npm - @uipath/admin-vpngateway-tool - Versions diffs - 1.1.0 → 1.195.0 - Mend

@uipath/admin-vpngateway-tool 1.1.0 → 1.195.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -2144,7 +2144,8 @@ var {
 // package.json
 var package_default = {
   name: "@uipath/admin-vpngateway-tool",
-  version: "1.1.0",
+  license: "MIT",
+  version: "1.195.0",
   description: "CLI plugin for UiPath VPN Gateway management (Hypervisor service).",
   private: false,
   repository: {
@@ -2155,7 +2156,9 @@ var package_default = {
   publishConfig: {
     registry: "https://npm.pkg.github.com/@uipath"
   },
-  keywords: ["cli-tool"],
+  keywords: [
+    "cli-tool"
+  ],
   type: "module",
   main: "./dist/tool.js",
   exports: {
@@ -2164,7 +2167,9 @@ var package_default = {
   bin: {
     "admin-vpngateway-tool": "./dist/index.js"
   },
-  files: ["dist"],
+  files: [
+    "dist"
+  ],
   scripts: {
     build: "bun build ./src/tool.ts --outdir dist --format esm --target node --external commander && bun build ./src/index.ts --outdir dist --format esm --target node",
     package: "bun run build && bun pm pack",
@@ -2213,6 +2218,7 @@ import path from "node:path";
 import { fileURLToPath } from "node:url";
 import childProcess3 from "node:child_process";
 import fs5, { constants as fsConstants2 } from "node:fs/promises";
+import { randomUUID } from "node:crypto";
 import { existsSync } from "node:fs";
 import * as fs6 from "node:fs/promises";
 import * as os2 from "node:os";
@@ -2964,6 +2970,90 @@ class NodeFileSystem {
   async mkdir(dirPath) {
     await fs6.mkdir(dirPath, { recursive: true });
   }
+  async acquireLock(lockPath) {
+    const canonicalPath = await this.canonicalizeLockTarget(lockPath);
+    const lockFile = `${canonicalPath}.lock`;
+    const ownerId = randomUUID();
+    const start = Date.now();
+    while (true) {
+      try {
+        await fs6.writeFile(lockFile, ownerId, { flag: "wx" });
+        return this.createLockRelease(lockFile, ownerId);
+      } catch (error) {
+        if (!this.hasErrnoCode(error, "EEXIST")) {
+          throw error;
+        }
+        const stats = await fs6.stat(lockFile).catch(() => null);
+        if (stats && Date.now() - stats.mtimeMs > LOCK_STALE_MS) {
+          const reclaimed = await fs6.rm(lockFile, { force: true }).then(() => true).catch(() => false);
+          if (reclaimed)
+            continue;
+        }
+        if (Date.now() - start > LOCK_MAX_WAIT_MS) {
+          throw new Error(`ELOCKED: timed out waiting for lock on ${canonicalPath}`);
+        }
+        await new Promise((resolve2) => setTimeout(resolve2, LOCK_RETRY_MIN_MS + Math.random() * LOCK_RETRY_JITTER_MS));
+      }
+    }
+  }
+  async canonicalizeLockTarget(lockPath) {
+    const absolute = path2.resolve(lockPath);
+    const fullReal = await fs6.realpath(absolute).catch(() => null);
+    if (fullReal)
+      return fullReal;
+    const parent = path2.dirname(absolute);
+    const base = path2.basename(absolute);
+    const canonicalParent = await fs6.realpath(parent).catch(() => parent);
+    return path2.join(canonicalParent, base);
+  }
+  createLockRelease(lockFile, ownerId) {
+    const heartbeatStart = Date.now();
+    let heartbeatTimer;
+    let stopped = false;
+    const stopHeartbeat = () => {
+      stopped = true;
+      if (heartbeatTimer)
+        clearTimeout(heartbeatTimer);
+    };
+    const scheduleNextHeartbeat = () => {
+      if (stopped)
+        return;
+      if (Date.now() - heartbeatStart >= LOCK_MAX_HOLD_MS) {
+        stopped = true;
+        return;
+      }
+      heartbeatTimer = setTimeout(() => {
+        runHeartbeat();
+      }, LOCK_HEARTBEAT_MS);
+      heartbeatTimer.unref?.();
+    };
+    const runHeartbeat = async () => {
+      if (stopped)
+        return;
+      const current = await fs6.readFile(lockFile, "utf-8").catch(() => null);
+      if (stopped)
+        return;
+      if (current !== ownerId) {
+        stopped = true;
+        return;
+      }
+      const now = Date.now() / 1000;
+      await fs6.utimes(lockFile, now, now).catch(() => {});
+      scheduleNextHeartbeat();
+    };
+    scheduleNextHeartbeat();
+    let released = false;
+    return async () => {
+      if (released)
+        return;
+      released = true;
+      stopHeartbeat();
+      const current = await fs6.readFile(lockFile, "utf-8").catch(() => null);
+      if (current === ownerId) {
+        await fs6.rm(lockFile, { force: true });
+      }
+    };
+  }
   async rm(filePath) {
     await fs6.rm(filePath, { recursive: true, force: true });
   }
@@ -3009,9 +3099,18 @@ class NodeFileSystem {
     }
   }
   isEnoent(error) {
-    return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+    return this.hasErrnoCode(error, "ENOENT");
+  }
+  hasErrnoCode(error, code) {
+    return typeof error === "object" && error !== null && "code" in error && error.code === code;
   }
 }
+var LOCK_HEARTBEAT_MS = 5000;
+var LOCK_STALE_MS = 15000;
+var LOCK_MAX_WAIT_MS = 20000;
+var LOCK_MAX_HOLD_MS = 60000;
+var LOCK_RETRY_MIN_MS = 100;
+var LOCK_RETRY_JITTER_MS = 200;
 var init_node = __esm(() => {
   init_open();
 });
@@ -3023,7 +3122,7 @@ var init_src = __esm(() => {
   fsInstance = new NodeFileSystem;
 });
 var require_coreipc = __commonJS2((exports, module) => {
-  var __dirname3 = "/Users/alexandru.oltean/github/cli/node_modules/@uipath/coreipc";
+  var __dirname3 = "/home/runner/work/cli/cli/node_modules/@uipath/coreipc";
   /*! For license information please see index.js.LICENSE.txt */
   (function(e, t) {
     typeof exports == "object" && typeof module == "object" ? module.exports = t() : typeof define == "function" && define.amd ? define([], t) : typeof exports == "object" ? exports.ipc = t() : e.ipc = t();
