl(r,p).toString(),l=n.getOrCreateCertificates(t.certDir);e&&n.logger.log(`\u{1F3E2} Organization: ${e}`),n.logger.log(`\u{1F680} Opening browser for authentication...
24
+ `);try{await n.open(c)}catch(d){let m=d instanceof Error?d.message:String(d);n.logger.error("\u274C Failed to open browser automatically."),n.logger.error(` Reason: ${m}`),n.logger.error(`Please open this URL manually:
25
+ `),n.logger.error(c),n.logger.error("")}return n.startCallbackServer(t,l,r,i,a)}o(Ut,"loginImpl");async function A(e,t,n={}){let{login:r=Kt,getSdk:i=ee,createClient:s=o(a=>new Po(a),"createClient")}=n;if(t.interactive){let a=t.orgHint||e.org||void 0,p=await r(a),c=s({appId:t.appId,project:e.project,baseUrl:e.baseUrl,getToken:o(async()=>p.access_token,"getToken")});return await c.authenticate(),c}return i(e,t.appId)}o(A,"getClientForDeployment");import Lt from"enquirer";var jt="Enter custom target...";function Nt(e,t){let n=t.map((r,i)=>` ${i}: ${r.org}/${r.project}`).join(`
23
26
  `);throw new Error(`Deployment "${e}" not found. Available deployments:
24
- ${r}`)}o(Ot,"deploymentNotFoundError");function b(e,t){if(e.length===0)throw new Error("No deployments configured in app.json");if(t===void 0)return e[0];if(/^\d+$/.test(t)){let n=e[Number.parseInt(t)];if(n)return n;Ot(t,e)}let r=e.find(n=>n.project===t||`${n.org}/${n.project}`===t);if(r)return r;Ot(t,e)}o(b,"findDeployment");function D(e){let t=[];return e.deployClientId||t.push("deployClientId"),e.deploySecretName||t.push("deploySecretName"),t}o(D,"getMissingCredentials");async function I(e,t){if(t.baseUrl&&t.project)return{org:t.org??"",project:t.project,baseUrl:t.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"};if(t.deployment!==void 0)return b(e.deployments,t.deployment);let r=[...e.deployments.map(a=>`${a.org}/${a.project}`),Tt],{selected:n}=await Ft.prompt({type:"select",name:"selected",message:"Select deployment target",choices:r});if(n!==Tt){let a=e.deployments.find(s=>`${s.org}/${s.project}`===n);if(a)return a;throw new Error(`Deployment "${n}" could not be resolved from app.json.`)}let i=await Ft.prompt([{type:"input",name:"baseUrl",message:"CDF Base URL",initial:"https://api.cognitedata.com"},{type:"input",name:"project",message:"CDF Project",validate:o(a=>a?!0:"Project is required","validate")},{type:"input",name:"org",message:"Organization (for login hint)",initial:""}]);return{org:i.org||"",project:i.project,baseUrl:i.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"}}o(I,"resolveDeployment");import{existsSync as Ho,readFileSync as Vo}from"fs";import{execFile as lo}from"child_process";import{promisify as mo}from"util";import{platform as co}from"os";function B(e,t={}){let{platform:r=co}=t;switch(r()){case"darwin":return e==="macos";case"win32":return e==="windows";default:return e==="other"}}o(B,"isOS");var _t="cognite-flows",uo=mo(lo),Ut=o((e,t)=>uo(e,t),"defaultExecFile"),go=-25300,fo=go&255;function yo(e){if(!(e instanceof Error)||!("code"in e)||e.code!==fo)return!1;let t="stderr"in e?String(e.stderr):"";return/could not be found/i.test(t)||t===""}o(yo,"isKeychainNotFoundError");async function Lt(e,t,r={}){if(!B("macos",r))throw new Error("Keychain storage is only supported on macOS");let{execFile:n=Ut}=r;await n("security",["add-generic-password","-a",e,"-s",_t,"-w",Buffer.from(t,"utf-8").toString("base64"),"-U"])}o(Lt,"storeKeyInKeychain");async function me(e,t={}){if(!B("macos",t))return null;let{execFile:r=Ut}=t;try{let{stdout:n}=await r("security",["find-generic-password","-a",e,"-s",_t,"-w"]);return Buffer.from(n.trim(),"base64").toString("utf-8")}catch(n){if(yo(n))return null;throw n}}o(me,"readKeyFromKeychain");import{pbkdf2 as wo,randomBytes as vo}from"crypto";import{promisify as Co}from"util";import{CompactEncrypt as Po,base64url as Kt,compactDecrypt as Eo}from"jose";var ho=new TextEncoder,So=new TextDecoder,Me={encode:o(e=>ho.encode(e),"encode"),decode:o(e=>So.decode(e),"decode")};var ko=Co(wo),Be=6e5,bo="sha512",He="PBKDF2-HMAC-SHA512",Ve=16,ue="A256GCM",xo=32,ge=2e6;async function jt(e,t,r){return await ko(e,t,r,xo,bo)}o(jt,"deriveKey");async function Nt(e,t,r=Be){if(!Number.isInteger(r)||r<1||r>ge)throw new Error(`Invalid iterations: must be an integer between 1 and ${ge}`);let n=vo(Ve),i=await jt(t,n,r);return await new Po(Me.encode(e)).setProtectedHeader({alg:"dir",enc:ue,kdf:He,kdf_iter:r,kdf_salt:Kt.encode(n)}).encrypt(i)}o(Nt,"encryptStringAsJwe");async function Mt(e,t){let{plaintext:r}=await Eo(e,async n=>{if(!e.length)throw new Error("Unexpected JWE empty value");if(t.length<15)throw new Error(`Invalid passphrase it should be at least ${15} but got ${t.length}`);if(n.alg!=="dir")throw new Error(`Unexpected JWE alg "${String(n.alg)}"; only "dir" is supported`);if(n.enc!==ue)throw new Error(`Unexpected JWE enc "${String(n.enc)}"; only "${ue}" is supported`);if(n.kdf!==He)throw new Error(`Unexpected KDF "${String(n.kdf)}"; only "${He}" is supported`);let i=Number(n.kdf_iter);if(!Number.isInteger(i)||i<1||i>ge)throw new Error(`Invalid kdf_iter in JWE header: must be an integer between 1 and ${ge}`);if(typeof n.kdf_salt!="string")throw new Error("Missing kdf_salt in JWE header");let a=Kt.decode(n.kdf_salt);if(a.length!==Ve)throw new Error(`Invalid kdf_salt length in JWE header: expected ${Ve} bytes, got ${a.length}`);return await jt(t,a,i)},{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:[ue]});return Me.decode(r)}o(Mt,"decryptJweAsString");function Ao(e){let t=e.trim();return t.startsWith("eyJ")&&t.split(".").length===5}o(Ao,"isJweCompact");var Ht=Ao;import{existsSync as Io,readdirSync as $o,readFileSync as Fo}from"fs";import{join as Ge}from"path";import{homedir as Do}from"os";import{join as Vt}from"path";function F(e={}){let{env:t=process.env,homedir:r=Do}=e,n=t.COGNITE_CLI_HOME?.trim()||Vt(r(),".cognite-cli");return{home:n,keysDir:Vt(n,"keys")}}o(F,"getConfig");var ee=".pub.pem",Je=".key.jwe",Ye=".meta.json";function fe(e){switch(e.kind){case"keychain":return"Keychain";case"encrypted-file":return e.path;case"public-only":return"public-only (private key missing)"}}o(fe,"formatLocalKeySource");function To(e){return{existsSync:e.existsSync??Io,readdirSync:e.readdirSync??$o,readFileSync:e.readFileSync??((t,r)=>Fo(t,r)),isOS:e.isOS??(t=>B(t)),readKeyFromKeychain:e.readKeyFromKeychain??(t=>me(t))}}o(To,"resolveDeps");function Oo(e){try{let t=JSON.parse(e);if(typeof t=="object"&&t!==null&&!Array.isArray(t)&&"email"in t&&typeof t.email=="string")return t.email}catch{}}o(Oo,"readEmailFromMeta");function Ro(e,t){return t.existsSync(e)?t.readdirSync(e).filter(r=>r.endsWith(ee)):[]}o(Ro,"publicKeyEntries");function _o(e){return e.slice(0,-ee.length)}o(_o,"kidFromPublicKeyFilename");async function Uo(e,t,r){if(r.isOS("macos")&&await r.readKeyFromKeychain(e).catch(()=>null)!==null)return{kind:"keychain"};let n=Ge(t,`${e}${Je}`);return r.existsSync(n)?{kind:"encrypted-file",path:n}:{kind:"public-only"}}o(Uo,"resolveSource");async function ye(e=F().keysDir,t={}){let r=To(t),n=new Set,i=Ro(e,r).flatMap(a=>{let s=_o(a);return!s||n.has(s)?[]:(n.add(s),[{kid:s,entry:a}])});return Promise.all(i.map(async({kid:a,entry:s})=>{let p=await Uo(a,e,r),c=Ge(e,`${a}${Ye}`),l;try{l=Oo(r.readFileSync(c,"utf8"))}catch{}return{kid:a,source:p,publicKeyPath:Ge(e,s),email:l}}))}o(ye,"discoverLocalKeys");import Lo from"enquirer";async function Ko(e){return Lo.prompt(e)}o(Ko,"defaultPrompt");async function Bt(e,t={}){let{prompt:r=Ko}=t,{passphrase:n}=await r({type:"password",name:"passphrase",message:e});return n}o(Bt,"promptPassphrase");import No from"enquirer";import{statSync as jo}from"fs";function Gt(e,t=jo){return e.map(r=>({key:r,mtime:t(r.publicKeyPath).mtimeMs})).sort((r,n)=>n.mtime-r.mtime).map(({key:r})=>r)}o(Gt,"sortByMtime");async function Mo(e){return No.prompt(e)}o(Mo,"defaultPrompt");async function Jt(e,t={}){if(e.length===1)return e[0];let{prompt:r=Mo,sortByMtime:n=Gt}=t,i=n(e),a=i[0],{choice:s}=await r({type:"select",name:"choice",message:"Select signing identity",choices:[{name:"latest",message:`Use latest: ${a.kid}`},{name:"pick",message:"Pick from list"}]});if(s==="latest")return a;if(s==="pick"){let{kid:p}=await r({type:"select",name:"kid",message:"Select signing identity",choices:i.map(l=>({name:l.kid,message:[l.kid,l.email,fe(l.source)].filter(Boolean).join(" \u2014 ")}))}),c=i.find(l=>l.kid===p);if(!c)throw new Error("No signing identity selected");return c}else throw new Error(`Unexpected choice: "${s}"`)}o(Jt,"promptSigningIdentity");function Bo(e){return{existsSync:e.existsSync??Ho,readFileSync:e.readFileSync??((t,r)=>Vo(t,r)),readKeyFromKeychain:e.readKeyFromKeychain??me,decryptJweAsString:e.decryptJweAsString??Mt,discoverLocalKeys:e.discoverLocalKeys??ye,keysDir:e.keysDir??F().keysDir,promptPassphrase:e.promptPassphrase??Bt,promptSigningIdentity:e.promptSigningIdentity??Jt}}o(Bo,"resolveDeps");async function Yt(e,t={}){let r=Bo(t);if(e.keyPath){if(!r.existsSync(e.keyPath))throw new Error(`Key file not found: ${e.keyPath}`);if(!e.kid)throw new Error("--signing-identity <kid> is required when using --key");let a=r.readFileSync(e.keyPath,"utf-8").trim();if(Ht(a)){let s=await r.promptPassphrase(`Passphrase for key ${e.kid}: `);return{privateKeyPem:await r.decryptJweAsString(a,s),kid:e.kid}}return{privateKeyPem:a,kid:e.kid}}let n=await r.discoverLocalKeys(r.keysDir);if(n.length===0)throw new Error("No signing keys found. Run `cognite keys generate` or pass --key.");let i=e.kid?n.find(a=>a.kid===e.kid):await r.promptSigningIdentity(n);if(!i)throw new Error(`No key found with kid "${e.kid}"`);switch(i.source.kind){case"keychain":{let a=await r.readKeyFromKeychain(i.kid);if(!a)throw new Error(`Key "${i.kid}" not found in Keychain`);return{privateKeyPem:a,kid:i.kid}}case"encrypted-file":{let a=await r.promptPassphrase(`Passphrase for key ${i.kid}: `);return{privateKeyPem:await r.decryptJweAsString(r.readFileSync(i.source.path,"utf-8"),a),kid:i.kid}}case"public-only":throw new Error(`Key "${i.kid}" has no private key on this machine (public-only).`)}}o(Yt,"resolvePrivateKey");var ri=o(async(e,t,r,n,i)=>{let a=await A(e,{interactive:i.interactive??!1,appId:t,orgHint:i.org});await new P(a).submitSignatures(t,r,n)},"defaultSubmitSignatures");function ni(e){let t=Go(e);return new ReadableStream({start(r){t.on("data",n=>{let i=typeof n=="string"?Buffer.from(n):n;r.enqueue(new Uint8Array(i))}),t.on("end",()=>r.close()),t.on("error",n=>r.error(n))},cancel(){t.destroy()}})}o(ni,"createWebStreamFromFile");function oi(e){return{existsSync:e.existsSync??Jo,readFileSync:e.readFileSync??((t,r)=>Yo(t,r)),writeFileSync:e.writeFileSync??qo,createBundleStream:e.createBundleStream??ni,signBundle:e.signBundle??ei,hashDevSignature:e.hashDevSignature??Zo,parseScope:e.parseScope??Qo,validateScopes:e.validateScopes??ti,loadAppConfig:e.loadAppConfig??E,resolvePrivateKey:e.resolvePrivateKey??(t=>Yt(t)),submitSignatures:e.submitSignatures??ri,discoverSignatures:e.discoverSignatures??Z}}o(oi,"resolveDeps");async function qt(e,t,r={},n=process.cwd()){let i=oi(r),a=t.appid,s=t.appVersion,p=[],c=i.loadAppConfig(n);if(a=a??c.externalId,s=s??c.versionTag,t.scope&&t.scope.length>0?p=t.scope.map(i.parseScope):p=c.deployments.map(y=>({org:y.org,project:y.project})),!a)throw new Error("--appid is required (or set externalId in app.json)");if(!s)throw new Error("--app-version is required (or set versionTag in app.json)");let l=e?he(n,e):H(n,a,s);if(!i.existsSync(l)){let y=e?"":" (default derived from app.json \u2014 pass [bundle] explicitly to override, or run `cognite apps deploy` first to populate .cognite-bundles/)";throw new Error(`Bundle not found: ${l}${y}`)}let d=i.validateScopes(p);if(d.length>0)throw new Error(`Invalid scopes:
27
+ ${n}`)}o(Nt,"deploymentNotFoundError");function x(e,t){if(e.length===0)throw new Error("No deployments configured in app.json");if(t===void 0)return e[0];if(/^\d+$/.test(t)){let r=e[Number.parseInt(t)];if(r)return r;Nt(t,e)}let n=e.find(r=>r.project===t||`${r.org}/${r.project}`===t);if(n)return n;Nt(t,e)}o(x,"findDeployment");function D(e){let t=[];return e.deployClientId||t.push("deployClientId"),e.deploySecretName||t.push("deploySecretName"),t}o(D,"getMissingCredentials");async function I(e,t){if(t.baseUrl&&t.project)return{org:t.org??"",project:t.project,baseUrl:t.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"};if(t.deployment!==void 0)return x(e.deployments,t.deployment);let n=[...e.deployments.map(s=>`${s.org}/${s.project}`),jt],{selected:r}=await Lt.prompt({type:"select",name:"selected",message:"Select deployment target",choices:n});if(r!==jt){let s=e.deployments.find(a=>`${a.org}/${a.project}`===r);if(s)return s;throw new Error(`Deployment "${r}" could not be resolved from app.json.`)}let i=await Lt.prompt([{type:"input",name:"baseUrl",message:"CDF Base URL",initial:"https://api.cognitedata.com"},{type:"input",name:"project",message:"CDF Project",validate:o(s=>s?!0:"Project is required","validate")},{type:"input",name:"org",message:"Organization (for login hint)",initial:""}]);return{org:i.org||"",project:i.project,baseUrl:i.baseUrl,deployClientId:"",deploySecretName:"",published:!1,idpType:"cdf"}}o(I,"resolveDeployment");import{existsSync as ni,readFileSync as ri}from"fs";import{execFile as ko}from"child_process";import{promisify as xo}from"util";import{execFileSync as Mt}from"child_process";import{platform as He}from"os";import bo from"path";function B(e,t={}){let{platform:n=He}=t;switch(n()){case"darwin":return e==="macos";case"win32":return e==="windows";default:return e==="other"}}o(B,"isOS");function Vt(e,t={}){let{exec:n=Mt,platform:r=He}=t;try{let i=r();i==="darwin"?n("open",[e]):i==="win32"?n("cmd",["/c","start","",e]):n("xdg-open",[e])}catch{}}o(Vt,"openInBrowser");function Ht(e,t={}){let{exec:n=Mt,platform:r=He}=t;try{let i=r();i==="darwin"?n("open",["-R",e]):i==="win32"?n("explorer",[`/select,${e}`]):n("xdg-open",[bo.dirname(e)])}catch{}}o(Ht,"revealInFileManager");var Gt="cognite-flows",Ao=xo(ko),Jt=o((e,t)=>Ao(e,t),"defaultExecFile"),Do=-25300,Io=Do&255;function $o(e){if(!(e instanceof Error)||!("code"in e)||e.code!