@tailor-platform/sdk 1.33.2 → 1.34.0

package/dist/cli/index.mjs

@@ -1,11 +1,11 @@
 #!/usr/bin/env node
 
-import { B as PATScope, D as FunctionExecution_Type, N as AuthInvokerSchema, i as fetchAll, l as initOAuth2Client, m as userAgent, n as closeConnectionPool, o as fetchPlatformMachineUserToken, s as fetchUserInfo, u as initOperatorClient } from "../client-CYGsf3Zl.mjs";
+import { D as FunctionExecution_Type, P as AuthInvokerSchema, V as PATScope, i as fetchAll, l as initOAuth2Client, m as userAgent, n as closeConnectionPool, o as fetchPlatformMachineUserToken, s as fetchUserInfo, u as initOperatorClient } from "../client-CA2NM_4R.mjs";
 import { n as logger, r as styles } from "../logger-qz-Y4sBV.mjs";
-import { At as functionExecutionStatusToString, B as updateCommand$3, Ct as startCommand, D as resumeCommand, Dt as executionsCommand, E as healthCommand, Ft as executeScript, I as showCommand, J as updateCommand$2, Jt as formatMigrationNumber, K as getCommand$4, L as logBetaWarning, M as truncateCommand, Mt as getCommand$1, P as generateCommand$1, Pt as apply, Q as getCommand$3, Qt as getMigrationFiles, Rt as parseMigrationLabelNumber, Tt as getCommand$5, U as treeCommand, W as listCommand$10, X as listCommand$9, Zt as getMigrationFilePath, _ as getCommand$6, _n as isVerbose, _t as listCommand$6, a as updateCommand$4, bt as jobsCommand, cn as sdkNameLabelKey, d as inviteCommand, en as isValidMigrationNumber, et as deleteCommand$3, fn as apiCommand, ft as generate, gn as deploymentArgs, h as listCommand$14, hn as confirmationArgs, ht as triggerCommand, i as isCLIError, it as listCommand$8, jt as formatKeyValueTable, k as listCommand$11, l as listCommand$13, ln as trnPrefix, lt as tokenCommand, mn as commonArgs, mt as webhookCommand, nt as createCommand$3, on as getNamespacesWithMigrations, ot as getCommand$2, p as restoreCommand, pn as defineAppCommand, r as queryCommand, s as removeCommand, sn as prompt, t as isNativeTypeScriptRuntime, tn as loadDiff, ut as listCommand$7, vn as workspaceArgs, w as listCommand$12, x as createCommand$4, y as deleteCommand$4, z as removeCommand$1 } from "../runtime-CxDrzUC0.mjs";
+import { At as functionExecutionStatusToString, B as updateCommand$3, Ct as startCommand, D as resumeCommand, Dt as executionsCommand, E as healthCommand, Ft as executeScript, I as showCommand, J as updateCommand$2, Jt as formatMigrationNumber, K as getCommand$4, L as logBetaWarning, M as truncateCommand, Mt as getCommand$1, P as generateCommand$1, Pt as apply, Q as getCommand$3, Qt as getMigrationFiles, Rt as parseMigrationLabelNumber, Tt as getCommand$5, U as treeCommand, W as listCommand$10, X as listCommand$9, Zt as getMigrationFilePath, _ as getCommand$6, _n as isVerbose, _t as listCommand$6, a as updateCommand$4, bt as jobsCommand, cn as sdkNameLabelKey, d as inviteCommand, en as isValidMigrationNumber, et as deleteCommand$3, fn as apiCommand, ft as