@uipath/authz-tool 1.196.0 → 1.197.0-preview.59

package/dist/index.js

@@ -21247,7 +21247,7 @@ var {
 var package_default = {
   name: "@uipath/authz-tool",
   license: "MIT",
-  version: "1.196.0",
+  version: "1.197.0-preview.59",
   description: "CLI plugin for the UiPath Authorization service.",
   private: false,
   repository: {
@@ -21273,7 +21273,7 @@ var package_default = {
     "dist"
   ],
   scripts: {
-    build: "bun build ./src/tool.ts --outdir dist --format esm --target node --external commander && bun build ./src/index.ts --outdir dist --format esm --target node",
+    build: "bun build ./src/tool.ts --outdir dist --format esm --target node --external commander --sourcemap=linked && bun build ./src/index.ts --outdir dist --format esm --target node --sourcemap=linked",
     package: "bun run build && bun pm pack",
     lint: "biome check .",
     "lint:fix": "biome check --write .",
@@ -21337,6 +21337,12 @@ var normalizeAndValidateBaseUrl = (rawUrl) => {
   }
   return url.pathname.length > 1 ? url.origin : baseUrl;
 };
+var resolveScopes = (isExternalAppAuth, customScopes, fileScopes) => {
+  const requestedScopes = customScopes?.length ? customScopes : fileScopes ?? [];
+  if (isExternalAppAuth)
+    return requestedScopes;
+  return [...new Set([...DEFAULT_SCOPES, ...requestedScopes])];
+};
 var resolveConfigAsync = async ({
   customAuthority,
   customClientId,
@@ -21367,7 +21373,7 @@ var resolveConfigAsync = async ({
     clientSecret = fileAuth.clientSecret;
   }
   const isExternalAppAuth = clientId !== DEFAULT_CLIENT_ID && Boolean(clientSecret);
-  const scopes = customScopes && customScopes.length > 0 ? customScopes : fileAuth.scopes && fileAuth.scopes.length > 0 ? fileAuth.scopes : isExternalAppAuth ? [] : DEFAULT_SCOPES;
+  const scopes = resolveScopes(isExternalAppAuth, customScopes, fileAuth.scopes);
   return {
     clientId,
     clientSecret,
@@ -21382,6 +21388,76 @@ var resolveConfigAsync = async ({
 init_constants();
 // ../../auth/src/loginStatus.ts
 init_src();
+
+// ../../auth/src/authProfile.ts
+init_src();
+init_constants();
+var DEFAULT_AUTH_PROFILE = "default";
+var PROFILE_DIR = "profiles";
+var PROFILE_NAME_RE = /^[A-Za-z0-9._-]+$/;
+var ACTIVE_AUTH_PROFILE_KEY = Symbol.for("@uipath/auth/ActiveAuthProfile");
+var AUTH_PROFILE_STORAGE_KEY = Symbol.for("@uipath/auth/ProfileStorage");
+var globalSlot2 = globalThis;
+function isAuthProfileStorage(value) {
+  return value !== null && typeof value === "object" && "getStore" in value && "run" in value;
+}
+function createProfileStorage() {
+  const [error, mod] = catchError(() => __require("node:async_hooks"));
+  if (error || typeof mod?.AsyncLocalStorage !== "function") {
+    return {
+      getStore: () => {
+        return;
+      },
+      run: (_store, fn) => fn()
+    };
+  }
+  return new mod.AsyncLocalStorage;
+}
+function getProfileStorage() {
+  const existing = globalSlot2[AUTH_PROFILE_STORAGE_KEY];
+  if (isAuthProfileStorage(existing)) {
+    return existing;
+  }
+  const storage = createProfileStorage();
+  globalSlot2[AUTH_PROFILE_STORAGE_KEY] = storage;
+  return storage;
+}
+var profileStorage = getProfileStorage();
+
+class AuthProfileValidationError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "AuthProfileValidationError";
+  }
+}
+function normalizeAuthProfileName(profile) {
+  if (profile === undefined || profile === DEFAULT_AUTH_PROFILE) {
+    return;
+  }
+  if (profile.length === 0 || profile === "." || profile === ".." || !PROFILE_NAME_RE.test(profile)) {
+    throw new AuthProfileValidationError(`Invalid profile name "${profile}". Profile names may contain only letters, numbers, '.', '_', and '-'.`);
+  }
+  return profile;
+}
+function getActiveAuthProfile() {
+  const scopedState = profileStorage.getStore();
+  if (scopedState !== undefined) {
+    return scopedState.profile;
+  }
+  return globalSlot2[ACTIVE_AUTH_PROFILE_KEY]?.profile;
+}
+function resolveAuthProfileFilePath(profile) {
+  const normalized = normalizeAuthProfileName(profile);
+  if (normalized === undefined) {
+    throw new AuthProfileValidationError(`"${DEFAULT_AUTH_PROFILE}" is the built-in profile and does not have a profile file path.`);
+  }
+  const fs7 = getFileSystem();
+  return fs7.path.join(fs7.env.homedir(), UIPATH_HOME_DIR, PROFILE_DIR, normalized, AUTH_FILENAME);
+}
+function getActiveAuthProfileFilePath() {
+  const profile = getActiveAuthProfile();
+  return profile ? resolveAuthProfileFilePath(profile) : undefined;
+}
 // ../../auth/src/utils/jwt.ts
 class InvalidIssuerError extends Error {
   expected;
@@ -21510,23 +21586,74 @@ var readAuthFromEnv = () => {
     organizationId,
     tenantName,
     tenantId,
-    expiration
+    expiration,
+    source: "env" /* Env */
   };
 };
 
+// ../../auth/src/refreshCircuitBreaker.ts
+init_src();
+var BREAKER_SUFFIX = ".refresh-state";
+var BACKOFF_BASE_MS = 60000;
+var BACKOFF_CAP_MS = 60 * 60 * 1000;
+var SURFACE_WINDOW_MS = 60 * 60 * 1000;
+async function refreshTokenFingerprint(refreshToken) {
+  const bytes = new TextEncoder().encode(refreshToken);
+  if (globalThis.crypto?.subtle) {
+    const digest = await globalThis.crypto.subtle.digest("SHA-256", bytes);
+    return Array.from(new Uint8Array(digest), (b) => b.toString(16).padStart(2, "0")).join("").slice(0, 16);
+  }
+  const { createHash } = await import("node:crypto");
+  return createHash("sha256").update(refreshToken).digest("hex").slice(0, 16);
+}
+function breakerPathFor(authPath) {
+  return `${authPath}${BREAKER_SUFFIX}`;
+}
+async function loadRefreshBreaker(authPath) {
+  const fs7 = getFileSystem();
+  try {
+    const content = await fs7.readFile(breakerPathFor(authPath), "utf-8");
+    if (!content)
+      return {};
+    const parsed = JSON.parse(content);
+    return parsed && typeof parsed === "object" ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+async function saveRefreshBreaker(authPath, state) {
+  try {
+    const fs7 = getFileSystem();
+    const path3 = breakerPathFor(authPath);
+    await fs7.mkdir(fs7.path.dirname(path3));
+    const tempPath = `${path3}.tmp`;
+    await fs7.writeFile(tempPath, JSON.stringify(state));
+    await fs7.rename(tempPath, path3);
+  } catch {}
+}
+async function clearRefreshBreaker(authPath) {
+  const fs7 = getFileSystem();
+  const path3 = breakerPathFor(authPath);
+  try {
+    if (await fs7.exists(path3)) {
+      await fs7.rm(path3);
+    }
+  } catch {}
+}
+function nextBackoffMs(attempts) {
+  const shift = Math.max(0, attempts - 1);
+  return Math.min(BACKOFF_BASE_MS * 2 ** shift, BACKOFF_CAP_MS);
+}
+function shouldSurface(state, nowMs) {
+  if (state.lastSurfacedAtMs === undefined)
+    return true;
+  return nowMs - state.lastSurfacedAtMs >= SURFACE_WINDOW_MS;
+}
+
 // ../../auth/src/robotClientFallback.ts
 init_src();
 var DEFAULT_TIMEOUT_MS = 1000;
 var CLOSE_TIMEOUT_MS = 500;
-var NOTICE_SENTINEL = Symbol.for("@uipath/auth/robotFallbackNoticePrinted");
-var printNoticeOnce = () => {
-  const slot = globalThis;
-  if (slot[NOTICE_SENTINEL])
-    return;
-  slot[NOTICE_SENTINEL] = true;
-  catchError(() => process.stderr.write(`Using UiPath Robot credentials. Run 'uip login' for a dedicated session.
-`));
-};
 var ROBOT_USER_SERVICES_PIPE = "UiPathUserServices";
 var ROBOT_USER_SERVICES_ALTERNATE_PIPE = `${ROBOT_USER_SERVICES_PIPE}Alternate`;
 var PIPE_NAME_MAX_LENGTH = 103;
@@ -21642,7 +21769,6 @@ var tryRobotClientFallback = async (options = {}) => {
         issuerFromToken = issClaim;
       }
     }
-    printNoticeOnce();
     return {
       accessToken,
       baseUrl: parsedUrl.baseUrl,
@@ -21867,18 +21993,327 @@ var saveEnvFileAsync = async ({
 };
 
 // ../../auth/src/loginStatus.ts
-function normalizeTokenRefreshFailure() {
-  return "stored refresh token is invalid or expired";
+var getLoginStatusAsync = async (options = {}) => {
+  return getLoginStatusWithDeps(options);
+};
+var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
+  const {
+    resolveEnvFilePath = resolveEnvFilePathAsync,
+    loadEnvFile = loadEnvFileAsync,
+    saveEnvFile = saveEnvFileAsync,
+    getFs = getFileSystem,
+    refreshToken: refreshTokenFn = refreshAccessToken,
+    resolveConfig = resolveConfigAsync,
+    robotFallback = tryRobotClientFallback,
+    loadBreaker = loadRefreshBreaker,
+    saveBreaker = saveRefreshBreaker,
+    clearBreaker = clearRefreshBreaker
+  } = deps;
+  if (isRobotAuthEnforced()) {
+    return resolveRobotEnforcedStatus(robotFallback);
+  }
+  if (isEnvAuthEnabled()) {
+    return readAuthFromEnv();
+  }
+  const activeProfile = getActiveAuthProfile();
+  const activeProfileFilePath = getActiveAuthProfileFilePath();
+  const usingActiveProfile = activeProfile !== undefined && (options.envFilePath === undefined || options.envFilePath === activeProfileFilePath);
+  const envFilePath = options.envFilePath ?? activeProfileFilePath ?? DEFAULT_ENV_FILENAME;
+  const { ensureTokenValidityMinutes } = options;
+  const { absolutePath } = await resolveEnvFilePath(envFilePath);
+  if (absolutePath === undefined) {
+    if (usingActiveProfile) {
+      return {
+        loginStatus: "Not logged in",
+        hint: `No credentials found for profile "${activeProfile}". Run 'uip login --profile ${activeProfile}' to authenticate this profile.`
+      };
+    }
+    return resolveBorrowedRobotStatus(robotFallback);
+  }
+  const loaded = await loadFileCredentials(loadEnvFile, absolutePath);
+  if ("status" in loaded) {
+    return loaded.status;
+  }
+  const { credentials } = loaded;
+  const globalHint = () => usingActiveProfile ? Promise.resolve(undefined) : getGlobalCredsHint(getFs, loadEnvFile, absolutePath, envFilePath);
+  const expiration = getTokenExpiration(credentials.UIPATH_ACCESS_TOKEN);
+  const outerThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
+  let tokens = {
+    accessToken: credentials.UIPATH_ACCESS_TOKEN,
+    refreshToken: credentials.UIPATH_REFRESH_TOKEN,
+    expiration,
+    lockReleaseFailed: false
+  };
+  const refreshToken = credentials.UIPATH_REFRESH_TOKEN;
+  if (expiration && expiration <= outerThreshold && refreshToken) {
+    const refreshed = await attemptRefresh({
+      absolutePath,
+      credentials,
+      accessToken: credentials.UIPATH_ACCESS_TOKEN,
+      refreshToken,
+      expiration,
+      ensureTokenValidityMinutes,
+      getFs,
+      loadEnvFile,
+      saveEnvFile,
+      refreshFn: refreshTokenFn,
+      resolveConfig,
+      loadBreaker,
+      saveBreaker,
+      clearBreaker,
+      globalHint
+    });
+    if (refreshed.kind === "terminal") {
+      return refreshed.status;
+    }
+    tokens = refreshed.tokens;
+  }
+  return buildFileStatus(tokens, credentials, globalHint);
+};
+async function resolveRobotEnforcedStatus(robotFallback) {
+  if (isEnvAuthEnabled()) {
+    throw new EnvAuthConfigError(`${ENV_AUTH_ENABLE_VAR}=true and ${ENFORCE_ROBOT_AUTH_VAR}=true ` + `are mutually exclusive. Unset one of them and re-run.`);
+  }
+  const robotCreds = await robotFallback({ force: true });
+  if (!robotCreds) {
+    return {
+      loginStatus: "Not logged in",
+      hint: `${ENFORCE_ROBOT_AUTH_VAR}=true but the UiPath Robot ` + `session is unavailable. Start and sign in to the Assistant, ` + `or unset ${ENFORCE_ROBOT_AUTH_VAR} to fall back to file or ` + `env-var authentication.`
+    };
+  }
+  return buildRobotStatus(robotCreds);
 }
-function normalizeTokenRefreshUnavailableFailure() {
-  return "token refresh failed before authentication completed";
+async function resolveBorrowedRobotStatus(robotFallback) {
+  const robotCreds = await robotFallback();
+  return robotCreds ? buildRobotStatus(robotCreds) : { loginStatus: "Not logged in" };
 }
-function errorMessage(error) {
-  return error instanceof Error ? error.message : String(error);
+async function loadFileCredentials(loadEnvFile, absolutePath) {
+  let credentials;
+  try {
+    credentials = await loadEnvFile({ envPath: absolutePath });
+  } catch (error) {
+    if (isFileNotFoundError(error)) {
+      return { status: { loginStatus: "Not logged in" } };
+    }
+    throw error;
+  }
+  if (!credentials.UIPATH_ACCESS_TOKEN) {
+    return { status: { loginStatus: "Not logged in" } };
+  }
+  return { credentials };
+}
+async function getGlobalCredsHint(getFs, loadEnvFile, absolutePath, envFilePath) {
+  const fs7 = getFs();
+  const globalPath = fs7.path.join(fs7.env.homedir(), envFilePath);
+  if (absolutePath === globalPath)
+    return;
+  if (!await fs7.exists(globalPath))
+    return;
+  try {
+    const globalCreds = await loadEnvFile({ envPath: globalPath });
+    if (!globalCreds.UIPATH_ACCESS_TOKEN)
+      return;