==Io)return!1;let t="stderr"in e?String(e.stderr):"";return/could not be found/i.test(t)||t===""}o($o,"isKeychainNotFoundError");async function Yt(e,t,n={}){if(!B("macos",n))throw new Error("Keychain storage is only supported on macOS");let{execFile:r=Jt}=n;await r("security",["add-generic-password","-a",e,"-s",Gt,"-w",Buffer.from(t,"utf-8").toString("base64"),"-U"])}o(Yt,"storeKeyInKeychain");async function ge(e,t={}){if(!B("macos",t))return null;let{execFile:n=Jt}=t;try{let{stdout:r}=await n("security",["find-generic-password","-a",e,"-s",Gt,"-w"]);return Buffer.from(r.trim(),"base64").toString("utf-8")}catch(r){if($o(r))return null;throw r}}o(ge,"readKeyFromKeychain");import{pbkdf2 as Ro,randomBytes as Oo}from"crypto";import{promisify as _o}from"util";import{CompactEncrypt as Uo,base64url as qt,compactDecrypt as Ko}from"jose";var Fo=new TextEncoder,To=new TextDecoder,Be={encode:o(e=>Fo.encode(e),"encode"),decode:o(e=>To.decode(e),"decode")};var Lo=_o(Ro),Ye=6e5,jo="sha512",Ge="PBKDF2-HMAC-SHA512",Je=16,fe="A256GCM",No=32,ye=2e6;async function zt(e,t,n){return await Lo(e,t,n,No,jo)}o(zt,"deriveKey");async function Wt(e,t,n=Ye){if(!Number.isInteger(n)||n<1||n>ye)throw new Error(`Invalid iterations: must be an integer between 1 and ${ye}`);let r=Oo(Je),i=await zt(t,r,n);return await new Uo(Be.encode(e)).setProtectedHeader({alg:"dir",enc:fe,kdf:Ge,kdf_iter:n,kdf_salt:qt.encode(r)}).encrypt(i)}o(Wt,"encryptStringAsJwe");async function Xt(e,t){let{plaintext:n}=await Ko(e,async r=>{if(!e.length)throw new Error("Unexpected JWE empty value");if(t.length<15)throw new Error(`Invalid passphrase it should be at least ${15} but got ${t.length}`);if(r.alg!=="dir")throw new Error(`Unexpected JWE alg "${String(r.alg)}"; only "dir" is supported`);if(r.enc!==fe)throw new Error(`Unexpected JWE enc "${String(r.enc)}"; only "${fe}" is supported`);if(r.kdf!==Ge)throw new Error(`Unexpected KDF "${String(r.kdf)}"; only "${Ge}" is supported`);let i=Number(r.kdf_iter);if(!Number.isInteger(i)||i<1||i>ye)throw new Error(`Invalid kdf_iter in JWE header: must be an integer between 1 and ${ye}`);if(typeof r.kdf_salt!="string")throw new Error("Missing kdf_salt in JWE header");let s=qt.decode(r.kdf_salt);if(s.length!==Je)throw new Error(`Invalid kdf_salt length in JWE header: expected ${Je} bytes, got ${s.length}`);return await zt(t,s,i)},{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:[fe]});return Be.decode(n)}o(Xt,"decryptJweAsString");function Mo(e){let t=e.trim();return t.startsWith("eyJ")&&t.split(".").length===5}o(Mo,"isJweCompact");var Zt=Mo;import{existsSync as Ho,readdirSync as Bo,readFileSync as Go}from"fs";import{join as qe}from"path";import{homedir as Vo}from"os";import{join as Qt}from"path";function R(e={}){let{env:t=process.env,homedir:n=Vo}=e,r=t.COGNITE_CLI_HOME?.trim()||Qt(n(),".cognite-cli");return{home:r,keysDir:Qt(r,"keys")}}o(R,"getConfig");var te=".pub.pem",ze=".key.jwe",We=".meta.json";function he(e){switch(e.kind){case"keychain":return"Keychain";case"encrypted-file":return e.path;case"public-only":return"public-only (private key missing)"}}o(he,"formatLocalKeySource");function Jo(e){return{existsSync:e.existsSync??Ho,readdirSync:e.readdirSync??Bo,readFileSync:e.readFileSync??((t,n)=>Go(t,n)),isOS:e.isOS??(t=>B(t)),readKeyFromKeychain:e.readKeyFromKeychain??(t=>ge(t))}}o(Jo,"resolveDeps");function Yo(e){try{let t=JSON.parse(e);if(typeof t=="object"&&t!==null&&!Array.isArray(t)&&"email"in t&&typeof t.email=="string")return t.email}catch{}}o(Yo,"readEmailFromMeta");function qo(e,t){return t.existsSync(e)?t.readdirSync(e).filter(n=>n.endsWith(te)):[]}o(qo,"publicKeyEntries");function zo(e){return e.slice(0,-te.length)}o(zo,"kidFromPublicKeyFilename");async function Wo(e,t,n){if(n.isOS("macos")&&await n.readKeyFromKeychain(e).catch(()=>null)!==null)return{kind:"keychain"};let r=qe(t,`${e}${ze}`);return n.existsSync(r)?{kind:"encrypted-file",path:r}:{kind:"public-only"}}o(Wo,"resolveSource");async function Se(e=R().keysDir,t={}){let n=Jo(t),r=new Set,i=qo(e,n).flatMap(s=>{let a=zo(s);return!a||r.has(a)?[]:(r.add(a),[{kid:a,entry:s}])});return Promise.all(i.map(async({kid:s,entry:a})=>{let p=await Wo(s,e,n),c=qe(e,`${s}${We}`),l;try{l=Yo(n.readFileSync(c,"utf8"))}catch{}return{kid:s,source:p,publicKeyPath:qe(e,a),email:l}}))}o(Se,"discoverLocalKeys");import Xo from"enquirer";async function Zo(e){return Xo.prompt(e)}o(Zo,"defaultPrompt");async function en(e,t={}){let{prompt:n=Zo}=t,{passphrase:r}=await n({type:"password",name:"passphrase",message:e});return r}o(en,"promptPassphrase");import ei from"enquirer";import{statSync as Qo}from"fs";function tn(e,t=Qo){return e.map(n=>({key:n,mtime:t(n.publicKeyPath).mtimeMs})).sort((n,r)=>r.mtime-n.mtime).map(({key:n})=>n)}o(tn,"sortByMtime");async function ti(e){return ei.prompt(e)}o(ti,"defaultPrompt");async function nn(e,t={}){if(e.length===1)return e[0];let{prompt:n=ti,sortByMtime:r=tn}=t,i=r(e),s=i[0],{choice:a}=await n({type:"select",name:"choice",message:"Select signing identity",choices:[{name:"latest",message:`Use latest: ${s.kid}`},{name:"pick",message:"Pick from list"}]});if(a==="latest")return s;if(a==="pick"){let{kid:p}=await n({type:"select",name:"kid",message:"Select signing identity",choices:i.map(l=>({name:l.kid,message:[l.kid,l.email,he(l.source)].filter(Boolean).join(" \u2014 ")}))}),c=i.find(l=>l.kid===p);if(!c)throw new Error("No signing identity selected");return c}else throw new Error(`Unexpected choice: "${a}"`)}o(nn,"promptSigningIdentity");function oi(e){return{existsSync:e.existsSync??ni,readFileSync:e.readFileSync??((t,n)=>ri(t,n)),readKeyFromKeychain:e.readKeyFromKeychain??ge,decryptJweAsString:e.decryptJweAsString??Xt,discoverLocalKeys:e.discoverLocalKeys??Se,keysDir:e.keysDir??R().keysDir,promptPassphrase:e.promptPassphrase??en,promptSigningIdentity:e.promptSigningIdentity??nn}}o(oi,"resolveDeps");async function rn(e,t={}){let n=oi(t);if(e.keyPath){if(!n.existsSync(e.keyPath))throw new Error(`Key file not found: ${e.keyPath}`);if(!e.kid)throw new Error("--signing-identity <kid> is required when using --key");let s=n.readFileSync(e.keyPath,"utf-8").trim();if(Zt(s)){let a=await n.promptPassphrase(`Passphrase for key ${e.kid}: `);return{privateKeyPem:await n.decryptJweAsString(s,a),kid:e.kid}}return{privateKeyPem:s,kid:e.kid}}let r=await n.discoverLocalKeys(n.keysDir);if(r.length===0)throw new Error("No signing keys found. Run `cognite keys generate` or pass --key.");let i=e.kid?r.find(s=>s.kid===e.kid):await n.promptSigningIdentity(r);if(!i)throw new Error(`No key found with kid "${e.kid}"`);switch(i.source.kind){case"keychain":{let s=await n.readKeyFromKeychain(i.kid);if(!s)throw new Error(`Key "${i.kid}" not found in Keychain`);return{privateKeyPem:s,kid:i.kid}}case"encrypted-file":{let s=await n.promptPassphrase(`Passphrase for key ${i.kid}: `);return{privateKeyPem:await n.decryptJweAsString(n.readFileSync(i.source.path,"utf-8"),s),kid:i.kid}}case"public-only":throw new Error(`Key "${i.kid}" has no private key on this machine (public-only).`)}}o(rn,"resolvePrivateKey");var yi=o(async(e,t,n,r,i)=>{let s=await A(e,{interactive:i.interactive??!1,appId:t,orgHint:i.org});await new b(s).submitSignatures(t,n,r)},"defaultSubmitSignatures");function hi(e){let t=ii(e);return new ReadableStream({start(n){t.on("data",r=>n.enqueue(new Uint8Array(r))),t.on("end",()=>n.close()),t.on("error",r=>n.error(r))},cancel(){t.destroy()}})}o(hi,"createWebStreamFromFile");function Si(e){return{existsSync:e.existsSync??si,readFileSync:e.readFileSync??((t,n)=>ai(t,n)),writeFileSync:e.writeFileSync??pi,createBundleStream:e.createBundleStream??hi,signBundle:e.signBundle??gi,hashDevSignature:e.hashDevSignature??mi,parseScope:e.parseScope??ui,validateScopes:e.validateScopes??fi,loadAppConfig:e.loadAppConfig??w,resolvePrivateKey:e.resolvePrivateKey??(t=>rn(t)),submitSignatures:e.submitSignatures??yi,discoverSignatures:e.discoverSignatures??Q}}o(Si,"resolveDeps");async function on(e,t,n={},r=process.cwd()){let i=Si(n),s=t.appid,a=t.appVersion,p=[],c=i.loadAppConfig(r);if(s=s??c.externalId,a=a??c.versionTag,t.scope&&t.scope.length>0?p=t.scope.map(i.parseScope):p=c.deployments.map(y=>({org:y.org,project:y.project})),!s)throw new Error("--appid is required (or set externalId in app.json)");if(!a)throw new Error("--app-version is required (or set versionTag in app.json)");let l=e?ve(r,e):V(r,s,a);if(!i.existsSync(l)){let y=e?"":" (default derived from app.json \u2014 pass [bundle] explicitly to override, or run `cognite apps deploy` first to populate .cognite-bundles/)";throw new Error(`Bundle not found: ${l}${y}`)}let d=i.validateScopes(p);if(d.length>0)throw new Error(`Invalid scopes:
25
28
  ${d.join(`
26
- `)}`);let{privateKeyPem:m,kid:g}=await i.resolvePrivateKey({keyPath:t.key?he(n,t.key):void 0,kid:t.signingIdentity}),u;if(t.devSig){let y=he(n,t.devSig);if(!i.existsSync(y))throw new Error(`Dev signature file not found: ${y}`);let C=i.readFileSync(y,"utf-8").trim();u=await i.hashDevSignature(C)}let f=i.createBundleStream(l),S=await i.signBundle({privateKeyPem:m,kid:g,appId:a,version:s,bundleStream:f,role:t.asCertifier?"certifier":"developer",scopes:p,devSignatureSha256:u}),v=t.output?he(n,t.output):Xo(Wo(l),`${zo(l)}.${t.asCertifier?"cert":"dev"}.sig`);i.writeFileSync(v,S.token,"utf-8"),console.log(`\u2705 Signed: ${v}`),console.log(` kid: ${S.kid}`),console.log(` bundle: ${S.payload.bundleSha256}`),console.log(` scopes: ${S.payload.scopes.map(y=>`${y.org}/${y.project}`).join(", ")}`),t.verbose&&console.log(`
27
- Payload:`,JSON.stringify(S.payload,null,2));let h=Array.from(new Set([...i.discoverSignatures(l),S.token])),k=t.interactive?await I(c,{deployment:t.deployment,baseUrl:t.baseUrl,project:t.project,org:t.org}):b(c.deployments,t.deployment);if(!t.interactive){let y=D(k);if(y.length>0)throw new Error(`Deployment ${k.org}/${k.project} is missing ${y.join(" and ")} in app.json. Use \`cognite apps sign --interactive\` for browser-based authentication instead.`)}await i.submitSignatures(k,a,s,h,t),console.log(`
28
- To publish: npx @cognite/cli apps publish .`)}o(qt,"handleSign");function zt(e,t={}){return e.command("sign [bundle]").description("Sign an app bundle (defaults to .cognite-bundles/<app>-<version>.zip)").option("--key <path>","Private key PEM file path").option("-s, --signing-identity <kid>","Key ID for Keychain or file lookup").option("--appid <id>","Application ID (default: externalId from app.json)").option("-i, --identifier <id>","Alias for --appid").option("--app-version <version>","App version (default: versionTag from app.json)").option("--scope <org/project...>","Deployment scope(s) (default: deployments from app.json)").option("-r, --requirements <org/project...>","Alias for --scope").option("-o, --output <path>","Output file path (default: <bundle>.<dev|cert>.sig)").option("-v, --verbose","Display full payload after signing").option("--as-certifier","Counter-sign a developer signature as certifier").option("--interactive","After signing, submit the signature to App Hosting using browser-based auth",!1).option("-d, --deployment <target>","Deployment target from app.json (index or name; submit step only)").option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").action((r,n)=>{let i={...n,appid:n.identifier??n.appid,scope:n.requirements??n.scope};return qt(r,i,t)})}o(zt,"registerSignCommand");import{existsSync as ii}from"fs";import{resolve as si}from"path";import{config as ai}from"dotenv";function R(e,t={existsSync:ii,config:ai}){let r=si(e,".env");t.existsSync(r)&&(console.log(`Loading environment variables from ${r}`),t.config({path:r}))}o(R,"loadEnvFile");function _(e){e.infra!=="appsApi"&&(console.error(`
29
+ `)}`);let{privateKeyPem:m,kid:u}=await i.resolvePrivateKey({keyPath:t.key?ve(r,t.key):void 0,kid:t.signingIdentity}),g;if(t.devSig){let y=ve(r,t.devSig);if(!i.existsSync(y))throw new Error(`Dev signature file not found: ${y}`);let P=i.readFileSync(y,"utf-8").trim();g=await i.hashDevSignature(P)}let f=i.createBundleStream(l),S=await i.signBundle({privateKeyPem:m,kid:u,appId:s,version:a,bundleStream:f,role:t.asCertifier?"certifier":"developer",scopes:p,devSignatureSha256:g}),C=t.output?ve(r,t.output):di(li(l),`${ci(l)}.${t.asCertifier?"cert":"dev"}.sig`);i.writeFileSync(C,S.token,"utf-8"),console.log(`\u2705 Signed: ${C}`),console.log(` kid: ${S.kid}`),console.log(` bundle: ${S.payload.bundleSha256}`),console.log(` scopes: ${S.payload.scopes.map(y=>`${y.org}/${y.project}`).join(", ")}`),t.verbose&&console.log(`
30
+ Payload:`,JSON.stringify(S.payload,null,2));let h=Array.from(new Set([...i.discoverSignatures(l),S.token])),k=t.interactive?await I(c,{interactive:!0,deployment:t.deployment,baseUrl:t.baseUrl,project:t.project,org:t.org}):x(c.deployments,t.deployment);if(!t.interactive){let y=D(k);if(y.length>0)throw new Error(`Deployment ${k.org}/${k.project} is missing ${y.join(" and ")} in app.json. Use \`cognite apps sign --interactive\` for browser-based authentication instead.`)}await i.submitSignatures(k,s,a,h,t),console.log(`
31
+ To publish: npx @cognite/cli apps publish .`)}o(on,"handleSign");function sn(e,t={}){return e.command("sign [bundle]").description("Sign an app bundle (defaults to .cognite-bundles/<app>-<version>.zip)").option("--key <path>","Private key PEM file path").option("-s, --signing-identity <kid>","Key ID for Keychain or file lookup").option("--appid <id>","Application ID (default: externalId from app.json)").option("-i, --identifier <id>","Alias for --appid").option("--app-version <version>","App version (default: versionTag from app.json)").option("--scope <org/project...>","Deployment scope(s) (default: deployments from app.json)").option("-r, --requirements <org/project...>","Alias for --scope").option("-o, --output <path>","Output file path (default: <bundle>.<dev|cert>.sig)").option("-v, --verbose","Display full payload after signing").option("--as-certifier","Counter-sign a developer signature as certifier").option("--interactive","After signing, submit the signature to App Hosting using browser-based auth",!1).option("-d, --deployment <target>","Deployment target from app.json (index or name; submit step only)").option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").action((n,r)=>{let i={...r,appid:r.identifier??r.appid,scope:r.requirements??r.scope};return on(n,i,t)})}o(sn,"registerSignCommand");import{existsSync as vi}from"fs";import{resolve as wi}from"path";import{config as Ci}from"dotenv";function $(e,t={existsSync:vi,config:Ci}){let n=wi(e,".env");t.existsSync(n)&&(console.log(`Loading environment variables from ${n}`),t.config({path:n}))}o($,"loadEnvFile");function F(e){e.infra!=="appsApi"&&(console.error(`
29
32
  \u26A0\uFE0F Legacy infrastructure is no longer supported.
30
33
 
31
34
  Your app.json is missing \`"infra": "appsApi"\`, which means it was created for
32
35
  the old CDF Application Registry. This deploy path has been removed.
33
36
 
34
37
  To migrate: add \`"infra": "appsApi"\` to your app.json, wire up the correct authentication and re-deploy.