@@ -20823,6 +20922,135 @@ var require_dist = __commonJS2((exports) => {
   exports.RobotProxyConstructor = RobotProxyConstructor;
   __exportStar(require_agent(), exports);
 });
+var init_server = __esm(() => {
+  init_constants();
+});
+var PREFIX = "@uipath/common/";
+var _g = globalThis;
+function singleton(ctorOrName) {
+  const name = typeof ctorOrName === "string" ? ctorOrName : ctorOrName.name;
+  const key = Symbol.for(PREFIX + name);
+  return {
+    get(fallback) {
+      return _g[key] ?? fallback;
+    },
+    set(value) {
+      _g[key] = value;
+    },
+    clear() {
+      delete _g[key];
+    },
+    getOrInit(factory, guard) {
+      const existing = _g[key];
+      if (existing != null && typeof existing === "object") {
+        if (!guard || guard(existing)) {
+          return existing;
+        }
+      }
+      const instance = factory();
+      _g[key] = instance;
+      return instance;
+    }
+  };
+}
+var USER_AGENT_HEADER = "User-Agent";
+var sdkUserAgentHostToken = singleton("SdkUserAgentHostToken");
+function userAgentPatchKey(userAgent) {
+  return Symbol.for(`@uipath/common/sdk-user-agent/${userAgent}`);
+}
+function splitUserAgentTokens(value) {
+  return value?.trim().split(/\s+/).filter(Boolean) ?? [];
+}
+function appendUserAgentToken(value, userAgent) {
+  const tokens = splitUserAgentTokens(value);
+  const seen = new Set(tokens);
+  for (const token of splitUserAgentTokens(userAgent)) {
+    if (!seen.has(token)) {
+      tokens.push(token);
+      seen.add(token);
+    }
+  }
+  return tokens.join(" ");
+}
+function getEffectiveUserAgent(userAgent) {
+  return appendUserAgentToken(sdkUserAgentHostToken.get(), userAgent);
+}
+function isHeadersLike(headers) {
+  return typeof headers === "object" && headers !== null && "get" in headers && typeof headers.get === "function" && "set" in headers && typeof headers.set === "function";
+}
+function getSdkUserAgentToken(pkg) {
+  const packageName = pkg.name.replace(/^@uipath\//, "");
+  return getEffectiveUserAgent(`${packageName}/${pkg.version}`);
+}
+function addSdkUserAgentHeader(headers, userAgent) {
+  const result = { ...headers ?? {} };
+  const effectiveUserAgent = getEffectiveUserAgent(userAgent);
+  const headerName = Object.keys(result).find((key) => key.toLowerCase() === USER_AGENT_HEADER.toLowerCase());
+  if (headerName) {
+    result[headerName] = appendUserAgentToken(result[headerName], effectiveUserAgent);
+  } else {
+    result[USER_AGENT_HEADER] = effectiveUserAgent;
+  }
+  return result;
+}
+function withSdkUserAgentHeader(headers, userAgent) {
+  const effectiveUserAgent = getEffectiveUserAgent(userAgent);
+  if (isHeadersLike(headers)) {
+    headers.set(USER_AGENT_HEADER, appendUserAgentToken(headers.get(USER_AGENT_HEADER), effectiveUserAgent));
+    return headers;
+  }
+  if (Array.isArray(headers)) {
+    const result = headers.map((entry) => {
+      const [key, value] = entry;
+      return [key, value];
+    });
+    const headerIndex = result.findIndex(([key]) => key.toLowerCase() === USER_AGENT_HEADER.toLowerCase());
+    if (headerIndex >= 0) {
+      const [key, value] = result[headerIndex];
+      result[headerIndex] = [
+        key,
+        appendUserAgentToken(value, effectiveUserAgent)
+      ];
+    } else {
+      result.push([USER_AGENT_HEADER, effectiveUserAgent]);
+    }
+    return result;
+  }
+  return addSdkUserAgentHeader(typeof headers === "object" && headers !== null ? { ...headers } : {}, effectiveUserAgent);
+}
+function withUserAgentInitOverride(initOverrides, userAgent) {
+  return async (requestContext) => {
+    const initWithUserAgent = {
+      ...requestContext.init,
+      headers: withSdkUserAgentHeader(requestContext.init.headers, userAgent)
+    };
+    const override = typeof initOverrides === "function" ? await initOverrides({
+      ...requestContext,
+      init: initWithUserAgent
+    }) : initOverrides;
+    return {
+      ...override ?? {},
+      headers: withSdkUserAgentHeader(override?.headers ?? initWithUserAgent.headers, userAgent)
+    };
+  };
+}
+function installSdkUserAgentHeader(BaseApiClass, userAgent) {
+  const prototype = BaseApiClass.prototype;
+  const patchKey = userAgentPatchKey(userAgent);
+  if (prototype[patchKey]) {
+    return;
+  }
+  if (typeof prototype.request !== "function") {
+    throw new Error("Generated BaseAPI request function not found.");
+  }
+  const originalRequest = prototype.request;
+  prototype.request = function requestWithUserAgent(context, initOverrides) {
+    return originalRequest.call(this, context, withUserAgentInitOverride(initOverrides, userAgent));
+  };
+  Object.defineProperty(prototype, patchKey, {
+    value: true
+  });
+}
 var BASE_PATH = "http://localhost".replace(/\/+$/, "");
 class Configuration {
@@ -21071,6 +21299,54 @@ class VoidApiResponse {
     return;
   }
 }
+var package_default2 = {
+  name: "@uipath/admin-vpngateway-sdk",
+  license: "MIT",
+  version: "1.195.0",
+  description: "SDK for the UiPath Hypervisor VPN Gateway management APIs.",
+  repository: {
+    type: "git",
+    url: "https://github.com/UiPath/cli.git",
+    directory: "packages/admin/vpngateway-sdk"
+  },
+  publishConfig: {
+    registry: "https://npm.pkg.github.com/@uipath"
+  },
+  keywords: [
+    "uipath",
+    "vpn-gateway",
+    "hypervisor",
+    "sdk"
+  ],
+  type: "module",
+  main: "./dist/index.js",
+  types: "./dist/src/index.d.ts",
+  exports: {
+    ".": {
+      types: "./dist/src/index.d.ts",
+      default: "./dist/index.js"
+    }
+  },
+  files: [
+    "dist"
+  ],
+  private: true,
+  scripts: {
+    build: "bun build ./src/index.ts --outdir dist --format esm --target node && tsc -p tsconfig.build.json --noCheck",
+    generate: "bun run src/scripts/generate-sdk.ts",
+    lint: "biome check ."