+    const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
+    if (globalExp && globalExp <= new Date)
+      return;
+    return `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
+  } catch {
+    return;
+  }
 }
 function computeExpirationThreshold(ensureTokenValidityMinutes) {
   return new Date(Date.now() + (ensureTokenValidityMinutes ?? 0) * 60 * 1000);
 }
+async function attemptRefresh(ctx) {
+  const shortCircuit = await circuitBreakerShortCircuit(ctx);
+  if (shortCircuit) {
+    return { kind: "terminal", status: shortCircuit };
+  }
+  let release;
+  try {
+    release = await ctx.getFs().acquireLock(ctx.absolutePath);
+  } catch (error) {
+    return {
+      kind: "terminal",
+      status: await lockAcquireFailureStatus(ctx, error)
+    };
+  }
+  let lockedFailure;
+  let lockReleaseFailed = false;
+  let success;
+  try {
+    const outcome = await runRefreshLocked({
+      absolutePath: ctx.absolutePath,
+      refreshToken: ctx.refreshToken,
+      customAuthority: ctx.credentials.UIPATH_URL,
+      ensureTokenValidityMinutes: ctx.ensureTokenValidityMinutes,
+      loadEnvFile: ctx.loadEnvFile,
+      saveEnvFile: ctx.saveEnvFile,
+      refreshFn: ctx.refreshFn,
+      resolveConfig: ctx.resolveConfig,
+      loadBreaker: ctx.loadBreaker,
+      saveBreaker: ctx.saveBreaker,
+      clearBreaker: ctx.clearBreaker
+    });
+    if (outcome.kind === "fail") {
+      lockedFailure = outcome.status;
+    } else {
+      success = outcome;
+    }
+  } finally {
+    try {
+      await release();
+    } catch {
+      lockReleaseFailed = true;
+    }
+  }
+  if (lockedFailure) {
+    const globalHint = await ctx.globalHint();
+    const base = globalHint ? { ...lockedFailure, loginStatus: "Expired", hint: globalHint } : lockedFailure;
+    return {
+      kind: "terminal",
+      status: lockReleaseFailed ? { ...base, lockReleaseFailed: true } : base
+    };
+  }
+  return {
+    kind: "refreshed",
+    tokens: {
+      accessToken: success?.accessToken,
+      refreshToken: success?.refreshToken,
+      expiration: success?.expiration,
+      tokenRefresh: success?.tokenRefresh,
+      persistenceWarning: success?.persistenceWarning,
+      lockReleaseFailed
+    }
+  };
+}
+async function buildFileStatus(tokens, credentials, globalHint) {
+  const result = {
+    loginStatus: tokens.expiration && tokens.expiration <= new Date ? "Expired" : "Logged in",
+    accessToken: tokens.accessToken,
+    refreshToken: tokens.refreshToken,
+    baseUrl: credentials.UIPATH_URL,
+    organizationName: credentials.UIPATH_ORGANIZATION_NAME,
+    organizationId: credentials.UIPATH_ORGANIZATION_ID,
+    tenantName: credentials.UIPATH_TENANT_NAME,
+    tenantId: credentials.UIPATH_TENANT_ID,
+    expiration: tokens.expiration,
+    source: "file" /* File */,
+    ...tokens.persistenceWarning ? { hint: tokens.persistenceWarning, persistenceFailed: true } : {},
+    ...tokens.lockReleaseFailed ? { lockReleaseFailed: true } : {},
+    ...tokens.tokenRefresh ? { tokenRefresh: tokens.tokenRefresh } : {}
+  };
+  if (result.loginStatus === "Expired") {
+    const hint = await globalHint();
+    if (hint) {
+      result.hint = hint;
+    }
+  }
+  return result;
+}
+function buildRobotStatus(robotCreds) {
+  return {
+    loginStatus: "Logged in",
+    accessToken: robotCreds.accessToken,
+    baseUrl: robotCreds.baseUrl,
+    organizationName: robotCreds.organizationName,
+    organizationId: robotCreds.organizationId,
+    tenantName: robotCreds.tenantName,
+    tenantId: robotCreds.tenantId,
+    issuer: robotCreds.issuer,
+    expiration: getTokenExpiration(robotCreds.accessToken),
+    source: "robot" /* Robot */
+  };
+}
+var isFileNotFoundError = (error) => {
+  if (!(error instanceof Object))
+    return false;
+  return error.code === "ENOENT";
+};
+async function circuitBreakerShortCircuit(ctx) {
+  const {
+    absolutePath,
+    refreshToken,
+    accessToken,
+    credentials,
+    expiration,
+    loadBreaker,
+    saveBreaker,
+    clearBreaker
+  } = ctx;
+  const fingerprint = await refreshTokenFingerprint(refreshToken);
+  const breaker = await loadBreaker(absolutePath).catch(() => ({}));
+  if (breaker.deadTokenFp && breaker.deadTokenFp !== fingerprint) {
+    await clearBreaker(absolutePath);
+    breaker.deadTokenFp = undefined;
+  }
+  const nowMs = Date.now();
+  const tokenIsDead = breaker.deadTokenFp === fingerprint;
+  const inBackoff = breaker.backoffUntilMs !== undefined && nowMs < breaker.backoffUntilMs;
+  if (!tokenIsDead && !inBackoff)
+    return;
+  const globalHint = await ctx.globalHint();
+  const suppressed = !shouldSurface(breaker, nowMs);
+  if (!suppressed) {
+    await saveBreaker(absolutePath, {
+      ...breaker,
+      lastSurfacedAtMs: nowMs
+    });
+  }
+  const deadHint = "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired. In a non-interactive context, authenticate with: uip login --client-id <id> --client-secret <secret> -t <tenant>.";
+  const backoffHint = "Token refresh is temporarily backed off after a recent network error and will retry automatically once the backoff window elapses.";
+  return {
+    loginStatus: globalHint ? "Expired" : "Refresh Failed",
+    ...globalHint ? {
+      accessToken,
+      refreshToken,
+      baseUrl: credentials.UIPATH_URL,
+      organizationName: credentials.UIPATH_ORGANIZATION_NAME,
+      organizationId: credentials.UIPATH_ORGANIZATION_ID,
+      tenantName: credentials.UIPATH_TENANT_NAME,
+      tenantId: credentials.UIPATH_TENANT_ID,
+      expiration,
+      source: "file" /* File */
+    } : {},
+    hint: globalHint ?? (tokenIsDead ? deadHint : backoffHint),
+    refreshCircuitOpen: true,
+    refreshTelemetrySuppressed: suppressed,
+    tokenRefresh: { attempted: false, success: false }
+  };
+}
+async function lockAcquireFailureStatus(ctx, error) {
+  const msg = errorMessage(error);
+  const globalHint = await ctx.globalHint();
+  if (globalHint) {
+    return {
+      loginStatus: "Expired",
+      accessToken: ctx.accessToken,
+      refreshToken: ctx.refreshToken,
+      baseUrl: ctx.credentials.UIPATH_URL,
+      organizationName: ctx.credentials.UIPATH_ORGANIZATION_NAME,
+      organizationId: ctx.credentials.UIPATH_ORGANIZATION_ID,
+      tenantName: ctx.credentials.UIPATH_TENANT_NAME,
+      tenantId: ctx.credentials.UIPATH_TENANT_ID,
+      expiration: ctx.expiration,
+      source: "file" /* File */,
+      hint: globalHint,
+      tokenRefresh: {
+        attempted: false,
+        success: false,
+        errorMessage: `lock acquisition failed: ${msg}`
+      }
+    };
+  }
+  return {
+    loginStatus: "Refresh Failed",
+    hint: "Could not acquire the auth-file lock — too many concurrent `uip` processes, or a permission issue on the auth directory. Retry, or run 'uip login' to re-authenticate.",
+    tokenRefresh: {
+      attempted: false,
+      success: false,
+      errorMessage: `lock acquisition failed: ${msg}`
+    }
+  };
+}
 async function runRefreshLocked(inputs) {
   const {
     absolutePath,
@@ -21888,7 +22323,10 @@ async function runRefreshLocked(inputs) {
     loadEnvFile,
     saveEnvFile,
     refreshFn,
-    resolveConfig
+    resolveConfig,
+    loadBreaker,
+    saveBreaker,
+    clearBreaker
   } = inputs;
   const expirationThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
   let fresh;
@@ -21911,6 +22349,7 @@ async function runRefreshLocked(inputs) {
   const freshAccess = fresh.UIPATH_ACCESS_TOKEN;
   const freshExp = freshAccess ? getTokenExpiration(freshAccess) : undefined;
   if (freshAccess && freshExp && freshExp > expirationThreshold) {
+    await clearBreaker(absolutePath);
     return {
       kind: "ok",
       accessToken: freshAccess,
@@ -21934,8 +22373,21 @@ async function runRefreshLocked(inputs) {
     refreshedRefresh = refreshed.refreshToken;
   } catch (error) {
     const isOAuthFailure = isTokenRefreshOAuthFailure(error);
-    const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
+    const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired. In a non-interactive context, authenticate with: uip login --client-id <id> --client-secret <secret> -t <tenant>." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
     const message = isOAuthFailure ? normalizeTokenRefreshFailure() : normalizeTokenRefreshUnavailableFailure();
+    const fp = await refreshTokenFingerprint(tokenForIdP);
+    if (isOAuthFailure) {
+      await saveBreaker(absolutePath, { deadTokenFp: fp });
+    } else {
+      const prior = await loadBreaker(absolutePath).catch(() => ({}));
+      const attempts = (prior.attempts ?? 0) + 1;
+      await saveBreaker(absolutePath, {
+        ...prior,
+        deadTokenFp: undefined,
+        attempts,
+        backoffUntilMs: Date.now() + nextBackoffMs(attempts)
+      });
+    }
     return {
       kind: "fail",
       status: {
@@ -21964,6 +22416,7 @@ async function runRefreshLocked(inputs) {
       }
     };
   }
+  await clearBreaker(absolutePath);
   try {
     await saveEnvFile({
       envPath: absolutePath,
@@ -21996,234 +22449,37 @@ async function runRefreshLocked(inputs) {
     };
   }
 }
-var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
-  const {
-    resolveEnvFilePath = resolveEnvFilePathAsync,
-    loadEnvFile = loadEnvFileAsync,
-    saveEnvFile = saveEnvFileAsync,
-    getFs = getFileSystem,
-    refreshToken: refreshTokenFn = refreshAccessToken,
-    resolveConfig = resolveConfigAsync,
-    robotFallback = tryRobotClientFallback
-  } = deps;
-  if (isRobotAuthEnforced()) {
-    if (isEnvAuthEnabled()) {
-      throw new EnvAuthConfigError(`${ENV_AUTH_ENABLE_VAR}=true and ${ENFORCE_ROBOT_AUTH_VAR}=true ` + `are mutually exclusive. Unset one of them and re-run.`);
-    }
-    const robotCreds = await robotFallback({ force: true });
-    if (!robotCreds) {
-      return {
-        loginStatus: "Not logged in",
-        hint: `${ENFORCE_ROBOT_AUTH_VAR}=true but the UiPath Robot ` + `session is unavailable. Start and sign in to the Assistant, ` + `or unset ${ENFORCE_ROBOT_AUTH_VAR} to fall back to file or ` + `env-var authentication.`
-      };
-    }
-    const expiration2 = getTokenExpiration(robotCreds.accessToken);
-    return {
-      loginStatus: "Logged in",
-      accessToken: robotCreds.accessToken,
-      baseUrl: robotCreds.baseUrl,
-      organizationName: robotCreds.organizationName,
-      organizationId: robotCreds.organizationId,
-      tenantName: robotCreds.tenantName,
-      tenantId: robotCreds.tenantId,
-      issuer: robotCreds.issuer,
-      expiration: expiration2,
-      source: "robot" /* Robot */
-    };
+function normalizeTokenRefreshFailure() {
+  return "stored refresh token is invalid or expired";
+}
+function normalizeTokenRefreshUnavailableFailure() {
+  return "token refresh failed before authentication completed";
+}
+function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+
+// ../../auth/src/authContext.ts
+var getAuthContext = async (options = {}) => {
+  const status = await getLoginStatusAsync({
+    ensureTokenValidityMinutes: options.ensureTokenValidityMinutes,
+    envFilePath: options.envFilePath
+  });
+  if (status.loginStatus !== "Logged in" || !status.baseUrl || !status.accessToken) {
+    throw new Error(status.hint ? `Not logged in. ${status.hint}` : "Not logged in. Run 'uip login' first.");
   }
-  if (isEnvAuthEnabled()) {
-    return readAuthFromEnv();
+  const tenantName = options.tenant ?? status.tenantName;
+  if (options.requireOrganizationId && !status.organizationId) {
+    throw new Error("Organization ID not available. Ensure you are logged in with an organization context.");
   }
-  const { envFilePath = DEFAULT_ENV_FILENAME, ensureTokenValidityMinutes } = options;
-  const { absolutePath } = await resolveEnvFilePath(envFilePath);
-  if (absolutePath === undefined) {
-    const robotCreds = await robotFallback();
-    if (robotCreds) {
-      const expiration2 = getTokenExpiration(robotCreds.accessToken);
-      const status = {
-        loginStatus: "Logged in",
-        accessToken: robotCreds.accessToken,
-        baseUrl: robotCreds.baseUrl,
-        organizationName: robotCreds.organizationName,
-        organizationId: robotCreds.organizationId,
-        tenantName: robotCreds.tenantName,
-        tenantId: robotCreds.tenantId,
-        issuer: robotCreds.issuer,
-        expiration: expiration2,
-        source: "robot" /* Robot */
-      };
-      return status;
-    }
-    return { loginStatus: "Not logged in" };
+  if (options.requireOrganizationName && !status.organizationName) {
+    throw new Error("Organization name not available. Ensure you are logged in with an organization context.");
