@uipath/agent-sdk 1.195.0 → 1.197.0-preview.59

package/dist/index.js

@@ -19164,6 +19164,9 @@ function singleton(ctorOrName) {
   };
 }
 
+// ../common/src/telemetry/global-telemetry-properties.ts
+var telemetryPropsSlot = singleton("TelemetryDefaultProps");
+
 // ../common/src/sdk-user-agent.ts
 var USER_AGENT_HEADER = "User-Agent";
 var sdkUserAgentHostToken = singleton("SdkUserAgentHostToken");
@@ -19187,8 +19190,8 @@ function appendUserAgentToken(value, userAgent) {
 function getEffectiveUserAgent(userAgent) {
   return appendUserAgentToken(sdkUserAgentHostToken.get(), userAgent);
 }
-function isHeadersLike(headers) {
-  return typeof headers === "object" && headers !== null && "get" in headers && typeof headers.get === "function" && "set" in headers && typeof headers.set === "function";
+function getHeaderName(headers, headerName) {
+  return Object.keys(headers).find((key) => key.toLowerCase() === headerName.toLowerCase());
 }
 function getSdkUserAgentToken(pkg) {
   const packageName = pkg.name.replace(/^@uipath\//, "");
@@ -19196,59 +19199,31 @@ function getSdkUserAgentToken(pkg) {
 }
 function addSdkUserAgentHeader(headers, userAgent) {
   const result = { ...headers ?? {} };
-  const effectiveUserAgent = getEffectiveUserAgent(userAgent);
-  const headerName = Object.keys(result).find((key) => key.toLowerCase() === USER_AGENT_HEADER.toLowerCase());
-  if (headerName) {
-    result[headerName] = appendUserAgentToken(result[headerName], effectiveUserAgent);
-  } else {
-    result[USER_AGENT_HEADER] = effectiveUserAgent;
-  }
+  const headerName = getHeaderName(result, USER_AGENT_HEADER);
+  result[headerName ?? USER_AGENT_HEADER] = appendUserAgentToken(headerName ? result[headerName] : undefined, getEffectiveUserAgent(userAgent));
   return result;
 }
-function withSdkUserAgentHeader(headers, userAgent) {
-  const effectiveUserAgent = getEffectiveUserAgent(userAgent);
-  if (isHeadersLike(headers)) {
-    headers.set(USER_AGENT_HEADER, appendUserAgentToken(headers.get(USER_AGENT_HEADER), effectiveUserAgent));
-    return headers;
-  }
-  if (Array.isArray(headers)) {
-    const result = headers.map((entry) => {
-      const [key, value] = entry;
-      return [key, value];
-    });
-    const headerIndex = result.findIndex(([key]) => key.toLowerCase() === USER_AGENT_HEADER.toLowerCase());
-    if (headerIndex >= 0) {
-      const [key, value] = result[headerIndex];
-      result[headerIndex] = [
-        key,
-        appendUserAgentToken(value, effectiveUserAgent)
-      ];
-    } else {
-      result.push([USER_AGENT_HEADER, effectiveUserAgent]);
-    }
-    return result;
-  }
-  return addSdkUserAgentHeader(typeof headers === "object" && headers !== null ? { ...headers } : {}, effectiveUserAgent);
+function asHeaderRecord(headers) {
+  return typeof headers === "object" && headers !== null ? { ...headers } : {};
 }
-function withUserAgentInitOverride(initOverrides, userAgent) {
+function withForwardedHeadersInitOverride(initOverrides, forward) {
   return async (requestContext) => {
-    const initWithUserAgent = {
+    const initWithHeaders = {
       ...requestContext.init,
-      headers: withSdkUserAgentHeader(requestContext.init.headers, userAgent)
+      headers: forward(asHeaderRecord(requestContext.init.headers))
     };
     const override = typeof initOverrides === "function" ? await initOverrides({
       ...requestContext,
-      init: initWithUserAgent
+      init: initWithHeaders
     }) : initOverrides;
     return {
       ...override ?? {},
-      headers: withSdkUserAgentHeader(override?.headers ?? initWithUserAgent.headers, userAgent)
+      headers: forward(asHeaderRecord(override?.headers ?? initWithHeaders.headers))
     };
   };
 }
-function installSdkUserAgentHeader(BaseApiClass, userAgent) {
+function installRequestHeaderForwarding(BaseApiClass, patchKey, forward) {
   const prototype = BaseApiClass.prototype;
-  const patchKey = userAgentPatchKey(userAgent);
   if (prototype[patchKey]) {
     return;
   }
@@ -19256,13 +19231,16 @@ function installSdkUserAgentHeader(BaseApiClass, userAgent) {
     throw new Error("Generated BaseAPI request function not found.");
   }
   const originalRequest = prototype.request;
-  prototype.request = function requestWithUserAgent(context, initOverrides) {
-    return originalRequest.call(this, context, withUserAgentInitOverride(initOverrides, userAgent));
+  prototype.request = function requestWithForwardedHeaders(context, initOverrides) {
+    return originalRequest.call(this, context, withForwardedHeadersInitOverride(initOverrides, forward));
   };
   Object.defineProperty(prototype, patchKey, {
     value: true
   });
 }
+function installSdkUserAgentHeader(BaseApiClass, userAgent) {
+  installRequestHeaderForwarding(BaseApiClass, userAgentPatchKey(userAgent), (headers) => addSdkUserAgentHeader(headers, userAgent));
+}
 
 // generated/src/runtime.ts
 var BASE_PATH = "http://localhost".replace(/\/+$/, "");
@@ -19575,7 +19553,7 @@ class TextApiResponse {
 var package_default = {
   name: "@uipath/agent-sdk",
   license: "MIT",
-  version: "1.195.0",
+  version: "1.197.0-preview.59",
   description: "SDK for the UiPath Agent Runtime API — evaluation execution and debug sessions.",