+  },
+  devDependencies: {
+    "@openapitools/openapi-generator-cli": "^2.31.1",
+    "@types/node": "^25.5.0",
+    "@uipath/auth": "workspace:*",
+    "@uipath/common": "workspace:*",
+    "@uipath/filesystem": "workspace:*",
+    typescript: "^6.0.2"
+  }
+};
+var SDK_USER_AGENT = getSdkUserAgentToken(package_default2);
+installSdkUserAgentHeader(BaseAPI, SDK_USER_AGENT);
 function FreezingMetadataFromJSON(json) {
   return FreezingMetadataFromJSONTyped(json, false);
 }
@@ -21764,32 +22040,7 @@ class InvalidBaseUrlError extends Error {
     this.name = "InvalidBaseUrlError";
   }
 }
-var DEFAULT_SCOPES = [
-  "offline_access",
-  "ProcessMining",
-  "OrchestratorApiUserAccess",
-  "StudioWebBackend",
-  "IdentityServerApi",
-  "ConnectionService",
-  "DataService",
-  "DataServiceApiUserAccess",
-  "DocumentUnderstanding",
-  "EnterpriseContextService",
-  "Directory",
-  "JamJamApi",
-  "LLMGateway",
-  "LLMOps",
-  "OMS",
-  "RCS.FolderAuthorization",
-  "RCS.TagsManagement",
-  "TestmanagerApiUserAccess",
-  "AutomationSolutions",
-  "StudioWebTypeCacheService",
-  "Docs.GPT.Search",
-  "Insights",
-  "ReferenceToken",
-  "Audit.Read"
-];
+var DEFAULT_SCOPES = ["openid", "profile", "offline_access"];
 var normalizeAndValidateBaseUrl = (rawUrl) => {
   let baseUrl = rawUrl;
   if (baseUrl.endsWith("/identity_/")) {
@@ -21839,7 +22090,8 @@ var resolveConfigAsync = async ({
   if (!clientSecret && fileAuth.clientSecret) {
     clientSecret = fileAuth.clientSecret;
   }
-  const scopes = customScopes && customScopes.length > 0 ? customScopes : fileAuth.scopes && fileAuth.scopes.length > 0 ? fileAuth.scopes : DEFAULT_SCOPES;
+  const isExternalAppAuth = clientId !== DEFAULT_CLIENT_ID && Boolean(clientSecret);
+  const scopes = customScopes && customScopes.length > 0 ? customScopes : fileAuth.scopes && fileAuth.scopes.length > 0 ? fileAuth.scopes : isExternalAppAuth ? [] : DEFAULT_SCOPES;
   return {
     clientId,
     clientSecret,
@@ -22326,6 +22578,129 @@ function normalizeTokenRefreshFailure() {
 function normalizeTokenRefreshUnavailableFailure() {
   return "token refresh failed before authentication completed";
 }
+function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+function computeExpirationThreshold(ensureTokenValidityMinutes) {
+  return new Date(Date.now() + (ensureTokenValidityMinutes ?? 0) * 60 * 1000);
+}
+async function runRefreshLocked(inputs) {
+  const {
+    absolutePath,
+    refreshToken: callerRefreshToken,
+    customAuthority,
+    ensureTokenValidityMinutes,
+    loadEnvFile,
+    saveEnvFile,
+    refreshFn,
+    resolveConfig
+  } = inputs;
+  const expirationThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
+  let fresh;
+  try {
+    fresh = await loadEnvFile({ envPath: absolutePath });
+  } catch (error) {
+    return {
+      kind: "fail",
+      status: {
+        loginStatus: "Refresh Failed",
+        hint: "Could not read the auth file while refreshing. Retry, or run 'uip login' to re-authenticate.",
+        tokenRefresh: {
+          attempted: false,
+          success: false,
+          errorMessage: `auth file read failed: ${errorMessage(error)}`
+        }
+      }
+    };
+  }
+  const freshAccess = fresh.UIPATH_ACCESS_TOKEN;
+  const freshExp = freshAccess ? getTokenExpiration(freshAccess) : undefined;
+  if (freshAccess && freshExp && freshExp > expirationThreshold) {
+    return {
+      kind: "ok",
+      accessToken: freshAccess,
+      refreshToken: fresh.UIPATH_REFRESH_TOKEN ?? callerRefreshToken,
+      expiration: freshExp,
+      tokenRefresh: { attempted: false, success: true }
+    };
+  }
+  const tokenForIdP = fresh.UIPATH_REFRESH_TOKEN ?? callerRefreshToken;
+  let refreshedAccess;
+  let refreshedRefresh;
+  try {
+    const config = await resolveConfig({ customAuthority });
+    const refreshed = await refreshFn({
+      refreshToken: tokenForIdP,
+      tokenEndpoint: config.tokenEndpoint,
+      clientId: config.clientId,
+      expectedAuthority: customAuthority
+    });
+    refreshedAccess = refreshed.accessToken;
+    refreshedRefresh = refreshed.refreshToken;
+  } catch (error) {
+    const isOAuthFailure = isTokenRefreshOAuthFailure(error);
+    const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
+    const message = isOAuthFailure ? normalizeTokenRefreshFailure() : normalizeTokenRefreshUnavailableFailure();
+    return {
+      kind: "fail",
+      status: {
+        loginStatus: "Refresh Failed",
+        hint,
+        tokenRefresh: {
+          attempted: true,
+          success: false,
+          errorMessage: message
+        }
+      }
+    };
+  }
+  const refreshedExp = getTokenExpiration(refreshedAccess);
+  if (!refreshedExp || refreshedExp <= new Date) {
+    return {
+      kind: "fail",
+      status: {
+        loginStatus: "Refresh Failed",
+        hint: "The identity server returned an unusable token. Run 'uip login' to re-authenticate.",
+        tokenRefresh: {
+          attempted: true,
+          success: false,
+          errorMessage: "refreshed token has no valid expiration claim"
+        }
+      }
+    };
+  }
+  try {
+    await saveEnvFile({
+      envPath: absolutePath,
+      data: {
+        UIPATH_ACCESS_TOKEN: refreshedAccess,
+        UIPATH_REFRESH_TOKEN: refreshedRefresh
+      },
+      merge: true
+    });
+    return {
+      kind: "ok",
+      accessToken: refreshedAccess,
+      refreshToken: refreshedRefresh,
+      expiration: refreshedExp,
+      tokenRefresh: { attempted: true, success: true }
+    };
+  } catch (error) {
+    const msg = errorMessage(error);
+    return {
+      kind: "ok",
+      accessToken: refreshedAccess,
+      refreshToken: refreshedRefresh,
+      expiration: refreshedExp,
+      persistenceWarning: `Access token refreshed in memory but could not be written to ${absolutePath}: ${msg}. The next CLI invocation will fail until the file can be updated — run 'uip login' to re-authenticate.`,