   }
-  let credentials;
-  try {
-    credentials = await loadEnvFile({ envPath: absolutePath });
-  } catch (error) {
-    if (isFileNotFoundError(error)) {
-      return { loginStatus: "Not logged in" };
-    }
-    throw error;
+  if (options.requireTenantId && !status.tenantId) {
+    throw new Error("Tenant ID not available. Ensure UIPATH_TENANT_ID is set.");
   }
-  if (!credentials.UIPATH_ACCESS_TOKEN) {
-    return { loginStatus: "Not logged in" };
-  }
-  let accessToken = credentials.UIPATH_ACCESS_TOKEN;
-  let refreshToken = credentials.UIPATH_REFRESH_TOKEN;
-  let expiration = getTokenExpiration(accessToken);
-  let persistenceWarning;
-  let lockReleaseFailed = false;
-  let tokenRefresh;
-  const outerThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
-  const tryGlobalCredsHint = async () => {
-    const fs7 = getFs();
-    const globalPath = fs7.path.join(fs7.env.homedir(), envFilePath);
-    if (absolutePath === globalPath)
-      return;
-    if (!await fs7.exists(globalPath))
-      return;
-    try {
-      const globalCreds = await loadEnvFile({ envPath: globalPath });
-      if (!globalCreds.UIPATH_ACCESS_TOKEN)
-        return;
-      const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
-      if (globalExp && globalExp <= new Date)
-        return;
-      return `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
-    } catch {
-      return;
-    }
-  };
-  if (expiration && expiration <= outerThreshold && refreshToken) {
-    let release;
-    try {
-      release = await getFs().acquireLock(absolutePath);
-    } catch (error) {
-      const msg = errorMessage(error);
-      const globalHint = await tryGlobalCredsHint();
-      if (globalHint) {
-        return {
-          loginStatus: "Expired",
-          accessToken,
-          refreshToken,
-          baseUrl: credentials.UIPATH_URL,
-          organizationName: credentials.UIPATH_ORGANIZATION_NAME,
-          organizationId: credentials.UIPATH_ORGANIZATION_ID,
-          tenantName: credentials.UIPATH_TENANT_NAME,
-          tenantId: credentials.UIPATH_TENANT_ID,
-          expiration,
-          source: "file" /* File */,
-          hint: globalHint,
-          tokenRefresh: {
-            attempted: false,
-            success: false,
-            errorMessage: `lock acquisition failed: ${msg}`
-          }
-        };
-      }
-      return {
-        loginStatus: "Refresh Failed",
-        hint: "Could not acquire the auth-file lock — too many concurrent `uip` processes, or a permission issue on the auth directory. Retry, or run 'uip login' to re-authenticate.",
-        tokenRefresh: {
-          attempted: false,
-          success: false,
-          errorMessage: `lock acquisition failed: ${msg}`
-        }
-      };
-    }
-    let lockedFailure;
-    try {
-      const outcome = await runRefreshLocked({
-        absolutePath,
-        refreshToken,
-        customAuthority: credentials.UIPATH_URL,
-        ensureTokenValidityMinutes,
-        loadEnvFile,
-        saveEnvFile,
-        refreshFn: refreshTokenFn,
-        resolveConfig
-      });
-      if (outcome.kind === "fail") {
-        lockedFailure = outcome.status;
-      } else {
-        accessToken = outcome.accessToken;
-        refreshToken = outcome.refreshToken;
-        expiration = outcome.expiration;
-        tokenRefresh = outcome.tokenRefresh;
-        if (outcome.persistenceWarning) {
-          persistenceWarning = outcome.persistenceWarning;
-        }
-      }
-    } finally {
-      try {
-        await release();
-      } catch {
-        lockReleaseFailed = true;
-      }
-    }
-    if (lockedFailure) {
-      const globalHint = await tryGlobalCredsHint();
-      const base = globalHint ? {
-        ...lockedFailure,
-        loginStatus: "Expired",
-        hint: globalHint
-      } : lockedFailure;
-      return lockReleaseFailed ? { ...base, lockReleaseFailed: true } : base;
-    }
-  }
-  const result = {
-    loginStatus: expiration && expiration <= new Date ? "Expired" : "Logged in",
-    accessToken,
-    refreshToken,
-    baseUrl: credentials.UIPATH_URL,
-    organizationName: credentials.UIPATH_ORGANIZATION_NAME,
-    organizationId: credentials.UIPATH_ORGANIZATION_ID,
-    tenantName: credentials.UIPATH_TENANT_NAME,
-    tenantId: credentials.UIPATH_TENANT_ID,
-    expiration,
-    source: "file" /* File */,
-    ...persistenceWarning ? { hint: persistenceWarning, persistenceFailed: true } : {},
-    ...lockReleaseFailed ? { lockReleaseFailed: true } : {},
-    ...tokenRefresh ? { tokenRefresh } : {}
-  };
-  if (result.loginStatus === "Expired") {
-    const globalHint = await tryGlobalCredsHint();
-    if (globalHint) {
-      result.hint = globalHint;
-    }
-  }
-  return result;
-};
-var isFileNotFoundError = (error) => {
-  if (!(error instanceof Object))
-    return false;
-  return error.code === "ENOENT";
-};
-var getLoginStatusAsync = async (options = {}) => {
-  return getLoginStatusWithDeps(options);
-};
-
-// ../../auth/src/authContext.ts
-var getAuthContext = async (options = {}) => {
-  const status = await getLoginStatusAsync({
-    ensureTokenValidityMinutes: options.ensureTokenValidityMinutes,
-    envFilePath: options.envFilePath
-  });
-  if (status.loginStatus !== "Logged in" || !status.baseUrl || !status.accessToken) {
-    throw new Error(status.hint ? `Not logged in. ${status.hint}` : "Not logged in. Run 'uip login' first.");
-  }
-  const tenantName = options.tenant ?? status.tenantName;
-  if (options.requireOrganizationId && !status.organizationId) {
-    throw new Error("Organization ID not available. Ensure you are logged in with an organization context.");
-  }
-  if (options.requireOrganizationName && !status.organizationName) {
-    throw new Error("Organization name not available. Ensure you are logged in with an organization context.");
-  }
-  if (options.requireTenantId && !status.tenantId) {
-    throw new Error("Tenant ID not available. Ensure UIPATH_TENANT_ID is set.");
-  }
-  if (options.requireTenantName && tenantName === undefined) {
-    throw new Error("Tenant not provided and UIPATH_TENANT_NAME not set. Run 'uip login' to select a tenant, or use 'uip login tenant set <tenant>' to switch tenants.");
+  if (options.requireTenantName && tenantName === undefined) {
+    throw new Error("Tenant not provided and UIPATH_TENANT_NAME not set. Run 'uip login' to select a tenant, or use 'uip login tenant set <tenant>' to switch tenants.");
   }
   return {
     baseUrl: status.baseUrl,
@@ -22236,6 +22492,14 @@ var getAuthContext = async (options = {}) => {
 };
 // ../../auth/src/interactive.ts
 init_src();
+
+// ../../auth/src/selectTenant.ts
+var TENANT_SELECTION_REQUIRED_CODE = "TENANT_SELECTION_REQUIRED";
+var INVALID_TENANT_CODE = "INVALID_TENANT";
+var TENANT_SELECTION_CODES = new Set([
+  TENANT_SELECTION_REQUIRED_CODE,
+  INVALID_TENANT_CODE
+]);
 // ../../auth/src/logout.ts
 init_src();
 
@@ -22272,6 +22536,12 @@ function singleton(ctorOrName) {
   };
 }
 
+// ../../common/src/telemetry/global-telemetry-properties.ts
+var telemetryPropsSlot = singleton("TelemetryDefaultProps");
+function getGlobalTelemetryProperties() {
+  return telemetryPropsSlot.get();
+}
+
 // ../../common/src/sdk-user-agent.ts
 var USER_AGENT_HEADER = "User-Agent";
 var sdkUserAgentHostToken = singleton("SdkUserAgentHostToken");
@@ -22295,8 +22565,8 @@ function appendUserAgentToken(value, userAgent) {
 function getEffectiveUserAgent(userAgent) {
   return appendUserAgentToken(sdkUserAgentHostToken.get(), userAgent);
 }
-function isHeadersLike(headers) {
-  return typeof headers === "object" && headers !== null && "get" in headers && typeof headers.get === "function" && "set" in headers && typeof headers.set === "function";
+function getHeaderName(headers, headerName) {
+  return Object.keys(headers).find((key) => key.toLowerCase() === headerName.toLowerCase());
 }
 function getSdkUserAgentToken(pkg) {
   const packageName = pkg.name.replace(/^@uipath\//, "");
@@ -22304,59 +22574,31 @@ function getSdkUserAgentToken(pkg) {
 }
 function addSdkUserAgentHeader(headers, userAgent) {
   const result = { ...headers ?? {} };
-  const effectiveUserAgent = getEffectiveUserAgent(userAgent);
-  const headerName = Object.keys(result).find((key) => key.toLowerCase() === USER_AGENT_HEADER.toLowerCase());
-  if (headerName) {
-    result[headerName] = appendUserAgentToken(result[headerName], effectiveUserAgent);
-  } else {
-    result[USER_AGENT_HEADER] = effectiveUserAgent;
-  }
+  const headerName = getHeaderName(result, USER_AGENT_HEADER);
+  result[headerName ?? USER_AGENT_HEADER] = appendUserAgentToken(headerName ? result[headerName] : undefined, getEffectiveUserAgent(userAgent));
   return result;
 }
-function withSdkUserAgentHeader(headers, userAgent) {
-  const effectiveUserAgent = getEffectiveUserAgent(userAgent);
-  if (isHeadersLike(headers)) {
-    headers.set(USER_AGENT_HEADER, appendUserAgentToken(headers.get(USER_AGENT_HEADER), effectiveUserAgent));
-    return headers;
-  }
-  if (Array.isArray(headers)) {
-    const result = headers.map((entry) => {
-      const [key, value] = entry;
-      return [key, value];
-    });
-    const headerIndex = result.findIndex(([key]) => key.toLowerCase() === USER_AGENT_HEADER.toLowerCase());
-    if (headerIndex >= 0) {
-      const [key, value] = result[headerIndex];
-      result[headerIndex] = [
-        key,
-        appendUserAgentToken(value, effectiveUserAgent)
-      ];
-    } else {
-      result.push([USER_AGENT_HEADER, effectiveUserAgent]);
-    }
-    return result;
-  }
-  return addSdkUserAgentHeader(typeof headers === "object" && headers !== null ? { ...headers } : {}, effectiveUserAgent);
+function asHeaderRecord(headers) {
+  return typeof headers === "object" && headers !== null ? { ...headers } : {};
 }
-function withUserAgentInitOverride(initOverrides, userAgent) {
+function withForwardedHeadersInitOverride(initOverrides, forward) {
   return async (requestContext) => {
-    const initWithUserAgent = {
+    const initWithHeaders = {
       ...requestContext.init,
-      headers: withSdkUserAgentHeader(requestContext.init.headers, userAgent)
+      headers: forward(asHeaderRecord(requestContext.init.headers))
     };
     const override = typeof initOverrides === "function" ? await initOverrides({
       ...requestContext,
-      init: initWithUserAgent
+      init: initWithHeaders
     }) : initOverrides;
     return {
       ...override ?? {},
-      headers: withSdkUserAgentHeader(override?.headers ?? initWithUserAgent.headers, userAgent)
+      headers: forward(asHeaderRecord(override?.headers ?? initWithHeaders.headers))
     };
   };
 }
-function installSdkUserAgentHeader(BaseApiClass, userAgent) {
+function installRequestHeaderForwarding(BaseApiClass, patchKey, forward) {
   const prototype = BaseApiClass.prototype;
-  const patchKey = userAgentPatchKey(userAgent);
   if (prototype[patchKey]) {
     return;
   }
@@ -22364,13 +22606,16 @@ function installSdkUserAgentHeader(BaseApiClass, userAgent) {
     throw new Error("Generated BaseAPI request function not found.");
   }
   const originalRequest = prototype.request;
-  prototype.request = function requestWithUserAgent(context, initOverrides) {
-    return originalRequest.call(this, context, withUserAgentInitOverride(initOverrides, userAgent));
+  prototype.request = function requestWithForwardedHeaders(context, initOverrides) {
+    return originalRequest.call(this, context, withForwardedHeadersInitOverride(initOverrides, forward));
   };
   Object.defineProperty(prototype, patchKey, {
     value: true
   });
 }
+function installSdkUserAgentHeader(BaseApiClass, userAgent) {
+  installRequestHeaderForwarding(BaseApiClass, userAgentPatchKey(userAgent), (headers) => addSdkUserAgentHeader(headers, userAgent));
+}
 
 // ../authz-sdk/generated/src/runtime.ts
 var BASE_PATH = "http://localhost".replace(/\/+$/, "");
@@ -22625,7 +22870,7 @@ class VoidApiResponse {
 var package_default2 = {
   name: "@uipath/authz-sdk",
   license: "MIT",
-  version: "1.196.0",
+  version: "1.197.0",
   description: "SDK for the UiPath Authorization Service API.",
   repository: {
     type: "git",
@@ -22655,7 +22900,7 @@ var package_default2 = {
   ],
   private: true,
   scripts: {
-    build: "bun build ./src/index.ts --outdir dist --format esm --target node && tsc -p tsconfig.build.json --noCheck",
+    build: "bun build ./src/index.ts --outdir dist --format esm --target node --sourcemap=linked && tsc -p tsconfig.build.json --noCheck",
     generate: "bun run src/scripts/generate-sdk.ts",
     lint: "biome check ."
