@uipath/codedapp-tool 1.1.0 → 1.195.0

package/dist/tool.js

@@ -680,6 +680,7 @@ var init_open = __esm(() => {
 });
 
 // ../filesystem/src/node.ts
+import { randomUUID } from "node:crypto";
 import { existsSync } from "node:fs";
 import * as fs6 from "node:fs/promises";
 import * as os2 from "node:os";
@@ -761,6 +762,90 @@ class NodeFileSystem {
   async mkdir(dirPath) {
     await fs6.mkdir(dirPath, { recursive: true });
   }
+  async acquireLock(lockPath) {
+    const canonicalPath = await this.canonicalizeLockTarget(lockPath);
+    const lockFile = `${canonicalPath}.lock`;
+    const ownerId = randomUUID();
+    const start = Date.now();
+    while (true) {
+      try {
+        await fs6.writeFile(lockFile, ownerId, { flag: "wx" });
+        return this.createLockRelease(lockFile, ownerId);
+      } catch (error) {
+        if (!this.hasErrnoCode(error, "EEXIST")) {
+          throw error;
+        }
+        const stats = await fs6.stat(lockFile).catch(() => null);
+        if (stats && Date.now() - stats.mtimeMs > LOCK_STALE_MS) {
+          const reclaimed = await fs6.rm(lockFile, { force: true }).then(() => true).catch(() => false);
+          if (reclaimed)
+            continue;
+        }
+        if (Date.now() - start > LOCK_MAX_WAIT_MS) {
+          throw new Error(`ELOCKED: timed out waiting for lock on ${canonicalPath}`);
+        }
+        await new Promise((resolve2) => setTimeout(resolve2, LOCK_RETRY_MIN_MS + Math.random() * LOCK_RETRY_JITTER_MS));
+      }
+    }
+  }
+  async canonicalizeLockTarget(lockPath) {
+    const absolute = path2.resolve(lockPath);
+    const fullReal = await fs6.realpath(absolute).catch(() => null);
+    if (fullReal)
+      return fullReal;
+    const parent = path2.dirname(absolute);
+    const base = path2.basename(absolute);
+    const canonicalParent = await fs6.realpath(parent).catch(() => parent);
+    return path2.join(canonicalParent, base);
+  }
+  createLockRelease(lockFile, ownerId) {
+    const heartbeatStart = Date.now();
+    let heartbeatTimer;
+    let stopped = false;
+    const stopHeartbeat = () => {
+      stopped = true;
+      if (heartbeatTimer)
+        clearTimeout(heartbeatTimer);
+    };
+    const scheduleNextHeartbeat = () => {
+      if (stopped)
+        return;
+      if (Date.now() - heartbeatStart >= LOCK_MAX_HOLD_MS) {
+        stopped = true;
+        return;
+      }
+      heartbeatTimer = setTimeout(() => {
+        runHeartbeat();
+      }, LOCK_HEARTBEAT_MS);
+      heartbeatTimer.unref?.();
+    };
+    const runHeartbeat = async () => {
+      if (stopped)
+        return;
+      const current = await fs6.readFile(lockFile, "utf-8").catch(() => null);
+      if (stopped)
+        return;
+      if (current !== ownerId) {
+        stopped = true;
+        return;
+      }
+      const now = Date.now() / 1000;
+      await fs6.utimes(lockFile, now, now).catch(() => {});
+      scheduleNextHeartbeat();
+    };
+    scheduleNextHeartbeat();
+    let released = false;
+    return async () => {
+      if (released)
+        return;
+      released = true;
+      stopHeartbeat();
+      const current = await fs6.readFile(lockFile, "utf-8").catch(() => null);
+      if (current === ownerId) {
+        await fs6.rm(lockFile, { force: true });
+      }
+    };
+  }
   async rm(filePath) {
     await fs6.rm(filePath, { recursive: true, force: true });
   }
@@ -806,9 +891,13 @@ class NodeFileSystem {
     }
   }
   isEnoent(error) {
-    return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+    return this.hasErrnoCode(error, "ENOENT");
+  }
+  hasErrnoCode(error, code) {
+    return typeof error === "object" && error !== null && "code" in error && error.code === code;
   }
 }
+var LOCK_HEARTBEAT_MS = 5000, LOCK_STALE_MS = 15000, LOCK_MAX_WAIT_MS = 20000, LOCK_MAX_HOLD_MS = 60000, LOCK_RETRY_MIN_MS = 100, LOCK_RETRY_JITTER_MS = 200;
 var init_node = __esm(() => {
   init_open();
 });
@@ -38024,7 +38113,8 @@ var DEFAULT_CLIENT_ID = "36dea5b8-e8bb-423d-8e7b-c808df8f1c00", AUTH_FILE_CONFIG
   if (!clientSecret && fileAuth.clientSecret) {
     clientSecret = fileAuth.clientSecret;
   }
-  const scopes = customScopes && customScopes.length > 0 ? customScopes : fileAuth.scopes && fileAuth.scopes.length > 0 ? fileAuth.scopes : DEFAULT_SCOPES;
+  const isExternalAppAuth = clientId !== DEFAULT_CLIENT_ID && Boolean(clientSecret);
+  const scopes = customScopes && customScopes.length > 0 ? customScopes : fileAuth.scopes && fileAuth.scopes.length > 0 ? fileAuth.scopes : isExternalAppAuth ? [] : DEFAULT_SCOPES;
   return {
     clientId,
     clientSecret,
@@ -38055,32 +38145,7 @@ var init_config = __esm(() => {
       this.name = "InvalidBaseUrlError";
     }
   };
-  DEFAULT_SCOPES = [
-    "offline_access",
-    "ProcessMining",
-    "OrchestratorApiUserAccess",
-    "StudioWebBackend",
-    "IdentityServerApi",
-    "ConnectionService",
-    "DataService",
-    "DataServiceApiUserAccess",
-    "DocumentUnderstanding",
-    "EnterpriseContextService",
-    "Directory",
-    "JamJamApi",
-    "LLMGateway",
-    "LLMOps",
-    "OMS",
-    "RCS.FolderAuthorization",
-    "RCS.TagsManagement",
-    "TestmanagerApiUserAccess",
-    "AutomationSolutions",
-    "StudioWebTypeCacheService",
-    "Docs.GPT.Search",
-    "Insights",
-    "ReferenceToken",
-    "Audit.Read"
-  ];
+  DEFAULT_SCOPES = ["openid", "profile", "offline_access"];
 });
 
 // ../../node_modules/oauth4webapi/build/index.js
@@ -38852,7 +38917,7 @@ var init_envAuth = __esm(() => {
 
 // ../../node_modules/@uipath/coreipc/index.js
 var require_coreipc = __commonJS((exports, module) => {
-  var __dirname = "/Users/alexandru.oltean/github/cli/node_modules/@uipath/coreipc";
+  var __dirname = "/home/runner/work/cli/cli/node_modules/@uipath/coreipc";
   /*! For license information please see index.js.LICENSE.txt */
   (function(e2, t2) {
     typeof exports == "object" && typeof module == "object" ? module.exports = t2() : typeof define == "function" && define.amd ? define([], t2) : typeof exports == "object" ? exports.ipc = t2() : e2.ipc = t2();
@@ -57390,6 +57455,129 @@ function normalizeTokenRefreshFailure() {
 function normalizeTokenRefreshUnavailableFailure() {
   return "token refresh failed before authentication completed";
 }
+function errorMessage(error52) {
+  return error52 instanceof Error ? error52.message : String(error52);
+}
+function computeExpirationThreshold(ensureTokenValidityMinutes) {
+  return new Date(Date.now() + (ensureTokenValidityMinutes ?? 0) * 60 * 1000);
+}
+async function runRefreshLocked(inputs) {
+  const {
+    absolutePath,
+    refreshToken: callerRefreshToken,
+    customAuthority,
+    ensureTokenValidityMinutes,
+    loadEnvFile,
+    saveEnvFile,
+    refreshFn,
+    resolveConfig
+  } = inputs;