   repository: {
     type: "git",
@@ -19604,7 +19582,7 @@ var package_default = {
     "dist"
   ],
   scripts: {
-    build: "bun build ./src/index.ts --outdir dist --format esm --target node && tsc -p tsconfig.build.json --noCheck",
+    build: "bun build ./src/index.ts --outdir dist --format esm --target node --sourcemap=linked && tsc -p tsconfig.build.json --noCheck",
     generate: "bun run src/scripts/generate-sdk.ts",
     test: "vitest run",
     "test:coverage": "vitest run --coverage",
@@ -22607,6 +22585,12 @@ var normalizeAndValidateBaseUrl = (rawUrl) => {
   }
   return url.pathname.length > 1 ? url.origin : baseUrl;
 };
+var resolveScopes = (isExternalAppAuth, customScopes, fileScopes) => {
+  const requestedScopes = customScopes?.length ? customScopes : fileScopes ?? [];
+  if (isExternalAppAuth)
+    return requestedScopes;
+  return [...new Set([...DEFAULT_SCOPES, ...requestedScopes])];
+};
 var resolveConfigAsync = async ({
   customAuthority,
   customClientId,
@@ -22637,7 +22621,7 @@ var resolveConfigAsync = async ({
     clientSecret = fileAuth.clientSecret;
   }
   const isExternalAppAuth = clientId !== DEFAULT_CLIENT_ID && Boolean(clientSecret);
-  const scopes = customScopes && customScopes.length > 0 ? customScopes : fileAuth.scopes && fileAuth.scopes.length > 0 ? fileAuth.scopes : isExternalAppAuth ? [] : DEFAULT_SCOPES;
+  const scopes = resolveScopes(isExternalAppAuth, customScopes, fileAuth.scopes);
   return {
     clientId,
     clientSecret,
@@ -22652,6 +22636,76 @@ var resolveConfigAsync = async ({
 init_constants();
 // ../auth/src/loginStatus.ts
 init_src();
+
+// ../auth/src/authProfile.ts
+init_src();
+init_constants();
+var DEFAULT_AUTH_PROFILE = "default";
+var PROFILE_DIR = "profiles";
+var PROFILE_NAME_RE = /^[A-Za-z0-9._-]+$/;
+var ACTIVE_AUTH_PROFILE_KEY = Symbol.for("@uipath/auth/ActiveAuthProfile");
+var AUTH_PROFILE_STORAGE_KEY = Symbol.for("@uipath/auth/ProfileStorage");
+var globalSlot2 = globalThis;
+function isAuthProfileStorage(value) {
+  return value !== null && typeof value === "object" && "getStore" in value && "run" in value;
+}
+function createProfileStorage() {
+  const [error, mod] = catchError(() => __require("node:async_hooks"));
+  if (error || typeof mod?.AsyncLocalStorage !== "function") {
+    return {
+      getStore: () => {
+        return;
+      },
+      run: (_store, fn) => fn()
+    };
+  }
+  return new mod.AsyncLocalStorage;
+}
+function getProfileStorage() {
+  const existing = globalSlot2[AUTH_PROFILE_STORAGE_KEY];
+  if (isAuthProfileStorage(existing)) {
+    return existing;
+  }
+  const storage = createProfileStorage();
+  globalSlot2[AUTH_PROFILE_STORAGE_KEY] = storage;
+  return storage;
+}
+var profileStorage = getProfileStorage();
+
+class AuthProfileValidationError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "AuthProfileValidationError";
+  }
+}
+function normalizeAuthProfileName(profile) {
+  if (profile === undefined || profile === DEFAULT_AUTH_PROFILE) {
+    return;
+  }
+  if (profile.length === 0 || profile === "." || profile === ".." || !PROFILE_NAME_RE.test(profile)) {
+    throw new AuthProfileValidationError(`Invalid profile name "${profile}". Profile names may contain only letters, numbers, '.', '_', and '-'.`);
+  }
+  return profile;
+}
+function getActiveAuthProfile() {
+  const scopedState = profileStorage.getStore();
+  if (scopedState !== undefined) {
+    return scopedState.profile;
+  }
+  return globalSlot2[ACTIVE_AUTH_PROFILE_KEY]?.profile;
+}
+function resolveAuthProfileFilePath(profile) {
+  const normalized = normalizeAuthProfileName(profile);
+  if (normalized === undefined) {
+    throw new AuthProfileValidationError(`"${DEFAULT_AUTH_PROFILE}" is the built-in profile and does not have a profile file path.`);
+  }
+  const fs7 = getFileSystem();
+  return fs7.path.join(fs7.env.homedir(), UIPATH_HOME_DIR, PROFILE_DIR, normalized, AUTH_FILENAME);
+}
+function getActiveAuthProfileFilePath() {
+  const profile = getActiveAuthProfile();
+  return profile ? resolveAuthProfileFilePath(profile) : undefined;
+}
 // ../auth/src/utils/jwt.ts
 class InvalidIssuerError extends Error {
   expected;
@@ -22780,23 +22834,74 @@ var readAuthFromEnv = () => {
     organizationId,
     tenantName,
     tenantId,
-    expiration
+    expiration,
+    source: "env" /* Env */
   };
 };
 
+// ../auth/src/refreshCircuitBreaker.ts
+init_src();
+var BREAKER_SUFFIX = ".refresh-state";
+var BACKOFF_BASE_MS = 60000;
+var BACKOFF_CAP_MS = 60 * 60 * 1000;
+var SURFACE_WINDOW_MS = 60 * 60 * 1000;
+async function refreshTokenFingerprint(refreshToken) {
+  const bytes = new TextEncoder().encode(refreshToken);
+  if (globalThis.crypto?.subtle) {
+    const digest = await globalThis.crypto.subtle.digest("SHA-256", bytes);
+    return Array.from(new Uint8Array(digest), (b) => b.toString(16).padStart(2, "0")).join("").slice(0, 16);
+  }
+  const { createHash } = await import("node:crypto");
+  return createHash("sha256").update(refreshToken).digest("hex").slice(0, 16);
+}
+function breakerPathFor(authPath) {
+  return `${authPath}${BREAKER_SUFFIX}`;
+}
+async function loadRefreshBreaker(authPath) {
+  const fs7 = getFileSystem();
+  try {