   },
@@ -23269,27 +23514,54 @@ var NETWORK_ERROR_CODES = new Set([
   "ENETUNREACH",
   "EAI_FAIL"
 ]);
-function isHtmlDocument(body) {
-  return /^\s*(<!doctype html|<html\b)/i.test(body);
-}
-function extractNetworkErrorCode(error) {
-  if (error === null || typeof error !== "object") {
-    return;
-  }
-  const err = error;
-  const code = typeof err.code === "string" ? err.code : undefined;
-  if (code && NETWORK_ERROR_CODES.has(code)) {
-    return code;
-  }
-  const cause = err.cause;
-  if (cause !== null && typeof cause === "object") {
-    const causeCode = cause.code;
-    if (typeof causeCode === "string" && NETWORK_ERROR_CODES.has(causeCode)) {
-      return causeCode;
+var TLS_ERROR_CODES = new Set([
+  "SELF_SIGNED_CERT_IN_CHAIN",
+  "DEPTH_ZERO_SELF_SIGNED_CERT",
+  "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
+  "UNABLE_TO_GET_ISSUER_CERT_LOCALLY",
+  "UNABLE_TO_GET_ISSUER_CERT",
+  "CERT_HAS_EXPIRED",
+  "CERT_UNTRUSTED",
+  "ERR_TLS_CERT_ALTNAME_INVALID"
+]);
+var TLS_INSTRUCTIONS = "The server's TLS certificate could not be verified. Most often a " + "corporate proxy/firewall re-signs HTTPS with a root CA that Node does " + "not trust — set NODE_EXTRA_CA_CERTS to that CA's PEM file (and HTTPS_PROXY " + "if you connect through a proxy). If the certificate is instead expired or " + "its hostname does not match, fix the endpoint URL or the system clock. " + "Then retry.";
+var NETWORK_INSTRUCTIONS = "Could not reach the UiPath service. Check your network connection and " + "VPN, confirm any HTTP_PROXY/HTTPS_PROXY/NO_PROXY settings are correct, " + "then retry.";
+function describeConnectivityError(error) {
+  let current = error;
+  for (let depth = 0;depth < 5 && current !== null && typeof current === "object"; depth++) {
+    const cur = current;
+    const code = typeof cur.code === "string" ? cur.code : undefined;
+    const message = typeof cur.message === "string" ? cur.message : undefined;
+    if (code && TLS_ERROR_CODES.has(code)) {
+      return {
+        code,
+        kind: "tls",
+        message: message ?? code,
+        instructions: TLS_INSTRUCTIONS
+      };
+    }
+    if (code && NETWORK_ERROR_CODES.has(code)) {
+      return {
+        code,
+        kind: "network",
+        message: message ?? code,
+        instructions: NETWORK_INSTRUCTIONS
+      };
     }
+    current = cur.cause;
   }
   return;
 }
+function parseHttpStatusFromMessage(message) {
+  const match = /^HTTP\s+(\d{3})(?::|\s|-|$)/i.exec(message.trim());
+  if (!match)
+    return;
+  const status = Number(match[1]);
+  return Number.isInteger(status) && status >= 100 && status <= 599 ? status : undefined;
+}
+function isHtmlDocument(body) {
+  return /^\s*(<!doctype html|<html\b)/i.test(body);
+}
 function retryHintForRetryAfter(seconds) {
   if (seconds <= 1) {
     return "RetryAfter1Second";
@@ -23330,15 +23602,28 @@ function classifyError(status, error) {
   if (status !== undefined && status >= 500 && status < 600) {
     return { errorCode: "server_error", retry: "RetryLater" };
   }
-  if (extractNetworkErrorCode(error)) {
-    return { errorCode: "network_error", retry: "RetryLater" };
+  const connectivity = describeConnectivityError(error);
+  if (connectivity) {
+    return {
+      errorCode: "network_error",
+      retry: connectivity.kind === "tls" ? "RetryWillNotFix" : "RetryLater"
+    };
   }
   return { errorCode: "unknown_error", retry: "RetryWillNotFix" };
 }
+function formatHttpStatusMessage(status, rawMessage, extractedMessage, inferredStatus) {
+  if (extractedMessage) {
+    return `HTTP ${status}: ${extractedMessage}`;
+  }
+  return inferredStatus !== undefined ? rawMessage : `HTTP ${status}: ${rawMessage}`;
+}
 async function extractErrorDetails(error, options) {
   const err = error !== null && error !== undefined && typeof error === "object" ? error : {};
   const response = err.response;
-  const status = err.status ?? response?.status;
+  const rawMessage = typeof err.message === "string" ? err.message : "Unknown error";
+  const explicitStatus = err.status ?? response?.status;
+  const inferredStatus = explicitStatus === undefined ? parseHttpStatusFromMessage(rawMessage) : undefined;
+  const status = explicitStatus ?? inferredStatus;
   const isSuccessfulResponse = status !== undefined && status >= 200 && status < 300;
   let rawBody;
   let extractedMessage;
@@ -23373,7 +23658,6 @@ async function extractErrorDetails(error, options) {
       }
     }
   }
-  const rawMessage = typeof err.message === "string" ? err.message : "Unknown error";
   let message;
   let result = "Failure";
   const classification = classifyError(status, error);
@@ -23387,10 +23671,10 @@ async function extractErrorDetails(error, options) {
   } else if (status === 405) {
     message = DEFAULT_405;
   } else if (status === 400 || status === 422) {
-    message = extractedMessage ? `HTTP ${status}: ${extractedMessage}` : `HTTP ${status}: ${rawMessage}`;
+    message = formatHttpStatusMessage(status, rawMessage, extractedMessage, inferredStatus);
     result = "ValidationError";
   } else if (status === 429) {
-    message = extractedMessage ? `HTTP ${status}: ${extractedMessage}` : `HTTP ${status}: ${rawMessage}`;
+    message = formatHttpStatusMessage(status, rawMessage, extractedMessage, inferredStatus);
   } else if (extractedMessage) {
     if (isSuccessfulResponse && rawMessage !== "Unknown error") {
       message = rawMessage;
@@ -23398,7 +23682,9 @@ async function extractErrorDetails(error, options) {
       message = status ? `HTTP ${status}: ${extractedMessage}` : extractedMessage;
     }
   } else if (status) {
-    if (rawMessage === "Unknown error" && response) {
+    if (inferredStatus !== undefined) {
+      message = rawMessage;
+    } else if (rawMessage === "Unknown error" && response) {
       const statusText = response.statusText;
       message = statusText ? `HTTP ${status} ${statusText}` : `HTTP ${status} - request failed`;
     } else {
@@ -23407,6 +23693,12 @@ async function extractErrorDetails(error, options) {
   } else {
     message = rawMessage;
   }
+  if (status === undefined) {
+    const connectivity = describeConnectivityError(error);
+    if (connectivity && connectivity.message !== message && !message.includes(connectivity.message)) {
+      message = `${message}: ${connectivity.message}`;
+    }
+  }
   let details = rawMessage;
   if (rawBody) {
     if (parsedBody) {
@@ -23528,6 +23820,7 @@ var CONSOLE_FALLBACK = {
   writeLog: (str) => process.stdout.write(str),
   capabilities: {
     isInteractive: false,
+    canReadInput: false,
     supportsColor: false,
     outputWidth: 80
   }
@@ -28533,12 +28826,6 @@ class NodeContextStorage {
     return this.storage.getStore();
   }
 }
-// ../../common/src/telemetry/global-telemetry-properties.ts
-var telemetryPropsSlot = singleton("TelemetryDefaultProps");
-function getGlobalTelemetryProperties() {
-  return telemetryPropsSlot.get();
-}
-
 // ../../common/src/telemetry/telemetry-service.ts
 class TelemetryService {
   telemetryProvider;
@@ -28728,6 +29015,29 @@ function isPlainRecord(value) {
   const prototype = Object.getPrototypeOf(value);
   return prototype === Object.prototype || prototype === null;
 }
+function extractPagedRows(value) {
+  if (Array.isArray(value) || !isPlainRecord(value))
+    return null;
+  const entries = Object.values(value);
+  if (entries.length === 0)
+    return null;
+  let rows = null;
+  let hasScalarSibling = false;
+  for (const entry of entries) {
+    if (Array.isArray(entry)) {
+      if (rows !== null)
+        return null;
+      rows = entry;
+    } else if (entry !== null && typeof entry === "object") {
+      return null;
+    } else {
+      hasScalarSibling = true;
+    }
+  }
+  if (rows === null || !hasScalarSibling)
+    return null;
+  return rows;
+}
 function toLowerCamelCaseKey(key) {
   if (!key)
     return key;
@@ -28792,7 +29102,8 @@ function printOutput(data, format = "json", logFn, asciiSafe = false) {
       break;
     case "plain": {
       if ("Data" in data && data.Data != null) {
-        const items = Array.isArray(data.Data) ? data.Data : [data.Data];
+        const pagedRows = extractPagedRows(data.Data);
+        const items = pagedRows ?? (Array.isArray(data.Data) ? data.Data : [data.Data]);
         items.forEach((item) => {
           const values = Object.values(item).map((v) => v ?? "").join("\t");
           logFn(values);
@@ -28804,10 +29115,13 @@ function printOutput(data, format = "json", logFn, asciiSafe = false) {
       break;
     }
     default: {
-      if ("Data" in data && data.Data != null && !(Array.isArray(data.Data) && data.Data.length === 0)) {
+      const hasData = "Data" in data && data.Data != null;
+      const pagedRows = hasData ? extractPagedRows(data.Data) : null;
+      const rows = pagedRows ? pagedRows : Array.isArray(data.Data) ? data.Data : null;
+      if (hasData && !(rows !== null && rows.length === 0)) {
         const logValue = data.Log;
-        if (Array.isArray(data.Data)) {
-          printResizableTable(data.Data, logFn, logValue);
+        if (rows !== null) {
+          printResizableTable(rows, logFn, logValue);
         } else {
           printVerticalTable(data.Data, logFn, logValue);
         }
@@ -28995,6 +29309,44 @@ function defaultErrorCodeForResult(result) {
       return "unknown_error";
   }
 }
+function parseHttpStatusFromMessage2(message) {
+  const match = /^HTTP\s+(\d{3})(?::|\s|-|$)/i.exec(message.trim());
+  if (!match)
+    return;
+  const status = Number(match[1]);
+  return Number.isInteger(status) && status >= 100 && status <= 599 ? status : undefined;
+}
+function defaultErrorCodeForHttpStatus(status) {
+  if (status === undefined)
+    return;
+  if (status === 400 || status === 409 || status === 422) {
+    return "invalid_argument";
+  }
+  if (status === 401)
+    return "authentication_required";
+  if (status === 403)
+    return "permission_denied";
+  if (status === 404)
+    return "not_found";
+  if (status === 405)
+    return "method_not_allowed";
+  if (status === 408)
+    return "timeout";
+  if (status === 429)
+    return "rate_limited";
+  if (status >= 500 && status < 600)
+    return "server_error";
+  return;
+}
+function defaultErrorCodeForFailure(data) {
+  if (data.Result === RESULTS.Failure) {
+    const status = data.Context?.httpStatus ?? parseHttpStatusFromMessage2(data.Message);
+    const errorCode2 = defaultErrorCodeForHttpStatus(status);
+    if (errorCode2)
+      return errorCode2;
+  }
+  return defaultErrorCodeForResult(data.Result);
+}
 function defaultRetryForErrorCode(errorCode2) {
   switch (errorCode2) {
     case "network_error":
@@ -29024,16 +29376,19 @@ var OutputFormatter;
   OutputFormatter.success = success;
   function error(data) {
     data.Log ??= getLogFilePath() || undefined;
-    data.ErrorCode ??= defaultErrorCodeForResult(data.Result);
+    data.ErrorCode ??= defaultErrorCodeForFailure(data);
     data.Retry ??= defaultRetryForErrorCode(data.ErrorCode);
     process.exitCode = EXIT_CODES[data.Result] ?? 1;
-    telemetry.trackEvent(CommonTelemetryEvents.Error, {
-      result: data.Result,
-      errorCode: data.ErrorCode,
-      retry: data.Retry,
-      message: data.Message
-    });
-    logOutput(normalizeOutputKeys(data), getOutputFormat());
+    const { SuppressTelemetry, ...envelope } = data;
+    if (!SuppressTelemetry) {
+      telemetry.trackEvent(CommonTelemetryEvents.Error, {
+        result: data.Result,
+        errorCode: data.ErrorCode,
+        retry: data.Retry,
+        message: data.Message
+      });
+    }
+    logOutput(normalizeOutputKeys(envelope), getOutputFormat());
   }
   OutputFormatter.error = error;
   function emitList(code, items, opts) {
@@ -29109,1623 +29464,220 @@ var SENSITIVE_NAME_TOKENS = new Set([
   "certificate",
   "certificates"
 ]);
-var SENSITIVE_KEY_PREFIXES = new Set([
-  "api",
-  "access",
-  "client",
-  "private",
-  "public",
-  "signing",
-  "encryption",
-  "session",
-  "master",
-  "shared",
-  "root",
-  "ssh",
-  "rsa",
-  "aes",
-  "hmac",
-  "oauth"
-]);
-var UUID_PATTERN = /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b/gi;
-var EMAIL_PATTERN = /\b[^\s@]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/g;
-var JWT_PATTERN = /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g;
-var LONG_TOKEN_PATTERN = /\b[A-Za-z0-9_-]{40,}\b/g;
-var USER_HOME_PATTERN = /([/\\])(Users|home)([/\\])([^/\\]+)/gi;
-var URL_PATTERN = /\bhttps?:\/\/[^\s,;]+/gi;
-var URL_TRAILING_PUNCT = /[.,;:!?)\]}>'"]+$/;
-function shortHash(input) {
-  let hash = 2166136261;
-  for (let i = 0;i < input.length; i++) {
-    hash ^= input.charCodeAt(i);
-    hash = Math.imul(hash, 16777619);
-  }
-  return (hash >>> 0).toString(16).padStart(8, "0");
-}
-function redactUrl(raw) {
-  try {
-    const url = new URL(raw);
-    return `${url.protocol}//${url.host}`;
-  } catch {
-    return `url#${shortHash(raw)}`;
-  }
-}
-function redactValueDetectors(value) {
-  let out = value;
-  out = out.replace(JWT_PATTERN, () => REDACTED);
-  out = out.replace(URL_PATTERN, (match) => {
-    const trailing = match.match(URL_TRAILING_PUNCT)?.[0] ?? "";
-    const core = trailing ? match.slice(0, -trailing.length) : match;
-    return `${redactUrl(core)}${trailing}`;
-  });
-  out = out.replace(USER_HOME_PATTERN, (_match, sep1, folder, sep2) => `${sep1}${folder}${sep2}<user>`);
-  out = out.replace(EMAIL_PATTERN, (match) => `email#${shortHash(match)}`);
-  out = out.replace(UUID_PATTERN, (match) => `uuid#${shortHash(match)}`);
-  out = out.replace(LONG_TOKEN_PATTERN, () => REDACTED);
-  if (out.length > MAX_VALUE_LENGTH) {
-    out = `${out.slice(0, MAX_VALUE_LENGTH)}…`;
-  }
-  return out;
-}
-function nameTokens(name) {
-  return name.replace(/([a-z0-9])([A-Z])/g, "$1 $2").replace(/([A-Z]+)([A-Z][a-z])/g, "$1 $2").split(/[\s_-]+/).map((t) => t.toLowerCase()).filter(Boolean);
-}
-function isSensitiveName(name) {
-  const tokens = nameTokens(name);
-  for (let i = 0;i < tokens.length; i++) {
-    const token = tokens[i];
-    if (SENSITIVE_NAME_TOKENS.has(token)) {
-      return true;
-    }
-    if (token === "key" || token === "keys") {
-      const prev = tokens[i - 1];
-      if (prev && SENSITIVE_KEY_PREFIXES.has(prev)) {
-        return true;
-      }
-    }
-  }
-  return false;
-}
-function redactProperty(name, value) {
-  if (value === undefined || value === null) {
-    return;
-  }
-  if (isSensitiveName(name)) {
-    return REDACTED;
-  }
-  if (typeof value === "boolean" || typeof value === "number") {
-    return value;
-  }
-  if (typeof value !== "string") {
-    return "[OBJECT]";
-  }
-  return redactValueDetectors(value);
-}
-function redactProperties(properties) {
-  const out = {};
-  for (const [name, value] of Object.entries(properties)) {
