@keystrokehq/cli 0.0.19 → 0.0.20

package/dist/{import-module--8x5SLum-DjPUZr4i.mjs → import-module-y0glInUe-CfNsQNia.mjs}

@@ -1,11 +1,9 @@
 #!/usr/bin/env node
 
 import { n as findProjectRoot } from "./project-config-DudGRFPO.mjs";
-import { c as optionalDescriptionString$1, i as createStructuralSchema$1, l as optionalTrimmedNonEmptyString$1, o as idNoSpacesString, r as anyZodSchemaSchema$1, s as jsonSchemaObject$1, t as CredentialSetManifestSchema$1, u as trimmedNonEmptyString$1 } from "./schemas-BxFPUGWT.mjs";
-import { n as DeclaredCredentialRequirementSchema } from "./credential-requirements-Ob-7H-0F.mjs";
-import { a as FlowGraphSchema, i as WorkflowCoreManifestSchema, n as WORKFLOW_MANIFEST_SCHEMA_VERSION } from "./workflow-build-manifest-BKKW9D05.mjs";
-import { t as parseCronExpression } from "./cron-parser-Dw_cWzFu.mjs";
-import { t as runWithConcurrency } from "./concurrency-gXn9Rw8x-BTlfau8D.mjs";
+import { a as WorkflowCoreManifestSchema, o as FlowGraphSchema, r as WORKFLOW_MANIFEST_SCHEMA_VERSION, t as src_exports } from "./src-BHTjsZ9V.mjs";
+import { c as optionalDescriptionString, i as createStructuralSchema, l as optionalTrimmedNonEmptyString, o as idNoSpacesString, r as anyZodSchemaSchema, s as jsonSchemaObject, t as CredentialSetManifestSchema, u as trimmedNonEmptyString } from "./schemas-U2OzP9gP.mjs";
+import { t as runWithConcurrency } from "./concurrency-gXn9Rw8x-BSBbRfVp.mjs";
 import { createRequire } from "node:module";
 import * as os from "node:os";
 import * as path$1 from "node:path";
@@ -14,8 +12,9 @@ import { z } from "zod";
 import { execFile } from "node:child_process";
 import { randomUUID } from "node:crypto";
 import { promisify } from "node:util";
+import { cronTriggerManifestSchema, pollingTriggerManifestSchema, webhookTriggerManifestSchema } from "@keystrokehq/core/trigger";
 //#region ../../packages/core/src/mcp-server/schemas.ts
-const credentialSetInstanceSchema$3 = createStructuralSchema$1([
+const credentialSetInstanceSchema$1 = createStructuralSchema([
 	"id",
 	"auth",
 	"connections"
@@ -23,27 +22,27 @@ const credentialSetInstanceSchema$3 = createStructuralSchema$1([
 const McpTransportSchema = z.discriminatedUnion("type", [
 	z.object({
 		type: z.literal("stdio"),
-		command: trimmedNonEmptyString$1("Command"),
+		command: trimmedNonEmptyString("Command"),
 		args: z.array(z.string()).optional(),
 		env: z.record(z.string(), z.string()).optional()
 	}),
 	z.object({
 		type: z.literal("http"),
-		url: trimmedNonEmptyString$1("URL"),
+		url: trimmedNonEmptyString("URL"),
 		headers: z.record(z.string(), z.string()).optional()
 	}),
 	z.object({
 		type: z.literal("sse"),
-		url: trimmedNonEmptyString$1("URL"),
+		url: trimmedNonEmptyString("URL"),
 		headers: z.record(z.string(), z.string()).optional()
 	})
 ]);
 z.object({
-	id: trimmedNonEmptyString$1("MCP server ID"),
-	name: optionalTrimmedNonEmptyString$1("MCP server name"),
-	description: optionalDescriptionString$1("MCP server description"),
+	id: trimmedNonEmptyString("MCP server ID"),
+	name: optionalTrimmedNonEmptyString("MCP server name"),
+	description: optionalDescriptionString("MCP server description"),
 	transport: McpTransportSchema,
-	credentialSets: z.array(credentialSetInstanceSchema$3).optional(),
+	credentialSets: z.array(credentialSetInstanceSchema$1).optional(),
 	credentials: z.function().optional()
 });
 const McpServerManifestSchema = z.object({
@@ -53,7 +52,7 @@ const McpServerManifestSchema = z.object({
 	name: z.string().min(1),
 	description: z.string().optional(),
 	transport: McpTransportSchema,
-	credentialSets: z.array(CredentialSetManifestSchema$1),
+	credentialSets: z.array(CredentialSetManifestSchema),
 	credentialInjection: z.object({
 		env: z.record(z.string(), z.object({
 			credentialSetId: z.string().min(1),
@@ -67,7 +66,7 @@ const McpServerManifestSchema = z.object({
 });
 //#endregion
 //#region ../../packages/core/src/messaging-gateway/schemas.ts
-const credentialSetInstanceSchema$2 = createStructuralSchema$1([
+const credentialSetInstanceSchema = createStructuralSchema([
 	"id",
 	"auth",
 	"connections"
@@ -76,11 +75,11 @@ const MessagingGatewayModeSchema = z.enum(["platform", "custom"]);
 const MessagingGatewayCredentialScopeSchema = z.enum(["organization", "project"]);
 z.object({
 	id: idNoSpacesString("MessagingGateway id"),
-	name: optionalDescriptionString$1("MessagingGateway name"),
-	description: optionalDescriptionString$1("MessagingGateway description"),
+	name: optionalDescriptionString("MessagingGateway name"),
+	description: optionalDescriptionString("MessagingGateway description"),
 	provider: z.string().min(1, "MessagingGateway provider is required"),
 	mode: MessagingGatewayModeSchema,
-	credentialSet: credentialSetInstanceSchema$2,
+	credentialSet: credentialSetInstanceSchema,
 	credentialScope: MessagingGatewayCredentialScopeSchema.optional(),
 	appRef: z.string().min(1).optional()
 });
@@ -92,7 +91,7 @@ const MessagingGatewayManifestSchema = z.object({
 	description: z.string().optional(),
 	provider: z.string().min(1),
 	mode: MessagingGatewayModeSchema,
-	credentialSet: CredentialSetManifestSchema$1,
+	credentialSet: CredentialSetManifestSchema,