+    const content = await fs7.readFile(breakerPathFor(authPath), "utf-8");
+    if (!content)
+      return {};
+    const parsed = JSON.parse(content);
+    return parsed && typeof parsed === "object" ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+async function saveRefreshBreaker(authPath, state) {
+  try {
+    const fs7 = getFileSystem();
+    const path3 = breakerPathFor(authPath);
+    await fs7.mkdir(fs7.path.dirname(path3));
+    const tempPath = `${path3}.tmp`;
+    await fs7.writeFile(tempPath, JSON.stringify(state));
+    await fs7.rename(tempPath, path3);
+  } catch {}
+}
+async function clearRefreshBreaker(authPath) {
+  const fs7 = getFileSystem();
+  const path3 = breakerPathFor(authPath);
+  try {
+    if (await fs7.exists(path3)) {
+      await fs7.rm(path3);
+    }
+  } catch {}
+}
+function nextBackoffMs(attempts) {
+  const shift = Math.max(0, attempts - 1);
+  return Math.min(BACKOFF_BASE_MS * 2 ** shift, BACKOFF_CAP_MS);
+}
+function shouldSurface(state, nowMs) {
+  if (state.lastSurfacedAtMs === undefined)
+    return true;
+  return nowMs - state.lastSurfacedAtMs >= SURFACE_WINDOW_MS;
+}
+
 // ../auth/src/robotClientFallback.ts
 init_src();
 var DEFAULT_TIMEOUT_MS = 1000;
 var CLOSE_TIMEOUT_MS = 500;
-var NOTICE_SENTINEL = Symbol.for("@uipath/auth/robotFallbackNoticePrinted");
-var printNoticeOnce = () => {
-  const slot = globalThis;
-  if (slot[NOTICE_SENTINEL])
-    return;
-  slot[NOTICE_SENTINEL] = true;
-  catchError(() => process.stderr.write(`Using UiPath Robot credentials. Run 'uip login' for a dedicated session.
-`));
-};
 var ROBOT_USER_SERVICES_PIPE = "UiPathUserServices";
 var ROBOT_USER_SERVICES_ALTERNATE_PIPE = `${ROBOT_USER_SERVICES_PIPE}Alternate`;
 var PIPE_NAME_MAX_LENGTH = 103;
@@ -22841,11 +22946,11 @@ var parseResourceUrl = (url) => {
   if (error || !parsed)
     return;
   const segments = parsed.pathname.split("/").filter(Boolean);
-  const organizationName = segments[0];
-  const tenantName = segments[1];
-  if (!organizationName || !tenantName)
-    return;
-  return { baseUrl: parsed.origin, organizationName, tenantName };
+  return {
+    baseUrl: parsed.origin,
+    organizationName: segments[0],
+    tenantName: segments[1]
+  };
 };
 var defaultLoadModule = async () => {
   const [error, mod] = await catchError(() => Promise.resolve().then(() => __toESM(require_dist(), 1)));
@@ -22896,6 +23001,7 @@ var tryRobotClientFallback = async (options = {}) => {
     }
     let organizationIdFromToken;
     let tenantIdFromToken;
+    let issuerFromToken;
     const [jwtError, claims] = catchError(() => parseJWT(accessToken));
     if (!jwtError && claims) {
       const rawOrgId = claims.prtId ?? claims.organizationId ?? claims.prt_id;
@@ -22906,15 +23012,19 @@ var tryRobotClientFallback = async (options = {}) => {
       if (typeof tenantClaim === "string" && tenantClaim.length > 0) {
         tenantIdFromToken = tenantClaim;
       }
+      const issClaim = claims.iss;
+      if (typeof issClaim === "string" && issClaim.length > 0) {
+        issuerFromToken = issClaim;
+      }
     }
-    printNoticeOnce();
     return {
       accessToken,
       baseUrl: parsedUrl.baseUrl,
       organizationName: parsedUrl.organizationName,
       organizationId: organizationIdFromToken ?? parsedUrl.organizationName,
       tenantName: parsedUrl.tenantName,
-      tenantId: tenantIdFromToken
+      tenantId: tenantIdFromToken,
+      issuer: issuerFromToken
     };
   } catch {
     return;
@@ -23016,7 +23126,7 @@ var probeAsync = async (fs7, candidate) => {
     };
   }
 };
-var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME) => {
+var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME, opts) => {
   const fs7 = getFileSystem();
   if (fs7.path.isAbsolute(envFilePath)) {
     const probe2 = await probeAsync(fs7, envFilePath);
@@ -23027,7 +23137,7 @@ var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME) =>
       ...probe2.unusable ? { unusable: probe2.unusable } : {}
     };
   }
-  const cwd = fs7.env.cwd();
+  const cwd = opts?.cwd ?? fs7.env.cwd();
   let searchDir = cwd;
   while (true) {
     const candidate = fs7.path.join(searchDir, envFilePath);
@@ -23057,8 +23167,8 @@ var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME) =>
     ...probe.unusable ? { unusable: probe.unusable } : {}
   };
 };
-var resolveEnvFilePathAsync = async (envFilePath = DEFAULT_ENV_FILENAME) => {
-  const location = await resolveEnvFileLocationAsync(envFilePath);
+var resolveEnvFilePathAsync = async (envFilePath = DEFAULT_ENV_FILENAME, opts) => {
+  const location = await resolveEnvFileLocationAsync(envFilePath, opts);
   if (location.exists) {
     return { absolutePath: location.absolutePath };
   }
@@ -23131,18 +23241,327 @@ var saveEnvFileAsync = async ({
 };
 
 // ../auth/src/loginStatus.ts
-function normalizeTokenRefreshFailure() {
-  return "stored refresh token is invalid or expired";
+var getLoginStatusAsync = async (options = {}) => {
+  return getLoginStatusWithDeps(options);
+};
+var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
+  const {
+    resolveEnvFilePath = resolveEnvFilePathAsync,
+    loadEnvFile = loadEnvFileAsync,
+    saveEnvFile = saveEnvFileAsync,
+    getFs = getFileSystem,
