npm - @keystrokehq/cli - Versions diffs - 0.0.1 → 0.0.3 - Mend

@keystrokehq/cli 0.0.1 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

package/dist/schedule-BXx3uXwr.mjs DELETED Viewed

@@ -1,1142 +0,0 @@
-#!/usr/bin/env node
-import { z } from "zod";
-const SHA256HashSchema = z.string().length(64, "Must be 64 characters").regex(/^[a-f0-9]{64}$/i, "Must be hexadecimal").transform((value) => value);
-const JsonSchemaSchema = z.record(z.string(), z.unknown());
-const RetryConfigSchema = z.object({
-	constant: z.object({
-		attempts: z.number().int().min(1).max(10),
-		seconds: z.number().positive()
-	}).optional(),
-	exponential: z.object({
-		attempts: z.number().int().min(1).max(10),
-		base: z.number().min(1).optional(),
-		multiplier: z.number().positive().optional()
-	}).optional()
-}).refine((data) => {
-	return data.constant !== void 0 !== (data.exponential !== void 0);
-}, { error: "Retry config must specify exactly one of constant or exponential strategy" });
-//#endregion
-//#region ../../packages/workflow-core/src/shared/schema.ts
-const MAX_JSON_DEPTH = 20;
-function buildJsonValueSchema(depth) {
-	const primitives = z.union([
-		z.string(),
-		z.number(),
-		z.boolean(),
-		z.null()
-	]);
-	if (depth <= 0) return primitives;
-	const nested = buildJsonValueSchema(depth - 1);
-	return z.union([
-		primitives,
-		z.array(nested),
-		z.record(z.string(), nested)
-	]);
-}
-const jsonValueSchema = buildJsonValueSchema(MAX_JSON_DEPTH);
-const jsonSchemaObject = z.record(z.string(), jsonValueSchema);
-const anyZodSchemaSchema = z.custom((value) => value instanceof z.ZodType, "Expected a Zod schema");
-const zodObjectSchema = z.custom((value) => value instanceof z.ZodObject, "Expected a Zod object schema");
-/**
-* Creates a Zod schema that validates an object structurally by checking
-* for required properties. This avoids `instanceof` checks which fail
-* when class definitions are duplicated across bundle boundaries.
-*/
-function createStructuralSchema(requiredKeys, label) {
-	return z.custom((value) => value != null && (typeof value === "object" || typeof value === "function") && requiredKeys.every((key) => key in value), `Expected ${label}`);
-}
-function trimmedNonEmptyString(fieldName) {
-	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(255, { error: `${fieldName} cannot exceed 255 characters` });
-}
-/** Trimmed string with at least one character; no upper length limit. */
-function trimmedNonEmptyStringUnbounded(fieldName) {
-	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` });
-}
-/**
-* Non-empty trimmed string restricted to URL-safe characters.
-* Use for IDs (workflow, step, etc.) that must be safe in URLs, env vars, and as object keys.
-*/
-function idNoSpacesString(fieldName) {
-	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(255, { error: `${fieldName} cannot exceed 255 characters` }).refine((s) => /^[a-zA-Z0-9_-]+$/.test(s), { error: `${fieldName} must only contain letters, numbers, hyphens, and underscores` });
-}
-/**
-* Non-empty trimmed string for RAW credential set IDs and namespace values.
-* Only allows letters, numbers, hyphens, and underscores.
-* Dots and colons are NOT allowed — colons are reserved for the namespace separator
-* in resolved credential set IDs (e.g., `keystroke:slack`).
-*/
-function credentialSetIdString(fieldName) {
-	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(255, { error: `${fieldName} cannot exceed 255 characters` }).refine((s) => /^[a-zA-Z0-9_-]+$/.test(s), { error: `${fieldName} must only contain letters, numbers, hyphens, and underscores` });
-}
-/**
-* Non-empty trimmed string for RESOLVED credential set IDs.
-* Allows the optional `namespace:id` colon-separated format (e.g., `keystroke:slack`)
-* as well as plain IDs without a namespace (e.g., `internal-crm`).
-* Used in manifest schemas, DB query params, and API response schemas.
-*/
-function resolvedCredentialSetIdString(fieldName) {
-	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(255, { error: `${fieldName} cannot exceed 255 characters` }).refine((s) => /^[a-zA-Z0-9_-]+(:[a-zA-Z0-9_-]+)?$/.test(s), { error: `${fieldName} must be a valid credential set ID, optionally namespaced (e.g., "slack" or "keystroke:slack")` });
-}
-function optionalTrimmedNonEmptyString(fieldName) {
-	return trimmedNonEmptyString(fieldName).optional();
-}
-function descriptionString(fieldName) {
-	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(1024, { error: `${fieldName} cannot exceed 1024 characters` });
-}
-function optionalDescriptionString(fieldName) {
-	return descriptionString(fieldName).optional();
-}
-function validateConfig(schema, config) {
-	return schema.parse(config);
-}
-function schemaToJsonSchema(schema) {
-	return jsonSchemaObject.parse({ ...z.toJSONSchema(schema, { unrepresentable: "any" }) });
-}
-//#endregion
-//#region ../../packages/workflow-core/src/credential-set/constants.ts
-/**
-* Kinds describe what a credential set represents at the platform level.
-*/
-const CREDENTIAL_KINDS = {
-	"user-connection": "user-connection",
-	"provider-app": "provider-app"
-};
-/**
-* Visibility determines whether credential values may be injected into user code.
-*/
-const CREDENTIAL_VISIBILITIES = {
-	"user-visible": "user-visible",
-	internal: "internal"
-};
-//#endregion
-//#region ../../packages/workflow-core/src/credential-set/schemas.ts
-const credentialPlatformMetadataSchema = z.object({
-	kind: z.enum([CREDENTIAL_KINDS["user-connection"], CREDENTIAL_KINDS["provider-app"]]),
-	visibility: z.enum([CREDENTIAL_VISIBILITIES["user-visible"], CREDENTIAL_VISIBILITIES.internal])
-});
-const credentialPlatformMetadataJsonSchema = z.object({
-	kind: z.enum([CREDENTIAL_KINDS["user-connection"], CREDENTIAL_KINDS["provider-app"]]),
-	visibility: z.enum([CREDENTIAL_VISIBILITIES["user-visible"], CREDENTIAL_VISIBILITIES.internal])
-});
-const credentialSetProxyInjectionSchema = z.object({
-	/** Substitute placeholder in HTTP headers (default: true). */
-	headers: z.boolean().optional(),
-	/** Substitute placeholder in the HTTP Basic Auth credential (default: true). */
-	basicAuth: z.boolean().optional(),
-	/** Substitute placeholder in URL query params (default: false).
-	*  Use for APIs that authenticate via `?api_key=...` (Google Maps, OWM, etc.). */
-	queryParams: z.boolean().optional(),
-	/** Substitute placeholder in the HTTP request body (default: false).
-	*  Use for form-encoded auth payloads (Stripe, AWS SigV4 query, etc.). */
-	body: z.boolean().optional()
-});
-const credentialSetProxyConfigSchema = z.object({
-	/** Exact-match host allowlist (forwarded to SecretBuilder.allowHost). */
-	hosts: z.array(z.string().min(1)).optional(),
-	/** Wildcard host allowlist (forwarded to SecretBuilder.allowHostPattern).