 	credentialScope: MessagingGatewayCredentialScopeSchema.optional(),
 	appRef: z.string().min(1).optional()
 });
@@ -118,7 +117,7 @@ const SandboxRuntimeSchema = z.object({
 const SandboxFileSourceSchema = z.discriminatedUnion("type", [z.object({
 	type: z.literal("git"),
 	/** Remote git URL to clone. */
-	url: trimmedNonEmptyString$1("Git URL"),
+	url: trimmedNonEmptyString("Git URL"),
 	/** Branch to clone. Omit for default branch. */
 	branch: z.string().optional(),
 	/**
@@ -130,7 +129,7 @@ const SandboxFileSourceSchema = z.discriminatedUnion("type", [z.object({
 }), z.object({
 	type: z.literal("local"),
 	/** Source path on the host (the dev's machine), resolved against project root. */
-	path: trimmedNonEmptyString$1("Local path"),
+	path: trimmedNonEmptyString("Local path"),
 	/**
 	* Where the file/dir lands inside the VM. Relative paths resolve
 	* against the sandbox `workdir`; absolute paths must stay under
@@ -139,9 +138,9 @@ const SandboxFileSourceSchema = z.discriminatedUnion("type", [z.object({
 	target: z.string().optional()
 })]);
 z.object({
-	id: optionalTrimmedNonEmptyString$1("Sandbox ID"),
-	name: optionalTrimmedNonEmptyString$1("Sandbox name"),
-	description: optionalDescriptionString$1("Sandbox description"),
+	id: optionalTrimmedNonEmptyString("Sandbox ID"),
+	name: optionalTrimmedNonEmptyString("Sandbox name"),
+	description: optionalDescriptionString("Sandbox description"),
 	runtime: SandboxRuntimeSchema.optional(),
 	fileSources: z.array(SandboxFileSourceSchema).optional(),
 	setupCommands: z.array(z.string()).optional()
@@ -170,18 +169,18 @@ const AgentThinkingLevelSchema = z.enum([
 	"high",
 	"xhigh"
 ]);
-const mcpServerInstanceSchema = createStructuralSchema$1([
+const mcpServerInstanceSchema = createStructuralSchema([
 	"id",
 	"transport",
 	"credentialSets"
 ], "a McpServer instance");
-const sandboxInstanceSchema = createStructuralSchema$1([
+const sandboxInstanceSchema = createStructuralSchema([
 	"id",
 	"runtime",
 	"fileSources",
 	"setupCommands"
 ], "a Sandbox instance");
-const messagingGatewayInstanceSchema = createStructuralSchema$1([
+const messagingGatewayInstanceSchema = createStructuralSchema([
 	"id",
 	"provider",
 	"mode",
@@ -199,14 +198,14 @@ const AgentToolCredentialSetReferenceSchema = z.object({
 	required: z.boolean()
 });
 z.object({
-	id: trimmedNonEmptyString$1("Agent ID"),
-	name: trimmedNonEmptyString$1("Agent name"),
-	description: optionalDescriptionString$1("Agent description"),
+	id: trimmedNonEmptyString("Agent ID"),
+	name: trimmedNonEmptyString("Agent name"),
+	description: optionalDescriptionString("Agent description"),
 	systemPrompt: z.string().min(1, { error: "System prompt is required" }),
-	model: trimmedNonEmptyString$1("Model"),
+	model: trimmedNonEmptyString("Model"),
 	thinkingLevel: AgentThinkingLevelSchema.optional(),
-	input: anyZodSchemaSchema$1.optional(),
-	output: anyZodSchemaSchema$1.optional(),
+	input: anyZodSchemaSchema.optional(),
+	output: anyZodSchemaSchema.optional(),
 	tools: z.array(z.unknown()).optional(),
 	mcpServers: z.array(mcpServerInstanceSchema).optional(),
 	sandbox: sandboxInstanceSchema.optional(),
@@ -230,10 +229,10 @@ const AgentManifestSchema = z.object({
 	systemPrompt: z.string(),
 	model: z.string(),
 	thinkingLevel: AgentThinkingLevelSchema,
-	input: jsonSchemaObject$1,
-	output: jsonSchemaObject$1,
+	input: jsonSchemaObject,
+	output: jsonSchemaObject,
 	maxSteps: z.number(),
-	credentialSets: z.array(CredentialSetManifestSchema$1).optional(),
+	credentialSets: z.array(CredentialSetManifestSchema).optional(),
 	tools: z.array(z.object({
 		id: z.string(),
 		displayName: z.string(),
@@ -253,792 +252,8 @@ const AgentManifestSchema = z.object({
 	sandbox: SandboxManifestSchema.optional(),
 	messaging: z.array(MessagingGatewayManifestSchema).optional()
 });
-z.string().length(64, "Must be 64 characters").regex(/^[a-f0-9]{64}$/i, "Must be hexadecimal").transform((value) => value);
-const JsonSchemaSchema = z.record(z.string(), z.unknown());
-z.object({
-	constant: z.object({
-		attempts: z.number().int().min(1).max(10),
-		seconds: z.number().positive()
-	}).optional(),
-	exponential: z.object({
-		attempts: z.number().int().min(1).max(10),
-		base: z.number().min(1).optional(),
-		multiplier: z.number().positive().optional()
-	}).optional()
-}).refine((data) => {
-	return data.constant !== void 0 !== (data.exponential !== void 0);
-}, { error: "Retry config must specify exactly one of constant or exponential strategy" });
-z.union([z.number().int().positive().finite(), z.string().regex(/^[1-9]\d*[smhdwy]$/)]);
-const DurationStringSchema = z.string().refine((val) => /^\d+[smhdwy]$/.test(val), { message: "Invalid duration format. Must be a positive integer followed by s, m, h, d, w, or y (e.g., \"5m\", \"1h\")" }).refine((val) => {
-	const match = val.match(/^(\d+)[smhdwy]$/);
-	if (!match?.[1]) return false;
-	const num = Number.parseInt(match[1], 10);
-	return num > 0 && Number.isFinite(num);
-}, { message: "Duration value must be a positive integer greater than 0" });
-const CronExpressionSchema = z.string().superRefine((val, ctx) => {
-	try {
-		parseCronExpression(val);
-	} catch (error) {
