@uipath/identity-tool 1.1.0 → 1.195.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/tool.js +784 -203
  2. package/package.json +28 -34
package/dist/tool.js CHANGED
@@ -667,6 +667,7 @@ var init_open = __esm(() => {
667
667
  });
668
668
 
669
669
  // ../../filesystem/src/node.ts
670
+ import { randomUUID } from "node:crypto";
670
671
  import { existsSync } from "node:fs";
671
672
  import * as fs6 from "node:fs/promises";
672
673
  import * as os2 from "node:os";
@@ -748,6 +749,90 @@ class NodeFileSystem {
748
749
  async mkdir(dirPath) {
749
750
  await fs6.mkdir(dirPath, { recursive: true });
750
751
  }
752
+ async acquireLock(lockPath) {
753
+ const canonicalPath = await this.canonicalizeLockTarget(lockPath);
754
+ const lockFile = `${canonicalPath}.lock`;
755
+ const ownerId = randomUUID();
756
+ const start = Date.now();
757
+ while (true) {
758
+ try {
759
+ await fs6.writeFile(lockFile, ownerId, { flag: "wx" });
760
+ return this.createLockRelease(lockFile, ownerId);
761
+ } catch (error) {
762
+ if (!this.hasErrnoCode(error, "EEXIST")) {
763
+ throw error;
764
+ }
765
+ const stats = await fs6.stat(lockFile).catch(() => null);
766
+ if (stats && Date.now() - stats.mtimeMs > LOCK_STALE_MS) {
767
+ const reclaimed = await fs6.rm(lockFile, { force: true }).then(() => true).catch(() => false);
768
+ if (reclaimed)
769
+ continue;
770
+ }
771
+ if (Date.now() - start > LOCK_MAX_WAIT_MS) {
772
+ throw new Error(`ELOCKED: timed out waiting for lock on ${canonicalPath}`);
773
+ }
774
+ await new Promise((resolve2) => setTimeout(resolve2, LOCK_RETRY_MIN_MS + Math.random() * LOCK_RETRY_JITTER_MS));
775
+ }
776
+ }
777
+ }
778
+ async canonicalizeLockTarget(lockPath) {
779
+ const absolute = path2.resolve(lockPath);
780
+ const fullReal = await fs6.realpath(absolute).catch(() => null);
781
+ if (fullReal)
782
+ return fullReal;
783
+ const parent = path2.dirname(absolute);
784
+ const base = path2.basename(absolute);
785
+ const canonicalParent = await fs6.realpath(parent).catch(() => parent);
786
+ return path2.join(canonicalParent, base);
787
+ }
788
+ createLockRelease(lockFile, ownerId) {
789
+ const heartbeatStart = Date.now();
790
+ let heartbeatTimer;
791
+ let stopped = false;
792
+ const stopHeartbeat = () => {
793
+ stopped = true;
794
+ if (heartbeatTimer)
795
+ clearTimeout(heartbeatTimer);
796
+ };
797
+ const scheduleNextHeartbeat = () => {
798
+ if (stopped)
799
+ return;
800
+ if (Date.now() - heartbeatStart >= LOCK_MAX_HOLD_MS) {
801
+ stopped = true;
802
+ return;
803
+ }
804
+ heartbeatTimer = setTimeout(() => {
805
+ runHeartbeat();
806
+ }, LOCK_HEARTBEAT_MS);
807
+ heartbeatTimer.unref?.();
808
+ };
809
+ const runHeartbeat = async () => {
810
+ if (stopped)
811
+ return;
812
+ const current = await fs6.readFile(lockFile, "utf-8").catch(() => null);
813
+ if (stopped)
814
+ return;
815
+ if (current !== ownerId) {
816
+ stopped = true;
817
+ return;
818
+ }
819
+ const now = Date.now() / 1000;
820
+ await fs6.utimes(lockFile, now, now).catch(() => {});
821
+ scheduleNextHeartbeat();
822
+ };
823
+ scheduleNextHeartbeat();
824
+ let released = false;
825
+ return async () => {
826
+ if (released)
827
+ return;
828
+ released = true;
829
+ stopHeartbeat();
830
+ const current = await fs6.readFile(lockFile, "utf-8").catch(() => null);
831
+ if (current === ownerId) {
832
+ await fs6.rm(lockFile, { force: true });
833
+ }
834
+ };
835
+ }
751
836
  async rm(filePath) {
752
837
  await fs6.rm(filePath, { recursive: true, force: true });
753
838
  }
@@ -793,9 +878,13 @@ class NodeFileSystem {
793
878
  }
794
879
  }
795
880
  isEnoent(error) {
796
- return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
881
+ return this.hasErrnoCode(error, "ENOENT");
882
+ }
883
+ hasErrnoCode(error, code) {
884
+ return typeof error === "object" && error !== null && "code" in error && error.code === code;
797
885
  }
798
886
  }
887
+ var LOCK_HEARTBEAT_MS = 5000, LOCK_STALE_MS = 15000, LOCK_MAX_WAIT_MS = 20000, LOCK_MAX_HOLD_MS = 60000, LOCK_RETRY_MIN_MS = 100, LOCK_RETRY_JITTER_MS = 200;
799
888
  var init_node = __esm(() => {
800
889
  init_open();
801
890
  });
@@ -2941,7 +3030,7 @@ function isBrowser() {
2941
3030
 
2942
3031
  // ../../../node_modules/@uipath/coreipc/index.js
2943
3032
  var require_coreipc = __commonJS((exports, module) => {
2944
- var __dirname = "/Users/alexandru.oltean/github/cli/node_modules/@uipath/coreipc";
3033
+ var __dirname = "/home/runner/work/cli/cli/node_modules/@uipath/coreipc";
2945
3034
  /*! For license information please see index.js.LICENSE.txt */
2946
3035
  (function(e, t) {
2947
3036
  typeof exports == "object" && typeof module == "object" ? module.exports = t() : typeof define == "function" && define.amd ? define([], t) : typeof exports == "object" ? exports.ipc = t() : e.ipc = t();
@@ -21133,10 +21222,15 @@ var require_dist = __commonJS((exports) => {
21133
21222
  exports.RobotProxyConstructor = RobotProxyConstructor;
21134
21223
  __exportStar(require_agent(), exports);
21135
21224
  });
21225
+ // ../../auth/src/server.ts
21226
+ var init_server = __esm(() => {
21227
+ init_constants();
21228
+ });
21136
21229
  // package.json
21137
21230
  var package_default = {
21138
21231
  name: "@uipath/identity-tool",
21139
- version: "1.1.0",
21232
+ license: "MIT",
21233
+ version: "1.195.0",
21140
21234
  description: "Manage Identity Server users, groups, robot accounts, and external apps.",
21141
21235
  private: false,
21142
21236
  repository: {
@@ -21147,7 +21241,9 @@ var package_default = {
21147
21241
  publishConfig: {
21148
21242
  registry: "https://npm.pkg.github.com/@uipath"
21149
21243
  },
21150
- keywords: ["cli-tool"],
21244
+ keywords: [
21245
+ "cli-tool"
21246
+ ],
21151
21247
  type: "module",
21152
21248
  main: "./dist/tool.js",
21153
21249
  exports: {
@@ -21313,10 +21409,15 @@ async function extractErrorDetails(error, options) {
21313
21409
  }
21314
21410
  if (parsedBody?.errorCode && typeof parsedBody.errorCode === "string") {
21315
21411
  context.errorCode = parsedBody.errorCode;
21412
+ } else if (parsedBody?.code && typeof parsedBody.code === "string") {
21413
+ context.errorCode = parsedBody.code;
21316
21414
  }
21317
21415
  if (parsedBody?.requestId && typeof parsedBody.requestId === "string") {
21318
21416
  context.requestId = parsedBody.requestId;
21319
21417
  }
21418
+ if (parsedBody?.traceId && typeof parsedBody.traceId === "string") {
21419
+ context.traceId = parsedBody.traceId;
21420
+ }
21320
21421
  if (status === 429) {
21321
21422
  const resp = response;
21322
21423
  const headersObj = resp?.headers;
@@ -21336,7 +21437,35 @@ async function extractErrorDetails(error, options) {
21336
21437
  }
21337
21438
  }
21338
21439
  const hasContext = Object.keys(context).length > 0;
21339
- return { result, message, details, ...hasContext ? { context } : {} };
21440
+ let parsedErrors;
21441
+ if (parsedBody?.errors && typeof parsedBody.errors === "object") {
21442
+ const errors = {};
21443
+ for (const [field, raw] of Object.entries(parsedBody.errors)) {
21444
+ if (Array.isArray(raw)) {
21445
+ const messages = raw.map((entry) => {
21446
+ if (typeof entry === "string")
21447
+ return entry;
21448
+ if (entry && typeof entry === "object" && typeof entry.message === "string") {
21449
+ return entry.message;
21450
+ }
21451
+ return String(entry);
21452
+ }).filter(Boolean);
21453
+ if (messages.length > 0)
21454
+ errors[field] = messages;
21455
+ } else if (typeof raw === "string") {
21456
+ errors[field] = [raw];
21457
+ }
21458
+ }
21459
+ if (Object.keys(errors).length > 0)
21460
+ parsedErrors = errors;
21461
+ }
21462
+ return {
21463
+ result,
21464
+ message,
21465
+ details,
21466
+ ...hasContext ? { context } : {},
21467
+ ...parsedErrors ? { parsedErrors } : {}
21468
+ };
21340
21469
  }
21341
21470
  async function extractErrorMessage(error, options) {
21342
21471
  const { message } = await extractErrorDetails(error, options);
@@ -26484,6 +26613,60 @@ function escapeNonAscii(jsonText) {
26484
26613
  function needsAsciiSafeJson(sink) {
26485
26614
  return process.platform === "win32" && !sink.capabilities.isInteractive;
26486
26615
  }
26616
+ function isPlainRecord(value) {
26617
+ if (value === null || typeof value !== "object")
26618
+ return false;
26619
+ const prototype = Object.getPrototypeOf(value);
26620
+ return prototype === Object.prototype || prototype === null;
26621
+ }
26622
+ function toLowerCamelCaseKey(key) {
26623
+ if (!key)
26624
+ return key;
26625
+ if (/[_\-\s]/.test(key)) {
26626
+ const [firstPart, ...restParts] = key.split(/[_\-\s]+/).filter(Boolean);
26627
+ if (!firstPart)
26628
+ return key;
26629
+ return [
26630
+ toLowerCamelCaseSimpleKey(firstPart),
26631
+ ...restParts.map((part) => {
26632
+ const normalized = toLowerCamelCaseSimpleKey(part);
26633
+ return normalized.charAt(0).toUpperCase() + normalized.slice(1);
26634
+ })
26635
+ ].join("");
26636
+ }
26637
+ return toLowerCamelCaseSimpleKey(key);
26638
+ }
26639
+ function toLowerCamelCaseSimpleKey(key) {
26640
+ if (/^[A-Z0-9]+$/.test(key))
26641
+ return key.toLowerCase();
26642
+ return key.replace(/^[A-Z]+(?=[A-Z][a-z]|\d|$)|^[A-Z]/, (match) => match.toLowerCase());
26643
+ }
26644
+ function toPascalCaseKey(key) {
26645
+ const lowerCamelKey = toLowerCamelCaseKey(key);
26646
+ return lowerCamelKey ? lowerCamelKey.charAt(0).toUpperCase() + lowerCamelKey.slice(1) : lowerCamelKey;
26647
+ }
26648
+ function toPascalCaseData(value) {
26649
+ if (Array.isArray(value))
26650
+ return value.map(toPascalCaseData);
26651
+ if (!isPlainRecord(value))
26652
+ return value;
26653
+ const result = {};
26654
+ for (const [key, nestedValue] of Object.entries(value)) {
26655
+ result[toPascalCaseKey(key)] = toPascalCaseData(nestedValue);
26656
+ }
26657
+ return result;
26658
+ }
26659
+ function normalizeDataKeys(data) {
26660
+ return toPascalCaseData(data);
26661
+ }
26662
+ function normalizeOutputKeys(data) {
26663
+ const result = {};
26664
+ for (const [key, value] of Object.entries(data)) {
26665
+ const pascalKey = toPascalCaseKey(key);
26666
+ result[pascalKey] = pascalKey === "Data" ? value : toPascalCaseData(value);
26667
+ }
26668
+ return result;
26669
+ }
26487
26670
  function printOutput(data, format = "json", logFn, asciiSafe = false) {
26488
26671
  if (!data) {
26489
26672