+  const expirationThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
+  let fresh;
+  try {
+    fresh = await loadEnvFile({ envPath: absolutePath });
+  } catch (error52) {
+    return {
+      kind: "fail",
+      status: {
+        loginStatus: "Refresh Failed",
+        hint: "Could not read the auth file while refreshing. Retry, or run 'uip login' to re-authenticate.",
+        tokenRefresh: {
+          attempted: false,
+          success: false,
+          errorMessage: `auth file read failed: ${errorMessage(error52)}`
+        }
+      }
+    };
+  }
+  const freshAccess = fresh.UIPATH_ACCESS_TOKEN;
+  const freshExp = freshAccess ? getTokenExpiration(freshAccess) : undefined;
+  if (freshAccess && freshExp && freshExp > expirationThreshold) {
+    return {
+      kind: "ok",
+      accessToken: freshAccess,
+      refreshToken: fresh.UIPATH_REFRESH_TOKEN ?? callerRefreshToken,
+      expiration: freshExp,
+      tokenRefresh: { attempted: false, success: true }
+    };
+  }
+  const tokenForIdP = fresh.UIPATH_REFRESH_TOKEN ?? callerRefreshToken;
+  let refreshedAccess;
+  let refreshedRefresh;
+  try {
+    const config3 = await resolveConfig({ customAuthority });
+    const refreshed = await refreshFn({
+      refreshToken: tokenForIdP,
+      tokenEndpoint: config3.tokenEndpoint,
+      clientId: config3.clientId,
+      expectedAuthority: customAuthority
+    });
+    refreshedAccess = refreshed.accessToken;
+    refreshedRefresh = refreshed.refreshToken;
+  } catch (error52) {
+    const isOAuthFailure = isTokenRefreshOAuthFailure(error52);
+    const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
+    const message = isOAuthFailure ? normalizeTokenRefreshFailure() : normalizeTokenRefreshUnavailableFailure();
+    return {
+      kind: "fail",
+      status: {
+        loginStatus: "Refresh Failed",
+        hint,
+        tokenRefresh: {
+          attempted: true,
+          success: false,
+          errorMessage: message
+        }
+      }
+    };
+  }
+  const refreshedExp = getTokenExpiration(refreshedAccess);
+  if (!refreshedExp || refreshedExp <= new Date) {
+    return {
+      kind: "fail",
+      status: {
+        loginStatus: "Refresh Failed",
+        hint: "The identity server returned an unusable token. Run 'uip login' to re-authenticate.",
+        tokenRefresh: {
+          attempted: true,
+          success: false,
+          errorMessage: "refreshed token has no valid expiration claim"
+        }
+      }
+    };
+  }
+  try {
+    await saveEnvFile({
+      envPath: absolutePath,
+      data: {
+        UIPATH_ACCESS_TOKEN: refreshedAccess,
+        UIPATH_REFRESH_TOKEN: refreshedRefresh
+      },
+      merge: true
+    });
+    return {
+      kind: "ok",
+      accessToken: refreshedAccess,
+      refreshToken: refreshedRefresh,
+      expiration: refreshedExp,
+      tokenRefresh: { attempted: true, success: true }
+    };
+  } catch (error52) {
+    const msg = errorMessage(error52);
+    return {
+      kind: "ok",
+      accessToken: refreshedAccess,
+      refreshToken: refreshedRefresh,
+      expiration: refreshedExp,
+      persistenceWarning: `Access token refreshed in memory but could not be written to ${absolutePath}: ${msg}. The next CLI invocation will fail until the file can be updated — run 'uip login' to re-authenticate.`,
+      tokenRefresh: {
+        attempted: true,
+        success: true,
+        errorMessage: `persistence failed: ${msg}`
+      }
+    };
+  }
+}
 var LoginStatusSource, getLoginStatusWithDeps = async (options = {}, deps = {}) => {
   const {
     resolveEnvFilePath = resolveEnvFilePathAsync,
@@ -57464,73 +57652,103 @@ var LoginStatusSource, getLoginStatusWithDeps = async (options = {}, deps = {})
   let refreshToken = credentials.UIPATH_REFRESH_TOKEN;
   let expiration = getTokenExpiration(accessToken);
   let persistenceWarning;
+  let lockReleaseFailed = false;
   let tokenRefresh;
-  const expirationThreshold = new Date(Date.now() + (ensureTokenValidityMinutes ?? 0) * 60 * 1000);
-  if (expiration && expiration <= expirationThreshold && refreshToken) {
-    let refreshedAccess;
-    let refreshedRefresh;
+  const outerThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
+  const tryGlobalCredsHint = async () => {
+    const fs8 = getFs();
+    const globalPath = fs8.path.join(fs8.env.homedir(), envFilePath);
+    if (absolutePath === globalPath)
+      return;
+    if (!await fs8.exists(globalPath))
+      return;
     try {
-      const config3 = await resolveConfig({
-        customAuthority: credentials.UIPATH_URL
-      });
-      const refreshed = await refreshTokenFn({
-        refreshToken,
-        tokenEndpoint: config3.tokenEndpoint,
-        clientId: config3.clientId,
-        expectedAuthority: credentials.UIPATH_URL
-      });
-      refreshedAccess = refreshed.accessToken;
-      refreshedRefresh = refreshed.refreshToken;
-    } catch (error52) {
-      const isOAuthFailure = isTokenRefreshOAuthFailure(error52);
-      const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
-      const errorMessage = isOAuthFailure ? normalizeTokenRefreshFailure() : normalizeTokenRefreshUnavailableFailure();
-      return {
-        loginStatus: "Refresh Failed",
-        hint,
-        tokenRefresh: {
-          attempted: true,
-          success: false,
-          errorMessage
-        }
-      };
+      const globalCreds = await loadEnvFile({ envPath: globalPath });
+      if (!globalCreds.UIPATH_ACCESS_TOKEN)
+        return;
+      const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
+      if (globalExp && globalExp <= new Date)
+        return;
+      return `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
+    } catch {
+      return;
     }
-    const refreshedExp = getTokenExpiration(refreshedAccess);
-    if (!refreshedExp || refreshedExp <= new Date) {
+  };
+  if (expiration && expiration <= outerThreshold && refreshToken) {
+    let release;
+    try {
+      release = await getFs().acquireLock(absolutePath);
+    } catch (error52) {
+      const msg = errorMessage(error52);
+      const globalHint = await tryGlobalCredsHint();
+      if (globalHint) {
+        return {
+          loginStatus: "Expired",
+          accessToken,
+          refreshToken,
+          baseUrl: credentials.UIPATH_URL,
+          organizationName: credentials.UIPATH_ORGANIZATION_NAME,
+          organizationId: credentials.UIPATH_ORGANIZATION_ID,
+          tenantName: credentials.UIPATH_TENANT_NAME,
+          tenantId: credentials.UIPATH_TENANT_ID,
+          expiration,
+          source: "file" /* File */,
+          hint: globalHint,
+          tokenRefresh: {
+            attempted: false,
+            success: false,
+            errorMessage: `lock acquisition failed: ${msg}`
+          }
+        };
+      }
       return {