-		const errorMessage = error instanceof Error ? error.message : "Invalid cron expression format";
-		ctx.addIssue({
-			code: "custom",
-			message: `Invalid cron expression: ${errorMessage}. Must be a valid 5-field cron: minute hour day month weekday (e.g., "0 9 * * *", "*/15 * * * *")`
-		});
-	}
-});
-const ScheduleSchema = z.union([
-	z.number().refine((val) => val > 0, { message: "Duration in milliseconds must be positive" }).refine(Number.isFinite, { message: "Duration in milliseconds must be finite" }).refine(Number.isInteger, { message: "Duration in milliseconds must be an integer" }),
-	DurationStringSchema,
-	CronExpressionSchema
-]);
-const IANATimezoneSchema = z.enum([
-	"UTC",
-	"GMT",
-	"Etc/UTC",
-	"Etc/GMT",
-	"America/New_York",
-	"America/Chicago",
-	"America/Denver",
-	"America/Los_Angeles",
-	"America/Phoenix",
-	"America/Anchorage",
-	"America/Toronto",
-	"America/Vancouver",
-	"America/Mexico_City",
-	"America/Sao_Paulo",
-	"America/Buenos_Aires",
-	"Europe/London",
-	"Europe/Paris",
-	"Europe/Berlin",
-	"Europe/Rome",
-	"Europe/Madrid",
-	"Europe/Amsterdam",
-	"Europe/Stockholm",
-	"Europe/Vienna",
-	"Europe/Zurich",
-	"Europe/Moscow",
-	"Europe/Athens",
-	"Europe/Dublin",
-	"Asia/Tokyo",
-	"Asia/Shanghai",
-	"Asia/Hong_Kong",
-	"Asia/Singapore",
-	"Asia/Seoul",
-	"Asia/Dubai",
-	"Asia/Kolkata",
-	"Asia/Bangkok",
-	"Asia/Jakarta",
-	"Asia/Manila",
-	"Asia/Taipei",
-	"Australia/Sydney",
-	"Australia/Melbourne",
-	"Australia/Brisbane",
-	"Australia/Perth",
-	"Australia/Adelaide",
-	"Pacific/Auckland",
-	"Pacific/Honolulu",
-	"Africa/Cairo",
-	"Africa/Johannesburg",
-	"Africa/Lagos",
-	"Africa/Nairobi",
-	"Asia/Riyadh",
-	"Asia/Tehran",
-	"Asia/Jerusalem",
-	"Asia/Doha"
-]);
-//#endregion
-//#region ../../packages/core/dist/chunks/schema-RilQR7M-.mjs
-const MAX_JSON_DEPTH = 20;
-function buildJsonValueSchema(depth) {
-	const primitives = z.union([
-		z.string(),
-		z.number(),
-		z.boolean(),
-		z.null()
-	]);
-	if (depth <= 0) return primitives;
-	const nested = buildJsonValueSchema(depth - 1);
-	return z.union([
-		primitives,
-		z.array(nested),
-		z.record(z.string(), nested)
-	]);
-}
-const jsonValueSchema = buildJsonValueSchema(MAX_JSON_DEPTH);
-const jsonSchemaObject = z.record(z.string(), jsonValueSchema);
-const anyZodSchemaSchema = z.custom((value) => value instanceof z.ZodType, "Expected a Zod schema");
-const zodObjectSchema = z.custom((value) => value instanceof z.ZodObject, "Expected a Zod object schema");
-/**
-* Creates a Zod schema that validates an object structurally by checking
-* for required properties. This avoids `instanceof` checks which fail
-* when class definitions are duplicated across bundle boundaries.
-*/
-function createStructuralSchema(requiredKeys, label) {
-	return z.custom((value) => value != null && (typeof value === "object" || typeof value === "function") && requiredKeys.every((key) => key in value), `Expected ${label}`);
-}
-function trimmedNonEmptyString(fieldName) {
-	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(255, { error: `${fieldName} cannot exceed 255 characters` });
-}
-/**
-* Non-empty trimmed string for credential definition ids.
-* Allows namespaced ids such as `keystroke:slack` plus letters, numbers,
-* hyphens, and underscores.
-*/
-function credentialSetIdString(fieldName) {
-	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(255, { error: `${fieldName} cannot exceed 255 characters` }).refine((s) => /^[a-zA-Z0-9_:-]+$/.test(s), { error: `${fieldName} must only contain letters, numbers, hyphens, underscores, and colons` });
-}
-function optionalTrimmedNonEmptyString(fieldName) {
-	return trimmedNonEmptyString(fieldName).optional();
-}
-function descriptionString(fieldName) {
-	return z.string().trim().min(1, { error: `${fieldName} cannot be empty` }).max(1024, { error: `${fieldName} cannot exceed 1024 characters` });
-}
-function optionalDescriptionString(fieldName) {
-	return descriptionString(fieldName).optional();
-}
-//#endregion
-//#region ../../packages/core/dist/chunks/schemas-CUxIyWrr.mjs
-/**
-* Shared constants for the credential/connection system.
-* Defined in core (bottom of dependency chain) so all packages can import them.
-*/
-const CREDENTIAL_EXPOSURES = {
-	"user-runtime": "user-runtime",
-	"platform-only": "platform-only"
-};
-const credentialSetProxyInjectionSchema = z.object({
-	/** Substitute placeholder in HTTP headers (default: true). */
-	headers: z.boolean().optional(),
-	/** Substitute placeholder in the HTTP Basic Auth credential (default: true). */
-	basicAuth: z.boolean().optional(),
-	/** Substitute placeholder in URL query params (default: false).
-	*  Use for APIs that authenticate via `?api_key=...` (Google Maps, OWM, etc.). */
-	queryParams: z.boolean().optional(),
-	/** Substitute placeholder in the HTTP request body (default: false).
-	*  Use for form-encoded auth payloads (Stripe, AWS SigV4 query, etc.). */
-	body: z.boolean().optional()
-});
-const credentialSetProxyConfigSchema = z.object({
-	/** Exact-match host allowlist (forwarded to SecretBuilder.allowHost). */
-	hosts: z.array(z.string().min(1)).optional(),
-	/** Wildcard host allowlist (forwarded to SecretBuilder.allowHostPattern).
