@uipath/identity-tool 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/tool.js +781 -202
  2. package/package.json +28 -34
package/dist/tool.js CHANGED
@@ -667,6 +667,7 @@ var init_open = __esm(() => {
667
667
  });
668
668
 
669
669
  // ../../filesystem/src/node.ts
670
+ import { randomUUID } from "node:crypto";
670
671
  import { existsSync } from "node:fs";
671
672
  import * as fs6 from "node:fs/promises";
672
673
  import * as os2 from "node:os";
@@ -748,6 +749,90 @@ class NodeFileSystem {
748
749
  async mkdir(dirPath) {
749
750
  await fs6.mkdir(dirPath, { recursive: true });
750
751
  }
752
+ async acquireLock(lockPath) {
753
+ const canonicalPath = await this.canonicalizeLockTarget(lockPath);
754
+ const lockFile = `${canonicalPath}.lock`;
755
+ const ownerId = randomUUID();
756
+ const start = Date.now();
757
+ while (true) {
758
+ try {
759
+ await fs6.writeFile(lockFile, ownerId, { flag: "wx" });
760
+ return this.createLockRelease(lockFile, ownerId);
761
+ } catch (error) {
762
+ if (!this.hasErrnoCode(error, "EEXIST")) {
763
+ throw error;
764
+ }
765
+ const stats = await fs6.stat(lockFile).catch(() => null);
766
+ if (stats && Date.now() - stats.mtimeMs > LOCK_STALE_MS) {
767
+ const reclaimed = await fs6.rm(lockFile, { force: true }).then(() => true).catch(() => false);
768
+ if (reclaimed)
769
+ continue;
770
+ }
771
+ if (Date.now() - start > LOCK_MAX_WAIT_MS) {
772
+ throw new Error(`ELOCKED: timed out waiting for lock on ${canonicalPath}`);
773
+ }
774
+ await new Promise((resolve2) => setTimeout(resolve2, LOCK_RETRY_MIN_MS + Math.random() * LOCK_RETRY_JITTER_MS));
775
+ }
776
+ }
777
+ }
778
+ async canonicalizeLockTarget(lockPath) {
779
+ const absolute = path2.resolve(lockPath);
780
+ const fullReal = await fs6.realpath(absolute).catch(() => null);
781
+ if (fullReal)
782
+ return fullReal;
783
+ const parent = path2.dirname(absolute);
784
+ const base = path2.basename(absolute);
785
+ const canonicalParent = await fs6.realpath(parent).catch(() => parent);
786
+ return path2.join(canonicalParent, base);
787
+ }
788
+ createLockRelease(lockFile, ownerId) {
789
+ const heartbeatStart = Date.now();
790
+ let heartbeatTimer;
791
+ let stopped = false;
792
+ const stopHeartbeat = () => {
793
+ stopped = true;
794
+ if (heartbeatTimer)
795
+ clearTimeout(heartbeatTimer);
796
+ };
797
+ const scheduleNextHeartbeat = () => {
798
+ if (stopped)
799
+ return;
800
+ if (Date.now() - heartbeatStart >= LOCK_MAX_HOLD_MS) {
801
+ stopped = true;
802
+ return;
803
+ }
804
+ heartbeatTimer = setTimeout(() => {
805
+ runHeartbeat();
806
+ }, LOCK_HEARTBEAT_MS);
807
+ heartbeatTimer.unref?.();
808
+ };
809
+ const runHeartbeat = async () => {
810
+ if (stopped)
811
+ return;
812
+ const current = await fs6.readFile(lockFile, "utf-8").catch(() => null);
813
+ if (stopped)
814
+ return;
815
+ if (current !== ownerId) {
816
+ stopped = true;
817
+ return;
818
+ }
819
+ const now = Date.now() / 1000;
820
+ await fs6.utimes(lockFile, now, now).catch(() => {});
821
+ scheduleNextHeartbeat();
822
+ };
823
+ scheduleNextHeartbeat();
824
+ let released = false;
825
+ return async () => {
826
+ if (released)
827
+ return;
828
+ released = true;
829
+ stopHeartbeat();
830
+ const current = await fs6.readFile(lockFile, "utf-8").catch(() => null);
831
+ if (current === ownerId) {
832
+ await fs6.rm(lockFile, { force: true });
833
+ }
834
+ };
835
+ }
751
836
  async rm(filePath) {
752
837
  await fs6.rm(filePath, { recursive: true, force: true });
753
838
  }
@@ -793,9 +878,13 @@ class NodeFileSystem {
793
878
  }
794
879
  }
795
880
  isEnoent(error) {
796
- return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
881
+ return this.hasErrnoCode(error, "ENOENT");
882
+ }
883
+ hasErrnoCode(error, code) {
884
+ return typeof error === "object" && error !== null && "code" in error && error.code === code;
797
885
  }
798
886
  }
887
+ var LOCK_HEARTBEAT_MS = 5000, LOCK_STALE_MS = 15000, LOCK_MAX_WAIT_MS = 20000, LOCK_MAX_HOLD_MS = 60000, LOCK_RETRY_MIN_MS = 100, LOCK_RETRY_JITTER_MS = 200;
799
888
  var init_node = __esm(() => {
800
889
  init_open();
801
890
  });
@@ -2941,7 +3030,7 @@ function isBrowser() {
2941
3030
 
2942
3031
  // ../../../node_modules/@uipath/coreipc/index.js
2943
3032
  var require_coreipc = __commonJS((exports, module) => {
2944
- var __dirname = "/Users/alexandru.oltean/github/cli/node_modules/@uipath/coreipc";
3033
+ var __dirname = "/home/runner/work/cli/cli/node_modules/@uipath/coreipc";
2945
3034
  /*! For license information please see index.js.LICENSE.txt */
2946
3035
  (function(e, t) {
2947
3036
  typeof exports == "object" && typeof module == "object" ? module.exports = t() : typeof define == "function" && define.amd ? define([], t) : typeof exports == "object" ? exports.ipc = t() : e.ipc = t();
@@ -21133,10 +21222,15 @@ var require_dist = __commonJS((exports) => {
21133
21222
  exports.RobotProxyConstructor = RobotProxyConstructor;
21134
21223
  __exportStar(require_agent(), exports);
21135
21224
  });
21225
+ // ../../auth/src/server.ts
21226
+ var init_server = __esm(() => {
21227
+ init_constants();
21228
+ });
21136
21229
  // package.json
21137
21230
  var package_default = {
21138
21231
  name: "@uipath/identity-tool",
21139
- version: "1.1.0",
21232
+ license: "MIT",
21233
+ version: "1.2.0",
21140
21234
  description: "Manage Identity Server users, groups, robot accounts, and external apps.",
21141
21235
  private: false,
21142
21236
  repository: {
@@ -21313,10 +21407,15 @@ async function extractErrorDetails(error, options) {
21313
21407
  }
21314
21408
  if (parsedBody?.errorCode && typeof parsedBody.errorCode === "string") {
21315
21409
  context.errorCode = parsedBody.errorCode;
21410
+ } else if (parsedBody?.code && typeof parsedBody.code === "string") {
21411
+ context.errorCode = parsedBody.code;
21316
21412
  }
21317
21413
  if (parsedBody?.requestId && typeof parsedBody.requestId === "string") {
21318
21414
  context.requestId = parsedBody.requestId;
21319
21415
  }
21416
+ if (parsedBody?.traceId && typeof parsedBody.traceId === "string") {
21417
+ context.traceId = parsedBody.traceId;
21418
+ }
21320
21419
  if (status === 429) {
21321
21420
  const resp = response;
21322
21421
  const headersObj = resp?.headers;
@@ -21336,7 +21435,35 @@ async function extractErrorDetails(error, options) {
21336
21435
  }
21337
21436
  }
21338
21437
  const hasContext = Object.keys(context).length > 0;
21339
- return { result, message, details, ...hasContext ? { context } : {} };
21438
+ let parsedErrors;
21439
+ if (parsedBody?.errors && typeof parsedBody.errors === "object") {
21440
+ const errors = {};
21441
+ for (const [field, raw] of Object.entries(parsedBody.errors)) {
21442
+ if (Array.isArray(raw)) {
21443
+ const messages = raw.map((entry) => {
21444
+ if (typeof entry === "string")
21445
+ return entry;
21446
+ if (entry && typeof entry === "object" && typeof entry.message === "string") {
21447
+ return entry.message;
21448
+ }
21449
+ return String(entry);
21450
+ }).filter(Boolean);
21451
+ if (messages.length > 0)
21452
+ errors[field] = messages;
21453
+ } else if (typeof raw === "string") {
21454
+ errors[field] = [raw];
21455
+ }
21456
+ }
21457
+ if (Object.keys(errors).length > 0)
21458
+ parsedErrors = errors;
21459
+ }
21460
+ return {
21461
+ result,
21462
+ message,
21463
+ details,
21464
+ ...hasContext ? { context } : {},
21465
+ ...parsedErrors ? { parsedErrors } : {}
21466
+ };
21340
21467
  }
21341
21468
  async function extractErrorMessage(error, options) {
21342
21469
  const { message } = await extractErrorDetails(error, options);
@@ -26484,6 +26611,60 @@ function escapeNonAscii(jsonText) {
26484
26611
  function needsAsciiSafeJson(sink) {
26485
26612
  return process.platform === "win32" && !sink.capabilities.isInteractive;
26486
26613
  }
26614
+ function isPlainRecord(value) {
26615
+ if (value === null || typeof value !== "object")
26616
+ return false;
26617
+ const prototype = Object.getPrototypeOf(value);
26618
+ return prototype === Object.prototype || prototype === null;
26619
+ }
26620
+ function toLowerCamelCaseKey(key) {
26621
+ if (!key)
26622
+ return key;
26623
+ if (/[_\-\s]/.test(key)) {
26624
+ const [firstPart, ...restParts] = key.split(/[_\-\s]+/).filter(Boolean);
26625
+ if (!firstPart)
26626
+ return key;
26627
+ return [
26628
+ toLowerCamelCaseSimpleKey(firstPart),
26629
+ ...restParts.map((part) => {
26630
+ const normalized = toLowerCamelCaseSimpleKey(part);
26631
+ return normalized.charAt(0).toUpperCase() + normalized.slice(1);
26632
+ })
26633
+ ].join("");
26634
+ }
26635
+ return toLowerCamelCaseSimpleKey(key);
26636
+ }
26637
+ function toLowerCamelCaseSimpleKey(key) {
26638
+ if (/^[A-Z0-9]+$/.test(key))
26639
+ return key.toLowerCase();
26640
+ return key.replace(/^[A-Z]+(?=[A-Z][a-z]|\d|$)|^[A-Z]/, (match) => match.toLowerCase());
26641
+ }
26642
+ function toPascalCaseKey(key) {
26643
+ const lowerCamelKey = toLowerCamelCaseKey(key);
26644
+ return lowerCamelKey ? lowerCamelKey.charAt(0).toUpperCase() + lowerCamelKey.slice(1) : lowerCamelKey;
26645
+ }
26646
+ function toPascalCaseData(value) {
26647
+ if (Array.isArray(value))
26648
+ return value.map(toPascalCaseData);
26649
+ if (!isPlainRecord(value))
26650
+ return value;
26651
+ const result = {};
26652
+ for (const [key, nestedValue] of Object.entries(value)) {
26653
+ result[toPascalCaseKey(key)] = toPascalCaseData(nestedValue);
26654
+ }
26655
+ return result;
26656
+ }
26657
+ function normalizeDataKeys(data) {
26658
+ return toPascalCaseData(data);
26659
+ }
26660
+ function normalizeOutputKeys(data) {
26661
+ const result = {};
26662
+ for (const [key, value] of Object.entries(data)) {
26663
+ const pascalKey = toPascalCaseKey(key);
26664
+ result[pascalKey] = pascalKey === "Data" ? value : toPascalCaseData(value);
26665
+ }
26666
+ return result;
26667
+ }
26487
26668
  function printOutput(data, format = "json", logFn, asciiSafe = false) {
26488
26669
  if (!data) {
26489
26670
  logFn("Empty response object. No data to display.");
@@ -26546,7 +26727,7 @@ function wrapText(text, width) {
26546
26727
  function printTable(data, logFn, externalLogValue) {
26547
26728
  if (data.length === 0)
26548
26729
  return;
26549
- const keys = Object.keys(data[0]).filter((key) => key !== "Code" && key !== "Log");
26730
+ const keys = Object.keys(data[0]).filter((key) => !["code", "log"].includes(key.toLowerCase()));