         loginStatus: "Refresh Failed",
-        hint: "The identity server returned an unusable token. Run 'uip login' to re-authenticate.",
+        hint: "Could not acquire the auth-file lock — too many concurrent `uip` processes, or a permission issue on the auth directory. Retry, or run 'uip login' to re-authenticate.",
         tokenRefresh: {
-          attempted: true,
+          attempted: false,
           success: false,
-          errorMessage: "refreshed token has no valid expiration claim"
+          errorMessage: `lock acquisition failed: ${msg}`
         }
       };
     }
-    accessToken = refreshedAccess;
-    refreshToken = refreshedRefresh;
-    expiration = refreshedExp;
+    let lockedFailure;
     try {
-      await saveEnvFile({
-        envPath: absolutePath,
-        data: {
-          UIPATH_ACCESS_TOKEN: accessToken,
-          UIPATH_REFRESH_TOKEN: refreshToken
-        },
-        merge: true
+      const outcome = await runRefreshLocked({
+        absolutePath,
+        refreshToken,
+        customAuthority: credentials.UIPATH_URL,
+        ensureTokenValidityMinutes,
+        loadEnvFile,
+        saveEnvFile,
+        refreshFn: refreshTokenFn,
+        resolveConfig
       });
-      tokenRefresh = {
-        attempted: true,
-        success: true
-      };
-    } catch (error52) {
-      const msg = error52 instanceof Error ? error52.message : String(error52);
-      persistenceWarning = `Access token refreshed in memory but could not be written to ${absolutePath}: ${msg}. The next CLI invocation will fail until the file can be updated — run 'uip login' to re-authenticate.`;
-      tokenRefresh = {
-        attempted: true,
-        success: true,
-        errorMessage: `persistence failed: ${msg}`
-      };
+      if (outcome.kind === "fail") {
+        lockedFailure = outcome.status;
+      } else {
+        accessToken = outcome.accessToken;
+        refreshToken = outcome.refreshToken;
+        expiration = outcome.expiration;
+        tokenRefresh = outcome.tokenRefresh;
+        if (outcome.persistenceWarning) {
+          persistenceWarning = outcome.persistenceWarning;
+        }
+      }
+    } finally {
+      try {
+        await release();
+      } catch {
+        lockReleaseFailed = true;
+      }
+    }
+    if (lockedFailure) {
+      const globalHint = await tryGlobalCredsHint();
+      const base = globalHint ? {
+        ...lockedFailure,
+        loginStatus: "Expired",
+        hint: globalHint
+      } : lockedFailure;
+      return lockReleaseFailed ? { ...base, lockReleaseFailed: true } : base;
     }
   }
   const result = {
@@ -57545,23 +57763,13 @@ var LoginStatusSource, getLoginStatusWithDeps = async (options = {}, deps = {})
     expiration,
     source: "file" /* File */,
     ...persistenceWarning ? { hint: persistenceWarning, persistenceFailed: true } : {},
+    ...lockReleaseFailed ? { lockReleaseFailed: true } : {},
     ...tokenRefresh ? { tokenRefresh } : {}
   };
   if (result.loginStatus === "Expired") {
-    const fs8 = getFs();
-    const globalPath = fs8.path.join(fs8.env.homedir(), envFilePath);
-    if (absolutePath !== globalPath && await fs8.exists(globalPath)) {
-      try {
-        const globalCreds = await loadEnvFile({
-          envPath: globalPath
-        });
-        if (globalCreds.UIPATH_ACCESS_TOKEN) {
-          const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
-          if (!globalExp || globalExp > new Date) {
-            result.hint = `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
-          }
-        }
-      } catch {}
+    const globalHint = await tryGlobalCredsHint();
+    if (globalHint) {
+      result.hint = globalHint;
     }
   }
   return result;
@@ -57636,9 +57844,11 @@ var clientCredentialsLogin = async ({
   const params = {
     grant_type: "client_credentials",
     client_id: config3.clientId,
-    client_secret: config3.clientSecret ?? "",
-    scope: config3.scopes.join(" ")
+    client_secret: config3.clientSecret ?? ""
   };
+  if (config3.scopes.length > 0) {
+    params.scope = config3.scopes.join(" ");
+  }
   const tokenResponse = await fetch(config3.tokenEndpoint, {
     method: "POST",
     headers: {
@@ -57848,11 +58058,25 @@ var interactiveLoginWithDeps = async (options, deps) => {
       searchDir = parentDir;
     }
   }
-  await saveEnvFile({
-    envPath: savePath,
-    data: credentials,
-    merge: true
-  });
+  let saveRelease;
+  try {
+    if (typeof fs8.acquireLock === "function") {
+      saveRelease = await fs8.acquireLock(savePath);
+    }
+  } catch {
+    saveRelease = undefined;
+  }
+  try {
+    await saveEnvFile({
+      envPath: savePath,
+      data: credentials,
+      merge: true
+    });
+  } finally {
+    if (saveRelease) {
+      await saveRelease().catch(() => {});
+    }
+  }
   const reportedPath = fs8.path.isAbsolute(savePath) ? savePath : fs8.path.join(fs8.env.homedir(), savePath);
   emit({
     type: "saved",
@@ -57882,7 +58106,21 @@ async function logoutWithDeps(options, deps = {}) {
   const fs8 = getFs();
   const { absolutePath } = await resolveEnvFilePath(options.file);
   if (absolutePath && await fs8.exists(absolutePath)) {
-    await fs8.rm(absolutePath);
+    let release;
+    try {
+      if (typeof fs8.acquireLock === "function") {
+        release = await fs8.acquireLock(absolutePath);
+      }
+    } catch {
+      release = undefined;
+    }
+    try {
+      await fs8.rm(absolutePath);
+    } finally {
+      if (release) {
+        await release().catch(() => {});
+      }
+    }
     return {
       success: true,
       message: `Logged out successfully. Removed ${absolutePath}`,
@@ -57903,81 +58141,6 @@ var init_logout = __esm(() => {
   init_envFile();
 });
 
-// ../auth/src/strategies/browser-strategy.ts
-var exports_browser_strategy = {};
-__export(exports_browser_strategy, {
-  BrowserAuthStrategy: () => BrowserAuthStrategy
-});
-
-class BrowserAuthStrategy {
-  async execute(url2, _redirectUri, expectedState) {
-    const global4 = getGlobalThis();
-    if (!global4?.window) {
-      throw new Error("Browser environment required for authentication");
-    }
-    const screenWidth = global4.window.screen?.width ?? 1024;
-    const screenHeight = global4.window.screen?.height ?? 768;
-    const width = 600;
-    const height2 = 700;
-    const left = screenWidth / 2 - width / 2;
-    const top = screenHeight / 2 - height2 / 2;
-    if (!global4.window.open) {
-      throw new Error("window.open is not available");
-    }
-    const popupResult = global4.window.open(url2, "uip_auth", `width=${width},height=${height2},left=${left},top=${top},resizable=yes,scrollbars=yes,status=yes`);
-    const popup = popupResult;
-    if (!popup) {
-      throw new Error(`Authentication popup was blocked by your browser.