-    const redacted = redactProperty(name, value);
-    if (redacted !== undefined) {
-      out[name] = redacted;
-    }
-  }
-  return out;
-}
-
-// ../../common/src/trackedAction.ts
-var pollSignalSlot = singleton("PollSignal");
-var cliErrorCodeValues = new Set(CLI_ERROR_CODES);
-var retryHintValues = new Set(RETRY_HINTS);
-var processContext = {
-  exit: (code) => {
-    process.exitCode = code;
-  },
-  get pollSignal() {
-    return pollSignalSlot.get();
-  }
-};
-function extractCommandParams(cmd) {
-  const params = {};
-  const registered = cmd.registeredArguments ?? [];
-  const processed = cmd.processedArgs ?? [];
-  for (let i = 0;i < registered.length; i++) {
-    const value = processed[i];
-    if (value === undefined) {
-      continue;
-    }
-    const name = registered[i].name();
-    if (name) {
-      params[name] = value;
-    }
-  }
-  for (const [key, value] of Object.entries(cmd.opts())) {
-    if (value !== undefined) {
-      params[key] = value;
-    }
-  }
-  return params;
-}
-function deriveCommandPath(cmd) {
-  const parts = [];
-  let current = cmd;
-  while (current) {
-    const name = current.name();
-    if (name) {
-      parts.unshift(name);
-    }
-    current = current.parent;
-  }
-  if (parts.length > 1) {
-    parts.shift();
-  }
-  return ["uip", ...parts.filter((p) => p !== "uip")].join(".");
-}
-function isCliErrorCode(value) {
-  return typeof value === "string" && cliErrorCodeValues.has(value);
-}
-function isRetryHint(value) {
-  return typeof value === "string" && retryHintValues.has(value);
-}
-function isErrorContext(value) {
-  return value !== null && typeof value === "object";
-}
-function commandHelpHint(commandPath) {
-  const command = commandPath.replace(/\./g, " ");
-  return `An unexpected error occurred. Run '${command} --help' to verify command syntax, or run with --log-level debug for details.`;
-}
-Command.prototype.trackedAction = function(context, fn, properties) {
-  const command = this;
-  return this.action(async (...args) => {
-    const telemetryName = deriveCommandPath(command);
-    const props = typeof properties === "function" ? properties(...args) : properties;
-    const startTime = performance.now();
-    let errorMessage2;
-    const [error] = await catchError2(fn(...args));
-    if (error) {
-      errorMessage2 = error instanceof Error ? error.message : String(error);
-      logger.debug(`[trackedAction] ${telemetryName} failed: ${errorMessage2}`);
-      const typed = error;
-      const customInstructions = typeof typed.instructions === "string" ? typed.instructions : undefined;
-      const customResult = typeof typed.result === "string" && typed.result !== RESULTS.Success && Object.values(RESULTS).includes(typed.result) ? typed.result : undefined;
-      const finalResult = customResult ?? RESULTS.Failure;
-      const typedErrorCode = typed.errorCode ?? typed.ErrorCode;
-      const customErrorCode = isCliErrorCode(typedErrorCode) ? typedErrorCode : undefined;
-      const typedRetry = typed.retry ?? typed.Retry;
-      const customRetry = isRetryHint(typedRetry) ? typedRetry : undefined;
-      const typedContext = typed.context ?? typed.Context;
-      const customContext = isErrorContext(typedContext) ? typedContext : undefined;
-      OutputFormatter.error({
-        Result: finalResult,
-        ...customErrorCode ? { ErrorCode: customErrorCode } : {},
-        Message: errorMessage2,
-        Instructions: customInstructions ?? commandHelpHint(telemetryName),
-        ...customRetry ? { Retry: customRetry } : {},
-        ...customContext ? { Context: customContext } : {}
-      });
-      context.exit(EXIT_CODES[finalResult]);
-    }
-    const durationMs = performance.now() - startTime;
-    const success = !error && (process.exitCode === undefined || process.exitCode === 0);
-    telemetry.trackEvent(telemetryName, redactProperties({
-      ...extractCommandParams(command),
-      ...props,
-      command: "true",
-      duration: String(durationMs),
-      success: String(success),
-      ...errorMessage2 ? { errorMessage: errorMessage2 } : {}
-    }));
-  });
-};
-// ../../common/src/console-guard.ts
-var guardInstalledSlot = singleton("ConsoleGuardInstalled");
-var savedOriginalsSlot = singleton("ConsoleGuardOriginals");
-// ../../common/src/constants.ts
-var DEFAULT_AUTH_TIMEOUT_MS2 = 5 * 60 * 1000;
-// ../../common/src/interactivity-context.ts
-var modeSlot = singleton("InteractivityMode");
-// ../../../node_modules/jsonpath-plus/dist/index-node-esm.js
-import vm from "vm";
-
-class Hooks {
-  add(name, callback, first) {
-    if (typeof arguments[0] != "string") {
-      for (let name2 in arguments[0]) {
-        this.add(name2, arguments[0][name2], arguments[1]);
-      }
-    } else {
-      (Array.isArray(name) ? name : [name]).forEach(function(name2) {
-        this[name2] = this[name2] || [];
-        if (callback) {
-          this[name2][first ? "unshift" : "push"](callback);
-        }
-      }, this);
-    }
-  }
-  run(name, env) {
-    this[name] = this[name] || [];
-    this[name].forEach(function(callback) {
-      callback.call(env && env.context ? env.context : env, env);
-    });
-  }
-}
-
-class Plugins {
-  constructor(jsep) {
-    this.jsep = jsep;
-    this.registered = {};
-  }
-  register(...plugins) {
-    plugins.forEach((plugin) => {
-      if (typeof plugin !== "object" || !plugin.name || !plugin.init) {
-        throw new Error("Invalid JSEP plugin format");
-      }
-      if (this.registered[plugin.name]) {
-        return;
-      }
-      plugin.init(this.jsep);
-      this.registered[plugin.name] = plugin;
-    });
-  }
-}
-
-class Jsep {
-  static get version() {
-    return "1.4.0";
-  }
-  static toString() {
-    return "JavaScript Expression Parser (JSEP) v" + Jsep.version;
-  }
-  static addUnaryOp(op_name) {
-    Jsep.max_unop_len = Math.max(op_name.length, Jsep.max_unop_len);
-    Jsep.unary_ops[op_name] = 1;
-    return Jsep;
-  }
-  static addBinaryOp(op_name, precedence, isRightAssociative) {
-    Jsep.max_binop_len = Math.max(op_name.length, Jsep.max_binop_len);
-    Jsep.binary_ops[op_name] = precedence;
-    if (isRightAssociative) {
-      Jsep.right_associative.add(op_name);
-    } else {
-      Jsep.right_associative.delete(op_name);
-    }
-    return Jsep;
-  }
-  static addIdentifierChar(char) {
-    Jsep.additional_identifier_chars.add(char);
-    return Jsep;
-  }
-  static addLiteral(literal_name, literal_value) {
-    Jsep.literals[literal_name] = literal_value;
-    return Jsep;
-  }
-  static removeUnaryOp(op_name) {
-    delete Jsep.unary_ops[op_name];
-    if (op_name.length === Jsep.max_unop_len) {
-      Jsep.max_unop_len = Jsep.getMaxKeyLen(Jsep.unary_ops);
-    }
-    return Jsep;
-  }
-  static removeAllUnaryOps() {
-    Jsep.unary_ops = {};
-    Jsep.max_unop_len = 0;
-    return Jsep;
-  }
-  static removeIdentifierChar(char) {
-    Jsep.additional_identifier_chars.delete(char);
-    return Jsep;
-  }
-  static removeBinaryOp(op_name) {
-    delete Jsep.binary_ops[op_name];
-    if (op_name.length === Jsep.max_binop_len) {
-      Jsep.max_binop_len = Jsep.getMaxKeyLen(Jsep.binary_ops);
-    }
-    Jsep.right_associative.delete(op_name);
-    return Jsep;
-  }
-  static removeAllBinaryOps() {
-    Jsep.binary_ops = {};
-    Jsep.max_binop_len = 0;
-    return Jsep;
-  }
-  static removeLiteral(literal_name) {
-    delete Jsep.literals[literal_name];
-    return Jsep;
-  }
-  static removeAllLiterals() {
-    Jsep.literals = {};
-    return Jsep;
-  }
-  get char() {
-    return this.expr.charAt(this.index);
-  }
-  get code() {
-    return this.expr.charCodeAt(this.index);
-  }
-  constructor(expr) {
-    this.expr = expr;
-    this.index = 0;
-  }
-  static parse(expr) {
-    return new Jsep(expr).parse();
-  }
-  static getMaxKeyLen(obj) {
-    return Math.max(0, ...Object.keys(obj).map((k) => k.length));
-  }
-  static isDecimalDigit(ch) {
-    return ch >= 48 && ch <= 57;
-  }
-  static binaryPrecedence(op_val) {
-    return Jsep.binary_ops[op_val] || 0;
-  }
-  static isIdentifierStart(ch) {
-    return ch >= 65 && ch <= 90 || ch >= 97 && ch <= 122 || ch >= 128 && !Jsep.binary_ops[String.fromCharCode(ch)] || Jsep.additional_identifier_chars.has(String.fromCharCode(ch));
-  }
-  static isIdentifierPart(ch) {
-    return Jsep.isIdentifierStart(ch) || Jsep.isDecimalDigit(ch);
-  }
-  throwError(message) {
-    const error = new Error(message + " at character " + this.index);
-    error.index = this.index;
-    error.description = message;
-    throw error;
-  }
-  runHook(name, node) {
-    if (Jsep.hooks[name]) {
-      const env = {
-        context: this,
-        node
-      };
-      Jsep.hooks.run(name, env);
-      return env.node;
-    }
-    return node;
-  }
-  searchHook(name) {
-    if (Jsep.hooks[name]) {
-      const env = {
-        context: this
-      };
-      Jsep.hooks[name].find(function(callback) {
-        callback.call(env.context, env);
-        return env.node;
-      });
-      return env.node;
-    }
-  }
-  gobbleSpaces() {
-    let ch = this.code;
-    while (ch === Jsep.SPACE_CODE || ch === Jsep.TAB_CODE || ch === Jsep.LF_CODE || ch === Jsep.CR_CODE) {
-      ch = this.expr.charCodeAt(++this.index);
-    }
-    this.runHook("gobble-spaces");
-  }
-  parse() {
-    this.runHook("before-all");
-    const nodes = this.gobbleExpressions();
-    const node = nodes.length === 1 ? nodes[0] : {
-      type: Jsep.COMPOUND,
-      body: nodes
-    };
-    return this.runHook("after-all", node);
-  }
-  gobbleExpressions(untilICode) {
-    let nodes = [], ch_i, node;
-    while (this.index < this.expr.length) {
-      ch_i = this.code;
-      if (ch_i === Jsep.SEMCOL_CODE || ch_i === Jsep.COMMA_CODE) {
-        this.index++;
-      } else {
-        if (node = this.gobbleExpression()) {
-          nodes.push(node);
-        } else if (this.index < this.expr.length) {
-          if (ch_i === untilICode) {
-            break;
-          }
-          this.throwError('Unexpected "' + this.char + '"');
-        }
-      }
-    }
-    return nodes;
-  }
-  gobbleExpression() {
-    const node = this.searchHook("gobble-expression") || this.gobbleBinaryExpression();
-    this.gobbleSpaces();
-    return this.runHook("after-expression", node);
-  }
-  gobbleBinaryOp() {
-    this.gobbleSpaces();
-    let to_check = this.expr.substr(this.index, Jsep.max_binop_len);
-    let tc_len = to_check.length;
-    while (tc_len > 0) {
-      if (Jsep.binary_ops.hasOwnProperty(to_check) && (!Jsep.isIdentifierStart(this.code) || this.index + to_check.length < this.expr.length && !Jsep.isIdentifierPart(this.expr.charCodeAt(this.index + to_check.length)))) {
-        this.index += tc_len;
-        return to_check;
-      }
-      to_check = to_check.substr(0, --tc_len);
-    }
-    return false;
-  }
-  gobbleBinaryExpression() {
-    let node, biop, prec, stack, biop_info, left, right, i, cur_biop;
-    left = this.gobbleToken();
-    if (!left) {
-      return left;
-    }
-    biop = this.gobbleBinaryOp();
-    if (!biop) {
-      return left;
-    }
-    biop_info = {
-      value: biop,
-      prec: Jsep.binaryPrecedence(biop),
-      right_a: Jsep.right_associative.has(biop)
-    };
-    right = this.gobbleToken();
-    if (!right) {
-      this.throwError("Expected expression after " + biop);
-    }
-    stack = [left, biop_info, right];
-    while (biop = this.gobbleBinaryOp()) {
-      prec = Jsep.binaryPrecedence(biop);
-      if (prec === 0) {
-        this.index -= biop.length;
-        break;
-      }
-      biop_info = {
-        value: biop,
-        prec,
-        right_a: Jsep.right_associative.has(biop)
-      };
-      cur_biop = biop;
-      const comparePrev = (prev) => biop_info.right_a && prev.right_a ? prec > prev.prec : prec <= prev.prec;
-      while (stack.length > 2 && comparePrev(stack[stack.length - 2])) {
-        right = stack.pop();
-        biop = stack.pop().value;
-        left = stack.pop();
-        node = {
-          type: Jsep.BINARY_EXP,
-          operator: biop,
-          left,
-          right
-        };
-        stack.push(node);
-      }
-      node = this.gobbleToken();
-      if (!node) {
-        this.throwError("Expected expression after " + cur_biop);
-      }
-      stack.push(biop_info, node);
-    }
-    i = stack.length - 1;
-    node = stack[i];
-    while (i > 1) {
-      node = {
-        type: Jsep.BINARY_EXP,
-        operator: stack[i - 1].value,
-        left: stack[i - 2],
-        right: node
-      };
-      i -= 2;
-    }
-    return node;
-  }
-  gobbleToken() {
-    let ch, to_check, tc_len, node;
-    this.gobbleSpaces();
-    node = this.searchHook("gobble-token");
-    if (node) {
-      return this.runHook("after-token", node);
-    }
-    ch = this.code;
-    if (Jsep.isDecimalDigit(ch) || ch === Jsep.PERIOD_CODE) {
-      return this.gobbleNumericLiteral();
-    }
-    if (ch === Jsep.SQUOTE_CODE || ch === Jsep.DQUOTE_CODE) {
-      node = this.gobbleStringLiteral();
-    } else if (ch === Jsep.OBRACK_CODE) {
-      node = this.gobbleArray();
-    } else {
-      to_check = this.expr.substr(this.index, Jsep.max_unop_len);
-      tc_len = to_check.length;
-      while (tc_len > 0) {
-        if (Jsep.unary_ops.hasOwnProperty(to_check) && (!Jsep.isIdentifierStart(this.code) || this.index + to_check.length < this.expr.length && !Jsep.isIdentifierPart(this.expr.charCodeAt(this.index + to_check.length)))) {
-          this.index += tc_len;
-          const argument = this.gobbleToken();
-          if (!argument) {
-            this.throwError("missing unaryOp argument");
-          }
-          return this.runHook("after-token", {
-            type: Jsep.UNARY_EXP,
-            operator: to_check,
-            argument,
-            prefix: true
-          });
-        }
-        to_check = to_check.substr(0, --tc_len);
-      }
-      if (Jsep.isIdentifierStart(ch)) {
-        node = this.gobbleIdentifier();
-        if (Jsep.literals.hasOwnProperty(node.name)) {
-          node = {
-            type: Jsep.LITERAL,
-            value: Jsep.literals[node.name],
-            raw: node.name
-          };
-        } else if (node.name === Jsep.this_str) {
-          node = {
-            type: Jsep.THIS_EXP
-          };
-        }
-      } else if (ch === Jsep.OPAREN_CODE) {
-        node = this.gobbleGroup();
-      }
-    }
-    if (!node) {
-      return this.runHook("after-token", false);
-    }
-    node = this.gobbleTokenProperty(node);
-    return this.runHook("after-token", node);
-  }
-  gobbleTokenProperty(node) {
-    this.gobbleSpaces();
-    let ch = this.code;
-    while (ch === Jsep.PERIOD_CODE || ch === Jsep.OBRACK_CODE || ch === Jsep.OPAREN_CODE || ch === Jsep.QUMARK_CODE) {
-      let optional;
-      if (ch === Jsep.QUMARK_CODE) {