+      tokenRefresh: {
+        attempted: true,
+        success: true,
+        errorMessage: `persistence failed: ${msg}`
+      }
+    };
+  }
+}
 var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
   const {
     resolveEnvFilePath = resolveEnvFilePathAsync,
@@ -22400,73 +22775,103 @@ var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
   let refreshToken = credentials.UIPATH_REFRESH_TOKEN;
   let expiration = getTokenExpiration(accessToken);
   let persistenceWarning;
+  let lockReleaseFailed = false;
   let tokenRefresh;
-  const expirationThreshold = new Date(Date.now() + (ensureTokenValidityMinutes ?? 0) * 60 * 1000);
-  if (expiration && expiration <= expirationThreshold && refreshToken) {
-    let refreshedAccess;
-    let refreshedRefresh;
+  const outerThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
+  const tryGlobalCredsHint = async () => {
+    const fs7 = getFs();
+    const globalPath = fs7.path.join(fs7.env.homedir(), envFilePath);
+    if (absolutePath === globalPath)
+      return;
+    if (!await fs7.exists(globalPath))
+      return;
     try {
-      const config = await resolveConfig({
-        customAuthority: credentials.UIPATH_URL
-      });
-      const refreshed = await refreshTokenFn({
-        refreshToken,
-        tokenEndpoint: config.tokenEndpoint,
-        clientId: config.clientId,
-        expectedAuthority: credentials.UIPATH_URL
-      });
-      refreshedAccess = refreshed.accessToken;
-      refreshedRefresh = refreshed.refreshToken;
-    } catch (error) {
-      const isOAuthFailure = isTokenRefreshOAuthFailure(error);
-      const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
-      const errorMessage = isOAuthFailure ? normalizeTokenRefreshFailure() : normalizeTokenRefreshUnavailableFailure();
-      return {
-        loginStatus: "Refresh Failed",
-        hint,
-        tokenRefresh: {
-          attempted: true,
-          success: false,
-          errorMessage
-        }
-      };
+      const globalCreds = await loadEnvFile({ envPath: globalPath });
+      if (!globalCreds.UIPATH_ACCESS_TOKEN)
+        return;
+      const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
+      if (globalExp && globalExp <= new Date)
+        return;
+      return `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
+    } catch {
+      return;
     }
-    const refreshedExp = getTokenExpiration(refreshedAccess);
-    if (!refreshedExp || refreshedExp <= new Date) {
+  };
+  if (expiration && expiration <= outerThreshold && refreshToken) {
+    let release;
+    try {
+      release = await getFs().acquireLock(absolutePath);
+    } catch (error) {
+      const msg = errorMessage(error);
+      const globalHint = await tryGlobalCredsHint();
+      if (globalHint) {
+        return {
+          loginStatus: "Expired",
+          accessToken,
+          refreshToken,
+          baseUrl: credentials.UIPATH_URL,
+          organizationName: credentials.UIPATH_ORGANIZATION_NAME,
+          organizationId: credentials.UIPATH_ORGANIZATION_ID,
+          tenantName: credentials.UIPATH_TENANT_NAME,
+          tenantId: credentials.UIPATH_TENANT_ID,
+          expiration,
+          source: "file",
+          hint: globalHint,
+          tokenRefresh: {
+            attempted: false,
+            success: false,
+            errorMessage: `lock acquisition failed: ${msg}`
+          }
+        };
+      }
       return {
         loginStatus: "Refresh Failed",
-        hint: "The identity server returned an unusable token. Run 'uip login' to re-authenticate.",
+        hint: "Could not acquire the auth-file lock — too many concurrent `uip` processes, or a permission issue on the auth directory. Retry, or run 'uip login' to re-authenticate.",
         tokenRefresh: {
-          attempted: true,
+          attempted: false,
           success: false,
-          errorMessage: "refreshed token has no valid expiration claim"
+          errorMessage: `lock acquisition failed: ${msg}`
         }
       };
     }
-    accessToken = refreshedAccess;
-    refreshToken = refreshedRefresh;
-    expiration = refreshedExp;
+    let lockedFailure;
     try {
-      await saveEnvFile({
-        envPath: absolutePath,
-        data: {
-          UIPATH_ACCESS_TOKEN: accessToken,
-          UIPATH_REFRESH_TOKEN: refreshToken
-        },
-        merge: true
+      const outcome = await runRefreshLocked({
+        absolutePath,
+        refreshToken,
+        customAuthority: credentials.UIPATH_URL,
+        ensureTokenValidityMinutes,
+        loadEnvFile,
+        saveEnvFile,
+        refreshFn: refreshTokenFn,
+        resolveConfig
       });
-      tokenRefresh = {
-        attempted: true,
-        success: true
-      };
-    } catch (error) {
-      const msg = error instanceof Error ? error.message : String(error);
-      persistenceWarning = `Access token refreshed in memory but could not be written to ${absolutePath}: ${msg}. The next CLI invocation will fail until the file can be updated — run 'uip login' to re-authenticate.`;
-      tokenRefresh = {
-        attempted: true,
-        success: true,
-        errorMessage: `persistence failed: ${msg}`
-      };
+      if (outcome.kind === "fail") {
+        lockedFailure = outcome.status;
+      } else {
+        accessToken = outcome.accessToken;
+        refreshToken = outcome.refreshToken;
+        expiration = outcome.expiration;
+        tokenRefresh = outcome.tokenRefresh;
+        if (outcome.persistenceWarning) {
+          persistenceWarning = outcome.persistenceWarning;
+        }
+      }
+    } finally {
+      try {
+        await release();
+      } catch {
+        lockReleaseFailed = true;
+      }
+    }
+    if (lockedFailure) {
+      const globalHint = await tryGlobalCredsHint();
+      const base = globalHint ? {
+        ...lockedFailure,
+        loginStatus: "Expired",