-	*  Example: `["*.browserbase.com"]` covers any subdomain. */
-	hostPatterns: z.array(z.string().min(1)).optional(),
-	/** Per-scope substitution toggles. Omit to use SDK defaults. */
-	injection: credentialSetProxyInjectionSchema.optional()
-});
-const onCredentialRevokedSchema = z.enum(["fail", "retry-once"]);
-const credentialExposureSchema = z.enum([CREDENTIAL_EXPOSURES["user-runtime"], CREDENTIAL_EXPOSURES["platform-only"]]);
-const connectionMetadataConfigSchema = z.object({
-	id: credentialSetIdString("Credential connection id").optional(),
-	label: optionalTrimmedNonEmptyString("Credential connection label"),
-	description: optionalDescriptionString("Credential connection description"),
-	recommended: z.boolean().optional(),
-	advanced: z.boolean().optional(),
-	needsRawSecret: z.boolean().optional()
-});
-const connectionMetadataManifestSchema = connectionMetadataConfigSchema;
-const registeredDescriptorSchema = z.object({
-	id: trimmedNonEmptyString("Registered descriptor id"),
-	config: z.record(z.string(), z.unknown()).optional()
-});
-const registeredResolverDescriptorSchema = registeredDescriptorSchema.extend({ cacheMs: z.number().int().nonnegative().optional() });
-const manualConnectionConfigSchema = connectionMetadataConfigSchema.extend({
-	kind: z.literal("manual"),
-	input: zodObjectSchema.optional(),
-	instructions: z.string().min(1).optional(),
-	validate: z.function().optional()
-});
-const manualConnectionFieldManifestSchema = z.object({
-	key: z.string().min(1),
-	label: z.string().min(1),
-	description: z.string().min(1).optional(),
-	optional: z.boolean(),
-	secret: z.literal(true)
-});
-const manualConnectionConfigManifestSchema = connectionMetadataManifestSchema.extend({
-	kind: z.literal("manual"),
-	input: jsonSchemaObject.optional(),
-	fields: z.array(manualConnectionFieldManifestSchema).optional(),
-	generated: z.boolean().optional(),
-	instructions: z.string().min(1).optional()
-});
-/** Declarative form of `Vault` — strings typed against the credential set's
-* stored/auth schema keys at the {@link CredentialSetConfig} boundary; the Zod
-* schema here enforces non-empty strings only. `CredentialSet` itself performs
-* the schema-key membership check at construction time. */
-const vaultMappingSchema = z.object({
-	accessToken: z.string().min(1),
-	refreshToken: z.string().min(1).optional(),
-	instanceUrl: z.string().min(1).optional(),
-	raw: z.record(z.string().min(1), z.string().min(1)).optional()
-});
-/** Function form of `Vault` — an object pairing the access-token vault key
-*  (`accessTokenKey`) with the `build` function that computes the full vault
-*  write map. The explicit key keeps the disconnect path's revocation read
-*  reliable even when `build` transforms the access token. */
-const vaultMappingFnSchema = z.object({
-	accessTokenKey: z.string().min(1),
-	build: z.custom((val) => typeof val === "function", { message: "vault.build must be a function." })
-});
-/** Runtime shape of `Vault`. Accepts either the declarative mapping or the
-*  function-form object `{ accessTokenKey, build }`. */
-const vaultConfigSchema = z.union([vaultMappingSchema, vaultMappingFnSchema], { error: "vault must be a declarative mapping object or a `{ accessTokenKey, build }` object." });
-/** Manifest projection of `Vault` — declarative mappings serialize verbatim;
-* function-form mappings serialize as `{ kind: 'function', accessTokenKey }`
-* since closures are not manifest-safe but the access-token key is. */
-const vaultManifestSchema = z.discriminatedUnion("kind", [z.object({
-	kind: z.literal("declarative"),
-	accessToken: z.string().min(1),
-	refreshToken: z.string().min(1).optional(),
-	instanceUrl: z.string().min(1).optional(),
-	raw: z.record(z.string().min(1), z.string().min(1)).optional()
-}), z.object({
-	kind: z.literal("function"),
-	accessTokenKey: z.string().min(1)
-})]);
-const oauthConnectionConfigBaseSchema = z.object({
-	kind: z.literal("oauth"),
-	authUrl: z.string().url(),
-	tokenUrl: z.string().url(),
-	scopes: z.array(z.string()).readonly(),
-	revokeUrl: z.string().url().nullable().optional(),
-	tokenType: z.enum(["long-lived", "refreshable"]),
-	pkce: z.boolean().optional(),
-	/** Fallback token lifetime when the provider omits `expires_in`. Positive
-	*  integer seconds. Shared between config + manifest schemas (both extend
-	*  this base). */
-	defaultExpiresInSeconds: z.number().int().positive().optional()
-});
-const oauthConnectionConfigSchema = oauthConnectionConfigBaseSchema.extend({
-	...connectionMetadataConfigSchema.shape,
-	vault: vaultConfigSchema,
-	oauth: registeredDescriptorSchema.optional(),
-	buildAuthUrl: z.function().optional(),
-	exchangeCode: z.function().optional(),
-	refreshToken: z.function().optional(),
-	extractInstallationInfo: z.function().optional(),
-	validate: z.function().optional()
-});
-const oauthConnectionConfigManifestSchema = oauthConnectionConfigBaseSchema.extend({
-	...connectionMetadataManifestSchema.shape,
-	vault: vaultManifestSchema,
-	oauth: registeredDescriptorSchema.optional()
-});
-const credentialsExchangeConnectionConfigSchema = connectionMetadataConfigSchema.extend({
-	kind: z.literal("credentials-exchange"),
-	instructions: z.string().min(1).optional(),
-	input: zodObjectSchema
-}).extend({
-	exchange: z.function(),
-	rotate: z.function().optional(),
-	validate: z.function().optional()
-});
-/** Manifest projection of `CredentialsExchangeConnectionConfig` — only the
-*  declarative `input` schema (rendered as JSON Schema) and `instructions`
-*  copy survive serialization. The three hooks (`exchange`, `rotate`,
-*  `validate`) are runtime closures and are stripped. */
-const credentialsExchangeConnectionConfigManifestSchema = z.object({
-	kind: z.literal("credentials-exchange"),
-	...connectionMetadataManifestSchema.shape,
-	instructions: z.string().min(1).optional(),
-	input: jsonSchemaObject
-});
-const exchangeCredentialConnectionConfigSchema = connectionMetadataConfigSchema.extend({
-	kind: z.literal("exchange"),
-	input: zodObjectSchema,
-	exchange: registeredDescriptorSchema
-});
-const exchangeCredentialConnectionManifestSchema = connectionMetadataManifestSchema.extend({
-	kind: z.literal("exchange"),
-	input: jsonSchemaObject,
-	exchange: registeredDescriptorSchema
-});
-const dynamicCredentialConnectionConfigSchema = connectionMetadataConfigSchema.extend({
-	kind: z.literal("dynamic"),
-	input: zodObjectSchema.optional(),
-	resolver: registeredResolverDescriptorSchema
-});