-
-` + `To continue:
-` + `1. Look for a popup blocker icon in your address bar
-` + `2. Allow popups for this site
-` + `3. Try logging in again
-
-` + "If using an ad blocker, you may need to temporarily disable it.");
-    }
-    return new Promise((resolve2, reject) => {
-      const messageHandler = (event) => {
-        if (event.data?.type === "UIP_AUTH_CODE" && event.data.code) {
-          if (event.data.state !== expectedState) {
-            cleanup();
-            reject(new Error("OAuth state mismatch — the callback state does not match the expected value. " + "This may indicate a CSRF attack. Please try signing in again."));
-            popup.close();
-            return;
-          }
-          cleanup();
-          resolve2(event.data.code);
-          popup.close();
-        } else if (event.data?.type === "UIP_AUTH_ERROR") {
-          cleanup();
-          const errorMsg = event.data.error || "Authentication failed";
-          reject(new Error(`Authentication failed: ${errorMsg}
-
-` + "Please check your credentials and try again. " + "If the problem persists, verify your UiPath account is active."));
-          popup.close();
-        }
-      };
-      const cleanup = () => {
-        global4.window?.removeEventListener?.("message", messageHandler);
-        if (timer)
-          clearInterval(timer);
-      };
-      if (global4.window?.addEventListener) {
-        global4.window.addEventListener("message", messageHandler);
-      }
-      const timer = setInterval(() => {
-        if (popup.closed) {
-          cleanup();
-          reject(new Error(`Authentication was cancelled.
-
-` + "The authentication popup was closed before completing the login process. " + "Please try again and complete the authentication flow."));
-        }
-      }, 1000);
-    });
-  }
-}
-var init_browser_strategy = () => {};
-
 // ../auth/src/getBaseHtml.ts
 var getBaseHtml = ({ title, message, type: type2 }) => {
   const icon = type2 === "success" ? "✓" : "✕";
@@ -58124,7 +58287,7 @@ var getBaseHtml = ({ title, message, type: type2 }) => {
 };
 
 // ../auth/src/server.ts
-var startServer = async ({
+var AUTH_TIMEOUT_ERROR_CODE = "EAUTHTIMEOUT", startServer = async ({
   redirectUri,
   timeoutMs = DEFAULT_AUTH_TIMEOUT_MS2,
   onListening
@@ -58195,7 +58358,18 @@ var startServer = async ({
       reject(new Error("No authorization code received"));
       return;
     });
-    server.listen(Number(redirectUri.port), redirectUri.hostname, () => {
+    const timeoutHandle = setTimeout(() => {
+      server.close();
+      const err2 = new Error("Authentication timeout");
+      err2.code = AUTH_TIMEOUT_ERROR_CODE;
+      reject(err2);
+    }, timeoutMs);
+    const bindHost = redirectUri.hostname === "localhost" ? "127.0.0.1" : redirectUri.hostname;
+    server.on("error", (err2) => {
+      clearTimeout(timeoutHandle);
+      reject(err2);
+    });
+    server.listen(Number(redirectUri.port), bindHost, () => {
       if (onListening) {
         Promise.resolve(onListening()).catch((err2) => {
           server.close();
@@ -58204,10 +58378,6 @@ var startServer = async ({
         });
       }
     });
-    const timeoutHandle = setTimeout(() => {
-      server.close();
-      reject(new Error("Authentication timeout"));
-    }, timeoutMs);
     server.on("close", () => {
       clearTimeout(timeoutHandle);
     });
@@ -58217,6 +58387,81 @@ var init_server = __esm(() => {
   init_constants();
 });
 
+// ../auth/src/strategies/browser-strategy.ts
+var exports_browser_strategy = {};
+__export(exports_browser_strategy, {
+  BrowserAuthStrategy: () => BrowserAuthStrategy
+});
+
+class BrowserAuthStrategy {
+  async execute(url2, _redirectUri, expectedState) {
+    const global4 = getGlobalThis();
+    if (!global4?.window) {
+      throw new Error("Browser environment required for authentication");
+    }
+    const screenWidth = global4.window.screen?.width ?? 1024;
+    const screenHeight = global4.window.screen?.height ?? 768;
+    const width = 600;
+    const height2 = 700;
+    const left = screenWidth / 2 - width / 2;
+    const top = screenHeight / 2 - height2 / 2;
+    if (!global4.window.open) {
+      throw new Error("window.open is not available");
+    }
+    const popupResult = global4.window.open(url2, "uip_auth", `width=${width},height=${height2},left=${left},top=${top},resizable=yes,scrollbars=yes,status=yes`);
+    const popup = popupResult;
+    if (!popup) {
+      throw new Error(`Authentication popup was blocked by your browser.
+
+` + `To continue:
+` + `1. Look for a popup blocker icon in your address bar
+` + `2. Allow popups for this site
+` + `3. Try logging in again
+
+` + "If using an ad blocker, you may need to temporarily disable it.");
+    }
+    return new Promise((resolve2, reject) => {
+      const messageHandler = (event) => {
+        if (event.data?.type === "UIP_AUTH_CODE" && event.data.code) {
+          if (event.data.state !== expectedState) {
+            cleanup();
+            reject(new Error("OAuth state mismatch — the callback state does not match the expected value. " + "This may indicate a CSRF attack. Please try signing in again."));
+            popup.close();
+            return;
+          }
+          cleanup();
+          resolve2(event.data.code);
+          popup.close();
+        } else if (event.data?.type === "UIP_AUTH_ERROR") {
+          cleanup();
+          const errorMsg = event.data.error || "Authentication failed";
+          reject(new Error(`Authentication failed: ${errorMsg}
+
+` + "Please check your credentials and try again. " + "If the problem persists, verify your UiPath account is active."));
+          popup.close();
+        }
+      };
+      const cleanup = () => {
+        global4.window?.removeEventListener?.("message", messageHandler);
+        if (timer)
+          clearInterval(timer);
+      };
+      if (global4.window?.addEventListener) {
+        global4.window.addEventListener("message", messageHandler);
+      }
+      const timer = setInterval(() => {
+        if (popup.closed) {
+          cleanup();
+          reject(new Error(`Authentication was cancelled.