+        hint: globalHint
+      } : lockedFailure;
+      return lockReleaseFailed ? { ...base, lockReleaseFailed: true } : base;
     }
   }
   const result = {
@@ -22481,23 +22886,13 @@ var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
     expiration,
     source: "file",
     ...persistenceWarning ? { hint: persistenceWarning, persistenceFailed: true } : {},
+    ...lockReleaseFailed ? { lockReleaseFailed: true } : {},
     ...tokenRefresh ? { tokenRefresh } : {}
   };
   if (result.loginStatus === "Expired") {
-    const fs7 = getFs();
-    const globalPath = fs7.path.join(fs7.env.homedir(), envFilePath);
-    if (absolutePath !== globalPath && await fs7.exists(globalPath)) {
-      try {
-        const globalCreds = await loadEnvFile({
-          envPath: globalPath
-        });
-        if (globalCreds.UIPATH_ACCESS_TOKEN) {
-          const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
-          if (!globalExp || globalExp > new Date) {
-            result.hint = `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
-          }
-        }
-      } catch {}
+    const globalHint = await tryGlobalCredsHint();
+    if (globalHint) {
+      result.hint = globalHint;
     }
   }
   return result;
@@ -22512,6 +22907,7 @@ var getLoginStatusAsync = async (options = {}) => {
 };
 init_src();
 init_src();
+init_server();
 async function resolveConfig(options) {
   const status = await getLoginStatusAsync();
   if (status.loginStatus !== "Logged in" || !status.baseUrl || !status.accessToken) {
@@ -22529,10 +22925,10 @@ async function resolveConfig(options) {
   return {
     config: new Configuration({
       basePath,
-      headers: {
+      headers: addSdkUserAgentHeader({
         Authorization: `Bearer ${bearerToken}`,
         "x-uipath-source": "UiPath.CLI"
-      }
+      }, SDK_USER_AGENT)
     }),
     organizationId: status.organizationId,
     tenantName: tenant
@@ -22548,6 +22944,7 @@ async function createApiClient(ApiClass, options) {
 }
 // ../../filesystem/src/node.ts
+import { randomUUID as randomUUID2 } from "node:crypto";
 import { existsSync as existsSync2 } from "node:fs";
 import * as fs13 from "node:fs/promises";
 import * as os5 from "node:os";
@@ -23164,6 +23561,13 @@ defineLazyProperty2(apps2, "safari", () => detectPlatformBinary2({
 var open_default2 = open2;
 // ../../filesystem/src/node.ts
+var LOCK_HEARTBEAT_MS2 = 5000;
+var LOCK_STALE_MS2 = 15000;
+var LOCK_MAX_WAIT_MS2 = 20000;
+var LOCK_MAX_HOLD_MS2 = 60000;
+var LOCK_RETRY_MIN_MS2 = 100;
+var LOCK_RETRY_JITTER_MS2 = 200;
 class NodeFileSystem2 {
   path = {
     join: path5.join,
@@ -23240,6 +23644,90 @@ class NodeFileSystem2 {
   async mkdir(dirPath) {
     await fs13.mkdir(dirPath, { recursive: true });
   }
+  async acquireLock(lockPath) {
+    const canonicalPath = await this.canonicalizeLockTarget(lockPath);
+    const lockFile = `${canonicalPath}.lock`;
+    const ownerId = randomUUID2();
+    const start = Date.now();
+    while (true) {
+      try {
+        await fs13.writeFile(lockFile, ownerId, { flag: "wx" });
+        return this.createLockRelease(lockFile, ownerId);
+      } catch (error) {
+        if (!this.hasErrnoCode(error, "EEXIST")) {
+          throw error;
+        }
+        const stats = await fs13.stat(lockFile).catch(() => null);
+        if (stats && Date.now() - stats.mtimeMs > LOCK_STALE_MS2) {
+          const reclaimed = await fs13.rm(lockFile, { force: true }).then(() => true).catch(() => false);
+          if (reclaimed)
+            continue;
+        }
+        if (Date.now() - start > LOCK_MAX_WAIT_MS2) {
+          throw new Error(`ELOCKED: timed out waiting for lock on ${canonicalPath}`);
+        }
+        await new Promise((resolve3) => setTimeout(resolve3, LOCK_RETRY_MIN_MS2 + Math.random() * LOCK_RETRY_JITTER_MS2));
+      }
+    }
+  }
+  async canonicalizeLockTarget(lockPath) {
+    const absolute = path5.resolve(lockPath);
+    const fullReal = await fs13.realpath(absolute).catch(() => null);
+    if (fullReal)
+      return fullReal;
+    const parent = path5.dirname(absolute);
+    const base = path5.basename(absolute);
+    const canonicalParent = await fs13.realpath(parent).catch(() => parent);
+    return path5.join(canonicalParent, base);
+  }
+  createLockRelease(lockFile, ownerId) {
+    const heartbeatStart = Date.now();
+    let heartbeatTimer;
+    let stopped = false;
+    const stopHeartbeat = () => {
+      stopped = true;
+      if (heartbeatTimer)
+        clearTimeout(heartbeatTimer);
+    };
+    const scheduleNextHeartbeat = () => {
+      if (stopped)
+        return;
+      if (Date.now() - heartbeatStart >= LOCK_MAX_HOLD_MS2) {
+        stopped = true;
+        return;
+      }
+      heartbeatTimer = setTimeout(() => {
+        runHeartbeat();
+      }, LOCK_HEARTBEAT_MS2);
+      heartbeatTimer.unref?.();
+    };
+    const runHeartbeat = async () => {
+      if (stopped)
+        return;
+      const current = await fs13.readFile(lockFile, "utf-8").catch(() => null);
+      if (stopped)
+        return;
+      if (current !== ownerId) {
+        stopped = true;
+        return;
+      }
+      const now = Date.now() / 1000;
+      await fs13.utimes(lockFile, now, now).catch(() => {});
+      scheduleNextHeartbeat();
+    };
+    scheduleNextHeartbeat();
+    let released = false;
+    return async () => {
+      if (released)
+        return;
+      released = true;
+      stopHeartbeat();
+      const current = await fs13.readFile(lockFile, "utf-8").catch(() => null);
+      if (current === ownerId) {
+        await fs13.rm(lockFile, { force: true });
+      }
+    };
+  }
   async rm(filePath) {
     await fs13.rm(filePath, { recursive: true, force: true });
   }
@@ -23285,7 +23773,10 @@ class NodeFileSystem2 {
     }
   }
   isEnoent(error) {
-    return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+    return this.hasErrnoCode(error, "ENOENT");
