@keystrokehq/cli 0.0.29 → 0.0.31

package/dist/credentials-CsncZ52a.mjs

@@ -0,0 +1,460 @@
+#!/usr/bin/env node
+
+import { n as JsonOptionSchema, t as JSON_OPTION_CONFIG } from "./output-BWcVRt-T.mjs";
+import { t as createTypedCommand } from "./commander-BlrSdFcu.mjs";
+import { i as CredentialScopeValues, n as CredentialConnectionIdSchema, r as CredentialScopeSchema } from "./schema-DFJiNWyd.mjs";
+import { t as ConnectionKindValues } from "./api-BK3EhPvs.mjs";
+import { z } from "zod";
+//#region ../../packages/shared-types/src/credentials/models/definition-records.ts
+const JsonRecordSchema = z.record(z.string(), z.unknown());
+const CredentialDefinitionSourceSchema = z.enum(["official", "custom"]);
+const CredentialExposureSchema = z.enum(["user-runtime", "platform-only"]);
+const CredentialDefinitionRoleValues = [
+	"connection",
+	"provider-app-definition",
+	"webhook-secret",
+	"other"
+];
+const CredentialDefinitionRoleSchema = z.enum(CredentialDefinitionRoleValues);
+const CredentialRevocationPolicySchema = z.enum(["fail", "retry-once"]);
+z.object({
+	definitionKey: z.string().min(1),
+	id: z.string().min(1),
+	organizationId: z.uuid().nullable().optional(),
+	source: CredentialDefinitionSourceSchema,
+	displayName: z.string().min(1),
+	description: z.string().optional(),
+	exposure: CredentialExposureSchema,
+	role: CredentialDefinitionRoleSchema,
+	authSchemaJson: JsonRecordSchema,
+	credentialKeys: z.array(z.string()),
+	optionalCredentialKeys: z.array(z.string()),
+	storedCredentialKeys: z.array(z.string()),
+	optionalStoredCredentialKeys: z.array(z.string()),
+	schemaFingerprint: z.string().min(1),
+	proxyConfig: JsonRecordSchema.optional(),
+	needsRawSecret: z.boolean(),
+	onCredentialRevoked: CredentialRevocationPolicySchema.optional()
+});
+const CredentialConnectionDefinitionKindSchema = z.enum([
+	"manual",
+	"oauth",
+	"credentials-exchange",
+	"exchange",
+	"dynamic",
+	"platform"
+]);
+const OAuthClientPolicySchema = z.discriminatedUnion("kind", [z.object({
+	kind: z.literal("official-provider-app"),
+	provider: z.string().min(1),
+	variant: z.string().min(1).optional()
+}), z.object({
+	kind: z.literal("custom-provider-app"),
+	providerAppDefinitionId: z.string().min(1)
+})]);
+const CredentialLifecycleHttpMethodSchema = z.enum([
+	"GET",
+	"POST",
+	"PATCH",
+	"PUT",
+	"DELETE"
+]);
+const CredentialLifecycleValueSelectorSchema = z.lazy(() => z.discriminatedUnion("kind", [
+	z.object({
+		kind: z.literal("path"),
+		/** Empty path selects the whole source object. */
+		path: z.string()
+	}),
+	z.object({
+		kind: z.literal("object"),
+		fields: z.record(z.string(), CredentialLifecycleValueSelectorSchema)
+	}),
+	z.object({
+		kind: z.literal("first-array-item"),
+		path: z.string().min(1),
+		where: z.object({
+			path: z.string().min(1),
+			equals: z.union([
+				z.string(),
+				z.number(),
+				z.boolean(),
+				z.null()
+			])
+		}).optional(),
+		fallbackToFirst: z.boolean().optional(),
+		requirePaths: z.array(z.string().min(1)).optional(),
+		fields: z.record(z.string(), CredentialLifecycleValueSelectorSchema)
+	}),
+	z.object({
+		kind: z.literal("coalesce"),
+		/**
+		* Selectors evaluated in order. The first one that resolves to a value
+		* other than `undefined`, `null`, or the empty string wins.
+		*/
+		selectors: z.array(CredentialLifecycleValueSelectorSchema).min(1)
+	})
+]));
+const CredentialLifecycleTemplateSchema = z.lazy(() => z.union([
+	z.string(),
+	z.number(),
+	z.boolean(),
+	z.null(),
+	z.array(CredentialLifecycleTemplateSchema),
+	z.object({
+		kind: z.literal("template"),
+		/** Interpolates {{input.foo}} and {{previous.bar}} from trusted runtime data. */
+		value: z.string()
+	}),
+	z.record(z.string(), CredentialLifecycleTemplateSchema)
+]));
+const OAuthLifecycleConfigSchema = z.object({
+	kind: z.literal("oauth"),
+	authorization: z.object({
+		scopeDelimiter: z.string().min(1).optional(),
+		omitScope: z.boolean().optional(),
+		extraParams: z.record(z.string(), z.string()).optional()
+	}).optional(),
+	tokenRequest: z.object({
+		auth: z.enum(["body", "basic"]).optional(),
+		bodyFormat: z.enum(["form-urlencoded", "json"]).optional(),
+		requireSuccessFlag: z.object({
+			key: z.string().min(1),