26550
26731
  const maxWidths = keys.map((key) => Math.max(key.length, ...data.map((item) => cellToString(item[key]).length)));
26551
26732
  const header = keys.map((key, i2) => key.padEnd(maxWidths[i2])).join(" | ");
26552
26733
  logFn(header);
@@ -26561,7 +26742,7 @@ function printTable(data, logFn, externalLogValue) {
26561
26742
  }
26562
26743
  }
26563
26744
  function printVerticalTable(data, logFn = console.log, externalLogValue) {
26564
- const keys = Object.keys(data).filter((key) => key !== "Code" && key !== "Log");
26745
+ const keys = Object.keys(data).filter((key) => !["code", "log"].includes(key.toLowerCase()));
26565
26746
  if (keys.length === 0)
26566
26747
  return;
26567
26748
  const maxKeyWidth = Math.max(...keys.map((key) => key.length));
@@ -26577,7 +26758,7 @@ function printVerticalTable(data, logFn = console.log, externalLogValue) {
26577
26758
  function printResizableTable(data, logFn = console.log, externalLogValue) {
26578
26759
  if (data.length === 0)
26579
26760
  return;
26580
- const keys = Object.keys(data[0]).filter((key) => key !== "Code" && key !== "Log");
26761
+ const keys = Object.keys(data[0]).filter((key) => !["code", "log"].includes(key.toLowerCase()));
26581
26762
  if (keys.length === 0)
26582
26763
  return;
26583
26764
  if (!process.stdout.isTTY) {
@@ -26653,8 +26834,26 @@ function printResizableTable(data, logFn = console.log, externalLogValue) {
26653
26834
  function toYaml(data) {
26654
26835
  return dump(data);
26655
26836
  }
26837
+ class FilterEvaluationError extends Error {
26838
+ __brand = "FilterEvaluationError";
26839
+ filter;
26840
+ instructions;
26841
+ result = RESULTS.ValidationError;
26842
+ constructor(filter, cause) {
26843
+ const underlying = cause instanceof Error ? cause.message : String(cause);
26844
+ super(`Filter '${filter}' failed to evaluate: ${underlying}`);
26845
+ this.name = "FilterEvaluationError";
26846
+ this.filter = filter;
26847
+ this.instructions = `The --output-filter expression '${filter}' failed at evaluation time. ` + "Note that --output-filter operates on the 'Data' field of the envelope, not the full object. " + "For example, on a list result use 'length(@)' instead of 'Data | length(@)'.";
26848
+ }
26849
+ }
26656
26850
  function applyFilter(data, filter) {
26657
- const result = search(data, filter);
26851
+ let result;
26852
+ try {
26853
+ result = search(data, filter);
26854
+ } catch (err) {
26855
+ throw new FilterEvaluationError(filter, err);
26856
+ }
26658
26857
  if (result == null)
26659
26858
  return [];
26660
26859
  if (Array.isArray(result)) {
@@ -26671,13 +26870,18 @@ function applyFilter(data, filter) {
26671
26870
  }
26672
26871
  var OutputFormatter;
26673
26872
  ((OutputFormatter) => {
26674
- function success(data) {
26873
+ function success(data, options) {
26675
26874
  data.Log ??= getLogFilePath() || undefined;
26875
+ const normalize = !options?.preserveDataKeys;
26876
+ if (normalize) {
26877
+ data.Data = normalizeDataKeys(data.Data);
26878
+ }
26676
26879
  const filter = getOutputFilter();
26677
26880
  if (filter) {
26678
- data.Data = applyFilter(data.Data, filter);
26881
+ const filtered = applyFilter(data.Data, filter);
26882
+ data.Data = normalize ? normalizeDataKeys(filtered) : filtered;
26679
26883
  }
26680
- logOutput(data, getOutputFormat());
26884
+ logOutput(normalizeOutputKeys(data), getOutputFormat());
26681
26885
  }
26682
26886
  OutputFormatter.success = success;
26683
26887
  function error(data) {
@@ -26687,7 +26891,7 @@ var OutputFormatter;
26687
26891
  result: data.Result,
26688
26892
  message: data.Message
26689
26893
  });
26690
- logOutput(data, getOutputFormat());
26894
+ logOutput(normalizeOutputKeys(data), getOutputFormat());
26691
26895
  }
26692
26896
  OutputFormatter.error = error;
26693
26897
  function emitList(code, items, opts) {
@@ -26708,13 +26912,14 @@ var OutputFormatter;
26708
26912
  function log(data) {
26709
26913
  const format = getOutputFormat();
26710
26914
  const sink = getOutputSink();
26915
+ const normalized = toPascalCaseData(data);
26711
26916
  if (format === "json") {
26712
- const json2 = JSON.stringify(data);
26917
+ const json2 = JSON.stringify(normalized);
26713
26918
  const safe = needsAsciiSafeJson(sink) ? escapeNonAscii(json2) : json2;
26714
26919
  sink.writeErr(`${safe}
26715
26920
  `);
26716
26921
  } else {
26717
- for (const [key, value] of Object.entries(data)) {
26922
+ for (const [key, value] of Object.entries(normalized)) {
26718
26923
  sink.writeErr(`${key}: ${value}
26719
26924
  `);
26720
26925
  }
@@ -26723,12 +26928,16 @@ var OutputFormatter;
26723
26928
  OutputFormatter.log = log;
26724
26929
  function formatToString(data) {
26725
26930
  const filter = getOutputFilter();
26726
- if (filter && "Data" in data && data.Data != null) {
26727
- data.Data = applyFilter(data.Data, filter);
26931
+ if ("Data" in data && data.Data != null) {
26932
+ data.Data = normalizeDataKeys(data.Data);
26933
+ if (filter) {
26934
+ data.Data = normalizeDataKeys(applyFilter(data.Data, filter));
26935
+ }
26728
26936
  }
26937
+ const output = normalizeOutputKeys(data);
26729
26938
  const lines = [];
26730
26939
  const sink = getOutputSink();
26731
- printOutput(data, getOutputFormat(), (msg) => {
26940
+ printOutput(output, getOutputFormat(), (msg) => {
26732
26941
  lines.push(msg);
26733
26942
  }, needsAsciiSafeJson(sink));
26734
26943
  return lines.join(`
@@ -28139,6 +28348,22 @@ JSONPath.prototype.safeVm = {
28139
28348
  Script: SafeScript
28140
28349
  };
28141
28350
  JSONPath.prototype.vm = vm;
28351
+ // ../../common/src/polling/types.ts
28352
+ var PollOutcome = {
28353
+ Completed: "completed",
28354
+ Timeout: "timeout",
28355
+ Interrupted: "interrupted",
28356
+ Aborted: "aborted",
28357
+ Failed: "failed"
28358
+ };
28359
+
28360
+ // ../../common/src/polling/poll-failure-mapping.ts
28361
+ var REASON_BY_OUTCOME = {
28362
+ [PollOutcome.Timeout]: "poll_timeout",
28363
+ [PollOutcome.Failed]: "poll_failed",
28364
+ [PollOutcome.Interrupted]: "poll_failed",
28365
+ [PollOutcome.Aborted]: "poll_aborted"
28366
+ };
28142
28367
  // ../../common/src/polling/terminal-statuses.ts
28143
28368
  var TERMINAL_STATUSES = new Set([
28144
28369
  "completed",
@@ -28166,6 +28391,105 @@ var ScreenLogger;
28166
28391
  }
28167
28392
  ScreenLogger.progress = progress;
28168
28393
  })(ScreenLogger ||= {});
28394
+ // ../../common/src/sdk-user-agent.ts
28395
+ var USER_AGENT_HEADER = "User-Agent";
28396
+ var sdkUserAgentHostToken = singleton("SdkUserAgentHostToken");
28397
+ function userAgentPatchKey(userAgent) {
28398
+ return Symbol.for(`@uipath/common/sdk-user-agent/${userAgent}`);
28399
+ }
28400
+ function splitUserAgentTokens(value) {
28401
+ return value?.trim().split(/\s+/).filter(Boolean) ?? [];
28402
+ }
28403
+ function appendUserAgentToken(value, userAgent) {
28404
+ const tokens = splitUserAgentTokens(value);
28405
+ const seen = new Set(tokens);
28406
+ for (const token of splitUserAgentTokens(userAgent)) {
28407
+ if (!seen.has(token)) {
28408
+ tokens.push(token);
28409
+ seen.add(token);
28410
+ }
28411
+ }
28412
+ return tokens.join(" ");
28413
+ }
28414
+ function getEffectiveUserAgent(userAgent) {
28415
+ return appendUserAgentToken(sdkUserAgentHostToken.get(), userAgent);
28416
+ }
28417
+ function isHeadersLike(headers) {
28418
+ return typeof headers === "object" && headers !== null && "get" in headers && typeof headers.get === "function" && "set" in headers && typeof headers.set === "function";
28419
+ }
28420
+ function getSdkUserAgentToken(pkg) {
28421
+ const packageName = pkg.name.replace(/^@uipath\//, "");
28422
+ return getEffectiveUserAgent(`${packageName}/${pkg.version}`);
28423
+ }
28424
+ function addSdkUserAgentHeader(headers, userAgent) {
28425
+ const result = { ...headers ?? {} };
28426
+ const effectiveUserAgent = getEffectiveUserAgent(userAgent);
28427
+ const headerName = Object.keys(result).find((key) => key.toLowerCase() === USER_AGENT_HEADER.toLowerCase());
28428
+ if (headerName) {
28429
+ result[headerName] = appendUserAgentToken(result[headerName], effectiveUserAgent);
28430
+ } else {
28431
+ result[USER_AGENT_HEADER] = effectiveUserAgent;
28432
+ }
28433
+ return result;
28434
+ }
28435
+ function withSdkUserAgentHeader(headers, userAgent) {
28436
+ const effectiveUserAgent = getEffectiveUserAgent(userAgent);
28437
+ if (isHeadersLike(headers)) {
28438
+ headers.set(USER_AGENT_HEADER, appendUserAgentToken(headers.get(USER_AGENT_HEADER), effectiveUserAgent));
28439
+ return headers;
28440
+ }
28441
+ if (Array.isArray(headers)) {
28442
+ const result = headers.map((entry) => {
28443
+ const [key, value] = entry;
28444
+ return [key, value];
28445
+ });
28446
+ const headerIndex = result.findIndex(([key]) => key.toLowerCase() === USER_AGENT_HEADER.toLowerCase());
28447
+ if (headerIndex >= 0) {
28448
+ const [key, value] = result[headerIndex];
28449
+ result[headerIndex] = [
28450
+ key,
28451
+ appendUserAgentToken(value, effectiveUserAgent)
28452
+ ];
28453
+ } else {
28454
+ result.push([USER_AGENT_HEADER, effectiveUserAgent]);
28455
+ }
28456
+ return result;
28457
+ }
28458
+ return addSdkUserAgentHeader(typeof headers === "object" && headers !== null ? { ...headers } : {}, effectiveUserAgent);
28459
+ }
28460
+ function withUserAgentInitOverride(initOverrides, userAgent) {
28461
+ return async (requestContext) => {
28462
+ const initWithUserAgent = {
28463
+ ...requestContext.init,
28464
+ headers: withSdkUserAgentHeader(requestContext.init.headers, userAgent)
28465
+ };
28466
+ const override = typeof initOverrides === "function" ? await initOverrides({
28467
+ ...requestContext,
28468
+ init: initWithUserAgent
28469
+ }) : initOverrides;
28470
+ return {
28471
+ ...override ?? {},
28472
+ headers: withSdkUserAgentHeader(override?.headers ?? initWithUserAgent.headers, userAgent)
28473
+ };
28474
+ };
28475
+ }
28476
+ function installSdkUserAgentHeader(BaseApiClass, userAgent) {
28477
+ const prototype = BaseApiClass.prototype;
28478
+ const patchKey = userAgentPatchKey(userAgent);
28479
+ if (prototype[patchKey]) {
28480
+ return;
28481
+ }
28482
+ if (typeof prototype.request !== "function") {
28483
+ throw new Error("Generated BaseAPI request function not found.");
28484
+ }
28485
+ const originalRequest = prototype.request;
28486