generate, gn as deploymentArgs, h as listCommand$14, hn as confirmationArgs, ht as triggerCommand, i as isCLIError, it as listCommand$8, jt as formatKeyValueTable, k as listCommand$11, l as listCommand$13, ln as trnPrefix, lt as tokenCommand, mn as commonArgs, mt as webhookCommand, nt as createCommand$3, on as getNamespacesWithMigrations, ot as getCommand$2, p as restoreCommand, pn as defineAppCommand, r as queryCommand, s as removeCommand, sn as prompt, t as isNativeTypeScriptRuntime, tn as loadDiff, ut as listCommand$7, vn as workspaceArgs, w as listCommand$12, x as createCommand$4, y as deleteCommand$4, z as removeCommand$1 } from "../runtime-8G74KN_M.mjs";
 import { t as readPackageJson } from "../package-json-CfUqjJaQ.mjs";
-import { C as resolveTokens, S as readPlatformConfig, T as writePlatformConfig, a as loadConfig, b as loadAccessToken, g as getDistDir, i as resolveInlineSourcemap, l as ExecutorSchema, o as WorkflowJobSchema, s as ResolverSchema, v as deleteUserTokens, w as saveUserTokens, x as loadWorkspaceId, y as fetchLatestToken } from "../application-CYPU-WIc.mjs";
-import { a as JSON_FOOTER_MARKER, i as CRASH_LOG_EXTENSION, o as parseCrashReportConfig, r as sendCrashReport, t as initCrashReporting } from "../crash-report-OXafT1iS.mjs";
+import { C as resolveTokens, S as readPlatformConfig, T as writePlatformConfig, a as loadConfig, b as loadAccessToken, g as getDistDir, i as resolveInlineSourcemap, l as ExecutorSchema, o as WorkflowJobSchema, s as ResolverSchema, v as deleteUserTokens, w as saveUserTokens, x as loadWorkspaceId, y as fetchLatestToken } from "../application-CluuzA0-.mjs";
+import { a as JSON_FOOTER_MARKER, i as CRASH_LOG_EXTENSION, o as parseCrashReportConfig, r as sendCrashReport, t as initCrashReporting } from "../crash-report-CPkI2-cp.mjs";
 import { createRequire } from "node:module";
 import { arg, defineCommand, runCommand, runMain } from "politty";
 import { withCompletionCommand } from "politty/completion";
@@ -22,8 +22,8 @@ import { resolveTSConfig } from "pkg-types";
 import ml from "multiline-ts";
 import * as rolldown from "rolldown";
 import { create } from "@bufbuild/protobuf";
-import { spawn, spawnSync } from "node:child_process";
 import open from "open";
+import { spawn, spawnSync } from "node:child_process";
 import * as fs from "fs";
 import { lookup } from "mime-types";
 import pLimit from "p-limit";
@@ -60,6 +60,233 @@ const applyCommand = defineAppCommand({
 	}
 });
 
+//#endregion
+//#region src/cli/commands/authconnection/args.ts
+/**
+* Arguments for identifying an auth connection
+*/
+const connectionNameArgs = { name: arg(z.string(), {
+	alias: "n",
+	description: "Auth connection name"
+}) };
+
+//#endregion
+//#region src/cli/commands/authconnection/authorize.ts
+const defaultPort = 8080;
+const defaultScopes = "openid,profile,email";
+/**
+* Fetch the OpenID Connect discovery document from a provider URL.