-const dynamicCredentialConnectionManifestSchema = connectionMetadataManifestSchema.extend({
-	kind: z.literal("dynamic"),
-	input: jsonSchemaObject.optional(),
-	resolver: registeredResolverDescriptorSchema
-});
-const platformCredentialConnectionConfigSchema = connectionMetadataConfigSchema.extend({ kind: z.literal("platform") });
-const platformCredentialConnectionManifestSchema = connectionMetadataManifestSchema.extend({ kind: z.literal("platform") });
-const connectionConfigSchema = z.discriminatedUnion("kind", [
-	manualConnectionConfigSchema,
-	oauthConnectionConfigSchema,
-	credentialsExchangeConnectionConfigSchema,
-	exchangeCredentialConnectionConfigSchema,
-	dynamicCredentialConnectionConfigSchema,
-	platformCredentialConnectionConfigSchema
-]);
-/** Manifest projection of `ConnectionConfig` — declarative metadata only. */
-const connectionConfigManifestSchema = z.discriminatedUnion("kind", [
-	manualConnectionConfigManifestSchema,
-	oauthConnectionConfigManifestSchema,
-	credentialsExchangeConnectionConfigManifestSchema,
-	exchangeCredentialConnectionManifestSchema,
-	dynamicCredentialConnectionManifestSchema,
-	platformCredentialConnectionManifestSchema
-]);
-const CredentialSetManifestSchema = z.object({
-	manifestVersion: z.literal(1),
-	type: z.literal("credentialSet"),
-	id: credentialSetIdString("Credential set id"),
-	name: trimmedNonEmptyString("Credential set name"),
-	description: optionalDescriptionString("Credential set description"),
-	auth: jsonSchemaObject,
-	exposure: credentialExposureSchema.optional(),
-	proxy: credentialSetProxyConfigSchema.optional(),
-	/** When true, resolved values are passed into execution as raw secrets (no ref-token proxy). */
-	needsRawSecret: z.boolean().optional(),
-	/** Policy when a step throws `CredentialRevokedError` against this credential set. */
-	onCredentialRevoked: onCredentialRevokedSchema.optional(),
-	connections: z.array(connectionConfigManifestSchema).optional()
-});
-z.object({
-	id: credentialSetIdString("Credential set id"),
-	name: optionalTrimmedNonEmptyString("Credential set name"),
-	description: optionalDescriptionString("Credential set description"),
-	auth: zodObjectSchema,
-	exposure: credentialExposureSchema.optional(),
-	proxy: credentialSetProxyConfigSchema.optional(),
-	/** When true, resolved values are passed into execution as raw secrets (no ref-token proxy). */
-	needsRawSecret: z.boolean().optional(),
-	onCredentialRevoked: onCredentialRevokedSchema.optional(),
-	connections: z.array(connectionConfigSchema).readonly().optional()
-});
-//#endregion
-//#region ../../packages/core/dist/chunks/schemas-B8U1MF_0.mjs
-const SourceLocationSchema = z.object({
-	filePath: z.string().min(1),
-	absoluteFilePath: z.string().min(1).optional(),
-	line: z.number().int().positive(),
-	column: z.number().int().positive(),
-	position: z.number().int().nonnegative().optional(),
-	endLine: z.number().int().positive(),
-	endColumn: z.number().int().positive(),
-	endPosition: z.number().int().nonnegative().optional(),
-	synthetic: z.boolean().optional()
-});
-z.string().min(1);
-const ImportSourceSchema = z.object({
-	kind: z.enum([
-		"local",
-		"module-import",
-		"namespace-import",
-		"dynamic"
-	]),
-	moduleSpecifier: z.string().min(1).optional(),
-	importName: z.string().min(1).optional(),
-	localName: z.string().min(1).optional(),
-	resolvedPath: z.string().min(1).optional()
-});
-const CallKindSchema = z.enum([
-	"workflow-step",
-	"agent",
-	"tool",
-	"hook",
-	"child-workflow",
-	"function-call",
-	"method-call",
-	"dynamic-call",
-	"parallel-call",
-	"process-exit",
-	"iife",
-	"expression"
-]);
-const CapturedVariableSourceKindSchema = z.enum([
-	"local-const",
-	"relative-import",
-	"package-import"
-]);
-const CapturedVariableValueTypeSchema = z.enum([
-	"string",
-	"number",
-	"boolean",
-	"object",
-	"array",
-	"function",
-	"unknown"
-]);
-z.object({
-	name: z.string().min(1),
-	value: z.union([
-		z.string(),
-		z.number(),
-		z.boolean()
-	]).optional(),
-	sourceText: z.string().optional(),
-	valueType: CapturedVariableValueTypeSchema,
-	resolvable: z.boolean(),
-	source: CapturedVariableSourceKindSchema,
-	importPath: z.string().optional(),
-	declaration: z.object({
-		filePath: z.string().min(1),
-		line: z.number().int().positive()
-	})
-});
-const IntegrationScopeSchema = z.enum([
-	"organization",
-	"project",
-	"user_provided_credential"
-]);
-const IntegrationCredentialRefSchema = z.discriminatedUnion("type", [z.object({
-	type: z.literal("id"),
-	id: z.string().startsWith("cset_")
-}), z.object({
-	type: z.literal("name"),
-	name: z.string().trim().min(1)
-})]);
-function hasProjectOrOrganizationScope(scope) {
-	return scope === "organization" || scope === "project";
-}
-const CredentialRefTokenKeyNameSchema = z.string().regex(/^[A-Za-z0-9_]+$/, "Credential key must contain only letters, digits, and underscores (required for ref-token proxying)");
-/** Shared enum for top-level credential-set `onCredentialRevoked` policy. */
-const OnCredentialRevokedSchema = z.enum(["fail", "retry-once"]);
-/** A credential set after resolution in a built manifest. Contains definition id, scope, alias, and credential keys.*/
-const ResolvedCredentialSetSchema = z.object({
-	resolvedId: z.string(),
-	scope: IntegrationScopeSchema.optional(),
-	alias: z.string().optional(),
-	credentialRef: IntegrationCredentialRefSchema.optional(),
-	/** Auth-shape keys expected post-resolve. */
-	credentialKeys: z.array(CredentialRefTokenKeyNameSchema),
-	/** Subset of `credentialKeys` that are optional in the auth shape. */
-	optionalCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Auth-shaped vault keys required for vault reads and upload flows. */
-	storedCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Subset of auth-shaped vault keys that may be absent from the vault without
-	* failing resolution. Derived from the credential set's `auth` schema. */
-	optionalStoredCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	proxy: credentialSetProxyConfigSchema.optional(),
-	/** When true, resolved values are passed raw (no ref-token proxy) for this set. */
-	needsRawSecret: z.boolean().optional(),
-	/** Policy when a step throws `CredentialRevokedError` against this credential set. */
-	onCredentialRevoked: OnCredentialRevokedSchema.optional(),
-	/** Persistence-layer schema fingerprint stamped at build time. The
-	* resolver's phase 2 compares this against the vault row's stored
-	* fingerprint and raises `CredentialSchemaMismatchError` on drift.