  logFn("Empty response object. No data to display.");
@@ -26546,7 +26729,7 @@ function wrapText(text, width) {
26546
26729
  function printTable(data, logFn, externalLogValue) {
26547
26730
  if (data.length === 0)
26548
26731
  return;
26549
- const keys = Object.keys(data[0]).filter((key) => key !== "Code" && key !== "Log");
26732
+ const keys = Object.keys(data[0]).filter((key) => !["code", "log"].includes(key.toLowerCase()));
26550
26733
  const maxWidths = keys.map((key) => Math.max(key.length, ...data.map((item) => cellToString(item[key]).length)));
26551
26734
  const header = keys.map((key, i2) => key.padEnd(maxWidths[i2])).join(" | ");
26552
26735
  logFn(header);
@@ -26561,7 +26744,7 @@ function printTable(data, logFn, externalLogValue) {
26561
26744
  }
26562
26745
  }
26563
26746
  function printVerticalTable(data, logFn = console.log, externalLogValue) {
26564
- const keys = Object.keys(data).filter((key) => key !== "Code" && key !== "Log");
26747
+ const keys = Object.keys(data).filter((key) => !["code", "log"].includes(key.toLowerCase()));
26565
26748
  if (keys.length === 0)
26566
26749
  return;
26567
26750
  const maxKeyWidth = Math.max(...keys.map((key) => key.length));
@@ -26577,7 +26760,7 @@ function printVerticalTable(data, logFn = console.log, externalLogValue) {
26577
26760
  function printResizableTable(data, logFn = console.log, externalLogValue) {
26578
26761
  if (data.length === 0)
26579
26762
  return;
26580
- const keys = Object.keys(data[0]).filter((key) => key !== "Code" && key !== "Log");
26763
+ const keys = Object.keys(data[0]).filter((key) => !["code", "log"].includes(key.toLowerCase()));
26581
26764
  if (keys.length === 0)
26582
26765
  return;
26583
26766
  if (!process.stdout.isTTY) {
@@ -26653,8 +26836,26 @@ function printResizableTable(data, logFn = console.log, externalLogValue) {
26653
26836
  function toYaml(data) {
26654
26837
  return dump(data);
26655
26838
  }
26839
+ class FilterEvaluationError extends Error {
26840
+ __brand = "FilterEvaluationError";
26841
+ filter;
26842
+ instructions;
26843
+ result = RESULTS.ValidationError;
26844
+ constructor(filter, cause) {
26845
+ const underlying = cause instanceof Error ? cause.message : String(cause);
26846
+ super(`Filter '${filter}' failed to evaluate: ${underlying}`);
26847
+ this.name = "FilterEvaluationError";
26848
+ this.filter = filter;
26849
+ this.instructions = `The --output-filter expression '${filter}' failed at evaluation time. ` + "Note that --output-filter operates on the 'Data' field of the envelope, not the full object. " + "For example, on a list result use 'length(@)' instead of 'Data | length(@)'.";
26850
+ }
26851
+ }
26656
26852
  function applyFilter(data, filter) {
26657
- const result = search(data, filter);
26853
+ let result;
26854
+ try {
26855
+ result = search(data, filter);
26856
+ } catch (err) {
26857
+ throw new FilterEvaluationError(filter, err);
26858
+ }
26658
26859
  if (result == null)
26659
26860
  return [];
26660
26861
  if (Array.isArray(result)) {
@@ -26671,13 +26872,18 @@ function applyFilter(data, filter) {
26671
26872
  }
26672
26873
  var OutputFormatter;
26673
26874
  ((OutputFormatter) => {
26674
- function success(data) {
26875
+ function success(data, options) {
26675
26876
  data.Log ??= getLogFilePath() || undefined;
26877
+ const normalize = !options?.preserveDataKeys;
26878
+ if (normalize) {
26879
+ data.Data = normalizeDataKeys(data.Data);
26880
+ }
26676
26881
  const filter = getOutputFilter();
26677
26882
  if (filter) {
26678
- data.Data = applyFilter(data.Data, filter);
26883
+ const filtered = applyFilter(data.Data, filter);
26884
+ data.Data = normalize ? normalizeDataKeys(filtered) : filtered;
26679
26885
  }
26680
- logOutput(data, getOutputFormat());
26886
+ logOutput(normalizeOutputKeys(data), getOutputFormat());
26681
26887
  }
26682
26888
  OutputFormatter.success = success;
26683
26889
  function error(data) {
@@ -26687,7 +26893,7 @@ var OutputFormatter;
26687
26893
  result: data.Result,
26688
26894
  message: data.Message
26689
26895
  });
26690
- logOutput(data, getOutputFormat());
26896
+ logOutput(normalizeOutputKeys(data), getOutputFormat());
26691
26897
  }
26692
26898
  OutputFormatter.error = error;
26693
26899
  function emitList(code, items, opts) {
@@ -26708,13 +26914,14 @@ var OutputFormatter;
26708
26914
  function log(data) {
26709
26915
  const format = getOutputFormat();
26710
26916
  const sink = getOutputSink();
26917
+ const normalized = toPascalCaseData(data);
26711
26918
  if (format === "json") {
26712
- const json2 = JSON.stringify(data);
26919
+ const json2 = JSON.stringify(normalized);
26713
26920
  const safe = needsAsciiSafeJson(sink) ? escapeNonAscii(json2) : json2;
26714
26921
  sink.writeErr(`${safe}
26715
26922
  `);
26716
26923
  } else {
26717
- for (const [key, value] of Object.entries(data)) {
26924
+ for (const [key, value] of Object.entries(normalized)) {
26718
26925
  sink.writeErr(`${key}: ${value}
26719
26926
  `);
26720
26927
  }
@@ -26723,12 +26930,16 @@ var OutputFormatter;
26723
26930
  OutputFormatter.log = log;
26724
26931
  function formatToString(data) {
26725
26932
  const filter = getOutputFilter();
26726
- if (filter && "Data" in data && data.Data != null) {
26727
- data.Data = applyFilter(data.Data, filter);
26933
+ if ("Data" in data && data.Data != null) {
26934
+ data.Data = normalizeDataKeys(data.Data);
26935
+ if (filter) {
26936
+ data.Data = normalizeDataKeys(applyFilter(data.Data, filter));
26937
+ }
26728
26938
  }
26939
+ const output = normalizeOutputKeys(data);
26729
26940
  const lines = [];
26730
26941
  const sink = getOutputSink();
26731
- printOutput(data, getOutputFormat(), (msg) => {
26942
+ printOutput(output, getOutputFormat(), (msg) => {
26732
26943
  lines.push(msg);
26733
26944
  }, needsAsciiSafeJson(sink));
26734
26945
  return lines.join(`
@@ -28139,6 +28350,22 @@ JSONPath.prototype.safeVm = {
28139
28350
  Script: SafeScript
28140
28351
  };
28141
28352
  JSONPath.prototype.vm = vm;
28353
+ // ../../common/src/polling/types.ts
28354
+ var PollOutcome = {
28355
+ Completed: "completed",
28356
+ Timeout: "timeout",
28357
+ Interrupted: "interrupted",
28358
+ Aborted: "aborted",
28359
+ Failed: "failed"
28360
+ };
28361
+
28362
+ // ../../common/src/polling/poll-failure-mapping.ts
28363
+ var REASON_BY_OUTCOME = {
28364
+ [PollOutcome.Timeout]: "poll_timeout",
28365
+ [PollOutcome.Failed]: "poll_failed",
28366
+ [PollOutcome.Interrupted]: "poll_failed",
28367
+ [PollOutcome.Aborted]: "poll_aborted"
28368
+ };
28142
28369
  // ../../common/src/polling/terminal-statuses.ts
28143
28370
  var TERMINAL_STATUSES = new Set([
28144
28371
  "completed",
@@ -28166,6 +28393,105 @@ var ScreenLogger;
28166
28393
  }
28167
28394
  ScreenLogger.progress = progress;
28168
28395
  })(ScreenLogger ||= {});
28396
+ // ../../common/src/sdk-user-agent.ts
28397
+ var USER_AGENT_HEADER = "User-Agent";
28398
+ var sdkUserAgentHostToken = singleton("SdkUserAgentHostToken");
28399
+ function userAgentPatchKey(userAgent) {
28400
+ return Symbol.for(`@uipath/common/sdk-user-agent/${userAgent}`);
28401
+ }
28402
+ function splitUserAgentTokens(value) {
28403
+ return value?.trim().split(/\s+/).filter(Boolean) ?? [];
28404
+ }
28405
+ function appendUserAgentToken(value, userAgent) {
28406
+ const tokens = splitUserAgentTokens(value);
28407
+ const seen = new Set(tokens);
28408
+ for (const token of splitUserAgentTokens(userAgent)) {
28409
+ if (!seen.has(token)) {
28410
+ tokens.push(token);
28411
+ seen.add(token);
28412
+ }
28413
+ }
28414
+ return tokens.join(" ");
28415
+ }
28416
+ function getEffectiveUserAgent(userAgent) {
28417
+ return appendUserAgentToken(sdkUserAgentHostToken.get(), userAgent);
28418
+ }
28419
+ function isHeadersLike(headers) {
28420
+ return typeof headers === "object" && headers !== null && "get" in headers && typeof headers.get === "function" && "set" in headers && typeof headers.set === "function";
28421
+ }
28422
+ function getSdkUserAgentToken(pkg) {
28423
+ const packageName = pkg.name.replace(/^@uipath\//, "");
28424
+ return getEffectiveUserAgent(`${packageName}/${pkg.version}`);
28425
+ }
28426
+ function addSdkUserAgentHeader(headers, userAgent) {
28427
+ const result = { ...headers ?? {} };
28428
+ const effectiveUserAgent = getEffectiveUserAgent(userAgent);
28429
+ const headerName = Object.keys(result).find((key) => key.toLowerCase() === USER_AGENT_HEADER.toLowerCase());
28430
+ if (headerName) {
28431
+ result[headerName] = appendUserAgentToken(result[headerName], effectiveUserAgent);
28432
+ } else {
28433
+ result[USER_AGENT_HEADER] = effectiveUserAgent;
28434
+ }
28435
+ return result;
28436
+ }
28437
+ function withSdkUserAgentHeader(headers, userAgent) {
28438
+ const effectiveUserAgent = getEffectiveUserAgent(userAgent);
28439
+ if (isHeadersLike(headers)) {
28440
+ headers.set(USER_AGENT_HEADER, appendUserAgentToken(headers.get(USER_AGENT_HEADER), effectiveUserAgent));
28441
+ return headers;
28442
+ }
28443
+ if (Array.isArray(headers)) {
28444
+ const result = headers.map((entry) => {
28445
+ const [key, value] = entry;
28446
+ return [key, value];
28447
+ });
28448
+ const headerIndex = result.findIndex(([key]) => key.toLowerCase() === USER_AGENT_HEADER.toLowerCase());
28449
+ if (headerIndex >= 0) {
28450
+ const [key, value] = result[headerIndex];
28451
+ result[headerIndex] = [
28452
+ key,
28453
+ appendUserAgentToken(value, effectiveUserAgent)
28454
+ ];
28455
+ } else {
28456
+ result.push([USER_AGENT_HEADER, effectiveUserAgent]);
28457
+ }
28458
+ return result;
28459
+ }
28460
+ return addSdkUserAgentHeader(typeof headers === "object" && headers !== null ? { ...headers } : {}, effectiveUserAgent);
28461
+ }
28462
+ function withUserAgentInitOverride(initOverrides, userAgent) {
28463
+ return async (requestContext) => {
28464
+ const initWithUserAgent = {
28465
+ ...requestContext.init,
28466
+ headers: withSdkUserAgentHeader(requestContext.init.headers, userAgent)
28467
+ };
28468
+ const override = typeof initOverrides === "function" ? await initOverrides({
28469
+ ...requestContext,
28470
+ init: initWithUserAgent
28471
+ }) : initOverrides;
28472
+ return {
28473
+ ...override ?? {},
28474
+ headers: withSdkUserAgentHeader(override?.headers ?? initWithUserAgent.headers, userAgent)
28475
+ };
28476
+ };
28477
+ }
28478