-	*  Example: `["*.browserbase.com"]` covers any subdomain. */
-	hostPatterns: z.array(z.string().min(1)).optional(),
-	/** Per-scope substitution toggles. Omit to use SDK defaults. */
-	injection: credentialSetProxyInjectionSchema.optional()
-});
-const onCredentialRevokedSchema = z.enum(["fail", "retry-once"]);
-const manualConnectionConfigSchema = z.object({
-	kind: z.literal("manual"),
-	instructions: z.string().min(1).optional(),
-	validate: z.function().optional()
-});
-const manualConnectionConfigManifestSchema = z.object({
-	kind: z.literal("manual"),
-	instructions: z.string().min(1).optional()
-});
-/** Declarative form of `Vault` — strings typed against the credential set's
-* stored/auth schema keys at the {@link CredentialSetConfig} boundary; the Zod
-* schema here enforces non-empty strings only. `CredentialSet` itself performs
-* the schema-key membership check at construction time. */
-const vaultMappingSchema = z.object({
-	accessToken: z.string().min(1),
-	instanceUrl: z.string().min(1).optional(),
-	raw: z.record(z.string().min(1), z.string().min(1)).optional()
-});
-/** Function form of `Vault` — an object pairing the access-token vault key
-*  (`accessTokenKey`) with the `build` function that computes the full vault
-*  write map. The explicit key keeps the disconnect path's revocation read
-*  reliable even when `build` transforms the access token. */
-const vaultMappingFnSchema = z.object({
-	accessTokenKey: z.string().min(1),
-	build: z.custom((val) => typeof val === "function", { message: "vault.build must be a function." })
-});
-/** Runtime shape of `Vault`. Accepts either the declarative mapping or the
-*  function-form object `{ accessTokenKey, build }`. */
-const vaultConfigSchema = z.union([vaultMappingSchema, vaultMappingFnSchema], { error: "vault must be a declarative mapping object or a `{ accessTokenKey, build }` object." });
-/** Manifest projection of `Vault` — declarative mappings serialize verbatim;
-* function-form mappings serialize as `{ kind: 'function', accessTokenKey }`
-* since closures are not manifest-safe but the access-token key is. */
-const vaultManifestSchema = z.discriminatedUnion("kind", [z.object({
-	kind: z.literal("declarative"),
-	accessToken: z.string().min(1),
-	instanceUrl: z.string().min(1).optional(),
-	raw: z.record(z.string().min(1), z.string().min(1)).optional()
-}), z.object({
-	kind: z.literal("function"),
-	accessTokenKey: z.string().min(1)
-})]);
-/** Structural check: any object exposing the core {@link AnyCredentialSet}
-*  shape (id, resolvedCredentialSetId, credentialKeys, platformMetadata).
-*  The runtime validator inside `CredentialSet.ts` does the deeper
-*  visibility / key-coverage check.
-*
-*  Intentionally `z.custom` rather than a structural subschema — Zod cannot
-*  express `z.ZodObject<any>` on the `auth` field, and we only need enough
-*  structure for the runtime validator to walk the value. */
-const oauthClientSourceCredentialSetRef = z.custom((val) => val !== null && typeof val === "object" && "id" in val && "credentialKeys" in val, { message: "oauthClientSource.credentialSet must be a CredentialSet instance." });
-const oauthClientSourceSchema = z.discriminatedUnion("kind", [z.object({ kind: z.literal("keystroke-platform") }), z.object({
-	kind: z.literal("workspace-provider-app"),
-	credentialSet: oauthClientSourceCredentialSetRef,
-	keyMap: z.object({
-		clientId: z.string().min(1).optional(),
-		clientSecret: z.string().min(1).optional()
-	}).optional()
-})]);
-const oauthClientSourceManifestSchema = z.discriminatedUnion("kind", [z.object({ kind: z.literal("keystroke-platform") }), z.object({
-	kind: z.literal("workspace-provider-app"),
-	credentialSetId: z.string().min(1),
-	keyMap: z.object({
-		clientId: z.string().min(1).optional(),
-		clientSecret: z.string().min(1).optional()
-	}).optional()
-})]);
-const oauthConnectionConfigBaseSchema = z.object({
-	kind: z.literal("oauth"),
-	authUrl: z.string().url(),
-	tokenUrl: z.string().url(),
-	scopes: z.array(z.string()).readonly(),
-	revokeUrl: z.string().url().nullable().optional(),
-	tokenType: z.enum(["long-lived", "refreshable"]),
-	pkce: z.boolean().optional(),
-	/** Fallback token lifetime when the provider omits `expires_in`. Positive
-	*  integer seconds. Shared between config + manifest schemas (both extend
-	*  this base). */
-	defaultExpiresInSeconds: z.number().int().positive().optional()
-});
-const oauthConnectionConfigSchema = oauthConnectionConfigBaseSchema.extend({
-	vault: vaultConfigSchema,
-	buildAuthUrl: z.function().optional(),
-	exchangeCode: z.function().optional(),
-	refreshToken: z.function().optional(),
-	extractInstallationInfo: z.function().optional(),
-	validate: z.function().optional(),
-	oauthClientSource: oauthClientSourceSchema.optional()
-});
-const oauthConnectionConfigManifestSchema = oauthConnectionConfigBaseSchema.extend({
-	vault: vaultManifestSchema,
-	oauthClientSource: oauthClientSourceManifestSchema.optional()
-});
-const credentialsExchangeConnectionConfigSchema = z.object({
-	kind: z.literal("credentials-exchange"),
-	instructions: z.string().min(1).optional(),
-	input: zodObjectSchema
-}).extend({
-	exchange: z.function(),
-	rotate: z.function().optional(),
-	validate: z.function().optional()
-});
-/** Manifest projection of `CredentialsExchangeConnectionConfig` — only the
-*  declarative `input` schema (rendered as JSON Schema) and `instructions`
-*  copy survive serialization. The three hooks (`exchange`, `rotate`,
-*  `validate`) are runtime closures and are stripped. */
-const credentialsExchangeConnectionConfigManifestSchema = z.object({
-	kind: z.literal("credentials-exchange"),
-	instructions: z.string().min(1).optional(),
-	input: jsonSchemaObject
-});
-const connectionConfigSchema = z.discriminatedUnion("kind", [
-	manualConnectionConfigSchema,
-	oauthConnectionConfigSchema,
-	credentialsExchangeConnectionConfigSchema
-]);
-/** Manifest projection of `ConnectionConfig` — declarative metadata only. */
-const connectionConfigManifestSchema = z.discriminatedUnion("kind", [
-	manualConnectionConfigManifestSchema,
-	oauthConnectionConfigManifestSchema,
-	credentialsExchangeConnectionConfigManifestSchema
-]);
-const CredentialSetManifestSchema = z.object({
-	manifestVersion: z.literal(1),
-	type: z.literal("credentialSet"),
-	id: credentialSetIdString("Credential set id"),
-	namespace: credentialSetIdString("Credential set namespace").optional(),
-	resolvedCredentialSetId: resolvedCredentialSetIdString("Resolved credential set id"),
-	name: trimmedNonEmptyString("Credential set name"),
-	description: optionalDescriptionString("Credential set description"),
-	auth: jsonSchemaObject,
-	stored: jsonSchemaObject.optional(),
-	needsResolve: z.boolean().optional(),
-	/** Run-scoped cache TTL in milliseconds for the credential set's `resolve`
-	*  hook. `0` or absence means no cache hint. Populated from top-level
-	*  `resolveCacheMs` in the authored config. */
-	resolveCacheMs: z.number().int().nonnegative().optional(),
-	/** Where the `stored`→`auth` transform runs (cluster 15). `'sandbox'`
-	*  for `resolve`, `'platform'` for `resolveAtPlatform`, `'none'` when
-	*  the credential set has no transform. Omitted in the manifest when
-	*  `'none'` to keep serialized output compact. */
-	resolveLocation: z.enum(["sandbox", "platform"]).optional(),
-	/** Platform-side env allowlist (cluster 15). Only meaningful when
-	*  `resolveLocation === 'platform'`. */
-	platformEnvAllowlist: z.array(z.string().min(1)).optional(),
-	platformMetadata: credentialPlatformMetadataJsonSchema.optional(),
-	proxy: credentialSetProxyConfigSchema.optional(),