+    refreshToken: refreshTokenFn = refreshAccessToken,
+    resolveConfig = resolveConfigAsync,
+    robotFallback = tryRobotClientFallback,
+    loadBreaker = loadRefreshBreaker,
+    saveBreaker = saveRefreshBreaker,
+    clearBreaker = clearRefreshBreaker
+  } = deps;
+  if (isRobotAuthEnforced()) {
+    return resolveRobotEnforcedStatus(robotFallback);
+  }
+  if (isEnvAuthEnabled()) {
+    return readAuthFromEnv();
+  }
+  const activeProfile = getActiveAuthProfile();
+  const activeProfileFilePath = getActiveAuthProfileFilePath();
+  const usingActiveProfile = activeProfile !== undefined && (options.envFilePath === undefined || options.envFilePath === activeProfileFilePath);
+  const envFilePath = options.envFilePath ?? activeProfileFilePath ?? DEFAULT_ENV_FILENAME;
+  const { ensureTokenValidityMinutes } = options;
+  const { absolutePath } = await resolveEnvFilePath(envFilePath);
+  if (absolutePath === undefined) {
+    if (usingActiveProfile) {
+      return {
+        loginStatus: "Not logged in",
+        hint: `No credentials found for profile "${activeProfile}". Run 'uip login --profile ${activeProfile}' to authenticate this profile.`
+      };
+    }
+    return resolveBorrowedRobotStatus(robotFallback);
+  }
+  const loaded = await loadFileCredentials(loadEnvFile, absolutePath);
+  if ("status" in loaded) {
+    return loaded.status;
+  }
+  const { credentials } = loaded;
+  const globalHint = () => usingActiveProfile ? Promise.resolve(undefined) : getGlobalCredsHint(getFs, loadEnvFile, absolutePath, envFilePath);
+  const expiration = getTokenExpiration(credentials.UIPATH_ACCESS_TOKEN);
+  const outerThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
+  let tokens = {
+    accessToken: credentials.UIPATH_ACCESS_TOKEN,
+    refreshToken: credentials.UIPATH_REFRESH_TOKEN,
+    expiration,
+    lockReleaseFailed: false
+  };
+  const refreshToken = credentials.UIPATH_REFRESH_TOKEN;
+  if (expiration && expiration <= outerThreshold && refreshToken) {
+    const refreshed = await attemptRefresh({
+      absolutePath,
+      credentials,
+      accessToken: credentials.UIPATH_ACCESS_TOKEN,
+      refreshToken,
+      expiration,
+      ensureTokenValidityMinutes,
+      getFs,
+      loadEnvFile,
+      saveEnvFile,
+      refreshFn: refreshTokenFn,
+      resolveConfig,
+      loadBreaker,
+      saveBreaker,
+      clearBreaker,
+      globalHint
+    });
+    if (refreshed.kind === "terminal") {
+      return refreshed.status;
+    }
+    tokens = refreshed.tokens;
+  }
+  return buildFileStatus(tokens, credentials, globalHint);
+};
+async function resolveRobotEnforcedStatus(robotFallback) {
+  if (isEnvAuthEnabled()) {
+    throw new EnvAuthConfigError(`${ENV_AUTH_ENABLE_VAR}=true and ${ENFORCE_ROBOT_AUTH_VAR}=true ` + `are mutually exclusive. Unset one of them and re-run.`);
+  }
+  const robotCreds = await robotFallback({ force: true });
+  if (!robotCreds) {
+    return {
+      loginStatus: "Not logged in",
+      hint: `${ENFORCE_ROBOT_AUTH_VAR}=true but the UiPath Robot ` + `session is unavailable. Start and sign in to the Assistant, ` + `or unset ${ENFORCE_ROBOT_AUTH_VAR} to fall back to file or ` + `env-var authentication.`
+    };
+  }
+  return buildRobotStatus(robotCreds);
 }
-function normalizeTokenRefreshUnavailableFailure() {
-  return "token refresh failed before authentication completed";
+async function resolveBorrowedRobotStatus(robotFallback) {
+  const robotCreds = await robotFallback();
+  return robotCreds ? buildRobotStatus(robotCreds) : { loginStatus: "Not logged in" };
 }
-function errorMessage(error) {
-  return error instanceof Error ? error.message : String(error);
+async function loadFileCredentials(loadEnvFile, absolutePath) {
+  let credentials;
+  try {
+    credentials = await loadEnvFile({ envPath: absolutePath });
+  } catch (error) {
+    if (isFileNotFoundError(error)) {
+      return { status: { loginStatus: "Not logged in" } };
+    }
+    throw error;
+  }
+  if (!credentials.UIPATH_ACCESS_TOKEN) {
+    return { status: { loginStatus: "Not logged in" } };
+  }
+  return { credentials };
+}
+async function getGlobalCredsHint(getFs, loadEnvFile, absolutePath, envFilePath) {
+  const fs7 = getFs();
+  const globalPath = fs7.path.join(fs7.env.homedir(), envFilePath);
+  if (absolutePath === globalPath)
+    return;
+  if (!await fs7.exists(globalPath))
+    return;
+  try {
+    const globalCreds = await loadEnvFile({ envPath: globalPath });
+    if (!globalCreds.UIPATH_ACCESS_TOKEN)
+      return;
+    const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
+    if (globalExp && globalExp <= new Date)
+      return;
+    return `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
+  } catch {
+    return;
+  }
 }
 function computeExpirationThreshold(ensureTokenValidityMinutes) {
   return new Date(Date.now() + (ensureTokenValidityMinutes ?? 0) * 60 * 1000);
 }
+async function attemptRefresh(ctx) {
+  const shortCircuit = await circuitBreakerShortCircuit(ctx);
+  if (shortCircuit) {
+    return { kind: "terminal", status: shortCircuit };
+  }
+  let release;
+  try {
+    release = await ctx.getFs().acquireLock(ctx.absolutePath);
+  } catch (error) {
+    return {
+      kind: "terminal",