+ prototype.request = function requestWithUserAgent(context, initOverrides) {
28487
+ return originalRequest.call(this, context, withUserAgentInitOverride(initOverrides, userAgent));
28488
+ };
28489
+ Object.defineProperty(prototype, patchKey, {
28490
+ value: true
28491
+ });
28492
+ }
28169
28493
  // ../../common/src/tool-provider.ts
28170
28494
  var factorySlot = singleton("PackagerFactoryProvider");
28171
28495
  // ../../common/src/telemetry/pii-redactor.ts
@@ -28348,13 +28672,17 @@ Command.prototype.trackedAction = function(context, fn, properties) {
28348
28672
  const [error] = await catchError(fn(...args));
28349
28673
  if (error) {
28350
28674
  errorMessage = error instanceof Error ? error.message : String(error);
28351
- logger.error(`[trackedAction] ${telemetryName} failed: ${errorMessage}`);
28675
+ logger.debug(`[trackedAction] ${telemetryName} failed: ${errorMessage}`);
28676
+ const typed = error;
28677
+ const customInstructions = typeof typed.instructions === "string" ? typed.instructions : undefined;
28678
+ const customResult = typeof typed.result === "string" && typed.result !== RESULTS.Success && Object.values(RESULTS).includes(typed.result) ? typed.result : undefined;
28679
+ const finalResult = customResult ?? RESULTS.Failure;
28352
28680
  OutputFormatter.error({
28353
- Result: RESULTS.Failure,
28681
+ Result: finalResult,
28354
28682
  Message: errorMessage,
28355
- Instructions: "An unexpected error occurred. Run with --log-level debug for details."
28683
+ Instructions: customInstructions ?? "An unexpected error occurred. Run with --log-level debug for details."
28356
28684
  });
28357
- context.exit(1);
28685
+ context.exit(EXIT_CODES[finalResult]);
28358
28686
  }
28359
28687
  const durationMs = performance.now() - startTime;
28360
28688
  const success = !error && (process.exitCode === undefined || process.exitCode === 0);
@@ -28625,6 +28953,57 @@ class TextApiResponse {
28625
28953
  return await this.raw.text();
28626
28954
  }
28627
28955
  }
28956
+ // ../identity-sdk/package.json
28957
+ var package_default2 = {
28958
+ name: "@uipath/identity-sdk",
28959
+ license: "MIT",
28960
+ version: "1.2.0",
28961
+ repository: {
28962
+ type: "git",
28963
+ url: "https://github.com/UiPath/cli.git",
28964
+ directory: "packages/admin/identity-sdk"
28965
+ },
28966
+ publishConfig: {
28967
+ registry: "https://npm.pkg.github.com/@uipath"
28968
+ },
28969
+ keywords: [
28970
+ "uipath",
28971
+ "identity",
28972
+ "sdk"
28973
+ ],
28974
+ type: "module",
28975
+ main: "./dist/index.js",
28976
+ types: "./dist/src/index.d.ts",
28977
+ exports: {
28978
+ ".": {
28979
+ types: "./dist/src/index.d.ts",
28980
+ default: "./dist/index.js"
28981
+ }
28982
+ },
28983
+ files: [
28984
+ "dist"
28985
+ ],
28986
+ private: true,
28987
+ scripts: {
28988
+ build: "bun build ./src/index.ts --outdir dist --format esm --target node && tsc -p tsconfig.build.json --noCheck",
28989
+ generate: "bun run src/scripts/generate-sdk.ts",
28990
+ lint: "biome check .",
28991
+ test: "vitest run",
28992
+ "test:coverage": "vitest run --coverage"
28993
+ },
28994
+ devDependencies: {
28995
+ "@uipath/auth": "workspace:*",
28996
+ "@uipath/common": "workspace:*",
28997
+ "@uipath/filesystem": "workspace:*",
28998
+ "@openapitools/openapi-generator-cli": "^2.31.1",
28999
+ "@types/node": "^25.5.2",
29000
+ typescript: "^6.0.2"
29001
+ }
29002
+ };
29003
+
29004
+ // ../identity-sdk/src/user-agent.ts
29005
+ var SDK_USER_AGENT = getSdkUserAgentToken(package_default2);
29006
+ installSdkUserAgentHeader(BaseAPI, SDK_USER_AGENT);
28628
29007
 
28629
29008
  // ../identity-sdk/generated/src/models/ApiScopeType.ts
28630
29009
  function ApiScopeTypeFromJSON(json2) {
@@ -31157,32 +31536,7 @@ class InvalidBaseUrlError extends Error {
31157
31536
  this.name = "InvalidBaseUrlError";
31158
31537
  }
31159
31538
  }
31160
- var DEFAULT_SCOPES = [
31161
- "offline_access",
31162
- "ProcessMining",
31163
- "OrchestratorApiUserAccess",
31164
- "StudioWebBackend",
31165
- "IdentityServerApi",
31166
- "ConnectionService",
31167
- "DataService",
31168
- "DataServiceApiUserAccess",
31169
- "DocumentUnderstanding",
31170
- "EnterpriseContextService",
31171
- "Directory",
31172
- "JamJamApi",
31173
- "LLMGateway",
31174
- "LLMOps",
31175
- "OMS",
31176
- "RCS.FolderAuthorization",
31177
- "RCS.TagsManagement",
31178
- "TestmanagerApiUserAccess",
31179
- "AutomationSolutions",
31180
- "StudioWebTypeCacheService",
31181
- "Docs.GPT.Search",
31182
- "Insights",
31183
- "ReferenceToken",
31184
- "Audit.Read"
31185
- ];
31539
+ var DEFAULT_SCOPES = ["openid", "profile", "offline_access"];
31186
31540
  var normalizeAndValidateBaseUrl = (rawUrl) => {
31187
31541
  let baseUrl = rawUrl;
31188
31542
  if (baseUrl.endsWith("/identity_/")) {
@@ -31232,7 +31586,8 @@ var resolveConfigAsync = async ({
31232
31586
  if (!clientSecret && fileAuth.clientSecret) {
31233
31587
  clientSecret = fileAuth.clientSecret;
31234
31588
  }
31235
- const scopes = customScopes && customScopes.length > 0 ? customScopes : fileAuth.scopes && fileAuth.scopes.length > 0 ? fileAuth.scopes : DEFAULT_SCOPES;
31589
+ const isExternalAppAuth = clientId !== DEFAULT_CLIENT_ID && Boolean(clientSecret);
31590
+ const scopes = customScopes && customScopes.length > 0 ? customScopes : fileAuth.scopes && fileAuth.scopes.length > 0 ? fileAuth.scopes : isExternalAppAuth ? [] : DEFAULT_SCOPES;
31236
31591
  return {
31237
31592
  clientId,
31238
31593
  clientSecret,
@@ -31732,6 +32087,129 @@ function normalizeTokenRefreshFailure() {
31732
32087
  function normalizeTokenRefreshUnavailableFailure() {
31733
32088
  return "token refresh failed before authentication completed";
31734
32089
  }
32090
+ function errorMessage(error) {
32091
+ return error instanceof Error ? error.message : String(error);
32092
+ }
32093
+ function computeExpirationThreshold(ensureTokenValidityMinutes) {
32094
+ return new Date(Date.now() + (ensureTokenValidityMinutes ?? 0) * 60 * 1000);
32095
+ }
32096
+ async function runRefreshLocked(inputs) {
32097
+ const {
32098
+ absolutePath,
32099
+ refreshToken: callerRefreshToken,
32100
+ customAuthority,
32101
+ ensureTokenValidityMinutes,
32102
+ loadEnvFile,
32103
+ saveEnvFile,
32104
+ refreshFn,
32105
+ resolveConfig
32106
+ } = inputs;
32107
+ const expirationThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
32108
+ let fresh;
32109
+ try {
32110
+ fresh = await loadEnvFile({ envPath: absolutePath });
32111
+ } catch (error) {
32112
+ return {
32113
+ kind: "fail",
32114
+ status: {
32115
+ loginStatus: "Refresh Failed",
32116
+ hint: "Could not read the auth file while refreshing. Retry, or run 'uip login' to re-authenticate.",
32117
+ tokenRefresh: {
32118
+ attempted: false,
32119
+ success: false,
32120
+ errorMessage: `auth file read failed: ${errorMessage(error)}`
32121
+ }
32122
+ }
32123
+ };
32124
+ }
32125
+ const freshAccess = fresh.UIPATH_ACCESS_TOKEN;
32126
+ const freshExp = freshAccess ? getTokenExpiration(freshAccess) : undefined;
32127
+ if (freshAccess && freshExp && freshExp > expirationThreshold) {
32128
+ return {
32129
+ kind: "ok",
32130
+ accessToken: freshAccess,
32131
+ refreshToken: fresh.UIPATH_REFRESH_TOKEN ?? callerRefreshToken,
32132
+ expiration: freshExp,
32133
+ tokenRefresh: { attempted: false, success: true }
32134
+ };
32135
+ }
32136
+ const tokenForIdP = fresh.UIPATH_REFRESH_TOKEN ?? callerRefreshToken;
32137
+ let refreshedAccess;
32138
+ let refreshedRefresh;
32139
+ try {
32140
+ const config = await resolveConfig({ customAuthority });
32141
+ const refreshed = await refreshFn({
32142
+ refreshToken: tokenForIdP,
32143
+ tokenEndpoint: config.tokenEndpoint,
32144
+ clientId: config.clientId,
32145
+ expectedAuthority: customAuthority
32146
+ });
32147
+ refreshedAccess = refreshed.accessToken;
32148
+ refreshedRefresh = refreshed.refreshToken;
32149
+ } catch (error) {
32150
+ const isOAuthFailure = isTokenRefreshOAuthFailure(error);
32151
+ const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
32152
+ const message = isOAuthFailure ? normalizeTokenRefreshFailure() : normalizeTokenRefreshUnavailableFailure();
32153
+ return {
32154
+ kind: "fail",
32155
+ status: {
32156
+ loginStatus: "Refresh Failed",
32157
+ hint,
32158
+ tokenRefresh: {
32159
+ attempted: true,
32160
+ success: false,
32161
+ errorMessage: message
32162
+ }
32163
+ }
32164
+ };
32165
+ }
32166
+ const refreshedExp = getTokenExpiration(refreshedAccess);
32167
+ if (!refreshedExp || refreshedExp <= new Date) {
32168
+ return {
32169
+ kind: "fail",
32170
+ status: {
32171
+ loginStatus: "Refresh Failed",
32172
+ hint: "The identity server returned an unusable token. Run 'uip login' to re-authenticate.",
32173
+ tokenRefresh: {
32174
+ attempted: true,
32175
+ success: false,
32176
+ errorMessage: "refreshed token has no valid expiration claim"
32177
+ }
32178
+ }
32179
+ };
32180
+ }
32181
+ try {
32182
+ await saveEnvFile({
32183
+ envPath: absolutePath,
32184
+ data: {
32185
+ UIPATH_ACCESS_TOKEN: refreshedAccess,
32186
+ UIPATH_REFRESH_TOKEN: refreshedRefresh
32187
+ },
32188
+ merge: true
32189
+ });
32190
+ return {
32191
+ kind: "ok",
32192
+ accessToken: refreshedAccess,
32193
+ refreshToken: refreshedRefresh,
32194
+ expiration: refreshedExp,
32195
+ tokenRefresh: { attempted: true, success: true }
32196
+ };
32197
+ } catch (error) {
32198
+ const msg = errorMessage(error);
32199
+ return {
32200
+ kind: "ok",
32201
+ accessToken: refreshedAccess,
32202
+ refreshToken: refreshedRefresh,
32203
+ expiration: refreshedExp,
32204
+ persistenceWarning: `Access token refreshed in memory but could not be written to ${absolutePath}: ${msg}. The next CLI invocation will fail until the file can be updated — run 'uip login' to re-authenticate.`,
32205
+ tokenRefresh: {
32206
+ attempted: true,
32207
+ success: true,
32208
+ errorMessage: `persistence failed: ${msg}`
32209
+ }
32210
+ };
32211
+ }
32212
+ }
31735
32213
  var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
31736
32214
  const {
31737
32215
  resolveEnvFilePath = resolveEnvFilePathAsync,
@@ -31806,73 +32284,103 @@ var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
31806
32284
  let refreshToken = credentials.UIPATH_REFRESH_TOKEN;
31807
32285
  let expiration = getTokenExpiration(accessToken);
31808
32286
  let persistenceWarning;
32287
+ let lockReleaseFailed = false;
31809
32288
  let tokenRefresh;
31810