-	/** When true, resolved values are passed into execution as raw secrets (no ref-token proxy). */
-	needsRawSecret: z.boolean().optional(),
-	/** Policy when a step throws `CredentialRevokedError` against this credential set. */
-	onCredentialRevoked: onCredentialRevokedSchema.optional(),
-	connection: connectionConfigManifestSchema.optional()
-});
-const credentialSetConfigSchema = z.object({
-	id: credentialSetIdString("Credential set id"),
-	namespace: credentialSetIdString("Credential set namespace").optional(),
-	name: optionalTrimmedNonEmptyString("Credential set name"),
-	description: optionalDescriptionString("Credential set description"),
-	auth: zodObjectSchema,
-	stored: zodObjectSchema.optional(),
-	resolve: z.function().optional(),
-	/** Run-scoped cache TTL in milliseconds for `resolve` output. Requires `resolve`. */
-	resolveCacheMs: z.number().int().nonnegative().optional(),
-	/** Platform-side `stored`→`auth` transform (cluster 15). Runs on the
-	*  trusted host with a scoped fetch + allowlisted env. Mutually
-	*  exclusive with `resolve`. */
-	resolveAtPlatform: z.function().optional(),
-	platformEnvAllowlist: z.array(z.string().min(1)).optional(),
-	platformMetadata: credentialPlatformMetadataSchema.optional(),
-	proxy: credentialSetProxyConfigSchema.optional(),
-	/** When true, resolved values are passed into execution as raw secrets (no ref-token proxy). */
-	needsRawSecret: z.boolean().optional(),
-	onCredentialRevoked: onCredentialRevokedSchema.optional(),
-	connection: connectionConfigSchema.optional()
-}).refine((c) => !(c.resolve === void 0 && c.resolveCacheMs !== void 0), { message: "`resolveCacheMs` requires `resolve`." }).refine((config) => !(config.namespace === "keystroke" && config.platformMetadata === void 0), { message: "platformMetadata is required when namespace is 'keystroke'" }).refine((config) => !(config.namespace !== "keystroke" && config.connection?.kind === "oauth" && config.connection.oauthClientSource === void 0), { message: "OAuth connections on user-authored (non-keystroke-namespaced) credential sets require `oauthClientSource` to point at a workspace-provider-app credential set. Example: `oauthClientSource: { kind: \"workspace-provider-app\", credentialSet: myClientApp }`." }).refine((config) => {
-	if (config.connection?.kind !== "oauth") return true;
-	const source = config.connection.oauthClientSource;
-	if (!source || source.kind !== "workspace-provider-app") return true;
-	return source.credentialSet.platformMetadata?.visibility === "internal";
-}, { message: "oauthClientSource.credentialSet must be marked `platformMetadata: { visibility: 'internal' }`. This prevents the sandbox from injecting clientSecret into user step code." }).refine((c) => !(c.resolve !== void 0 && c.resolveAtPlatform !== void 0), { message: "`resolve` and `resolveAtPlatform` are mutually exclusive. Pick one: `resolve` for sandbox-side shape transforms, `resolveAtPlatform` for host-side external-secrets calls." }).refine((c) => !(c.platformEnvAllowlist !== void 0 && c.resolveAtPlatform === void 0), { message: "`platformEnvAllowlist` requires `resolveAtPlatform`." });
-//#endregion
-//#region ../../packages/workflow-core/src/artifacts/source-analysis.ts
-const SourceLocationSchema = z.object({
-	filePath: z.string().min(1),
-	absoluteFilePath: z.string().min(1).optional(),
-	line: z.number().int().positive(),
-	column: z.number().int().positive(),
-	position: z.number().int().nonnegative().optional(),
-	endLine: z.number().int().positive(),
-	endColumn: z.number().int().positive(),
-	endPosition: z.number().int().nonnegative().optional(),
-	synthetic: z.boolean().optional()
-});
-const CallsiteFingerprintSchema = z.string().min(1);
-const ImportSourceSchema = z.object({
-	kind: z.enum([
-		"local",
-		"module-import",
-		"namespace-import",
-		"dynamic"
-	]),
-	moduleSpecifier: z.string().min(1).optional(),
-	importName: z.string().min(1).optional(),
-	localName: z.string().min(1).optional(),
-	resolvedPath: z.string().min(1).optional()
-});
-const CallKindSchema = z.enum([
-	"workflow-step",
-	"agent",
-	"tool",
-	"hook",
-	"child-workflow",
-	"function-call",
-	"method-call",
-	"dynamic-call",
-	"parallel-call",
-	"process-exit",
-	"iife",
-	"expression"
-]);
-const CapturedVariableSourceKindSchema = z.enum([
-	"local-const",
-	"relative-import",
-	"package-import"
-]);
-const CapturedVariableValueTypeSchema = z.enum([
-	"string",
-	"number",
-	"boolean",
-	"object",
-	"array",
-	"function",
-	"unknown"
-]);
-const CapturedVariableSchema = z.object({
-	name: z.string().min(1),
-	value: z.union([
-		z.string(),
-		z.number(),
-		z.boolean()
-	]).optional(),
-	sourceText: z.string().optional(),
-	valueType: CapturedVariableValueTypeSchema,
-	resolvable: z.boolean(),
-	source: CapturedVariableSourceKindSchema,
-	importPath: z.string().optional(),
-	declaration: z.object({
-		filePath: z.string().min(1),
-		line: z.number().int().positive()
-	})
-});
-const IntegrationScopeSchema = z.enum([
-	"organization",
-	"project",
-	"user_provided_credential"
-]);
-const IntegrationCredentialRefSchema = z.discriminatedUnion("type", [z.object({
-	type: z.literal("id"),
-	id: z.string().startsWith("cset_")
-}), z.object({
-	type: z.literal("name"),
-	name: z.string().trim().min(1)
-})]);
-function hasProjectOrOrganizationScope(scope) {
-	return scope === "organization" || scope === "project";
-}
-const CredentialRefTokenKeyNameSchema = z.string().regex(/^[A-Za-z0-9_]+$/, "Credential key must contain only letters, digits, and underscores (required for ref-token proxying)");
-/** Shared enum for top-level credential-set `onCredentialRevoked` policy. */
-const OnCredentialRevokedSchema = z.enum(["fail", "retry-once"]);
-/** A credential set after resolution in a built manifest. Contains resolved ID, scope, alias, and credential keys.*/
-const ResolvedCredentialSetSchema = z.object({
-	resolvedId: z.string(),
-	scope: IntegrationScopeSchema.optional(),
-	alias: z.string().optional(),
-	credentialRef: IntegrationCredentialRefSchema.optional(),
-	/** Auth-shape keys expected post-resolve. */
-	credentialKeys: z.array(CredentialRefTokenKeyNameSchema),
-	/** Subset of `credentialKeys` that are optional in the auth shape. */
-	optionalCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Stored-shape keys required for vault reads and upload flows. */
-	storedCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Subset of `storedCredentialKeys` that may be absent from the vault without
-	* failing resolution. Derived from the credential set's `stored` schema:
-	* a Zod field wrapped in `.optional()` / `.default()` or a JSON Schema
-	* property not listed in `required` is considered optional. */
-	optionalStoredCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	proxy: credentialSetProxyConfigSchema.optional(),
-	/** When true, resolved values are passed raw (no ref-token proxy) for this set. */
-	needsRawSecret: z.boolean().optional(),
-	/** When true, the credential set has a user `resolve` callback that runs in
-	* the sandbox before each step. Routes credentials to env (not Secret.env). */
-	needsResolve: z.boolean().optional(),
-	/** Run-scoped cache TTL in milliseconds for the credential set's `resolve`
-	* hook output. `0` or absence means no cache hint. */
-	resolveCacheMs: z.number().int().nonnegative().optional(),
-	/** Policy when a step throws `CredentialRevokedError` against this credential set. */
-	onCredentialRevoked: OnCredentialRevokedSchema.optional(),
-	/** Persistence-layer schema fingerprint stamped at build time. The
-	* resolver's phase 2 compares this against the vault row's stored
-	* fingerprint and raises `CredentialSchemaMismatchError` on drift.