+
+` + "The authentication popup was closed before completing the login process. " + "Please try again and complete the authentication flow."));
+        }
+      }, 1000);
+    });
+  }
+}
+var init_browser_strategy = () => {};
+
 // ../auth/src/strategies/node-strategy.ts
 var exports_node_strategy = {};
 __export(exports_node_strategy, {
@@ -58303,7 +58548,8 @@ __export(exports_src, {
   ENV_AUTH_ENABLE_VAR: () => ENV_AUTH_ENABLE_VAR,
   ENFORCE_ROBOT_AUTH_VAR: () => ENFORCE_ROBOT_AUTH_VAR,
   DEFAULT_ENV_FILENAME: () => DEFAULT_ENV_FILENAME,
-  DEFAULT_AUTH_FILENAME: () => DEFAULT_AUTH_FILENAME
+  DEFAULT_AUTH_FILENAME: () => DEFAULT_AUTH_FILENAME,
+  AUTH_TIMEOUT_ERROR_CODE: () => AUTH_TIMEOUT_ERROR_CODE
 });
 var authenticate = async ({
   baseUrl,
@@ -58378,6 +58624,7 @@ var init_src2 = __esm(() => {
   init_config();
   init_envAuth();
   init_selectTenant();
+  init_server();
   init_envFile();
   init_jwt();
   init_authContext();
@@ -58390,7 +58637,8 @@ var init_src2 = __esm(() => {
 // package.json
 var package_default = {
   name: "@uipath/codedapp-tool",
-  version: "1.1.0",
+  license: "MIT",
+  version: "1.195.0",
   description: "Build, pack, publish, deploy, and manage UiPath Coded Web Applications.",
   keywords: [
     "cli-tool",
@@ -63615,6 +63863,60 @@ function escapeNonAscii(jsonText) {
 function needsAsciiSafeJson(sink) {
   return process.platform === "win32" && !sink.capabilities.isInteractive;
 }
+function isPlainRecord(value) {
+  if (value === null || typeof value !== "object")
+    return false;
+  const prototype = Object.getPrototypeOf(value);
+  return prototype === Object.prototype || prototype === null;
+}
+function toLowerCamelCaseKey(key) {
+  if (!key)
+    return key;
+  if (/[_\-\s]/.test(key)) {
+    const [firstPart, ...restParts] = key.split(/[_\-\s]+/).filter(Boolean);
+    if (!firstPart)
+      return key;
+    return [
+      toLowerCamelCaseSimpleKey(firstPart),
+      ...restParts.map((part) => {
+        const normalized = toLowerCamelCaseSimpleKey(part);
+        return normalized.charAt(0).toUpperCase() + normalized.slice(1);
+      })
+    ].join("");
+  }
+  return toLowerCamelCaseSimpleKey(key);
+}
+function toLowerCamelCaseSimpleKey(key) {
+  if (/^[A-Z0-9]+$/.test(key))
+    return key.toLowerCase();
+  return key.replace(/^[A-Z]+(?=[A-Z][a-z]|\d|$)|^[A-Z]/, (match) => match.toLowerCase());
+}
+function toPascalCaseKey(key) {
+  const lowerCamelKey = toLowerCamelCaseKey(key);
+  return lowerCamelKey ? lowerCamelKey.charAt(0).toUpperCase() + lowerCamelKey.slice(1) : lowerCamelKey;
+}
+function toPascalCaseData(value) {
+  if (Array.isArray(value))
+    return value.map(toPascalCaseData);
+  if (!isPlainRecord(value))
+    return value;
+  const result = {};
+  for (const [key, nestedValue] of Object.entries(value)) {
+    result[toPascalCaseKey(key)] = toPascalCaseData(nestedValue);
+  }
+  return result;
+}
+function normalizeDataKeys(data) {
+  return toPascalCaseData(data);
+}
+function normalizeOutputKeys(data) {
+  const result = {};
+  for (const [key, value] of Object.entries(data)) {
+    const pascalKey = toPascalCaseKey(key);
+    result[pascalKey] = pascalKey === "Data" ? value : toPascalCaseData(value);
+  }
+  return result;
+}
 function printOutput(data, format = "json", logFn, asciiSafe = false) {
   if (!data) {
     logFn("Empty response object. No data to display.");
@@ -63677,7 +63979,7 @@ function wrapText(text, width) {
 function printTable(data, logFn, externalLogValue) {
   if (data.length === 0)
     return;
-  const keys = Object.keys(data[0]).filter((key) => key !== "Code" && key !== "Log");
+  const keys = Object.keys(data[0]).filter((key) => !["code", "log"].includes(key.toLowerCase()));
   const maxWidths = keys.map((key) => Math.max(key.length, ...data.map((item) => cellToString(item[key]).length)));
   const header = keys.map((key, i2) => key.padEnd(maxWidths[i2])).join(" | ");
   logFn(header);
@@ -63692,7 +63994,7 @@ function printTable(data, logFn, externalLogValue) {
   }
 }
 function printVerticalTable(data, logFn = console.log, externalLogValue) {
-  const keys = Object.keys(data).filter((key) => key !== "Code" && key !== "Log");
+  const keys = Object.keys(data).filter((key) => !["code", "log"].includes(key.toLowerCase()));
   if (keys.length === 0)
     return;
   const maxKeyWidth = Math.max(...keys.map((key) => key.length));
@@ -63708,7 +64010,7 @@ function printVerticalTable(data, logFn = console.log, externalLogValue) {
 function printResizableTable(data, logFn = console.log, externalLogValue) {
   if (data.length === 0)
     return;
-  const keys = Object.keys(data[0]).filter((key) => key !== "Code" && key !== "Log");
+  const keys = Object.keys(data[0]).filter((key) => !["code", "log"].includes(key.toLowerCase()));
   if (keys.length === 0)
     return;
   if (!process.stdout.isTTY) {
@@ -63784,8 +64086,26 @@ function printResizableTable(data, logFn = console.log, externalLogValue) {
 function toYaml(data) {
   return dump(data);
 }
+class FilterEvaluationError extends Error {
+  __brand = "FilterEvaluationError";
+  filter;
+  instructions;
+  result = RESULTS.ValidationError;
+  constructor(filter, cause) {
+    const underlying = cause instanceof Error ? cause.message : String(cause);
+    super(`Filter '${filter}' failed to evaluate: ${underlying}`);
+    this.name = "FilterEvaluationError";
+    this.filter = filter;
+    this.instructions = `The --output-filter expression '${filter}' failed at evaluation time. ` + "Note that --output-filter operates on the 'Data' field of the envelope, not the full object. " + "For example, on a list result use 'length(@)' instead of 'Data | length(@)'.";
+  }
+}
 function applyFilter(data, filter) {
-  const result = search(data, filter);
+  let result;
+  try {
+    result = search(data, filter);
+  } catch (err) {
+    throw new FilterEvaluationError(filter, err);
+  }
   if (result == null)
     return [];
   if (Array.isArray(result)) {
@@ -63802,13 +64122,18 @@ function applyFilter(data, filter) {
 }
 var OutputFormatter;
 ((OutputFormatter) => {
-  function success(data) {
+  function success(data, options) {
     data.Log ??= getLogFilePath() || undefined;
+    const normalize = !options?.preserveDataKeys;
+    if (normalize) {
+      data.Data = normalizeDataKeys(data.Data);
+    }
     const filter = getOutputFilter();
     if (filter) {
-      data.Data = applyFilter(data.Data, filter);
+      const filtered = applyFilter(data.Data, filter);
+      data.Data = normalize ? normalizeDataKeys(filtered) : filtered;
     }
-    logOutput(data, getOutputFormat());
+    logOutput(normalizeOutputKeys(data), getOutputFormat());