+      status: await lockAcquireFailureStatus(ctx, error)
+    };
+  }
+  let lockedFailure;
+  let lockReleaseFailed = false;
+  let success;
+  try {
+    const outcome = await runRefreshLocked({
+      absolutePath: ctx.absolutePath,
+      refreshToken: ctx.refreshToken,
+      customAuthority: ctx.credentials.UIPATH_URL,
+      ensureTokenValidityMinutes: ctx.ensureTokenValidityMinutes,
+      loadEnvFile: ctx.loadEnvFile,
+      saveEnvFile: ctx.saveEnvFile,
+      refreshFn: ctx.refreshFn,
+      resolveConfig: ctx.resolveConfig,
+      loadBreaker: ctx.loadBreaker,
+      saveBreaker: ctx.saveBreaker,
+      clearBreaker: ctx.clearBreaker
+    });
+    if (outcome.kind === "fail") {
+      lockedFailure = outcome.status;
+    } else {
+      success = outcome;
+    }
+  } finally {
+    try {
+      await release();
+    } catch {
+      lockReleaseFailed = true;
+    }
+  }
+  if (lockedFailure) {
+    const globalHint = await ctx.globalHint();
+    const base = globalHint ? { ...lockedFailure, loginStatus: "Expired", hint: globalHint } : lockedFailure;
+    return {
+      kind: "terminal",
+      status: lockReleaseFailed ? { ...base, lockReleaseFailed: true } : base
+    };
+  }
+  return {
+    kind: "refreshed",
+    tokens: {
+      accessToken: success?.accessToken,
+      refreshToken: success?.refreshToken,
+      expiration: success?.expiration,
+      tokenRefresh: success?.tokenRefresh,
+      persistenceWarning: success?.persistenceWarning,
+      lockReleaseFailed
+    }
+  };
+}
+async function buildFileStatus(tokens, credentials, globalHint) {
+  const result = {
+    loginStatus: tokens.expiration && tokens.expiration <= new Date ? "Expired" : "Logged in",
+    accessToken: tokens.accessToken,
+    refreshToken: tokens.refreshToken,
+    baseUrl: credentials.UIPATH_URL,
+    organizationName: credentials.UIPATH_ORGANIZATION_NAME,
+    organizationId: credentials.UIPATH_ORGANIZATION_ID,
+    tenantName: credentials.UIPATH_TENANT_NAME,
+    tenantId: credentials.UIPATH_TENANT_ID,
+    expiration: tokens.expiration,
+    source: "file" /* File */,
+    ...tokens.persistenceWarning ? { hint: tokens.persistenceWarning, persistenceFailed: true } : {},
+    ...tokens.lockReleaseFailed ? { lockReleaseFailed: true } : {},
+    ...tokens.tokenRefresh ? { tokenRefresh: tokens.tokenRefresh } : {}
+  };
+  if (result.loginStatus === "Expired") {
+    const hint = await globalHint();
+    if (hint) {
+      result.hint = hint;
+    }
+  }
+  return result;
+}
+function buildRobotStatus(robotCreds) {
+  return {
+    loginStatus: "Logged in",
+    accessToken: robotCreds.accessToken,
+    baseUrl: robotCreds.baseUrl,
+    organizationName: robotCreds.organizationName,
+    organizationId: robotCreds.organizationId,
+    tenantName: robotCreds.tenantName,
+    tenantId: robotCreds.tenantId,
+    issuer: robotCreds.issuer,
+    expiration: getTokenExpiration(robotCreds.accessToken),
+    source: "robot" /* Robot */
+  };
+}
+var isFileNotFoundError = (error) => {
+  if (!(error instanceof Object))
+    return false;
+  return error.code === "ENOENT";
+};
+async function circuitBreakerShortCircuit(ctx) {
+  const {
+    absolutePath,
+    refreshToken,
+    accessToken,
+    credentials,
+    expiration,
+    loadBreaker,
+    saveBreaker,
+    clearBreaker
+  } = ctx;
+  const fingerprint = await refreshTokenFingerprint(refreshToken);
+  const breaker = await loadBreaker(absolutePath).catch(() => ({}));
+  if (breaker.deadTokenFp && breaker.deadTokenFp !== fingerprint) {
+    await clearBreaker(absolutePath);
+    breaker.deadTokenFp = undefined;
+  }
+  const nowMs = Date.now();
+  const tokenIsDead = breaker.deadTokenFp === fingerprint;
+  const inBackoff = breaker.backoffUntilMs !== undefined && nowMs < breaker.backoffUntilMs;
+  if (!tokenIsDead && !inBackoff)
+    return;
+  const globalHint = await ctx.globalHint();
+  const suppressed = !shouldSurface(breaker, nowMs);
+  if (!suppressed) {
+    await saveBreaker(absolutePath, {
+      ...breaker,
+      lastSurfacedAtMs: nowMs
+    });
+  }
+  const deadHint = "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired. In a non-interactive context, authenticate with: uip login --client-id <id> --client-secret <secret> -t <tenant>.";
+  const backoffHint = "Token refresh is temporarily backed off after a recent network error and will retry automatically once the backoff window elapses.";
+  return {
+    loginStatus: globalHint ? "Expired" : "Refresh Failed",
+    ...globalHint ? {
+      accessToken,
+      refreshToken,
+      baseUrl: credentials.UIPATH_URL,
+      organizationName: credentials.UIPATH_ORGANIZATION_NAME,
+      organizationId: credentials.UIPATH_ORGANIZATION_ID,
+      tenantName: credentials.UIPATH_TENANT_NAME,
+      tenantId: credentials.UIPATH_TENANT_ID,
+      expiration,
+      source: "file" /* File */
+    } : {},
+    hint: globalHint ?? (tokenIsDead ? deadHint : backoffHint),
+    refreshCircuitOpen: true,
+    refreshTelemetrySuppressed: suppressed,
+    tokenRefresh: { attempted: false, success: false }
+  };
+}
+async function lockAcquireFailureStatus(ctx, error) {
+  const msg = errorMessage(error);
+  const globalHint = await ctx.globalHint();