35
- `),process.exit(1))}o(_,"assertAppHostingInfra");async function pi(e){let t=process.cwd();R(t);let r=E(t);_(r);let n=e.interactive?await I(r,e):b(r.deployments,e.deployment);if(!e.interactive){let d=D(n);if(d.length>0)throw new Error(`Deployment ${n.org}/${n.project} is missing ${d.join(" and ")} in app.json. Use \`npx @cognite/cli@latest apps activate --interactive\` for browser-based authentication instead.`)}let i=await A(n,{interactive:e.interactive,appId:r.externalId,orgHint:e.org}),a=new P(i),{externalId:s,versionTag:p}=r,c;try{c=await a.getVersion(s,p)}catch(d){throw d instanceof T?new Error(`Version ${p} of ${s} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):d}if(c.alias==="ACTIVE"){console.log(` ${s} @ ${p} is already ACTIVE \u2014 nothing to do.`);return}if(c.lifecycleState==="DEPRECATED"||c.lifecycleState==="ARCHIVED")throw new Error(`Cannot activate ${s} @ ${p}: version is ${c.lifecycleState} (terminal).`);c.lifecycleState==="DRAFT"&&(await a.publishVersion(s,p),console.log(`\u2713 Published ${s} @ ${p} is now PUBLISHED`));let{supersededVersion:l}=await a.activateVersion(s,p);console.log(`\u2713 Activated ${s} @ ${p} is now ACTIVE`),l&&console.log(` Superseded ${l} \u2192 PUBLISHED`)}o(pi,"handleActivate");function Wt(e){return e.command("activate").description("Activate the current app version (publish if needed, then set ACTIVE alias)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
38
+ `),process.exit(1))}o(F,"assertAppHostingInfra");async function Ei(e){let t=process.cwd();$(t);let n=w(t);F(n);let r=e.interactive?await I(n,e):x(n.deployments,e.deployment);if(!e.interactive){let d=D(r);if(d.length>0)throw new Error(`Deployment ${r.org}/${r.project} is missing ${d.join(" and ")} in app.json. Use \`npx @cognite/cli@latest apps activate --interactive\` for browser-based authentication instead.`)}let i=await A(r,{interactive:e.interactive,appId:n.externalId,orgHint:e.org}),s=new b(i),{externalId:a,versionTag:p}=n,c;try{c=await s.getVersion(a,p)}catch(d){throw d instanceof _?new Error(`Version ${p} of ${a} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):d}if(c.alias==="ACTIVE"){console.log(` ${a} @ ${p} is already ACTIVE \u2014 nothing to do.`);return}if(c.lifecycleState==="DEPRECATED"||c.lifecycleState==="ARCHIVED")throw new Error(`Cannot activate ${a} @ ${p}: version is ${c.lifecycleState} (terminal).`);c.lifecycleState==="DRAFT"&&(await s.publishVersion(a,p),console.log(`\u2713 Published ${a} @ ${p} is now PUBLISHED`));let{supersededVersion:l}=await s.activateVersion(a,p);console.log(`\u2713 Activated ${a} @ ${p} is now ACTIVE`),l&&console.log(` Superseded ${l} \u2192 PUBLISHED`)}o(Ei,"handleActivate");function an(e){return e.command("activate").description("Activate the current app version (publish if needed, then set ACTIVE alias)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
36
39
  Examples:
37
40
  npx @cognite/cli apps activate . Activate using env-var auth
38
- npx @cognite/cli apps activate . --interactive Activate using browser auth (no secrets needed)`).action((t,r)=>pi(r))}o(Wt,"registerActivateCommand");import{readdirSync as bi}from"fs";import{basename as dr,dirname as xi,normalize as Ai,resolve as re}from"path";import{fileURLToPath as Di,pathToFileURL as Ii}from"url";import{Logger as $i,runner as Fi}from"hygen";import{execFileSync as Se}from"child_process";function Xt(e={}){let{execFileSync:t=Se}=e;try{return t("git",["--version"],{stdio:"ignore"}),!0}catch{return!1}}o(Xt,"isGitInstalled");function Zt(e,t={}){let{execFileSync:r=Se}=t;try{return r("git",["-C",e,"status"],{stdio:"ignore"}),!0}catch{return!1}}o(Zt,"isInsideGitRepo");function Qt(e,t={}){let{execFileSync:r=Se}=t;r("git",["-C",e,"init"],{stdio:"pipe"}),r("git",["-C",e,"add","."],{stdio:"pipe"}),r("git",["-C",e,"commit","-m","Initial commit","--no-gpg-sign","--no-verify"],{stdio:"pipe"})}o(Qt,"gitInitAndCommit");function er(e={}){let{execFileSync:t=Se}=e;try{return String(t("git",["config","--get","user.email"],{encoding:"utf-8",stdio:["ignore","pipe","ignore"]})).trim()||void 0}catch{return}}o(er,"gitUserEmail");import{safeParse as ci}from"valibot";function te(e,t){return r=>{let n=ci(t,r);return n.success?!0:`${e} ${n.issues[0].message}`}}o(te,"toPromptValidator");var tr={name:te("App name",Re),displayName:te("Display name",Oe),baseUrl:te("Base URL",_e),org:te("Org",Ue),project:te("Project",Le)};function li(e,t){return e?async r=>{let n=t(r);return n===!0?e(r):n}:t}o(li,"composeValidators");function we(e){return e.map(t=>{if(!(t.name in tr))return t;let r=tr[t.name];return{...t,validate:li(t.validate,r)}})}o(we,"applySchemaValidators");import{basename as nr}from"path";import or from"enquirer";function rr(e){return e.replace(/[A-Z]/g,(t,r)=>r===0?t.toLowerCase():`-${t.toLowerCase()}`)}o(rr,"kebabCase");var di={type:"confirm",name:"useSpecKit",message:["Enable spec-driven development?"," Adds the github/spec-kit slash commands (/speckit.specify, .clarify, .plan, .tasks, .implement)"," to your app for use in Claude Code or Cursor. They walk you through writing SPEC.md and"," generating a plan, tasks, and implementation."].join(`
39
- `),initial:!1};async function mi(e){return!!(await e([di])).useSpecKit}o(mi,"promptForSpecKit");async function ui(e,t,r){return e!==void 0?e:t?mi(r):!1}o(ui,"resolveSpecKit");function ir({isCurrentDir:e,dirName:t,onAppName:r,onUseSpecKit:n,presets:i={},specKit:a,prompt:s=or.prompt.bind(or)}){return()=>({prompt:o(async p=>{if(!Array.isArray(p))return s([p]);let c=Object.fromEntries(Object.entries(i).filter(w=>w[1]!==void 0)),l=Object.keys(c).length>0,d=e?nr(process.cwd()):t?nr(t):null,m=l&&d!==null,g=!m&&d?p.map(w=>w.name==="name"?{...w,initial:d}:w):p,u=we(g),f=m?{...c,name:d}:c,S=new Set(Object.keys(f)),v=u.filter(w=>!S.has(w.name)),h=v.findIndex(w=>w.name==="baseUrl"),k;if(h!==-1){let w=v.filter(fn=>fn.name!=="baseUrl"),N=w.length>0?await s(w):{},ce=typeof N.cluster=="string"?N.cluster:"",Y=typeof f.cluster=="string"?f.cluster:"",le=`https://${(ce||Y).trim().replace(/\/+$/,"")||"api"}.cognitedata.com`,U=v[h],De=await s([{...U,initial:le}]);k={...N,...De}}else k=v.length>0?await s(v):{};let y={...f,...k},C=typeof y.name=="string"?y.name:"";C&&r(C);let $=await ui(a,v.length>0,s);return n?.($),{...y,name:C,useCurrentDir:e,directoryName:e?void 0:t??void 0,useSpecKit:$}},"prompt")})}o(ir,"createAppPrompter");async function sr(e,t,r){let n=[];Object.values(t).some(a=>a!==void 0)&&r!==null&&n.push({key:"name",value:r,label:"directory"});for(let[a,s]of Object.entries(t))s!==void 0&&n.push({key:a,value:s,label:`--${rr(a)}`});for(let{key:a,value:s,label:p}of n){let c=e.find(d=>d.name===a)?.validate;if(!c)continue;let l=await c(s);if(l!==!0)throw new Error(`Invalid ${p}: ${l}`)}}o(sr,"validatePresets");import{cpSync as wi,mkdirSync as pr,writeFileSync as vi}from"fs";import{dirname as cr,resolve as J}from"path";import{fileURLToPath as Ci}from"url";import{copyFileSync as gi,symlinkSync as fi}from"fs";import{dirname as yi,join as hi}from"path";function Si(e){if(e&&typeof e=="object"&&"code"in e&&typeof e.code=="string")return e.code}o(Si,"errno");function ar(e){return e instanceof Error?e.message:String(e)}o(ar,"messageOf");function ve({target:e,linkPath:t,label:r,symlink:n=fi,copyFile:i=gi}){try{return n(e,t),!0}catch(a){let s=Si(a);if(s==="EEXIST")return!0;let p=ar(a);if(s==="EPERM"||s==="EACCES")try{let c=hi(yi(t),e);return i(c,t),console.log(`\u2139\uFE0F Wrote ${r} as a copy of ${e} (symlinks need Developer Mode or an elevated shell on Windows).`),!0}catch(c){return console.warn(`\u26A0\uFE0F Could not create ${r} symlink: ${p} (copy fallback also failed: ${ar(c)})`),!1}return console.warn(`\u26A0\uFE0F Could not create ${r} symlink:`,p),!1}}o(ve,"linkOrCopyOrWarn");var Pi=J(cr(Ci(import.meta.url)),"..","..","_vendor","spec-kit"),Ei={branch_numbering:"sequential"},ki=[{from:"templates",to:".specify/templates"},{from:"scripts/bash",to:".specify/scripts/bash"},{from:"commands",to:".claude/commands"},{from:"commands",to:".cursor/commands"}];function lr({appDir:e,vendorDir:t=Pi}){let r=J(e,".specify"),n=J(r,"memory"),i=`prepare spec-kit install for appDir=${e}`;try{for(let{from:a,to:s}of ki){let p=J(e,s);i=`copy ${a} to ${s}`,pr(cr(p),{recursive:!0}),wi(J(t,a),p,{recursive:!0})}i=`write init-options.json under specifyDir=${r}`,vi(J(r,"init-options.json"),`${JSON.stringify(Ei,null,2)}
40
- `),i=`link .specify/memory/constitution.md in specifyDir=${r}`,pr(n,{recursive:!0}),ve({target:"../../AGENTS.md",linkPath:J(n,"constitution.md"),label:".specify/memory/constitution.md"})}catch(a){let s=a instanceof Error?a.message:String(a);throw new Error(`installSpecKit failed while ${i} (appDir=${e}, vendorDir=${t}): ${s}`,{cause:a})}}o(lr,"installSpecKit");var mr=re(xi(Di(import.meta.url)),"..","..","_templates");async function Ti(){let e=re(mr,"app","new","prompt.js");return(await import(Ii(e).href)).default}o(Ti,"loadPromptDefs");function Oi(e,t){return!e||t?null:Ai(e)}o(Oi,"resolveDirName");function Ri(e,t,r){if(e)return{cwd:process.cwd(),display:"."};let n=t??r;if(!n)throw new Error("App creation completed without a target directory or name.");return{cwd:re(process.cwd(),n),display:n}}o(Ri,"resolveAppLocation");function _i(e,t,r){let n=` npm install
41
- npm run dev`,i="To deploy your app:",a="npx @cognite/cli apps deploy --interactive",s=r?`
41
+ npx @cognite/cli apps activate . --interactive Activate using browser auth (no secrets needed)`).action((t,n)=>Ei(n))}o(an,"registerActivateCommand");import{readdirSync as ji}from"fs";import{basename as Pn,dirname as Ni,normalize as Mi,resolve as oe}from"path";import{fileURLToPath as Vi,pathToFileURL as Hi}from"url";import{Logger as Bi,runner as Gi}from"hygen";import{execFileSync as ne}from"child_process";function pn(e={}){let{execFileSync:t=ne}=e;try{return t("git",["--version"],{stdio:"ignore"}),!0}catch{return!1}}o(pn,"isGitInstalled");function cn(e,t={}){let{execFileSync:n=ne}=t;try{return n("git",["-C",e,"status"],{stdio:"ignore"}),!0}catch{return!1}}o(cn,"isInsideGitRepo");function ln(e,t={}){let{execFileSync:n=ne}=t;n("git",["-C",e,"init"],{stdio:"pipe"}),n("git",["-C",e,"add","."],{stdio:"pipe"}),n("git",["-C",e,"commit","-m","Initial commit","--no-gpg-sign","--no-verify"],{stdio:"pipe"})}o(ln,"gitInitAndCommit");function dn(e={}){let{execFileSync:t=ne}=e;try{return String(t("git",["config","--get","user.name"],{encoding:"utf-8",stdio:["ignore","pipe","ignore"]})).trim()||void 0}catch{return}}o(dn,"gitUserName");function mn(e={}){let{execFileSync:t=ne}=e;try{return String(t("git",["config","--get","user.email"],{encoding:"utf-8",stdio:["ignore","pipe","ignore"]})).trim()||void 0}catch{return}}o(mn,"gitUserEmail");import{safeParse as Pi}from"valibot";function re(e,t){return n=>{let r=Pi(t,n);return r.success?!0:`${e} ${r.issues[0].message}`}}o(re,"toPromptValidator");var un={name:re("App name",_e),displayName:re("Display name",Oe),baseUrl:re("Base URL",Ue),org:re("Org",Ke),project:re("Project",Le)};function bi(e,t){return e?async n=>{let r=t(n);return r===!0?e(n):r}:t}o(bi,"composeValidators");function we(e){return e.map(t=>{if(!(t.name in un))return t;let n=un[t.name];return{...t,validate:bi(t.validate,n)}})}o(we,"applySchemaValidators");import{basename as fn}from"path";import yn from"enquirer";function gn(e){return e.replace(/[A-Z]/g,(t,n)=>n===0?t.toLowerCase():`-${t.toLowerCase()}`)}o(gn,"kebabCase");var ki={type:"confirm",name:"useSpecKit",message:["Enable spec-driven development?"," Adds the github/spec-kit slash commands (/speckit.specify, .clarify, .plan, .tasks, .implement)"," to your app for use in Claude Code or Cursor. They walk you through writing SPEC.md and"," generating a plan, tasks, and implementation."].join(`
42
+ `),initial:!1};async function xi(e){return!!(await e([ki])).useSpecKit}o(xi,"promptForSpecKit");async function Ai(e,t,n){return e!==void 0?e:t?xi(n):!1}o(Ai,"resolveSpecKit");function hn({isCurrentDir:e,dirName:t,onAppName:n,onUseSpecKit:r,presets:i={},specKit:s,prompt:a=yn.prompt.bind(yn)}){return()=>({prompt:o(async p=>{if(!Array.isArray(p))return a([p]);let c=Object.fromEntries(Object.entries(i).filter(v=>v[1]!==void 0)),l=Object.keys(c).length>0,d=e?fn(process.cwd()):t?fn(t):null,m=l&&d!==null,u=!m&&d?p.map(v=>v.name==="name"?{...v,initial:d}:v):p,g=we(u),f=m?{...c,name:d}:c,S=new Set(Object.keys(f)),C=g.filter(v=>!S.has(v.name)),h=C.findIndex(v=>v.name==="baseUrl"),k;if(h!==-1){let v=C.filter($r=>$r.name!=="baseUrl"),N=v.length>0?await a(v):{},de=typeof N.cluster=="string"?N.cluster:"",q=typeof f.cluster=="string"?f.cluster:"",me=`https://${(de||q).trim().replace(/\/+$/,"")||"api"}.cognitedata.com`,K=C[h],Ie=await a([{...K,initial:me}]);k={...N,...Ie}}else k=C.length>0?await a(C):{};let y={...f,...k},P=typeof y.name=="string"?y.name:"";P&&n(P);let T=await Ai(s,C.length>0,a);return r?.(T),{...y,name:P,useCurrentDir:e,directoryName:e?void 0:t??void 0,useSpecKit:T}},"prompt")})}o(hn,"createAppPrompter");async function Sn(e,t,n){let r=[];Object.values(t).some(s=>s!==void 0)&&n!==null&&r.push({key:"name",value:n,label:"directory"});for(let[s,a]of Object.entries(t))a!==void 0&&r.push({key:s,value:a,label:`--${gn(s)}`});for(let{key:s,value:a,label:p}of r){let c=e.find(d=>d.name===s)?.validate;if(!c)continue;let l=await c(a);if(l!==!0)throw new Error(`Invalid ${p}: ${l}`)}}o(Sn,"validatePresets");import{cpSync as Ri,mkdirSync as wn,writeFileSync as Oi}from"fs";import{dirname as Cn,resolve as J}from"path";import{fileURLToPath as _i}from"url";import{copyFileSync as Di,symlinkSync as Ii}from"fs";import{dirname as $i,join as Fi}from"path";function Ti(e){if(e&&typeof e=="object"&&"code"in e&&typeof e.code=="string")return e.code}o(Ti,"errno");function vn(e){return e instanceof Error?e.message:String(e)}o(vn,"messageOf");function Ce({target:e,linkPath:t,label:n,symlink:r=Ii,copyFile:i=Di}){try{return r(e,t),!0}catch(s){let a=Ti(s);if(a==="EEXIST")return!0;let p=vn(s);if(a==="EPERM"||a==="EACCES")try{let c=Fi($i(t),e);return i(c,t),console.log(`\u2139\uFE0F Wrote ${n} as a copy of ${e} (symlinks need Developer Mode or an elevated shell on Windows).`),!0}catch(c){return console.warn(`\u26A0\uFE0F Could not create ${n} symlink: ${p} (copy fallback also failed: ${vn(c)})`),!1}return console.warn(`\u26A0\uFE0F Could not create ${n} symlink:`,p),!1}}o(Ce,"linkOrCopyOrWarn");var Ui=J(Cn(_i(import.meta.url)),"..","..","_vendor","spec-kit"),Ki={branch_numbering:"sequential"},Li=[{from:"templates",to:".specify/templates"},{from:"scripts/bash",to:".specify/scripts/bash"},{from:"commands",to:".claude/commands"},{from:"commands",to:".cursor/commands"}];function En({appDir:e,vendorDir:t=Ui}){let n=J(e,".specify"),r=J(n,"memory"),i=`prepare spec-kit install for appDir=${e}`;try{for(let{from:s,to:a}of Li){let p=J(e,a);i=`copy ${s} to ${a}`,wn(Cn(p),{recursive:!0}),Ri(J(t,s),p,{recursive:!0})}i=`write init-options.json under specifyDir=${n}`,Oi(J(n,"init-options.json"),`${JSON.stringify(Ki,null,2)}
43
+ `),i=`link .specify/memory/constitution.md in specifyDir=${n}`,wn(r,{recursive:!0}),Ce({target:"../../AGENTS.md",linkPath:J(r,"constitution.md"),label:".specify/memory/constitution.md"})}catch(s){let a=s instanceof Error?s.message:String(s);throw new Error(`installSpecKit failed while ${i} (appDir=${e}, vendorDir=${t}): ${a}`,{cause:s})}}o(En,"installSpecKit");var bn=oe(Ni(Vi(import.meta.url)),"..","..","_templates");async function Ji(){let e=oe(bn,"app","new","prompt.js");return(await import(Hi(e).href)).default}o(Ji,"loadPromptDefs");function Yi(e,t){return!e||t?null:Mi(e)}o(Yi,"resolveDirName");function qi(e,t,n){if(e)return{cwd:process.cwd(),display:"."};let r=t??n;if(!r)throw new Error("App creation completed without a target directory or name.");return{cwd:oe(process.cwd(),r),display:r}}o(qi,"resolveAppLocation");function zi(e,t,n){let r=` npm install
44
+ npm run dev`,i="To deploy your app:",s="npx @cognite/cli apps deploy --interactive",a=n?`
42
45
  To start spec-driven development:
43
46
  Run /speckit.specify in Claude Code or Cursor and describe your app.
44
47
  `:"",p=` # Or fully non-interactive (deploys first target from app.json):
@@ -46,10 +49,10 @@ To start spec-driven development:
46
49
  \u2705 App created successfully in current directory!
47
50
 
48
51
  Next steps:
49
- ${n}
50
- ${s}
52
+ ${r}
53
+ ${a}
51
54
  ${i}
52
- ${a}
55
+ ${s}
53
56
  ${p}
54
57
  `);return}console.log(`
55
58
  \u2705 App created successfully!
@@ -58,14 +61,14 @@ To open in Cursor:
58
61
  cursor "${t}"
59
62
  Or:
60
63
  cd "${t}"
61
- ${n}
62
- ${s}
64
+ ${r}
65
+ ${a}
63
66
  ${i}
64
67
  cd "${t}"
65
- ${a}
68
+ ${s}
66
69
  ${p}
67
- `)}o(_i,"printSuccessMessage");async function Ui(e){try{let{execSkillsCli:t,pullAllArgs:r}=await import("../skills-GQ5TZKCM.js");console.log("\u{1F9E0} Pulling skills into your app..."),t(r(),{cwd:e,timeout:3e4,stdio:["pipe","pipe","inherit"]});let n=re(e,".agents","skills"),i=0;try{i=bi(n).length}catch{console.warn(`Skills directory not found after pull \u2014 no skills may have been installed (expected: ${n})`)}let a=i>0?`${i} skills`:"skills";console.log(`\u2705 Installed ${a} successfully to
68
- ${n}`)}catch(t){let r=t instanceof Error?t.message:String(t);console.warn("\u26A0\uFE0F Could not pull skills:",r)}}o(Ui,"pullSkillsInto");function Li(e,t={}){let{isGitInstalled:r=Xt,isInsideGitRepo:n=Zt,gitInitAndCommit:i=Qt}=t;if(!r()){console.warn("git not found \u2014 skipping git repository initialisation");return}if(!n(e)){console.log("Initialising git repository...");try{i(e)}catch(a){let p=(a&&typeof a=="object"&&"stderr"in a&&a.stderr?String(a.stderr).trim():"")||(a instanceof Error?a.message:String(a));console.warn("Could not initialise git repository:",p)}}}o(Li,"maybeInitGit");async function Ki(e,t){let r=e==="."||e==="./",n=Oi(e,r),i=null,a=!1,s={displayName:t.displayName,description:t.description,org:t.org,project:t.project,cluster:t.cluster,baseUrl:t.baseUrl},p=await Ti(),c=we(p),l=r?dr(process.cwd()):n?dr(n):null;await sr(c,s,l);let d=ir({isCurrentDir:r,dirName:n,onAppName:o(g=>{i=g},"onAppName"),onUseSpecKit:o(g=>{a=g},"onUseSpecKit"),presets:s,specKit:t.specKit});await Fi(["app","new"],{templates:mr,cwd:process.cwd(),logger:new $i(console.log.bind(console)),createPrompter:d,debug:!!process.env.DEBUG});let m=Ri(r,n,i);ve({target:"AGENTS.md",linkPath:re(m.cwd,"CLAUDE.md"),label:"CLAUDE.md"}),a&&lr({appDir:m.cwd}),await Ui(m.cwd),Li(m.cwd),_i(r,m.display,a)}o(Ki,"handleCreate");function ur(e){return e.command("create").description("Create a new application.").argument("[directory]","Target directory (. for current, or subdirectory name)").option("--display-name <name>","App display name (skips the prompt)").option("--description <description>","App description (skips the prompt)").option("--org <org>","Deployment org (skips the prompt)").option("--project <project>","Deployment project (skips the prompt)").option("--cluster <cluster>","CDF cluster, e.g. greenfield (skips the prompt)").option("--base-url <url>","CDF base URL, e.g. https://greenfield.cognitedata.com (skips the prompt; defaults to cluster-derived URL when omitted)").option("--spec-kit","Install spec-kit slash commands (skips the prompt)").option("--no-spec-kit","Skip spec-kit installation (skips the prompt)").addHelpText("after",`
70
+ `)}o(zi,"printSuccessMessage");async function Wi(e){try{let{execSkillsCli:t,pullAllArgs:n}=await import("../skills-GQ5TZKCM.js");console.log("\u{1F9E0} Pulling skills into your app..."),t(n(),{cwd:e,timeout:3e4,stdio:["pipe","pipe","inherit"]});let r=oe(e,".agents","skills"),i=0;try{i=ji(r).length}catch{console.warn(`Skills directory not found after pull \u2014 no skills may have been installed (expected: ${r})`)}let s=i>0?`${i} skills`:"skills";console.log(`\u2705 Installed ${s} successfully to
71
+ ${r}`)}catch(t){let n=t instanceof Error?t.message:String(t);console.warn("\u26A0\uFE0F Could not pull skills:",n)}}o(Wi,"pullSkillsInto");function Xi(e,t={}){let{isGitInstalled:n=pn,isInsideGitRepo:r=cn,gitInitAndCommit:i=ln}=t;if(!n()){console.warn("git not found \u2014 skipping git repository initialisation");return}if(!r(e)){console.log("Initialising git repository...");try{i(e)}catch(s){let p=(s&&typeof s=="object"&&"stderr"in s&&s.stderr?String(s.stderr).trim():"")||(s instanceof Error?s.message:String(s));console.warn("Could not initialise git repository:",p)}}}o(Xi,"maybeInitGit");async function Zi(e,t){let n=e==="."||e==="./",r=Yi(e,n),i=null,s=!1,a={displayName:t.displayName,description:t.description,org:t.org,project:t.project,cluster:t.cluster,baseUrl:t.baseUrl},p=await Ji(),c=we(p),l=n?Pn(process.cwd()):r?Pn(r):null;await Sn(c,a,l);let d=hn({isCurrentDir:n,dirName:r,onAppName:o(u=>{i=u},"onAppName"),onUseSpecKit:o(u=>{s=u},"onUseSpecKit"),presets:a,specKit:t.specKit});await Gi(["app","new"],{templates:bn,cwd:process.cwd(),logger:new Bi(console.log.bind(console)),createPrompter:d,debug:!!process.env.DEBUG});let m=qi(n,r,i);Ce({target:"AGENTS.md",linkPath:oe(m.cwd,"CLAUDE.md"),label:"CLAUDE.md"}),s&&En({appDir:m.cwd}),await Wi(m.cwd),Xi(m.cwd),zi(n,m.display,s)}o(Zi,"handleCreate");function kn(e){return e.command("create").description("Create a new application.").argument("[directory]","Target directory (. for current, or subdirectory name)").option("--display-name <name>","App display name (skips the prompt)").option("--description <description>","App description (skips the prompt)").option("--org <org>","Deployment org (skips the prompt)").option("--project <project>","Deployment project (skips the prompt)").option("--cluster <cluster>","CDF cluster, e.g. greenfield (skips the prompt)").option("--base-url <url>","CDF base URL, e.g. https://greenfield.cognitedata.com (skips the prompt; defaults to cluster-derived URL when omitted)").option("--spec-kit","Install spec-kit slash commands (skips the prompt)").option("--no-spec-kit","Skip spec-kit installation (skips the prompt)").addHelpText("after",`
69
72
  Non-interactive use (CI, scripts, AI agents):
70
73
  Pass [directory] plus --display-name, --description, --org, --project, --cluster, --base-url
71
74
  to skip every prompt. Missing flags fall back to the interactive prompt.