+ function installSdkUserAgentHeader(BaseApiClass, userAgent) {
28479
+ const prototype = BaseApiClass.prototype;
28480
+ const patchKey = userAgentPatchKey(userAgent);
28481
+ if (prototype[patchKey]) {
28482
+ return;
28483
+ }
28484
+ if (typeof prototype.request !== "function") {
28485
+ throw new Error("Generated BaseAPI request function not found.");
28486
+ }
28487
+ const originalRequest = prototype.request;
28488
+ prototype.request = function requestWithUserAgent(context, initOverrides) {
28489
+ return originalRequest.call(this, context, withUserAgentInitOverride(initOverrides, userAgent));
28490
+ };
28491
+ Object.defineProperty(prototype, patchKey, {
28492
+ value: true
28493
+ });
28494
+ }
28169
28495
  // ../../common/src/tool-provider.ts
28170
28496
  var factorySlot = singleton("PackagerFactoryProvider");
28171
28497
  // ../../common/src/telemetry/pii-redactor.ts
@@ -28348,13 +28674,17 @@ Command.prototype.trackedAction = function(context, fn, properties) {
28348
28674
  const [error] = await catchError(fn(...args));
28349
28675
  if (error) {
28350
28676
  errorMessage = error instanceof Error ? error.message : String(error);
28351
- logger.error(`[trackedAction] ${telemetryName} failed: ${errorMessage}`);
28677
+ logger.debug(`[trackedAction] ${telemetryName} failed: ${errorMessage}`);
28678
+ const typed = error;
28679
+ const customInstructions = typeof typed.instructions === "string" ? typed.instructions : undefined;
28680
+ const customResult = typeof typed.result === "string" && typed.result !== RESULTS.Success && Object.values(RESULTS).includes(typed.result) ? typed.result : undefined;
28681
+ const finalResult = customResult ?? RESULTS.Failure;
28352
28682
  OutputFormatter.error({
28353
- Result: RESULTS.Failure,
28683
+ Result: finalResult,
28354
28684
  Message: errorMessage,
28355
- Instructions: "An unexpected error occurred. Run with --log-level debug for details."
28685
+ Instructions: customInstructions ?? "An unexpected error occurred. Run with --log-level debug for details."
28356
28686
  });
28357
- context.exit(1);
28687
+ context.exit(EXIT_CODES[finalResult]);
28358
28688
  }
28359
28689
  const durationMs = performance.now() - startTime;
28360
28690
  const success = !error && (process.exitCode === undefined || process.exitCode === 0);
@@ -28625,6 +28955,57 @@ class TextApiResponse {
28625
28955
  return await this.raw.text();
28626
28956
  }
28627
28957
  }
28958
+ // ../identity-sdk/package.json
28959
+ var package_default2 = {
28960
+ name: "@uipath/identity-sdk",
28961
+ license: "MIT",
28962
+ version: "1.195.0",
28963
+ repository: {
28964
+ type: "git",
28965
+ url: "https://github.com/UiPath/cli.git",
28966
+ directory: "packages/admin/identity-sdk"
28967
+ },
28968
+ publishConfig: {
28969
+ registry: "https://npm.pkg.github.com/@uipath"
28970
+ },
28971
+ keywords: [
28972
+ "uipath",
28973
+ "identity",
28974
+ "sdk"
28975
+ ],
28976
+ type: "module",
28977
+ main: "./dist/index.js",
28978
+ types: "./dist/src/index.d.ts",
28979
+ exports: {
28980
+ ".": {
28981
+ types: "./dist/src/index.d.ts",
28982
+ default: "./dist/index.js"
28983
+ }
28984
+ },
28985
+ files: [
28986
+ "dist"
28987
+ ],
28988
+ private: true,
28989
+ scripts: {
28990
+ build: "bun build ./src/index.ts --outdir dist --format esm --target node && tsc -p tsconfig.build.json --noCheck",
28991
+ generate: "bun run src/scripts/generate-sdk.ts",
28992
+ lint: "biome check .",
28993
+ test: "vitest run",
28994
+ "test:coverage": "vitest run --coverage"
28995
+ },
28996
+ devDependencies: {
28997
+ "@uipath/auth": "workspace:*",
28998
+ "@uipath/common": "workspace:*",
28999
+ "@uipath/filesystem": "workspace:*",
29000
+ "@openapitools/openapi-generator-cli": "^2.31.1",
29001
+ "@types/node": "^25.5.2",
29002
+ typescript: "^6.0.2"
29003
+ }
29004
+ };
29005
+
29006
+ // ../identity-sdk/src/user-agent.ts
29007
+ var SDK_USER_AGENT = getSdkUserAgentToken(package_default2);
29008
+ installSdkUserAgentHeader(BaseAPI, SDK_USER_AGENT);
28628
29009
 
28629
29010
  // ../identity-sdk/generated/src/models/ApiScopeType.ts
28630
29011
  function ApiScopeTypeFromJSON(json2) {
@@ -31157,32 +31538,7 @@ class InvalidBaseUrlError extends Error {
31157
31538
  this.name = "InvalidBaseUrlError";
31158
31539
  }
31159
31540
  }
31160
- var DEFAULT_SCOPES = [
31161
- "offline_access",
31162
- "ProcessMining",
31163
- "OrchestratorApiUserAccess",
31164
- "StudioWebBackend",
31165
- "IdentityServerApi",
31166
- "ConnectionService",
31167
- "DataService",
31168
- "DataServiceApiUserAccess",
31169
- "DocumentUnderstanding",
31170
- "EnterpriseContextService",
31171
- "Directory",
31172
- "JamJamApi",
31173
- "LLMGateway",
31174
- "LLMOps",
31175
- "OMS",
31176
- "RCS.FolderAuthorization",
31177
- "RCS.TagsManagement",
31178
- "TestmanagerApiUserAccess",
31179
- "AutomationSolutions",
31180
- "StudioWebTypeCacheService",
31181
- "Docs.GPT.Search",
31182
- "Insights",
31183
- "ReferenceToken",
31184
- "Audit.Read"
31185
- ];
31541
+ var DEFAULT_SCOPES = ["openid", "profile", "offline_access"];
31186
31542
  var normalizeAndValidateBaseUrl = (rawUrl) => {
31187
31543
  let baseUrl = rawUrl;
31188
31544
  if (baseUrl.endsWith("/identity_/")) {
@@ -31232,7 +31588,8 @@ var resolveConfigAsync = async ({
31232
31588
  if (!clientSecret && fileAuth.clientSecret) {
31233
31589
  clientSecret = fileAuth.clientSecret;
31234
31590
  }
31235
- const scopes = customScopes && customScopes.length > 0 ? customScopes : fileAuth.scopes && fileAuth.scopes.length > 0 ? fileAuth.scopes : DEFAULT_SCOPES;
31591
+ const isExternalAppAuth = clientId !== DEFAULT_CLIENT_ID && Boolean(clientSecret);
31592
+ const scopes = customScopes && customScopes.length > 0 ? customScopes : fileAuth.scopes && fileAuth.scopes.length > 0 ? fileAuth.scopes : isExternalAppAuth ? [] : DEFAULT_SCOPES;
31236
31593
  return {
31237
31594
  clientId,
31238
31595
  clientSecret,
@@ -31732,6 +32089,129 @@ function normalizeTokenRefreshFailure() {
31732
32089
  function normalizeTokenRefreshUnavailableFailure() {
31733
32090
  return "token refresh failed before authentication completed";
31734
32091
  }
32092
+ function errorMessage(error) {
32093
+ return error instanceof Error ? error.message : String(error);
32094
+ }
32095
+ function computeExpirationThreshold(ensureTokenValidityMinutes) {
32096
+ return new Date(Date.now() + (ensureTokenValidityMinutes ?? 0) * 60 * 1000);
32097
+ }
32098
+ async function runRefreshLocked(inputs) {
32099
+ const {
32100
+ absolutePath,
32101
+ refreshToken: callerRefreshToken,
32102
+ customAuthority,
32103
+ ensureTokenValidityMinutes,
32104
+ loadEnvFile,
32105
+ saveEnvFile,
32106
+ refreshFn,
32107
+ resolveConfig
32108
+ } = inputs;
32109
+ const expirationThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
32110
+ let fresh;
32111
+ try {
32112
+ fresh = await loadEnvFile({ envPath: absolutePath });
32113
+ } catch (error) {
32114
+ return {
32115
+ kind: "fail",
32116
+ status: {
32117
+ loginStatus: "Refresh Failed",
32118
+ hint: "Could not read the auth file while refreshing. Retry, or run 'uip login' to re-authenticate.",
32119
+ tokenRefresh: {
32120
+ attempted: false,
32121
+ success: false,
32122
+ errorMessage: `auth file read failed: ${errorMessage(error)}`
32123
+ }
32124
+ }
32125
+ };
32126
+ }
32127
+ const freshAccess = fresh.UIPATH_ACCESS_TOKEN;
32128
+ const freshExp = freshAccess ? getTokenExpiration(freshAccess) : undefined;
32129
+ if (freshAccess && freshExp && freshExp > expirationThreshold) {
32130
+ return {
32131
+ kind: "ok",
32132
+ accessToken: freshAccess,
32133
+ refreshToken: fresh.UIPATH_REFRESH_TOKEN ?? callerRefreshToken,
32134
+ expiration: freshExp,
32135
+ tokenRefresh: { attempted: false, success: true }
32136
+ };
32137
+ }
32138
+ const tokenForIdP = fresh.UIPATH_REFRESH_TOKEN ?? callerRefreshToken;
32139
+ let refreshedAccess;
32140
+ let refreshedRefresh;
32141
+ try {
32142
+ const config = await resolveConfig({ customAuthority });
32143
+ const refreshed = await refreshFn({
32144
+ refreshToken: tokenForIdP,
32145
+ tokenEndpoint: config.tokenEndpoint,
32146
+ clientId: config.clientId,
32147
+ expectedAuthority: customAuthority
32148
+ });
32149
+ refreshedAccess = refreshed.accessToken;
32150
+ refreshedRefresh = refreshed.refreshToken;
32151
+ } catch (error) {
32152
+ const isOAuthFailure = isTokenRefreshOAuthFailure(error);
32153
+ const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
32154
+ const message = isOAuthFailure ? normalizeTokenRefreshFailure() : normalizeTokenRefreshUnavailableFailure();
32155
+ return {
32156
+ kind: "fail",
32157
+ status: {
32158
+ loginStatus: "Refresh Failed",
32159
+ hint,
32160
+ tokenRefresh: {
32161
+ attempted: true,
32162
+ success: false,
32163
+ errorMessage: message
32164
+ }
32165
+ }
32166
+ };
32167
+ }
32168
+ const refreshedExp = getTokenExpiration(refreshedAccess);
32169
+ if (!refreshedExp || refreshedExp <= new Date) {
32170
+ return {
32171
+ kind: "fail",
32172
+ status: {
32173
+ loginStatus: "Refresh Failed",
32174
+ hint: "The identity server returned an unusable token. Run 'uip login' to re-authenticate.",
32175
+ tokenRefresh: {
32176
+ attempted: true,
32177
+ success: false,
32178
+ errorMessage: "refreshed token has no valid expiration claim"
32179
+ }
32180
+ }
32181
+ };
32182
+ }
32183
+ try {
32184
+ await saveEnvFile({
32185
+ envPath: absolutePath,
32186
+ data: {
32187
+ UIPATH_ACCESS_TOKEN: refreshedAccess,
32188
+ UIPATH_REFRESH_TOKEN: refreshedRefresh
32189
+ },
32190
+ merge: true
32191
+ });
32192
+ return {
32193
+ kind: "ok",
32194
+ accessToken: refreshedAccess,
32195
+ refreshToken: refreshedRefresh,
32196
+ expiration: refreshedExp,
32197
+ tokenRefresh: { attempted: true, success: true }
32198
+ };
32199
+ } catch (error) {
32200
+ const msg = errorMessage(error);
32201
+ return {
32202
+ kind: "ok",
32203
+ accessToken: refreshedAccess,
32204
+ refreshToken: refreshedRefresh,
32205
+ expiration: refreshedExp,
32206
+ persistenceWarning: `Access token refreshed in memory but could not be written to ${absolutePath}: ${msg}. The next CLI invocation will fail until the file can be updated — run 'uip login' to re-authenticate.`,
32207
+ tokenRefresh: {
32208
+ attempted: true,
32209
+ success: true,
32210
+ errorMessage: `persistence failed: ${msg}`
32211
+ }
32212
+ };
32213
+ }
32214
+ }
31735
32215