-	* Optional here so pre-fingerprint artifacts still parse; the
-	* workflow builder populates it for every authored credential set
-	* that has a resolvable fingerprint. */
-	schemaFingerprint: z.string().optional()
-}).superRefine((value, ctx) => {
-	if (value.credentialRef && !hasProjectOrOrganizationScope(value.scope)) ctx.addIssue({
-		code: z.ZodIssueCode.custom,
-		path: ["credentialRef"],
-		message: "credentialRef requires scope to be \"project\" or \"organization\""
-	});
-});
-const DeclaredCredentialRequirementSchema = z.object({
-	credentialSetId: z.string(),
-	namespace: z.string().optional(),
-	resolvedCredentialSetId: z.string(),
-	/** Auth-shape keys expected post-resolve. */
-	credentialKeys: z.array(CredentialRefTokenKeyNameSchema),
-	/** Optional subset of the auth-shape keys. */
-	optionalCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Stored-shape keys required for vault reads. */
-	storedCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Optional subset of the stored-shape keys. */
-	optionalStoredCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	schemaFingerprint: z.string().optional(),
-	needsResolve: z.boolean().optional(),
-	/** Run-scoped cache TTL in milliseconds for the credential set's `resolve`
-	*  hook output. `0` or absence means no cache hint. */
-	resolveCacheMs: z.number().int().nonnegative().optional(),
-	/** Policy when a step throws `CredentialRevokedError` against this credential set. */
-	onCredentialRevoked: OnCredentialRevokedSchema.optional(),
-	proxy: credentialSetProxyConfigSchema.optional(),
-	needsRawSecret: z.boolean().optional(),
-	requiredOAuthScopes: z.array(z.string()).optional()
-});
-const CredentialRequirementEntrySchema = z.object({
-	credentialSetId: z.string(),
-	scope: IntegrationScopeSchema.optional(),
-	alias: z.string().optional(),
-	credentialRef: IntegrationCredentialRefSchema.optional(),
-	/** Auth-shape keys expected post-resolve. */
-	credentialKeys: z.array(CredentialRefTokenKeyNameSchema),
-	/** Optional subset of the auth-shape keys. */
-	optionalCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Stored-shape keys required for vault reads. */
-	storedCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Optional subset of the stored-shape keys. */
-	optionalStoredCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	schemaFingerprint: z.string().optional(),
-	proxy: credentialSetProxyConfigSchema.optional(),
-	needsRawSecret: z.boolean().optional(),
-	/** When true, the credential set has a user `resolve` callback. Routes
-	* credentials to env (not Secret.env) so the callback can transform them. */
-	needsResolve: z.boolean().optional(),
-	/** Run-scoped cache TTL in milliseconds for the credential set's `resolve`
-	*  hook output. `0` or absence means no cache hint. */
-	resolveCacheMs: z.number().int().nonnegative().optional(),
-	/** Policy when a step throws `CredentialRevokedError` against this credential set. */
-	onCredentialRevoked: OnCredentialRevokedSchema.optional(),
-	requiredOAuthScopes: z.array(z.string()).optional()
-}).superRefine((value, ctx) => {
-	if (value.credentialRef && !hasProjectOrOrganizationScope(value.scope)) ctx.addIssue({
-		code: z.ZodIssueCode.custom,
-		path: ["credentialRef"],
-		message: "credentialRef requires scope to be \"project\" or \"organization\""
-	});
-});
-const CredentialRequirementsSchema = z.object({
-	required: z.array(z.string()),
-	byStep: z.record(z.string(), z.array(CredentialRequirementEntrySchema))
-});
-const TriggerCallbackNameSchema = z.enum([
-	"filter",
-	"idempotencyKey",
-	"verify",
-	"callback"
-]);
-const TriggerCredentialRequirementEntrySchema = CredentialRequirementEntrySchema;
-const TriggerCredentialRequirementsSchema = z.object({
-	required: z.array(z.string()),
-	byCallback: z.partialRecord(TriggerCallbackNameSchema, z.array(TriggerCredentialRequirementEntrySchema))
-});
-function buildCredentialRequirementEntryKey(entry) {
-	const credentialRefKey = entry.credentialRef ? entry.credentialRef.type === "id" ? `id:${entry.credentialRef.id}` : `name:${entry.credentialRef.name}` : "";
-	return [
-		entry.credentialSetId,
-		entry.scope ?? "",
-		entry.alias ?? "",
-		credentialRefKey,
-		entry.schemaFingerprint ?? "",
-		[...entry.credentialKeys].sort().join(","),
-		[...entry.optionalCredentialKeys ?? []].sort().join(","),
-		[...entry.storedCredentialKeys ?? []].sort().join(","),
-		[...entry.optionalStoredCredentialKeys ?? []].sort().join(","),
-		entry.needsRawSecret === true ? "1" : "0",
-		entry.needsResolve === true ? "1" : "0",
-		typeof entry.resolveCacheMs === "number" ? String(entry.resolveCacheMs) : "",
-		entry.onCredentialRevoked ?? "",
-		entry.proxy ? JSON.stringify(entry.proxy) : ""
-	].join("|");
-}
-function deduplicateCredentialRequirementEntries(entries) {
-	const deduped = /* @__PURE__ */ new Map();
-	for (const entry of entries) {
-		const key = buildCredentialRequirementEntryKey(entry);
-		const existing = deduped.get(key);
-		if (!existing) deduped.set(key, {
-			...entry,
-			credentialKeys: [...entry.credentialKeys].sort(),
-			...entry.optionalCredentialKeys ? { optionalCredentialKeys: [...entry.optionalCredentialKeys].sort() } : {},
-			...entry.storedCredentialKeys ? { storedCredentialKeys: [...entry.storedCredentialKeys].sort() } : {},
-			...entry.optionalStoredCredentialKeys ? { optionalStoredCredentialKeys: [...entry.optionalStoredCredentialKeys].sort() } : {}
-		});
-		else if (entry.requiredOAuthScopes?.length) {
-			const merged = new Set([...existing.requiredOAuthScopes ?? [], ...entry.requiredOAuthScopes]);
-			deduped.set(key, {
-				...existing,
-				requiredOAuthScopes: [...merged].sort()
-			});
-		}
-	}
-	return [...deduped.values()];
-}
-function collectCredentialRequirementEntries(credentialRequirements) {