@@ -78,17 +81,21 @@ Examples:
78
81
  --display-name "My App" --description "My app" \\
79
82
  --org cog-atlas --project atlas-greenfield --cluster greenfield \\
80
83
  --base-url https://greenfield.cognitedata.com
81
- Fully non-interactive`).action(Ki)}o(ur,"registerCreateCommand");import ji from"path";async function Ni(e,t,r){let n=await A(e,{interactive:t.interactive,appId:r,orgHint:t.org});return new P(n)}o(Ni,"defaultGetApiClient");async function Mi(e,t,r={}){let{loadEnvFile:n=R,loadAppConfig:i=E,getApiClient:a=Ni}=r,s=ji.resolve(process.cwd(),e);n(s);let p=i(s);_(p);let c=t.interactive?await I(p,t):b(p.deployments,t.deployment);if(!t.interactive){let g=D(c);if(g.length>0)throw new Error(`Deployment ${c.org}/${c.project} is missing ${g.join(" and ")} in app.json. Use \`npx @cognite/cli@latest apps deactivate --interactive\` for browser-based authentication instead.`)}let l=await a(c,t,p.externalId),{externalId:d}=p,m=await l.getActiveVersion(d);if(!m){console.log(` ${d} has no active version \u2014 nothing to deactivate.`);return}await l.deactivateVersion(d,m.version),console.log(`\u2713 Deactivated ${d} @ ${m.version} \u2014 active alias removed`)}o(Mi,"handleDeactivate");function gr(e){return e.command("deactivate").description("Deactivate the app by removing its active version from service").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
84
+ Fully non-interactive`).action(Zi)}o(kn,"registerCreateCommand");import Qi from"path";async function es(e,t,n){let r=await A(e,{interactive:t.interactive,appId:n,orgHint:t.org});return new b(r)}o(es,"defaultGetApiClient");async function ts(e,t,n={}){let{loadEnvFile:r=$,loadAppConfig:i=w,getApiClient:s=es}=n,a=Qi.resolve(process.cwd(),e);r(a);let p=i(a);F(p);let c=t.interactive?await I(p,t):x(p.deployments,t.deployment);if(!t.interactive){let u=D(c);if(u.length>0)throw new Error(`Deployment ${c.org}/${c.project} is missing ${u.join(" and ")} in app.json. Use \`npx @cognite/cli@latest apps deactivate --interactive\` for browser-based authentication instead.`)}let l=await s(c,t,p.externalId),{externalId:d}=p,m=await l.getActiveVersion(d);if(!m){console.log(` ${d} has no active version \u2014 nothing to deactivate.`);return}await l.deactivateVersion(d,m.version),console.log(`\u2713 Deactivated ${d} @ ${m.version} \u2014 active alias removed`)}o(ts,"handleDeactivate");function xn(e){return e.command("deactivate").description("Deactivate the app by removing its active version from service").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
82
85
  Examples:
83
86
  npx @cognite/cli apps deactivate . Deactivate using env-var auth
84
- npx @cognite/cli apps deactivate . --interactive Deactivate using browser auth (no secrets needed)`).action((t,r)=>Mi(t,r))}o(gr,"registerDeactivateCommand");import{mkdir as Ji,readFile as Yi}from"fs/promises";import{basename as qi,dirname as zi}from"path";import j from"fs";import x from"path";import{parseAndValidateManifestConfig as Hi}from"@cognite/app-sdk/vite";import{BlobReader as Vi,Uint8ArrayWriter as Bi,ZipWriter as Gi}from"@zip.js/zip.js";var qe="package.json",ze="package-lock.json",fr="manifest.json",We=".cognite",Xe=class Xe{constructor(t="dist"){this.distPath=x.isAbsolute(t)?t:x.join(process.cwd(),t),this.appRoot=x.dirname(this.distPath)}validateBuildDirectory(){if(!j.existsSync(this.distPath))throw new Error(`Build directory "${this.distPath}" not found. Run build first.`);let t=x.join(this.appRoot,qe);if(!j.existsSync(t))throw new Error(`"${t}" not found. It is required for deployment.`);let r=x.join(this.appRoot,ze);if(!j.existsSync(r))throw new Error(`"${r}" not found. It is required for deployment.`)}async createZip(t="app.zip",r=!1){this.validateBuildDirectory(),console.log("\u{1F4E6} Packaging application...");let n=new Gi(new Bi,{level:9}),i=o(async(c,l)=>{await n.add(l,new Vi(await j.openAsBlob(c))),r&&console.log(` \u{1F4C4} ${l}`)},"addFile"),a=o(async c=>{let l=await j.promises.readdir(c,{withFileTypes:!0});for(let d of l){let m=x.join(c,d.name);d.isDirectory()?await a(m):await i(m,x.relative(this.distPath,m).replace(/\\/g,"/"))}},"addDir"),s;try{await a(this.distPath);let c=x.join(this.appRoot,qe);await i(c,x.posix.join(We,qe));let l=x.join(this.appRoot,fr);if(j.existsSync(l)){let m=j.readFileSync(l,"utf-8");Hi(m,l),await i(l,x.posix.join(We,fr))}let d=x.join(this.appRoot,ze);await i(d,x.posix.join(We,ze)),s=await n.close()}catch(c){let l=c instanceof Error?c.message:String(c);throw new Error(`Failed to create zip: ${l}`)}await j.promises.writeFile(t,s);let p=(s.byteLength/1024/1024).toFixed(2);return console.log(`\u2705 App packaged: ${t} (${p} MB)`),t}};o(Xe,"ApplicationPackager");var ne=Xe;async function Ce(e,t,r,n){let{externalId:i,name:a,description:s,versionTag:p}=t,c=H(r,i,p);await Ji(zi(c),{recursive:!0}),await new ne(`${r}/dist`).createZip(c,!0);let l=await Yi(c);await new P(e).deploy(i,a,s,p,l,qi(c),n)}o(Ce,"packageAndUpload");var Ze=o(async(e,t,r)=>{let n=await Q(e,r);await Ce(n,t,r,e.published)},"deploy");import{execSync as Wi}from"child_process";function Qe(e,t=!0,r={execSync:Wi}){console.log("\u{1F4E6} Building app with npm..."),r.execSync("npm run build",{cwd:e,stdio:t?"inherit":"pipe"}),console.log("\u2705 Build successful")}o(Qe,"buildApp");function yr(e,t){let{org:r,project:n,baseUrl:i}=e,a;try{a=new URL(i).hostname}catch{return null}let{externalId:s,versionTag:p}=t,c=new URLSearchParams({cluster:a,customAppVersion:p,workspace:"industrial-tools"});return`https://${r}.fusion.cognite.com/${n}/flows-apps/app/${encodeURIComponent(s)}?${c}`}o(yr,"generateFusionUrl");function hr(e,t,r){let n=r?"\u{1F680} Deploy (Interactive)":"\u{1F680} Deploy",i=r?`${t.project} @ ${t.baseUrl}`:`${t.org}/${t.project}`;console.log(["",n,"=".repeat(n.length),`App: ${e.name} (${e.externalId})`,`Version: ${e.versionTag}`,`Target: ${i}`,""].join(`
85
- `))}o(hr,"printDeployInfo");function Sr(e,t){console.log(`
86
- \u2705 Successfully deployed ${e.name} version ${e.versionTag} to ${t.org?`${t.org}/`:""}${t.project}`),console.log("\u{1F512} App is deployed in draft mode");let r=e.deployments.length>1?` -d ${t.project}`:"";console.log(`
87
- To sign: npx @cognite/cli apps sign --interactive${r}`),console.log(`To publish: npx @cognite/cli apps publish .${r}`),console.log(`To activate: npx @cognite/cli apps activate .${r}`);let n=yr(t,e);n&&console.log(`
87
+ npx @cognite/cli apps deactivate . --interactive Deactivate using browser auth (no secrets needed)`).action((t,n)=>ts(t,n))}o(xn,"registerDeactivateCommand");import{mkdir as as,readFile as ps}from"fs/promises";import{basename as cs,dirname as ls}from"path";import{execFileSync as Xe}from"child_process";import O from"fs";import E from"path";import{parseAndValidateManifestConfig as ns}from"@cognite/app-sdk/vite";import{BlobReader as rs,Uint8ArrayWriter as os,ZipWriter as is}from"@zip.js/zip.js";var Ze="package.json",Qe="package-lock.json",An="manifest.json",et=".cognite",ss=[/^\.env(\..+)?$/,/^\.secrets?$/,/\.(key|pem|p12|pfx|jks|crt)$/i],tt=class tt{constructor(t="dist"){this.distPath=E.isAbsolute(t)?t:E.join(process.cwd(),t),this.appRoot=E.dirname(this.distPath)}validateBuildDirectory(){if(!O.existsSync(this.distPath))throw new Error(`Build directory "${this.distPath}" not found. Run build first.`);let t=E.join(this.appRoot,Ze);if(!O.existsSync(t))throw new Error(`"${t}" not found. It is required for deployment.`);let n=E.join(this.appRoot,Qe);if(!O.existsSync(n))throw new Error(`"${n}" not found. It is required for deployment.`)}async createZip(t="app.zip",n=!1){this.validateBuildDirectory(),console.log("\u{1F4E6} Packaging application...");let r=new is(new os,{level:9}),i=o(async(c,l)=>{await r.add(l,new rs(await O.openAsBlob(c))),n&&console.log(` \u{1F4C4} ${l}`)},"addFile"),s=o(async c=>{let l=await O.promises.readdir(c,{withFileTypes:!0});for(let d of l){let m=E.join(c,d.name);d.isDirectory()?await s(m):await i(m,E.relative(this.distPath,m).replace(/\\/g,"/"))}},"addDir"),a;try{await s(this.distPath);let c=E.join(this.appRoot,Ze);await i(c,E.posix.join(et,Ze));let l=E.join(this.appRoot,An);if(O.existsSync(l)){let m=O.readFileSync(l,"utf-8");ns(m,l),await i(l,E.posix.join(et,An))}let d=E.join(this.appRoot,Qe);await i(d,E.posix.join(et,Qe)),a=await r.close()}catch(c){let l=c instanceof Error?c.message:String(c);throw new Error(`Failed to create zip: ${l}`)}await O.promises.writeFile(t,a);let p=(a.byteLength/1024/1024).toFixed(2);return console.log(`\u2705 App packaged: ${t} (${p} MB)`),t}async createSourceArchive(t){console.log("\u{1F4E6} Packaging source for review...");let n;try{n=Xe("git",["-C",this.appRoot,"rev-parse","--show-toplevel"],{encoding:"utf-8",stdio:["pipe","pipe","pipe"]}).trim()}catch(u){throw u instanceof Error&&"code"in u&&u.code==="ENOENT"?new Error("git not found. Install git and ensure it is in your PATH."):new Error("Source packaging requires a git repository. Run `git init` first.")}let r=O.realpathSync(n),i=O.realpathSync(this.appRoot),s=E.relative(r,i)||".",a=s.replace(/\\/g,"/"),p=s==="."?"":`${a}/`,l=Xe("git",["-C",n,"ls-files","--",a],{encoding:"utf-8",stdio:["pipe","pipe","pipe"]}).trim().split(`
88
+ `).filter(Boolean).map(u=>p?u.slice(p.length):u).filter(u=>ss.some(g=>g.test(E.basename(u))));if(l.length>0)throw new Error(`Source archive would include sensitive files \u2014 remove them from git tracking first:
89
+ `+l.map(u=>` ${u}`).join(`
90
+ `)+`
91
+ Hint: git rm --cached <file>`);try{Xe("git",["-C",n,"archive","--format=zip",`--output=${t}`,"HEAD","--",a])}catch(u){let g=u instanceof Error?u.message:String(u);throw new Error(`Failed to create source archive: ${g}`)}let m=(O.statSync(t).size/1024/1024).toFixed(2);return console.log(`\u2705 Source packaged: ${E.basename(t)} (${m} MB)`),t}};o(tt,"ApplicationPackager");var Y=tt;async function Ee(e,t,n,r){let{externalId:i,name:s,description:a,versionTag:p}=t,c=V(n,i,p);await as(ls(c),{recursive:!0}),await new Y(`${n}/dist`).createZip(c,!0);let l=await ps(c);await new b(e).deploy(i,s,a,p,l,cs(c),r)}o(Ee,"packageAndUpload");var nt=o(async(e,t,n)=>{let r=await ee(e,n);await Ee(r,t,n,e.published)},"deploy");import{execSync as ds}from"child_process";function rt(e,t=!0,n={execSync:ds}){console.log("\u{1F4E6} Building app with npm..."),n.execSync("npm run build",{cwd:e,stdio:t?"inherit":"pipe"}),console.log("\u2705 Build successful")}o(rt,"buildApp");function Dn(e,t){let{org:n,project:r,baseUrl:i}=e,s;try{s=new URL(i).hostname}catch{return null}let{externalId:a,versionTag:p}=t,c=new URLSearchParams({cluster:s,customAppVersion:p,workspace:"industrial-tools"});return`https://${n}.fusion.cognite.com/${r}/flows-apps/app/${encodeURIComponent(a)}?${c}`}o(Dn,"generateFusionUrl");function In(e,t,n){let r=n?"\u{1F680} Deploy (Interactive)":"\u{1F680} Deploy",i=n?`${t.project} @ ${t.baseUrl}`:`${t.org}/${t.project}`;console.log(["",r,"=".repeat(r.length),`App: ${e.name} (${e.externalId})`,`Version: ${e.versionTag}`,`Target: ${i}`,""].join(`
92
+ `))}o(In,"printDeployInfo");function $n(e,t){console.log(`
93
+ \u2705 Successfully deployed ${e.name} version ${e.versionTag} to ${t.org?`${t.org}/`:""}${t.project}`),console.log("\u{1F512} App is deployed in draft mode");let n=e.deployments.length>1?` -d ${t.project}`:"";console.log(`
94
+ To sign: npx @cognite/cli apps sign --interactive${n}`),console.log(`To publish: npx @cognite/cli apps publish .${n}`),console.log(`To activate: npx @cognite/cli apps activate .${n}`);let r=Dn(t,e);r&&console.log(`
88
95
  \u{1F517} Open your app:
89
- ${n}`)}o(Sr,"printDeployResult");async function Xi(e,t,r,n,i){let a=D(t);if(a.length>0)throw new Error(`Deployment ${t.org}/${t.project} is missing ${a.join(" and ")} in app.json. Use \`cognite apps deploy --interactive\` for browser-based authentication instead.`);hr(e,t,!1),n.skipBuild||Qe(r),console.log(`
90
- \u{1F4E4} Deploying to ${t.org}/${t.project}...`),await i({...t,published:!1},{externalId:e.externalId,name:e.name,description:e.description,versionTag:e.versionTag},r),Sr(e,t)}o(Xi,"handleDeployNonInteractive");async function Zi(e,t,r,n){hr(e,t,!0),n.skipBuild||Qe(r);let i=await A(t,{interactive:!0,appId:e.externalId,orgHint:n.org});console.log(`
91
- \u{1F4E4} Deploying to ${t.project}...`),await Ce(i,{externalId:e.externalId,name:e.name,description:e.description,versionTag:e.versionTag},r,!1),Sr(e,t)}o(Zi,"handleDeployInteractive");async function Qi(e,t=process.cwd(),r={}){let{loadEnvFile:n=R,loadAppConfig:i=E,deploy:a=Ze}=r;n(t);let s=i(t);if(_(s),e.interactive){let c=await I(s,e);await Zi(s,c,t,e);return}let p=b(s.deployments,e.deployment);await Xi(s,p,t,e,a)}o(Qi,"handleDeploy");function wr(e){return e.command("deploy").description("Deploy your app to Cognite Data Fusion. Use --interactive for browser-based login (no env-var secrets required).").option("-d, --deployment <target>","Deployment target (index or project name)").option("--skip-build","Skip the build step",!1).option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
96
+ ${r}`)}o($n,"printDeployResult");async function ms(e,t,n,r,i){let s=D(t);if(s.length>0)throw new Error(`Deployment ${t.org}/${t.project} is missing ${s.join(" and ")} in app.json. Use \`cognite apps deploy --interactive\` for browser-based authentication instead.`);In(e,t,!1),r.skipBuild||rt(n),console.log(`
97
+ \u{1F4E4} Deploying to ${t.org}/${t.project}...`),await i({...t,published:!1},{externalId:e.externalId,name:e.name,description:e.description,versionTag:e.versionTag},n),$n(e,t)}o(ms,"handleDeployNonInteractive");async function us(e,t,n,r){In(e,t,!0),r.skipBuild||rt(n);let i=await A(t,{interactive:!0,appId:e.externalId,orgHint:r.org});console.log(`
98
+ \u{1F4E4} Deploying to ${t.project}...`),await Ee(i,{externalId:e.externalId,name:e.name,description:e.description,versionTag:e.versionTag},n,!1),$n(e,t)}o(us,"handleDeployInteractive");async function gs(e,t=process.cwd(),n={}){let{loadEnvFile:r=$,loadAppConfig:i=w,deploy:s=nt}=n;r(t);let a=i(t);if(F(a),e.interactive){let c=await I(a,e);await us(a,c,t,e);return}let p=x(a.deployments,e.deployment);await ms(a,p,t,e,s)}o(gs,"handleDeploy");function Fn(e){return e.command("deploy").description("Deploy your app to Cognite Data Fusion. Use --interactive for browser-based login (no env-var secrets required).").option("-d, --deployment <target>","Deployment target (index or project name)").option("--skip-build","Skip the build step",!1).option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
92
99
  Environment (non-interactive):
93
100
  deployClientId and deploySecretName are configured per deployment in app.json.