   }
   OutputFormatter.success = success;
   function error(data) {
@@ -63818,7 +64143,7 @@ var OutputFormatter;
       result: data.Result,
       message: data.Message
     });
-    logOutput(data, getOutputFormat());
+    logOutput(normalizeOutputKeys(data), getOutputFormat());
   }
   OutputFormatter.error = error;
   function emitList(code, items, opts) {
@@ -63839,13 +64164,14 @@ var OutputFormatter;
   function log(data) {
     const format = getOutputFormat();
     const sink = getOutputSink();
+    const normalized = toPascalCaseData(data);
     if (format === "json") {
-      const json2 = JSON.stringify(data);
+      const json2 = JSON.stringify(normalized);
       const safe = needsAsciiSafeJson(sink) ? escapeNonAscii(json2) : json2;
       sink.writeErr(`${safe}
 `);
     } else {
-      for (const [key, value] of Object.entries(data)) {
+      for (const [key, value] of Object.entries(normalized)) {
         sink.writeErr(`${key}: ${value}
 `);
       }
@@ -63854,12 +64180,16 @@ var OutputFormatter;
   OutputFormatter.log = log;
   function formatToString(data) {
     const filter = getOutputFilter();
-    if (filter && "Data" in data && data.Data != null) {
-      data.Data = applyFilter(data.Data, filter);
+    if ("Data" in data && data.Data != null) {
+      data.Data = normalizeDataKeys(data.Data);
+      if (filter) {
+        data.Data = normalizeDataKeys(applyFilter(data.Data, filter));
+      }
     }
+    const output = normalizeOutputKeys(data);
     const lines = [];
     const sink = getOutputSink();
-    printOutput(data, getOutputFormat(), (msg) => {
+    printOutput(output, getOutputFormat(), (msg) => {
       lines.push(msg);
     }, needsAsciiSafeJson(sink));
     return lines.join(`
@@ -65270,6 +65600,22 @@ JSONPath.prototype.safeVm = {
   Script: SafeScript
 };
 JSONPath.prototype.vm = vm;
+// ../common/src/polling/types.ts
+var PollOutcome = {
+  Completed: "completed",
+  Timeout: "timeout",
+  Interrupted: "interrupted",
+  Aborted: "aborted",
+  Failed: "failed"
+};
+
+// ../common/src/polling/poll-failure-mapping.ts
+var REASON_BY_OUTCOME = {
+  [PollOutcome.Timeout]: "poll_timeout",
+  [PollOutcome.Failed]: "poll_failed",
+  [PollOutcome.Interrupted]: "poll_failed",
+  [PollOutcome.Aborted]: "poll_aborted"
+};
 // ../common/src/polling/terminal-statuses.ts
 var TERMINAL_STATUSES = new Set([
   "completed",
@@ -65297,6 +65643,8 @@ var ScreenLogger;
   }
   ScreenLogger.progress = progress;
 })(ScreenLogger ||= {});
+// ../common/src/sdk-user-agent.ts
+var sdkUserAgentHostToken = singleton("SdkUserAgentHostToken");
 // ../common/src/tool-provider.ts
 var factorySlot = singleton("PackagerFactoryProvider");
 // ../common/src/telemetry/pii-redactor.ts
@@ -65479,13 +65827,17 @@ Command.prototype.trackedAction = function(context, fn, properties) {
     const [error] = await catchError(fn(...args));
     if (error) {
       errorMessage = error instanceof Error ? error.message : String(error);
-      logger.error(`[trackedAction] ${telemetryName} failed: ${errorMessage}`);
+      logger.debug(`[trackedAction] ${telemetryName} failed: ${errorMessage}`);
+      const typed = error;
+      const customInstructions = typeof typed.instructions === "string" ? typed.instructions : undefined;
+      const customResult = typeof typed.result === "string" && typed.result !== RESULTS.Success && Object.values(RESULTS).includes(typed.result) ? typed.result : undefined;
+      const finalResult = customResult ?? RESULTS.Failure;
       OutputFormatter.error({
-        Result: RESULTS.Failure,
+        Result: finalResult,
         Message: errorMessage,
-        Instructions: "An unexpected error occurred. Run with --log-level debug for details."
+        Instructions: customInstructions ?? "An unexpected error occurred. Run with --log-level debug for details."
       });
-      context.exit(1);
+      context.exit(EXIT_CODES[finalResult]);
     }
     const durationMs = performance.now() - startTime;
     const success = !error && (process.exitCode === undefined || process.exitCode === 0);
@@ -67541,7 +67893,7 @@ import { spawn, spawnSync } from "child_process";
 import { readFileSync, unlinkSync, writeFileSync } from "fs";
 import path3 from "node:path";
 import os4 from "node:os";
-import { randomUUID } from "node:crypto";
+import { randomUUID as randomUUID2 } from "node:crypto";
 
 // ../../node_modules/inquirer/node_modules/@inquirer/prompts/node_modules/@inquirer/editor/node_modules/@inquirer/external-editor/dist/esm/errors/CreateFileError.js
 class CreateFileError extends Error {
@@ -67671,7 +68023,7 @@ class ExternalEditor {
   createTemporaryFile() {
     try {
       const baseDir = this.fileOptions.dir ?? os4.tmpdir();
-      const id = randomUUID();
+      const id = randomUUID2();
       const prefix = sanitizeAffix(this.fileOptions.prefix);
       const postfix = sanitizeAffix(this.fileOptions.postfix);
       const filename = `${prefix}${id}${postfix}`;
@@ -73769,6 +74121,7 @@ var DEFAULT_APP_VERSION = "1.0.0";
 var MESSAGES = {
   ERRORS: {
     INVALID_DIST_DIRECTORY: "Invalid dist directory",
+    MISSING_INDEX_HTML: "index.html not found at the root of the build directory. SSR frameworks (Next.js, Nuxt, Remix) are not supported — only static builds. Make sure you are pointing to the folder that contains index.html (e.g. for Angular: dist/<app-name>/browser/).",
     PACKAGE_NAME_REQUIRED: "Package name is required",
     ACTION_SCHEMA_REQUIRED: "❌ action-schema.json file not found in current working directory",
     ACTION_SCHEMA_REQUIRED_REMOTE: "❌ This project is registered as a Coded Action app but action-schema.json was not found locally. Please add an action-schema.json file to your project root before pushing.",
@@ -88740,20 +89093,26 @@ async function ensureFolderKey(logger3, explicitFolderKey) {
 
 // src/actions/deploy.ts
 var PUBLISHED_APP_LOOKUP_RETRY_DELAYS_MS = [1000, 2000, 4000, 8000];
-async function getDeployedApp(appName, envConfig) {
-  const url2 = appendQueryParams(`${envConfig.baseUrl}/${envConfig.orgId}${API_ENDPOINTS.DEPLOYED_APPS}?searchText=${encodeURIComponent(appName)}`, BASIC_ORIGIN_QUERY_PARAMS);
-  const response = await fetch2(url2, {
-    method: "GET",
-    headers: createHeaders({
-      bearerToken: envConfig.accessToken,
-      tenantId: envConfig.tenantId,
-      folderKey: envConfig.folderKey
-    })
-  });
-  if (!response.ok)
-    await handleHttpError(response, MESSAGES.ERROR_CONTEXT.APP_DEPLOYMENT);
-  const data = await response.json();
-  return data.value.find((app) => app.title === appName) ?? null;
+async function getDeployedApp(appName, displayTitle, envConfig) {