-        if (this.expr.charCodeAt(this.index + 1) !== Jsep.PERIOD_CODE) {
-          break;
-        }
-        optional = true;
-        this.index += 2;
-        this.gobbleSpaces();
-        ch = this.code;
-      }
-      this.index++;
-      if (ch === Jsep.OBRACK_CODE) {
-        node = {
-          type: Jsep.MEMBER_EXP,
-          computed: true,
-          object: node,
-          property: this.gobbleExpression()
-        };
-        if (!node.property) {
-          this.throwError('Unexpected "' + this.char + '"');
-        }
-        this.gobbleSpaces();
-        ch = this.code;
-        if (ch !== Jsep.CBRACK_CODE) {
-          this.throwError("Unclosed [");
-        }
-        this.index++;
-      } else if (ch === Jsep.OPAREN_CODE) {
-        node = {
-          type: Jsep.CALL_EXP,
-          arguments: this.gobbleArguments(Jsep.CPAREN_CODE),
-          callee: node
-        };
-      } else if (ch === Jsep.PERIOD_CODE || optional) {
-        if (optional) {
-          this.index--;
-        }
-        this.gobbleSpaces();
-        node = {
-          type: Jsep.MEMBER_EXP,
-          computed: false,
-          object: node,
-          property: this.gobbleIdentifier()
-        };
-      }
-      if (optional) {
-        node.optional = true;
-      }
-      this.gobbleSpaces();
-      ch = this.code;
-    }
-    return node;
-  }
-  gobbleNumericLiteral() {
-    let number = "", ch, chCode;
-    while (Jsep.isDecimalDigit(this.code)) {
-      number += this.expr.charAt(this.index++);
-    }
-    if (this.code === Jsep.PERIOD_CODE) {
-      number += this.expr.charAt(this.index++);
-      while (Jsep.isDecimalDigit(this.code)) {
-        number += this.expr.charAt(this.index++);
-      }
-    }
-    ch = this.char;
-    if (ch === "e" || ch === "E") {
-      number += this.expr.charAt(this.index++);
-      ch = this.char;
-      if (ch === "+" || ch === "-") {
-        number += this.expr.charAt(this.index++);
-      }
-      while (Jsep.isDecimalDigit(this.code)) {
-        number += this.expr.charAt(this.index++);
-      }
-      if (!Jsep.isDecimalDigit(this.expr.charCodeAt(this.index - 1))) {
-        this.throwError("Expected exponent (" + number + this.char + ")");
-      }
-    }
-    chCode = this.code;
-    if (Jsep.isIdentifierStart(chCode)) {
-      this.throwError("Variable names cannot start with a number (" + number + this.char + ")");
-    } else if (chCode === Jsep.PERIOD_CODE || number.length === 1 && number.charCodeAt(0) === Jsep.PERIOD_CODE) {
-      this.throwError("Unexpected period");
-    }
-    return {
-      type: Jsep.LITERAL,
-      value: parseFloat(number),
-      raw: number
-    };
-  }
-  gobbleStringLiteral() {
-    let str = "";
-    const startIndex = this.index;
-    const quote = this.expr.charAt(this.index++);
-    let closed = false;
-    while (this.index < this.expr.length) {
-      let ch = this.expr.charAt(this.index++);
-      if (ch === quote) {
-        closed = true;
-        break;
-      } else if (ch === "\\") {
-        ch = this.expr.charAt(this.index++);
-        switch (ch) {
-          case "n":
-            str += `
-`;
-            break;
-          case "r":
-            str += "\r";
-            break;
-          case "t":
-            str += "\t";
-            break;
-          case "b":
-            str += "\b";
-            break;
-          case "f":
-            str += "\f";
-            break;
-          case "v":
-            str += "\v";
-            break;
-          default:
-            str += ch;
-        }
-      } else {
-        str += ch;
-      }
-    }
-    if (!closed) {
-      this.throwError('Unclosed quote after "' + str + '"');
-    }
-    return {
-      type: Jsep.LITERAL,
-      value: str,
-      raw: this.expr.substring(startIndex, this.index)
-    };
-  }
-  gobbleIdentifier() {
-    let ch = this.code, start = this.index;
-    if (Jsep.isIdentifierStart(ch)) {
-      this.index++;
-    } else {
-      this.throwError("Unexpected " + this.char);
-    }
-    while (this.index < this.expr.length) {
-      ch = this.code;
-      if (Jsep.isIdentifierPart(ch)) {
-        this.index++;
-      } else {
-        break;
-      }
-    }
-    return {
-      type: Jsep.IDENTIFIER,
-      name: this.expr.slice(start, this.index)
-    };
-  }
-  gobbleArguments(termination) {
-    const args = [];
-    let closed = false;
-    let separator_count = 0;
-    while (this.index < this.expr.length) {
-      this.gobbleSpaces();
-      let ch_i = this.code;
-      if (ch_i === termination) {
-        closed = true;
-        this.index++;
-        if (termination === Jsep.CPAREN_CODE && separator_count && separator_count >= args.length) {
-          this.throwError("Unexpected token " + String.fromCharCode(termination));
-        }
-        break;
-      } else if (ch_i === Jsep.COMMA_CODE) {
-        this.index++;
-        separator_count++;
-        if (separator_count !== args.length) {
-          if (termination === Jsep.CPAREN_CODE) {
-            this.throwError("Unexpected token ,");
-          } else if (termination === Jsep.CBRACK_CODE) {
-            for (let arg = args.length;arg < separator_count; arg++) {
-              args.push(null);
-            }
-          }
-        }
-      } else if (args.length !== separator_count && separator_count !== 0) {
-        this.throwError("Expected comma");
-      } else {
-        const node = this.gobbleExpression();
-        if (!node || node.type === Jsep.COMPOUND) {
-          this.throwError("Expected comma");
-        }
-        args.push(node);
-      }
-    }
-    if (!closed) {
-      this.throwError("Expected " + String.fromCharCode(termination));
-    }
-    return args;
-  }
-  gobbleGroup() {
-    this.index++;
-    let nodes = this.gobbleExpressions(Jsep.CPAREN_CODE);
-    if (this.code === Jsep.CPAREN_CODE) {
-      this.index++;
-      if (nodes.length === 1) {
-        return nodes[0];
-      } else if (!nodes.length) {
-        return false;
-      } else {
-        return {
-          type: Jsep.SEQUENCE_EXP,
-          expressions: nodes
-        };
-      }
-    } else {
-      this.throwError("Unclosed (");
-    }
-  }
-  gobbleArray() {
-    this.index++;
-    return {
-      type: Jsep.ARRAY_EXP,
-      elements: this.gobbleArguments(Jsep.CBRACK_CODE)
-    };
-  }
-}
-var hooks = new Hooks;
-Object.assign(Jsep, {
-  hooks,
-  plugins: new Plugins(Jsep),
-  COMPOUND: "Compound",
-  SEQUENCE_EXP: "SequenceExpression",
-  IDENTIFIER: "Identifier",
-  MEMBER_EXP: "MemberExpression",
-  LITERAL: "Literal",
-  THIS_EXP: "ThisExpression",
-  CALL_EXP: "CallExpression",
-  UNARY_EXP: "UnaryExpression",
-  BINARY_EXP: "BinaryExpression",
-  ARRAY_EXP: "ArrayExpression",
-  TAB_CODE: 9,
-  LF_CODE: 10,
-  CR_CODE: 13,
-  SPACE_CODE: 32,
-  PERIOD_CODE: 46,
-  COMMA_CODE: 44,
-  SQUOTE_CODE: 39,
-  DQUOTE_CODE: 34,
-  OPAREN_CODE: 40,
-  CPAREN_CODE: 41,
-  OBRACK_CODE: 91,
-  CBRACK_CODE: 93,
-  QUMARK_CODE: 63,
-  SEMCOL_CODE: 59,
-  COLON_CODE: 58,
-  unary_ops: {
-    "-": 1,
-    "!": 1,
-    "~": 1,
-    "+": 1
-  },
-  binary_ops: {
-    "||": 1,
-    "??": 1,
-    "&&": 2,
-    "|": 3,
-    "^": 4,
-    "&": 5,
-    "==": 6,
-    "!=": 6,
-    "===": 6,
-    "!==": 6,
-    "<": 7,
-    ">": 7,
-    "<=": 7,
-    ">=": 7,
-    "<<": 8,
-    ">>": 8,
-    ">>>": 8,
-    "+": 9,
-    "-": 9,
-    "*": 10,
-    "/": 10,
-    "%": 10,
-    "**": 11
-  },
-  right_associative: new Set(["**"]),
-  additional_identifier_chars: new Set(["$", "_"]),
-  literals: {
-    true: true,
-    false: false,
-    null: null
-  },
-  this_str: "this"
-});
-Jsep.max_unop_len = Jsep.getMaxKeyLen(Jsep.unary_ops);
-Jsep.max_binop_len = Jsep.getMaxKeyLen(Jsep.binary_ops);
-var jsep = (expr) => new Jsep(expr).parse();
-var stdClassProps = Object.getOwnPropertyNames(class Test {
-});
-Object.getOwnPropertyNames(Jsep).filter((prop) => !stdClassProps.includes(prop) && jsep[prop] === undefined).forEach((m) => {
-  jsep[m] = Jsep[m];
-});
-jsep.Jsep = Jsep;
-var CONDITIONAL_EXP = "ConditionalExpression";
-var ternary = {
-  name: "ternary",
-  init(jsep2) {
-    jsep2.hooks.add("after-expression", function gobbleTernary(env) {
-      if (env.node && this.code === jsep2.QUMARK_CODE) {
-        this.index++;
-        const test = env.node;
-        const consequent = this.gobbleExpression();
-        if (!consequent) {
-          this.throwError("Expected expression");
-        }
-        this.gobbleSpaces();
-        if (this.code === jsep2.COLON_CODE) {
-          this.index++;
-          const alternate = this.gobbleExpression();
-          if (!alternate) {
-            this.throwError("Expected expression");
-          }
-          env.node = {
-            type: CONDITIONAL_EXP,
-            test,
-            consequent,
-            alternate
-          };
-          if (test.operator && jsep2.binary_ops[test.operator] <= 0.9) {
-            let newTest = test;
-            while (newTest.right.operator && jsep2.binary_ops[newTest.right.operator] <= 0.9) {
-              newTest = newTest.right;
-            }
-            env.node.test = newTest.right;
-            newTest.right = env.node;
-            env.node = test;
-          }
-        } else {
-          this.throwError("Expected :");
-        }
-      }
-    });
-  }
-};
-jsep.plugins.register(ternary);
-var FSLASH_CODE = 47;
-var BSLASH_CODE = 92;
-var index = {
-  name: "regex",
-  init(jsep2) {
-    jsep2.hooks.add("gobble-token", function gobbleRegexLiteral(env) {
-      if (this.code === FSLASH_CODE) {
-        const patternIndex = ++this.index;
-        let inCharSet = false;
-        while (this.index < this.expr.length) {
-          if (this.code === FSLASH_CODE && !inCharSet) {
-            const pattern = this.expr.slice(patternIndex, this.index);
-            let flags = "";
-            while (++this.index < this.expr.length) {
-              const code = this.code;
-              if (code >= 97 && code <= 122 || code >= 65 && code <= 90 || code >= 48 && code <= 57) {
-                flags += this.char;
-              } else {
-                break;
-              }
-            }
-            let value;
-            try {
-              value = new RegExp(pattern, flags);
-            } catch (e) {
-              this.throwError(e.message);
-            }
-            env.node = {
-              type: jsep2.LITERAL,
-              value,
-              raw: this.expr.slice(patternIndex - 1, this.index)
-            };
-            env.node = this.gobbleTokenProperty(env.node);
-            return env.node;
-          }
-          if (this.code === jsep2.OBRACK_CODE) {
-            inCharSet = true;
-          } else if (inCharSet && this.code === jsep2.CBRACK_CODE) {
-            inCharSet = false;
-          }
-          this.index += this.code === BSLASH_CODE ? 2 : 1;
-        }
-        this.throwError("Unclosed Regex");
-      }
-    });
-  }
-};
-var PLUS_CODE = 43;
-var MINUS_CODE = 45;
-var plugin = {
-  name: "assignment",
-  assignmentOperators: new Set(["=", "*=", "**=", "/=", "%=", "+=", "-=", "<<=", ">>=", ">>>=", "&=", "^=", "|=", "||=", "&&=", "??="]),
-  updateOperators: [PLUS_CODE, MINUS_CODE],
-  assignmentPrecedence: 0.9,
-  init(jsep2) {
-    const updateNodeTypes = [jsep2.IDENTIFIER, jsep2.MEMBER_EXP];
-    plugin.assignmentOperators.forEach((op) => jsep2.addBinaryOp(op, plugin.assignmentPrecedence, true));
-    jsep2.hooks.add("gobble-token", function gobbleUpdatePrefix(env) {
-      const code = this.code;
-      if (plugin.updateOperators.some((c) => c === code && c === this.expr.charCodeAt(this.index + 1))) {
-        this.index += 2;
-        env.node = {
-          type: "UpdateExpression",
-          operator: code === PLUS_CODE ? "++" : "--",
-          argument: this.gobbleTokenProperty(this.gobbleIdentifier()),
-          prefix: true
-        };
-        if (!env.node.argument || !updateNodeTypes.includes(env.node.argument.type)) {
-          this.throwError(`Unexpected ${env.node.operator}`);
-        }
-      }
-    });
-    jsep2.hooks.add("after-token", function gobbleUpdatePostfix(env) {
-      if (env.node) {
-        const code = this.code;
-        if (plugin.updateOperators.some((c) => c === code && c === this.expr.charCodeAt(this.index + 1))) {
-          if (!updateNodeTypes.includes(env.node.type)) {
-            this.throwError(`Unexpected ${env.node.operator}`);
-          }
-          this.index += 2;
-          env.node = {
-            type: "UpdateExpression",
-            operator: code === PLUS_CODE ? "++" : "--",
-            argument: env.node,
-            prefix: false
-          };
-        }
-      }
-    });
-    jsep2.hooks.add("after-expression", function gobbleAssignment(env) {
-      if (env.node) {
-        updateBinariesToAssignments(env.node);
-      }
-    });
-    function updateBinariesToAssignments(node) {
-      if (plugin.assignmentOperators.has(node.operator)) {
-        node.type = "AssignmentExpression";
-        updateBinariesToAssignments(node.left);
-        updateBinariesToAssignments(node.right);
-      } else if (!node.operator) {
-        Object.values(node).forEach((val) => {
-          if (val && typeof val === "object") {
-            updateBinariesToAssignments(val);
-          }
-        });
-      }
-    }
-  }
-};
-jsep.plugins.register(index, plugin);
-jsep.addUnaryOp("typeof");
-jsep.addUnaryOp("void");
-jsep.addLiteral("null", null);
-jsep.addLiteral("undefined", undefined);
-var BLOCKED_PROTO_PROPERTIES = new Set(["constructor", "__proto__", "__defineGetter__", "__defineSetter__", "__lookupGetter__", "__lookupSetter__"]);
-var SafeEval = {
-  evalAst(ast, subs) {
-    switch (ast.type) {
-      case "BinaryExpression":
-      case "LogicalExpression":
-        return SafeEval.evalBinaryExpression(ast, subs);
-      case "Compound":
-        return SafeEval.evalCompound(ast, subs);
-      case "ConditionalExpression":
-        return SafeEval.evalConditionalExpression(ast, subs);
-      case "Identifier":
-        return SafeEval.evalIdentifier(ast, subs);
-      case "Literal":
-        return SafeEval.evalLiteral(ast, subs);
-      case "MemberExpression":
-        return SafeEval.evalMemberExpression(ast, subs);
-      case "UnaryExpression":
-        return SafeEval.evalUnaryExpression(ast, subs);
-      case "ArrayExpression":
-        return SafeEval.evalArrayExpression(ast, subs);
-      case "CallExpression":
-        return SafeEval.evalCallExpression(ast, subs);
-      case "AssignmentExpression":
-        return SafeEval.evalAssignmentExpression(ast, subs);
-      default:
-        throw SyntaxError("Unexpected expression", ast);
-    }
-  },
-  evalBinaryExpression(ast, subs) {
-    const result = {
-      "||": (a, b) => a || b(),
-      "&&": (a, b) => a && b(),