+* @param providerUrl - OAuth2 provider base URL
+* @returns Discovery document with authorization_endpoint
+*/
+async function fetchOIDCDiscovery(providerUrl) {
+	const url = providerUrl.replace(/\/$/, "") + "/.well-known/openid-configuration";
+	const response = await fetch(url);
+	if (!response.ok) throw new Error(`Failed to fetch OIDC discovery from ${url}: ${response.status}`);
+	return response.json();
+}
+function randomState$1() {
+	return crypto.randomBytes(32).toString("base64url");
+}
+const authorizeAuthConnectionCommand = defineAppCommand({
+	name: "authorize",
+	description: "Authorize an auth connection via OAuth2 flow.",
+	args: z.object({
+		...workspaceArgs,
+		...connectionNameArgs,
+		scopes: z.string().optional().default(defaultScopes).describe("OAuth2 scopes to request (comma-separated)"),
+		port: z.coerce.number().optional().default(defaultPort).describe("Local callback server port"),
+		"no-browser": z.boolean().optional().default(false).describe("Don't open browser automatically")
+	}).strict(),
+	run: async (args) => {
+		const client = await initOperatorClient(await loadAccessToken({
+			useProfile: true,
+			profile: args.profile
+		}));
+		const workspaceId = await loadWorkspaceId({
+			workspaceId: args["workspace-id"],
+			profile: args.profile
+		});
+		const connection = (await fetchAll(async (pageToken, maxPageSize) => {
+			const { connections, nextPageToken } = await client.listAuthConnections({
+				workspaceId,
+				pageToken,
+				pageSize: maxPageSize
+			});
+			return [connections, nextPageToken];
+		})).find((c) => c.name === args.name);
+		if (!connection) throw new Error(`Auth connection "${args.name}" not found.`);
+		if (connection.config.case !== "oauth2") throw new Error(`Auth connection "${args.name}" is not an OAuth2 connection.`);
+		const oauth2Config = connection.config.value;
+		const redirectUri = `http://localhost:${args.port}/callback`;
+		const state = randomState$1();
+		let authorizationEndpoint;
+		if (oauth2Config.authUrl) authorizationEndpoint = oauth2Config.authUrl;
+		else authorizationEndpoint = (await fetchOIDCDiscovery(oauth2Config.providerUrl)).authorization_endpoint;
+		const authUrl = new URL(authorizationEndpoint);
+		authUrl.searchParams.set("client_id", oauth2Config.clientId);
+		authUrl.searchParams.set("redirect_uri", redirectUri);
+		authUrl.searchParams.set("response_type", "code");
+		authUrl.searchParams.set("scope", args.scopes.replace(/,/g, " "));
+		authUrl.searchParams.set("state", state);
+		authUrl.searchParams.set("access_type", "offline");
+		await new Promise((resolve, reject) => {
+			const server = http.createServer(async (req, res) => {
+				if (!req.url?.startsWith("/callback")) {
+					res.writeHead(404);
+					res.end("Not found");
+					return;
+				}
+				try {
+					const url = new URL(req.url, `http://localhost:${args.port}`);
+					const code = url.searchParams.get("code");
+					const returnedState = url.searchParams.get("state");
+					const error = url.searchParams.get("error");
+					if (error) throw new Error(`Authorization failed: ${error}`);
+					if (returnedState !== state) throw new Error("State mismatch — possible CSRF attack.");
+					if (!code) throw new Error("No authorization code received.");
+					await client.exchangeAuthConnectionAuthorizationCode({
+						workspaceId,
+						connectionName: args.name,
+						authorizationCode: code,
+						redirectUri
+					});
+					res.writeHead(200, { "Content-Type": "text/html" });
+					res.end("<html><body><h1>Authorization successful</h1><p>You can close this window.</p></body></html>");
+					server.close();
+					resolve();
+				} catch (err) {
+					res.writeHead(400, { "Content-Type": "text/plain" });
+					res.end(`Authorization failed: ${err instanceof Error ? err.message : "Unknown error"}`);
+					server.close();
+					reject(err);
+				}
+			});
+			const timeout = setTimeout(() => {