+  const searchTerms = displayTitle !== appName ? [displayTitle, appName] : [appName];
+  for (const searchText of searchTerms) {
+    const url2 = appendQueryParams(`${envConfig.baseUrl}/${envConfig.orgId}${API_ENDPOINTS.DEPLOYED_APPS}?searchText=${encodeURIComponent(searchText)}`, BASIC_ORIGIN_QUERY_PARAMS);
+    const response = await fetch2(url2, {
+      method: "GET",
+      headers: createHeaders({
+        bearerToken: envConfig.accessToken,
+        tenantId: envConfig.tenantId,
+        folderKey: envConfig.folderKey
+      })
+    });
+    if (!response.ok)
+      await handleHttpError(response, MESSAGES.ERROR_CONTEXT.APP_DEPLOYMENT);
+    const data = await response.json();
+    const match = data.value.find((app) => app.title === appName || app.title === displayTitle);
+    if (match)
+      return match;
+  }
+  return null;
 }
 async function getPublishedApp(appName, envConfig, version2) {
   const endpoint = API_ENDPOINTS.PUBLISHED_APPS.replace("{tenantId}", envConfig.tenantId);
@@ -88808,9 +89167,13 @@ async function checkAppNameUniqueness(appName, envConfig) {
     throw new Error(MESSAGES.ERRORS.APP_NAME_ALREADY_EXISTS);
   }
 }
-async function deployNewApp(appName, routingName, systemName, envConfig) {
+async function deployNewApp(appName, routingName, systemName, envConfig, tags) {
   const endpoint = API_ENDPOINTS.DEPLOY_APP.replace("{systemName}", systemName);
   const url2 = appendQueryParams(`${envConfig.baseUrl}/${envConfig.orgId}${endpoint}`, BASIC_ORIGIN_QUERY_PARAMS);
+  const body = { title: appName, routingName };
+  if (tags?.length) {
+    body.tags = tags;
+  }
   const response = await fetch2(url2, {
     method: "POST",
     headers: createHeaders({
@@ -88818,14 +89181,14 @@ async function deployNewApp(appName, routingName, systemName, envConfig) {
       tenantId: envConfig.tenantId,
       folderKey: envConfig.folderKey
     }),
-    body: JSON.stringify({ title: appName, routingName })
+    body: JSON.stringify(body)
   });
   if (!response.ok)
     await handleHttpError(response, MESSAGES.ERROR_CONTEXT.APP_DEPLOYMENT);
   const data = await response.json();
   return data.id;
 }
-async function upgradeApp(appId, title, version2, routingName, envConfig) {
+async function upgradeApp(appId, title, version2, routingName, envConfig, tags) {
   const url2 = appendQueryParams(`${envConfig.baseUrl}/${envConfig.orgId}${API_ENDPOINTS.EDIT_DEPLOYED_APP.replace("{appId}", appId)}`, BASIC_ORIGIN_QUERY_PARAMS);
   const body = {
     title,
@@ -88835,6 +89198,9 @@ async function upgradeApp(appId, title, version2, routingName, envConfig) {
   if (routingName !== undefined) {
     body.routingName = routingName;
   }
+  if (tags?.length) {
+    body.tags = tags;
+  }
   const response = await fetch2(url2, {
     method: "PATCH",
     headers: createHeaders({
@@ -88882,6 +89248,7 @@ async function executeDeploy(options) {
   });
   if (!envConfig)
     throw new Error("Missing required configuration");
+  const originalName = options.packageName;
   if (options.packageName) {
     const { sanitized, isModified } = sanitizeAppName(options.packageName);
     if (isModified) {
@@ -88892,6 +89259,8 @@ async function executeDeploy(options) {
   const appName = options.packageName ?? await getAppName(logger3);
   if (!appName)
     throw new Error(MESSAGES.VALIDATIONS.APP_NAME_REQUIRED);
+  const appConfig = await loadAppConfig(logger3);
+  const displayTitle = originalName || appConfig?.displayName || appName;
   let routingName;
   if (options.pathName) {
     const { sanitized, isModified } = sanitizeAppName(options.pathName);
@@ -88907,7 +89276,7 @@ async function executeDeploy(options) {
   validateAppNameLength(routingName);
   let spinner = ora(MESSAGES.INFO.CHECKING_DEPLOYMENT_STATUS).start();
   const [deployError] = await catchError((async () => {
-    const deployedApp = await getDeployedApp(appName, envConfig);
+    const deployedApp = await getDeployedApp(appName, displayTitle, envConfig);
     let version2;
     if (deployedApp) {
       spinner.text = MESSAGES.INFO.UPGRADING_APP;
@@ -88923,10 +89292,10 @@ async function executeDeploy(options) {
         spinner.fail(source_default.red(MESSAGES.ERRORS.DEPLOY_VERSION_NOT_FOUND));
         throw new Error(MESSAGES.ERRORS.DEPLOY_VERSION_NOT_FOUND);
       }
-      await upgradeApp(deployedApp.id, appName, publishedApp.deployVersion, options.pathName ? routingName : undefined, envConfig);
+      await upgradeApp(deployedApp.id, displayTitle, publishedApp.deployVersion, options.pathName ? routingName : undefined, envConfig, options.tags);
       spinner.succeed(source_default.green(MESSAGES.SUCCESS.APP_UPGRADED_SUCCESS));
-      const appConfig2 = await loadAppConfig(logger3);
-      version2 = publishedApp.appVersion ?? appConfig2?.appVersion ?? deployedApp.semVersion;
+      const appConfig3 = await loadAppConfig(logger3);
+      version2 = publishedApp.appVersion ?? appConfig3?.appVersion ?? deployedApp.semVersion;
       cliTelemetryClient.track(CodedAppTelemetryEvents.Deploy, {
         operation: "upgrade"
       });
@@ -88943,20 +89312,20 @@ async function executeDeploy(options) {
         spinner.fail(source_default.red(notFoundMsg));
         throw new Error(notFoundMsg);
       }
-      const deploymentId = await deployNewApp(appName, routingName, publishedApp.systemName, envConfig);
+      const deploymentId = await deployNewApp(displayTitle, routingName, publishedApp.systemName, envConfig, options.tags);
       spinner.succeed(source_default.green(MESSAGES.SUCCESS.APP_DEPLOYED_SUCCESS));
       await updateAppConfig(deploymentId, logger3);
-      const appConfig2 = await loadAppConfig(logger3);
-      version2 = appConfig2?.appVersion ?? "1.0.0";
+      const appConfig3 = await loadAppConfig(logger3);
+      version2 = appConfig3?.appVersion ?? "1.0.0";
       cliTelemetryClient.track(CodedAppTelemetryEvents.Deploy, {
         operation: "fresh_deploy"
       });
     }
     logger3.log("");
-    logger3.log(`  ${source_default.cyan("App Name:")} ${appName}`);
+    logger3.log(`  ${source_default.cyan("App Name:")} ${displayTitle}`);
     logger3.log(`  ${source_default.cyan("Version:")} ${version2}`);
-    const appConfig = await loadAppConfig(logger3);
-    if (appConfig?.appType === "Action" /* Action */) {
+    const appConfig2 = await loadAppConfig(logger3);
+    if (appConfig2?.appType === "Action" /* Action */) {
       logger3.log(`  ${source_default.yellow(MESSAGES.INFO.ACTION_APP_RUN_IN_ACTION_CENTER)}`);
     } else {
       const appUrl = buildAppUrl(envConfig.baseUrl, envConfig.orgName, routingName);
@@ -89004,14 +89373,25 @@ var DEPLOY_EXAMPLES = [
         message: "App deployed successfully."