-      "|": (a, b) => a | b(),
-      "^": (a, b) => a ^ b(),
-      "&": (a, b) => a & b(),
-      "==": (a, b) => a == b(),
-      "!=": (a, b) => a != b(),
-      "===": (a, b) => a === b(),
-      "!==": (a, b) => a !== b(),
-      "<": (a, b) => a < b(),
-      ">": (a, b) => a > b(),
-      "<=": (a, b) => a <= b(),
-      ">=": (a, b) => a >= b(),
-      "<<": (a, b) => a << b(),
-      ">>": (a, b) => a >> b(),
-      ">>>": (a, b) => a >>> b(),
-      "+": (a, b) => a + b(),
-      "-": (a, b) => a - b(),
-      "*": (a, b) => a * b(),
-      "/": (a, b) => a / b(),
-      "%": (a, b) => a % b()
-    }[ast.operator](SafeEval.evalAst(ast.left, subs), () => SafeEval.evalAst(ast.right, subs));
-    return result;
-  },
-  evalCompound(ast, subs) {
-    let last;
-    for (let i = 0;i < ast.body.length; i++) {
-      if (ast.body[i].type === "Identifier" && ["var", "let", "const"].includes(ast.body[i].name) && ast.body[i + 1] && ast.body[i + 1].type === "AssignmentExpression") {
-        i += 1;
-      }
-      const expr = ast.body[i];
-      last = SafeEval.evalAst(expr, subs);
-    }
-    return last;
-  },
-  evalConditionalExpression(ast, subs) {
-    if (SafeEval.evalAst(ast.test, subs)) {
-      return SafeEval.evalAst(ast.consequent, subs);
-    }
-    return SafeEval.evalAst(ast.alternate, subs);
-  },
-  evalIdentifier(ast, subs) {
-    if (Object.hasOwn(subs, ast.name)) {
-      return subs[ast.name];
-    }
-    throw ReferenceError(`${ast.name} is not defined`);
-  },
-  evalLiteral(ast) {
-    return ast.value;
-  },
-  evalMemberExpression(ast, subs) {
-    const prop = String(ast.computed ? SafeEval.evalAst(ast.property) : ast.property.name);
-    const obj = SafeEval.evalAst(ast.object, subs);
-    if (obj === undefined || obj === null) {
-      throw TypeError(`Cannot read properties of ${obj} (reading '${prop}')`);
-    }
-    if (!Object.hasOwn(obj, prop) && BLOCKED_PROTO_PROPERTIES.has(prop)) {
-      throw TypeError(`Cannot read properties of ${obj} (reading '${prop}')`);
-    }
-    const result = obj[prop];
-    if (typeof result === "function") {
-      return result.bind(obj);
-    }
-    return result;
-  },
-  evalUnaryExpression(ast, subs) {
-    const result = {
-      "-": (a) => -SafeEval.evalAst(a, subs),
-      "!": (a) => !SafeEval.evalAst(a, subs),
-      "~": (a) => ~SafeEval.evalAst(a, subs),
-      "+": (a) => +SafeEval.evalAst(a, subs),
-      typeof: (a) => typeof SafeEval.evalAst(a, subs),
-      void: (a) => void SafeEval.evalAst(a, subs)
-    }[ast.operator](ast.argument);
-    return result;
-  },
-  evalArrayExpression(ast, subs) {
-    return ast.elements.map((el) => SafeEval.evalAst(el, subs));
-  },
-  evalCallExpression(ast, subs) {
-    const args = ast.arguments.map((arg) => SafeEval.evalAst(arg, subs));
-    const func = SafeEval.evalAst(ast.callee, subs);
-    if (func === Function) {
-      throw new Error("Function constructor is disabled");
-    }
-    return func(...args);
-  },
-  evalAssignmentExpression(ast, subs) {
-    if (ast.left.type !== "Identifier") {
-      throw SyntaxError("Invalid left-hand side in assignment");
-    }
-    const id = ast.left.name;
-    const value = SafeEval.evalAst(ast.right, subs);
-    subs[id] = value;
-    return subs[id];
-  }
-};
-
-class SafeScript {
-  constructor(expr) {
-    this.code = expr;
-    this.ast = jsep(this.code);
-  }
-  runInNewContext(context) {
-    const keyMap = Object.assign(Object.create(null), context);
-    return SafeEval.evalAst(this.ast, keyMap);
+var SENSITIVE_KEY_PREFIXES = new Set([
+  "api",
+  "access",
+  "client",
+  "private",
+  "public",
+  "signing",
+  "encryption",
+  "session",
+  "master",
+  "shared",
+  "root",
+  "ssh",
+  "rsa",
+  "aes",
+  "hmac",
+  "oauth"
+]);
+var UUID_PATTERN = /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b/gi;
+var EMAIL_PATTERN = /\b[^\s@]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/g;
+var JWT_PATTERN = /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g;
+var LONG_TOKEN_PATTERN = /\b[A-Za-z0-9_-]{40,}\b/g;
+var USER_HOME_PATTERN = /([/\\])(Users|home)([/\\])([^/\\]+)/gi;
+var URL_PATTERN = /\bhttps?:\/\/[^\s,;]+/gi;
+var URL_TRAILING_PUNCT = /[.,;:!?)\]}>'"]+$/;
+function shortHash(input) {
+  let hash = 2166136261;
+  for (let i = 0;i < input.length; i++) {
+    hash ^= input.charCodeAt(i);
+    hash = Math.imul(hash, 16777619);
   }
+  return (hash >>> 0).toString(16).padStart(8, "0");
 }
-function push(arr, item) {
-  arr = arr.slice();
-  arr.push(item);
-  return arr;
-}
-function unshift(item, arr) {
-  arr = arr.slice();
-  arr.unshift(item);
-  return arr;
+function redactUrl(raw) {
+  try {
+    const url = new URL(raw);
+    return `${url.protocol}//${url.host}`;
+  } catch {
+    return `url#${shortHash(raw)}`;
+  }
 }
-
-class NewError extends Error {
-  constructor(value) {
-    super('JSONPath should not be called with "new" (it prevents return ' + "of (unwrapped) scalar values)");
-    this.avoidNew = true;
-    this.value = value;
-    this.name = "NewError";
+function redactValueDetectors(value) {
+  let out = value;
+  out = out.replace(JWT_PATTERN, () => REDACTED);
+  out = out.replace(URL_PATTERN, (match) => {
+    const trailing = match.match(URL_TRAILING_PUNCT)?.[0] ?? "";
+    const core = trailing ? match.slice(0, -trailing.length) : match;
+    return `${redactUrl(core)}${trailing}`;
+  });
+  out = out.replace(USER_HOME_PATTERN, (_match, sep1, folder, sep2) => `${sep1}${folder}${sep2}<user>`);
+  out = out.replace(EMAIL_PATTERN, (match) => `email#${shortHash(match)}`);
+  out = out.replace(UUID_PATTERN, (match) => `uuid#${shortHash(match)}`);
+  out = out.replace(LONG_TOKEN_PATTERN, () => REDACTED);
+  if (out.length > MAX_VALUE_LENGTH) {
+    out = `${out.slice(0, MAX_VALUE_LENGTH)}…`;
   }
+  return out;
 }
-function JSONPath(opts, expr, obj, callback, otherTypeCallback) {
-  if (!(this instanceof JSONPath)) {
-    try {
-      return new JSONPath(opts, expr, obj, callback, otherTypeCallback);
-    } catch (e) {
-      if (!e.avoidNew) {
-        throw e;
-      }
-      return e.value;
-    }
-  }
-  if (typeof opts === "string") {
-    otherTypeCallback = callback;
-    callback = obj;
-    obj = expr;
-    expr = opts;
-    opts = null;
-  }
-  const optObj = opts && typeof opts === "object";
-  opts = opts || {};
-  this.json = opts.json || obj;
-  this.path = opts.path || expr;
-  this.resultType = opts.resultType || "value";
-  this.flatten = opts.flatten || false;
-  this.wrap = Object.hasOwn(opts, "wrap") ? opts.wrap : true;
-  this.sandbox = opts.sandbox || {};
-  this.eval = opts.eval === undefined ? "safe" : opts.eval;
-  this.ignoreEvalErrors = typeof opts.ignoreEvalErrors === "undefined" ? false : opts.ignoreEvalErrors;
-  this.parent = opts.parent || null;
-  this.parentProperty = opts.parentProperty || null;
-  this.callback = opts.callback || callback || null;
-  this.otherTypeCallback = opts.otherTypeCallback || otherTypeCallback || function() {
-    throw new TypeError("You must supply an otherTypeCallback callback option " + "with the @other() operator.");
-  };
-  if (opts.autostart !== false) {
-    const args = {
-      path: optObj ? opts.path : expr
-    };
-    if (!optObj) {
-      args.json = obj;
-    } else if ("json" in opts) {
-      args.json = opts.json;
+function nameTokens(name) {
+  return name.replace(/([a-z0-9])([A-Z])/g, "$1 $2").replace(/([A-Z]+)([A-Z][a-z])/g, "$1 $2").split(/[\s_-]+/).map((t) => t.toLowerCase()).filter(Boolean);
+}
+function isSensitiveName(name) {
+  const tokens = nameTokens(name);
+  for (let i = 0;i < tokens.length; i++) {
+    const token = tokens[i];
+    if (SENSITIVE_NAME_TOKENS.has(token)) {
+      return true;
     }
-    const ret = this.evaluate(args);
-    if (!ret || typeof ret !== "object") {
-      throw new NewError(ret);
+    if (token === "key" || token === "keys") {
+      const prev = tokens[i - 1];
+      if (prev && SENSITIVE_KEY_PREFIXES.has(prev)) {
+        return true;
+      }
     }
-    return ret;
   }
+  return false;
 }
-JSONPath.prototype.evaluate = function(expr, json, callback, otherTypeCallback) {
-  let currParent = this.parent, currParentProperty = this.parentProperty;
-  let {
-    flatten,
-    wrap
-  } = this;
-  this.currResultType = this.resultType;
-  this.currEval = this.eval;
-  this.currSandbox = this.sandbox;
-  callback = callback || this.callback;
-  this.currOtherTypeCallback = otherTypeCallback || this.otherTypeCallback;
-  json = json || this.json;
-  expr = expr || this.path;
-  if (expr && typeof expr === "object" && !Array.isArray(expr)) {
-    if (!expr.path && expr.path !== "") {
-      throw new TypeError('You must supply a "path" property when providing an object ' + "argument to JSONPath.evaluate().");
-    }
-    if (!Object.hasOwn(expr, "json")) {
-      throw new TypeError('You must supply a "json" property when providing an object ' + "argument to JSONPath.evaluate().");
-    }
-    ({
-      json
-    } = expr);
-    flatten = Object.hasOwn(expr, "flatten") ? expr.flatten : flatten;
-    this.currResultType = Object.hasOwn(expr, "resultType") ? expr.resultType : this.currResultType;
-    this.currSandbox = Object.hasOwn(expr, "sandbox") ? expr.sandbox : this.currSandbox;
-    wrap = Object.hasOwn(expr, "wrap") ? expr.wrap : wrap;
-    this.currEval = Object.hasOwn(expr, "eval") ? expr.eval : this.currEval;
-    callback = Object.hasOwn(expr, "callback") ? expr.callback : callback;
-    this.currOtherTypeCallback = Object.hasOwn(expr, "otherTypeCallback") ? expr.otherTypeCallback : this.currOtherTypeCallback;
-    currParent = Object.hasOwn(expr, "parent") ? expr.parent : currParent;
-    currParentProperty = Object.hasOwn(expr, "parentProperty") ? expr.parentProperty : currParentProperty;
-    expr = expr.path;
-  }
-  currParent = currParent || null;
-  currParentProperty = currParentProperty || null;
-  if (Array.isArray(expr)) {
-    expr = JSONPath.toPathString(expr);
-  }
-  if (!expr && expr !== "" || !json) {
+function redactProperty(name, value) {
+  if (value === undefined || value === null) {
     return;
   }
-  const exprList = JSONPath.toPathArray(expr);
-  if (exprList[0] === "$" && exprList.length > 1) {
-    exprList.shift();
+  if (isSensitiveName(name)) {
+    return REDACTED;
   }
-  this._hasParentSelector = null;
-  const result = this._trace(exprList, json, ["$"], currParent, currParentProperty, callback).filter(function(ea) {
-    return ea && !ea.isParentSelector;
-  });
-  if (!result.length) {
-    return wrap ? [] : undefined;
+  if (typeof value === "boolean" || typeof value === "number") {
+    return value;
   }
-  if (!wrap && result.length === 1 && !result[0].hasArrExpr) {
-    return this._getPreferredOutput(result[0]);
+  if (typeof value !== "string") {
+    return "[OBJECT]";
   }
-  return result.reduce((rslt, ea) => {
-    const valOrPath = this._getPreferredOutput(ea);
-    if (flatten && Array.isArray(valOrPath)) {
-      rslt = rslt.concat(valOrPath);
-    } else {
-      rslt.push(valOrPath);
+  return redactValueDetectors(value);
+}
+function redactProperties(properties) {
+  const out = {};
+  for (const [name, value] of Object.entries(properties)) {
+    const redacted = redactProperty(name, value);
+    if (redacted !== undefined) {
+      out[name] = redacted;
     }
-    return rslt;
-  }, []);
-};
-JSONPath.prototype._getPreferredOutput = function(ea) {
-  const resultType = this.currResultType;
-  switch (resultType) {
-    case "all": {
-      const path3 = Array.isArray(ea.path) ? ea.path : JSONPath.toPathArray(ea.path);
-      ea.pointer = JSONPath.toPointer(path3);
-      ea.path = typeof ea.path === "string" ? ea.path : JSONPath.toPathString(ea.path);
-      return ea;
-    }
-    case "value":
-    case "parent":
-    case "parentProperty":
-      return ea[resultType];
-    case "path":
-      return JSONPath.toPathString(ea[resultType]);
-    case "pointer":
-      return JSONPath.toPointer(ea.path);
-    default:
-      throw new TypeError("Unknown result type");
   }
-};
-JSONPath.prototype._handleCallback = function(fullRetObj, callback, type) {
-  if (callback) {
-    const preferredOutput = this._getPreferredOutput(fullRetObj);
-    fullRetObj.path = typeof fullRetObj.path === "string" ? fullRetObj.path : JSONPath.toPathString(fullRetObj.path);
-    callback(preferredOutput, type, fullRetObj);
+  return out;
+}
+
+// ../../common/src/trackedAction.ts
+var pollSignalSlot = singleton("PollSignal");
+var cliErrorCodeValues = new Set(CLI_ERROR_CODES);
+var retryHintValues = new Set(RETRY_HINTS);
+var processContext = {
+  exit: (code) => {
+    process.exitCode = code;
+  },
+  get pollSignal() {
+    return pollSignalSlot.get();
   }
 };
-JSONPath.prototype._trace = function(expr, val, path3, parent, parentPropName, callback, hasArrExpr, literalPriority) {
-  let retObj;
-  if (!expr.length) {
-    retObj = {
-      path: path3,
-      value: val,
-      parent,
-      parentProperty: parentPropName,
-      hasArrExpr
-    };
-    this._handleCallback(retObj, callback, "value");
-    return retObj;
-  }
-  const loc = expr[0], x = expr.slice(1);
-  const ret = [];
-  function addRet(elems) {
-    if (Array.isArray(elems)) {
-      elems.forEach((t) => {
-        ret.push(t);
-      });
-    } else {
-      ret.push(elems);
-    }
-  }
-  if ((typeof loc !== "string" || literalPriority) && val && Object.hasOwn(val, loc)) {
-    addRet(this._trace(x, val[loc], push(path3, loc), val, loc, callback, hasArrExpr));
-  } else if (loc === "*") {
-    this._walk(val, (m) => {
-      addRet(this._trace(x, val[m], push(path3, m), val, m, callback, true, true));
-    });
-  } else if (loc === "..") {
-    addRet(this._trace(x, val, path3, parent, parentPropName, callback, hasArrExpr));
-    this._walk(val, (m) => {
-      if (typeof val[m] === "object") {
-        addRet(this._trace(expr.slice(), val[m], push(path3, m), val, m, callback, true));
-      }
-    });
-  } else if (loc === "^") {
-    this._hasParentSelector = true;
-    return {
-      path: path3.slice(0, -1),
-      expr: x,
-      isParentSelector: true
-    };
-  } else if (loc === "~") {
-    retObj = {
-      path: push(path3, loc),
-      value: parentPropName,
-      parent,
-      parentProperty: null
-    };
-    this._handleCallback(retObj, callback, "property");
-    return retObj;
-  } else if (loc === "$") {
-    addRet(this._trace(x, val, path3, null, null, callback, hasArrExpr));
-  } else if (/^(-?\d*):(-?\d*):?(\d*)$/u.test(loc)) {
-    addRet(this._slice(loc, x, val, path3, parent, parentPropName, callback));
-  } else if (loc.indexOf("?(") === 0) {
-    if (this.currEval === false) {
-      throw new Error("Eval [?(expr)] prevented in JSONPath expression.");
-    }
-    const safeLoc = loc.replace(/^\?\((.*?)\)$/u, "$1");