+				server.close();
+				reject(/* @__PURE__ */ new Error("Authorization timeout exceeded (5 minutes)."));
+			}, 300 * 1e3);
+			server.on("close", () => {
+				clearTimeout(timeout);
+			});
+			server.on("error", (err) => {
+				reject(err);
+			});
+			server.listen(args.port, async () => {
+				const authorizeUrl = authUrl.toString();
+				logger.info(`Opening browser for authorization:\n\n${authorizeUrl}\n`);
+				if (!args["no-browser"]) try {
+					await open(authorizeUrl);
+				} catch {
+					logger.warn("Failed to open browser automatically. Please open the URL above manually.");
+				}
+			});
+		});
+		logger.success(`Auth connection "${args.name}" authorized successfully.`);
+	}
+});
+
+//#endregion
+//#region src/cli/commands/authconnection/list.ts
+function connectionInfo(connection) {
+	const oauth2 = connection.config.case === "oauth2" ? connection.config.value : void 0;
+	return {
+		name: connection.name,
+		type: connection.config.case ?? "unknown",
+		providerUrl: oauth2?.providerUrl ?? "",
+		issuerUrl: oauth2?.issuerUrl ?? "",
+		clientId: oauth2?.clientId ?? "",
+		authUrl: oauth2?.authUrl ?? "",
+		tokenUrl: oauth2?.tokenUrl ?? "",
+		createdAt: connection.createdAt ? timestampDate(connection.createdAt) : null
+	};
+}
+const listAuthConnectionCommand = defineAppCommand({
+	name: "list",
+	description: "List all auth connections.",
+	args: z.object({ ...workspaceArgs }).strict(),
+	run: async (args) => {
+		const client = await initOperatorClient(await loadAccessToken({
+			useProfile: true,
+			profile: args.profile
+		}));
+		const workspaceId = await loadWorkspaceId({
+			workspaceId: args["workspace-id"],
+			profile: args.profile
+		});
+		try {
+			const connections = await fetchAll(async (pageToken, maxPageSize) => {
+				const { connections, nextPageToken } = await client.listAuthConnections({
+					workspaceId,
+					pageToken,
+					pageSize: maxPageSize
+				});
+				return [connections, nextPageToken];
+			});
+			logger.out(connections.map(connectionInfo));
+		} catch (error) {
+			if (error instanceof ConnectError && error.code === Code.NotFound) {
+				logger.out([]);
+				return;
+			}
+			throw error;
+		}
+	}
+});
+
+//#endregion
+//#region src/cli/commands/authconnection/revoke.ts
+const revokeAuthConnectionCommand = defineAppCommand({
+	name: "revoke",
+	description: "Revoke an auth connection.",
+	args: z.object({
+		...workspaceArgs,
+		...connectionNameArgs,
+		...confirmationArgs
+	}).strict(),
+	run: async (args) => {
+		const client = await initOperatorClient(await loadAccessToken({
+			useProfile: true,
+			profile: args.profile
+		}));
+		const workspaceId = await loadWorkspaceId({
+			workspaceId: args["workspace-id"],
+			profile: args.profile
+		});
+		if (!args.yes) {
+			if (await prompt.text({ message: `Enter the connection name to confirm revocation ("${args.name}"):` }) !== args.name) {
+				logger.info("Auth connection revocation cancelled.");
+				return;
+			}
+		}
+		try {
+			await client.revokeAuthConnection({
+				workspaceId,
+				connectionName: args.name
+			});
+		} catch (error) {
+			if (error instanceof ConnectError && error.code === Code.NotFound) throw new Error(`Auth connection "${args.name}" not found.`, { cause: error });
+			throw error;
+		}
+		logger.success(`Auth connection "${args.name}" revoked.`);
+	}
+});
+
+//#endregion
+//#region src/cli/commands/authconnection/index.ts
+const authconnectionCommand = defineCommand({
+	name: "authconnection",
+	description: "Manage auth connections.",
+	subCommands: {
+		authorize: authorizeAuthConnectionCommand,
+		list: listAuthConnectionCommand,
+		revoke: revokeAuthConnectionCommand
+	},
+	async run() {
+		await runCommand(listAuthConnectionCommand, []);
+	}
+});
+
 //#endregion
 //#region src/cli/commands/crash-report/list.ts
 const listCommand$5 = defineAppCommand({
@@ -808,7 +1035,7 @@ const generateCommand = defineAppCommand({
 
 //#endregion