94
101
  deploySecretName is the name of the environment variable that holds the client
@@ -102,59 +109,64 @@ Examples:
102
109
  npx @cognite/cli apps deploy -d my-project Deploy to project by name
103
110
  npx @cognite/cli apps deploy --skip-build Deploy without rebuilding
104
111
  npx @cognite/cli apps deploy --interactive Browser auth, prompts for target
105
- npx @cognite/cli apps deploy --interactive -d 0 Browser auth, target chosen non-interactively`).action(t=>Qi(t))}o(wr,"registerDeployCommand");async function es(e,t,r){let n=await A(e,{interactive:t.interactive,appId:r.externalId,orgHint:t.org});return new P(n)}o(es,"defaultBuildApiClient");async function ts(e,t={}){let r=t.loadEnvFile??R,n=t.loadAppConfig??E,i=t.buildApiClient??es,a=t.discoverSignatures??Z,s=process.cwd();r(s);let p=n(s);_(p);let c=e.interactive?await I(p,e):b(p.deployments,e.deployment);if(!e.interactive){let f=D(c);if(f.length>0)throw new Error(`Deployment ${c.org}/${c.project} is missing ${f.join(" and ")} in app.json. Use \`cognite apps publish --interactive\` for browser-based authentication instead.`)}let l=await i(c,e,p),{externalId:d,versionTag:m}=p,g;try{g=await l.getVersion(d,m)}catch(f){throw f instanceof T?new Error(`Version ${m} of ${d} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):f}if(g.alias==="ACTIVE"){console.log(` ${d} @ ${m} is already ACTIVE \u2014 nothing to do.`);return}if(g.lifecycleState==="PUBLISHED"){console.log(` ${d} @ ${m} is already PUBLISHED \u2014 nothing to do.`);return}if(g.lifecycleState==="DEPRECATED"||g.lifecycleState==="ARCHIVED")throw new Error(`Cannot publish ${d} @ ${m}: version is ${g.lifecycleState} (terminal).`);let u=a(H(s,d,m));u.length>0&&await l.submitSignatures(d,m,u),await l.publishVersion(d,m),console.log(`\u2713 Published ${d} @ ${m} is now PUBLISHED`),console.log(""),console.log("Run `npx @cognite/cli apps activate .` to make it active.")}o(ts,"handlePublish");function vr(e){return e.command("publish").description("Publish the current app version (transition DRAFT \u2192 PUBLISHED)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
112
+ npx @cognite/cli apps deploy --interactive -d 0 Browser auth, target chosen non-interactively`).action(t=>gs(t))}o(Fn,"registerDeployCommand");async function fs(e,t,n){let r=await A(e,{interactive:t.interactive,appId:n.externalId,orgHint:t.org});return new b(r)}o(fs,"defaultBuildApiClient");async function ys(e,t={}){let n=t.loadEnvFile??$,r=t.loadAppConfig??w,i=t.buildApiClient??fs,s=t.discoverSignatures??Q,a=process.cwd();n(a);let p=r(a);F(p);let c=e.interactive?await I(p,e):x(p.deployments,e.deployment);if(!e.interactive){let f=D(c);if(f.length>0)throw new Error(`Deployment ${c.org}/${c.project} is missing ${f.join(" and ")} in app.json. Use \`cognite apps publish --interactive\` for browser-based authentication instead.`)}let l=await i(c,e,p),{externalId:d,versionTag:m}=p,u;try{u=await l.getVersion(d,m)}catch(f){throw f instanceof _?new Error(`Version ${m} of ${d} has not been deployed yet. Run \`npx @cognite/cli apps deploy\` first.`):f}if(u.alias==="ACTIVE"){console.log(` ${d} @ ${m} is already ACTIVE \u2014 nothing to do.`);return}if(u.lifecycleState==="PUBLISHED"){console.log(` ${d} @ ${m} is already PUBLISHED \u2014 nothing to do.`);return}if(u.lifecycleState==="DEPRECATED"||u.lifecycleState==="ARCHIVED")throw new Error(`Cannot publish ${d} @ ${m}: version is ${u.lifecycleState} (terminal).`);let g=s(V(a,d,m));g.length>0&&await l.submitSignatures(d,m,g),await l.publishVersion(d,m),console.log(`\u2713 Published ${d} @ ${m} is now PUBLISHED`),console.log(""),console.log("Run `npx @cognite/cli apps activate .` to make it active.")}o(ys,"handlePublish");function Tn(e){return e.command("publish").description("Publish the current app version (transition DRAFT \u2192 PUBLISHED)").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
106
113
  Examples:
107
114
  npx @cognite/cli apps publish . Publish using env-var auth
108
- npx @cognite/cli apps publish . --interactive Publish using browser auth (no secrets needed)`).action((t,r)=>ts(r))}o(vr,"registerPublishCommand");import{spawnSync as rs}from"child_process";import{mkdirSync as ns}from"fs";import{resolve as et}from"path";var os=["localhost","local.cognite.ai","*.local.cognite.ai"],is={info:o(e=>{process.stdout.write(`${e}
109
- `)},"info"),error:o(e=>{process.stderr.write(`${e}
110
- `)},"error")},ss={spawnSync:rs,mkdirSync:ns,logger:is};function as(e){let t=e("mkcert",["-help"],{stdio:"ignore"});return t.status===0||t.status===1}o(as,"hasMkcert");function ps({certDir:e=et(process.cwd(),"certificates/mkcert"),domains:t=os,deps:r={}}={}){let n={...ss,...r},{spawnSync:i,mkdirSync:a,logger:s}=n;if(!as(i))throw s.error("Error: mkcert is not installed."),s.error("Install it with: brew install mkcert (macOS, Linux, WSL)"),s.error("On Windows: choco install mkcert (or scoop install mkcert)"),s.error("See https://github.com/FiloSottile/mkcert#installation for other methods."),new Error("mkcert is not installed");if(i("mkcert",["-install"],{stdio:"inherit"}).status!==0)throw new Error("`mkcert -install` failed");a(e,{recursive:!0});let c=et(e,"localhost.pem"),l=et(e,"localhost-key.pem");if(i("mkcert",["-cert-file",c,"-key-file",l,...t],{stdio:"inherit"}).status!==0)throw new Error("mkcert failed to generate certificates");return s.info(""),s.info("Certificates generated:"),s.info(` cert: ${c}`),s.info(` key: ${l}`),{certFile:c,keyFile:l}}o(ps,"setupHttps");function cs(e){ps({certDir:e.certDir})}o(cs,"handleSetupHttps");function Cr(e){return e.command("setup-https").description("Generate trusted local HTTPS certificates via mkcert").option("--cert-dir <path>","Directory to write certs into (default: ./certificates/mkcert)").addHelpText("after",`
111
- Examples:
112
- npx @cognite/cli@latest apps setup-https Generate certs in ./certificates/mkcert
113
- npx @cognite/cli@latest apps setup-https --cert-dir certs Use a custom directory`).action(t=>cs(t))}o(Cr,"registerSetupHttpsCommand");function ls(e){return e.alias==="ACTIVE"?"ACTIVE":e.lifecycleState}o(ls,"describeStatus");async function ds(e){let t=process.cwd();R(t);let r=E(t);_(r);let n=e.interactive?await I(r,e):b(r.deployments,e.deployment);if(!e.interactive){let s=D(n);if(s.length>0)throw new Error(`Deployment ${n.org}/${n.project} is missing ${s.join(" and ")} in app.json. Use \`cognite apps status --interactive\` for browser-based authentication instead.`)}let i=await A(n,{interactive:e.interactive,appId:r.externalId,orgHint:e.org}),a=new P(i);console.log(""),console.log(`App: ${r.name} (${r.externalId})`),console.log(`Version: ${r.versionTag} (local)`);try{let s=await a.getVersion(r.externalId,r.versionTag),p=ls(s);console.log(`Status: ${p}`),s.lifecycleState==="DRAFT"&&(console.log(""),console.log("Run `npx @cognite/cli apps publish .` to publish this version."))}catch(s){if(s instanceof T){console.log("Status: not deployed yet"),console.log(""),console.log("Run `npx @cognite/cli apps deploy` to upload this version.");return}throw s}}o(ds,"handleStatus");function Pr(e){return e.command("status").description("Show the deployment status of the current app version").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
115
+ npx @cognite/cli apps publish . --interactive Publish using browser auth (no secrets needed)`).action((t,n)=>ys(n))}o(Tn,"registerPublishCommand");function hs(e){return e.alias==="ACTIVE"?"ACTIVE":e.lifecycleState}o(hs,"describeStatus");async function Ss(e){let t=process.cwd();$(t);let n=w(t);F(n);let r=e.interactive?await I(n,e):x(n.deployments,e.deployment);if(!e.interactive){let a=D(r);if(a.length>0)throw new Error(`Deployment ${r.org}/${r.project} is missing ${a.join(" and ")} in app.json. Use \`cognite apps status --interactive\` for browser-based authentication instead.`)}let i=await A(r,{interactive:e.interactive,appId:n.externalId,orgHint:e.org}),s=new b(i);console.log(""),console.log(`App: ${n.name} (${n.externalId})`),console.log(`Version: ${n.versionTag} (local)`);try{let a=await s.getVersion(n.externalId,n.versionTag),p=hs(a);console.log(`Status: ${p}`),a.lifecycleState==="DRAFT"&&(console.log(""),console.log("Run `npx @cognite/cli apps publish .` to publish this version."))}catch(a){if(a instanceof _){console.log("Status: not deployed yet"),console.log(""),console.log("Run `npx @cognite/cli apps deploy` to upload this version.");return}throw a}}o(Ss,"handleStatus");function Rn(e){return e.command("status").description("Show the deployment status of the current app version").argument("[path]","Path to the app folder (only `.` is currently supported)",".").option("-d, --deployment <target>","Deployment target from app.json (index or name)").option("--interactive","Use browser-based authentication instead of env-var credentials",!1).option("--base-url <url>","CDF base URL (only with --interactive)").option("--project <project>","CDF project name (only with --interactive)").option("--org <org>","Organization hint for login (only with --interactive)").addHelpText("after",`
114
116
  Examples:
115
117
  npx @cognite/cli apps status . Status using env-var auth
116
- npx @cognite/cli apps status . --interactive Status using browser auth (no secrets needed)`).action((t,r)=>ds(r))}o(Pr,"registerStatusCommand");function Er(e){let t=e.command("apps").description("Manage Fusion Custom Apps \u2014 create, deploy, and manage version lifecycle");return ur(t),wr(t),Pr(t),vr(t),Wt(t),gr(t),Cr(t),gt(t),zt(t),t}o(Er,"registerAppsCommand");import{existsSync as Fs,mkdirSync as Ts,writeFileSync as Os}from"fs";import{dirname as at,join as be}from"path";import{generateSigningKeyPair as Rs}from"@cognite/app-sdk/codesigning";import _s from"open";function kr(e,t){let r=e.getUTCFullYear(),n=e.getUTCMonth()+t,i=new Date(Date.UTC(r,n+1,0)).getUTCDate(),a=Math.min(e.getUTCDate(),i);return new Date(Date.UTC(r,n,a))}o(kr,"addMonthsClamped");function tt(e){return e.toISOString().slice(0,10)}o(tt,"formatIsoDate");function br(e=new Date){return tt(e)}o(br,"todayIso");import ms,{Chalk as us}from"chalk";var oe=new us({level:0});function xr(e){return e.isTTY?ms:oe}o(xr,"chalkForStream");function gs(e){return e.replace(/-----BEGIN [^-]+-----/g,"").replace(/-----END [^-]+-----/g,"").replace(/\s+/g,"")}o(gs,"pemBodyOneLine");function rt(e,t=oe,r=new Date){let n=e.issuedAt??br(r),i=gs(e.publicKeyPem),a=" ",s=o((c,l)=>`${a}${t.cyan(c)}${t.dim(":")} ${l}
118
+ npx @cognite/cli apps status . --interactive Status using browser auth (no secrets needed)`).action((t,n)=>Ss(n))}o(Rn,"registerStatusCommand");import{execFileSync as it}from"child_process";import ot from"fs";import ie from"path";var On="https://cognite.zendesk.com",vs="360001234312",ws="tf_360015295097",Cs="cognite_flows",Es="360004885031";function Ps(e,t){let n=new URLSearchParams({locale:"en-us",brand_id:Es,return_to:e});return`${t}/access?${n}`}o(Ps,"withLogin");function _n(e,t,n){let r=new URLSearchParams({ticket_form_id:vs,tf_priority:"normal",tf_subject:e,[ws]:Cs,tf_description:t});return Ps(`${n}/hc/en-us/requests/new?${r}`,n)}o(_n,"buildUrl");function Un(e){return e.join("<br>")}o(Un,"toHtml");function Kn(e,t=On){let{appName:n,externalId:r,versionTag:i,archiveName:s,developerName:a,cdfProject:p,cdfCluster:c}=e,l=["Dear Cognite Platform Team,","","I would like to submit my Flows app for review and certification.","",`App name: ${n}`,`App external ID: ${r}`,`Version: ${i}`,p?`CDF project: ${p}`:void 0,c?`CDF cluster: ${c}`:void 0,"","`npx @cognite/cli apps submit` verified App-Brief.md,","code-review-report.md, and design-review-report.md are committed to git.","","Attached (all from dist/submit/):",`[ ] ${s??"src-<sha>.zip"} \u2014 source archive`,`[ ] ${r}-${i}.zip \u2014 deploy bundle`,"[ ] Screen recording of the application (required for design review)","","Best regards,",a??"[Your name]"];return _n(`App Review Request: ${n}`,Un(l.filter(d=>d!==void 0)),t)}o(Kn,"buildAppReviewUrl");function Ln(e,t,n,r,i=On){return _n(`Public Key Registration: ${t}`,Un(["Dear Cognite Platform Team,","","I would like to register my Flows app signing key for certified deployments.","",`Key ID (kid): ${e}`,`Developer email: ${t}`,`Expires: ${n}`,"","Please add the following entry to signing-keys.yaml:","",...r.replace(/\r\n/g,`
119
+ `).split(`
120
+ `),"","Best Regards,","[Your name]","","(This registration request was generated by `npx @cognite/cli keys generate`.)"]),i)}o(Ln,"buildKeyRegistrationUrl");var bs=[{pattern:"App-Brief.md",label:"App-Brief.md",skill:"flows-app-brief"},{pattern:"reviews/code-review/*/code-review-report.md",label:"reviews/code-review/feedback-round-<N>/code-review-report.md",skill:"flows-code-review"},{pattern:"reviews/design-review/*/design-review-report.md",label:"reviews/design-review/feedback-round-<N>/design-review-report.md",skill:"flows-design-review"}];function ks(e){let t=bs.filter(({pattern:n})=>it("git",["-C",e,"ls-files","--",n],{encoding:"utf-8",stdio:["pipe","pipe","pipe"]}).trim().length===0);if(t.length>0){let n=t.map(({label:r,skill:i})=>` ${r} \u2192 run \`${i}\``);throw new Error(`Certification files are missing or not committed. Run the required skills first:
121
+
122
+ `+n.join(`
123
+ `)+"\n\nAfter running the skills, commit the generated files and re-run `apps submit`.")}}o(ks,"assertArtifactsCommitted");async function xs(e=process.cwd(),t={}){let{openInBrowser:n=Vt,revealInFileManager:r=Ht}=t;$(e);let i=w(e);F(i),ks(e);let s=ie.join(e,"dist","submit");ot.mkdirSync(s,{recursive:!0});let a=it("git",["-C",e,"rev-parse","--short","HEAD"],{encoding:"utf-8",stdio:["pipe","pipe","pipe"]}).trim();if(it("git",["-C",e,"status","--porcelain"],{encoding:"utf-8",stdio:["pipe","pipe","pipe"]}).trim().length>0)throw new Error(`Working tree has uncommitted changes. Commit or stash them before submitting for certification.
124
+
125
+ The source archive must exactly match the committed code so reviewers can verify what they receive.`);let c=`src-${a}.zip`,l=ie.join(s,c);await new Y(ie.join(e,"dist")).createSourceArchive(l);let m=`${i.externalId}-${i.versionTag}.zip`,u=ie.join(e,".cognite-bundles",m),g=!1;ot.existsSync(u)&&(ot.copyFileSync(u,ie.join(s,m)),g=!0);let f=Kn({appName:i.name,externalId:i.externalId,versionTag:i.versionTag,archiveName:c,developerName:dn(),cdfProject:i.deployments[0].project,cdfCluster:i.deployments[0].baseUrl});console.log(`
126
+ \u2705 Certification package ready: dist/submit/`),console.log(` ${c} \u2014 source archive (commit ${a})`),console.log(g?` ${m} \u2014 deploy bundle`:" \u26A0 Deploy bundle missing \u2014 run `apps deploy` to generate it, then re-run submit"),console.log(" \u2190 add your screen recording to this folder"),console.log(`
127
+ Attach all files from dist/submit/ to the Zendesk ticket.`),console.log(`
128
+ \u{1F517} ${f}`),n(f),r(l)}o(xs,"handleSubmit");function jn(e){return e.command("submit").description("Package source and open a pre-filled Zendesk form for app certification submission").addHelpText("after",`
129
+ Examples:
130
+ npx @cognite/cli apps submit Package source, open browser + file manager`).action(()=>xs())}o(jn,"registerSubmitCommand");function Nn(e){let t=e.command("apps").description("Manage Fusion Custom Apps \u2014 create, deploy, and manage version lifecycle");return kn(t),Fn(t),Rn(t),Tn(t),an(t),xn(t),jn(t),vt(t),sn(t),t}o(Nn,"registerAppsCommand");import{existsSync as Ls,mkdirSync as js,writeFileSync as Ns}from"fs";import{dirname as mt,join as xe}from"path";import{generateSigningKeyPair as Ms}from"@cognite/app-sdk/codesigning";import Vs from"open";function Mn(e,t){let n=e.getUTCFullYear(),r=e.getUTCMonth()+t,i=new Date(Date.UTC(n,r+1,0)).getUTCDate(),s=Math.min(e.getUTCDate(),i);return new Date(Date.UTC(n,r,s))}o(Mn,"addMonthsClamped");function st(e){return e.toISOString().slice(0,10)}o(st,"formatIsoDate");function Vn(e=new Date){return st(e)}o(Vn,"todayIso");import As,{Chalk as Ds}from"chalk";var se=new Ds({level:0});function Hn(e){return e.isTTY?As:se}o(Hn,"chalkForStream");function Is(e){return e.replace(/-----BEGIN [^-]+-----/g,"").replace(/-----END [^-]+-----/g,"").replace(/\s+/g,"")}o(Is,"pemBodyOneLine");function at(e,t=se,n=new Date){let r=e.issuedAt??Vn(n),i=Is(e.publicKeyPem),s=" ",a=o((c,l)=>`${s}${t.cyan(c)}${t.dim(":")} ${l}
117
131
  `,"kv"),p="";return p+=`
118
132
  ${t.bold("Add this entry to")} ${t.magenta("services/app-hosting/config/signing-keys.yaml")} ${t.bold("under")} ${t.cyan("public_keys:")}
119
133
 
120
134
  `,p+=`${t.dim("-")} ${t.cyan("kid")}${t.dim(":")} ${t.green(e.kid)}
121
- `,p+=s("public_key",t.green(i)),p+=s("email",t.yellow(e.email)),p+=s("capabilities",`${t.dim("[")}${t.yellow("developer")}${t.dim("]")}`),p+=s("issued_at",t.green(n)),p+=s("expires",t.green(e.expires)),p+=s("revoked_at",t.dim("null")),p}o(rt,"renderRegistryEntry");import fs from"clipboardy";function Ar(e){return fs.write(e)}o(Ar,"copyToClipboard");import{email as ys,pipe as hs,safeParse as Ss,string as ws}from"valibot";var vs=hs(ws(),ys());function ie(e,t="email"){let r=e.trim();if(!r)throw new Error(`${t} is required`);if(!Ss(vs,r).success)throw new Error(`${t} must look like an email (user@example.com); got "${e}"`);return r}o(ie,"parseEmail");function se(e,t="--expires"){let r=Number(e);if(!Number.isInteger(r)||r<1||r>12)throw new Error(`${t} must be an integer between 1 and 12 (months); got "${e}"`);return r}o(se,"parseExpiryMonths");var Cs="https://cognite.zendesk.com",Ps="360001234312",Es="tf_360015295097",ks="cognite_flows",bs="360004885031";function xs(e,t){let r=new URLSearchParams({locale:"en-us",brand_id:bs,return_to:e});return`${t}/access?${r}`}o(xs,"withLogin");function As(e,t,r){let n=new URLSearchParams({ticket_form_id:Ps,tf_priority:"normal",tf_subject:e,[Es]:ks,tf_description:t});return xs(`${r}/hc/en-us/requests/new?${n}`,r)}o(As,"buildUrl");function Ds(e){return e.join("<br>")}o(Ds,"toHtml");function Dr(e,t,r,n,i=Cs){return As(`Public Key Registration: ${t}`,Ds(["Dear Cognite Platform Team,","","I would like to register my Flows app signing key for certified deployments.","",`Key ID (kid): ${e}`,`Developer email: ${t}`,`Expires: ${r}`,"","Please add the following entry to signing-keys.yaml:","",...n.replace(/\r\n/g,`
122
- `).split(`
123
- `),"","Best Regards,","[Your name]","","(This registration request was generated by `npx @cognite/cli keys generate`.)"]),i)}o(Dr,"buildKeyRegistrationUrl");import it from"enquirer";var Pe=3,Ir="Signing identity (kid) \u2014 e.g. jsmith-dev-001 (lowercase letters, digits, hyphens)",$r=`Key expiry in months (${1}-${12})`,Fr="Email address for the registry entry",Tr=`Passphrase for the encrypted private key (min ${15} chars)`,Or="Confirm passphrase",Rr=o(()=>`Passphrase must be at least ${15} characters`,"passphraseTooShortMsg"),_r=o(e=>`Passphrases do not match (attempt ${e}/${Pe}).
