@uipath/auth 1.195.0 → 1.197.0-preview.59

package/dist/interactive.d.ts

@@ -24,6 +24,9 @@ export type InteractiveLoginEvent = {
 } | {
     type: "tenant-fetch-failed";
     message: string;
+} | {
+    type: "auth-url";
+    url: string;
 };
 interface InteractiveLoginOptions {
     envFilePath?: string;
@@ -42,6 +45,23 @@ interface InteractiveLoginOptions {
     selectFromList?: SelectFromList;
     /** Optional subscriber for user-facing progress events. */
     onEvent?: (event: InteractiveLoginEvent) => void;
+    /**
+     * Max ms to wait for the browser callback before the local server closes
+     * itself and the login rejects with `AUTH_TIMEOUT_ERROR_CODE`. Lets an
+     * in-process host (e.g. the VS Code extension) bound a stuck login and
+     * free the callback port — parity with the CLI killing its `uip`
+     * subprocess on timeout. Defaults to the server's 5-min cap. Only the
+     * authorization-code (browser) path uses it.
+     */
+    timeoutMs?: number;
+    /**
+     * Headless / automation-driven login: skip launching the system browser
+     * on the authorization-code path. The authorize URL is surfaced via an
+     * `auth-url` event so an external automation can open it; the existing
+     * local callback still completes the flow. No effect with `clientSecret`
+     * (client-credentials opens no browser).
+     */
+    noBrowser?: boolean;
 }
 export interface InteractiveLoginDependencies {
     resolveConfig?: typeof resolveConfigAsync;

package/dist/loginStatus.d.ts

@@ -1,5 +1,6 @@
 import { getFileSystem } from "@uipath/filesystem";
 import { resolveConfigAsync } from "./config";
+import { clearRefreshBreaker, loadRefreshBreaker, saveRefreshBreaker } from "./refreshCircuitBreaker";
 import { tryRobotClientFallback } from "./robotClientFallback";
 import { refreshAccessToken } from "./tokenRefresh";
 import { loadEnvFileAsync, resolveEnvFilePathAsync, saveEnvFileAsync } from "./utils/envFile";
@@ -11,7 +12,8 @@ import { loadEnvFileAsync, resolveEnvFilePathAsync, saveEnvFileAsync } from "./u
 export type LoginStatusValue = "Logged in" | "Not logged in" | "Expired" | "Refresh Failed";
 export declare enum LoginStatusSource {
     File = "file",
-    Robot = "robot"
+    Robot = "robot",
+    Env = "env"
 }
 export interface TokenRefreshTelemetry {
     attempted: boolean;
@@ -27,6 +29,13 @@ export interface LoginStatus {
     organizationId?: string;
     tenantName?: string;
     tenantId?: string;
+    /**
+     * Identity authority derived from the access token's `iss` claim.
+     * Authoritative for both cloud (`…/identity_`) and on-prem (`…/identity`),
+     * so consumers should build identity URLs from this rather than hardcoding
+     * the gateway path. Currently populated only on the Robot-borrow path.
+     */
+    issuer?: string;
     expiration?: Date;
     hint?: string;
     source?: LoginStatusSource;
@@ -46,6 +55,10 @@ export interface LoginStatus {
      */
     lockReleaseFailed?: boolean;
     tokenRefresh?: TokenRefreshTelemetry;
+    /** Refresh was short-circuited by the breaker; no IdP call was made. */
+    refreshCircuitOpen?: boolean;
+    /** Suppress the duplicate `uip.error` telemetry; still show the error. */
+    refreshTelemetrySuppressed?: boolean;
 }
 export interface GetLoginStatusOptions {
     envFilePath?: string;
@@ -59,11 +72,10 @@ export interface LoginStatusDependencies {
     refreshToken?: typeof refreshAccessToken;
     resolveConfig?: typeof resolveConfigAsync;
     robotFallback?: typeof tryRobotClientFallback;
+    loadBreaker?: typeof loadRefreshBreaker;
+    saveBreaker?: typeof saveRefreshBreaker;
+    clearBreaker?: typeof clearRefreshBreaker;
 }
-/**
- * Get the current login status by reading credentials from the credentials file (with DI for testing)
- */
-export declare const getLoginStatusWithDeps: (options?: GetLoginStatusOptions, deps?: LoginStatusDependencies) => Promise<LoginStatus>;
 /**
  * Get the current login status by reading credentials from the credentials file
  * @param envFilePath - Path to the credentials file (defaults to ".uipath/.auth")
@@ -71,3 +83,7 @@ export declare const getLoginStatusWithDeps: (options?: GetLoginStatusOptions, d
  * @returns LoginStatus object with authentication information
  */
 export declare const getLoginStatusAsync: (options?: GetLoginStatusOptions) => Promise<LoginStatus>;
+/**
+ * Get the current login status by reading credentials from the credentials file (with DI for testing)
+ */
+export declare const getLoginStatusWithDeps: (options?: GetLoginStatusOptions, deps?: LoginStatusDependencies) => Promise<LoginStatus>;