+  if (globalHint) {
+    return {
+      loginStatus: "Expired",
+      accessToken: ctx.accessToken,
+      refreshToken: ctx.refreshToken,
+      baseUrl: ctx.credentials.UIPATH_URL,
+      organizationName: ctx.credentials.UIPATH_ORGANIZATION_NAME,
+      organizationId: ctx.credentials.UIPATH_ORGANIZATION_ID,
+      tenantName: ctx.credentials.UIPATH_TENANT_NAME,
+      tenantId: ctx.credentials.UIPATH_TENANT_ID,
+      expiration: ctx.expiration,
+      source: "file" /* File */,
+      hint: globalHint,
+      tokenRefresh: {
+        attempted: false,
+        success: false,
+        errorMessage: `lock acquisition failed: ${msg}`
+      }
+    };
+  }
+  return {
+    loginStatus: "Refresh Failed",
+    hint: "Could not acquire the auth-file lock — too many concurrent `uip` processes, or a permission issue on the auth directory. Retry, or run 'uip login' to re-authenticate.",
+    tokenRefresh: {
+      attempted: false,
+      success: false,
+      errorMessage: `lock acquisition failed: ${msg}`
+    }
+  };
+}
 async function runRefreshLocked(inputs) {
   const {
     absolutePath,
@@ -23152,7 +23571,10 @@ async function runRefreshLocked(inputs) {
     loadEnvFile,
     saveEnvFile,
     refreshFn,
-    resolveConfig
+    resolveConfig,
+    loadBreaker,
+    saveBreaker,
+    clearBreaker
   } = inputs;
   const expirationThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
   let fresh;
@@ -23175,6 +23597,7 @@ async function runRefreshLocked(inputs) {
   const freshAccess = fresh.UIPATH_ACCESS_TOKEN;
   const freshExp = freshAccess ? getTokenExpiration(freshAccess) : undefined;
   if (freshAccess && freshExp && freshExp > expirationThreshold) {
+    await clearBreaker(absolutePath);
     return {
       kind: "ok",
       accessToken: freshAccess,
@@ -23198,8 +23621,21 @@ async function runRefreshLocked(inputs) {
     refreshedRefresh = refreshed.refreshToken;
   } catch (error) {
     const isOAuthFailure = isTokenRefreshOAuthFailure(error);
-    const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
+    const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired. In a non-interactive context, authenticate with: uip login --client-id <id> --client-secret <secret> -t <tenant>." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
     const message = isOAuthFailure ? normalizeTokenRefreshFailure() : normalizeTokenRefreshUnavailableFailure();
+    const fp = await refreshTokenFingerprint(tokenForIdP);
+    if (isOAuthFailure) {
+      await saveBreaker(absolutePath, { deadTokenFp: fp });
+    } else {
+      const prior = await loadBreaker(absolutePath).catch(() => ({}));
+      const attempts = (prior.attempts ?? 0) + 1;
+      await saveBreaker(absolutePath, {
+        ...prior,
+        deadTokenFp: undefined,
+        attempts,
+        backoffUntilMs: Date.now() + nextBackoffMs(attempts)
+      });
+    }
     return {
       kind: "fail",
       status: {
@@ -23228,6 +23664,7 @@ async function runRefreshLocked(inputs) {
       }
     };
   }
+  await clearBreaker(absolutePath);
   try {
     await saveEnvFile({
       envPath: absolutePath,
@@ -23260,215 +23697,21 @@ async function runRefreshLocked(inputs) {
     };
   }
 }
-var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
-  const {
-    resolveEnvFilePath = resolveEnvFilePathAsync,
-    loadEnvFile = loadEnvFileAsync,
-    saveEnvFile = saveEnvFileAsync,
-    getFs = getFileSystem,
-    refreshToken: refreshTokenFn = refreshAccessToken,
-    resolveConfig = resolveConfigAsync,
-    robotFallback = tryRobotClientFallback
-  } = deps;
-  if (isRobotAuthEnforced()) {
-    if (isEnvAuthEnabled()) {
-      throw new EnvAuthConfigError(`${ENV_AUTH_ENABLE_VAR}=true and ${ENFORCE_ROBOT_AUTH_VAR}=true ` + `are mutually exclusive. Unset one of them and re-run.`);
-    }
-    const robotCreds = await robotFallback({ force: true });
-    if (!robotCreds) {
-      return {
-        loginStatus: "Not logged in",
-        hint: `${ENFORCE_ROBOT_AUTH_VAR}=true but the UiPath Robot ` + `session is unavailable. Start and sign in to the Assistant, ` + `or unset ${ENFORCE_ROBOT_AUTH_VAR} to fall back to file or ` + `env-var authentication.`
-      };
-    }
-    const expiration2 = getTokenExpiration(robotCreds.accessToken);
-    return {
-      loginStatus: "Logged in",
-      accessToken: robotCreds.accessToken,
-      baseUrl: robotCreds.baseUrl,
-      organizationName: robotCreds.organizationName,
-      organizationId: robotCreds.organizationId,
-      tenantName: robotCreds.tenantName,
-      tenantId: robotCreds.tenantId,
-      expiration: expiration2,
-      source: "robot" /* Robot */
-    };
-  }
-  if (isEnvAuthEnabled()) {
-    return readAuthFromEnv();
-  }
-  const { envFilePath = DEFAULT_ENV_FILENAME, ensureTokenValidityMinutes } = options;
-  const { absolutePath } = await resolveEnvFilePath(envFilePath);
-  if (absolutePath === undefined) {
-    const robotCreds = await robotFallback();
-    if (robotCreds) {
-      const expiration2 = getTokenExpiration(robotCreds.accessToken);
-      const status = {
-        loginStatus: "Logged in",
-        accessToken: robotCreds.accessToken,
-        baseUrl: robotCreds.baseUrl,