124
- `,"passphraseMismatchMsg"),Ur=`Passphrase confirmation failed after ${Pe} attempts`,Lr=o(e=>`A signing key with kid "${e}" already exists. Overwrite it?`,"confirmOverwriteMsg"),Kr="How would you like to submit your key registration?",jr="Open in browser",Nr="Copy link to clipboard";async function ke(e){return it.prompt(e)}o(ke,"defaultPrompt");function st(e){return t=>{try{return e(t),!0}catch(r){return r instanceof Error?r.message:"Invalid"}}}o(st,"parserAsValidator");var $s=/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/;function Ee(e){let t=e.trim();if(!t)throw new Error("--kid must not be empty");if(t.length>64)throw new Error("--kid must be 64 characters or fewer");if(!$s.test(t))throw new Error("--kid must contain only lowercase letters, digits, and hyphens, and must not start or end with a hyphen (e.g. jsmith-dev-001)");return t}o(Ee,"parseKid");async function Mr(e={}){let{prompt:t=ke}=e,{kid:r}=await t({type:"input",name:"kid",message:Ir,validate:st(Ee)});return Ee(r)}o(Mr,"promptKid");async function Hr(e={}){let{prompt:t=o(n=>it.prompt(n),"prompt")}=e,{action:r}=await t({type:"select",name:"action",message:Kr,choices:[{name:"browser",message:jr},{name:"clipboard",message:Nr}]});if(r!=="browser"&&r!=="clipboard")throw new Error(`Unexpected Zendesk action: ${r}`);return r}o(Hr,"promptZendeskAction");async function Vr(e={}){let{prompt:t=ke}=e,{months:r}=await t({type:"input",name:"months",message:$r,initial:String(6),validate:st(n=>se(n,"expiry"))});return se(r,"expiry")}o(Vr,"promptExpiryMonths");async function Br(e={}){let{prompt:t=ke,gitUserEmail:r=er}=e,{email:n}=await t({type:"input",name:"email",message:Fr,initial:r(),validate:st(i=>ie(i,"email"))});return ie(n,"email")}o(Br,"promptEmail");async function Gr(e={}){let{prompt:t=ke,stderr:r=process.stderr}=e;for(let n=1;n<=Pe;n+=1){let{passphrase:i}=await t({type:"password",name:"passphrase",message:Tr,validate:o(s=>s.length>=15?!0:Rr(),"validate")}),{confirm:a}=await t({type:"password",name:"confirm",message:Or});if(i===a)return i;r.write(_r(n))}throw new Error(Ur)}o(Gr,"promptPassphrase");async function Jr(e,t={}){let{prompt:r=o(i=>it.prompt(i),"prompt")}=t,{confirmed:n}=await r({type:"confirm",name:"confirmed",message:Lr(e),initial:!1});return n}o(Jr,"promptConfirmOverwrite");function Us(e){return{writeFileSync:e.writeFileSync??Os,mkdirSync:e.mkdirSync??Ts,existsSync:e.existsSync??Fs,generateSigningKeyPair:e.generateSigningKeyPair??Rs,encryptStringAsJwe:e.encryptStringAsJwe??Nt,storeKeyInKeychain:e.storeKeyInKeychain??Lt,isOS:e.isOS??(t=>B(t)),promptKid:e.promptKid??Mr,promptExpiryMonths:e.promptExpiryMonths??Vr,promptEmail:e.promptEmail??Br,promptPassphrase:e.promptPassphrase??Gr,promptConfirmOverwrite:e.promptConfirmOverwrite??Jr,discoverLocalKeys:e.discoverLocalKeys??(()=>ye()),promptZendeskAction:e.promptZendeskAction??Hr,openUrl:e.openUrl??(t=>_s(t)),copyToClipboard:e.copyToClipboard??Ar,isInteractive:e.isInteractive??(()=>process.stdout.isTTY===!0)}}o(Us,"resolveDeps");function qr(e,t={}){let r=Us(t),n=e.command("keys").description("Manage code signing keys");n.command("generate").description("Generate an Ed25519 keypair for code signing").option("-o, --output <path>","Encrypted private key output path (forces file storage even on macOS)").option("--no-keychain",`Skip macOS Keychain and write a passphrase-encrypted private key under ${F().keysDir} instead`).option("-e, --expires <months>",`Validity in months (${1}-${12}); skips the interactive prompt`).option("--email <address>","Email address for the registry entry; skips the interactive prompt").option("--kid <identifier>","Signing identity name for the registry (e.g. jsmith-dev-001); skips the interactive prompt").option("--force","Overwrite an existing key without prompting for confirmation").option("--copy-link","Copy the Zendesk registration link to the clipboard without prompting").action(i=>js(i,r)),n.command("list").description("List local signing identities and their storage location").action(()=>Ls(r))}o(qr,"registerKeysCommand");async function Ls(e){let t=await e.discoverLocalKeys();if(t.length===0){process.stdout.write(`No signing identities found.
125
- `),process.stdout.write(`Run \`cognite keys generate\` to create one (storage: ${F().keysDir}).
126
- `);return}let r=["KID","SOURCE","EMAIL"],n=t.map(s=>[s.kid,fe(s.source),s.email??"\u2014"]),i=r.map((s,p)=>Math.max(s.length,...n.map(c=>c[p].length))),a=o(s=>s.map((p,c)=>p.padEnd(i[c])).join(" ").trimEnd(),"fmt");process.stdout.write(`${a(r)}
127
- `);for(let s of n)process.stdout.write(`${a(s)}
128
- `)}o(Ls,"handleList");function Yr(e,t,r){let n=be(F().keysDir,`${e}${ee}`);return r.mkdirSync(at(n),{recursive:!0}),r.writeFileSync(n,t),n}o(Yr,"writePublicKey");async function Ks(e,t,r,n,i,{force:a=!1}={}){let s=n??be(F().keysDir,`${e}${Je}`);if(i.mkdirSync(at(s),{recursive:!0}),!a&&i.existsSync(s))throw new Error(`Refusing to overwrite existing key at ${s}. Delete it first if you really want to regenerate: rm ${s}`);let p=await i.encryptStringAsJwe(t,r);return i.writeFileSync(s,p,{mode:384}),s}o(Ks,"writeEncryptedPrivateKey");async function js(e,t,r=new Date){let{isOS:n,existsSync:i,mkdirSync:a,writeFileSync:s,generateSigningKeyPair:p,storeKeyInKeychain:c,promptExpiryMonths:l,promptKid:d,promptEmail:m,promptPassphrase:g,promptConfirmOverwrite:u}=t,f=e.keychain!==!1&&n("macos")&&!e.output,S=e.expires!==void 0?se(e.expires):await l(),v=tt(kr(r,S)),h=e.kid!==void 0?Ee(e.kid):await d(),k=be(F().keysDir,`${h}${ee}`),y=i(k);if(y&&!e.force&&!await u(h)){process.stderr.write(`Aborted.
129
- `);return}let C=e.email!==void 0?ie(e.email,"--email"):await m(),$=f?null:await g();process.stderr.write(`
135
+ `,p+=a("public_key",t.green(i)),p+=a("email",t.yellow(e.email)),p+=a("capabilities",`${t.dim("[")}${t.yellow("developer")}${t.dim("]")}`),p+=a("issued_at",t.green(r)),p+=a("expires",t.green(e.expires)),p+=a("revoked_at",t.dim("null")),p}o(at,"renderRegistryEntry");import $s from"clipboardy";function Bn(e){return $s.write(e)}o(Bn,"copyToClipboard");import{email as Fs,pipe as Ts,safeParse as Rs,string as Os}from"valibot";var _s=Ts(Os(),Fs());function ae(e,t="email"){let n=e.trim();if(!n)throw new Error(`${t} is required`);if(!Rs(_s,n).success)throw new Error(`${t} must look like an email (user@example.com); got "${e}"`);return n}o(ae,"parseEmail");function pe(e,t="--expires"){let n=Number(e);if(!Number.isInteger(n)||n<1||n>12)throw new Error(`${t} must be an integer between 1 and 12 (months); got "${e}"`);return n}o(pe,"parseExpiryMonths");import lt from"enquirer";var Pe=3,Gn="Signing identity (kid) \u2014 e.g. jsmith-dev-001 (lowercase letters, digits, hyphens)",Jn=`Key expiry in months (${1}-${12})`,Yn="Email address for the registry entry",qn=`Passphrase for the encrypted private key (min ${15} chars)`,zn="Confirm passphrase",Wn=o(()=>`Passphrase must be at least ${15} characters`,"passphraseTooShortMsg"),Xn=o(e=>`Passphrases do not match (attempt ${e}/${Pe}).
136
+ `,"passphraseMismatchMsg"),Zn=`Passphrase confirmation failed after ${Pe} attempts`,Qn=o(e=>`A signing key with kid "${e}" already exists. Overwrite it?`,"confirmOverwriteMsg"),er="How would you like to submit your key registration?",tr="Open in browser",nr="Copy link to clipboard";async function ke(e){return lt.prompt(e)}o(ke,"defaultPrompt");function dt(e){return t=>{try{return e(t),!0}catch(n){return n instanceof Error?n.message:"Invalid"}}}o(dt,"parserAsValidator");var Ks=/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/;function be(e){let t=e.trim();if(!t)throw new Error("--kid must not be empty");if(t.length>64)throw new Error("--kid must be 64 characters or fewer");if(!Ks.test(t))throw new Error("--kid must contain only lowercase letters, digits, and hyphens, and must not start or end with a hyphen (e.g. jsmith-dev-001)");return t}o(be,"parseKid");async function rr(e={}){let{prompt:t=ke}=e,{kid:n}=await t({type:"input",name:"kid",message:Gn,validate:dt(be)});return be(n)}o(rr,"promptKid");async function or(e={}){let{prompt:t=o(r=>lt.prompt(r),"prompt")}=e,{action:n}=await t({type:"select",name:"action",message:er,choices:[{name:"browser",message:tr},{name:"clipboard",message:nr}]});if(n!=="browser"&&n!=="clipboard")throw new Error(`Unexpected Zendesk action: ${n}`);return n}o(or,"promptZendeskAction");async function ir(e={}){let{prompt:t=ke}=e,{months:n}=await t({type:"input",name:"months",message:Jn,initial:String(6),validate:dt(r=>pe(r,"expiry"))});return pe(n,"expiry")}o(ir,"promptExpiryMonths");async function sr(e={}){let{prompt:t=ke,gitUserEmail:n=mn}=e,{email:r}=await t({type:"input",name:"email",message:Yn,initial:n(),validate:dt(i=>ae(i,"email"))});return ae(r,"email")}o(sr,"promptEmail");async function ar(e={}){let{prompt:t=ke,stderr:n=process.stderr}=e;for(let r=1;r<=Pe;r+=1){let{passphrase:i}=await t({type:"password",name:"passphrase",message:qn,validate:o(a=>a.length>=15?!0:Wn(),"validate")}),{confirm:s}=await t({type:"password",name:"confirm",message:zn});if(i===s)return i;n.write(Xn(r))}throw new Error(Zn)}o(ar,"promptPassphrase");async function pr(e,t={}){let{prompt:n=o(i=>lt.prompt(i),"prompt")}=t,{confirmed:r}=await n({type:"confirm",name:"confirmed",message:Qn(e),initial:!1});return r}o(pr,"promptConfirmOverwrite");function Hs(e){return{writeFileSync:e.writeFileSync??Ns,mkdirSync:e.mkdirSync??js,existsSync:e.existsSync??Ls,generateSigningKeyPair:e.generateSigningKeyPair??Ms,encryptStringAsJwe:e.encryptStringAsJwe??Wt,storeKeyInKeychain:e.storeKeyInKeychain??Yt,isOS:e.isOS??(t=>B(t)),promptKid:e.promptKid??rr,promptExpiryMonths:e.promptExpiryMonths??ir,promptEmail:e.promptEmail??sr,promptPassphrase:e.promptPassphrase??ar,promptConfirmOverwrite:e.promptConfirmOverwrite??pr,discoverLocalKeys:e.discoverLocalKeys??(()=>Se()),promptZendeskAction:e.promptZendeskAction??or,openUrl:e.openUrl??(t=>Vs(t)),copyToClipboard:e.copyToClipboard??Bn,isInteractive:e.isInteractive??(()=>process.stdout.isTTY===!0)}}o(Hs,"resolveDeps");function lr(e,t={}){let n=Hs(t),r=e.command("keys").description("Manage code signing keys");r.command("generate").description("Generate an Ed25519 keypair for code signing").option("-o, --output <path>","Encrypted private key output path (forces file storage even on macOS)").option("--no-keychain",`Skip macOS Keychain and write a passphrase-encrypted private key under ${R().keysDir} instead`).option("-e, --expires <months>",`Validity in months (${1}-${12}); skips the interactive prompt`).option("--email <address>","Email address for the registry entry; skips the interactive prompt").option("--kid <identifier>","Signing identity name for the registry (e.g. jsmith-dev-001); skips the interactive prompt").option("--force","Overwrite an existing key without prompting for confirmation").option("--copy-link","Copy the Zendesk registration link to the clipboard without prompting").action(i=>Js(i,n)),r.command("list").description("List local signing identities and their storage location").action(()=>Bs(n))}o(lr,"registerKeysCommand");async function Bs(e){let t=await e.discoverLocalKeys();if(t.length===0){process.stdout.write(`No signing identities found.
137
+ `),process.stdout.write(`Run \`cognite keys generate\` to create one (storage: ${R().keysDir}).
138
+ `);return}let n=["KID","SOURCE","EMAIL"],r=t.map(a=>[a.kid,he(a.source),a.email??"\u2014"]),i=n.map((a,p)=>Math.max(a.length,...r.map(c=>c[p].length))),s=o(a=>a.map((p,c)=>p.padEnd(i[c])).join(" ").trimEnd(),"fmt");process.stdout.write(`${s(n)}
139
+ `);for(let a of r)process.stdout.write(`${s(a)}
140
+ `)}o(Bs,"handleList");function cr(e,t,n){let r=xe(R().keysDir,`${e}${te}`);return n.mkdirSync(mt(r),{recursive:!0}),n.writeFileSync(r,t),r}o(cr,"writePublicKey");async function Gs(e,t,n,r,i,{force:s=!1}={}){let a=r??xe(R().keysDir,`${e}${ze}`);if(i.mkdirSync(mt(a),{recursive:!0}),!s&&i.existsSync(a))throw new Error(`Refusing to overwrite existing key at ${a}. Delete it first if you really want to regenerate: rm ${a}`);let p=await i.encryptStringAsJwe(t,n);return i.writeFileSync(a,p,{mode:384}),a}o(Gs,"writeEncryptedPrivateKey");async function Js(e,t,n=new Date){let{isOS:r,existsSync:i,mkdirSync:s,writeFileSync:a,generateSigningKeyPair:p,storeKeyInKeychain:c,promptExpiryMonths:l,promptKid:d,promptEmail:m,promptPassphrase:u,promptConfirmOverwrite:g}=t,f=e.keychain!==!1&&r("macos")&&!e.output,S=e.expires!==void 0?pe(e.expires):await l(),C=st(Mn(n,S)),h=e.kid!==void 0?be(e.kid):await d(),k=xe(R().keysDir,`${h}${te}`),y=i(k);if(y&&!e.force&&!await g(h)){process.stderr.write(`Aborted.
141
+ `);return}let P=e.email!==void 0?ae(e.email,"--email"):await m(),T=f?null:await u();process.stderr.write(`
130
142
  Generating Ed25519 keypair...
131
143
 
132
- `);let{privateKeyPem:w,publicKeyPem:N}=await p(h);if(f){await c(h,w);let U=Yr(h,N,t);process.stderr.write(`Public key: ${U}
144
+ `);let{privateKeyPem:v,publicKeyPem:N}=await p(h);if(f){await c(h,v);let K=cr(h,N,t);process.stderr.write(`Public key: ${K}
133
145
  `),process.stderr.write(`Private key: macOS Keychain (service: cognite-dune, account: ${h})
134
- `)}else{if($===null)throw new Error("passphrase is required when not using Keychain");let U=await Ks(h,w,$,e.output,t,{force:y}),De=Yr(h,N,t);process.stderr.write(`Public key: ${De}
135
- `),process.stderr.write(`Private key: ${U} (JWE, AES-256-GCM, PBKDF2-SHA512 x${Be.toLocaleString()})
136
- `),n("macos")||process.stderr.write(` (macOS Keychain integration is the default on darwin; on this OS we use the file.)
137
- `)}let ce=be(F().keysDir,`${h}${Ye}`);a(at(ce),{recursive:!0}),s(ce,JSON.stringify({email:C}));let Y=xr(process.stderr);process.stderr.write(`
138
- Signing identity (kid): ${Y.green(h)}
139
- `),process.stderr.write(`Expires: ${v} (${S} month${S===1?"":"s"} from today)
140
- `);let Ae={kid:h,publicKeyPem:N,email:C,expires:v};process.stderr.write(rt(Ae,Y,r));let q=Dr(h,C,v,rt(Ae,oe,r));process.stderr.write(`
141
- ${Y.bold("Next:")}
146
+ `)}else{if(T===null)throw new Error("passphrase is required when not using Keychain");let K=await Gs(h,v,T,e.output,t,{force:y}),Ie=cr(h,N,t);process.stderr.write(`Public key: ${Ie}
147
+ `),process.stderr.write(`Private key: ${K} (JWE, AES-256-GCM, PBKDF2-SHA512 x${Ye.toLocaleString()})
148
+ `),r("macos")||process.stderr.write(` (macOS Keychain integration is the default on darwin; on this OS we use the file.)
149
+ `)}let de=xe(R().keysDir,`${h}${We}`);s(mt(de),{recursive:!0}),a(de,JSON.stringify({email:P}));let q=Hn(process.stderr);process.stderr.write(`
150
+ Signing identity (kid): ${q.green(h)}
151
+ `),process.stderr.write(`Expires: ${C} (${S} month${S===1?"":"s"} from today)
152
+ `);let De={kid:h,publicKeyPem:N,email:P,expires:C};process.stderr.write(at(De,q,n));let z=Ln(h,P,C,at(De,se,n));process.stderr.write(`
153
+ ${q.bold("Next:")}
142
154
  `),process.stderr.write(` 1. Register your signing key \u2014 submit this pre-filled Zendesk request:
143
- `);let le=e.copyLink?"clipboard":t.isInteractive()?await t.promptZendeskAction():null;if(le==="browser")try{await t.openUrl(q),process.stderr.write(` Opening in browser...