 //#region src/cli/commands/init.ts
-const detectPackageManager = () => {
+const detectPackageManager$1 = () => {
 	const availablePMs = [
 		"npm",
 		"yarn",
@@ -837,7 +1064,7 @@ const initCommand = defineAppCommand({
 	run: async (args) => {
 		const packageJson = await readPackageJson();
 		const version = packageJson.version && packageJson.version !== "0.0.0" ? packageJson.version : "latest";
-		let packageManager = detectPackageManager();
+		let packageManager = detectPackageManager$1();
 		if (!packageManager) {
 			logger.warn("Could not detect package manager, defaulting to npm");
 			packageManager = "npm";
@@ -1676,31 +1903,63 @@ const secretCommand = defineCommand({
 });
 
 //#endregion
-//#region src/cli/commands/setup/github/fetch-tailor-token.action.yml
-var fetch_tailor_token_action_default = "name: Fetch Tailor Platform Token\ndescription: Fetch an OAuth2 access token via client credentials grant and export as TAILOR_PLATFORM_TOKEN\n\ninputs:\n  client_id:\n    description: OAuth2 client ID\n    required: true\n  client_secret:\n    description: OAuth2 client secret\n    required: true\n  platform_oauth2_url:\n    description: OAuth2 token endpoint URL\n    required: false\n    default: https://api.tailor.tech/oauth2/platform/token\n\nruns:\n  using: composite\n  steps:\n    - name: Fetch access token\n      shell: bash\n      run: |\n        RESPONSE=$(curl -s -X POST \"${{ inputs.platform_oauth2_url }}\" \\\n          -H \"Content-Type: application/x-www-form-urlencoded\" \\\n          -d \"grant_type=client_credentials\" \\\n          --data-urlencode \"client_id=${{ inputs.client_id }}\" \\\n          --data-urlencode \"client_secret=${{ inputs.client_secret }}\")\n\n        TOKEN=$(echo \"$RESPONSE\" | jq -r '.access_token')\n\n        if [ \"$TOKEN\" = \"null\" ] || [ -z \"$TOKEN\" ]; then\n          echo \"::error::Failed to fetch access token\"\n          echo \"$RESPONSE\" | jq .\n          exit 1\n        fi\n\n        echo \"::add-mask::$TOKEN\"\n        echo \"TAILOR_PLATFORM_TOKEN=$TOKEN\" >> \"$GITHUB_ENV\"\n";
+//#region src/cli/commands/setup/github/deploy.workflow.yml
+var deploy_workflow_default = "name: Deploy\n\non:\n  push:\n    branches:\n      - main\n  workflow_dispatch:\n\nconcurrency:\n  group: deploy-__WORKSPACE_NAME__\n  cancel-in-progress: false\n\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: read\n    steps:\n      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n      # __SETUP_STEPS__\n      - uses: tailor-platform/actions/deploy@980aeba08963f4322b2b48ca7a920f4e14876842 # v1.0.0\n        with:\n          workspace-name: __WORKSPACE_NAME__\n          workspace-region: __WORKSPACE_REGION__\n          organization-id: __ORGANIZATION_ID__\n          folder-id: __FOLDER_ID__\n          # __WORKING_DIRECTORY__\n          platform-client-id: ${{ secrets.PLATFORM_MACHINE_USER_CLIENT_ID }}\n          platform-client-secret: ${{ secrets.PLATFORM_MACHINE_USER_CLIENT_SECRET }}\n";
 
 //#endregion
-//#region src/cli/commands/setup/github/install-node.action.yml
-var install_node_action_default = "name: Install Node.js\ndescription: Install pnpm, Node.js, and project dependencies\n\nruns:\n  using: composite\n  steps:\n    - name: Install pnpm\n      uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0\n      with:\n        version: 10\n\n    - name: Setup Node.js\n      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0\n      with:\n        node-version: 22\n        cache: pnpm\n\n    - name: Install dependencies\n      run: pnpm install --frozen-lockfile\n      shell: bash\n";
+//#region src/cli/commands/setup/github/setup-bun.yml
+var setup_bun_default = "- uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0\n- run: bun install --frozen-lockfile\n";
 
 //#endregion
-//#region src/cli/commands/setup/github/deploy.workflow.yml