-        organizationName: robotCreds.organizationName,
-        organizationId: robotCreds.organizationId,
-        tenantName: robotCreds.tenantName,
-        tenantId: robotCreds.tenantId,
-        expiration: expiration2,
-        source: "robot" /* Robot */
-      };
-      return status;
-    }
-    return { loginStatus: "Not logged in" };
-  }
-  let credentials;
-  try {
-    credentials = await loadEnvFile({ envPath: absolutePath });
-  } catch (error) {
-    if (isFileNotFoundError(error)) {
-      return { loginStatus: "Not logged in" };
-    }
-    throw error;
-  }
-  if (!credentials.UIPATH_ACCESS_TOKEN) {
-    return { loginStatus: "Not logged in" };
-  }
-  let accessToken = credentials.UIPATH_ACCESS_TOKEN;
-  let refreshToken = credentials.UIPATH_REFRESH_TOKEN;
-  let expiration = getTokenExpiration(accessToken);
-  let persistenceWarning;
-  let lockReleaseFailed = false;
-  let tokenRefresh;
-  const outerThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
-  const tryGlobalCredsHint = async () => {
-    const fs7 = getFs();
-    const globalPath = fs7.path.join(fs7.env.homedir(), envFilePath);
-    if (absolutePath === globalPath)
-      return;
-    if (!await fs7.exists(globalPath))
-      return;
-    try {
-      const globalCreds = await loadEnvFile({ envPath: globalPath });
-      if (!globalCreds.UIPATH_ACCESS_TOKEN)
-        return;
-      const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
-      if (globalExp && globalExp <= new Date)
-        return;
-      return `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
-    } catch {
-      return;
-    }
-  };
-  if (expiration && expiration <= outerThreshold && refreshToken) {
-    let release;
-    try {
-      release = await getFs().acquireLock(absolutePath);
-    } catch (error) {
-      const msg = errorMessage(error);
-      const globalHint = await tryGlobalCredsHint();
-      if (globalHint) {
-        return {
-          loginStatus: "Expired",
-          accessToken,
-          refreshToken,
-          baseUrl: credentials.UIPATH_URL,
-          organizationName: credentials.UIPATH_ORGANIZATION_NAME,
-          organizationId: credentials.UIPATH_ORGANIZATION_ID,
-          tenantName: credentials.UIPATH_TENANT_NAME,
-          tenantId: credentials.UIPATH_TENANT_ID,
-          expiration,
-          source: "file" /* File */,
-          hint: globalHint,
-          tokenRefresh: {
-            attempted: false,
-            success: false,
-            errorMessage: `lock acquisition failed: ${msg}`
-          }
-        };
-      }
-      return {
-        loginStatus: "Refresh Failed",
-        hint: "Could not acquire the auth-file lock — too many concurrent `uip` processes, or a permission issue on the auth directory. Retry, or run 'uip login' to re-authenticate.",
-        tokenRefresh: {
-          attempted: false,
-          success: false,
-          errorMessage: `lock acquisition failed: ${msg}`
-        }
-      };
-    }
-    let lockedFailure;
-    try {
-      const outcome = await runRefreshLocked({
-        absolutePath,
-        refreshToken,
-        customAuthority: credentials.UIPATH_URL,
-        ensureTokenValidityMinutes,
-        loadEnvFile,
-        saveEnvFile,
-        refreshFn: refreshTokenFn,
-        resolveConfig
-      });
-      if (outcome.kind === "fail") {
-        lockedFailure = outcome.status;
-      } else {
-        accessToken = outcome.accessToken;
-        refreshToken = outcome.refreshToken;
-        expiration = outcome.expiration;
-        tokenRefresh = outcome.tokenRefresh;
-        if (outcome.persistenceWarning) {
-          persistenceWarning = outcome.persistenceWarning;
-        }
-      }
-    } finally {
-      try {
-        await release();
-      } catch {
-        lockReleaseFailed = true;
-      }
-    }
-    if (lockedFailure) {
-      const globalHint = await tryGlobalCredsHint();
-      const base = globalHint ? {
-        ...lockedFailure,
-        loginStatus: "Expired",
-        hint: globalHint
-      } : lockedFailure;
-      return lockReleaseFailed ? { ...base, lockReleaseFailed: true } : base;
-    }
-  }
-  const result = {
-    loginStatus: expiration && expiration <= new Date ? "Expired" : "Logged in",
-    accessToken,
-    refreshToken,
-    baseUrl: credentials.UIPATH_URL,
-    organizationName: credentials.UIPATH_ORGANIZATION_NAME,
-    organizationId: credentials.UIPATH_ORGANIZATION_ID,
-    tenantName: credentials.UIPATH_TENANT_NAME,
-    tenantId: credentials.UIPATH_TENANT_ID,
-    expiration,
-    source: "file" /* File */,
-    ...persistenceWarning ? { hint: persistenceWarning, persistenceFailed: true } : {},
-    ...lockReleaseFailed ? { lockReleaseFailed: true } : {},
-    ...tokenRefresh ? { tokenRefresh } : {}
-  };
-  if (result.loginStatus === "Expired") {
-    const globalHint = await tryGlobalCredsHint();
-    if (globalHint) {
-      result.hint = globalHint;
-    }
-  }
-  return result;
-};
-var isFileNotFoundError = (error) => {
-  if (!(error instanceof Object))
-    return false;
-  return error.code === "ENOENT";
-};
-var getLoginStatusAsync = async (options = {}) => {
-  return getLoginStatusWithDeps(options);
-};
+function normalizeTokenRefreshFailure() {