- const expirationThreshold = new Date(Date.now() + (ensureTokenValidityMinutes ?? 0) * 60 * 1000);
31811
- if (expiration && expiration <= expirationThreshold && refreshToken) {
31812
- let refreshedAccess;
31813
- let refreshedRefresh;
32289
+ const outerThreshold = computeExpirationThreshold(ensureTokenValidityMinutes);
32290
+ const tryGlobalCredsHint = async () => {
32291
+ const fs7 = getFs();
32292
+ const globalPath = fs7.path.join(fs7.env.homedir(), envFilePath);
32293
+ if (absolutePath === globalPath)
32294
+ return;
32295
+ if (!await fs7.exists(globalPath))
32296
+ return;
31814
32297
  try {
31815
- const config = await resolveConfig({
31816
- customAuthority: credentials.UIPATH_URL
31817
- });
31818
- const refreshed = await refreshTokenFn({
31819
- refreshToken,
31820
- tokenEndpoint: config.tokenEndpoint,
31821
- clientId: config.clientId,
31822
- expectedAuthority: credentials.UIPATH_URL
31823
- });
31824
- refreshedAccess = refreshed.accessToken;
31825
- refreshedRefresh = refreshed.refreshToken;
31826
- } catch (error) {
31827
- const isOAuthFailure = isTokenRefreshOAuthFailure(error);
31828
- const hint = isOAuthFailure ? "Run 'uip login' to re-authenticate — the stored refresh token is invalid or expired." : "Token refresh failed. Check your network connection, then retry or run 'uip login' to re-authenticate.";
31829
- const errorMessage = isOAuthFailure ? normalizeTokenRefreshFailure() : normalizeTokenRefreshUnavailableFailure();
31830
- return {
31831
- loginStatus: "Refresh Failed",
31832
- hint,
31833
- tokenRefresh: {
31834
- attempted: true,
31835
- success: false,
31836
- errorMessage
31837
- }
31838
- };
32298
+ const globalCreds = await loadEnvFile({ envPath: globalPath });
32299
+ if (!globalCreds.UIPATH_ACCESS_TOKEN)
32300
+ return;
32301
+ const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
32302
+ if (globalExp && globalExp <= new Date)
32303
+ return;
32304
+ return `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
32305
+ } catch {
32306
+ return;
31839
32307
  }
31840
- const refreshedExp = getTokenExpiration(refreshedAccess);
31841
- if (!refreshedExp || refreshedExp <= new Date) {
32308
+ };
32309
+ if (expiration && expiration <= outerThreshold && refreshToken) {
32310
+ let release;
32311
+ try {
32312
+ release = await getFs().acquireLock(absolutePath);
32313
+ } catch (error) {
32314
+ const msg = errorMessage(error);
32315
+ const globalHint = await tryGlobalCredsHint();
32316
+ if (globalHint) {
32317
+ return {
32318
+ loginStatus: "Expired",
32319
+ accessToken,
32320
+ refreshToken,
32321
+ baseUrl: credentials.UIPATH_URL,
32322
+ organizationName: credentials.UIPATH_ORGANIZATION_NAME,
32323
+ organizationId: credentials.UIPATH_ORGANIZATION_ID,
32324
+ tenantName: credentials.UIPATH_TENANT_NAME,
32325
+ tenantId: credentials.UIPATH_TENANT_ID,
32326
+ expiration,
32327
+ source: "file" /* File */,
32328
+ hint: globalHint,
32329
+ tokenRefresh: {
32330
+ attempted: false,
32331
+ success: false,
32332
+ errorMessage: `lock acquisition failed: ${msg}`
32333
+ }
32334
+ };
32335
+ }
31842
32336
  return {
31843
32337
  loginStatus: "Refresh Failed",
31844
- hint: "The identity server returned an unusable token. Run 'uip login' to re-authenticate.",
32338
+ hint: "Could not acquire the auth-file lock — too many concurrent `uip` processes, or a permission issue on the auth directory. Retry, or run 'uip login' to re-authenticate.",
31845
32339
  tokenRefresh: {
31846
- attempted: true,
32340
+ attempted: false,
31847
32341
  success: false,
31848
- errorMessage: "refreshed token has no valid expiration claim"
32342
+ errorMessage: `lock acquisition failed: ${msg}`
31849
32343
  }
31850
32344
  };
31851
32345
  }
31852
- accessToken = refreshedAccess;
31853
- refreshToken = refreshedRefresh;
31854
- expiration = refreshedExp;
32346
+ let lockedFailure;
31855
32347
  try {
31856
- await saveEnvFile({
31857
- envPath: absolutePath,
31858
- data: {
31859
- UIPATH_ACCESS_TOKEN: accessToken,
31860
- UIPATH_REFRESH_TOKEN: refreshToken
31861
- },
31862
- merge: true
32348
+ const outcome = await runRefreshLocked({
32349
+ absolutePath,
32350
+ refreshToken,
32351
+ customAuthority: credentials.UIPATH_URL,
32352
+ ensureTokenValidityMinutes,
32353
+ loadEnvFile,
32354
+ saveEnvFile,
32355
+ refreshFn: refreshTokenFn,
32356
+ resolveConfig
31863
32357
  });
31864
- tokenRefresh = {
31865
- attempted: true,
31866
- success: true
31867
- };
31868
- } catch (error) {
31869
- const msg = error instanceof Error ? error.message : String(error);
31870
- persistenceWarning = `Access token refreshed in memory but could not be written to ${absolutePath}: ${msg}. The next CLI invocation will fail until the file can be updated — run 'uip login' to re-authenticate.`;
31871
- tokenRefresh = {
31872
- attempted: true,
31873
- success: true,
31874
- errorMessage: `persistence failed: ${msg}`
31875
- };
32358
+ if (outcome.kind === "fail") {
32359
+ lockedFailure = outcome.status;
32360
+ } else {
32361
+ accessToken = outcome.accessToken;
32362
+ refreshToken = outcome.refreshToken;
32363
+ expiration = outcome.expiration;
32364
+ tokenRefresh = outcome.tokenRefresh;
32365
+ if (outcome.persistenceWarning) {
32366
+ persistenceWarning = outcome.persistenceWarning;
32367
+ }
32368
+ }
32369
+ } finally {
32370
+ try {
32371
+ await release();
32372
+ } catch {
32373
+ lockReleaseFailed = true;
32374
+ }
32375
+ }
32376
+ if (lockedFailure) {
32377
+ const globalHint = await tryGlobalCredsHint();
32378
+ const base = globalHint ? {
32379
+ ...lockedFailure,
32380
+ loginStatus: "Expired",
32381
+ hint: globalHint
32382
+ } : lockedFailure;
32383
+ return lockReleaseFailed ? { ...base, lockReleaseFailed: true } : base;
31876
32384
  }
31877
32385
  }
31878
32386
  const result = {
@@ -31887,23 +32395,13 @@ var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
31887
32395
  expiration,
31888
32396
  source: "file" /* File */,
31889
32397
  ...persistenceWarning ? { hint: persistenceWarning, persistenceFailed: true } : {},
32398
+ ...lockReleaseFailed ? { lockReleaseFailed: true } : {},
31890
32399
  ...tokenRefresh ? { tokenRefresh } : {}
31891
32400
  };
31892
32401
  if (result.loginStatus === "Expired") {
31893
- const fs7 = getFs();
31894
- const globalPath = fs7.path.join(fs7.env.homedir(), envFilePath);
31895
- if (absolutePath !== globalPath && await fs7.exists(globalPath)) {
31896
- try {
31897
- const globalCreds = await loadEnvFile({
31898
- envPath: globalPath
31899
- });
31900
- if (globalCreds.UIPATH_ACCESS_TOKEN) {
31901
- const globalExp = getTokenExpiration(globalCreds.UIPATH_ACCESS_TOKEN);
31902
- if (!globalExp || globalExp > new Date) {
31903
- result.hint = `Local credentials file at ${absolutePath} has expired credentials. Valid credentials exist in ${globalPath}. Remove the local file or run 'uip login' to re-authenticate.`;
31904
- }
31905
- }
31906
- } catch {}
32402
+ const globalHint = await tryGlobalCredsHint();
32403
+ if (globalHint) {
32404
+ result.hint = globalHint;
31907
32405
  }
31908
32406
  }
31909
32407
  return result;
@@ -31951,23 +32449,31 @@ var getAuthContext = async (options = {}) => {
31951
32449
  init_src();
31952
32450
  // ../../auth/src/logout.ts
31953
32451
  init_src();
32452
+
32453
+ // ../../auth/src/index.ts
32454
+ init_server();
32455
+
31954
32456
  // ../identity-sdk/src/client-factory.ts
31955
32457
  async function createIdentityConfig(options) {
31956
32458
  const ctx = await getAuthContext({
31957
32459
  ensureTokenValidityMinutes: options?.loginValidity,
31958
- requireOrganizationId: true,
32460
+ requireOrganizationId: options?.organization === undefined,
31959
32461
  requireTenantName: true
31960
32462
  });
31961
- const identityBasePath = `${ctx.baseUrl}/${ctx.organizationId}/identity_`;
31962
- const headers = {
32463
+ const organizationId = options?.organization ?? ctx.organizationId;
32464
+ if (organizationId === undefined || organizationId.length === 0) {
32465
+ throw new Error("Organization ID not available. Provide --organization or log in with an organization context.");
32466
+ }
32467
+ const identityBasePath = `${ctx.baseUrl}/${organizationId}/identity_`;
32468
+ const headers = addSdkUserAgentHeader({
31963
32469
  Authorization: `Bearer ${ctx.accessToken}`
31964
- };
32470
+ }, SDK_USER_AGENT);
31965
32471
  return {
31966
32472
  config: new Configuration({
31967
32473
  basePath: identityBasePath,
31968
32474
  headers
31969
32475
  }),
31970
- organizationId: ctx.organizationId ?? ""
32476
+ organizationId
31971
32477
  };
31972
32478
  }
31973
32479
  async function createApiClient(ApiClass, options) {
@@ -31976,14 +32482,14 @@ async function createApiClient(ApiClass, options) {
31976
32482
  }
31977
32483
  // src/commands/external-apps.ts
31978
32484
  var INSTRUCTIONS = {
31979
- list: "Verify --organization is a valid org ID. Run 'external-apps list --help' for options.",
32485
+ list: "Verify you are logged in. Run 'external-apps list --help' for options.",
31980
32486
  get: "Verify the app ID exists. Use 'external-apps list' to find valid IDs.",
31981
- create: "Verify --organization and scopes are correct. Provide --user-scope and/or --app-scope.",
31982
- update: "Verify the app ID and --organization are correct.",
32487
+ create: "Verify scopes are correct. Provide --user-scope and/or --app-scope.",
32488
+ update: "Verify the app ID is correct.",
31983
32489
  delete: "Verify the app ID exists. The app may have already been deleted.",
31984
- generateSecret: "Verify the app ID and --organization are correct.",
32490
+ generateSecret: "Verify the app ID is correct.",
31985
32491
  deleteSecret: "Verify the secret ID exists. Use 'external-apps get' to find valid secret IDs.",
31986
- fedCredList: "Verify the client ID and --organization are correct.",
32492
+ fedCredList: "Verify the client ID is correct.",
31987
32493
  fedCredGet: "Verify the credential ID exists. Use 'federated-credentials list' to find valid IDs.",
31988
32494
  fedCredCreate: "Provide --name, --issuer, --audience, and --subject. These must match the external identity provider.",
31989
32495
  fedCredUpdate: "Verify the credential ID exists and provide the updated fields.",
@@ -32170,14 +32676,21 @@ function parseScopes(csv, type2) {
32170
32676
  return [];
32171
32677
  return csv.split(",").map((s) => ({ name: s.trim(), type: type2 }));
32172
32678
  }