-	if (!credentialRequirements) return [];
-	return deduplicateCredentialRequirementEntries(Object.values(credentialRequirements.byStep ?? {}).flat());
-}
-const ExecutionIdentityPolicySchema = z.object({ subjectMode: z.enum(["never", "requiredWhenUserProvidedCredential"]) });
-/** A step's entry within a WorkflowManifest. Describes how a step is used in a workflow, not what the step itself is. */
-const WorkflowStepEntrySchema = z.object({
-	nodeId: z.string().min(1),
-	stepName: z.string().min(1),
-	label: z.string().min(1),
-	callKind: CallKindSchema,
-	stepId: z.string().min(1).optional(),
-	source: SourceLocationSchema.optional(),
-	astKind: z.string().min(1).optional(),
-	importSource: ImportSourceSchema.optional(),
-	outputBinding: z.string().min(1).optional(),
-	scopeOverride: IntegrationScopeSchema.optional(),
-	description: z.string().optional(),
-	sourceCode: z.string().optional(),
-	exportName: z.string().optional(),
-	inputSchema: JsonSchemaSchema.optional(),
-	outputSchema: JsonSchemaSchema.optional(),
-	credentialSets: z.array(ResolvedCredentialSetSchema).optional()
-});
-const TriggerTypeSchema = z.enum([
-	"webhook",
-	"cron",
-	"polling"
-]);
-/**
-* Persisted on `deployment_triggers.trigger_source`. Mirrors the
-* `webhookTrigger({ source: { type } })` discriminator so the server
-* can index-filter app-source rows during provider-webhook fanout.
-*/
-const TriggerSourceSchema = z.enum(["custom", "app"]);
-const WebhookMethodSchema = z.enum([
-	"GET",
-	"POST",
-	"PUT",
-	"PATCH"
-]);
-const TriggerCallbackBundleUploadSchema = z.object({
-	code: z.string(),
-	hash: z.string(),
-	size: z.number()
-});
-const TriggerCallbackExportsSchema = z.object({
-	verify: z.string().min(1).optional(),
-	filter: z.string().min(1).optional(),
-	idempotencyKey: z.string().min(1).optional(),
-	callback: z.string().min(1).optional()
-});
-const TransformCallbackExportsSchema = z.object({ transform: z.string().min(1).optional() });
-const TriggerUploadDataSchema = z.object({
-	id: z.string(),
-	type: TriggerTypeSchema,
-	/**
-	* Source-of-truth discriminator for webhook triggers. `'custom'` means
-	* the trigger owns its own HTTP path; `'app'` means it is fanned out by
-	* a Keystroke-managed provider app. Undefined for non-webhook triggers.
-	*/
-	triggerSource: TriggerSourceSchema.optional(),
-	enabled: z.boolean(),
-	path: z.string().optional(),
-	method: WebhookMethodSchema.optional(),
-	schedule: z.string().optional(),
-	timezone: z.string().optional(),
-	config: z.record(z.string(), z.unknown()).optional(),
-	requiredCredentials: TriggerCredentialRequirementsSchema.optional(),
-	storagePath: z.string().min(1).optional(),
-	callbackBundle: TriggerCallbackBundleUploadSchema.optional(),
-	callbackExports: TriggerCallbackExportsSchema.optional(),
-	transformCallbackBundle: TriggerCallbackBundleUploadSchema.optional(),
-	transformCallbackExports: TransformCallbackExportsSchema.optional()
-});
-//#endregion
-//#region ../../node_modules/.pnpm/cron-schedule@6.0.0/node_modules/cron-schedule/dist/utils.js
-function extractDateElements(date) {
-	return {
-		second: date.getSeconds(),
-		minute: date.getMinutes(),
-		hour: date.getHours(),
-		day: date.getDate(),
-		month: date.getMonth(),
-		weekday: date.getDay(),
-		year: date.getFullYear()
-	};
-}
-function getDaysInMonth(year, month) {
-	return new Date(year, month + 1, 0).getDate();
-}
-function getDaysBetweenWeekdays(weekday1, weekday2) {
-	if (weekday1 <= weekday2) return weekday2 - weekday1;
-	return 6 - weekday1 + weekday2 + 1;
-}
-//#endregion
-//#region ../../node_modules/.pnpm/cron-schedule@6.0.0/node_modules/cron-schedule/dist/cron.js
-var Cron = class {
-	constructor({ seconds, minutes, hours, days, months, weekdays }) {
-		if (!seconds || seconds.size === 0) throw new Error("There must be at least one allowed second.");
-		if (!minutes || minutes.size === 0) throw new Error("There must be at least one allowed minute.");
-		if (!hours || hours.size === 0) throw new Error("There must be at least one allowed hour.");
-		if (!months || months.size === 0) throw new Error("There must be at least one allowed month.");
-		if ((!weekdays || weekdays.size === 0) && (!days || days.size === 0)) throw new Error("There must be at least one allowed day or weekday.");
-		this.seconds = Array.from(seconds).sort((a, b) => a - b);
-		this.minutes = Array.from(minutes).sort((a, b) => a - b);
-		this.hours = Array.from(hours).sort((a, b) => a - b);
-		this.days = Array.from(days).sort((a, b) => a - b);
-		this.months = Array.from(months).sort((a, b) => a - b);
-		this.weekdays = Array.from(weekdays).sort((a, b) => a - b);
-		const validateData = (name, data, constraint) => {
-			if (data.some((x) => typeof x !== "number" || x % 1 !== 0 || x < constraint.min || x > constraint.max)) throw new Error(`${name} must only consist of integers which are within the range of ${constraint.min} and ${constraint.max}`);
-		};
-		validateData("seconds", this.seconds, {
-			min: 0,
-			max: 59
-		});
-		validateData("minutes", this.minutes, {
-			min: 0,
-			max: 59
-		});
-		validateData("hours", this.hours, {
-			min: 0,
-			max: 23
-		});
-		validateData("days", this.days, {
-			min: 1,
-			max: 31
-		});
-		validateData("months", this.months, {
-			min: 0,
-			max: 11
-		});
-		validateData("weekdays", this.weekdays, {
-			min: 0,
-			max: 6
-		});
-		this.reversed = {
-			seconds: this.seconds.map((x) => x).reverse(),
-			minutes: this.minutes.map((x) => x).reverse(),
-			hours: this.hours.map((x) => x).reverse(),
-			days: this.days.map((x) => x).reverse(),
-			months: this.months.map((x) => x).reverse(),
-			weekdays: this.weekdays.map((x) => x).reverse()
-		};
-	}
-	/**
-	* Find the next or previous hour, starting from the given start hour that matches the hour constraint.
-	* startHour itself might also be allowed.