  var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
31736
32216
  const {
31737
32217
  resolveEnvFilePath = resolveEnvFilePathAsync,
@@ -31806,73 +32286,103 @@ var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
31806
32286
  let refreshToken = credentials.UIPATH_REFRESH_TOKEN;
31807
32287
  let expiration = getTokenExpiration(accessToken);
31808
32288
  let persistenceWarning;
32289
+ let lockReleaseFailed = false;
31809
32290
  let tokenRefresh;
31810
- const expirationThreshold = new Date(Date.now() + (ensureTokenValidityMinutes ?? 0) * 60 * 1000);
31811
- if (expiration && expiration <= expirationThreshold && refreshToken) {
31812
- let refreshedAccess;
31813
- let refreshedRefresh;
32291
+ const outerThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
32292
+ const tryGlobalCredsHint = async () => {
32293
+ const fs7 = getFs();
32294
+ const globalPath = fs7.path.join(fs7.env.homedir(), envFilePath);
32295
+ if (absolutePath === globalPath)
32296
+ return;
32297
+ if (!await fs7.exists(globalPath))
32298
+ return;
31814
32299
  try {
31815
- const config = await resolveConfig({
31816
- customAuthority: credentials.UIPATH_URL
31817
- });
31818
- const refreshed = await refreshTokenFn({
31819
- refreshToken,
31820
- tokenEndpoint: config.tokenEndpoint,
31821
- clientId: config.clientId,
31822
- expectedAuthority: credentials.UIPATH_URL
31823
- });
31824
- refreshedAccess = refreshed.accessToken;
31825
- refreshedRefresh = refreshed.refreshToken;
31826
- } catch (error) {
31827
- const isOAuthFailure = isTokenRefreshOAuthFailure(error);
31828
- const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
31829
- const errorMessage = isOAuthFailure ? normalizeTokenRefreshFailure() : normalizeTokenRefreshUnavailableFailure();
31830
- return {
31831
- loginStatus: "Refresh Failed",
31832
- hint,
31833
- tokenRefresh: {
31834
- attempted: true,
31835
- success: false,
31836
- errorMessage
31837
- }
31838
- };
32300
+ const globalCreds = await loadEnvFile({ envPath: globalPath });
32301
+ if (!globalCreds.UIPATH_ACCESS_TOKEN)
32302
+ return;
32303
+ const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
32304
+ if (globalExp && globalExp <= new Date)
32305
+ return;
32306
+ return `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
32307
+ } catch {
32308
+ return;
31839
32309
  }
31840
- const refreshedExp = getTokenExpiration(refreshedAccess);
31841
- if (!refreshedExp || refreshedExp <= new Date) {
32310
+ };
32311
+ if (expiration && expiration <= outerThreshold && refreshToken) {
32312
+ let release;
32313
+ try {
32314
+ release = await getFs().acquireLock(absolutePath);
32315
+ } catch (error) {
32316
+ const msg = errorMessage(error);
32317
+ const globalHint = await tryGlobalCredsHint();
32318
+ if (globalHint) {
32319
+ return {
32320
+ loginStatus: "Expired",
32321
+ accessToken,
32322
+ refreshToken,
32323
+ baseUrl: credentials.UIPATH_URL,
32324
+ organizationName: credentials.UIPATH_ORGANIZATION_NAME,
32325
+ organizationId: credentials.UIPATH_ORGANIZATION_ID,
32326
+ tenantName: credentials.UIPATH_TENANT_NAME,
32327
+ tenantId: credentials.UIPATH_TENANT_ID,
32328
+ expiration,
32329
+ source: "file" /* File */,
32330
+ hint: globalHint,
32331
+ tokenRefresh: {
32332
+ attempted: false,
32333
+ success: false,
32334
+ errorMessage: `lock acquisition failed: ${msg}`
32335
+ }
32336
+ };
32337
+ }
31842
32338
  return {
31843
32339
  loginStatus: "Refresh Failed",
31844
- hint: "The identity server returned an unusable token. Run 'uip login' to re-authenticate.",
32340
+ hint: "Could not acquire the auth-file lock — too many concurrent `uip` processes, or a permission issue on the auth directory. Retry, or run 'uip login' to re-authenticate.",
31845
32341
  tokenRefresh: {
31846
- attempted: true,
32342
+ attempted: false,
31847
32343
  success: false,
31848
- errorMessage: "refreshed token has no valid expiration claim"
32344
+ errorMessage: `lock acquisition failed: ${msg}`
31849
32345
  }
31850
32346
  };
31851
32347
  }
31852
- accessToken = refreshedAccess;
31853
- refreshToken = refreshedRefresh;
31854
- expiration = refreshedExp;
32348
+ let lockedFailure;
31855
32349
  try {
31856
- await saveEnvFile({
31857
- envPath: absolutePath,
31858
- data: {
31859
- UIPATH_ACCESS_TOKEN: accessToken,
31860
- UIPATH_REFRESH_TOKEN: refreshToken
31861
- },
31862
- merge: true
32350
+ const outcome = await runRefreshLocked({
32351
+ absolutePath,
32352
+ refreshToken,
32353
+ customAuthority: credentials.UIPATH_URL,
32354
+ ensureTokenValidityMinutes,
32355
+ loadEnvFile,
32356
+ saveEnvFile,
32357
+ refreshFn: refreshTokenFn,
32358
+ resolveConfig
31863
32359
  });
31864
- tokenRefresh = {
31865
- attempted: true,
31866
- success: true
31867
- };
31868
- } catch (error) {
31869
- const msg = error instanceof Error ? error.message : String(error);
31870
- persistenceWarning = `Access token refreshed in memory but could not be written to ${absolutePath}: ${msg}. The next CLI invocation will fail until the file can be updated — run 'uip login' to re-authenticate.`;
31871
- tokenRefresh = {
31872
- attempted: true,
31873
- success: true,
31874
- errorMessage: `persistence failed: ${msg}`
31875
- };
32360
+ if (outcome.kind === "fail") {
32361
+ lockedFailure = outcome.status;
32362
+ } else {
32363
+ accessToken = outcome.accessToken;
32364
+ refreshToken = outcome.refreshToken;
32365
+ expiration = outcome.expiration;
32366
+ tokenRefresh = outcome.tokenRefresh;
32367
+ if (outcome.persistenceWarning) {
32368
+ persistenceWarning = outcome.persistenceWarning;
32369
+ }
32370
+ }
32371
+ } finally {
32372
+ try {
32373
+ await release();
32374
+ } catch {
32375
+ lockReleaseFailed = true;
32376
+ }
32377
+ }
32378
+ if (lockedFailure) {
32379
+ const globalHint = await tryGlobalCredsHint();
32380
+ const base = globalHint ? {
32381
+ ...lockedFailure,
32382
+ loginStatus: "Expired",
32383
+ hint: globalHint
32384
+ } : lockedFailure;
32385
+ return lockReleaseFailed ? { ...base, lockReleaseFailed: true } : base;
31876
32386
  }
31877
32387
  }
31878
32388
  const result = {
@@ -31887,23 +32397,13 @@ var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
31887
32397
  expiration,
31888
32398
  source: "file" /* File */,
31889
32399
  ...persistenceWarning ? { hint: persistenceWarning, persistenceFailed: true } : {},
32400
+ ...lockReleaseFailed ? { lockReleaseFailed: true } : {},
31890
32401
  ...tokenRefresh ? { tokenRefresh } : {}
31891
32402
  };
31892
32403
  if (result.loginStatus === "Expired") {
31893
- const fs7 = getFs();
31894
- const globalPath = fs7.path.join(fs7.env.homedir(), envFilePath);
31895
- if (absolutePath !== globalPath && await fs7.exists(globalPath)) {
31896
- try {
31897
- const globalCreds = await loadEnvFile({
31898
- envPath: globalPath
31899
- });
31900
- if (globalCreds.UIPATH_ACCESS_TOKEN) {
31901
- const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
31902
- if (!globalExp || globalExp > new Date) {
31903
- result.hint = `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
31904
- }
31905
- }
31906
- } catch {}
32404
+ const globalHint = await tryGlobalCredsHint();
32405
+ if (globalHint) {
32406
+ result.hint = globalHint;
31907
32407
  }
31908
32408
  }
31909
32409
  return result;
@@ -31951,23 +32451,31 @@ var getAuthContext = async (options = {}) => {
31951
32451
  init_src();
31952
32452
  // ../../auth/src/logout.ts
31953
32453
  init_src();
32454
+
32455
+ // ../../auth/src/index.ts
32456
+ init_server();
32457
+
31954
32458
  // ../identity-sdk/src/client-factory.ts
31955
32459
  async function createIdentityConfig(options) {
31956
32460
  const ctx = await getAuthContext({
31957
32461
  ensureTokenValidityMinutes: options?.loginValidity,
31958
- requireOrganizationId: true,
32462
+ requireOrganizationId: options?.organization === undefined,
31959
32463
  requireTenantName: true
31960
32464
  });
31961
- const identityBasePath = `${ctx.baseUrl}/${ctx.organizationId}/identity_`;
31962
- const headers = {
32465
+ const organizationId = options?.organization ?? ctx.organizationId;
32466
+ if (organizationId === undefined || organizationId.length === 0) {
32467
+ throw new Error("Organization ID not available. Provide --organization or log in with an organization context.");
32468
+ }
32469
+ const identityBasePath = `${ctx.baseUrl}/${organizationId}/identity_`;
32470
+ const headers = addSdkUserAgentHeader({
31963
32471
  Authorization: `Bearer ${ctx.accessToken}`
31964
- };
32472
+ }, SDK_USER_AGENT);
31965
32473
  return {
31966
32474
  config: new Configuration({
31967
32475
  basePath: identityBasePath,
31968
32476
  headers
31969
32477
  }),
31970
- organizationId: ctx.organizationId ?? ""
32478
+ organizationId
31971
32479
  };
31972
32480
  }
31973
32481
  async function createApiClient(ApiClass, options) {
@@ -31976,14 +32484,14 @@ async function createApiClient(ApiClass, options) {
31976
32484
  }
31977
32485
  // src/commands/external-apps.ts
31978
32486
  var INSTRUCTIONS = {
31979
- list: "Verify --organization is a valid org ID. Run 'external-apps list --help' for options.",
32487
+ list: "Verify you are logged in. Run 'external-apps list --help' for options.",
31980
32488
  get: "Verify the app ID exists. Use 'external-apps list' to find valid IDs.",
31981
- create: "Verify --organization and scopes are correct. Provide --user-scope and/or --app-scope.",
31982
- update: "Verify the app ID and --organization are correct.",
32489
+ create: "Verify scopes are correct. Provide --user-scope and/or --app-scope.",
32490
+ update: "Verify the app ID is correct.",
31983
32491
  delete: "Verify the app ID exists. The app may have already been deleted.",
31984
- generateSecret: "Verify the app ID and --organization are correct.",
32492
+ generateSecret: "Verify the app ID is correct.",
31985
32493
  deleteSecret: "Verify the secret ID exists. Use 'external-apps get' to find valid secret IDs.",
31986
- fedCredList: "Verify the client ID and --organization are correct.",
32494
+ fedCredList: "Verify the client ID is correct.",
31987
32495
  fedCredGet: "Verify the credential ID exists. Use 'federated-credentials list' to find valid IDs.",
31988
32496
  fedCredCreate: "Provide --name, --issuer, --audience, and --subject. These must match the external identity provider.",
31989
32497
  fedCredUpdate: "Verify the credential ID exists and provide the updated fields.",