+			errorKey: z.string().min(1).optional()
+		}).optional()
+	}).optional(),
+	postTokenRequests: z.array(z.object({
+		phases: z.array(z.enum(["exchange", "refresh"])).optional(),
+		url: z.string().min(1),
+		method: CredentialLifecycleHttpMethodSchema.optional(),
+		headers: z.record(z.string(), z.string()).optional(),
+		body: z.unknown().optional(),
+		required: z.boolean().optional(),
+		stash: z.record(z.string(), CredentialLifecycleValueSelectorSchema)
+	})).optional(),
+	installation: z.object({
+		externalInstallationId: CredentialLifecycleValueSelectorSchema.optional(),
+		externalWorkspaceId: CredentialLifecycleValueSelectorSchema.optional(),
+		externalBotUserId: CredentialLifecycleValueSelectorSchema.optional(),
+		metadata: z.record(z.string(), CredentialLifecycleValueSelectorSchema).optional()
+	}).optional(),
+	vault: z.object({
+		accessToken: z.string().min(1).optional(),
+		refreshToken: z.string().min(1).optional(),
+		instanceUrl: z.string().min(1).optional(),
+		raw: z.record(z.string(), CredentialLifecycleValueSelectorSchema).optional()
+	}).optional()
+});
+const ManualLifecycleConfigSchema = z.object({
+	kind: z.literal("manual"),
+	validation: z.object({
+		kind: z.literal("http"),
+		method: CredentialLifecycleHttpMethodSchema,
+		url: z.string().min(1),
+		bearerCredentialKey: z.string().min(1).optional(),
+		headers: z.record(z.string(), z.string()).optional(),
+		successStatuses: z.array(z.number().int().min(100).max(599)).optional(),
+		unauthorizedStatus: z.number().int().min(100).max(599).optional(),
+		unauthorizedMessage: z.string().min(1).optional(),
+		failureMessage: z.string().min(1).optional()
+	}).optional()
+});
+const CredentialsExchangeLifecycleHttpRequestSchema = z.object({
+	kind: z.literal("http"),
+	url: z.string().min(1),
+	method: CredentialLifecycleHttpMethodSchema.optional(),
+	headers: z.record(z.string(), z.string()).optional(),
+	body: CredentialLifecycleTemplateSchema.optional(),
+	successStatuses: z.array(z.number().int().min(100).max(599)).optional(),
+	needsReinputStatuses: z.array(z.number().int().min(100).max(599)).optional(),
+	needsReinputMessage: z.string().min(1).optional(),
+	stored: z.record(z.string(), CredentialLifecycleValueSelectorSchema),
+	requiredStoredKeys: z.array(z.string().min(1)).optional(),
+	expiresAt: CredentialLifecycleValueSelectorSchema.optional(),
+	expiresInSeconds: CredentialLifecycleValueSelectorSchema.optional()
+});
+const CredentialsExchangeLifecycleConfigSchema = z.object({
+	kind: z.literal("credentials-exchange"),
+	exchange: CredentialsExchangeLifecycleHttpRequestSchema,
+	rotate: CredentialsExchangeLifecycleHttpRequestSchema.optional()
+});
+const CredentialConnectionLifecycleConfigSchema = z.discriminatedUnion("kind", [
+	OAuthLifecycleConfigSchema,
+	ManualLifecycleConfigSchema,
+	CredentialsExchangeLifecycleConfigSchema
+]);
+/**
+* DB-backed setup path contract. Executable provider behavior stays in trusted
+* declarative runtime configuration.
+*/
+const CredentialConnectionDefinitionRecordSchema = z.object({
+	credentialDefinitionKey: z.string().min(1),
+	credentialDefinitionId: z.string().min(1),
+	connectionId: CredentialConnectionIdSchema,
+	kind: CredentialConnectionDefinitionKindSchema,
+	label: z.string().optional(),
+	description: z.string().optional(),
+	recommended: z.boolean(),
+	advanced: z.boolean(),
+	inputSchemaJson: JsonRecordSchema.optional(),
+	connectionManifest: JsonRecordSchema,
+	oauthClientPolicy: OAuthClientPolicySchema.optional(),
+	lifecycleConfig: CredentialConnectionLifecycleConfigSchema.optional(),
+	executableDescriptorId: z.string().min(1).optional()
+});
+z.enum([
+	"oauth",
+	"manual-validate",
+	"credentials-exchange",
+	"credentials-rotate",
+	"vault-mapper"
+]);
+z.object({
+	credentialDefinitionKey: z.string().min(1),
+	credentialDefinitionId: z.string().min(1),
+	exposure: CredentialExposureSchema,
+	storedCredentialKeys: z.array(z.string()),
+	optionalStoredCredentialKeys: z.array(z.string()),
+	schemaFingerprint: z.string().min(1),
+	proxyConfig: JsonRecordSchema.optional(),
+	needsRawSecret: z.boolean(),
+	connections: z.array(CredentialConnectionDefinitionRecordSchema)
+});
+//#endregion