32679
+ function warnDeprecatedOrganization(org) {
32680
+ if (org !== undefined) {
32681
+ logger.warn("--organization is deprecated and ignored; organization is derived from login context");
32682
+ }
32683
+ }
32173
32684
  var registerExternalAppsCommand = (program2) => {
32174
32685
  const externalApps = program2.command("external-apps").description("Manage external OAuth2 clients. List, get, create, update, delete clients and manage secrets.");
32175
- externalApps.command("list").description("List external apps in a partition.").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
32686
+ externalApps.command("list").description("List external apps in a partition.").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
32687
+ warnDeprecatedOrganization(options.organization);
32176
32688
  const [error, result] = await catchError((async () => {
32177
32689
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32178
- loginValidity: options.loginValidity
32690
+ loginValidity: options.loginValidity,
32691
+ organization: options.organization
32179
32692
  });
32180
- const orgId = options.organization ?? organizationId;
32693
+ const orgId = organizationId;
32181
32694
  return await api.externalClientGet({
32182
32695
  partitionGlobalId: orgId
32183
32696
  });
@@ -32197,12 +32710,14 @@ var registerExternalAppsCommand = (program2) => {
32197
32710
  Data: result ?? []
32198
32711
  });
32199
32712
  });
32200
- externalApps.command("get").description("Get external app details. " + "Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_GET_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32713
+ externalApps.command("get").description("Get external app details. " + "Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_GET_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32714
+ warnDeprecatedOrganization(options.organization);
32201
32715
  const [error, client] = await catchError((async () => {
32202
32716
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32203
- loginValidity: options.loginValidity
32717
+ loginValidity: options.loginValidity,
32718
+ organization: options.organization
32204
32719
  });
32205
- const orgId = options.organization ?? organizationId;
32720
+ const orgId = organizationId;
32206
32721
  return await api.externalClientGetWithClientId({
32207
32722
  partitionGlobalId: orgId,
32208
32723
  clientId
@@ -32223,7 +32738,8 @@ var registerExternalAppsCommand = (program2) => {
32223
32738
  Data: client
32224
32739
  });
32225
32740
  });
32226
- externalApps.command("create").description("Create an external app (confidential by default). " + "Use --non-confidential for public clients (SPAs, mobile apps).").argument("<name>", "App display name").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--redirect-uri <uri>", "Redirect URI(s) for OAuth2 flow (comma-separated for multiple)").option("--user-scope <scopes>", "Comma-separated user (delegated) scopes").option("--app-scope <scopes>", "Comma-separated application (app-only) scopes").option("--scope <scopes>", "Alias for --app-scope (deprecated)").option("--non-confidential", "Create a non-confidential (public) app — no client secret, requires redirect URI").option("--no-secret", "Skip generating a client secret on creation").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
32741
+ externalApps.command("create").description("Create an external app (confidential by default). " + "Use --non-confidential for public clients (SPAs, mobile apps).").argument("<name>", "App display name").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--redirect-uri <uri>", "Redirect URI(s) for OAuth2 flow (comma-separated for multiple)").option("--user-scope <scopes>", "Comma-separated user (delegated) scopes").option("--app-scope <scopes>", "Comma-separated application (app-only) scopes").option("--scope <scopes>", "Alias for --app-scope (deprecated)").option("--non-confidential", "Create a non-confidential (public) app — no client secret, requires redirect URI").option("--no-secret", "Skip generating a client secret on creation").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
32742
+ warnDeprecatedOrganization(options.organization);
32227
32743
  if (options.scope && !options.appScope) {
32228
32744
  options.appScope = options.scope;
32229
32745
  }
@@ -32264,9 +32780,10 @@ var registerExternalAppsCommand = (program2) => {
32264
32780
  const generateFirstSecret = isConfidential && options.secret !== false;
32265
32781
  const [error, result] = await catchError((async () => {
32266
32782
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32267
- loginValidity: options.loginValidity
32783
+ loginValidity: options.loginValidity,
32784
+ organization: options.organization
32268
32785
  });
32269
- const orgId = options.organization ?? organizationId;
32786
+ const orgId = organizationId;
32270
32787
  const createCommand2 = {
32271
32788
  partitionGlobalId: orgId,
32272
32789
  name,
@@ -32294,7 +32811,8 @@ var registerExternalAppsCommand = (program2) => {
32294
32811
  Data: result
32295
32812
  });
32296
32813
  });
32297
- externalApps.command("update").description("Update an external app. Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("-n, --name <name>", "New display name").option("--redirect-uri <uri>", "Redirect URI(s) for OAuth2 flow (comma-separated for multiple)").option("--user-scope <scopes>", "Comma-separated user (delegated) scopes").option("--app-scope <scopes>", "Comma-separated application (app-only) scopes").option("--scope <scopes>", "Alias for --app-scope (deprecated)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_UPDATE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32814
+ externalApps.command("update").description("Update an external app. Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("-n, --name <name>", "New display name").option("--redirect-uri <uri>", "Redirect URI(s) for OAuth2 flow (comma-separated for multiple)").option("--user-scope <scopes>", "Comma-separated user (delegated) scopes").option("--app-scope <scopes>", "Comma-separated application (app-only) scopes").option("--scope <scopes>", "Alias for --app-scope (deprecated)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_UPDATE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32815
+ warnDeprecatedOrganization(options.organization);
32298
32816
  if (options.scope && !options.appScope) {
32299
32817
  options.appScope = options.scope;
32300
32818
  }
@@ -32310,9 +32828,10 @@ var registerExternalAppsCommand = (program2) => {
32310
32828
  }
32311
32829
  const [fetchError, fetchResult] = await catchError((async () => {
32312
32830
  const { api: api2, organizationId } = await createApiClient(ExternalClientApi, {
32313
- loginValidity: options.loginValidity
32831
+ loginValidity: options.loginValidity,
32832
+ organization: options.organization
32314
32833
  });
32315
- const orgId2 = options.organization ?? organizationId;
32834
+ const orgId2 = organizationId;
32316
32835
  const current2 = await api2.externalClientGetWithClientId({
32317
32836
  partitionGlobalId: orgId2,
32318
32837
  clientId
@@ -32380,12 +32899,14 @@ var registerExternalAppsCommand = (program2) => {
32380
32899
  Data: result
32381
32900
  });
32382
32901
  });
32383
- externalApps.command("delete").description("Delete an external app. " + "Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_DELETE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32902
+ externalApps.command("delete").description("Delete an external app. " + "Use 'external-apps list' to retrieve the client ID.").argument("<client-id>", "External app ID").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_DELETE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32903
+ warnDeprecatedOrganization(options.organization);
32384
32904
  const [error] = await catchError((async () => {
32385
32905
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32386
- loginValidity: options.loginValidity
32906
+ loginValidity: options.loginValidity,
32907
+ organization: options.organization
32387
32908
  });
32388
- const orgId = options.organization ?? organizationId;
32909
+ const orgId = organizationId;
32389
32910
  return await api.externalClientDelete({
32390
32911
  partitionGlobalId: orgId,
32391
32912
  clientId
@@ -32409,12 +32930,14 @@ var registerExternalAppsCommand = (program2) => {
32409
32930
  }
32410
32931
  });
32411
32932
  });
32412
- externalApps.command("generate-secret").description("Generate a new secret for an external app. " + "Returns the secret value (only shown once).").argument("<client-id>", "External app ID").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--description <text>", "Description for the secret").option("--expiration <date>", "Expiration date (ISO 8601)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_GENERATE_SECRET_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32933
+ externalApps.command("generate-secret").description("Generate a new secret for an external app. " + "Returns the secret value (only shown once).").argument("<client-id>", "External app ID").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--description <text>", "Description for the secret").option("--expiration <date>", "Expiration date (ISO 8601)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_GENERATE_SECRET_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32934
+ warnDeprecatedOrganization(options.organization);
32413
32935
  const [error, result] = await catchError((async () => {
32414
32936
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32415
- loginValidity: options.loginValidity
32937
+ loginValidity: options.loginValidity,
32938
+ organization: options.organization
32416
32939
  });
32417
- const orgId = options.organization ?? organizationId;
32940
+ const orgId = organizationId;
32418
32941
  return await api.externalClientGenerateSecret({
32419
32942
  createClientSecretCommand: {
32420
32943
  clientId,
@@ -32439,12 +32962,14 @@ var registerExternalAppsCommand = (program2) => {
32439
32962
  Data: result
32440
32963
  });
32441
32964
  });
32442
- externalApps.command("delete-secret").description("Delete a specific secret from an external app.").argument("<secret-id>", "Secret ID (numeric)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_DELETE_SECRET_EXAMPLES).trackedAction(processContext, async (secretId, options) => {
32965