-	* Optional here so pre-fingerprint artifacts still parse; the
-	* workflow builder populates it for every authored credential set
-	* that has a resolvable fingerprint. */
-	schemaFingerprint: z.string().optional()
-}).superRefine((value, ctx) => {
-	if (value.credentialRef && !hasProjectOrOrganizationScope(value.scope)) ctx.addIssue({
-		code: z.ZodIssueCode.custom,
-		path: ["credentialRef"],
-		message: "credentialRef requires scope to be \"project\" or \"organization\""
-	});
-});
-z.object({
-	credentialSetId: z.string(),
-	/** Auth-shape keys expected post-resolve. */
-	credentialKeys: z.array(CredentialRefTokenKeyNameSchema),
-	/** Optional subset of the auth-shape keys. */
-	optionalCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Stored-shape keys required for vault reads. */
-	storedCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Optional subset of the stored-shape keys. */
-	optionalStoredCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	schemaFingerprint: z.string().optional(),
-	/** Policy when a step throws `CredentialRevokedError` against this credential set. */
-	onCredentialRevoked: OnCredentialRevokedSchema.optional(),
-	proxy: credentialSetProxyConfigSchema.optional(),
-	needsRawSecret: z.boolean().optional(),
-	requiredOAuthScopes: z.array(z.string()).optional()
-});
-const CredentialRequirementEntrySchema = z.object({
-	credentialSetId: z.string(),
-	scope: IntegrationScopeSchema.optional(),
-	alias: z.string().optional(),
-	credentialRef: IntegrationCredentialRefSchema.optional(),
-	/** Auth-shape keys expected post-resolve. */
-	credentialKeys: z.array(CredentialRefTokenKeyNameSchema),
-	/** Optional subset of the auth-shape keys. */
-	optionalCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Auth-shaped vault keys required for vault reads. */
-	storedCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	/** Optional subset of the stored-shape keys. */
-	optionalStoredCredentialKeys: z.array(CredentialRefTokenKeyNameSchema).optional(),
-	schemaFingerprint: z.string().optional(),
-	proxy: credentialSetProxyConfigSchema.optional(),
-	needsRawSecret: z.boolean().optional(),
-	/** Policy when a step throws `CredentialRevokedError` against this credential set. */
-	onCredentialRevoked: OnCredentialRevokedSchema.optional(),
-	requiredOAuthScopes: z.array(z.string()).optional()
-}).superRefine((value, ctx) => {
-	if (value.credentialRef && !hasProjectOrOrganizationScope(value.scope)) ctx.addIssue({
-		code: z.ZodIssueCode.custom,
-		path: ["credentialRef"],
-		message: "credentialRef requires scope to be \"project\" or \"organization\""
-	});
-});
-z.object({
-	required: z.array(z.string()),
-	byStep: z.record(z.string(), z.array(CredentialRequirementEntrySchema))
-});
-const TriggerCallbackNameSchema = z.enum([
-	"filter",
-	"idempotencyKey",
-	"verify",
-	"callback"
-]);
-const TriggerCredentialRequirementEntrySchema = CredentialRequirementEntrySchema;
-const TriggerCredentialRequirementsSchema = z.object({
-	required: z.array(z.string()),
-	byCallback: z.partialRecord(TriggerCallbackNameSchema, z.array(TriggerCredentialRequirementEntrySchema))
-});
-const ExecutionIdentityPolicySchema = z.object({ subjectMode: z.enum(["never", "requiredWhenUserProvidedCredential"]) });
-z.object({
-	nodeId: z.string().min(1),
-	stepName: z.string().min(1),
-	label: z.string().min(1),
-	callKind: CallKindSchema,
-	stepId: z.string().min(1).optional(),
-	source: SourceLocationSchema.optional(),
-	astKind: z.string().min(1).optional(),
-	importSource: ImportSourceSchema.optional(),
-	outputBinding: z.string().min(1).optional(),
-	scopeOverride: IntegrationScopeSchema.optional(),
-	description: z.string().optional(),
-	sourceCode: z.string().optional(),
-	exportName: z.string().optional(),
-	inputSchema: JsonSchemaSchema.optional(),
-	outputSchema: JsonSchemaSchema.optional(),
-	credentialSets: z.array(ResolvedCredentialSetSchema).optional()
-});
-const TriggerTypeSchema = z.enum([
-	"webhook",
-	"cron",
-	"polling"
-]);
-/**
-* Persisted on `deployment_triggers.trigger_source`. Mirrors the
-* `webhookTrigger({ source: { type } })` discriminator so the server
-* can index-filter app-source rows during provider-webhook fanout.
-*/
-const TriggerSourceSchema = z.enum(["custom", "app"]);
-const WebhookMethodSchema$1 = z.enum([
-	"GET",
-	"POST",
-	"PUT",
-	"PATCH"
-]);
-const TriggerCallbackBundleUploadSchema = z.object({
-	code: z.string(),
-	hash: z.string(),
-	size: z.number()
-});
-const TriggerCallbackExportsSchema = z.object({
-	verify: z.string().min(1).optional(),
-	filter: z.string().min(1).optional(),
-	idempotencyKey: z.string().min(1).optional(),
-	callback: z.string().min(1).optional()
-});
-const TransformCallbackExportsSchema = z.object({ transform: z.string().min(1).optional() });
-z.object({
-	id: z.string(),
-	type: TriggerTypeSchema,
-	/**
-	* Source-of-truth discriminator for webhook triggers. `'custom'` means
-	* the trigger owns its own HTTP path; `'app'` means it is fanned out by
-	* a Keystroke-managed provider app. Undefined for non-webhook triggers.