+  }
+  hasErrnoCode(error, code) {
+    return typeof error === "object" && error !== null && "code" in error && error.code === code;
   }
 }
@@ -23427,10 +23918,15 @@ async function extractErrorDetails(error, options) {
   }
   if (parsedBody?.errorCode && typeof parsedBody.errorCode === "string") {
     context.errorCode = parsedBody.errorCode;
+  } else if (parsedBody?.code && typeof parsedBody.code === "string") {
+    context.errorCode = parsedBody.code;
   }
   if (parsedBody?.requestId && typeof parsedBody.requestId === "string") {
     context.requestId = parsedBody.requestId;
   }
+  if (parsedBody?.traceId && typeof parsedBody.traceId === "string") {
+    context.traceId = parsedBody.traceId;
+  }
   if (status === 429) {
     const resp = response;
     const headersObj = resp?.headers;
@@ -23450,7 +23946,35 @@ async function extractErrorDetails(error, options) {
     }
   }
   const hasContext = Object.keys(context).length > 0;
-  return { result, message, details, ...hasContext ? { context } : {} };
+  let parsedErrors;
+  if (parsedBody?.errors && typeof parsedBody.errors === "object") {
+    const errors = {};
+    for (const [field, raw] of Object.entries(parsedBody.errors)) {
+      if (Array.isArray(raw)) {
+        const messages = raw.map((entry) => {
+          if (typeof entry === "string")
+            return entry;
+          if (entry && typeof entry === "object" && typeof entry.message === "string") {
+            return entry.message;
+          }
+          return String(entry);
+        }).filter(Boolean);
+        if (messages.length > 0)
+          errors[field] = messages;
+      } else if (typeof raw === "string") {
+        errors[field] = [raw];
+      }
+    }
+    if (Object.keys(errors).length > 0)
+      parsedErrors = errors;
+  }
+  return {
+    result,
+    message,
+    details,
+    ...hasContext ? { context } : {},
+    ...parsedErrors ? { parsedErrors } : {}
+  };
 }
 // ../../common/src/command-examples.ts
 var examplesByCommand = new WeakMap;
@@ -23459,30 +23983,30 @@ Command.prototype.examples = function(examples) {
   return this;
 };
 // ../../common/src/singleton.ts
-var PREFIX = "@uipath/common/";
-var _g = globalThis;
-function singleton(ctorOrName) {
+var PREFIX2 = "@uipath/common/";
+var _g2 = globalThis;
+function singleton2(ctorOrName) {
   const name = typeof ctorOrName === "string" ? ctorOrName : ctorOrName.name;
-  const key = Symbol.for(PREFIX + name);
+  const key = Symbol.for(PREFIX2 + name);
   return {
     get(fallback) {
-      return _g[key] ?? fallback;
+      return _g2[key] ?? fallback;
     },
     set(value) {
-      _g[key] = value;
+      _g2[key] = value;
     },
     clear() {
-      delete _g[key];
+      delete _g2[key];
     },
     getOrInit(factory, guard) {
-      const existing = _g[key];
+      const existing = _g2[key];
       if (existing != null && typeof existing === "object") {
         if (!guard || guard(existing)) {
           return existing;
         }
       }
       const instance = factory();
-      _g[key] = instance;
+      _g2[key] = instance;
       return instance;
     }
   };
@@ -23501,8 +24025,8 @@ function createStorage() {
   }
   return new mod.AsyncLocalStorage;
 }
-var storageSingleton = singleton("OutputStorage");
-var sinkSlot = singleton("OutputSink");
+var storageSingleton = singleton2("OutputStorage");
+var sinkSlot = singleton2("OutputSink");
 var outputStorage = storageSingleton.getOrInit(createStorage, (v) => ("getStore" in v));
 var CONSOLE_FALLBACK = {
   writeOut: (str) => process.stdout.write(str),
@@ -23520,8 +24044,8 @@ function getOutputSink() {
 // ../../common/src/completer.ts
 var COMPLETER_SYMBOL = Symbol.for("@uipath/common/completer");
 // ../../common/src/console-guard.ts
-var guardInstalledSlot = singleton("ConsoleGuardInstalled");
-var savedOriginalsSlot = singleton("ConsoleGuardOriginals");
+var guardInstalledSlot = singleton2("ConsoleGuardInstalled");
+var savedOriginalsSlot = singleton2("ConsoleGuardOriginals");
 // ../../common/src/constants.ts
 var DEFAULT_AUTH_TIMEOUT_MS2 = 5 * 60 * 1000;
 // ../../common/src/error-instructions.ts
@@ -28175,7 +28699,7 @@ var safeLoadAll = renamed("safeLoadAll", "loadAll");
 var safeDump = renamed("safeDump", "dump");
 // ../../common/src/logger.ts
-var logFilePathSlot = singleton("logFilePath");
+var logFilePathSlot = singleton2("logFilePath");
 function setGlobalLogFilePath(path4) {
   logFilePathSlot.set(path4);
 }
@@ -28359,16 +28883,16 @@ class SimpleLogger {
     }
   };
 }
-var loggerSingleton = singleton(SimpleLogger);
+var loggerSingleton = singleton2(SimpleLogger);
 var logger = SimpleLogger.getInstance();
 function getLogFilePath() {
   return logger.getLogFilePath();
 }
 // ../../common/src/output-format-context.ts
-var formatSlot = singleton("OutputFormat");
-var formatExplicitSlot = singleton("OutputFormatExplicit");
-var filterSlot = singleton("OutputFilter");
+var formatSlot = singleton2("OutputFormat");
+var formatExplicitSlot = singleton2("OutputFormatExplicit");
+var filterSlot = singleton2("OutputFilter");
 function getOutputFormat() {
   return formatSlot.get("json");
 }
@@ -28546,11 +29070,11 @@ class TelemetryService {
   }
 }
 // ../../common/src/telemetry/node-appinsights-telemetry-provider.ts
-var telemetryPropsSlot = singleton("TelemetryDefaultProps");
-var providerSlot = singleton("TelemetryProvider");
+var telemetryPropsSlot = singleton2("TelemetryDefaultProps");
+var providerSlot = singleton2("TelemetryProvider");
 // ../../common/src/telemetry/telemetry-init.ts
-var telemetryInstanceSlot = singleton("TelemetryService");
+var telemetryInstanceSlot = singleton2("TelemetryService");
 var DEFAULT_AI_CONNECTION_STRING = atob("SW5zdHJ1bWVudGF0aW9uS2V5PTliZDM3NDgyLTgxMGUtNDQyYS1hYWE2LWQzOGVmNjVjNjY3NDtJbmdlc3Rpb25FbmRwb2ludD1odHRwczovL3dlc3RldXJvcGUtNS5pbi5hcHBsaWNhdGlvbmluc2lnaHRzLmF6dXJlLmNvbS87TGl2ZUVuZHBvaW50PWh0dHBzOi8vd2VzdGV1cm9wZS5saXZlZGlhZ25vc3RpY3MubW9uaXRvci5henVyZS5jb20vO0FwcGxpY2F0aW9uSWQ9MzU2OTdlZjEtOGJkMC00ZjE5LWEyN2MtZDg3Y2NhYzY2ZDJj");