+  return "stored refresh token is invalid or expired";
+}
+function normalizeTokenRefreshUnavailableFailure() {
+  return "token refresh failed before authentication completed";
+}
+function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error);
+}
 
 // ../auth/src/authContext.ts
 var getAuthContext = async (options = {}) => {
   const status = await getLoginStatusAsync({
-    ensureTokenValidityMinutes: options.ensureTokenValidityMinutes
+    ensureTokenValidityMinutes: options.ensureTokenValidityMinutes,
+    envFilePath: options.envFilePath
   });
   if (status.loginStatus !== "Logged in" || !status.baseUrl || !status.accessToken) {
     throw new Error(status.hint ? `Not logged in. ${status.hint}` : "Not logged in. Run 'uip login' first.");
@@ -23497,6 +23740,14 @@ var getAuthContext = async (options = {}) => {
 };
 // ../auth/src/interactive.ts
 init_src();
+
+// ../auth/src/selectTenant.ts
+var TENANT_SELECTION_REQUIRED_CODE = "TENANT_SELECTION_REQUIRED";
+var INVALID_TENANT_CODE = "INVALID_TENANT";
+var TENANT_SELECTION_CODES = new Set([
+  TENANT_SELECTION_REQUIRED_CODE,
+  INVALID_TENANT_CODE
+]);
 // ../auth/src/logout.ts
 init_src();
 
@@ -23540,7 +23791,7 @@ async function getAgentEnforcements(options) {
   }
   return await response.json();
 }
-async function getAvailableModelNames(options) {
+async function getAvailableModels(options) {
   const config = await createAgentRuntimeConfig(options);
   const tenantId = extractTenantId(config);
   const url = `${config.basePath}/api/designer/${encodeURIComponent(tenantId)}/resources/models`;
@@ -23552,7 +23803,11 @@ async function getAvailableModelNames(options) {
     throw new Error(`Failed to fetch available models: ${String(response.status)} ${response.statusText}`);
   }
   const body = await response.json();
-  const models2 = Array.isArray(body) ? body : body.value ?? [];
+  const raw = Array.isArray(body) ? body : body.value ?? [];
+  return raw.map((item) => LlmModelFromJSON(item));
+}
+async function getAvailableModelNames(options) {
+  const models2 = await getAvailableModels(options);
   return models2.map((m) => m.name).filter((n) => n != null);
 }
 async function getGuardrailDefinitions(options) {
@@ -23683,6 +23938,7 @@ export {
   instanceOfAgentAppearance,
   getGuardrailDefinitions,
   getGuardrailCatalog,
+  getAvailableModels,
   getAvailableModelNames,
   getAgentEnforcements,
   exists,
@@ -24028,3 +24284,5 @@ export {
   AgentAppearanceFromJSONTyped,
   AgentAppearanceFromJSON
 };
+
+//# debugId=DDC3689ECCE6BAF664756E2164756E21

package/dist/src/governance.d.ts

@@ -1,3 +1,4 @@
+import type { LlmModel } from "../generated/src/models/LlmModel.js";
 import { type CreateApiClientOptions } from "./client-factory.js";
 /**
  * Governance enforcement data returned by the platform API.
@@ -16,11 +17,17 @@ export interface AgentEnforcements {
  * (same base URL as all other agent-sdk calls: `agentsruntime_`).
  */
 export declare function getAgentEnforcements(options?: CreateApiClientOptions): Promise<AgentEnforcements>;
+/**
+ * Fetch available models for the authenticated tenant.
+ *
+ * Endpoint: `GET /api/designer/{tenantId}/resources/models`
+ * Returns full `LlmModel[]` objects with provider, token limits, preview status, etc.
+ */
+export declare function getAvailableModels(options?: CreateApiClientOptions): Promise<LlmModel[]>;
 /**
  * Fetch available model names for the authenticated tenant.
  *
- * Reuses the existing `ResourcesDesignerApi` endpoint but returns
- * just the model name strings (the shape consumers need for validation).
+ * Delegates to `getAvailableModels()` and extracts just the name strings.
  */
 export declare function getAvailableModelNames(options?: CreateApiClientOptions): Promise<string[]>;
 export interface GuardrailParameterDefinition {

package/dist/src/index.d.ts

@@ -1,6 +1,6 @@
 import "./user-agent.js";
 export * from "../generated/src/index.js";
 export { type CreateApiClientOptions, createAgentRuntimeConfig, createApiClient, } from "./client-factory.js";
-export { type AgentEnforcements, type GuardrailCatalogEntry, GuardrailCatalogUnavailableError, type GuardrailDefinition, type GuardrailParameterDefinition, type GuardrailsCatalogResponse, getAgentEnforcements, getAvailableModelNames, getGuardrailCatalog, getGuardrailDefinitions, } from "./governance.js";
+export { type AgentEnforcements, type GuardrailCatalogEntry, GuardrailCatalogUnavailableError, type GuardrailDefinition, type GuardrailParameterDefinition, type GuardrailsCatalogResponse, getAgentEnforcements, getAvailableModelNames, getAvailableModels, getGuardrailCatalog, getGuardrailDefinitions, } from "./governance.js";
 export { ProjectFilesSource } from "./types.js";
 export { SDK_USER_AGENT } from "./user-agent.js";

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@uipath/agent-sdk",
   "license": "MIT",
-  "version": "1.195.0",
+  "version": "1.197.0-preview.59",
   "description": "SDK for the UiPath Agent Runtime API — evaluation execution and debug sessions.",
   "repository": {
     "type": "git",
@@ -29,5 +29,5 @@
   "files": [
     "dist"
   ],
-  "gitHead": "eecf5713cd579b15783c770d1923e44e730271ea"
+  "gitHead": "df0e2b8140cced13f463b487214927c82bc0f85b"
 }