-	*/
-	findAllowedHour(dir, startHour) {
-		return dir === "next" ? this.hours.find((x) => x >= startHour) : this.reversed.hours.find((x) => x <= startHour);
-	}
-	/**
-	* Find the next or previous minute, starting from the given start minute that matches the minute constraint.
-	* startMinute itself might also be allowed.
-	*/
-	findAllowedMinute(dir, startMinute) {
-		return dir === "next" ? this.minutes.find((x) => x >= startMinute) : this.reversed.minutes.find((x) => x <= startMinute);
-	}
-	/**
-	* Find the next or previous second, starting from the given start second that matches the second constraint.
-	* startSecond itself IS NOT allowed.
-	*/
-	findAllowedSecond(dir, startSecond) {
-		return dir === "next" ? this.seconds.find((x) => x > startSecond) : this.reversed.seconds.find((x) => x < startSecond);
-	}
-	/**
-	* Find the next or previous time, starting from the given start time that matches the hour, minute
-	* and second constraints. startTime itself might also be allowed.
-	*/
-	findAllowedTime(dir, startTime) {
-		let hour = this.findAllowedHour(dir, startTime.hour);
-		if (hour !== void 0) if (hour === startTime.hour) {
-			let minute = this.findAllowedMinute(dir, startTime.minute);
-			if (minute !== void 0) if (minute === startTime.minute) {
-				const second = this.findAllowedSecond(dir, startTime.second);
-				if (second !== void 0) return {
-					hour,
-					minute,
-					second
-				};
-				minute = this.findAllowedMinute(dir, dir === "next" ? startTime.minute + 1 : startTime.minute - 1);
-				if (minute !== void 0) return {
-					hour,
-					minute,
-					second: dir === "next" ? this.seconds[0] : this.reversed.seconds[0]
-				};
-			} else return {
-				hour,
-				minute,
-				second: dir === "next" ? this.seconds[0] : this.reversed.seconds[0]
-			};
-			hour = this.findAllowedHour(dir, dir === "next" ? startTime.hour + 1 : startTime.hour - 1);
-			if (hour !== void 0) return {
-				hour,
-				minute: dir === "next" ? this.minutes[0] : this.reversed.minutes[0],
-				second: dir === "next" ? this.seconds[0] : this.reversed.seconds[0]
-			};
-		} else return {
-			hour,
-			minute: dir === "next" ? this.minutes[0] : this.reversed.minutes[0],
-			second: dir === "next" ? this.seconds[0] : this.reversed.seconds[0]
-		};
-	}
-	/**
-	* Find the next or previous day in the given month, starting from the given startDay
-	* that matches either the day or the weekday constraint. startDay itself might also be allowed.
-	*/
-	findAllowedDayInMonth(dir, year, month, startDay) {
-		var _a, _b;
-		if (startDay < 1) throw new Error("startDay must not be smaller than 1.");
-		const daysInMonth = getDaysInMonth(year, month);
-		const daysRestricted = this.days.length !== 31;
-		const weekdaysRestricted = this.weekdays.length !== 7;
-		if (!daysRestricted && !weekdaysRestricted) {
-			if (startDay > daysInMonth) return dir === "next" ? void 0 : daysInMonth;
-			return startDay;
-		}
-		let allowedDayByDays;
-		if (daysRestricted) {
-			allowedDayByDays = dir === "next" ? this.days.find((x) => x >= startDay) : this.reversed.days.find((x) => x <= startDay);
-			if (allowedDayByDays !== void 0 && allowedDayByDays > daysInMonth) allowedDayByDays = void 0;
-		}
-		let allowedDayByWeekdays;
-		if (weekdaysRestricted) {
-			const startWeekday = new Date(year, month, startDay).getDay();
-			const nearestAllowedWeekday = dir === "next" ? (_a = this.weekdays.find((x) => x >= startWeekday)) !== null && _a !== void 0 ? _a : this.weekdays[0] : (_b = this.reversed.weekdays.find((x) => x <= startWeekday)) !== null && _b !== void 0 ? _b : this.reversed.weekdays[0];
-			if (nearestAllowedWeekday !== void 0) {
-				const daysBetweenWeekdays = dir === "next" ? getDaysBetweenWeekdays(startWeekday, nearestAllowedWeekday) : getDaysBetweenWeekdays(nearestAllowedWeekday, startWeekday);
-				allowedDayByWeekdays = dir === "next" ? startDay + daysBetweenWeekdays : startDay - daysBetweenWeekdays;
-				if (allowedDayByWeekdays > daysInMonth || allowedDayByWeekdays < 1) allowedDayByWeekdays = void 0;
-			}
-		}
-		if (allowedDayByDays !== void 0 && allowedDayByWeekdays !== void 0) return dir === "next" ? Math.min(allowedDayByDays, allowedDayByWeekdays) : Math.max(allowedDayByDays, allowedDayByWeekdays);
-		if (allowedDayByDays !== void 0) return allowedDayByDays;
-		if (allowedDayByWeekdays !== void 0) return allowedDayByWeekdays;
-	}
-	/** Gets the next date starting from the given start date or now. */
-	getNextDate(startDate = /* @__PURE__ */ new Date()) {
-		const startDateElements = extractDateElements(startDate);
-		let minYear = startDateElements.year;
-		let startIndexMonth = this.months.findIndex((x) => x >= startDateElements.month);
-		if (startIndexMonth === -1) {
-			startIndexMonth = 0;
-			minYear++;
-		}
-		const maxIterations = this.months.length * 5;
-		for (let i = 0; i < maxIterations; i++) {
-			const year = minYear + Math.floor((startIndexMonth + i) / this.months.length);
-			const month = this.months[(startIndexMonth + i) % this.months.length];
-			const isStartMonth = year === startDateElements.year && month === startDateElements.month;
-			let day = this.findAllowedDayInMonth("next", year, month, isStartMonth ? startDateElements.day : 1);
-			let isStartDay = isStartMonth && day === startDateElements.day;
-			if (day !== void 0 && isStartDay) {
-				const nextTime = this.findAllowedTime("next", startDateElements);
-				if (nextTime !== void 0) return new Date(year, month, day, nextTime.hour, nextTime.minute, nextTime.second);
-				day = this.findAllowedDayInMonth("next", year, month, day + 1);
-				isStartDay = false;
-			}
-			if (day !== void 0 && !isStartDay) return new Date(year, month, day, this.hours[0], this.minutes[0], this.seconds[0]);
-		}
-		throw new Error("No valid next date was found.");
-	}
-	/** Gets the specified amount of future dates starting from the given start date or now. */
-	getNextDates(amount, startDate) {
-		const dates = [];
-		let nextDate;
-		for (let i = 0; i < amount; i++) {
-			nextDate = this.getNextDate(nextDate !== null && nextDate !== void 0 ? nextDate : startDate);
-			dates.push(nextDate);
-		}
-		return dates;
-	}
-	/**
-	* Get an ES6 compatible iterator which iterates over the next dates starting from startDate or now.
-	* The iterator runs until the optional endDate is reached or forever.