+//#region src/commands/credentials/definitions/definitions.command.ts
+const CredentialDefinitionsListOptionsSchema = JsonOptionSchema.extend({
+	integration: z.string().optional(),
+	role: z.enum(CredentialDefinitionRoleValues).optional(),
+	connectionKind: z.enum(ConnectionKindValues).optional(),
+	full: z.boolean().optional(),
+	limit: z.coerce.number().int().positive().max(200).optional()
+});
+const DEFINITIONS_LIST_OPTIONS_CONFIG = {
+	...JSON_OPTION_CONFIG,
+	integration: {
+		flag: "--integration <id>",
+		description: "Restrict to one integration"
+	},
+	role: {
+		flag: "--role <role>",
+		description: `Filter by role: ${CredentialDefinitionRoleValues.join(" | ")}`
+	},
+	connectionKind: {
+		flag: "--connection-kind <kind>",
+		description: `Filter by connection kind: ${ConnectionKindValues.join(" | ")}`
+	},
+	full: {
+		flag: "--full",
+		description: "Include the auth schema JSON in each result"
+	},
+	limit: {
+		flag: "--limit <n>",
+		description: "Page size (1–200)"
+	}
+};
+const CredentialDefinitionShowOptionsSchema = JsonOptionSchema.extend({ id: z.string().min(1) });
+const DEFINITION_SHOW_OPTIONS_CONFIG = {
+	...JSON_OPTION_CONFIG,
+	id: {
+		flag: "",
+		description: ""
+	}
+};
+function createCredentialsDefinitionsCommand() {
+	return createTypedCommand({
+		name: "definitions",
+		description: "Browse and inspect credential definitions (catalog metadata; not per-org credential sets)",
+		schema: CredentialDefinitionsListOptionsSchema,
+		optionsConfig: DEFINITIONS_LIST_OPTIONS_CONFIG,
+		loadHandler: async () => (await import("./list.handler-DIMWZx78.mjs")).handleCredentialDefinitionsList,
+		subcommands: [createTypedCommand({
+			name: "list",
+			description: "List credential definitions",
+			schema: CredentialDefinitionsListOptionsSchema,
+			optionsConfig: DEFINITIONS_LIST_OPTIONS_CONFIG,
+			loadHandler: async () => (await import("./list.handler-DIMWZx78.mjs")).handleCredentialDefinitionsList
+		}), createTypedCommand({
+			name: "show",
+			description: "Show one credential definition including auth schema",
+			schema: CredentialDefinitionShowOptionsSchema,
+			optionsConfig: DEFINITION_SHOW_OPTIONS_CONFIG,
+			argument: {
+				name: "id",
+				description: "Credential definition id, e.g. keystroke:aws-s3",
+				key: "id"
+			},
+			loadHandler: async () => (await import("./show.handler-CsidInW8.mjs")).handleCredentialDefinitionShow
+		})]
+	});
+}
+//#endregion
+//#region src/commands/credentials/list/list.command.ts
+const ListOptionsSchema = JsonOptionSchema.extend({
+	scope: CredentialScopeSchema.optional(),
+	credentialSetId: z.string().optional(),
+	projectId: z.uuid().optional(),
+	path: z.string().optional(),
+	limit: z.coerce.number().min(1).max(100).optional().default(100),
+	offset: z.coerce.number().min(0).optional().default(0)
+});
+const LIST_OPTIONS_CONFIG = {
+	...JSON_OPTION_CONFIG,
+	scope: {
+		flag: "--scope <scope>",
+		description: `Filter by scope: ${CredentialScopeValues.join(" | ")}`
+	},
+	credentialSetId: {
+		flag: "--credential-set-id <id>",
+		description: "Filter by credential set ID (e.g. slack)"
+	},
+	projectId: {
+		flag: "--project-id <id>",
+		description: "Filter project-scoped credential sets to a specific project ID"
+	},
+	path: {
+		flag: "--path <dir>",
+		description: "Path to project root (for workflow manifests and .env context)"
+	},
+	limit: {
+		flag: "--limit <n>",
+		description: "Page size for server list (1–100, default: 100)"
+	},
+	offset: {
+		flag: "--offset <n>",
+		description: "Skip this many server rows before listing (pagination)"
+	}
+};
+function createCredentialsListCommand() {
+	return createTypedCommand({
+		name: "list",
+		description: "List credential sets on the server",
+		schema: ListOptionsSchema,
+		optionsConfig: LIST_OPTIONS_CONFIG,
+		loadHandler: async () => (await import("./list.handler-DVnFrlis.mjs")).handleCredentialsList
+	});
+}
+//#endregion
+//#region src/commands/credentials/requirements/requirements.command.ts
+const RequirementsOptionsSchema = JsonOptionSchema.extend({ path: z.string().optional() });
+const REQUIREMENTS_OPTIONS_CONFIG = {
+	...JSON_OPTION_CONFIG,
+	path: {
+		flag: "--path <dir>",
+		description: "Path to project root"