       }
     }
+  },
+  {
+    Description: "Deploy the current coded app with system tags",
+    Command: 'uip codedapp deploy --name "MyApp" --tags governance',
+    Output: {
+      Code: "DeployCompleted",
+      Data: {
+        message: "App deployed successfully."
+      }
+    }
   }
 ];
 var registerDeployCommand = (program2) => {
-  program2.command("deploy").description("Deploy or upgrade app in UiPath").option("-n, --name <name>", "App name").option("--path-name <name>", "App pathname in the URL (https://<org>.uipath.host/<path-name>)").option("-v, --version <version>", "Target a specific published version").option("--base-url <url>", "UiPath base URL").option("--org-id <id>", "Organization ID").option("--org-name <name>", "Organization name").option("--tenant-id <id>", "Tenant ID").option("--folder-key <key>", "Folder key").option("--access-token <token>", "Access token").examples(DEPLOY_EXAMPLES).trackedAction(processContext, async (options) => {
+  program2.command("deploy").description("Deploy or upgrade app in UiPath").option("-n, --name <name>", "App name").option("--path-name <name>", "App pathname in the URL (https://<org>.uipath.host/<path-name>)").option("-v, --version <version>", "Target a specific published version").option("--base-url <url>", "UiPath base URL").option("--org-id <id>", "Organization ID").option("--org-name <name>", "Organization name").option("--tenant-id <id>", "Tenant ID").option("--folder-key <key>", "Folder key").option("--access-token <token>", "Access token").option("--tags <tags>", "Comma-separated categorization labels for the deployed app (e.g. governance,insights)").examples(DEPLOY_EXAMPLES).trackedAction(processContext, async (options) => {
     const logger3 = {
       log: (msg) => getOutputSink().writeErr(msg + `
 `)
     };
+    const tags = options.tags?.split(",").map((t2) => t2.trim()).filter(Boolean);
     const [error52] = await catchError(executeDeploy({
       packageName: options.name,
       pathName: options.pathName,
@@ -89022,6 +89402,7 @@ var registerDeployCommand = (program2) => {
       tenantId: options.tenantId,
       folderKey: options.folderKey,
       accessToken: options.accessToken,
+      tags,
       logger: logger3
     }));
     if (error52) {
@@ -90809,6 +91190,7 @@ class ToolResult {
   errorCode;
   message;
   packages;
+  details;
   constructor(errorCode, message, packages = []) {
     this.errorCode = errorCode;
     this.message = message;
@@ -92649,6 +93031,7 @@ async function handleMetadataJson(config2) {
   } else {
     await fs8.writeFile(targetMetadata, JSON.stringify({
       name: config2.name,
+      displayName: config2.originalName,
       version: config2.version,
       description: config2.description,
       author: config2.author,
@@ -92667,6 +93050,11 @@ async function executePack(options) {
   if (!await validateDistDirectory(distDir)) {
     throw new Error(`${MESSAGES.ERRORS.INVALID_DIST_DIRECTORY}: ${distDir}`);
   }
+  const fs8 = getFileSystem();
+  const indexPath = fs8.path.join(distDir, "index.html");
+  if (!await fs8.exists(indexPath)) {
+    throw new Error(MESSAGES.ERRORS.MISSING_INDEX_HTML);
+  }
   if (await hasAbsoluteAssetPaths(distDir)) {
     logger3.log(source_default.yellow(MESSAGES.INFO.ABSOLUTE_ASSET_PATHS_DETECTED));
   }
@@ -92688,6 +93076,7 @@ async function executePack(options) {
   }
   if (!packageName)
     throw new Error(MESSAGES.ERRORS.PACKAGE_NAME_REQUIRED);
+  const originalInputName = packageName;
   const { sanitized: sanitizedInput, isModified } = sanitizeAppName(packageName);
   if (isModified) {
     logger3.log(source_default.yellow(MESSAGE_BUILDERS.APP_NAME_SANITIZED(packageName, sanitizedInput)));
@@ -92706,7 +93095,7 @@ async function executePack(options) {
   const packageConfig = {
     distDir,
     name: sanitizedName,
-    originalName: packageName,
+    originalName: originalInputName,
     version: version2,
     author: options.author ?? "UiPath Developer",
     description,
@@ -93003,6 +93392,17 @@ function extractPackageMetadata(packagePath) {
     packageVersion: parts.slice(versionStartIndex).join(".")
   };
 }
+async function readDisplayName(uipathDir) {
+  const fs8 = getFileSystem();
+  const metadataPath = fs8.path.join(uipathDir, AUTH_CONSTANTS.FILES.METADATA_FILE);
+  const [error52, content] = await catchError(fs8.readFile(metadataPath, "utf-8"));
+  if (error52 || !content)
+    return;
+  const [parseError, parsed] = catchError(() => JSON.parse(content));
+  if (parseError)
+    return;
+  return parsed.displayName;
+}
 async function uploadPackage(packagePath, envConfig, spinner) {
   const fileContent = await getFileSystem().readFile(packagePath);
   if (fileContent === null) {
@@ -93054,7 +93454,7 @@ async function registerCodedApp(metadata, envConfig, isActionApp, logger3) {
     tenantName: envConfig.tenantName,
     packageName: metadata.packageName,
     packageVersion: metadata.packageVersion,
-    title: metadata.packageName,
+    title: metadata.displayName || metadata.packageName,
     schema: actionSchema
   };
   const response = await fetch(url2, {
@@ -93200,6 +93600,7 @@ async function executePublish(options) {
       spinner.start();
     }
     const metadata = extractPackageMetadata(selectedPackage);
+    metadata.displayName = await readDisplayName(uipathDir);
     spinner.text = MESSAGES.INFO.UPLOADING_PACKAGE;
     await uploadPackage(selectedPackage, envConfig, spinner);
     spinner.succeed(source_default.green(MESSAGES.SUCCESS.PACKAGE_UPLOADED_SUCCESS));
@@ -93208,6 +93609,7 @@ async function executePublish(options) {
     spinner.succeed(source_default.green(MESSAGES.SUCCESS.CODED_APP_REGISTERED_SUCCESS));
     const [saveError] = await catchError(saveAppConfig({
       appName: metadata.packageName,
+      displayName: metadata.displayName,
       appVersion: metadata.packageVersion,
       systemName: registerResponse.definition.systemName,
       appUrl: null,