144
- `)}catch{process.stderr.write(` URL: ${q}
145
- `)}else if(le==="clipboard"){let U=!1;try{await t.copyToClipboard(q),U=!0}catch{}process.stderr.write(U&&!e.copyLink?` Link copied to clipboard.
146
- `:` URL: ${q}
147
- `)}else process.stderr.write(` URL: ${q}
155
+ `);let me=e.copyLink?"clipboard":t.isInteractive()?await t.promptZendeskAction():null;if(me==="browser")try{await t.openUrl(z),process.stderr.write(` Opening in browser...
156
+ `)}catch{process.stderr.write(` URL: ${z}
157
+ `)}else if(me==="clipboard"){let K=!1;try{await t.copyToClipboard(z),K=!0}catch{}process.stderr.write(K&&!e.copyLink?` Link copied to clipboard.
158
+ `:` URL: ${z}
159
+ `)}else process.stderr.write(` URL: ${z}
148
160
  `);process.stderr.write(`
149
161
  2. Once your key is approved, sign your Dune app:
150
- `),process.stderr.write(` ${Y.cyan(`cognite sign -s ${h}`)}
151
- `)}o(js,"handleGenerate");var zr=1e3,Ns=new Set(["baseUrl","url","project","deployment","source","path","name","displayName","description"]);function Ms(e){return Object.fromEntries(Object.entries(e).map(([t,r])=>typeof r=="boolean"?[t,r]:Ns.has(t)?[t,r]:[t,"[REDACTED]"]))}o(Ms,"sanitize");function Hs(e){let t=[],r=e;for(;r;)r.parent&&t.unshift(r.name()),r=r.parent;return t.join(" ")}o(Hs,"getCommandPath");function Wr(e){try{let t=e(process.cwd());return{appExternalId:t.externalId,appVersionTag:t.versionTag}}catch{return{}}}o(Wr,"tryLoadAppConfig");function pt(e){return e.filter(t=>!t.startsWith("-")).join(" ")||"unknown"}o(pt,"commandFromArgv");function Xr(e,t,r=E){e.hook("postAction",async(n,i)=>{try{let a={command:Hs(i),options:Ms(i.opts()),success:!0,...Wr(r)};t.track("Flows.CLI.Command",{...a}),await t.flush(zr)}catch{}})}o(Xr,"instrument");async function Zr(e,t,r=E){try{let n={command:pt(t),options:{},success:!1,...Wr(r)};e.track("Flows.CLI.Command",{...n}),await e.flush(zr)}catch{}}o(Zr,"trackFailure");var Vs="ERR_USE_AFTER_CLOSE";function en(e){return e instanceof Error&&"code"in e&&e.code===Vs}o(en,"isReadlineClosedError");function Bs(e){let t=Object.getPrototypeOf(e);return t===Object.prototype||t===null}o(Bs,"isPlainObject");function ct(e){return e==null||en(e)?!0:e instanceof Error?!1:!!(typeof e=="object"&&e!==null&&Bs(e)&&Object.keys(e).length===0)}o(ct,"isPromptCancel");var Qr=!1;function tn(){Qr||(Qr=!0,process.on("uncaughtException",e=>{en(e)&&(console.error(`
152
- Cancelled.`),process.exit(130)),console.error(e),process.exit(1)}),process.on("unhandledRejection",e=>{ct(e)&&(console.error(`
153
- Cancelled.`),process.exit(130)),console.error(e),process.exit(1)}))}o(tn,"installCancelHandler");import{homedir as zs}from"os";import rn from"mixpanel";var Gs="5c4d853e7c3b77b1eb4468d5329b278c",ae="cognite-cli",Js=2e3,nn={env:process.env,init:rn.init.bind(rn)},Ys={track:o(()=>{},"track"),flush:o(async()=>{},"flush")};function lt(e=process.env){return e.COGNITE_TELEMETRY_DISABLED==="1"||e.DO_NOT_TRACK==="1"}o(lt,"isTelemetryDisabled");function qs(e){return e.COGNITE_TELEMETRY_DEBUG==="1"}o(qs,"isDebug");function on(e={}){let t=e.env??nn.env,r=e.init??nn.init,n=e.packageName,i=e.cliVersion,a=qs(t);if(lt(t))return a&&process.stderr.write(`[telemetry] disabled \u2014 noop tracker
154
- `),Ys;let s,p=new Set;function c(){if(s)return s;try{return s=r(Gs,{geolocate:!1,keepAlive:!1}),s}catch{return}}return o(c,"getClient"),{track(l,d={}){let m=c();if(!m)return;let g={...d,applicationId:ae,...n&&{packageName:n},...i&&{cliVersion:i},nodeVersion:process.version,platform:process.platform};a&&process.stderr.write(`[telemetry] track ${l} ${JSON.stringify(g)}
155
- `);let u=o(()=>{},"finish"),f=new Promise(S=>{u=S});p.add(f);try{m.track(l,g,u)}catch{u()}f.finally(()=>p.delete(f))},async flush(l=Js){if(p.size===0)return;let d,m=new Promise(g=>{d=setTimeout(g,l),d.unref?.()});try{await Promise.race([Promise.allSettled([...p]),m])}finally{d&&clearTimeout(d)}a&&process.stderr.write(`[telemetry] flush done (${p.size} still pending)
156
- `)}}}o(on,"createTelemetry");var Ws=zs();function pe(e,t=Ws){if(!t||t==="/")return e;let r=e.replaceAll(t,"~"),n=t.replaceAll("\\","/");return n!==t&&(r=r.replaceAll(n,"~")),r=r.replace(/(?<![A-Za-z0-9_])[A-Za-z]:[/\\]Users[/\\][^\s/\\]+(?=[/\\]|$)/g,"~"),r=r.replace(/(?<![A-Za-z0-9_])\/(?:Users|home)\/[^\s/]+(?=[/\\]|$)/g,"~"),r}o(pe,"redactHomedir");var Xs=1e3,Zs="https://0a118cb02e3be57b1838bcfb5783a2bf@o4508040730968064.ingest.de.sentry.io/4510719268290640",Qs={captureError:o(async()=>{},"captureError"),flush:o(async()=>{},"flush")};function ea(e){return e.packageName&&e.cliVersion?`${e.packageName}@${e.cliVersion}`:e.cliVersion??"unknown"}o(ea,"buildRelease");var ta="192.0.2.0";function ra(e){return e?.map(t=>({...t,...t.filename!==void 0&&{filename:pe(t.filename)},...t.abs_path!==void 0&&{abs_path:pe(t.abs_path)},...t.module!==void 0&&{module:pe(t.module)}}))}o(ra,"scrubStackFrames");function na(e){let t={...e.user,email:void 0,username:void 0,ip_address:ta,id:void 0},r=e.exception?.values?.map(n=>({...n,value:n.value!==void 0?pe(n.value):n.value,...n.stacktrace!==void 0&&{stacktrace:{...n.stacktrace,frames:ra(n.stacktrace.frames)}}}));return{...e,message:e.message!==void 0?pe(e.message):e.message,user:t,server_name:void 0,...r!==void 0&&{exception:{...e.exception,values:r}}}}o(na,"scrubPii");function sn(e={}){let t=e.env??process.env;if(lt(t))return Qs;let r=ea(e),n="production",i=null,a=null;function s(){return{dsn:Zs,release:r,environment:n,defaultIntegrations:!1,integrations:[],sendDefaultPii:!1,enableLogs:!1,initialScope:{tags:{component:"cli",applicationId:ae},contexts:{cli:{applicationId:ae,node:process.version,platform:process.platform}}},beforeSend:na}}o(s,"buildInitOptions");async function p(){return i||(a||(a=(async()=>{try{let c=e.sdk??await import("@sentry/node");return c.init(s()),i=c,c}catch{return null}})()),a)}return o(p,"ensureSdk"),{async captureError(c,l){try{let d=await p();if(!d)return;let m={level:"fatal"};l?.command&&(m.tags={command:l.command},m.contexts={cli:{applicationId:ae,node:process.version,platform:process.platform,command:l.command}}),d.captureException(c,m)}catch{}},async flush(c=Xs){try{if(!i)return;await i.flush(c)}catch{}}}}o(sn,"createErrorReporter");import{mkdirSync as oa,readFileSync as ia,writeFileSync as sa}from"fs";import{homedir as aa}from"os";import{resolve as xe}from"path";import{debuglog as pa}from"util";import{lt as ca,parse as an}from"semver";var la="https://registry.npmjs.org/@cognite/cli/latest",da=1500,pn="upgrade-check.json",cn=xe(process.env.XDG_CACHE_HOME||xe(aa(),".cache"),"@cognite","cli"),dt=pa("cognite-flows");function ma(e,t){return!e||!t||!an(e)||!an(t)?!1:ca(e,t)}o(ma,"isOutdated");async function ua({timeout:e=da,registryUrl:t=la,fetchImpl:r=globalThis.fetch}={}){if(typeof r!="function")return null;try{let n=await r(t,{signal:AbortSignal.timeout(e)});if(!n?.ok)return null;let i=await n.json();return typeof i?.version=="string"?i.version:null}catch(n){return dt("fetchLatestVersion failed (%s): %O",t,n),null}}o(ua,"fetchLatestVersion");function ga(e=cn,t=864e5){try{let r=ia(xe(e,pn),"utf-8"),n=JSON.parse(r);return typeof n.latest!="string"||typeof n.fetchedAt!="number"||Date.now()-n.fetchedAt>t?null:{latest:n.latest,fetchedAt:n.fetchedAt}}catch(r){return dt("readUpgradeCheckCache failed (%s): %O",e,r),null}}o(ga,"readUpgradeCheckCache");function fa(e,t){try{oa(e,{recursive:!0});let r={latest:t,fetchedAt:Date.now()};sa(xe(e,pn),JSON.stringify(r))}catch(r){dt("writeUpgradeCheckCache failed (%s): %O",e,r)}}o(fa,"writeUpgradeCheckCache");async function ya({cacheDir:e=cn,...t}={}){let r=await ua(t);r&&fa(e,r)}o(ya,"startBackgroundUpgradeCheck");function ln(e,{onOutdated:t,cacheDir:r,...n}={}){let i=ga(r);if(i){ma(e,i.latest)&&t?.(e,i.latest);return}ya({cacheDir:r,...n})}o(ln,"preActionUpgradeCheck");import{default as Eu,chalkStderr as dn}from"chalk";function mn(e,t){let r=[`\u26A0 Update available: ${e} -> ${t}`," Run npx @cognite/cli@latest"],n=Math.max(...r.map(p=>[...p].length))+2,i="\u2500".repeat(n),a=o(p=>`\u2502 ${p}${" ".repeat(n-1-[...p].length)}\u2502`,"pad"),s=[`\u250C${i}\u2510`,...r.map(a),`\u2514${i}\u2518`].join(`
157
- `);return dn.bold.yellow(s)}o(mn,"formatUpgradeWarning");function wa(e){return e instanceof Error&&"code"in e&&typeof e.code=="string"&&e.code==="DEP0040"}o(wa,"isDep0040Warning");var ut=process,va=ut.emit.bind(ut);ut.emit=function(e,...t){return e==="warning"&&wa(t[0])?!1:va(e,...t)};tn();var W=new Sa;W.name("cognite").description("Build and deploy React apps to Cognite Data Fusion").version("1.3.2-alpha.https1").showHelpAfterError().configureOutput({writeOut:o(e=>ha(1,e),"writeOut")});W.hook("preAction",()=>{ln("1.3.2-alpha.https1",{onOutdated:o((e,t)=>{console.warn(`
158
- ${mn(e,t)}
159
- `)},"onOutdated")})});Er(W);qr(W);var gn=on({packageName:"@cognite/cli",cliVersion:"1.3.2-alpha.https1"}),un=sn({packageName:"@cognite/cli",cliVersion:"1.3.2-alpha.https1"});Xr(W,gn);var mt=process.argv.slice(2);W.parseAsync(mt,{from:"user"}).catch(async e=>{await Zr(gn,mt),ct(e)&&(console.error(`
160
- Cancelled.`),process.exit(130)),await un.captureError(e,{command:pt(mt)}),await un.flush(),console.error(e instanceof Error?`\u274C ${e.message}`:e),process.exit(1)});
162
+ `),process.stderr.write(` ${q.cyan(`cognite sign -s ${h}`)}
163
+ `)}o(Js,"handleGenerate");var dr=1e3,Ys=new Set(["baseUrl","url","project","deployment","source","path","name","displayName","description"]);function qs(e){return Object.fromEntries(Object.entries(e).map(([t,n])=>typeof n=="boolean"?[t,n]:Ys.has(t)?[t,n]:[t,"[REDACTED]"]))}o(qs,"sanitize");function zs(e){let t=[],n=e;for(;n;)n.parent&&t.unshift(n.name()),n=n.parent;return t.join(" ")}o(zs,"getCommandPath");function mr(e){try{let t=e(process.cwd());return{appExternalId:t.externalId,appVersionTag:t.versionTag}}catch{return{}}}o(mr,"tryLoadAppConfig");function ut(e){return e.filter(t=>!t.startsWith("-")).join(" ")||"unknown"}o(ut,"commandFromArgv");function ur(e,t,n=w){e.hook("postAction",async(r,i)=>{try{let s={command:zs(i),options:qs(i.opts()),success:!0,...mr(n)};t.track("Flows.CLI.Command",s),await t.flush(dr)}catch{}})}o(ur,"instrument");async function gr(e,t,n=w){try{let r={command:ut(t),options:{},success:!1,...mr(n)};e.track("Flows.CLI.Command",r),await e.flush(dr)}catch{}}o(gr,"trackFailure");var Ws="ERR_USE_AFTER_CLOSE";function yr(e){return e instanceof Error&&"code"in e&&e.code===Ws}o(yr,"isReadlineClosedError");function Xs(e){let t=Object.getPrototypeOf(e);return t===Object.prototype||t===null}o(Xs,"isPlainObject");function gt(e){return e==null||yr(e)?!0:e instanceof Error?!1:!!(typeof e=="object"&&e!==null&&Xs(e)&&Object.keys(e).length===0)}o(gt,"isPromptCancel");var fr=!1;function hr(){fr||(fr=!0,process.on("uncaughtException",e=>{yr(e)&&(console.error(`
164
+ Cancelled.`),process.exit(130)),console.error(e),process.exit(1)}),process.on("unhandledRejection",e=>{gt(e)&&(console.error(`
165
+ Cancelled.`),process.exit(130)),console.error(e),process.exit(1)}))}o(hr,"installCancelHandler");import{homedir as na}from"os";import Sr from"mixpanel";var Zs="5c4d853e7c3b77b1eb4468d5329b278c",ce="cognite-cli",Qs=2e3,vr={env:process.env,init:Sr.init.bind(Sr)},ea={track:o(()=>{},"track"),flush:o(async()=>{},"flush")};function ft(e=process.env){return e.COGNITE_TELEMETRY_DISABLED==="1"||e.DO_NOT_TRACK==="1"}o(ft,"isTelemetryDisabled");function ta(e){return e.COGNITE_TELEMETRY_DEBUG==="1"}o(ta,"isDebug");function wr(e={}){let t=e.env??vr.env,n=e.init??vr.init,r=e.packageName,i=e.cliVersion,s=ta(t);if(ft(t))return s&&process.stderr.write(`[telemetry] disabled \u2014 noop tracker
166
+ `),ea;let a,p=new Set;function c(){if(a)return a;try{return a=n(Zs,{geolocate:!1,keepAlive:!1}),a}catch{return}}return o(c,"getClient"),{track(l,d={}){let m=c();if(!m)return;let u={...d,applicationId:ce,...r&&{packageName:r},...i&&{cliVersion:i},nodeVersion:process.version,platform:process.platform};s&&process.stderr.write(`[telemetry] track ${l} ${JSON.stringify(u)}
167
+ `);let g=o(()=>{},"finish"),f=new Promise(S=>{g=S});p.add(f);try{m.track(l,u,g)}catch{g()}f.finally(()=>p.delete(f))},async flush(l=Qs){if(p.size===0)return;let d,m=new Promise(u=>{d=setTimeout(u,l),d.unref?.()});try{await Promise.race([Promise.allSettled([...p]),m])}finally{d&&clearTimeout(d)}s&&process.stderr.write(`[telemetry] flush done (${p.size} still pending)
168
+ `)}}}o(wr,"createTelemetry");var ra=na();function le(e,t=ra){if(!t||t==="/")return e;let n=e.replaceAll(t,"~"),r=t.replaceAll("\\","/");return r!==t&&(n=n.replaceAll(r,"~")),n=n.replace(/(?<![A-Za-z0-9_])[A-Za-z]:[/\\]Users[/\\][^\s/\\]+(?=[/\\]|$)/g,"~"),n=n.replace(/(?<![A-Za-z0-9_])\/(?:Users|home)\/[^\s/]+(?=[/\\]|$)/g,"~"),n}o(le,"redactHomedir");var oa=1e3,ia="https://0a118cb02e3be57b1838bcfb5783a2bf@o4508040730968064.ingest.de.sentry.io/4510719268290640",sa={captureError:o(async()=>{},"captureError"),flush:o(async()=>{},"flush")};function aa(e){return e.packageName&&e.cliVersion?`${e.packageName}@${e.cliVersion}`:e.cliVersion??"unknown"}o(aa,"buildRelease");var pa="192.0.2.0";function ca(e){return e?.map(t=>({...t,...t.filename!==void 0&&{filename:le(t.filename)},...t.abs_path!==void 0&&{abs_path:le(t.abs_path)},...t.module!==void 0&&{module:le(t.module)}}))}o(ca,"scrubStackFrames");function la(e){let t={...e.user,email:void 0,username:void 0,ip_address:pa,id:void 0},n=e.exception?.values?.map(r=>({...r,value:r.value!==void 0?le(r.value):r.value,...r.stacktrace!==void 0&&{stacktrace:{...r.stacktrace,frames:ca(r.stacktrace.frames)}}}));return{...e,message:e.message!==void 0?le(e.message):e.message,user:t,server_name:void 0,...n!==void 0&&{exception:{...e.exception,values:n}}}}o(la,"scrubPii");function Cr(e={}){let t=e.env??process.env;if(ft(t))return sa;let n=aa(e),r="production",i=null,s=null;function a(){return{dsn:ia,release:n,environment:r,defaultIntegrations:!1,integrations:[],sendDefaultPii:!1,enableLogs:!1,initialScope:{tags:{component:"cli",applicationId:ce},contexts:{cli:{applicationId:ce,node:process.version,platform:process.platform}}},beforeSend:la}}o(a,"buildInitOptions");async function p(){return i||(s||(s=(async()=>{try{let c=e.sdk??await import("@sentry/node");return c.init(a()),i=c,c}catch{return null}})()),s)}return o(p,"ensureSdk"),{async captureError(c,l){try{let d=await p();if(!d)return;let m={level:"fatal"};l?.command&&(m.tags={command:l.command},m.contexts={cli:{applicationId:ce,node:process.version,platform:process.platform,command:l.command}}),d.captureException(c,m)}catch{}},async flush(c=oa){try{if(!i)return;await i.flush(c)}catch{}}}}o(Cr,"createErrorReporter");import{mkdirSync as da,readFileSync as ma,writeFileSync as ua}from"fs";import{homedir as ga}from"os";import{resolve as Ae}from"path";import{debuglog as fa}from"util";import{lt as ya,parse as Er}from"semver";var ha="https://registry.npmjs.org/@cognite/cli/latest",Sa=1500,Pr="upgrade-check.json",br=Ae(process.env.XDG_CACHE_HOME||Ae(ga(),".cache"),"@cognite","cli"),yt=fa("cognite-flows");function va(e,t){return!e||!t||!Er(e)||!Er(t)?!1:ya(e,t)}o(va,"isOutdated");async function wa({timeout:e=Sa,registryUrl:t=ha,fetchImpl:n=globalThis.fetch}={}){if(typeof n!="function")return null;try{let r=await n(t,{signal:AbortSignal.timeout(e)});if(!r?.ok)return null;let i=await r.json();return typeof i?.version=="string"?i.version:null}catch(r){return yt("fetchLatestVersion failed (%s): %O",t,r),null}}o(wa,"fetchLatestVersion");function Ca(e=br,t=864e5){try{let n=ma(Ae(e,Pr),"utf-8"),r=JSON.parse(n);return typeof r.latest!="string"||typeof r.fetchedAt!="number"||Date.now()-r.fetchedAt>t?null:{latest:r.latest,fetchedAt:r.fetchedAt}}catch(n){return yt("readUpgradeCheckCache failed (%s): %O",e,n),null}}o(Ca,"readUpgradeCheckCache");function Ea(e,t){try{da(e,{recursive:!0});let n={latest:t,fetchedAt:Date.now()};ua(Ae(e,Pr),JSON.stringify(n))}catch(n){yt("writeUpgradeCheckCache failed (%s): %O",e,n)}}o(Ea,"writeUpgradeCheckCache");async function Pa({cacheDir:e=br,...t}={}){let n=await wa(t);n&&Ea(e,n)}o(Pa,"startBackgroundUpgradeCheck");function kr(e,{onOutdated:t,cacheDir:n,...r}={}){let i=Ca(n);if(i){va(e,i.latest)&&t?.(e,i.latest);return}Pa({cacheDir:n,...r})}o(kr,"preActionUpgradeCheck");import{default as Mu,chalkStderr as xr}from"chalk";function Ar(e,t){let n=[`\u26A0 Update available: ${e} -> ${t}`," Run npx @cognite/cli@latest"],r=Math.max(...n.map(p=>[...p].length))+2,i="\u2500".repeat(r),s=o(p=>`\u2502 ${p}${" ".repeat(r-1-[...p].length)}\u2502`,"pad"),a=[`\u250C${i}\u2510`,...n.map(s),`\u2514${i}\u2518`].join(`