-	*/
-	triggerSource: TriggerSourceSchema.optional(),
-	enabled: z.boolean(),
-	path: z.string().optional(),
-	method: WebhookMethodSchema$1.optional(),
-	schedule: z.string().optional(),
-	timezone: z.string().optional(),
-	config: z.record(z.string(), z.unknown()).optional(),
-	requiredCredentials: TriggerCredentialRequirementsSchema.optional(),
-	storagePath: z.string().min(1).optional(),
-	callbackBundle: TriggerCallbackBundleUploadSchema.optional(),
-	callbackExports: TriggerCallbackExportsSchema.optional(),
-	transformCallbackBundle: TriggerCallbackBundleUploadSchema.optional(),
-	transformCallbackExports: TransformCallbackExportsSchema.optional()
-});
-const credentialSetInstanceSchema$1 = createStructuralSchema([
-	"id",
-	"auth",
-	"connections"
-], "a CredentialSet instance");
-const TriggerModeDefaultSchema = z.enum(["managed", "subscribable"]);
-const TriggerCallbackPresenceSchema = z.object({
-	filter: z.boolean(),
-	idempotencyKey: z.boolean(),
-	poll: z.boolean().optional(),
-	transformAllowed: z.boolean(),
-	verify: z.boolean().optional()
-});
-const TriggerRuntimeDescriptorSchema = z.object({ callbacks: TriggerCallbackPresenceSchema });
-z.object({
-	manifestVersion: z.literal(1),
-	type: z.literal("trigger"),
-	triggerType: TriggerTypeSchema,
-	name: trimmedNonEmptyString("Trigger name"),
-	description: descriptionString("Trigger description"),
-	enabled: z.boolean(),
-	modeDefault: TriggerModeDefaultSchema,
-	executionIdentityPolicy: ExecutionIdentityPolicySchema.optional(),
-	credentialSets: z.array(CredentialSetManifestSchema).optional(),
-	runtime: TriggerRuntimeDescriptorSchema
-});
-const triggerBaseConfigSchema = z.object({
-	credentialSets: z.array(credentialSetInstanceSchema$1).optional(),
-	description: descriptionString("Trigger description"),
-	enabled: z.boolean().default(true),
-	executionIdentityPolicy: ExecutionIdentityPolicySchema.optional(),
-	modeDefault: TriggerModeDefaultSchema.default("managed"),
-	name: trimmedNonEmptyString("Trigger name")
-});
-triggerBaseConfigSchema.extend({
-	input: anyZodSchemaSchema,
-	payload: z.custom((value) => {
-		return jsonValueSchema.safeParse(value).success;
-	}, "Expected a JSON-serializable payload"),
-	schedule: ScheduleSchema,
-	timezone: IANATimezoneSchema.optional()
-});
-const cronTriggerRuntimeSchema = TriggerRuntimeDescriptorSchema.extend({
-	input: jsonSchemaObject,
-	payloadMode: z.literal("static"),
-	schedule: z.string(),
-	timezone: z.string().optional()
-});
-const cronTriggerManifestSchema = z.object({
-	manifestVersion: z.literal(1),
-	type: z.literal("trigger"),
-	triggerType: z.literal("cron"),
-	name: trimmedNonEmptyString("Trigger name"),
-	description: descriptionString("Trigger description"),
-	enabled: z.boolean(),
-	modeDefault: z.enum(["managed", "subscribable"]),
-	executionIdentityPolicy: triggerBaseConfigSchema.shape.executionIdentityPolicy,
-	credentialSets: z.array(CredentialSetManifestSchema).optional(),
-	runtime: cronTriggerRuntimeSchema,
-	/** Static payload for cron triggers — the workflow input when this trigger fires */
-	payload: jsonValueSchema.optional()
-});
-z.object({
-	lastPolledAt: z.string().optional(),
-	lastResponse: z.unknown().optional()
-});
-triggerBaseConfigSchema.extend({
-	poll: z.function(),
-	filter: z.function().optional(),
-	idempotencyKey: z.function().optional(),
-	response: anyZodSchemaSchema,
-	schedule: ScheduleSchema
-});
-const pollingTriggerRuntimeSchema = TriggerRuntimeDescriptorSchema.extend({
-	response: jsonSchemaObject,
-	schedule: z.string(),
-	state: z.object({
-		lastPolledAt: z.literal(true),
-		lastResponse: z.literal(true)
-	})
-});
-const pollingTriggerManifestSchema = z.object({
-	manifestVersion: z.literal(1),
-	type: z.literal("trigger"),
-	triggerType: z.literal("polling"),
-	name: trimmedNonEmptyString("Trigger name"),
-	description: descriptionString("Trigger description"),
-	enabled: z.boolean(),
-	modeDefault: z.enum(["managed", "subscribable"]),
-	executionIdentityPolicy: triggerBaseConfigSchema.shape.executionIdentityPolicy,
-	credentialSets: z.array(CredentialSetManifestSchema).optional(),
-	runtime: pollingTriggerRuntimeSchema
-});
-const WebhookMethodSchema = z.enum([
-	"PATCH",
-	"POST",
-	"PUT"
-]);
-z.object({
-	method: z.string(),
-	path: z.string(),
-	query: z.record(z.string(), z.union([
-		z.string(),
-		z.array(z.string()),
-		z.undefined()
-	])),
-	headers: z.record(z.string(), z.string().optional()),
-	rawBody: z.string()
-});
-const WebhookResponseConfigSchema = z.object({
-	ignoredBody: jsonValueSchema.optional(),
-	ignoredStatus: z.number().int().positive().optional(),
-	successBody: jsonValueSchema.optional(),
-	successStatus: z.number().int().positive().optional()
-});
-/**
-* Custom webhook trigger paths describe the suffix that a request URL has
-* after the organization id. The router serves these triggers at
-* `/api/v1/webhooks/{orgId}{path}` (e.g. `path: '/orders'` → request
-* `/api/v1/webhooks/{orgId}/orders`). Authors must therefore supply only the
-* trailing path segment, not the `/webhooks/` prefix that the route already
-* provides.