-    const nested = /@.?([^?]*)[['](\??\(.*?\))(?!.\)\])[\]']/gu.exec(safeLoc);
-    if (nested) {
-      this._walk(val, (m) => {
-        const npath = [nested[2]];
-        const nvalue = nested[1] ? val[m][nested[1]] : val[m];
-        const filterResults = this._trace(npath, nvalue, path3, parent, parentPropName, callback, true);
-        if (filterResults.length > 0) {
-          addRet(this._trace(x, val[m], push(path3, m), val, m, callback, true));
-        }
-      });
-    } else {
-      this._walk(val, (m) => {
-        if (this._eval(safeLoc, val[m], m, path3, parent, parentPropName)) {
-          addRet(this._trace(x, val[m], push(path3, m), val, m, callback, true));
-        }
-      });
-    }
-  } else if (loc[0] === "(") {
-    if (this.currEval === false) {
-      throw new Error("Eval [(expr)] prevented in JSONPath expression.");
+function extractCommandParams(cmd) {
+  const params = {};
+  const registered = cmd.registeredArguments ?? [];
+  const processed = cmd.processedArgs ?? [];
+  for (let i = 0;i < registered.length; i++) {
+    const value = processed[i];
+    if (value === undefined) {
+      continue;
     }
-    addRet(this._trace(unshift(this._eval(loc, val, path3.at(-1), path3.slice(0, -1), parent, parentPropName), x), val, path3, parent, parentPropName, callback, hasArrExpr));
-  } else if (loc[0] === "@") {
-    let addType = false;
-    const valueType = loc.slice(1, -2);
-    switch (valueType) {
-      case "scalar":
-        if (!val || !["object", "function"].includes(typeof val)) {
-          addType = true;
-        }
-        break;
-      case "boolean":
-      case "string":
-      case "undefined":
-      case "function":
-        if (typeof val === valueType) {
-          addType = true;
-        }
-        break;
-      case "integer":
-        if (Number.isFinite(val) && !(val % 1)) {
-          addType = true;
-        }
-        break;
-      case "number":
-        if (Number.isFinite(val)) {
-          addType = true;
-        }
-        break;
-      case "nonFinite":
-        if (typeof val === "number" && !Number.isFinite(val)) {
-          addType = true;
-        }
-        break;
-      case "object":
-        if (val && typeof val === valueType) {
-          addType = true;
-        }
-        break;
-      case "array":
-        if (Array.isArray(val)) {
-          addType = true;
-        }
-        break;
-      case "other":
-        addType = this.currOtherTypeCallback(val, path3, parent, parentPropName);
-        break;
-      case "null":
-        if (val === null) {
-          addType = true;
-        }
-        break;
-      default:
-        throw new TypeError("Unknown value type " + valueType);
-    }
-    if (addType) {
-      retObj = {
-        path: path3,
-        value: val,
-        parent,
-        parentProperty: parentPropName
-      };
-      this._handleCallback(retObj, callback, "value");
-      return retObj;
-    }
-  } else if (loc[0] === "`" && val && Object.hasOwn(val, loc.slice(1))) {
-    const locProp = loc.slice(1);
-    addRet(this._trace(x, val[locProp], push(path3, locProp), val, locProp, callback, hasArrExpr, true));
-  } else if (loc.includes(",")) {
-    const parts = loc.split(",");
-    for (const part of parts) {
-      addRet(this._trace(unshift(part, x), val, path3, parent, parentPropName, callback, true));
-    }
-  } else if (!literalPriority && val && Object.hasOwn(val, loc)) {
-    addRet(this._trace(x, val[loc], push(path3, loc), val, loc, callback, hasArrExpr, true));
-  }
-  if (this._hasParentSelector) {
-    for (let t = 0;t < ret.length; t++) {
-      const rett = ret[t];
-      if (rett && rett.isParentSelector) {
-        const tmp = this._trace(rett.expr, val, rett.path, parent, parentPropName, callback, hasArrExpr);
-        if (Array.isArray(tmp)) {
-          ret[t] = tmp[0];
-          const tl = tmp.length;
-          for (let tt = 1;tt < tl; tt++) {
-            t++;
-            ret.splice(t, 0, tmp[tt]);
-          }
-        } else {
-          ret[t] = tmp;
-        }
-      }
+    const name = registered[i].name();
+    if (name) {
+      params[name] = value;
     }
   }
-  return ret;
-};
-JSONPath.prototype._walk = function(val, f) {
-  if (Array.isArray(val)) {
-    const n = val.length;
-    for (let i = 0;i < n; i++) {
-      f(i);
-    }
-  } else if (val && typeof val === "object") {
-    Object.keys(val).forEach((m) => {
-      f(m);
-    });
-  }
-};
-JSONPath.prototype._slice = function(loc, expr, val, path3, parent, parentPropName, callback) {
-  if (!Array.isArray(val)) {
-    return;
-  }
-  const len = val.length, parts = loc.split(":"), step = parts[2] && Number.parseInt(parts[2]) || 1;
-  let start = parts[0] && Number.parseInt(parts[0]) || 0, end = parts[1] && Number.parseInt(parts[1]) || len;
-  start = start < 0 ? Math.max(0, start + len) : Math.min(len, start);
-  end = end < 0 ? Math.max(0, end + len) : Math.min(len, end);
-  const ret = [];
-  for (let i = start;i < end; i += step) {
-    const tmp = this._trace(unshift(i, expr), val, path3, parent, parentPropName, callback, true);
-    tmp.forEach((t) => {
-      ret.push(t);
-    });
-  }
-  return ret;
-};
-JSONPath.prototype._eval = function(code, _v, _vname, path3, parent, parentPropName) {
-  this.currSandbox._$_parentProperty = parentPropName;
-  this.currSandbox._$_parent = parent;
-  this.currSandbox._$_property = _vname;
-  this.currSandbox._$_root = this.json;
-  this.currSandbox._$_v = _v;
-  const containsPath = code.includes("@path");
-  if (containsPath) {
-    this.currSandbox._$_path = JSONPath.toPathString(path3.concat([_vname]));
-  }
-  const scriptCacheKey = this.currEval + "Script:" + code;
-  if (!JSONPath.cache[scriptCacheKey]) {
-    let script = code.replaceAll("@parentProperty", "_$_parentProperty").replaceAll("@parent", "_$_parent").replaceAll("@property", "_$_property").replaceAll("@root", "_$_root").replaceAll(/@([.\s)[])/gu, "_$_v$1");
-    if (containsPath) {
-      script = script.replaceAll("@path", "_$_path");
-    }
-    if (this.currEval === "safe" || this.currEval === true || this.currEval === undefined) {
-      JSONPath.cache[scriptCacheKey] = new this.safeVm.Script(script);
-    } else if (this.currEval === "native") {
-      JSONPath.cache[scriptCacheKey] = new this.vm.Script(script);
-    } else if (typeof this.currEval === "function" && this.currEval.prototype && Object.hasOwn(this.currEval.prototype, "runInNewContext")) {
-      const CurrEval = this.currEval;
-      JSONPath.cache[scriptCacheKey] = new CurrEval(script);
-    } else if (typeof this.currEval === "function") {
-      JSONPath.cache[scriptCacheKey] = {
-        runInNewContext: (context) => this.currEval(script, context)
-      };
-    } else {
-      throw new TypeError(`Unknown "eval" property "${this.currEval}"`);
+  for (const [key, value] of Object.entries(cmd.opts())) {
+    if (value !== undefined) {
+      params[key] = value;
     }
   }
-  try {
-    return JSONPath.cache[scriptCacheKey].runInNewContext(this.currSandbox);
-  } catch (e) {
-    if (this.ignoreEvalErrors) {
-      return false;
+  return params;
+}
+function deriveCommandPath(cmd) {
+  const parts = [];
+  let current = cmd;
+  while (current) {
+    const name = current.name();
+    if (name) {
+      parts.unshift(name);
     }
-    throw new Error("jsonPath: " + e.message + ": " + code);
+    current = current.parent;
   }
-};
-JSONPath.cache = {};
-JSONPath.toPathString = function(pathArr) {
-  const x = pathArr, n = x.length;
-  let p = "$";
-  for (let i = 1;i < n; i++) {
-    if (!/^(~|\^|@.*?\(\))$/u.test(x[i])) {
-      p += /^[0-9*]+$/u.test(x[i]) ? "[" + x[i] + "]" : "['" + x[i] + "']";
-    }
+  if (parts.length > 1) {
+    parts.shift();
   }
-  return p;
-};
-JSONPath.toPointer = function(pointer) {
-  const x = pointer, n = x.length;
-  let p = "";
-  for (let i = 1;i < n; i++) {
-    if (!/^(~|\^|@.*?\(\))$/u.test(x[i])) {
-      p += "/" + x[i].toString().replaceAll("~", "~0").replaceAll("/", "~1");
+  return ["uip", ...parts.filter((p) => p !== "uip")].join(".");
+}
+function isCliErrorCode(value) {
+  return typeof value === "string" && cliErrorCodeValues.has(value);
+}
+function isRetryHint(value) {
+  return typeof value === "string" && retryHintValues.has(value);
+}
+function isErrorContext(value) {
+  return value !== null && typeof value === "object";
+}
+function commandHelpHint(commandPath) {
+  const command = commandPath.replace(/\./g, " ");
+  return `An unexpected error occurred. Run '${command} --help' to verify command syntax, or run with --log-level debug for details.`;
+}
+Command.prototype.trackedAction = function(context, fn, properties) {
+  const command = this;
+  return this.action(async (...args) => {
+    const telemetryName = deriveCommandPath(command);
+    const props = typeof properties === "function" ? properties(...args) : properties;
+    const startTime = performance.now();
+    let errorMessage2;
+    const [error] = await catchError2(fn(...args));
+    if (error) {
+      errorMessage2 = error instanceof Error ? error.message : String(error);
+      logger.debug(`[trackedAction] ${telemetryName} failed: ${errorMessage2}`);
+      const typed = error;
+      const customInstructions = typeof typed.instructions === "string" ? typed.instructions : undefined;
+      const customResult = typeof typed.result === "string" && typed.result !== RESULTS.Success && Object.values(RESULTS).includes(typed.result) ? typed.result : undefined;
+      const finalResult = customResult ?? RESULTS.Failure;
+      const typedErrorCode = typed.errorCode ?? typed.ErrorCode;
+      const customErrorCode = isCliErrorCode(typedErrorCode) ? typedErrorCode : undefined;
+      const typedRetry = typed.retry ?? typed.Retry;
+      const customRetry = isRetryHint(typedRetry) ? typedRetry : undefined;
+      const typedContext = typed.context ?? typed.Context;
+      const customContext = isErrorContext(typedContext) ? typedContext : undefined;
+      OutputFormatter.error({
+        Result: finalResult,
+        ...customErrorCode ? { ErrorCode: customErrorCode } : {},
+        Message: errorMessage2,
+        Instructions: customInstructions ?? commandHelpHint(telemetryName),
+        ...customRetry ? { Retry: customRetry } : {},
+        ...customContext ? { Context: customContext } : {}
+      });
+      context.exit(EXIT_CODES[finalResult]);
     }
-  }
-  return p;
-};
-JSONPath.toPathArray = function(expr) {
-  const {
-    cache
-  } = JSONPath;
-  if (cache[expr]) {
-    return cache[expr].concat();
-  }
-  const subx = [];
-  const normalized = expr.replaceAll(/@(?:null|boolean|number|string|integer|undefined|nonFinite|scalar|array|object|function|other)\(\)/gu, ";$&;").replaceAll(/[['](\??\(.*?\))[\]'](?!.\])/gu, function($0, $1) {
-    return "[#" + (subx.push($1) - 1) + "]";
-  }).replaceAll(/\[['"]([^'\]]*)['"]\]/gu, function($0, prop) {
-    return "['" + prop.replaceAll(".", "%@%").replaceAll("~", "%%@@%%") + "']";
-  }).replaceAll("~", ";~;").replaceAll(/['"]?\.['"]?(?![^[]*\])|\[['"]?/gu, ";").replaceAll("%@%", ".").replaceAll("%%@@%%", "~").replaceAll(/(?:;)?(\^+)(?:;)?/gu, function($0, ups) {
-    return ";" + ups.split("").join(";") + ";";
-  }).replaceAll(/;;;|;;/gu, ";..;").replaceAll(/;$|'?\]|'$/gu, "");
-  const exprList = normalized.split(";").map(function(exp) {
-    const match = exp.match(/#(\d+)/u);
-    return !match || !match[1] ? exp : subx[match[1]];
+    const durationMs = performance.now() - startTime;
+    const success = !error && (process.exitCode === undefined || process.exitCode === 0);
+    telemetry.trackEvent(telemetryName, redactProperties({
+      ...extractCommandParams(command),
+      ...props,
+      command: "true",
+      duration: String(durationMs),
+      success: String(success),
+      ...errorMessage2 ? { errorMessage: errorMessage2 } : {}
+    }));
   });
-  cache[expr] = exprList;
-  return cache[expr].concat();
 };
-JSONPath.prototype.safeVm = {
-  Script: SafeScript
-};
-JSONPath.prototype.vm = vm;
+// ../../common/src/console-guard.ts
+var guardInstalledSlot = singleton("ConsoleGuardInstalled");
+var savedOriginalsSlot = singleton("ConsoleGuardOriginals");
+// ../../common/src/constants.ts
+var DEFAULT_AUTH_TIMEOUT_MS2 = 5 * 60 * 1000;
+// ../../common/src/interactivity-context.ts
+var modeSlot = singleton("InteractivityMode");
 // ../../common/src/polling/types.ts
 var PollOutcome = {
   Completed: "completed",
@@ -30760,6 +29712,17 @@ var FAILURE_STATUSES = new Set([
   "canceled",
   "stopped"
 ]);
+// ../../common/src/preview.ts
+var previewSlot = singleton("PreviewBuild");
+function isPreviewBuild() {
+  return previewSlot.get(false) ?? false;
+}
+Command.prototype.previewCommand = function(nameAndArgs, opts) {
+  if (isPreviewBuild()) {
+    return this.command(nameAndArgs, opts);
+  }
+  return new Command(nameAndArgs.split(/\s+/)[0] ?? nameAndArgs);
+};
 // ../../common/src/screen-logger.ts
 var ScreenLogger;
 ((ScreenLogger) => {
@@ -31024,7 +29987,7 @@ class VoidApiResponse2 {
 var package_default3 = {
   name: "@uipath/identity-sdk",
   license: "MIT",
-  version: "1.196.0",
+  version: "1.197.0",
   repository: {
     type: "git",
     url: "https://github.com/UiPath/cli.git",
@@ -31052,7 +30015,7 @@ var package_default3 = {
   ],
   private: true,
   scripts: {
-    build: "bun build ./src/index.ts --outdir dist --format esm --target node && tsc -p tsconfig.build.json --noCheck",
+    build: "bun build ./src/index.ts --outdir dist --format esm --target node --sourcemap=linked && tsc -p tsconfig.build.json --noCheck",
     generate: "bun run src/scripts/generate-sdk.ts",
     lint: "biome check .",
     test: "vitest run",
@@ -32343,12 +31306,12 @@ async function resolveIdentityToId(identity, options) {
     const exact = users.find((u) => u.email?.toLowerCase() === lower2 || u.userName?.toLowerCase() === lower2);
     if (exact?.id !== undefined && exact.id !== "")
       return exact.id;
-    const preview = users.slice(0, 5).map(formatCandidate).join("; ");
+    const preview2 = users.slice(0, 5).map(formatCandidate).join("; ");
     const more = users.length > 5 ? `; ... (+${users.length - 5} more)` : "";
     OutputFormatter.error({
       Result: RESULTS.Failure,
       Message: `Multiple users matched '${identity}'. Pass a UUID or a more specific value.`,
-      Instructions: `Candidates: ${preview}${more}.`
+      Instructions: `Candidates: ${preview2}${more}.`
     });
     processContext.exit(1);
     return null;
@@ -33488,3 +32451,5 @@ var program2 = new Command;
 program2.name(metadata.commandPrefix).description(metadata.description).version(metadata.version);
 await registerCommands(program2);
 program2.parse(process.argv);
+
+//# debugId=C22AF885DF62A80364756E2164756E21