 function getGlobalTelemetryInstance() {
   const existing = telemetryInstanceSlot.get();
@@ -28619,6 +29143,60 @@ function escapeNonAscii(jsonText) {
 function needsAsciiSafeJson(sink) {
   return process.platform === "win32" && !sink.capabilities.isInteractive;
 }
+function isPlainRecord(value) {
+  if (value === null || typeof value !== "object")
+    return false;
+  const prototype = Object.getPrototypeOf(value);
+  return prototype === Object.prototype || prototype === null;
+}
+function toLowerCamelCaseKey(key) {
+  if (!key)
+    return key;
+  if (/[_\-\s]/.test(key)) {
+    const [firstPart, ...restParts] = key.split(/[_\-\s]+/).filter(Boolean);
+    if (!firstPart)
+      return key;
+    return [
+      toLowerCamelCaseSimpleKey(firstPart),
+      ...restParts.map((part) => {
+        const normalized = toLowerCamelCaseSimpleKey(part);
+        return normalized.charAt(0).toUpperCase() + normalized.slice(1);
+      })
+    ].join("");
+  }
+  return toLowerCamelCaseSimpleKey(key);
+}
+function toLowerCamelCaseSimpleKey(key) {
+  if (/^[A-Z0-9]+$/.test(key))
+    return key.toLowerCase();
+  return key.replace(/^[A-Z]+(?=[A-Z][a-z]|\d|$)|^[A-Z]/, (match) => match.toLowerCase());
+}
+function toPascalCaseKey(key) {
+  const lowerCamelKey = toLowerCamelCaseKey(key);
+  return lowerCamelKey ? lowerCamelKey.charAt(0).toUpperCase() + lowerCamelKey.slice(1) : lowerCamelKey;
+}
+function toPascalCaseData(value) {
+  if (Array.isArray(value))
+    return value.map(toPascalCaseData);
+  if (!isPlainRecord(value))
+    return value;
+  const result = {};
+  for (const [key, nestedValue] of Object.entries(value)) {
+    result[toPascalCaseKey(key)] = toPascalCaseData(nestedValue);
+  }
+  return result;
+}
+function normalizeDataKeys(data) {
+  return toPascalCaseData(data);
+}
+function normalizeOutputKeys(data) {
+  const result = {};
+  for (const [key, value] of Object.entries(data)) {
+    const pascalKey = toPascalCaseKey(key);
+    result[pascalKey] = pascalKey === "Data" ? value : toPascalCaseData(value);
+  }
+  return result;
+}
 function printOutput(data, format = "json", logFn, asciiSafe = false) {
   if (!data) {
     logFn("Empty response object. No data to display.");
@@ -28681,7 +29259,7 @@ function wrapText(text, width) {
 function printTable(data, logFn, externalLogValue) {
   if (data.length === 0)
     return;
-  const keys = Object.keys(data[0]).filter((key) => key !== "Code" && key !== "Log");
+  const keys = Object.keys(data[0]).filter((key) => !["code", "log"].includes(key.toLowerCase()));
   const maxWidths = keys.map((key) => Math.max(key.length, ...data.map((item) => cellToString(item[key]).length)));
   const header = keys.map((key, i2) => key.padEnd(maxWidths[i2])).join(" | ");
   logFn(header);
@@ -28696,7 +29274,7 @@ function printTable(data, logFn, externalLogValue) {
   }
 }
 function printVerticalTable(data, logFn = console.log, externalLogValue) {
-  const keys = Object.keys(data).filter((key) => key !== "Code" && key !== "Log");
+  const keys = Object.keys(data).filter((key) => !["code", "log"].includes(key.toLowerCase()));
   if (keys.length === 0)
     return;
   const maxKeyWidth = Math.max(...keys.map((key) => key.length));
@@ -28712,7 +29290,7 @@ function printVerticalTable(data, logFn = console.log, externalLogValue) {
 function printResizableTable(data, logFn = console.log, externalLogValue) {
   if (data.length === 0)
     return;
-  const keys = Object.keys(data[0]).filter((key) => key !== "Code" && key !== "Log");
+  const keys = Object.keys(data[0]).filter((key) => !["code", "log"].includes(key.toLowerCase()));
   if (keys.length === 0)
     return;
   if (!process.stdout.isTTY) {
@@ -28788,8 +29366,26 @@ function printResizableTable(data, logFn = console.log, externalLogValue) {
 function toYaml(data) {
   return dump(data);
 }
+class FilterEvaluationError extends Error {
+  __brand = "FilterEvaluationError";
+  filter;
+  instructions;
+  result = RESULTS.ValidationError;
+  constructor(filter, cause) {
+    const underlying = cause instanceof Error ? cause.message : String(cause);
+    super(`Filter '${filter}' failed to evaluate: ${underlying}`);
+    this.name = "FilterEvaluationError";
+    this.filter = filter;
+    this.instructions = `The --output-filter expression '${filter}' failed at evaluation time. ` + "Note that --output-filter operates on the 'Data' field of the envelope, not the full object. " + "For example, on a list result use 'length(@)' instead of 'Data | length(@)'.";
+  }
+}
 function applyFilter(data, filter) {
-  const result = search(data, filter);
+  let result;
+  try {
+    result = search(data, filter);
+  } catch (err) {
+    throw new FilterEvaluationError(filter, err);
+  }
   if (result == null)
     return [];
   if (Array.isArray(result)) {
@@ -28806,13 +29402,18 @@ function applyFilter(data, filter) {
 }
 var OutputFormatter;
 ((OutputFormatter) => {
-  function success(data) {
+  function success(data, options) {
     data.Log ??= getLogFilePath() || undefined;
+    const normalize = !options?.preserveDataKeys;
+    if (normalize) {
+      data.Data = normalizeDataKeys(data.Data);
+    }
     const filter = getOutputFilter();
     if (filter) {
-      data.Data = applyFilter(data.Data, filter);
+      const filtered = applyFilter(data.Data, filter);
+      data.Data = normalize ? normalizeDataKeys(filtered) : filtered;
     }
-    logOutput(data, getOutputFormat());
+    logOutput(normalizeOutputKeys(data), getOutputFormat());
   }
   OutputFormatter.success = success;
   function error(data) {
@@ -28822,7 +29423,7 @@ var OutputFormatter;
       result: data.Result,
       message: data.Message
     });
-    logOutput(data, getOutputFormat());