package/dist/logout.d.ts

@@ -1,4 +1,6 @@
 import { getFileSystem } from "@uipath/filesystem";
+import { getActiveAuthProfileFilePath } from "./authProfile";
+import { clearRefreshBreaker } from "./refreshCircuitBreaker";
 import { resolveEnvFilePathAsync } from "./utils/envFile";
 export interface LogoutOptions {
     file?: string;
@@ -22,6 +24,8 @@ export interface LogoutFileSystem {
 export interface LogoutDependencies {
     resolveEnvFilePath?: typeof resolveEnvFilePathAsync;
     getFileSystem?: typeof getFileSystem;
+    clearBreaker?: typeof clearRefreshBreaker;
+    getActiveProfileFilePath?: typeof getActiveAuthProfileFilePath;
 }
 /**
  * Logout from UiPath Cloud by removing the credentials file.

package/dist/refreshCircuitBreaker.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Persistent circuit-breaker state for the token-refresh path, stored as a
+ * JSON sibling of the credentials file. Each `uip` call is a separate process,
+ * so an in-memory breaker can't stop a non-interactive caller from re-hammering
+ * the IdP with a refresh we already know will fail — the state must live on
+ * disk. Keyed by a fingerprint of the refresh token, so re-login rotates the
+ * token and self-heals the breaker with no explicit reset.
+ */
+export interface RefreshBreakerState {
+    /** Fingerprint of a terminally-failed (`invalid_grant`) refresh token. */
+    deadTokenFp?: string;
+    /** Epoch ms before which transient failures should not be retried. */
+    backoffUntilMs?: number;
+    /** Consecutive transient-failure count; drives the backoff curve. */
+    attempts?: number;
+    /** Epoch ms a circuit-open failure was last surfaced to telemetry. */
+    lastSurfacedAtMs?: number;
+}
+/** Surface a circuit-open failure to telemetry at most once per hour. */
+export declare const SURFACE_WINDOW_MS: number;
+/**
+ * Non-reversible, truncated fingerprint — never persists the token itself.
+ * Uses WebCrypto so it works in the browser bundle, where `node:crypto` is
+ * shimmed to throw; falls back to `node:crypto` only on runtimes without a
+ * global `crypto.subtle`.
+ */
+export declare function refreshTokenFingerprint(refreshToken: string): Promise<string>;
+/** A missing or unparseable file is treated as "no breaker" (empty state). */
+export declare function loadRefreshBreaker(authPath: string): Promise<RefreshBreakerState>;
+/**
+ * Persist atomically (temp file + rename). Best-effort and self-protecting
+ * (like {@link clearRefreshBreaker}): a breaker we can't write degrades to
+ * today's retry-every-time behavior, no worse than before — so callers don't
+ * need their own `.catch`.
+ */
+export declare function saveRefreshBreaker(authPath: string, state: RefreshBreakerState): Promise<void>;
+/** Remove the breaker file. Best-effort; a missing file is success. */
+export declare function clearRefreshBreaker(authPath: string): Promise<void>;
+/** Backoff for the Nth consecutive failure: 1 min, doubling, capped at 1h. */
+export declare function nextBackoffMs(attempts: number): number;
+/** First failure always surfaces; afterwards at most once per window. */
+export declare function shouldSurface(state: RefreshBreakerState, nowMs: number): boolean;

package/dist/robotClientFallback.d.ts

@@ -21,10 +21,11 @@ interface RobotClientModule {
 export interface RobotClientFallbackResult {
     accessToken: string;
     baseUrl: string;
-    organizationName: string;
-    organizationId: string;
-    tenantName: string;
+    organizationName?: string;
+    organizationId?: string;
+    tenantName?: string;
     tenantId?: string;
+    issuer?: string;
 }
 export interface RobotClientFallbackOptions {
     timeoutMs?: number;

package/dist/selectTenant.d.ts

@@ -1,5 +1,40 @@
 import { type TenantsAndOrganizations } from "./tenantSelection";
 export type SelectFromList = (options: string[], message: string) => Promise<number>;
+export declare const TENANT_SELECTION_REQUIRED_CODE = "TENANT_SELECTION_REQUIRED";
+export declare const INVALID_TENANT_CODE = "INVALID_TENANT";
+/**
+ * Auth succeeded, but we cannot resolve a single tenant to use — either none
+ * was chosen for a multi-tenant org we can't prompt in, or the requested
+ * `--tenant` doesn't exist. Both carry the org's tenant names so the host can
+ * render one actionable, non-zero-exit error that lists the valid choices.
+ *
+ * Recognized across bundle boundaries by `code` (see `isTenantSelectionError`),
+ * never `instanceof` — each tool bundles its own copy of this class, so class
+ * identity does not survive the boundary.
+ */
+export declare abstract class TenantSelectionError extends Error {
+    abstract readonly code: string;
+    readonly availableTenants: string[];
+    readonly organizationName: string;
+    constructor(message: string, organizationName: string, availableTenants: string[]);
+}
+/** Multiple tenants exist, none was chosen, and we can't prompt. */
+export declare class TenantSelectionRequiredError extends TenantSelectionError {
+    readonly code = "TENANT_SELECTION_REQUIRED";
+    constructor(organizationName: string, availableTenants: string[]);
+}
+/** A `--tenant <name>` was given that matches no tenant in the org. */
+export declare class InvalidTenantError extends TenantSelectionError {
+    readonly code = "INVALID_TENANT";
+    readonly requestedTenant: string;
+    constructor(requestedTenant: string, organizationName: string, availableTenants: string[]);
+}
+/**
+ * Duck-typed across bundles: true for either tenant-selection error. Checks
+ * `code` and the carried `availableTenants` rather than `instanceof`, so it
+ * works on the CLI side where the error crossed a bundle boundary.
+ */
+export declare function isTenantSelectionError(error: unknown): error is TenantSelectionError;
 interface TenantSelectionDependencies {
     fetchTenantsAndOrgs?: (baseUrl: string, accessToken: string, organizationId: string) => Promise<TenantsAndOrganizations>;
     selectFromList?: SelectFromList;