@@ -32170,14 +32678,21 @@ function parseScopes(csv, type2) {
32170
32678
  return [];
32171
32679
  return csv.split(",").map((s) => ({ name: s.trim(), type: type2 }));
32172
32680
  }
32681
+ function warnDeprecatedOrganization(org) {
32682
+ if (org !== undefined) {
32683
+ logger.warn("--organization is deprecated and ignored; organization is derived from login context");
32684
+ }
32685
+ }
32173
32686
  var registerExternalAppsCommand = (program2) => {
32174
32687
  const externalApps = program2.command("external-apps").description("Manage external OAuth2 clients. List, get, create, update, delete clients and manage secrets.");
32175
- externalApps.command("list").description("List external apps in a partition.").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
32688
+ externalApps.command("list").description("List external apps in a partition.").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
32689
+ warnDeprecatedOrganization(options.organization);
32176
32690
  const [error, result] = await catchError((async () => {
32177
32691
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32178
- loginValidity: options.loginValidity
32692
+ loginValidity: options.loginValidity,
32693
+ organization: options.organization
32179
32694
  });
32180
- const orgId = options.organization ?? organizationId;
32695
+ const orgId = organizationId;
32181
32696
  return await api.externalClientGet({
32182
32697
  partitionGlobalId: orgId
32183
32698
  });
@@ -32197,12 +32712,14 @@ var registerExternalAppsCommand = (program2) => {
32197
32712
  Data: result ?? []
32198
32713
  });
32199
32714
  });
32200
- externalApps.command("get").description("Get external app details. " + "Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_GET_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32715
+ externalApps.command("get").description("Get external app details. " + "Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_GET_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32716
+ warnDeprecatedOrganization(options.organization);
32201
32717
  const [error, client] = await catchError((async () => {
32202
32718
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32203
- loginValidity: options.loginValidity
32719
+ loginValidity: options.loginValidity,
32720
+ organization: options.organization
32204
32721
  });
32205
- const orgId = options.organization ?? organizationId;
32722
+ const orgId = organizationId;
32206
32723
  return await api.externalClientGetWithClientId({
32207
32724
  partitionGlobalId: orgId,
32208
32725
  clientId
@@ -32223,7 +32740,8 @@ var registerExternalAppsCommand = (program2) => {
32223
32740
  Data: client
32224
32741
  });
32225
32742
  });
32226
- externalApps.command("create").description("Create an external app (confidential by default). " + "Use --non-confidential for public clients (SPAs, mobile apps).").argument("<name>", "App display name").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--redirect-uri <uri>", "Redirect URI(s) for OAuth2 flow (comma-separated for multiple)").option("--user-scope <scopes>", "Comma-separated user (delegated) scopes").option("--app-scope <scopes>", "Comma-separated application (app-only) scopes").option("--scope <scopes>", "Alias for --app-scope (deprecated)").option("--non-confidential", "Create a non-confidential (public) app — no client secret, requires redirect URI").option("--no-secret", "Skip generating a client secret on creation").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
32743
+ externalApps.command("create").description("Create an external app (confidential by default). " + "Use --non-confidential for public clients (SPAs, mobile apps).").argument("<name>", "App display name").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--redirect-uri <uri>", "Redirect URI(s) for OAuth2 flow (comma-separated for multiple)").option("--user-scope <scopes>", "Comma-separated user (delegated) scopes").option("--app-scope <scopes>", "Comma-separated application (app-only) scopes").option("--scope <scopes>", "Alias for --app-scope (deprecated)").option("--non-confidential", "Create a non-confidential (public) app — no client secret, requires redirect URI").option("--no-secret", "Skip generating a client secret on creation").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
32744
+ warnDeprecatedOrganization(options.organization);
32227
32745
  if (options.scope && !options.appScope) {
32228
32746
  options.appScope = options.scope;
32229
32747
  }
@@ -32264,9 +32782,10 @@ var registerExternalAppsCommand = (program2) => {
32264
32782
  const generateFirstSecret = isConfidential && options.secret !== false;
32265
32783
  const [error, result] = await catchError((async () => {
32266
32784
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32267
- loginValidity: options.loginValidity
32785
+ loginValidity: options.loginValidity,
32786
+ organization: options.organization
32268
32787
  });
32269
- const orgId = options.organization ?? organizationId;
32788
+ const orgId = organizationId;
32270
32789
  const createCommand2 = {
32271
32790
  partitionGlobalId: orgId,
32272
32791
  name,
@@ -32294,7 +32813,8 @@ var registerExternalAppsCommand = (program2) => {
32294
32813
  Data: result
32295
32814
  });
32296
32815
  });
32297
- externalApps.command("update").description("Update an external app. Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("-n, --name <name>", "New display name").option("--redirect-uri <uri>", "Redirect URI(s) for OAuth2 flow (comma-separated for multiple)").option("--user-scope <scopes>", "Comma-separated user (delegated) scopes").option("--app-scope <scopes>", "Comma-separated application (app-only) scopes").option("--scope <scopes>", "Alias for --app-scope (deprecated)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_UPDATE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32816
+ externalApps.command("update").description("Update an external app. Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("-n, --name <name>", "New display name").option("--redirect-uri <uri>", "Redirect URI(s) for OAuth2 flow (comma-separated for multiple)").option("--user-scope <scopes>", "Comma-separated user (delegated) scopes").option("--app-scope <scopes>", "Comma-separated application (app-only) scopes").option("--scope <scopes>", "Alias for --app-scope (deprecated)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_UPDATE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32817
+ warnDeprecatedOrganization(options.organization);
32298
32818
  if (options.scope && !options.appScope) {
32299
32819
  options.appScope = options.scope;
32300
32820
  }
@@ -32310,9 +32830,10 @@ var registerExternalAppsCommand = (program2) => {
32310
32830
  }
32311
32831
  const [fetchError, fetchResult] = await catchError((async () => {
32312
32832
  const { api: api2, organizationId } = await createApiClient(ExternalClientApi, {
32313
- loginValidity: options.loginValidity
32833
+ loginValidity: options.loginValidity,
32834
+ organization: options.organization
32314
32835
  });
32315
- const orgId2 = options.organization ?? organizationId;
32836
+ const orgId2 = organizationId;
32316
32837
  const current2 = await api2.externalClientGetWithClientId({
32317
32838
  partitionGlobalId: orgId2,
32318
32839
  clientId
@@ -32380,12 +32901,14 @@ var registerExternalAppsCommand = (program2) => {
32380
32901
  Data: result
32381
32902
  });
32382
32903
  });
32383
- externalApps.command("delete").description("Delete an external app. " + "Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_DELETE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32904
+ externalApps.command("delete").description("Delete an external app. " + "Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_DELETE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32905
+ warnDeprecatedOrganization(options.organization);
32384
32906
  const [error] = await catchError((async () => {
32385
32907
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32386
- loginValidity: options.loginValidity
32908
+ loginValidity: options.loginValidity,
32909
+ organization: options.organization
32387
32910
  });
32388
- const orgId = options.organization ?? organizationId;
32911
+ const orgId = organizationId;
32389
32912
  return await api.externalClientDelete({
32390
32913
  partitionGlobalId: orgId,
32391
32914
  clientId
@@ -32409,12 +32932,14 @@ var registerExternalAppsCommand = (program2) => {
32409
32932
  }
32410
32933
  });
32411
32934
  });
32412
- externalApps.command("generate-secret").description("Generate a new secret for an external app. " + "Returns the secret value (only shown once).").argument("<client-id>", "External app ID").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--description <text>", "Description for the secret").option("--expiration <date>", "Expiration date (ISO 8601)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_GENERATE_SECRET_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32935
+ externalApps.command("generate-secret").description("Generate a new secret for an external app. " + "Returns the secret value (only shown once).").argument("<client-id>", "External app ID").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--description <text>", "Description for the secret").option("--expiration <date>", "Expiration date (ISO 8601)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_GENERATE_SECRET_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32936
+ warnDeprecatedOrganization(options.organization);
32413
32937
  const [error, result] = await catchError((async () => {
32414
32938
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32415
- loginValidity: options.loginValidity
32939
+ loginValidity: options.loginValidity,
32940
+ organization: options.organization
32416
32941
  });
32417
- const orgId = options.organization ?? organizationId;
32942
+ const orgId = organizationId;
32418
32943
  return await api.externalClientGenerateSecret({
32419
32944
  createClientSecretCommand: {
32420
32945
  clientId,
@@ -32439,12 +32964,14 @@ var registerExternalAppsCommand = (program2) => {
32439
32964
  Data: result
32440
32965
  });
32441
32966
  });
32442
- externalApps.command("delete-secret").description("Delete a specific secret from an external app.").argument("<secret-id>", "Secret ID (numeric)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_DELETE_SECRET_EXAMPLES).trackedAction(processContext, async (secretId, options) => {