+	}
+};
+function createCredentialsRequirementsCommand() {
+	return createTypedCommand({
+		name: "requirements",
+		description: "Show what credentials built workflows need (keys, KEYSTROKE_* env names, workflows) — from dist manifests, no API call",
+		schema: RequirementsOptionsSchema,
+		optionsConfig: REQUIREMENTS_OPTIONS_CONFIG,
+		loadHandler: async () => (await import("./requirements.handler-B5rqCjMu.mjs")).handleCredentialsRequirements
+	});
+}
+//#endregion
+//#region src/commands/credentials/upload/upload.command.ts
+const UploadOptionsSchema = JsonOptionSchema.extend({
+	integration: z.string().optional(),
+	credentialConnectionId: z.string().optional().describe("Credential connection ID to use for catalog-backed uploads"),
+	credentialSet: z.string().optional(),
+	keys: z.string().optional(),
+	name: z.string().optional(),
+	scope: CredentialScopeSchema.default("user"),
+	path: z.string().optional(),
+	dryRun: z.boolean().optional().default(false),
+	update: z.boolean().optional().default(false)
+});
+const UPLOAD_OPTIONS_CONFIG = {
+	...JSON_OPTION_CONFIG,
+	integration: {
+		flag: "--integration <public-id>",
+		description: "Official integration public ID (e.g. slack, github, linear). Derives the internal credential identity and keys automatically."
+	},
+	credentialConnectionId: {
+		flag: "--credential-connection-id <id>",
+		description: "Credential connection ID to use for catalog-backed uploads"
+	},
+	credentialSet: {
+		flag: "--credential-set <id>",
+		description: "Explicit custom credential set ID. Requires --keys."
+	},
+	keys: {
+		flag: "--keys <key1,key2>",
+		description: "Comma-separated credential keys. Required with --credential-set."
+	},
+	name: {
+		flag: "--name <name>",
+		description: "Credential set name (only with --credential-set; default: [CLI] <id>)"
+	},
+	scope: {
+		flag: "--scope <scope>",
+		description: `Scope: ${CredentialScopeValues.join(" | ")} (default: user; project resolves from keystroke.config.ts)`
+	},
+	path: {
+		flag: "--path <dir>",
+		description: "Path to project root"
+	},
+	dryRun: {
+		flag: "--dry-run",
+		description: "Show what would happen without making changes"
+	},
+	update: {
+		flag: "--update",
+		description: "Overwrite values for existing credential sets from current env vars"
+	}
+};
+function createCredentialsUploadCommand() {
+	return createTypedCommand({
+		name: "upload",
+		description: "Upload credentials from env vars to the server. Default: reads requirements from built workflow manifests. Use --integration for an official integration or --credential-set + --keys for a custom explicit upload.",
+		schema: UploadOptionsSchema,
+		optionsConfig: UPLOAD_OPTIONS_CONFIG,
+		loadHandler: async () => (await import("./upload.handler-B7xle1oX.mjs")).handleCredentialsUpload
+	});
+}
+//#endregion
+//#region src/commands/credentials/credentials.command.ts
+const CredentialsRootSchema = JsonOptionSchema.extend({
+	path: z.string().optional(),
+	limit: z.coerce.number().min(1).max(100).optional().default(100),
+	offset: z.coerce.number().min(0).optional().default(0)
+});
+function createCredentialsCommand() {
+	return createTypedCommand({
+		name: "credentials",
+		description: "Manage credentials (upload, list, requirements)",
+		schema: CredentialsRootSchema,
+		optionsConfig: {
+			...JSON_OPTION_CONFIG,
+			path: {
+				flag: "--path <dir>",
+				description: "Path to project root (for workflow manifests and .env context)"
+			},
+			limit: {
+				flag: "--limit <n>",
+				description: "Page size for server list (1–100, default: 100)"
+			},
+			offset: {
+				flag: "--offset <n>",
+				description: "Skip this many server rows before listing (pagination)"
+			}
+		},
+		handler: async (opts, ctx) => {
+			const { handleCredentialsList } = await import("./list.handler-DVnFrlis.mjs");
+			await handleCredentialsList({
+				...opts,
+				scope: void 0,
+				credentialSetId: void 0,
+				projectId: void 0
+			}, ctx);
+		},
+		subcommands: [
+			createCredentialsDefinitionsCommand(),
+			createCredentialsUploadCommand(),
+			createCredentialsListCommand(),
+			createCredentialsRequirementsCommand()
+		]
+	});
+}
+//#endregion
+export { createCredentialsCommand };