package/dist/strategies/auth-strategy.d.ts

@@ -1,3 +1,18 @@
+/** Optional controls for {@link IAuthStrategy.execute}. Named once and shared
+ *  with the concrete strategies so the three copies can't drift. */
+export interface AuthExecuteOptions {
+    /** Bounds the wait for the callback. */
+    timeoutMs?: number;
+    /** When true, do not launch the system browser. Requires `onAuthUrl` so
+     *  the URL is surfaced to the caller instead of being lost. */
+    noBrowser?: boolean;
+    /**
+     * Invoked with the authorize URL when `noBrowser` is set, in place of
+     * opening a browser. Called once, when the callback server starts
+     * listening. Mandatory whenever `noBrowser` is true.
+     */
+    onAuthUrl?: (url: string) => void;
+}
 export interface IAuthStrategy {
-    execute(url: string, redirectUri: URL, expectedState: string): Promise<string>;
+    execute(url: string, redirectUri: URL, expectedState: string, opts?: AuthExecuteOptions): Promise<string>;
 }

package/dist/strategies/browser-strategy.d.ts

@@ -1,4 +1,6 @@
 import type { IAuthStrategy } from "./auth-strategy";
 export declare class BrowserAuthStrategy implements IAuthStrategy {
-    execute(url: string, _redirectUri: URL, expectedState: string): Promise<string>;
+    execute(url: string, _redirectUri: URL, expectedState: string, _opts?: {
+        timeoutMs?: number;
+    }): Promise<string>;
 }

package/dist/strategies/node-strategy.d.ts

@@ -1,4 +1,4 @@
-import type { IAuthStrategy } from "./auth-strategy";
+import type { AuthExecuteOptions, IAuthStrategy } from "./auth-strategy";
 export declare class NodeAuthStrategy implements IAuthStrategy {
-    execute(url: string, redirectUri: URL, expectedState: string): Promise<string>;
+    execute(url: string, redirectUri: URL, expectedState: string, opts?: AuthExecuteOptions): Promise<string>;
 }

package/dist/utils/envFile.d.ts

@@ -74,7 +74,9 @@ export type EnvFileLocation = {
  * "not found" and the search continues; only the final candidate (the
  * one actually returned) carries the `unusable` block.
  */
-export declare const resolveEnvFileLocationAsync: (envFilePath?: string) => Promise<EnvFileLocation>;
+export declare const resolveEnvFileLocationAsync: (envFilePath?: string, opts?: {
+    cwd?: string;
+}) => Promise<EnvFileLocation>;
 /**
  * Resolve the absolute path to an environment file, returning an
  * `errorMessage` if no existing usable file was found. Delegates the
@@ -83,8 +85,11 @@ export declare const resolveEnvFileLocationAsync: (envFilePath?: string) => Prom
  * semantics including the unreadable-vs-missing distinction.
  *
  * @param envFilePath - Path to the credentials file (defaults to ".uipath/.auth")
+ * @param opts.cwd - Directory to start the relative-path walk-up from (defaults to the process cwd)
  */
-export declare const resolveEnvFilePathAsync: (envFilePath?: string) => Promise<ResolveEnvFilePathResult>;
+export declare const resolveEnvFilePathAsync: (envFilePath?: string, opts?: {
+    cwd?: string;
+}) => Promise<ResolveEnvFilePathResult>;
 /**
  * Load environment variables from a credentials file
  * @param envPath - Path to the credentials file (relative to cwd or absolute)

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@uipath/auth",
   "license": "MIT",
-  "version": "1.195.0",
+  "version": "1.197.0-preview.59",
   "repository": {
     "type": "git",
     "url": "https://github.com/UiPath/cli.git",
@@ -37,5 +37,5 @@
     "mihaigirleanu",
     "vlad-uipath"
   ],
-  "gitHead": "65fabb84552758b2710d8ca68470e70a9b1d19bc"
+  "gitHead": "df0e2b8140cced13f463b487214927c82bc0f85b"
 }