+ externalApps.command("delete-secret").description("Delete a specific secret from an external app.").argument("<secret-id>", "Secret ID (numeric)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(EXTERNAL_APPS_DELETE_SECRET_EXAMPLES).trackedAction(processContext, async (secretId, options) => {
32966
+ warnDeprecatedOrganization(options.organization);
32443
32967
  const [error] = await catchError((async () => {
32444
32968
  const { api, organizationId } = await createApiClient(ExternalClientApi, {
32445
- loginValidity: options.loginValidity
32969
+ loginValidity: options.loginValidity,
32970
+ organization: options.organization
32446
32971
  });
32447
- const orgId = options.organization ?? organizationId;
32972
+ const orgId = organizationId;
32448
32973
  return await api.externalClientDeleteSecret({
32449
32974
  partitionGlobalId: orgId,
32450
32975
  secretId: Number.parseInt(secretId, 10)
@@ -32469,10 +32994,14 @@ var registerExternalAppsCommand = (program2) => {
32469
32994
  });
32470
32995
  });
32471
32996
  const fedCreds = externalApps.command("federated-credentials").description("Manage federated credentials for external apps. " + "Enable workload identity federation with external identity providers (e.g. GitHub Actions, Azure AD).");
32472
- fedCreds.command("list").description("List federated credentials for an external app.").argument("<client-id>", "External app ID").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_LIST_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32997
+ fedCreds.command("list").description("List federated credentials for an external app.").argument("<client-id>", "External app ID").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_LIST_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
32998
+ warnDeprecatedOrganization(options.organization);
32473
32999
  const [error, result] = await catchError((async () => {
32474
- const { api, organizationId } = await createApiClient(ExternalClientApi, { loginValidity: options.loginValidity });
32475
- const orgId = options.organization ?? organizationId;
33000
+ const { api, organizationId } = await createApiClient(ExternalClientApi, {
33001
+ loginValidity: options.loginValidity,
33002
+ organization: options.organization
33003
+ });
33004
+ const orgId = organizationId;
32476
33005
  return await api.externalClientGetFederatedCredentials({
32477
33006
  partitionGlobalId: orgId,
32478
33007
  clientId
@@ -32493,10 +33022,14 @@ var registerExternalAppsCommand = (program2) => {
32493
33022
  Data: result ?? []
32494
33023
  });
32495
33024
  });
32496
- fedCreds.command("get").description("Get a federated credential by ID.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_GET_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33025
+ fedCreds.command("get").description("Get a federated credential by ID.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_GET_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33026
+ warnDeprecatedOrganization(options.organization);
32497
33027
  const [error, result] = await catchError((async () => {
32498
- const { api, organizationId } = await createApiClient(ExternalClientApi, { loginValidity: options.loginValidity });
32499
- const orgId = options.organization ?? organizationId;
33028
+ const { api, organizationId } = await createApiClient(ExternalClientApi, {
33029
+ loginValidity: options.loginValidity,
33030
+ organization: options.organization
33031
+ });
33032
+ const orgId = organizationId;
32500
33033
  return await api.externalClientGetFederatedCredentialByIdByCredentialId({
32501
33034
  partitionGlobalId: orgId,
32502
33035
  clientId,
@@ -32518,10 +33051,14 @@ var registerExternalAppsCommand = (program2) => {
32518
33051
  Data: result
32519
33052
  });
32520
33053
  });
32521
- fedCreds.command("create").description("Create a federated credential for an external app. " + "Maps an external identity (e.g. GitHub Actions OIDC) to this app.").argument("<client-id>", "External app ID").requiredOption("-n, --name <name>", "Credential name").requiredOption("--issuer <url>", "Token issuer URL (e.g. https://token.actions.githubusercontent.com)").requiredOption("--audience <audience>", "Expected audience claim (e.g. api://AzureADTokenExchange)").requiredOption("--subject <subject>", "Expected subject claim (e.g. repo:org/repo:ref:refs/heads/main)").option("--description <text>", "Description for the credential").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_CREATE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
33054
+ fedCreds.command("create").description("Create a federated credential for an external app. " + "Maps an external identity (e.g. GitHub Actions OIDC) to this app.").argument("<client-id>", "External app ID").requiredOption("-n, --name <name>", "Credential name").requiredOption("--issuer <url>", "Token issuer URL (e.g. https://token.actions.githubusercontent.com)").requiredOption("--audience <audience>", "Expected audience claim (e.g. api://AzureADTokenExchange)").requiredOption("--subject <subject>", "Expected subject claim (e.g. repo:org/repo:ref:refs/heads/main)").option("--description <text>", "Description for the credential").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_CREATE_EXAMPLES).trackedAction(processContext, async (clientId, options) => {
33055
+ warnDeprecatedOrganization(options.organization);
32522
33056
  const [error, result] = await catchError((async () => {
32523
- const { api, organizationId } = await createApiClient(ExternalClientApi, { loginValidity: options.loginValidity });
32524
- const orgId = options.organization ?? organizationId;
33057
+ const { api, organizationId } = await createApiClient(ExternalClientApi, {
33058
+ loginValidity: options.loginValidity,
33059
+ organization: options.organization
33060
+ });
33061
+ const orgId = organizationId;
32525
33062
  const cmd = {
32526
33063
  name: options.name,
32527
33064
  issuer: options.issuer,
@@ -32550,10 +33087,14 @@ var registerExternalAppsCommand = (program2) => {
32550
33087
  Data: result
32551
33088
  });
32552
33089
  });
32553
- fedCreds.command("update").description("Update a federated credential.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").requiredOption("-n, --name <name>", "Credential name").requiredOption("--issuer <url>", "Token issuer URL").requiredOption("--audience <audience>", "Expected audience claim").requiredOption("--subject <subject>", "Expected subject claim").option("--description <text>", "Description for the credential").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_UPDATE_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33090
+ fedCreds.command("update").description("Update a federated credential.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").requiredOption("-n, --name <name>", "Credential name").requiredOption("--issuer <url>", "Token issuer URL").requiredOption("--audience <audience>", "Expected audience claim").requiredOption("--subject <subject>", "Expected subject claim").option("--description <text>", "Description for the credential").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_UPDATE_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33091
+ warnDeprecatedOrganization(options.organization);
32554
33092
  const [error, result] = await catchError((async () => {
32555
- const { api, organizationId } = await createApiClient(ExternalClientApi, { loginValidity: options.loginValidity });
32556
- const orgId = options.organization ?? organizationId;
33093
+ const { api, organizationId } = await createApiClient(ExternalClientApi, {
33094
+ loginValidity: options.loginValidity,
33095
+ organization: options.organization
33096
+ });
33097
+ const orgId = organizationId;
32557
33098
  const cmd = {
32558
33099
  name: options.name,
32559
33100
  issuer: options.issuer,
@@ -32583,10 +33124,14 @@ var registerExternalAppsCommand = (program2) => {
32583
33124
  Data: result
32584
33125
  });
32585
33126
  });
32586
- fedCreds.command("delete").description("Delete a federated credential from an external app.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_DELETE_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33127
+ fedCreds.command("delete").description("Delete a federated credential from an external app.").argument("<client-id>", "External app ID").argument("<credential-id>", "Federated credential ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(FED_CRED_DELETE_EXAMPLES).trackedAction(processContext, async (clientId, credentialId, options) => {
33128
+ warnDeprecatedOrganization(options.organization);
32587
33129
  const [error] = await catchError((async () => {
32588
- const { api, organizationId } = await createApiClient(ExternalClientApi, { loginValidity: options.loginValidity });
32589
- const orgId = options.organization ?? organizationId;
33130
+ const { api, organizationId } = await createApiClient(ExternalClientApi, {
33131
+ loginValidity: options.loginValidity,
33132
+ organization: options.organization
33133
+ });
33134
+ const orgId = organizationId;
32590
33135
  return await api.externalClientDeleteFederatedCredential({
32591
33136
  partitionGlobalId: orgId,
32592
33137
  clientId,
@@ -32615,12 +33160,12 @@ var registerExternalAppsCommand = (program2) => {
32615
33160
 
32616
33161
  // src/commands/groups.ts
32617
33162
  var INSTRUCTIONS2 = {
32618
- list: "Verify --organization is a valid org ID. Run 'groups list --help' for options.",
33163
+ list: "Verify you are logged in. Run 'groups list --help' for options.",
32619
33164
  get: "Verify the group ID exists. Use 'groups list' to find valid IDs.",
32620
- create: "Verify --organization is correct. Group names must be unique within a partition.",
32621
- update: "Verify the group ID and --organization are correct. Use 'groups list' to find valid IDs.",
33165
+ create: "Verify the group name is correct. Group names must be unique within a partition.",
33166
+ update: "Verify the group ID is correct. Use 'groups list' to find valid IDs.",
32622
33167
  delete: "Verify the group ID exists. The group may have already been deleted.",
32623
- listMembers: "Verify the group ID and --organization are correct.",
33168
+ listMembers: "Verify the group ID is correct.",
32624
33169
  addMembers: "Verify the group ID and user IDs are correct. Use 'users list' to find valid user IDs.",
32625
33170
  revokeMembers: "Verify the user IDs are current members of the group."