-*/
-const webhookPathSchema = z.string().trim().min(1, { error: "Webhook path cannot be empty" }).max(50, { error: "Webhook path cannot exceed 50 characters" }).refine((s) => !/\s/.test(s), { error: "Webhook path cannot contain spaces or whitespace" }).refine((s) => s.startsWith("/"), { error: "Webhook path must start with /" }).refine((s) => s.length > 1, { error: "Webhook path must include a path segment after the leading \"/\"" }).refine((s) => !/^\/webhooks(\/|$)/i.test(s), { error: "Webhook path must not start with \"/webhooks\". Provide just the suffix that follows the organization id in the URL — e.g. use \"/orders\" for a webhook served at \"/api/v1/webhooks/{orgId}/orders\"." });
-const credentialSetInstanceSchema = createStructuralSchema([
-	"id",
-	"auth",
-	"connections"
-], "a CredentialSet instance");
-const webhookCustomSourceConfigSchema = z.object({
-	type: z.literal("custom"),
-	method: WebhookMethodSchema,
-	path: webhookPathSchema,
-	verify: z.function().optional(),
-	response: WebhookResponseConfigSchema.optional(),
-	credentialSets: z.array(credentialSetInstanceSchema).optional()
-});
-const webhookAppSourceConfigSchema = z.object({
-	type: z.literal("app"),
-	appRef: trimmedNonEmptyString("appRef")
-});
-const webhookSourceConfigSchema = z.discriminatedUnion("type", [webhookCustomSourceConfigSchema, webhookAppSourceConfigSchema]);
-const webhookCustomSourceManifestSchema = z.object({
-	type: z.literal("custom"),
-	method: WebhookMethodSchema,
-	path: z.string().min(1).max(1024),
-	response: WebhookResponseConfigSchema.optional()
-});
-const webhookAppSourceManifestSchema = z.object({
-	type: z.literal("app"),
-	appRef: trimmedNonEmptyString("appRef")
-});
-const WebhookSourceManifestSchema = z.discriminatedUnion("type", [webhookCustomSourceManifestSchema, webhookAppSourceManifestSchema]);
-triggerBaseConfigSchema.omit({ credentialSets: true }).extend({
-	source: webhookSourceConfigSchema,
-	payload: anyZodSchemaSchema.optional(),
-	filter: z.function().optional(),
-	idempotencyKey: z.function().optional()
-});
-const webhookTriggerRuntimeSchema = TriggerRuntimeDescriptorSchema.extend({
-	source: WebhookSourceManifestSchema,
-	payload: jsonSchemaObject
-});
-const webhookTriggerManifestSchema = z.object({
-	manifestVersion: z.literal(1),
-	type: z.literal("trigger"),
-	triggerType: z.literal("webhook"),
-	name: trimmedNonEmptyString("Trigger name"),
-	description: descriptionString("Trigger description"),
-	enabled: z.boolean(),
-	modeDefault: z.enum(["managed", "subscribable"]),
-	executionIdentityPolicy: triggerBaseConfigSchema.shape.executionIdentityPolicy,
-	credentialSets: z.array(CredentialSetManifestSchema).optional(),
-	runtime: webhookTriggerRuntimeSchema
-});
-z.unknown();
 //#endregion
-//#region ../../packages/workflow-builder/dist/import-module--8x5SLum.mjs
+//#region ../../packages/workflow-builder/dist/import-module-y0glInUe.mjs
 var DiscoveryError = class extends Error {
 	code;
 	filePath;
@@ -2178,7 +1393,7 @@ function isTriggerLike(value) {
     value != null &&
     (typeof value === 'object' || typeof value === 'function') &&
     typeof value.toManifest === 'function' &&
-    typeof value.name === 'string'
+    typeof value.id === 'string'
   );
 }
 
@@ -2189,7 +1404,7 @@ function isBoundTriggerLike(value) {
     value.isBoundTrigger === true &&
     value.trigger != null &&
     typeof value.trigger.toManifest === 'function' &&
-    typeof value.trigger.name === 'string'
+    typeof value.trigger.id === 'string'
   );
 }
 
@@ -2206,18 +1421,17 @@ function getTriggerCandidate(value) {
 function describeTriggerEntry(entry) {
   if (entry && typeof entry === 'object') {
     if ('isBoundTrigger' in entry && entry.isBoundTrigger === true && entry.trigger) {
-      return entry.trigger.name ?? '<unknown trigger>';
+      return entry.trigger.id ?? '<unknown trigger>';
     }
-    if ('name' in entry && typeof entry.name === 'string') {
-      return entry.name;
+    if ('id' in entry && typeof entry.id === 'string') {
+      return entry.id;
     }
   }
   return '<unknown trigger>';
 }
 
 function findTriggerSource(entry, trigger, workflowMod, workflowFilePath, siblingModules) {
-  const triggerName = trigger.name;
-  // First, check if the trigger is re-exported from the workflow module (identity check)
+  const triggerId = trigger.id;
   for (const [name, exp] of Object.entries(workflowMod)) {
     const candidate = getTriggerCandidate(exp);
     if (exp === entry || exp === trigger || candidate === trigger) {
@@ -2233,13 +1447,13 @@ function findTriggerSource(entry, trigger, workflowMod, workflowFilePath, siblin
         exp === entry ||
         exp === trigger ||
         candidate === trigger ||
-        candidate?.name === triggerName
+        candidate?.id === triggerId
       ) {
         siblingMatches.push({ triggerExportName: name, sourceFilePath: filePath });
         continue;
       }
 
-      if (isBoundTriggerLike(exp) && exp.trigger.name === triggerName) {
+      if (isBoundTriggerLike(exp) && exp.trigger.id === triggerId) {
         siblingMatches.push({ triggerExportName: name, sourceFilePath: filePath });
       }
     }
@@ -2251,7 +1465,7 @@ function findTriggerSource(entry, trigger, workflowMod, workflowFilePath, siblin
       .join(', ');
     throw new Error(
       'Ambiguous trigger source for "' +
-        triggerName +
+        triggerId +
         '" in ' +
         workflowFilePath +
         '. Matching sibling exports: ' +
@@ -2280,9 +1494,6 @@ async function discoverTriggers(workflow, mod, workflowFilePath) {
       const trigger = isBound ? entry.trigger : entry;
       const triggerManifest = trigger.toManifest();
       const hasTransform = isBound && typeof entry.transform === 'function';
-      const hasFilter = isBound
-        ? typeof entry.filter === 'function'
-        : typeof trigger.filter === 'function';
       const { triggerExportName, sourceFilePath } = findTriggerSource(
         entry,
         trigger,
@@ -2290,7 +1501,6 @@ async function discoverTriggers(workflow, mod, workflowFilePath) {
         workflowFilePath,
         siblingModules
       );
-      // For cron triggers, capture the static payload for runtime use
       const staticPayload =
         triggerManifest.triggerType === 'cron' && 'payload' in trigger
           ? trigger.payload
@@ -2300,16 +1510,15 @@ async function discoverTriggers(workflow, mod, workflowFilePath) {
         triggerExportName,
         sourceFilePath,
         hasTransform,
-        hasFilter,
         staticPayload,
         triggerIndex,
       });
     } catch (error) {
-      const triggerName = describeTriggerEntry(entry);
+      const triggerLabel = describeTriggerEntry(entry);
       const message = serializeError(error);
       throw new Error(
         'Failed to discover trigger "' +
-          triggerName +
+          triggerLabel +
           '" for workflow "' +
           workflow.name +
           '": ' +
@@ -2508,7 +1717,6 @@ const LoadedWorkflowTriggerSchema = z.object({
 	triggerExportName: z.string().optional(),
 	sourceFilePath: z.string().optional(),
 	hasTransform: z.boolean(),
-	hasFilter: z.boolean(),
 	staticPayload: z.unknown().optional(),
 	triggerIndex: z.number()
 });
@@ -2517,7 +1725,7 @@ const LoaderTimingSchema = z.object({
 	manifestMs: z.number(),
 	flowGraphMs: z.number()
 });
-const DeclaredCredentialEntrySchema = DeclaredCredentialRequirementSchema;
+const DeclaredCredentialEntrySchema = src_exports.DeclaredCredentialRequirementSchema;
 const CredentialsByCallsiteFingerprintSchema = z.record(z.string(), z.array(DeclaredCredentialEntrySchema));
 const CredentialAttributionWarningSchema = z.object({
 	category: z.literal("unmatched-callsite"),