-var deploy_workflow_default = "name: Deploy\n\non:\n  push:\n    branches:\n      - main\n  workflow_dispatch:\n\nconcurrency:\n  group: deploy-__WORKSPACE_NAME__\n  cancel-in-progress: false\n\nenv:\n  WORKSPACE_NAME: __WORKSPACE_NAME__\n  WORKSPACE_REGION: __WORKSPACE_REGION__\n  TAILOR_PLATFORM_ORGANIZATION_ID: __ORGANIZATION_ID__\n  TAILOR_PLATFORM_FOLDER_ID: __FOLDER_ID__\n# __DEFAULTS_BLOCK__\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout\n        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n        with:\n          persist-credentials: false\n\n      - name: Install Node.js\n        uses: ./.github/actions/install-node\n\n      - name: Fetch Tailor Platform token\n        uses: ./.github/actions/fetch-tailor-token\n        with:\n          client_id: ${{ secrets.PLATFORM_MACHINE_USER_CLIENT_ID }}\n          client_secret: ${{ secrets.PLATFORM_MACHINE_USER_CLIENT_SECRET }}\n\n      - name: Ensure workspace exists\n        run: |\n          WORKSPACE_ID=$(pnpm tailor-sdk workspace list -j | jq -r --arg name \"$WORKSPACE_NAME\" --arg region \"$WORKSPACE_REGION\" '.[] | select(.name == $name and .region == $region) | .id')\n\n          if [ -z \"$WORKSPACE_ID\" ]; then\n            echo \"Workspace '$WORKSPACE_NAME' not found, creating...\"\n            WORKSPACE_ID=$(pnpm tailor-sdk workspace create -j --name \"$WORKSPACE_NAME\" --region \"$WORKSPACE_REGION\" --organization-id \"$TAILOR_PLATFORM_ORGANIZATION_ID\" --folder-id \"$TAILOR_PLATFORM_FOLDER_ID\" | jq -r '.id')\n            echo \"Created workspace: $WORKSPACE_ID\"\n          else\n            echo \"Found existing workspace: $WORKSPACE_ID\"\n          fi\n\n          echo \"TAILOR_PLATFORM_WORKSPACE_ID=$WORKSPACE_ID\" >> \"$GITHUB_ENV\"\n\n      - name: Generate types\n        run: pnpm generate\n\n      - name: Deploy\n        # Runs the \"deploy\" script from package.json (tailor-sdk apply --yes)\n        run: pnpm run deploy -- --yes\n\n      - name: Show application info\n        run: pnpm tailor-sdk show -j -w \"$TAILOR_PLATFORM_WORKSPACE_ID\"\n";
+//#region src/cli/commands/setup/github/setup-npm.yml
+var setup_npm_default = "- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0\n  with:\n    node-version-file: package.json\n    cache: npm\n- run: npm ci\n";
+
+//#endregion
+//#region src/cli/commands/setup/github/setup-pnpm.yml
+var setup_pnpm_default = "- uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0\n- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0\n  with:\n    node-version-file: package.json\n    cache: pnpm\n- run: pnpm install --frozen-lockfile\n";
+
+//#endregion
+//#region src/cli/commands/setup/github/setup-yarn.yml
+var setup_yarn_default = "- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0\n  with:\n    node-version-file: package.json\n    cache: yarn\n- run: yarn install --frozen-lockfile\n";
 
 //#endregion
 //#region src/cli/commands/setup/github/template-deploy.ts
+const setupSteps = {
+	pnpm: setup_pnpm_default,
+	yarn: setup_yarn_default,
+	npm: setup_npm_default,
+	bun: setup_bun_default
+};
+function indentSnippet(snippet, spaces) {
+	const indent = " ".repeat(spaces);
+	return snippet.trimEnd().split("\n").map((line) => line ? indent + line : line).join("\n");
+}
 /**
-* Render the deploy workflow YAML.
+* Detect the package manager used in a project directory by checking for lockfiles.
+* @param dir - Project directory to inspect
+* @returns Detected package manager, defaults to npm
+*/
+function detectPackageManager(dir) {
+	if (fs$1.existsSync(path.join(dir, "pnpm-lock.yaml"))) return "pnpm";
+	if (fs$1.existsSync(path.join(dir, "yarn.lock"))) return "yarn";
+	if (fs$1.existsSync(path.join(dir, "bun.lockb")) || fs$1.existsSync(path.join(dir, "bun.lock"))) return "bun";
+	if (fs$1.existsSync(path.join(dir, "package-lock.json"))) return "npm";
+	return "npm";
+}
+/**
+* Render the deploy caller workflow YAML.
 *
-* Targets single-application scaffolds (those with `generate` and `deploy` scripts).