32626
33171
  };
@@ -32722,14 +33267,20 @@ var MEMBERS_REVOKE_EXAMPLES = [
32722
33267
  }
32723
33268
  }
32724
33269
  ];
33270
+ function warnDeprecatedOrganization2(org) {
33271
+ if (org !== undefined) {
33272
+ logger.warn("--organization is deprecated and ignored; organization is derived from login context");
33273
+ }
33274
+ }
32725
33275
  var registerGroupsCommand = (program2) => {
32726
33276
  const groups = program2.command("groups").description("Manage groups. List, get, create, update, and delete groups within a partition.");
32727
- groups.command("list").description("List all groups in a partition. " + "Returns group ID, name, type, and creation time.").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
33277
+ groups.command("list").description("List all groups in a partition. " + "Returns group ID, name, type, and creation time.").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
33278
+ warnDeprecatedOrganization2(options.organization);
32728
33279
  const [error, result] = await catchError((async () => {
32729
33280
  const { api, organizationId } = await createApiClient(GroupApi, {
32730
33281
  loginValidity: options.loginValidity
32731
33282
  });
32732
- const orgId = options.organization ?? organizationId;
33283
+ const orgId = organizationId;
32733
33284
  return await api.groupGetGroups({
32734
33285
  partitionGlobalId: orgId
32735
33286
  });
@@ -32749,12 +33300,13 @@ var registerGroupsCommand = (program2) => {
32749
33300
  Data: result ?? []
32750
33301
  });
32751
33302
  });
32752
- groups.command("get").description("Get group details by ID. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_GET_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33303
+ groups.command("get").description("Get group details by ID. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_GET_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33304
+ warnDeprecatedOrganization2(options.organization);
32753
33305
  const [error, group] = await catchError((async () => {
32754
33306
  const { api, organizationId } = await createApiClient(GroupApi, {
32755
33307
  loginValidity: options.loginValidity
32756
33308
  });
32757
- const orgId = options.organization ?? organizationId;
33309
+ const orgId = organizationId;
32758
33310
  return await api.groupGetGroup({
32759
33311
  partitionGlobalId: orgId,
32760
33312
  groupId
@@ -32775,12 +33327,13 @@ var registerGroupsCommand = (program2) => {
32775
33327
  Data: group
32776
33328
  });
32777
33329
  });
32778
- groups.command("create").description("Create a new local group in a partition.").argument("<name>", "Group name").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
33330
+ groups.command("create").description("Create a new local group in a partition.").argument("<name>", "Group name").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
33331
+ warnDeprecatedOrganization2(options.organization);
32779
33332
  const [error, result] = await catchError((async () => {
32780
33333
  const { api, organizationId } = await createApiClient(GroupApi, {
32781
33334
  loginValidity: options.loginValidity
32782
33335
  });
32783
- const orgId = options.organization ?? organizationId;
33336
+ const orgId = organizationId;
32784
33337
  const createCommand2 = {
32785
33338
  id: crypto.randomUUID(),
32786
33339
  name,
@@ -32805,7 +33358,8 @@ var registerGroupsCommand = (program2) => {
32805
33358
  Data: result
32806
33359
  });
32807
33360
  });
32808
- groups.command("update").description("Update a group. Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("-n, --name <name>", "New group name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_UPDATE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33361
+ groups.command("update").description("Update a group. Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("-n, --name <name>", "New group name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_UPDATE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33362
+ warnDeprecatedOrganization2(options.organization);
32809
33363
  if (options.name === undefined) {
32810
33364
  OutputFormatter.error({
32811
33365
  Result: RESULTS.Failure,
@@ -32819,7 +33373,7 @@ var registerGroupsCommand = (program2) => {
32819
33373
  const { api, organizationId } = await createApiClient(GroupApi, {
32820
33374
  loginValidity: options.loginValidity
32821
33375
  });
32822
- const orgId = options.organization ?? organizationId;
33376
+ const orgId = organizationId;
32823
33377
  const updateCommand = {
32824
33378
  partitionGlobalId: orgId,
32825
33379
  name: options.name
@@ -32844,12 +33398,13 @@ var registerGroupsCommand = (program2) => {
32844
33398
  Data: result
32845
33399
  });
32846
33400
  });
32847
- groups.command("delete").description("Delete a group. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_DELETE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33401
+ groups.command("delete").description("Delete a group. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(GROUPS_DELETE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33402
+ warnDeprecatedOrganization2(options.organization);
32848
33403
  const [error] = await catchError((async () => {
32849
33404
  const { api, organizationId } = await createApiClient(GroupApi, {
32850
33405
  loginValidity: options.loginValidity
32851
33406
  });
32852
- const orgId = options.organization ?? organizationId;
33407
+ const orgId = organizationId;
32853
33408
  return await api.groupDelete({
32854
33409
  partitionGlobalId: orgId,
32855
33410
  groupId
@@ -32874,12 +33429,13 @@ var registerGroupsCommand = (program2) => {
32874
33429
  });
32875
33430
  });
32876
33431
  const members = groups.command("members").description("Manage group membership. List, add, or revoke members.");
32877
- members.command("list").description("List members of a group. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("-l, --limit <number>", "Number of items to return", "50").option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_LIST_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33432
+ members.command("list").description("List members of a group. " + "Use 'groups list' to retrieve the group ID.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("-l, --limit <number>", "Number of items to return", "50").option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_LIST_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33433
+ warnDeprecatedOrganization2(options.organization);
32878
33434
  const [error, result] = await catchError((async () => {
32879
33435
  const { api, organizationId } = await createApiClient(GroupApi, {
32880
33436
  loginValidity: options.loginValidity
32881
33437
  });
32882
- const orgId = options.organization ?? organizationId;
33438
+ const orgId = organizationId;
32883
33439
  return await api.groupGetGroupMembers({
32884
33440
  partitionGlobalId: orgId,
32885
33441
  groupId,
@@ -32902,13 +33458,14 @@ var registerGroupsCommand = (program2) => {
32902
33458
  Data: result.results ?? []
32903
33459
  });
32904
33460
  });
32905
- members.command("add").description("Add users to a group. Pass comma-separated user IDs.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").requiredOption("--user-ids <ids>", "Comma-separated user IDs to add").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_ADD_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33461
+ members.command("add").description("Add users to a group. Pass comma-separated user IDs.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").requiredOption("--user-ids <ids>", "Comma-separated user IDs to add").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_ADD_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33462
+ warnDeprecatedOrganization2(options.organization);
32906
33463
  const userIds = options.userIds.split(",").map((id) => id.trim());
32907
33464
  const [error, result] = await catchError((async () => {
32908
33465
  const { api, organizationId } = await createApiClient(GroupApi, {
32909
33466
  loginValidity: options.loginValidity
32910
33467
  });
32911
- const orgId = options.organization ?? organizationId;
33468
+ const orgId = organizationId;
32912
33469
  const group = await api.groupGetGroup({
32913
33470
  partitionGlobalId: orgId,
32914
33471
  groupId
@@ -32937,13 +33494,14 @@ var registerGroupsCommand = (program2) => {
32937
33494
  Data: result
32938
33495
  });
32939
33496
  });
32940
- members.command("revoke").description("Revoke users from a group. Pass comma-separated user IDs.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").requiredOption("--user-ids <ids>", "Comma-separated user IDs to revoke").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_REVOKE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33497
+ members.command("revoke").description("Revoke users from a group. Pass comma-separated user IDs.").argument("<group-id>", "Group ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").requiredOption("--user-ids <ids>", "Comma-separated user IDs to revoke").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(MEMBERS_REVOKE_EXAMPLES).trackedAction(processContext, async (groupId, options) => {
33498
+ warnDeprecatedOrganization2(options.organization);
32941
33499
  const userIds = options.userIds.split(",").map((id) => id.trim());
32942
33500
  const [error, result] = await catchError((async () => {
32943
33501
  const { api, organizationId } = await createApiClient(GroupApi, {
32944
33502
  loginValidity: options.loginValidity
32945
33503
  });
32946
- const orgId = options.organization ?? organizationId;
33504
+ const orgId = organizationId;
32947
33505
  const group = await api.groupGetGroup({
32948
33506
  partitionGlobalId: orgId,
32949
33507
  groupId
@@ -33221,10 +33779,10 @@ var registerPatCommand = (program2) => {
33221
33779
 
33222
33780
  // src/commands/robot-accounts.ts
33223
33781
  var INSTRUCTIONS4 = {
33224
- list: "Verify --organization is a valid org ID. Run 'robot-accounts list --help' for options.",
33782
+ list: "Verify you are logged in. Run 'robot-accounts list --help' for options.",
33225
33783
  get: "Verify the robot account ID exists. Use 'robot-accounts list' to find valid IDs.",
33226
- create: "Verify --organization is correct. Robot account names must be unique within a partition.",
33227
- update: "Verify the robot account ID and --organization are correct.",
33784
+ create: "Verify the robot account name is correct. Names must be unique within a partition.",
33785
+ update: "Verify the robot account ID is correct.",
33228
33786
  delete: "Verify the robot account ID exists. The account may have already been deleted."