32967
+ externalApps.command("delete-secret").description("Delete a specific secret from an external app.").argument("<secret-id>", "Secret ID (numeric)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_DELETE_SECRET_EXAMPLES).trackedAction(processContext, async (secretId, options) => {
32968
+ warnDeprecatedOrganization(options.organization);
32443
32969
  const [error] = await catchError((async () => {
32444
32970
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32445
- loginValidity: options.loginValidity
32971
+ loginValidity: options.loginValidity,
32972
+ organization: options.organization
32446
32973
  });
32447
- const orgId = options.organization ?? organizationId;
32974
+ const orgId = organizationId;
32448
32975
  return await api.externalClientDeleteSecret({
32449
32976
  partitionGlobalId: orgId,
32450
32977
  secretId: Number.parseInt(secretId, 10)
@@ -32469,10 +32996,14 @@ var registerExternalAppsCommand = (program2) => {
32469
32996
  });
32470
32997
  });
32471
32998
  const fedCreds = externalApps.command("federated-credentials").description("Manage federated credentials for external apps. " + "Enable workload identity federation with external identity providers (e.g. GitHub Actions, Azure AD).");
32472
- fedCreds.command("list").description("List federated credentials for an external app.").argument("<client-id>", "External app ID").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_LIST_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32999
+ fedCreds.command("list").description("List federated credentials for an external app.").argument("<client-id>", "External app ID").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_LIST_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
33000
+ warnDeprecatedOrganization(options.organization);
32473
33001
  const [error, result] = await catchError((async () => {
32474
- const { api, organizationId } = await createApiClient(ExternalClientApi, { loginValidity: options.loginValidity });
32475
- const orgId = options.organization ?? organizationId;
33002
+ const { api, organizationId } = await createApiClient(ExternalClientApi, {
33003
+ loginValidity: options.loginValidity,
33004
+ organization: options.organization
33005
+ });
33006
+ const orgId = organizationId;
32476
33007
  return await api.externalClientGetFederatedCredentials({
32477
33008
  partitionGlobalId: orgId,
32478
33009
  clientId
@@ -32493,10 +33024,14 @@ var registerExternalAppsCommand = (program2) => {
32493
33024
  Data: result ?? []
32494
33025
  });
32495
33026
  });
32496
- fedCreds.command("get").description("Get a federated credential by ID.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_GET_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33027
+ fedCreds.command("get").description("Get a federated credential by ID.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_GET_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33028
+ warnDeprecatedOrganization(options.organization);
32497
33029
  const [error, result] = await catchError((async () => {
32498
- const { api, organizationId } = await createApiClient(ExternalClientApi, { loginValidity: options.loginValidity });
32499
- const orgId = options.organization ?? organizationId;
33030
+ const { api, organizationId } = await createApiClient(ExternalClientApi, {
33031
+ loginValidity: options.loginValidity,
33032
+ organization: options.organization
33033
+ });
33034
+ const orgId = organizationId;
32500
33035
  return await api.externalClientGetFederatedCredentialByIdByCredentialId({
32501
33036
  partitionGlobalId: orgId,
32502
33037
  clientId,
@@ -32518,10 +33053,14 @@ var registerExternalAppsCommand = (program2) => {
32518
33053
  Data: result
32519
33054
  });
32520
33055
  });
32521
- fedCreds.command("create").description("Create a federated credential for an external app. " + "Maps an external identity (e.g. GitHub Actions OIDC) to this app.").argument("<client-id>", "External app ID").requiredOption("-n, --name <name>", "Credential name").requiredOption("--issuer <url>", "Token issuer URL (e.g. https://token.actions.githubusercontent.com)").requiredOption("--audience <audience>", "Expected audience claim (e.g. api://AzureADTokenExchange)").requiredOption("--subject <subject>", "Expected subject claim (e.g. repo:org/repo:ref:refs/heads/main)").option("--description <text>", "Description for the credential").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_CREATE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
33056
+ fedCreds.command("create").description("Create a federated credential for an external app. " + "Maps an external identity (e.g. GitHub Actions OIDC) to this app.").argument("<client-id>", "External app ID").requiredOption("-n, --name <name>", "Credential name").requiredOption("--issuer <url>", "Token issuer URL (e.g. https://token.actions.githubusercontent.com)").requiredOption("--audience <audience>", "Expected audience claim (e.g. api://AzureADTokenExchange)").requiredOption("--subject <subject>", "Expected subject claim (e.g. repo:org/repo:ref:refs/heads/main)").option("--description <text>", "Description for the credential").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_CREATE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
33057
+ warnDeprecatedOrganization(options.organization);
32522
33058
  const [error, result] = await catchError((async () => {
32523
- const { api, organizationId } = await createApiClient(ExternalClientApi, { loginValidity: options.loginValidity });
32524
- const orgId = options.organization ?? organizationId;
33059
+ const { api, organizationId } = await createApiClient(ExternalClientApi, {
33060
+ loginValidity: options.loginValidity,
33061
+ organization: options.organization
33062
+ });
33063
+ const orgId = organizationId;
32525
33064
  const cmd = {
32526
33065
  name: options.name,
32527
33066
  issuer: options.issuer,
@@ -32550,10 +33089,14 @@ var registerExternalAppsCommand = (program2) => {
32550
33089
  Data: result
32551
33090
  });
32552
33091
  });
32553
- fedCreds.command("update").description("Update a federated credential.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").requiredOption("-n, --name <name>", "Credential name").requiredOption("--issuer <url>", "Token issuer URL").requiredOption("--audience <audience>", "Expected audience claim").requiredOption("--subject <subject>", "Expected subject claim").option("--description <text>", "Description for the credential").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_UPDATE_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33092
+ fedCreds.command("update").description("Update a federated credential.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").requiredOption("-n, --name <name>", "Credential name").requiredOption("--issuer <url>", "Token issuer URL").requiredOption("--audience <audience>", "Expected audience claim").requiredOption("--subject <subject>", "Expected subject claim").option("--description <text>", "Description for the credential").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_UPDATE_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33093
+ warnDeprecatedOrganization(options.organization);
32554
33094
  const [error, result] = await catchError((async () => {
32555
- const { api, organizationId } = await createApiClient(ExternalClientApi, { loginValidity: options.loginValidity });
32556
- const orgId = options.organization ?? organizationId;
33095
+ const { api, organizationId } = await createApiClient(ExternalClientApi, {
33096
+ loginValidity: options.loginValidity,
33097
+ organization: options.organization
33098
+ });
33099
+ const orgId = organizationId;
32557
33100
  const cmd = {
32558
33101
  name: options.name,
32559
33102
  issuer: options.issuer,
@@ -32583,10 +33126,14 @@ var registerExternalAppsCommand = (program2) => {
32583
33126
  Data: result
32584
33127
  });
32585
33128
  });
32586
- fedCreds.command("delete").description("Delete a federated credential from an external app.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_DELETE_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33129
+ fedCreds.command("delete").description("Delete a federated credential from an external app.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_DELETE_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33130
+ warnDeprecatedOrganization(options.organization);
32587
33131
  const [error] = await catchError((async () => {
32588
- const { api, organizationId } = await createApiClient(ExternalClientApi, { loginValidity: options.loginValidity });
32589
- const orgId = options.organization ?? organizationId;
33132
+ const { api, organizationId } = await createApiClient(ExternalClientApi, {
33133
+ loginValidity: options.loginValidity,
33134
+ organization: options.organization
33135
+ });
33136
+ const orgId = organizationId;
32590
33137
  return await api.externalClientDeleteFederatedCredential({
32591
33138
  partitionGlobalId: orgId,
32592
33139
  clientId,
@@ -32615,12 +33162,12 @@ var registerExternalAppsCommand = (program2) => {
32615
33162
 
32616
33163
  // src/commands/groups.ts
32617
33164
  var INSTRUCTIONS2 = {
32618
- list: "Verify --organization is a valid org ID. Run 'groups list --help' for options.",
33165
+ list: "Verify you are logged in. Run 'groups list --help' for options.",
32619
33166
  get: "Verify the group ID exists. Use 'groups list' to find valid IDs.",
32620
- create: "Verify --organization is correct. Group names must be unique within a partition.",
32621
- update: "Verify the group ID and --organization are correct. Use 'groups list' to find valid IDs.",
33167
+ create: "Verify the group name is correct. Group names must be unique within a partition.",
33168
+ update: "Verify the group ID is correct. Use 'groups list' to find valid IDs.",
32622
33169
  delete: "Verify the group ID exists. The group may have already been deleted.",
32623
- listMembers: "Verify the group ID and --organization are correct.",
33170
+ listMembers: "Verify the group ID is correct.",
32624
33171
  addMembers: "Verify the group ID and user IDs are correct. Use 'users list' to find valid user IDs.",
32625
33172
  revokeMembers: "Verify the user IDs are current members of the group."