169
+ `);return xr.bold.yellow(a)}o(Ar,"formatUpgradeWarning");function xa(e){return e instanceof Error&&"code"in e&&typeof e.code=="string"&&e.code==="DEP0040"}o(xa,"isDep0040Warning");var St=process,Aa=St.emit.bind(St);St.emit=function(e,...t){return e==="warning"&&xa(t[0])?!1:Aa(e,...t)};hr();var X=new ka;X.name("cognite").description("Build and deploy React apps to Cognite Data Fusion").version("1.3.3-alpha-zendesk").showHelpAfterError().configureOutput({writeOut:o(e=>ba(1,e),"writeOut")});X.hook("preAction",()=>{kr("1.3.3-alpha-zendesk",{onOutdated:o((e,t)=>{console.warn(`
170
+ ${Ar(e,t)}
171
+ `)},"onOutdated")})});Nn(X);lr(X);var Ir=wr({packageName:"@cognite/cli",cliVersion:"1.3.3-alpha-zendesk"}),Dr=Cr({packageName:"@cognite/cli",cliVersion:"1.3.3-alpha-zendesk"});ur(X,Ir);var ht=process.argv.slice(2);X.parseAsync(ht,{from:"user"}).catch(async e=>{await gr(Ir,ht),gt(e)&&(console.error(`
172
+ Cancelled.`),process.exit(130)),await Dr.captureError(e,{command:ut(ht)}),await Dr.flush(),console.error(e instanceof Error?`\u274C ${e.message}`:e),process.exit(1)});
package/dist/deploy/index.d.ts CHANGED
@@ -118,6 +118,7 @@ declare class ApplicationPackager {
118
118
  constructor(distDirectory?: string);
119
119
  validateBuildDirectory(): void;
120
120
  createZip(outputFilename?: string, verbose?: boolean): Promise<string>;
121
+ createSourceArchive(outputPath: string): Promise<string>;
121
122
  }
122
123
 
123
124
  type Authenticatable = Pick<CogniteClient, 'authenticate'>;
package/dist/deploy/index.js CHANGED
@@ -1 +1 @@
1
- import{a,b,c,d,e,f,g,h,i,j,k}from"../chunk-TYYH4NWG.js";export{a as AppHostingClient,b as ApplicationPackager,c as BUNDLE_DIR,j as SIGNATURE_SUFFIXES,d as bundleFileName,e as bundlePath,i as deploy,k as discoverSignatures,g as getSdk,f as getToken,h as packageAndUpload};
1
+ import{a,b,c,d,e,f,g,h,i,j,k}from"../chunk-5R5NRM2C.js";export{a as AppHostingClient,b as ApplicationPackager,c as BUNDLE_DIR,j as SIGNATURE_SUFFIXES,d as bundleFileName,e as bundlePath,i as deploy,k as discoverSignatures,g as getSdk,f as getToken,h as packageAndUpload};
package/dist/index.js CHANGED
@@ -1 +1 @@
1
- import{a as o,b as r,c as e,d as f,e as m,f as p,g as t,h as x,i as a,j as b,k as c}from"./chunk-TYYH4NWG.js";export{o as AppHostingClient,r as ApplicationPackager,e as BUNDLE_DIR,b as SIGNATURE_SUFFIXES,f as bundleFileName,m as bundlePath,a as deploy,c as discoverSignatures,t as getSdk,p as getToken,x as packageAndUpload};
1
+ import{a as o,b as r,c as e,d as f,e as m,f as p,g as t,h as x,i as a,j as b,k as c}from"./chunk-5R5NRM2C.js";export{o as AppHostingClient,r as ApplicationPackager,e as BUNDLE_DIR,b as SIGNATURE_SUFFIXES,f as bundleFileName,m as bundlePath,a as deploy,c as discoverSignatures,t as getSdk,p as getToken,x as packageAndUpload};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cognite/cli",
3
- "version": "1.3.2-alpha.https1",
3
+ "version": "1.3.3-alpha-zendesk",
4
4
  "description": "CLI for Cognite Data Fusion",
5
5
  "license": "SEE LICENSE IN LICENSE.md",
6
6
  "author": "Cognite",
@@ -34,7 +34,6 @@
34
34
  ],
35
35
  "scripts": {
36
36
  "build": "tsup",
37
- "typecheck": "tsc --noEmit",
38
37
  "prepare": "tsup",
39
38
  "prepack": "pnpm run build",
40
39
  "prepublishOnly": "pnpm run build",
package/dist/chunk-TYYH4NWG.js DELETED
@@ -1,9 +0,0 @@
1
- var tt=Object.defineProperty;var s=(n,t)=>tt(n,"name",{value:t,configurable:!0});import{mkdir as At,readFile as wt}from"fs/promises";import{basename as Et,dirname as St}from"path";var H="https://docs.cognite.com/cdf/access/";function f(n){return n!==null&&typeof n=="object"}s(f,"isRecord");function S(n){return n instanceof Error&&"status"in n&&typeof n.status=="number"}s(S,"isHttpError");function et(n){switch(n){case 401:return`Your credentials are invalid or expired. Check your client ID and secret.
2
- See: ${H}`;case 403:return`You don't have the required CDF capabilities. Please contact your CDF admin.
3
- See: ${H}`;default:return}}s(et,"httpStatusHint");function h(n){let t=n instanceof Error?n:new Error(String(n));if(!S(t))return null;let e=et(t.status);return e?Object.assign(new Error(`${t.message}
4
- ${e}`),{cause:t}):null}s(h,"enrichedHttpError");function nt(n){if(!f(n))return null;let t=n.missing;if(Array.isArray(t))return t;let e=n.data;if(f(e)){let r=e.error;if(f(r)&&Array.isArray(r.missing))return r.missing;if(Array.isArray(e.missing))return e.missing}return null}s(nt,"findMissingArray");function rt(n,t){if(!S(n)||n.status!==400)return!1;let e=nt(n);return e?e.some(r=>f(r)&&typeof r.externalId=="string"&&t.includes(r.externalId)):!1}s(rt,"isMissingExternalIdError");function $(n,t){return S(n)&&n.status===404||rt(n,t)}s($,"isNotFoundError");var J=["DRAFT","PUBLISHED","DEPRECATED","ARCHIVED"],q=["ACTIVE","PREVIEW"],I=class I extends Error{constructor(t,e){super(`Version ${e} of app ${t} not found`),this.name="AppVersionNotFoundError",this.appExternalId=t,this.version=e}};s(I,"AppVersionNotFoundError");var C=I;function z(n,t){return n.includes(t)}s(z,"includesValue");function ot(n){return z(J,n)}s(ot,"isAppVersionLifecycleState");function st(n){return z(q,n)}s(st,"isAppVersionAlias");function it(n){return typeof n.version=="string"&&ot(n.lifecycleState)&&typeof n.entrypoint=="string"&&typeof n.createdTime=="number"&&typeof n.createdBy=="string"&&typeof n.appExternalId=="string"&&(n.alias===void 0||st(n.alias))&&(n.comment===void 0||typeof n.comment=="string")}s(it,"isAppVersion");function M(n){if(!f(n))throw new Error("Invalid version response: not an object");if(!it(n))throw new Error("Invalid version response: missing or malformed fields");return n}s(M,"parseAppVersion");var b=class b{constructor(t){this.client=t}get appsBasePath(){return`/api/v1/projects/${encodeURIComponent(this.client.project)}/apphosting/apps`}async createApp(t,e,r){try{await this.client.post(this.appsBasePath,{data:{items:[{externalId:t,name:e,description:r}]}})}catch(o){throw h(o)??o}}async uploadVersion(t,e,r,o,i="index.html"){console.log(`\u{1F4E4} Uploading version ${e}...`);let a=new FormData;a.append("file",new Blob([new Uint8Array(r)]),o),a.append("version",e),a.append("entryPath",i);let c=encodeURIComponent(t),p=`${this.appsBasePath}/${c}/versions`,l=await this.client.authenticate(),y=`${this.client.getBaseUrl()}${p}`,u=new AbortController,Z=setTimeout(()=>u.abort(),300*1e3),A;try{A=await fetch(y,{method:"POST",headers:{Authorization:`Bearer ${l}`},body:a,signal:u.signal})}catch(g){throw g instanceof Error&&g.name==="AbortError"?new Error("Upload timed out after 5 minutes"):g}finally{clearTimeout(Z)}if(!A.ok){let g=await A.text(),v=g;try{let V=JSON.parse(g);if(f(V)){let w=V.error;if(typeof w=="string")v=w;else if(f(w)){let E=w.message,B=w.code;v=typeof E=="string"?E:B!=null?`Unknown error (code: ${B})`:g}else{let E=V.message;v=typeof E=="string"?E:g}}}catch{}let O=A.headers.get("x-request-id"),Q=O?` | X-Request-ID: ${O}`:"",j=Object.assign(new Error(`Upload failed: ${A.status} \u2014 ${v}${Q}`),{status:A.status});throw h(j)??j}console.log(`\u2705 Version ${e} uploaded`)}async getVersion(t,e){let r=encodeURIComponent(t),o=encodeURIComponent(e),i=`${this.appsBasePath}/${r}/versions/${o}`;try{let a=await this.client.get(i);return M(a.data)}catch(a){throw $(a,[t,e])?new C(t,e):h(a)??a}}async getActiveVersion(t){let e=encodeURIComponent(t),r=`${this.appsBasePath}/${e}/active`;try{let o=await this.client.get(r);return M(o.data)}catch(o){if($(o,[t]))return null;throw h(o)??o}}async updateVersions(t,e){let r=encodeURIComponent(t),o=`${this.appsBasePath}/${r}/versions/update`;try{await this.client.post(o,{data:{items:e}})}catch(i){throw h(i)??i}}async submitSignatures(t,e,r){let o=encodeURIComponent(t),i=encodeURIComponent(e),a=`${this.appsBasePath}/${o}/versions/${i}/signatures`;try{await this.client.post(a,{data:{items:r}})}catch(c){throw h(c)??c}}};s(b,"AppHostingApi");var k=b;var T=class T{constructor(t){this.api=new k(t)}getVersion(t,e){return this.api.getVersion(t,e)}uploadVersion(t,e,r,o,i){return this.api.uploadVersion(t,e,r,o,i)}async ensureApp(t,e,r){console.log("\u{1F50D} Ensuring app exists...");try{await this.api.createApp(t,e,r),console.log(`\u2705 App '${t}' created`)}catch(o){if(S(o)&&o.status===409){console.log(`\u2705 App '${t}' already exists`);return}throw o}}async submitSignatures(t,e,r){r.length!==0&&(console.log(`\u{1F50F} Submitting ${r.length} signature${r.length===1?"":"s"} for version ${e}...`),await this.api.submitSignatures(t,e,r),console.log("\u2705 Signatures stored"))}async publishVersion(t,e){await this.api.updateVersions(t,[{version:e,update:{lifecycleState:{set:"PUBLISHED"}}}])}async publishAndActivate(t,e){console.log(`\u{1F680} Publishing and activating version ${e}...`),await this.api.updateVersions(t,[{version:e,update:{lifecycleState:{set:"PUBLISHED"},alias:{set:"ACTIVE"}}}]),console.log(`\u2705 Version ${e} is now PUBLISHED and ACTIVE`)}getActiveVersion(t){return this.api.getActiveVersion(t)}async deactivateVersion(t,e){await this.api.updateVersions(t,[{version:e,update:{alias:{setNull:!0}}}])}async activateVersion(t,e){let r=null;try{r=await this.api.getActiveVersion(t)}catch{r=null}let o=r&&r.version!==e?r.version:void 0;return await this.api.updateVersions(t,[{version:e,update:{alias:{set:"ACTIVE"}}}]),{supersededVersion:o}}async deploy(t,e,r,o,i,a,c=!1){console.log(`
5
- \u{1F680} Deploying application via App Hosting API...
6
- `);try{await this.ensureApp(t,e,r),await this.uploadVersion(t,o,i,a),c&&await this.publishAndActivate(t,o),console.log(`
7
- \u2705 Deployment successful!`)}catch(p){let l=p instanceof Error?p.message:String(p);throw Object.assign(new Error(`Deployment failed: ${l}`),{cause:p})}}};s(T,"AppHostingClient");var P=T;import m from"fs";import d from"path";import{parseAndValidateManifestConfig as at}from"@cognite/app-sdk/vite";import{BlobReader as ct,Uint8ArrayWriter as pt,ZipWriter as lt}from"@zip.js/zip.js";var R="package.json",D="package-lock.json",Y="manifest.json",U=".cognite",_=class _{constructor(t="dist"){this.distPath=d.isAbsolute(t)?t:d.join(process.cwd(),t),this.appRoot=d.dirname(this.distPath)}validateBuildDirectory(){if(!m.existsSync(this.distPath))throw new Error(`Build directory "${this.distPath}" not found. Run build first.`);let t=d.join(this.appRoot,R);if(!m.existsSync(t))throw new Error(`"${t}" not found. It is required for deployment.`);let e=d.join(this.appRoot,D);if(!m.existsSync(e))throw new Error(`"${e}" not found. It is required for deployment.`)}async createZip(t="app.zip",e=!1){this.validateBuildDirectory(),console.log("\u{1F4E6} Packaging application...");let r=new lt(new pt,{level:9}),o=s(async(p,l)=>{await r.add(l,new ct(await m.openAsBlob(p))),e&&console.log(` \u{1F4C4} ${l}`)},"addFile"),i=s(async p=>{let l=await m.promises.readdir(p,{withFileTypes:!0});for(let y of l){let u=d.join(p,y.name);y.isDirectory()?await i(u):await o(u,d.relative(this.distPath,u).replace(/\\/g,"/"))}},"addDir"),a;try{await i(this.distPath);let p=d.join(this.appRoot,R);await o(p,d.posix.join(U,R));let l=d.join(this.appRoot,Y);if(m.existsSync(l)){let u=m.readFileSync(l,"utf-8");at(u,l),await o(l,d.posix.join(U,Y))}let y=d.join(this.appRoot,D);await o(y,d.posix.join(U,D)),a=await r.close()}catch(p){let l=p instanceof Error?p.message:String(p);throw new Error(`Failed to create zip: ${l}`)}await m.promises.writeFile(t,a);let c=(a.byteLength/1024/1024).toFixed(2);return console.log(`\u2705 App packaged: ${t} (${c} MB)`),t}};s(_,"ApplicationPackager");var x=_;import dt from"path";var G=".cognite-bundles";function K(n,t){return`${n}-${t}.zip`}s(K,"bundleFileName");function F(n,t,e){return dt.join(n,G,K(t,e))}s(F,"bundlePath");import{CogniteClient as yt}from"@cognite/sdk";var ut=s(()=>{let n=process.env.DEPLOYMENT_SECRETS;if(!n)return{};try{let t=JSON.parse(n),e={};for(let[r,o]of Object.entries(t))if(typeof o=="string"){let i=r.toLowerCase().replace(/_/g,"-");e[i]=o}return e}catch(t){return console.error("Error parsing DEPLOYMENT_SECRETS:",t),{}}},"loadSecretsFromEnv"),gt=s(n=>{let t;if(process.env.DEPLOYMENT_SECRET&&(t=process.env.DEPLOYMENT_SECRET),t||(t=ut()[n]),t||(t=process.env[n]),!t)throw new Error(`Secret not found in environment: ${n}`);return t},"getSecretFromEnv"),ft=s(n=>{if(!n)return"";try{return new URL(n).hostname.replace(/\.cognitedata\.com$/,"")}catch{let t=n.replace(/^https?:\/\//,"");return t=t.split("/")[0],t=t.split(":")[0],t=t.replace(/\.cognitedata\.com$/,""),t}},"extractClusterFromUrl"),mt=s(async(n,t)=>{let e=`Basic ${btoa(`${n}:${t}`)}`,r=await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:e,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})});if(!r.ok){let i=await r.text();throw new Error(`Failed to get token from CDF: ${r.status} ${r.statusText}
8
- ${i}`)}let o=await r.json();if(!o.access_token)throw new Error("No access token returned from CDF authentication");return o.access_token},"getTokenCdf"),ht=s(async(n,t,e,r)=>{if(!r)throw new Error("Entra ID authentication requires 'baseUrl' to be set in deployment configuration");let o=ft(r);if(!o)throw new Error(`Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${r}`);let i=`https://login.microsoftonline.com/${e}/oauth2/v2.0/token`,a=`https://${o}.cognitedata.com/.default`,c=await fetch(i,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:n,client_secret:t,scope:a,grant_type:"client_credentials"})});if(!c.ok){let l=await c.text();throw new Error(`Failed to get token from Entra ID: ${c.status} ${c.statusText}
9
- ${l}`)}let p=await c.json();if(!p.access_token)throw new Error("No access token returned from Entra ID authentication");return p.access_token},"getTokenEntra"),L=s(async(n,t=process.env)=>{if(t.COGNITE_TOKEN)return t.COGNITE_TOKEN;let{deployClientId:e,deploySecretName:r,idpType:o="cdf",tenantId:i,baseUrl:a}=n,c=gt(r);if(o==="entra_id"){if(!i)throw new Error("Entra ID authentication requires 'tenantId' in deployment configuration");return ht(e,c,i,a)}return mt(e,c)},"getToken");async function N(n,t,e=process.env,r){let o=await L(n,e),i=e.COGNITE_BASE_URL??n.baseUrl,a=(r??(c=>new yt(c)))({appId:t,project:n.project,baseUrl:i,oidcTokenProvider:s(async()=>o,"oidcTokenProvider")});return await a.authenticate(),a}s(N,"getSdk");async function W(n,t,e,r){let{externalId:o,name:i,description:a,versionTag:c}=t,p=F(e,o,c);await At(St(p),{recursive:!0}),await new x(`${e}/dist`).createZip(p,!0);let l=await wt(p);await new P(n).deploy(o,i,a,c,l,Et(p),r)}s(W,"packageAndUpload");var Pt=s(async(n,t,e)=>{let r=await N(n,e);await W(r,t,e,n.published)},"deploy");import{existsSync as xt,readFileSync as vt}from"fs";var X=[".dev.sig",".cert.sig"];function Ct(n,t={}){let e=t.existsSync??xt,r=t.readFileSync??((i,a)=>vt(i,a)),o=[];for(let i of X){let a=`${n}${i}`;if(!e(a))continue;let c=r(a,"utf8").trim();c.length>0&&o.push(c)}return o}s(Ct,"discoverSignatures");export{P as a,x as b,G as c,K as d,F as e,L as f,N as g,W as h,Pt as i,X as j,Ct as k};