33229
33787
  };
33230
33788
  var ROBOT_ACCOUNTS_LIST_EXAMPLES = [
@@ -33296,14 +33854,20 @@ var ROBOT_ACCOUNTS_DELETE_EXAMPLES = [
33296
33854
  }
33297
33855
  }
33298
33856
  ];
33857
+ function warnDeprecatedOrganization3(org) {
33858
+ if (org !== undefined) {
33859
+ logger.warn("--organization is deprecated and ignored; organization is derived from login context");
33860
+ }
33861
+ }
33299
33862
  var registerRobotAccountsCommand = (program2) => {
33300
33863
  const robotAccounts = program2.command("robot-accounts").description("Manage robot accounts. List, get, create, update, and delete robot accounts within a partition.");
33301
- robotAccounts.command("list").description("List robot accounts in a partition. " + "Returns account ID, name, display name, and creation time.").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("-s, --search <term>", "Search by name").option("--sort-by <field>", "Sort results by field (e.g., 'Name')").addOption(new Option("--sort-order <direction>", "Sort direction (default: asc)").choices(["asc", "desc"])).option("-l, --limit <number>", "Number of items to return", String(DEFAULT_PAGE_SIZE)).option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
33864
+ robotAccounts.command("list").description("List robot accounts in a partition. " + "Returns account ID, name, display name, and creation time.").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("-s, --search <term>", "Search by name").option("--sort-by <field>", "Sort results by field (e.g., 'Name')").addOption(new Option("--sort-order <direction>", "Sort direction (default: asc)").choices(["asc", "desc"])).option("-l, --limit <number>", "Number of items to return", String(DEFAULT_PAGE_SIZE)).option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
33865
+ warnDeprecatedOrganization3(options.organization);
33302
33866
  const [error, result] = await catchError((async () => {
33303
33867
  const { api, organizationId } = await createApiClient(RobotAccountApi, {
33304
33868
  loginValidity: options.loginValidity
33305
33869
  });
33306
- const orgId = options.organization ?? organizationId;
33870
+ const orgId = organizationId;
33307
33871
  return await api.robotAccountGetRobotAccounts({
33308
33872
  partitionGlobalId: orgId,
33309
33873
  searchTerm: options.search,
@@ -33328,12 +33892,13 @@ var registerRobotAccountsCommand = (program2) => {
33328
33892
  Data: result.results ?? []
33329
33893
  });
33330
33894
  });
33331
- robotAccounts.command("get").description("Get robot account details by ID. " + "Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_GET_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33895
+ robotAccounts.command("get").description("Get robot account details by ID. " + "Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_GET_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33896
+ warnDeprecatedOrganization3(options.organization);
33332
33897
  const [error, account] = await catchError((async () => {
33333
33898
  const { api, organizationId } = await createApiClient(RobotAccountApi, {
33334
33899
  loginValidity: options.loginValidity
33335
33900
  });
33336
- const orgId = options.organization ?? organizationId;
33901
+ const orgId = organizationId;
33337
33902
  return await api.robotAccountGetRobotAccount({
33338
33903
  partitionGlobalId: orgId,
33339
33904
  robotAccountId
@@ -33354,12 +33919,13 @@ var registerRobotAccountsCommand = (program2) => {
33354
33919
  Data: account
33355
33920
  });
33356
33921
  });
33357
- robotAccounts.command("create").description("Create a new robot account in a partition.").argument("<name>", "Robot account name").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--display-name <display-name>", "Display name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
33922
+ robotAccounts.command("create").description("Create a new robot account in a partition.").argument("<name>", "Robot account name").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--display-name <display-name>", "Display name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_CREATE_EXAMPLES).trackedAction(processContext, async (name, options) => {
33923
+ warnDeprecatedOrganization3(options.organization);
33358
33924
  const [error, result] = await catchError((async () => {
33359
33925
  const { api, organizationId } = await createApiClient(RobotAccountApi, {
33360
33926
  loginValidity: options.loginValidity
33361
33927
  });
33362
- const orgId = options.organization ?? organizationId;
33928
+ const orgId = organizationId;
33363
33929
  const createCommand2 = {
33364
33930
  name,
33365
33931
  displayName: options.displayName ?? name,
@@ -33384,7 +33950,8 @@ var registerRobotAccountsCommand = (program2) => {
33384
33950
  Data: result
33385
33951
  });
33386
33952
  });
33387
- robotAccounts.command("update").description("Update a robot account. Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--display-name <display-name>", "New display name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_UPDATE_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33953
+ robotAccounts.command("update").description("Update a robot account. Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--display-name <display-name>", "New display name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_UPDATE_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33954
+ warnDeprecatedOrganization3(options.organization);
33388
33955
  if (options.displayName === undefined) {
33389
33956
  OutputFormatter.error({
33390
33957
  Result: RESULTS.Failure,
@@ -33398,7 +33965,7 @@ var registerRobotAccountsCommand = (program2) => {
33398
33965
  const { api, organizationId } = await createApiClient(RobotAccountApi, {
33399
33966
  loginValidity: options.loginValidity
33400
33967
  });
33401
- const orgId = options.organization ?? organizationId;
33968
+ const orgId = organizationId;
33402
33969
  const updateCommand = {
33403
33970
  partitionGlobalId: orgId,
33404
33971
  displayName: options.displayName
@@ -33423,12 +33990,13 @@ var registerRobotAccountsCommand = (program2) => {
33423
33990
  Data: result
33424
33991
  });
33425
33992
  });
33426
- robotAccounts.command("delete").description("Delete a robot account. " + "Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_DELETE_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33993
+ robotAccounts.command("delete").description("Delete a robot account. " + "Use 'robot-accounts list' to retrieve the ID.").argument("<robot-account-id>", "Robot account ID (UUID)").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(ROBOT_ACCOUNTS_DELETE_EXAMPLES).trackedAction(processContext, async (robotAccountId, options) => {
33994
+ warnDeprecatedOrganization3(options.organization);
33427
33995
  const [error] = await catchError((async () => {
33428
33996
  const { api, organizationId } = await createApiClient(RobotAccountApi, {
33429
33997
  loginValidity: options.loginValidity
33430
33998
  });
33431
- const orgId = options.organization ?? organizationId;
33999
+ const orgId = organizationId;
33432
34000
  await api.robotAccountDelete({
33433
34001
  partitionGlobalId: orgId,
33434
34002
  robotAccountId
@@ -33930,9 +34498,9 @@ var registerSmtpCommand = (program2) => {
33930
34498
 
33931
34499
  // src/commands/users.ts
33932
34500
  var INSTRUCTIONS7 = {
33933
- list: "Verify --organization is a valid org ID. Run 'users list --help' for options.",
34501
+ list: "Verify you are logged in. Run 'users list --help' for options.",
33934
34502
  get: "Verify the user ID exists. Use 'users list' to find valid IDs.",
33935
- create: "Verify --organization and --email are correct. The username may already exist.",
34503
+ create: "Verify --email is correct. The username may already exist.",
33936
34504
  update: "Verify the user ID exists. Use 'users list' to find valid IDs.",
33937
34505
  delete: "Verify the user ID exists. The user may have already been deleted.",
33938
34506
  invite: "Verify the email address is valid and the org allows invitations."
@@ -34021,14 +34589,20 @@ var USERS_INVITE_EXAMPLES = [
34021
34589
  }
34022
34590
  }
34023
34591
  ];
34592
+ function warnDeprecatedOrganization4(org) {
34593
+ if (org !== undefined) {
34594
+ logger.warn("--organization is deprecated and ignored; organization is derived from login context");
34595
+ }
34596
+ }
34024
34597
  var registerUsersCommand = (program2) => {
34025
34598
  const users = program2.command("users").description("Manage users. List, get, create, update, and delete users.");
34026
- users.command("list").description("List users in a partition. " + "Returns user ID, username, email, name, and creation time.").option("--organization <id>", "Organization ID (defaults to logged-in org)").option("-s, --search <term>", "Search users by name or email").option("--sort-by <field>", "Sort results by field (e.g., 'UserName', 'Email')").addOption(new Option("--sort-order <direction>", "Sort direction (default: asc)").choices(["asc", "desc"])).option("-l, --limit <number>", "Number of items to return", String(DEFAULT_PAGE_SIZE)).option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
34599
+ users.command("list").description("List users in a partition. " + "Returns user ID, username, email, name, and creation time.").option("--organization <id>", "(deprecated, ignored) organization is derived from login").option("-s, --search <term>", "Search users by name or email").option("--sort-by <field>", "Sort results by field (e.g., 'UserName', 'Email')").addOption(new Option("--sort-order <direction>", "Sort direction (default: asc)").choices(["asc", "desc"])).option("-l, --limit <number>", "Number of items to return", String(DEFAULT_PAGE_SIZE)).option("--offset <number>", "Number of items to skip", "0").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_LIST_EXAMPLES).trackedAction(processContext, async (options) => {
34600
+ warnDeprecatedOrganization4(options.organization);
34027
34601
  const [error, result] = await catchError((async () => {
34028
34602
  const { api, organizationId } = await createApiClient(UserApi, {
34029
34603
  loginValidity: options.loginValidity
34030
34604
  });
34031
- const orgId = options.organization ?? organizationId;
34605
+ const orgId = organizationId;
34032
34606
  return await api.userGetUsers({
34033
34607
  partitionGlobalId: orgId,
34034
34608
  searchTerm: options.search,
@@ -34054,6 +34628,7 @@ var registerUsersCommand = (program2) => {
34054
34628
  });
34055
34629
  });
34056
34630
  users.command("get").description("Get user details by ID. Use 'users list' to retrieve the user ID.").argument("<user-id>", "User ID (UUID)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_GET_EXAMPLES).trackedAction(processContext, async (userId, options) => {
34631
+ warnDeprecatedOrganization4(options.organization);
34057
34632
  const [error, user] = await catchError((async () => {
34058
34633
  const { api } = await createApiClient(UserApi, {
34059
34634
  loginValidity: options.loginValidity
@@ -34075,12 +34650,13 @@ var registerUsersCommand = (program2) => {
34075
34650
  Data: user
34076
34651
  });
34077
34652
  });
34078
- users.command("create").description("Create a new user. Provide a username and email address.").argument("<username>", "Username for the new user").option("--organization <id>", "Organization ID (defaults to logged-in org)").requiredOption("-e, --email <email>", "Email address").option("-n, --name <name>", "First name").option("--surname <surname>", "Last name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_CREATE_EXAMPLES).trackedAction(processContext, async (username, options) => {
34653
+ users.command("create").description("Create a new user. Provide a username and email address.").argument("<username>", "Username for the new user").option("--organization <id>", "(deprecated, ignored) organization is derived from login").requiredOption("-e, --email <email>", "Email address").option("-n, --name <name>", "First name").option("--surname <surname>", "Last name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_CREATE_EXAMPLES).trackedAction(processContext, async (username, options) => {
34654
+ warnDeprecatedOrganization4(options.organization);
34079
34655
  const [error, result] = await catchError((async () => {
34080
34656
  const { api, organizationId } = await createApiClient(UserApi, {
34081
34657
  loginValidity: options.loginValidity
34082
34658
  });
34083
- const orgId = options.organization ?? organizationId;
34659
+ const orgId = organizationId;
34084
34660
  const createCommand2 = {
34085
34661
  partitionGlobalId: orgId,
34086
34662
  userName: username,
@@ -34108,6 +34684,7 @@ var registerUsersCommand = (program2) => {
34108
34684
  });
34109
34685
  });
34110
34686
  users.command("update").description("Update an existing user. Use 'users list' to retrieve the user ID.").argument("<user-id>", "User ID (UUID)").option("-e, --email <email>", "New email address").option("-n, --name <name>", "New first name").option("--surname <surname>", "New last name").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_UPDATE_EXAMPLES).trackedAction(processContext, async (userId, options) => {
34687
+ warnDeprecatedOrganization4(options.organization);
34111
34688
  if (options.email === undefined && options.name === undefined && options.surname === undefined) {
34112
34689
  OutputFormatter.error({
34113
34690
  Result: RESULTS.Failure,
@@ -34149,6 +34726,7 @@ var registerUsersCommand = (program2) => {
34149
34726
  });
34150
34727
  });
34151
34728
  users.command("delete").description("Delete a user by ID. Use 'users list' to retrieve the user ID.").argument("<user-id>", "User ID (UUID)").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_DELETE_EXAMPLES).trackedAction(processContext, async (userId, options) => {
34729
+ warnDeprecatedOrganization4(options.organization);
34152
34730
  const [error] = await catchError((async () => {
34153
34731
  const { api } = await createApiClient(UserApi, {
34154
34732
  loginValidity: options.loginValidity
@@ -34174,6 +34752,7 @@ var registerUsersCommand = (program2) => {
34174
34752
  });
34175
34753
  });
34176
34754
  users.command("invite").description("Invite users by email. Sends an invitation to join the organization.").requiredOption("-e, --email <emails>", "Comma-separated email addresses to invite").option("-n, --name <name>", "First name for the invited user").option("--surname <surname>", "Last name for the invited user").option("--login-validity <minutes>", "Override token validity (minutes)", (v) => Number.parseInt(v, 10)).examples(USERS_INVITE_EXAMPLES).trackedAction(processContext, async (options) => {
34755
+ warnDeprecatedOrganization4(options.organization);
34177
34756
  const [error, result] = await catchError((async () => {
34178
34757
  const { config } = await createIdentityConfig({
34179
34758
  loginValidity: options.loginValidity