package/dist/{current-deployment-workflow-Cm_aU9rQ.mjs → current-deployment-workflow-B1VQCYC-.mjs}

@@ -3,9 +3,9 @@
 import { A as WorkflowResolutionError, a as ui, g as getHttpStatus, h as getApiErrorCode } from "./keystroke.mjs";
 import { t as assertWorkflowProjectRoot } from "./project-config-DudGRFPO.mjs";
 import { a as readManifestsFromOutDir } from "./dist-CTEtWDW4.mjs";
-import { t as requireWorkflowsDir } from "./resolve-project-DJJZIOmu.mjs";
+import { t as requireWorkflowsDir } from "./resolve-project-E9mrh_el.mjs";
 import { t as createSpinnerProgress } from "./spinner-progress-lrKDs4YF.mjs";
-import { a as runWorkflowBuild, n as renderBuildFailure } from "./workflow-build-DPqt_edf.mjs";
+import { a as runWorkflowBuild, n as renderBuildFailure } from "./workflow-build-Begvjfq8.mjs";
 //#region src/commands/workflows/_shared/current-deployment-workflow.ts
 /**
 * Lightweight resolution: gets projectId from keystroke.config.ts and authoredWorkflowId

package/dist/{current.handler-BXec-Bhy.mjs → current.handler-BaGaCLzB.mjs}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 import { a as ui } from "./keystroke.mjs";
-import { i as requireClient } from "./context-DHOTSgPb.mjs";
+import { i as requireClient } from "./context-sgKhRc5v.mjs";
 //#region src/commands/org/current.handler.ts
 async function handleOrgCurrent(_options, ctx) {
 	if (!ctx.organizationId) {