-	*/
-	*getNextDatesIterator(startDate, endDate) {
-		let nextDate;
-		while (true) {
-			nextDate = this.getNextDate(nextDate !== null && nextDate !== void 0 ? nextDate : startDate);
-			if (endDate && endDate.getTime() < nextDate.getTime()) return;
-			yield nextDate;
-		}
-	}
-	/** Gets the previous date starting from the given start date or now. */
-	getPrevDate(startDate = /* @__PURE__ */ new Date()) {
-		const startDateElements = extractDateElements(startDate);
-		let maxYear = startDateElements.year;
-		let startIndexMonth = this.reversed.months.findIndex((x) => x <= startDateElements.month);
-		if (startIndexMonth === -1) {
-			startIndexMonth = 0;
-			maxYear--;
-		}
-		const maxIterations = this.reversed.months.length * 5;
-		for (let i = 0; i < maxIterations; i++) {
-			const year = maxYear - Math.floor((startIndexMonth + i) / this.reversed.months.length);
-			const month = this.reversed.months[(startIndexMonth + i) % this.reversed.months.length];
-			const isStartMonth = year === startDateElements.year && month === startDateElements.month;
-			let day = this.findAllowedDayInMonth("prev", year, month, isStartMonth ? startDateElements.day : getDaysInMonth(year, month));
-			let isStartDay = isStartMonth && day === startDateElements.day;
-			if (day !== void 0 && isStartDay) {
-				const prevTime = this.findAllowedTime("prev", startDateElements);
-				if (prevTime !== void 0) return new Date(year, month, day, prevTime.hour, prevTime.minute, prevTime.second);
-				if (day > 1) {
-					day = this.findAllowedDayInMonth("prev", year, month, day - 1);
-					isStartDay = false;
-				}
-			}
-			if (day !== void 0 && !isStartDay) return new Date(year, month, day, this.reversed.hours[0], this.reversed.minutes[0], this.reversed.seconds[0]);
-		}
-		throw new Error("No valid previous date was found.");
-	}
-	/** Gets the specified amount of previous dates starting from the given start date or now. */
-	getPrevDates(amount, startDate) {
-		const dates = [];
-		let prevDate;
-		for (let i = 0; i < amount; i++) {
-			prevDate = this.getPrevDate(prevDate !== null && prevDate !== void 0 ? prevDate : startDate);
-			dates.push(prevDate);
-		}
-		return dates;
-	}
-	/**
-	* Get an ES6 compatible iterator which iterates over the previous dates starting from startDate or now.
-	* The iterator runs until the optional endDate is reached or forever.
-	*/
-	*getPrevDatesIterator(startDate, endDate) {
-		let prevDate;
-		while (true) {
-			prevDate = this.getPrevDate(prevDate !== null && prevDate !== void 0 ? prevDate : startDate);
-			if (endDate && endDate.getTime() > prevDate.getTime()) return;
-			yield prevDate;
-		}
-	}
-	/** Returns true when there is a cron date at the given date. */
-	matchDate(date) {
-		const { second, minute, hour, day, month, weekday } = extractDateElements(date);
-		if (this.seconds.indexOf(second) === -1 || this.minutes.indexOf(minute) === -1 || this.hours.indexOf(hour) === -1 || this.months.indexOf(month) === -1) return false;
-		if (this.days.length !== 31 && this.weekdays.length !== 7) return this.days.indexOf(day) !== -1 || this.weekdays.indexOf(weekday) !== -1;
-		return this.days.indexOf(day) !== -1 && this.weekdays.indexOf(weekday) !== -1;
-	}
-};
-//#endregion
-//#region ../../node_modules/.pnpm/cron-schedule@6.0.0/node_modules/cron-schedule/dist/cron-parser.js
-const secondConstraint = {
-	min: 0,
-	max: 59
-};
-const minuteConstraint = {
-	min: 0,
-	max: 59
-};
-const hourConstraint = {
-	min: 0,
-	max: 23
-};
-const dayConstraint = {
-	min: 1,
-	max: 31
-};
-const monthConstraint = {
-	min: 1,
-	max: 12,
-	aliases: {
-		jan: "1",
-		feb: "2",
-		mar: "3",
-		apr: "4",
-		may: "5",
-		jun: "6",
-		jul: "7",
-		aug: "8",
-		sep: "9",
-		oct: "10",
-		nov: "11",
-		dec: "12"
-	}
-};
-const weekdayConstraint = {
-	min: 0,
-	max: 7,
-	aliases: {
-		mon: "1",
-		tue: "2",
-		wed: "3",
-		thu: "4",
-		fri: "5",
-		sat: "6",
-		sun: "7"
-	}
-};
-const timeNicknames = {
-	"@yearly": "0 0 1 1 *",
-	"@annually": "0 0 1 1 *",
-	"@monthly": "0 0 1 * *",
-	"@weekly": "0 0 * * 0",
-	"@daily": "0 0 * * *",
-	"@hourly": "0 * * * *",
-	"@minutely": "* * * * *"
-};
-function parseElement(element, constraint) {
-	const result = /* @__PURE__ */ new Set();
-	if (element === "*") {
-		for (let i = constraint.min; i <= constraint.max; i = i + 1) result.add(i);
-		return result;
-	}
-	const listElements = element.split(",");
-	if (listElements.length > 1) {
-		for (const listElement of listElements) {
-			const parsedListElement = parseElement(listElement, constraint);
-			for (const x of parsedListElement) result.add(x);
-		}
-		return result;
-	}
-	const parseSingleElement = (singleElement) => {
-		var _a, _b;
-		singleElement = (_b = (_a = constraint.aliases) === null || _a === void 0 ? void 0 : _a[singleElement.toLowerCase()]) !== null && _b !== void 0 ? _b : singleElement;
-		const parsedElement = Number.parseInt(singleElement, 10);
-		if (Number.isNaN(parsedElement)) throw new Error(`Failed to parse ${element}: ${singleElement} is NaN.`);
-		if (parsedElement < constraint.min || parsedElement > constraint.max) throw new Error(`Failed to parse ${element}: ${singleElement} is outside of constraint range of ${constraint.min} - ${constraint.max}.`);
-		return parsedElement;
-	};
-	const rangeSegments = /^(([0-9a-zA-Z]+)-([0-9a-zA-Z]+)|\*)(\/([0-9]+))?$/.exec(element);
-	if (rangeSegments === null) {
-		result.add(parseSingleElement(element));
-		return result;
-	}
-	let parsedStart = rangeSegments[1] === "*" ? constraint.min : parseSingleElement(rangeSegments[2]);
-	const parsedEnd = rangeSegments[1] === "*" ? constraint.max : parseSingleElement(rangeSegments[3]);
-	if (constraint === weekdayConstraint && parsedStart === 7 && parsedEnd !== 7) parsedStart = 0;
-	if (parsedStart > parsedEnd) throw new Error(`Failed to parse ${element}: Invalid range (start: ${parsedStart}, end: ${parsedEnd}).`);
-	const step = rangeSegments[5];
-	let parsedStep = 1;
-	if (step !== void 0) {
-		parsedStep = Number.parseInt(step, 10);
-		if (Number.isNaN(parsedStep)) throw new Error(`Failed to parse step: ${step} is NaN.`);
-		if (parsedStep < 1) throw new Error(`Failed to parse step: Expected ${step} to be greater than 0.`);
-	}
-	for (let i = parsedStart; i <= parsedEnd; i = i + parsedStep) result.add(i);
-	return result;
-}
-/** Parses a cron expression into a Cron instance. */
-function parseCronExpression(cronExpression) {
-	var _a;
-	if (typeof cronExpression !== "string") throw new TypeError("Invalid cron expression: must be of type string.");
-	cronExpression = (_a = timeNicknames[cronExpression.toLowerCase()]) !== null && _a !== void 0 ? _a : cronExpression;
-	const elements = cronExpression.split(" ").filter((elem) => elem.length > 0);
-	if (elements.length < 5 || elements.length > 6) throw new Error("Invalid cron expression: expected 5 or 6 elements.");
-	const rawSeconds = elements.length === 6 ? elements[0] : "0";
-	const rawMinutes = elements.length === 6 ? elements[1] : elements[0];
-	const rawHours = elements.length === 6 ? elements[2] : elements[1];
-	const rawDays = elements.length === 6 ? elements[3] : elements[2];
-	const rawMonths = elements.length === 6 ? elements[4] : elements[3];
-	const rawWeekdays = elements.length === 6 ? elements[5] : elements[4];
-	return new Cron({
-		seconds: parseElement(rawSeconds, secondConstraint),
-		minutes: parseElement(rawMinutes, minuteConstraint),
-		hours: parseElement(rawHours, hourConstraint),
-		days: parseElement(rawDays, dayConstraint),
-		months: new Set(Array.from(parseElement(rawMonths, monthConstraint)).map((x) => x - 1)),
-		weekdays: new Set(Array.from(parseElement(rawWeekdays, weekdayConstraint)).map((x) => x % 7))
-	});
-}
-//#endregion
-//#region ../../packages/workflow-core/src/shared/duration.ts
-const MULTIPLIERS = {
-	s: 1e3,
-	m: 6e4,
-	h: 36e5,
-	d: 864e5,
-	w: 6048e5,
-	y: 31536e6
-};
-/**
-* Convert a {@link Duration} value into milliseconds.