32626
33173
  };
@@ -32722,14 +33269,20 @@ var MEMBERS_REVOKE_EXAMPLES = [
32722
33269
  }
32723
33270
  }
32724
33271
  ];
33272
+ function warnDeprecatedOrganization2(org) {
33273
+ if (org !== undefined) {
33274
+ logger.warn("--organization is deprecated and ignored; organization is derived from login context");
33275
+ }
33276
+ }
32725
33277
  var registerGroupsCommand = (program2) => {
32726
33278
  const groups = program2.command("groups").description("Manage groups. List, get, create, update, and delete groups within a partition.");
32727
- groups.command("list").description("List all groups in a partition. " + "Returns group ID, name, type, and creation time.").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
33279
+ groups.command("list").description("List all groups in a partition. " + "Returns group ID, name, type, and creation time.").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
33280
+ warnDeprecatedOrganization2(options.organization);
32728
33281
  const [error, result] = await catchError((async () => {
32729
33282
  const { api, organizationId } = await createApiClient(GroupApi, {
32730
33283
  loginValidity: options.loginValidity
32731
33284
  });
32732
- const orgId = options.organization ?? organizationId;
33285
+ const orgId = organizationId;
32733
33286
  return await api.groupGetGroups({
32734
33287
  partitionGlobalId: orgId
32735
33288
  });
@@ -32749,12 +33302,13 @@ var registerGroupsCommand = (program2) => {
32749
33302
  Data: result ?? []
32750
33303
  });
32751
33304
  });
32752
- groups.command("get").description("Get group details by ID. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_GET_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33305
+ groups.command("get").description("Get group details by ID. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_GET_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33306
+ warnDeprecatedOrganization2(options.organization);
32753
33307
  const [error, group] = await catchError((async () => {
32754
33308
  const { api, organizationId } = await createApiClient(GroupApi, {
32755
33309
  loginValidity: options.loginValidity
32756
33310
  });
32757
- const orgId = options.organization ?? organizationId;
33311
+ const orgId = organizationId;
32758
33312
  return await api.groupGetGroup({
32759
33313
  partitionGlobalId: orgId,
32760
33314
  groupId
@@ -32775,12 +33329,13 @@ var registerGroupsCommand = (program2) => {
32775
33329
  Data: group
32776
33330
  });
32777
33331
  });
32778
- groups.command("create").description("Create a new local group in a partition.").argument("<name>", "Group name").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
33332
+ groups.command("create").description("Create a new local group in a partition.").argument("<name>", "Group name").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
33333
+ warnDeprecatedOrganization2(options.organization);
32779
33334
  const [error, result] = await catchError((async () => {
32780
33335
  const { api, organizationId } = await createApiClient(GroupApi, {
32781
33336
  loginValidity: options.loginValidity
32782
33337
  });
32783
- const orgId = options.organization ?? organizationId;
33338
+ const orgId = organizationId;
32784
33339
  const createCommand2 = {
32785
33340
  id: crypto.randomUUID(),
32786
33341
  name,
@@ -32805,7 +33360,8 @@ var registerGroupsCommand = (program2) => {
32805
33360
  Data: result
32806
33361
  });
32807
33362
  });
32808
- groups.command("update").description("Update a group. Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("-n, --name <name>", "New group name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_UPDATE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33363
+ groups.command("update").description("Update a group. Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("-n, --name <name>", "New group name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_UPDATE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33364
+ warnDeprecatedOrganization2(options.organization);
32809
33365
  if (options.name === undefined) {
32810
33366
  OutputFormatter.error({
32811
33367
  Result: RESULTS.Failure,
@@ -32819,7 +33375,7 @@ var registerGroupsCommand = (program2) => {
32819
33375
  const { api, organizationId } = await createApiClient(GroupApi, {
32820
33376
  loginValidity: options.loginValidity
32821
33377
  });
32822
- const orgId = options.organization ?? organizationId;
33378
+ const orgId = organizationId;
32823
33379
  const updateCommand = {
32824
33380
  partitionGlobalId: orgId,
32825
33381
  name: options.name
@@ -32844,12 +33400,13 @@ var registerGroupsCommand = (program2) => {
32844
33400
  Data: result
32845
33401
  });
32846
33402
  });
32847
- groups.command("delete").description("Delete a group. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_DELETE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33403
+ groups.command("delete").description("Delete a group. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_DELETE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33404
+ warnDeprecatedOrganization2(options.organization);
32848
33405
  const [error] = await catchError((async () => {
32849
33406
  const { api, organizationId } = await createApiClient(GroupApi, {
32850
33407
  loginValidity: options.loginValidity
32851
33408
  });
32852
- const orgId = options.organization ?? organizationId;
33409
+ const orgId = organizationId;
32853
33410
  return await api.groupDelete({
32854
33411
  partitionGlobalId: orgId,
32855
33412
  groupId
@@ -32874,12 +33431,13 @@ var registerGroupsCommand = (program2) => {
32874
33431
  });
32875
33432
  });
32876
33433
  const members = groups.command("members").description("Manage group membership. List, add, or revoke members.");
32877
- members.command("list").description("List members of a group. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("-l, --limit <number>", "Number of items to return", "50").option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_LIST_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33434
+ members.command("list").description("List members of a group. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("-l, --limit <number>", "Number of items to return", "50").option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_LIST_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33435
+ warnDeprecatedOrganization2(options.organization);
32878
33436
  const [error, result] = await catchError((async () => {
32879
33437
  const { api, organizationId } = await createApiClient(GroupApi, {
32880
33438
  loginValidity: options.loginValidity
32881
33439
  });
32882
- const orgId = options.organization ?? organizationId;
33440
+ const orgId = organizationId;
32883
33441
  return await api.groupGetGroupMembers({
32884
33442
  partitionGlobalId: orgId,
32885
33443
  groupId,
@@ -32902,13 +33460,14 @@ var registerGroupsCommand = (program2) => {
32902
33460
  Data: result.results ?? []
32903
33461
  });
32904
33462
  });
32905
- members.command("add").description("Add users to a group. Pass comma-separated user IDs.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").requiredOption("--user-ids <ids>", "Comma-separated user IDs to add").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_ADD_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33463
+ members.command("add").description("Add users to a group. Pass comma-separated user IDs.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").requiredOption("--user-ids <ids>", "Comma-separated user IDs to add").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_ADD_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33464
+ warnDeprecatedOrganization2(options.organization);
32906
33465
  const userIds = options.userIds.split(",").map((id) => id.trim());
32907
33466
  const [error, result] = await catchError((async () => {
32908
33467
  const { api, organizationId } = await createApiClient(GroupApi, {
32909
33468
  loginValidity: options.loginValidity
32910
33469
  });
32911
- const orgId = options.organization ?? organizationId;
33470
+ const orgId = organizationId;
32912
33471
  const group = await api.groupGetGroup({
32913
33472
  partitionGlobalId: orgId,
32914
33473
  groupId
@@ -32937,13 +33496,14 @@ var registerGroupsCommand = (program2) => {
32937
33496
  Data: result
32938
33497
  });
32939
33498
  });
32940
- members.command("revoke").description("Revoke users from a group. Pass comma-separated user IDs.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").requiredOption("--user-ids <ids>", "Comma-separated user IDs to revoke").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_REVOKE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33499
+ members.command("revoke").description("Revoke users from a group. Pass comma-separated user IDs.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").requiredOption("--user-ids <ids>", "Comma-separated user IDs to revoke").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_REVOKE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33500
+ warnDeprecatedOrganization2(options.organization);
32941
33501
  const userIds = options.userIds.split(",").map((id) => id.trim());
32942
33502
  const [error, result] = await catchError((async () => {
32943
33503
  const { api, organizationId } = await createApiClient(GroupApi, {
32944
33504
  loginValidity: options.loginValidity
32945
33505
  });
32946
- const orgId = options.organization ?? organizationId;
33506
+ const orgId = organizationId;
32947
33507
  const group = await api.groupGetGroup({
32948
33508
  partitionGlobalId: orgId,
32949
33509
  groupId
@@ -33221,10 +33781,10 @@ var registerPatCommand = (program2) => {
33221
33781
 
33222
33782
  // src/commands/robot-accounts.ts
33223
33783
  var INSTRUCTIONS4 = {
33224
- list: "Verify --organization is a valid org ID. Run 'robot-accounts list --help' for options.",
33784
+ list: "Verify you are logged in. Run 'robot-accounts list --help' for options.",
33225
33785
  get: "Verify the robot account ID exists. Use 'robot-accounts list' to find valid IDs.",
33226
- create: "Verify --organization is correct. Robot account names must be unique within a partition.",
33227
- update: "Verify the robot account ID and --organization are correct.",
33786
+ create: "Verify the robot account name is correct. Names must be unique within a partition.",
33787
+ update: "Verify the robot account ID is correct.",
33228
33788
  delete: "Verify the robot account ID exists. The account may have already been deleted."