package/dist/{delete.handler-CpYOMtsv.mjs → delete.handler-DkAK396w.mjs}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 import { a as ui, j as throwReportedCliExit, y as toErrorMessage } from "./keystroke.mjs";
-import { i as requireClient } from "./context-DHOTSgPb.mjs";
+import { i as requireClient } from "./context-sgKhRc5v.mjs";
 //#region src/commands/api-keys/delete.handler.ts
 async function handleApiKeysDelete(options, ctx) {
 	const client = requireClient(ctx);

package/dist/{deploy-CDY7Qo5L.mjs → deploy-DvPfR9fC.mjs}

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 
-import { t as createTypedCommand } from "./commander-BTMzBiLq.mjs";
+import { t as createTypedCommand } from "./commander-BlrSdFcu.mjs";
 import { z } from "zod";
 //#region src/commands/deploy/deploy.command.ts
 /**
@@ -64,7 +64,7 @@ function createDeployCommand() {
 		schema: DeployOptionsSchema,
 		optionsConfig: DEPLOY_OPTIONS_CONFIG,
 		contextMode: "auth",
-		loadHandler: async () => (await import("./deploy.handler-CLoYxHOr.mjs")).handleDeploy
+		loadHandler: async () => (await import("./deploy.handler-BW3f2N2G.mjs")).handleDeploy
 	});
 	cmd.enablePositionalOptions();
 	cmd.passThroughOptions();