+    logOutput(normalizeOutputKeys(data), getOutputFormat());
   }
   OutputFormatter.error = error;
   function emitList(code, items, opts) {
@@ -28843,13 +29444,14 @@ var OutputFormatter;
   function log(data) {
     const format = getOutputFormat();
     const sink = getOutputSink();
+    const normalized = toPascalCaseData(data);
     if (format === "json") {
-      const json2 = JSON.stringify(data);
+      const json2 = JSON.stringify(normalized);
       const safe = needsAsciiSafeJson(sink) ? escapeNonAscii(json2) : json2;
       sink.writeErr(`${safe}
 `);
     } else {
-      for (const [key, value] of Object.entries(data)) {
+      for (const [key, value] of Object.entries(normalized)) {
         sink.writeErr(`${key}: ${value}
 `);
       }
@@ -28858,12 +29460,16 @@ var OutputFormatter;
   OutputFormatter.log = log;
   function formatToString(data) {
     const filter = getOutputFilter();
-    if (filter && "Data" in data && data.Data != null) {
-      data.Data = applyFilter(data.Data, filter);
+    if ("Data" in data && data.Data != null) {
+      data.Data = normalizeDataKeys(data.Data);
+      if (filter) {
+        data.Data = normalizeDataKeys(applyFilter(data.Data, filter));
+      }
     }
+    const output = normalizeOutputKeys(data);
     const lines = [];
     const sink = getOutputSink();
-    printOutput(data, getOutputFormat(), (msg) => {
+    printOutput(output, getOutputFormat(), (msg) => {
       lines.push(msg);
     }, needsAsciiSafeJson(sink));
     return lines.join(`
@@ -30274,6 +30880,22 @@ JSONPath.prototype.safeVm = {
   Script: SafeScript
 };
 JSONPath.prototype.vm = vm;
+// ../../common/src/polling/types.ts
+var PollOutcome = {
+  Completed: "completed",
+  Timeout: "timeout",
+  Interrupted: "interrupted",
+  Aborted: "aborted",
+  Failed: "failed"
+};
+// ../../common/src/polling/poll-failure-mapping.ts
+var REASON_BY_OUTCOME = {
+  [PollOutcome.Timeout]: "poll_timeout",
+  [PollOutcome.Failed]: "poll_failed",
+  [PollOutcome.Interrupted]: "poll_failed",
+  [PollOutcome.Aborted]: "poll_aborted"
+};
 // ../../common/src/polling/terminal-statuses.ts
 var TERMINAL_STATUSES = new Set([
   "completed",
@@ -30301,8 +30923,10 @@ var ScreenLogger;
   }
   ScreenLogger.progress = progress;
 })(ScreenLogger ||= {});
+// ../../common/src/sdk-user-agent.ts
+var sdkUserAgentHostToken2 = singleton2("SdkUserAgentHostToken");
 // ../../common/src/tool-provider.ts
-var factorySlot = singleton("PackagerFactoryProvider");
+var factorySlot = singleton2("PackagerFactoryProvider");
 // ../../common/src/telemetry/pii-redactor.ts
 var REDACTED = "[REDACTED]";
 var MAX_VALUE_LENGTH = 200;
@@ -30428,7 +31052,7 @@ function redactProperties(properties) {
 }
 // ../../common/src/trackedAction.ts
-var pollSignalSlot = singleton("PollSignal");
+var pollSignalSlot = singleton2("PollSignal");
 var processContext = {
   exit: (code) => {
     process.exitCode = code;
@@ -30479,17 +31103,21 @@ Command.prototype.trackedAction = function(context, fn, properties) {
     const telemetryName = deriveCommandPath(command);
     const props = typeof properties === "function" ? properties(...args) : properties;
     const startTime = performance.now();
-    let errorMessage;
+    let errorMessage2;
     const [error] = await catchError2(fn(...args));
     if (error) {
-      errorMessage = error instanceof Error ? error.message : String(error);
-      logger.error(`[trackedAction] ${telemetryName} failed: ${errorMessage}`);
+      errorMessage2 = error instanceof Error ? error.message : String(error);
+      logger.debug(`[trackedAction] ${telemetryName} failed: ${errorMessage2}`);
+      const typed = error;
+      const customInstructions = typeof typed.instructions === "string" ? typed.instructions : undefined;
+      const customResult = typeof typed.result === "string" && typed.result !== RESULTS.Success && Object.values(RESULTS).includes(typed.result) ? typed.result : undefined;
+      const finalResult = customResult ?? RESULTS.Failure;
       OutputFormatter.error({
-        Result: RESULTS.Failure,
-        Message: errorMessage,
-        Instructions: "An unexpected error occurred. Run with --log-level debug for details."
+        Result: finalResult,
+        Message: errorMessage2,
+        Instructions: customInstructions ?? "An unexpected error occurred. Run with --log-level debug for details."
       });
-      context.exit(1);
+      context.exit(EXIT_CODES[finalResult]);
     }
     const durationMs = performance.now() - startTime;
     const success = !error && (process.exitCode === undefined || process.exitCode === 0);
@@ -30498,7 +31126,7 @@ Command.prototype.trackedAction = function(context, fn, properties) {
       ...props,
       duration: String(durationMs),
       success: String(success),
-      ...errorMessage ? { errorMessage } : {}
+      ...errorMessage2 ? { errorMessage: errorMessage2 } : {}
     }));
   });
 };
@@ -30519,14 +31147,14 @@ async function reportError(error, loginInstructions) {
 // src/helpers/validators.ts
 var IPV4_OCTET = /^(25[0-5]|2[0-4]\d|[01]?\d?\d)$/;
-function errorMessage(err) {
+function errorMessage2(err) {
   return err instanceof Error ? err.message : String(err);
 }
 function asInvalidArgument(fn) {
   try {
     return fn();
   } catch (err) {
-    throw new InvalidArgumentError(errorMessage(err));
+    throw new InvalidArgumentError(errorMessage2(err));
   }
 }
 function assertIpv4(value, label) {
@@ -31200,7 +31828,7 @@ function appendTrustedCert(value, previous) {
   try {
     return [...previous, assertTrustedCertSpec(value)];
   } catch (err) {
-    throw new InvalidArgumentError(errorMessage(err));
+    throw new InvalidArgumentError(errorMessage2(err));
   }
 }
 var LOGIN_INSTRUCTIONS2 = "Ensure you are logged in with 'uip login' and that your account has org-admin access to the Hypervisor service. Pass --tenant <name> to target a tenant other than your login context.";