33229
33789
  };
33230
33790
  var ROBOT_ACCOUNTS_LIST_EXAMPLES = [
@@ -33296,14 +33856,20 @@ var ROBOT_ACCOUNTS_DELETE_EXAMPLES = [
33296
33856
  }
33297
33857
  }
33298
33858
  ];
33859
+ function warnDeprecatedOrganization3(org) {
33860
+ if (org !== undefined) {
33861
+ logger.warn("--organization is deprecated and ignored; organization is derived from login context");
33862
+ }
33863
+ }
33299
33864
  var registerRobotAccountsCommand = (program2) => {
33300
33865
  const robotAccounts = program2.command("robot-accounts").description("Manage robot accounts. List, get, create, update, and delete robot accounts within a partition.");
33301
- robotAccounts.command("list").description("List robot accounts in a partition. " + "Returns account ID, name, display name, and creation time.").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("-s, --search <term>", "Search by name").option("--sort-by <field>", "Sort results by field (e.g., 'Name')").addOption(new Option("--sort-order <direction>", "Sort direction (default: asc)").choices(["asc", "desc"])).option("-l, --limit <number>", "Number of items to return", String(DEFAULT_PAGE_SIZE)).option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
33866
+ robotAccounts.command("list").description("List robot accounts in a partition. " + "Returns account ID, name, display name, and creation time.").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("-s, --search <term>", "Search by name").option("--sort-by <field>", "Sort results by field (e.g., 'Name')").addOption(new Option("--sort-order <direction>", "Sort direction (default: asc)").choices(["asc", "desc"])).option("-l, --limit <number>", "Number of items to return", String(DEFAULT_PAGE_SIZE)).option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
33867
+ warnDeprecatedOrganization3(options.organization);
33302
33868
  const [error, result] = await catchError((async () => {
33303
33869
  const { api, organizationId } = await createApiClient(RobotAccountApi, {
33304
33870
  loginValidity: options.loginValidity
33305
33871
  });
33306
- const orgId = options.organization ?? organizationId;
33872
+ const orgId = organizationId;
33307
33873
  return await api.robotAccountGetRobotAccounts({
33308
33874
  partitionGlobalId: orgId,
33309
33875
  searchTerm: options.search,
@@ -33328,12 +33894,13 @@ var registerRobotAccountsCommand = (program2) => {
33328
33894
  Data: result.results ?? []
33329
33895
  });
33330
33896
  });
33331
- robotAccounts.command("get").description("Get robot account details by ID. " + "Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_GET_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33897
+ robotAccounts.command("get").description("Get robot account details by ID. " + "Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_GET_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33898
+ warnDeprecatedOrganization3(options.organization);
33332
33899
  const [error, account] = await catchError((async () => {
33333
33900
  const { api, organizationId } = await createApiClient(RobotAccountApi, {
33334
33901
  loginValidity: options.loginValidity
33335
33902
  });
33336
- const orgId = options.organization ?? organizationId;
33903
+ const orgId = organizationId;
33337
33904
  return await api.robotAccountGetRobotAccount({
33338
33905
  partitionGlobalId: orgId,
33339
33906
  robotAccountId
@@ -33354,12 +33921,13 @@ var registerRobotAccountsCommand = (program2) => {
33354
33921
  Data: account
33355
33922
  });
33356
33923
  });
33357
- robotAccounts.command("create").description("Create a new robot account in a partition.").argument("<name>", "Robot account name").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--display-name <display-name>", "Display name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
33924
+ robotAccounts.command("create").description("Create a new robot account in a partition.").argument("<name>", "Robot account name").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--display-name <display-name>", "Display name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
33925
+ warnDeprecatedOrganization3(options.organization);
33358
33926
  const [error, result] = await catchError((async () => {
33359
33927
  const { api, organizationId } = await createApiClient(RobotAccountApi, {
33360
33928
  loginValidity: options.loginValidity
33361
33929
  });
33362
- const orgId = options.organization ?? organizationId;
33930
+ const orgId = organizationId;
33363
33931
  const createCommand2 = {
33364
33932
  name,
33365
33933
  displayName: options.displayName ?? name,
@@ -33384,7 +33952,8 @@ var registerRobotAccountsCommand = (program2) => {
33384
33952
  Data: result
33385
33953
  });
33386
33954
  });
33387
- robotAccounts.command("update").description("Update a robot account. Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--display-name <display-name>", "New display name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_UPDATE_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33955
+ robotAccounts.command("update").description("Update a robot account. Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--display-name <display-name>", "New display name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_UPDATE_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33956
+ warnDeprecatedOrganization3(options.organization);
33388
33957
  if (options.displayName === undefined) {
33389
33958
  OutputFormatter.error({
33390
33959
  Result: RESULTS.Failure,
@@ -33398,7 +33967,7 @@ var registerRobotAccountsCommand = (program2) => {
33398
33967
  const { api, organizationId } = await createApiClient(RobotAccountApi, {
33399
33968
  loginValidity: options.loginValidity
33400
33969
  });
33401
- const orgId = options.organization ?? organizationId;
33970
+ const orgId = organizationId;
33402
33971
  const updateCommand = {
33403
33972
  partitionGlobalId: orgId,
33404
33973
  displayName: options.displayName
@@ -33423,12 +33992,13 @@ var registerRobotAccountsCommand = (program2) => {
33423
33992
  Data: result
33424
33993
  });
33425
33994
  });
33426
- robotAccounts.command("delete").description("Delete a robot account. " + "Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_DELETE_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33995
+ robotAccounts.command("delete").description("Delete a robot account. " + "Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_DELETE_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33996
+ warnDeprecatedOrganization3(options.organization);
33427
33997
  const [error] = await catchError((async () => {
33428
33998
  const { api, organizationId } = await createApiClient(RobotAccountApi, {
33429
33999
  loginValidity: options.loginValidity
33430
34000
  });
33431
- const orgId = options.organization ?? organizationId;
34001
+ const orgId = organizationId;
33432
34002
  await api.robotAccountDelete({
33433
34003
  partitionGlobalId: orgId,
33434
34004
  robotAccountId
@@ -33930,9 +34500,9 @@ var registerSmtpCommand = (program2) => {
33930
34500
 
33931
34501
  // src/commands/users.ts
33932
34502
  var INSTRUCTIONS7 = {
33933
- list: "Verify --organization is a valid org ID. Run 'users list --help' for options.",
34503
+ list: "Verify you are logged in. Run 'users list --help' for options.",
33934
34504
  get: "Verify the user ID exists. Use 'users list' to find valid IDs.",
33935
- create: "Verify --organization and --email are correct. The username may already exist.",
34505
+ create: "Verify --email is correct. The username may already exist.",
33936
34506
  update: "Verify the user ID exists. Use 'users list' to find valid IDs.",
33937
34507
  delete: "Verify the user ID exists. The user may have already been deleted.",
33938
34508
  invite: "Verify the email address is valid and the org allows invitations."
@@ -34021,14 +34591,20 @@ var USERS_INVITE_EXAMPLES = [
34021
34591
  }
34022
34592
  }
34023
34593
  ];
34594
+ function warnDeprecatedOrganization4(org) {
34595
+ if (org !== undefined) {
34596
+ logger.warn("--organization is deprecated and ignored; organization is derived from login context");
34597
+ }
34598
+ }
34024
34599
  var registerUsersCommand = (program2) => {
34025
34600
  const users = program2.command("users").description("Manage users. List, get, create, update, and delete users.");
34026
- users.command("list").description("List users in a partition. " + "Returns user ID, username, email, name, and creation time.").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("-s, --search <term>", "Search users by name or email").option("--sort-by <field>", "Sort results by field (e.g., 'UserName', 'Email')").addOption(new Option("--sort-order <direction>", "Sort direction (default: asc)").choices(["asc", "desc"])).option("-l, --limit <number>", "Number of items to return", String(DEFAULT_PAGE_SIZE)).option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
34601
+ users.command("list").description("List users in a partition. " + "Returns user ID, username, email, name, and creation time.").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("-s, --search <term>", "Search users by name or email").option("--sort-by <field>", "Sort results by field (e.g., 'UserName', 'Email')").addOption(new Option("--sort-order <direction>", "Sort direction (default: asc)").choices(["asc", "desc"])).option("-l, --limit <number>", "Number of items to return", String(DEFAULT_PAGE_SIZE)).option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
34602
+ warnDeprecatedOrganization4(options.organization);
34027
34603
  const [error, result] = await catchError((async () => {
34028
34604
  const { api, organizationId } = await createApiClient(UserApi, {
34029
34605
  loginValidity: options.loginValidity
34030
34606
  });
34031
- const orgId = options.organization ?? organizationId;
34607
+ const orgId = organizationId;
34032
34608
  return await api.userGetUsers({
34033
34609
  partitionGlobalId: orgId,
34034
34610
  searchTerm: options.search,
@@ -34054,6 +34630,7 @@ var registerUsersCommand = (program2) => {
34054
34630
  });
34055
34631
  });
34056
34632
  users.command("get").description("Get user details by ID. Use 'users list' to retrieve the user ID.").argument("<user-id>", "User ID (UUID)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_GET_EXAMPLES).trackedAction(processContext, async (userId, options) => {
34633
+ warnDeprecatedOrganization4(options.organization);
34057
34634
  const [error, user] = await catchError((async () => {
34058
34635
  const { api } = await createApiClient(UserApi, {
34059
34636
  loginValidity: options.loginValidity
@@ -34075,12 +34652,13 @@ var registerUsersCommand = (program2) => {
34075
34652
  Data: user
34076
34653
  });
34077
34654
  });
34078
- users.command("create").description("Create a new user. Provide a username and email address.").argument("<username>", "Username for the new user").option("--organization <id>", "Organization ID (defaults to logged-in org)").requiredOption("-e, --email <email>", "Email address").option("-n, --name <name>", "First name").option("--surname <surname>", "Last name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_CREATE_EXAMPLES).trackedAction(processContext, async (username, options) => {
34655
+ users.command("create").description("Create a new user. Provide a username and email address.").argument("<username>", "Username for the new user").option("--organization <id>", "(deprecated, ignored) organization is derived from login").requiredOption("-e, --email <email>", "Email address").option("-n, --name <name>", "First name").option("--surname <surname>", "Last name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_CREATE_EXAMPLES).trackedAction(processContext, async (username, options) => {
34656
+ warnDeprecatedOrganization4(options.organization);
34079
34657
  const [error, result] = await catchError((async () => {
34080
34658
  const { api, organizationId } = await createApiClient(UserApi, {
34081
34659
  loginValidity: options.loginValidity
34082
34660
  });
34083
- const orgId = options.organization ?? organizationId;
34661
+ const orgId = organizationId;
34084
34662
  const createCommand2 = {
34085
34663
  partitionGlobalId: orgId,
34086
34664
  userName: username,
@@ -34108,6 +34686,7 @@ var registerUsersCommand = (program2) => {
34108
34686
  });
34109
34687
  });
34110
34688
  users.command("update").description("Update an existing user. Use 'users list' to retrieve the user ID.").argument("<user-id>", "User ID (UUID)").option("-e, --email <email>", "New email address").option("-n, --name <name>", "New first name").option("--surname <surname>", "New last name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_UPDATE_EXAMPLES).trackedAction(processContext, async (userId, options) => {
34689
+ warnDeprecatedOrganization4(options.organization);
34111
34690
  if (options.email === undefined && options.name === undefined && options.surname === undefined) {
34112
34691
  OutputFormatter.error({
34113
34692
  Result: RESULTS.Failure,
@@ -34149,6 +34728,7 @@ var registerUsersCommand = (program2) => {
34149
34728
  });
34150
34729
  });
34151
34730
  users.command("delete").description("Delete a user by ID. Use 'users list' to retrieve the user ID.").argument("<user-id>", "User ID (UUID)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_DELETE_EXAMPLES).trackedAction(processContext, async (userId, options) => {
34731
+ warnDeprecatedOrganization4(options.organization);
34152
34732
  const [error] = await catchError((async () => {
34153
34733
  const { api } = await createApiClient(UserApi, {
34154
34734
  loginValidity: options.loginValidity
@@ -34174,6 +34754,7 @@ var registerUsersCommand = (program2) => {
34174
34754
  });
34175
34755
  });
34176
34756
  users.command("invite").description("Invite users by email. Sends an invitation to join the organization.").requiredOption("-e, --email <emails>", "Comma-separated email addresses to invite").option("-n, --name <name>", "First name for the invited user").option("--surname <surname>", "Last name for the invited user").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_INVITE_EXAMPLES).trackedAction(processContext, async (options) => {
34757
+ warnDeprecatedOrganization4(options.organization);
34177
34758
  const [error, result] = await catchError((async () => {
34178
34759
  const { config } = await createIdentityConfig({
34179
34760
  loginValidity: options.loginValidity