-* Multi-application projects (e.g. chained `deploy:*` scripts) need manual workflow customization.
+* Generates a thin workflow that calls the composite deploy action
+* from tailor-platform/actions. The environment setup steps (Node.js,
+* package manager, dependency install) are generated based on the
+* detected package manager.
 * @param params - Workspace and deployment configuration
 * @returns Workflow YAML content
 */
 function renderDeploy(params) {
-	const { workspaceName, workspaceRegion, organizationId, folderId, workingDirectory } = params;
-	const defaultsBlock = workingDirectory ? `\ndefaults:\n  run:\n    working-directory: ${workingDirectory}\n` : "";
-	return deploy_workflow_default.replaceAll("__WORKSPACE_NAME__", () => workspaceName).replace("__WORKSPACE_REGION__", () => workspaceRegion).replace("__ORGANIZATION_ID__", () => organizationId).replace("__FOLDER_ID__", () => folderId).replace("# __DEFAULTS_BLOCK__\n", () => defaultsBlock);
+	const { workspaceName, workspaceRegion, organizationId, folderId, workingDirectory, packageManager } = params;
+	const workingDirectoryLine = workingDirectory ? `          working-directory: ${workingDirectory}\n` : "";
+	return deploy_workflow_default.replaceAll("__WORKSPACE_NAME__", () => workspaceName).replaceAll("__WORKSPACE_REGION__", () => workspaceRegion).replaceAll("__ORGANIZATION_ID__", () => organizationId).replaceAll("__FOLDER_ID__", () => folderId).replace(/ *# __WORKING_DIRECTORY__\n/, () => workingDirectoryLine).replace(/^ *# __SETUP_STEPS__$/m, () => indentSnippet(setupSteps[packageManager], 6));
 }
 
 //#endregion
@@ -1712,26 +1971,17 @@ function renderDeploy(params) {
 */
 function buildFiles(options) {
 	const githubDir = path.join(options.outputDir, ".github");
-	return [
-		{
-			path: path.join(githubDir, "actions/fetch-tailor-token/action.yml"),
-			content: fetch_tailor_token_action_default
-		},
-		{
-			path: path.join(githubDir, "actions/install-node/action.yml"),
-			content: install_node_action_default
-		},
-		{
-			path: path.join(githubDir, `workflows/deploy-${options.workspaceName}.yml`),
-			content: renderDeploy({
-				workspaceName: options.workspaceName,
-				workspaceRegion: options.workspaceRegion,
-				organizationId: options.organizationId,
-				folderId: options.folderId,
-				workingDirectory: options.dir !== "." ? options.dir : void 0
-			})
-		}
-	];
+	return [{
+		path: path.join(githubDir, `workflows/deploy-${options.workspaceName}.yml`),
+		content: renderDeploy({
+			workspaceName: options.workspaceName,
+			workspaceRegion: options.workspaceRegion,
+			organizationId: options.organizationId,
+			folderId: options.folderId,
+			workingDirectory: options.dir !== "." ? options.dir : void 0,
+			packageManager: detectPackageManager(options.outputDir)
+		})
+	}];
 }
 /**
 * Write files to disk, skipping any that already exist.
@@ -3199,6 +3449,7 @@ const mainCommand = withCompletionCommand(defineCommand({
 	subCommands: {
 		api: apiCommand,
 		apply: applyCommand,
+		authconnection: authconnectionCommand,
 		"crash-report": crashReportCommand,
 		executor: executorCommand,
 		function: functionCommand,
@@ -3237,7 +3488,7 @@ runMain(mainCommand, {
 				if (isVerbose() && error.stack) logger.debug(`\nStack trace:\n${error.stack}`);
 			} else logger.error(`Unknown error: ${error}`);
 			if (!isCLIError(error) && (!(error instanceof Error) || error instanceof TypeError || error instanceof RangeError)) {
-				const { reportCrash } = await import("../crash-report-CbueUPaP.mjs");
+				const { reportCrash } = await import("../crash-report-Bd2T8BhU.mjs");
 				await reportCrash(error, "handledError");
 			}
 		}