-*
-* Accepts the full Duration union: a positive integer (treated as ms)
-* or a string like "5s", "2m", "1h", "1d", "1w", "1y".
-*/
-function parseDurationToMs(duration) {
-	if (typeof duration === "number") return duration;
-	const match = duration.match(/^(\d+)([smhdwy])$/);
-	if (!match?.[1] || !match[2]) throw new Error(`Invalid duration format: "${duration}". Expected a positive integer or a string like "5s", "2m", "1h", "1d", "1w", "1y".`);
-	return Number.parseInt(match[1], 10) * MULTIPLIERS[match[2]];
-}
-//#endregion
-//#region ../../packages/workflow-core/src/shared/schedule.ts
-/**
-* shared/schedule.ts
-*
-* Unified schedule type that supports both simple intervals and cron expressions.
-* Can be used in both cron and polling triggers for maximum flexibility.
-*
-* Template literal types provide compile-time type safety.
-* Zod schemas with refinements provide runtime validation.
-*/
-const DurationSchema = z.union([z.number().int().positive().finite(), z.string().regex(/^[1-9]\d*[smhdwy]$/)]);
-const DurationStringSchema = z.string().refine((val) => /^\d+[smhdwy]$/.test(val), { message: "Invalid duration format. Must be a positive integer followed by s, m, h, d, w, or y (e.g., \"5m\", \"1h\")" }).refine((val) => {
-	const match = val.match(/^(\d+)[smhdwy]$/);
-	if (!match?.[1]) return false;
-	const num = Number.parseInt(match[1], 10);
-	return num > 0 && Number.isFinite(num);
-}, { message: "Duration value must be a positive integer greater than 0" });
-const CronExpressionSchema = z.string().superRefine((val, ctx) => {
-	try {
-		parseCronExpression(val);
-	} catch (error) {
-		const errorMessage = error instanceof Error ? error.message : "Invalid cron expression format";
-		ctx.addIssue({
-			code: "custom",
-			message: `Invalid cron expression: ${errorMessage}. Must be a valid 5-field cron: minute hour day month weekday (e.g., "0 9 * * *", "*/15 * * * *")`
-		});
-	}
-});
-const ScheduleSchema = z.union([
-	z.number().refine((val) => val > 0, { message: "Duration in milliseconds must be positive" }).refine(Number.isFinite, { message: "Duration in milliseconds must be finite" }).refine(Number.isInteger, { message: "Duration in milliseconds must be an integer" }),
-	DurationStringSchema,
-	CronExpressionSchema
-]);
-const IANATimezoneSchema = z.enum([
-	"UTC",
-	"GMT",
-	"Etc/UTC",
-	"Etc/GMT",
-	"America/New_York",
-	"America/Chicago",
-	"America/Denver",
-	"America/Los_Angeles",
-	"America/Phoenix",
-	"America/Anchorage",
-	"America/Toronto",
-	"America/Vancouver",
-	"America/Mexico_City",
-	"America/Sao_Paulo",
-	"America/Buenos_Aires",
-	"Europe/London",
-	"Europe/Paris",
-	"Europe/Berlin",
-	"Europe/Rome",
-	"Europe/Madrid",
-	"Europe/Amsterdam",
-	"Europe/Stockholm",
-	"Europe/Vienna",
-	"Europe/Zurich",
-	"Europe/Moscow",
-	"Europe/Athens",
-	"Europe/Dublin",
-	"Asia/Tokyo",
-	"Asia/Shanghai",
-	"Asia/Hong_Kong",
-	"Asia/Singapore",
-	"Asia/Seoul",
-	"Asia/Dubai",
-	"Asia/Kolkata",
-	"Asia/Bangkok",
-	"Asia/Jakarta",
-	"Asia/Manila",
-	"Asia/Taipei",
-	"Australia/Sydney",
-	"Australia/Melbourne",
-	"Australia/Brisbane",
-	"Australia/Perth",
-	"Australia/Adelaide",
-	"Pacific/Auckland",
-	"Pacific/Honolulu",
-	"Africa/Cairo",
-	"Africa/Johannesburg",
-	"Africa/Lagos",
-	"Africa/Nairobi",
-	"Asia/Riyadh",
-	"Asia/Tehran",
-	"Asia/Jerusalem",
-	"Asia/Doha"
-]);
-//#endregion
-export { idNoSpacesString as A, RetryConfigSchema as B, CredentialSetManifestSchema as C, anyZodSchemaSchema as D, CREDENTIAL_VISIBILITIES as E, schemaToJsonSchema as F, trimmedNonEmptyString as I, trimmedNonEmptyStringUnbounded as L, jsonValueSchema as M, optionalDescriptionString as N, createStructuralSchema as O, optionalTrimmedNonEmptyString as P, validateConfig as R, SourceLocationSchema as S, CREDENTIAL_KINDS as T, SHA256HashSchema as V, deduplicateCredentialRequirementEntries as _, CredentialRequirementsSchema as a, CapturedVariableSchema as b, IntegrationScopeSchema as c, TriggerSourceSchema as d, TriggerTypeSchema as f, collectCredentialRequirementEntries as g, WorkflowStepEntrySchema as h, parseDurationToMs as i, jsonSchemaObject as j, descriptionString as k, ResolvedCredentialSetSchema as l, WebhookMethodSchema as m, IANATimezoneSchema as n, DeclaredCredentialRequirementSchema as o, TriggerUploadDataSchema as p, ScheduleSchema as r, ExecutionIdentityPolicySchema as s, DurationSchema as t, TriggerCredentialRequirementsSchema as u, CallKindSchema as v, credentialSetConfigSchema as w, ImportSourceSchema as x, CallsiteFingerprintSchema as y, JsonSchemaSchema as z };