package/dist/{deploy.handler-CLoYxHOr.mjs → deploy.handler-BW3f2N2G.mjs}

@@ -1,17 +1,17 @@
 #!/usr/bin/env node
 
 import { D as CliExitError, P as logger, a as ui, l as isLocalMode, n as style, t as ANSI } from "./keystroke.mjs";
-import { i as projects } from "./dist-D_KgdxW5.mjs";
+import { i as projects } from "./dist-Dw7gCE7y.mjs";
 import { t as assertWorkflowProjectRoot } from "./project-config-DudGRFPO.mjs";
-import { r as requireAuthOptions, t as assertProjectConfigMatchesAuthenticatedOrg } from "./context-DHOTSgPb.mjs";
+import { r as requireAuthOptions, t as assertProjectConfigMatchesAuthenticatedOrg } from "./context-sgKhRc5v.mjs";
 import { i as readAgentManifestsFromOutDir, o as readWorkflowsFromDisk } from "./dist-CTEtWDW4.mjs";
-import { t as requireWorkflowsDir } from "./resolve-project-DJJZIOmu.mjs";
-import { n as renderBuildFailure, r as renderBuildHeader } from "./workflow-build-DPqt_edf.mjs";
-import { t as createBuildProgress } from "./build-progress-O9f-4Z4D.mjs";
-import { t as createDeployProgress } from "./deploy-progress-C1Y73QVM.mjs";
-import { t as withErrorBoundary } from "./error-boundary-DVZipk-A.mjs";
-import { t as lookupCurrentDeploymentWorkflow } from "./current-deployment-workflow-Cm_aU9rQ.mjs";
-import { t as computeWorkflowDiff } from "./diff-utils-CXKNQUXO.mjs";
+import { t as requireWorkflowsDir } from "./resolve-project-E9mrh_el.mjs";
+import { n as renderBuildFailure, r as renderBuildHeader } from "./workflow-build-Begvjfq8.mjs";
+import { t as createBuildProgress } from "./build-progress-DLM1Bt4T.mjs";
+import { t as createDeployProgress } from "./deploy-progress-BsUH7fGE.mjs";
+import { t as withErrorBoundary } from "./error-boundary-0veZ_RDS.mjs";
+import { t as lookupCurrentDeploymentWorkflow } from "./current-deployment-workflow-B1VQCYC-.mjs";
+import { t as computeWorkflowDiff } from "./diff-utils-Bs--xmoV.mjs";
 import path from "node:path";
 import { access } from "node:fs/promises";
 //#region src/commands/deploy/deploy-diff.ts
@@ -198,7 +198,7 @@ async function handleDeploy(options, ctx) {
 		let outDir;
 		let artifactFilter;
 		try {
-			const { runWorkflowBuild } = await import("./workflow-build-DPqt_edf.mjs").then((n) => n.o);
+			const { runWorkflowBuild } = await import("./workflow-build-Begvjfq8.mjs").then((n) => n.o);
 			const buildOutcome = await runWorkflowBuild({
 				workflowsDir,
 				verbose: options.verbose,
@@ -271,7 +271,7 @@ function emitNewWebhookCredentials(result) {
 }
 async function handleTaskTargetDeploy(options) {
 	renderBuildHeader(void 0);
-	const buildResult = await (deployHandlerDependencies.buildTaskTargets ?? (await import("./task-target-build-CrPLSXnu.mjs")).buildTaskTargets)({
+	const buildResult = await (deployHandlerDependencies.buildTaskTargets ?? (await import("./task-target-build-QllcCfoN.mjs")).buildTaskTargets)({
 		projectRoot: options.workflowsDir,
 		targetFiles: options.targetFiles,
 		disableSourcemaps: options.options.disableSourcemaps
@@ -289,7 +289,7 @@ async function handleTaskTargetDeploy(options) {
 	const progress = createDeployProgress();
 	let result;
 	try {
-		result = await (deployHandlerDependencies.deployTaskTargets ?? (await import("./task-target-deploy-DeUyfi9H.mjs")).deployTaskTargets)({
+		result = await (deployHandlerDependencies.deployTaskTargets ?? (await import("./task-target-deploy-B_3HPSo2.mjs")).deployTaskTargets)({
 			preparedTasks: buildResult.preparedTasks,
 			client,
 			organizationId: options.projectConfig.organizationId,
@@ -312,7 +312,7 @@ async function handleTaskTargetDeploy(options) {
 }
 async function createFullDeployClient(ctx) {
 	const authOptions = requireAuthOptions(ctx);
-	const { createClient } = await import("./src-DNhUmpSl.mjs");
+	const { createClient } = await import("./src-DI-ybNjR.mjs");
 	return createClient({
 		...authOptions,
 		onRequest: (info) => logger.debug(`-> ${info.method} ${info.url}`, {
@@ -327,7 +327,7 @@ async function createFullDeployClient(ctx) {
 }
 async function createTaskDeployClient(ctx) {
 	const authOptions = requireAuthOptions(ctx);
-	return (deployHandlerDependencies.createDeployClient ?? (await import("./deploy-BURTx92e.mjs")).createDeployClient)(authOptions);
+	return (deployHandlerDependencies.createDeployClient ?? (await import("./deploy-DhCbYFc7.mjs")).createDeployClient)(authOptions);
 }
 function renderSuccessSummary(result) {
 	const tasks = result.tasks || [];

package/dist/{diff.handler-Dcli35A1.mjs → diff.handler-BwhsoAg0.mjs}

@@ -1,11 +1,11 @@
 #!/usr/bin/env node
 
 import { D as CliExitError, a as ui, j as throwReportedCliExit, y as toErrorMessage } from "./keystroke.mjs";
-import { i as projects } from "./dist-D_KgdxW5.mjs";
+import { i as projects } from "./dist-Dw7gCE7y.mjs";
 import { i as writeJson } from "./output-BWcVRt-T.mjs";
-import { i as requireClient, t as assertProjectConfigMatchesAuthenticatedOrg } from "./context-DHOTSgPb.mjs";
-import { n as resolveLocalWorkflowManifest, t as lookupCurrentDeploymentWorkflow } from "./current-deployment-workflow-Cm_aU9rQ.mjs";
-import { n as renderDiff, t as computeWorkflowDiff } from "./diff-utils-CXKNQUXO.mjs";
+import { i as requireClient, t as assertProjectConfigMatchesAuthenticatedOrg } from "./context-sgKhRc5v.mjs";
+import { n as resolveLocalWorkflowManifest, t as lookupCurrentDeploymentWorkflow } from "./current-deployment-workflow-B1VQCYC-.mjs";
+import { n as renderDiff, t as computeWorkflowDiff } from "./diff-utils-Bs--xmoV.mjs";
 //#region src/commands/workflows/diff/diff.handler.ts
 async function handleWorkflowsDiff(options, ctx) {
 	const resolved = await resolveLocalWorkflowManifest(options.workflow, options.path, { jsonMode: ctx.jsonMode });