@uipath/uipath-typescript 1.1.0 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -3878,6 +3878,16 @@ class ExecutionContext {
3878
3878
  * Checks if code is running in a browser environment
3879
3879
  */
3880
3880
  const isBrowser = typeof window !== 'undefined' && typeof window.document !== 'undefined';
3881
+ const isInActionCenter = isBrowser && window.self != window.top && window.location.href.includes('source=ActionCenter');
3882
+
3883
+ /**
3884
+ * Session storage keys used by the auth module
3885
+ */
3886
+ const AUTH_STORAGE_KEYS = {
3887
+ TOKEN_PREFIX: 'uipath_sdk_user_token-',
3888
+ OAUTH_CONTEXT: 'uipath_sdk_oauth_context',
3889
+ CODE_VERIFIER: 'uipath_sdk_code_verifier',
3890
+ };
3881
3891
 
3882
3892
  // Type guard to check if config has OAuth credentials
3883
3893
  function hasOAuthConfig(config) {
@@ -4171,6 +4181,102 @@ function getErrorDetails(error) {
4171
4181
  };
4172
4182
  }
4173
4183
 
4184
+ var ActionCenterEventNames;
4185
+ (function (ActionCenterEventNames) {
4186
+ ActionCenterEventNames["TOKENREFRESHED"] = "AC.tokenRefreshed";
4187
+ ActionCenterEventNames["REFRESHTOKEN"] = "AC.refreshToken";
4188
+ })(ActionCenterEventNames || (ActionCenterEventNames = {}));
4189
+
4190
+ const AUTHENTICATION_TIMEOUT = 8000;
4191
+ class ActionCenterTokenManager {
4192
+ constructor(config, onTokenRefreshed) {
4193
+ this.config = config;
4194
+ this.onTokenRefreshed = onTokenRefreshed;
4195
+ this.parentOrigin = new URLSearchParams(window.location.search).get('basedomain');
4196
+ this.refreshPromise = null;
4197
+ }
4198
+ async refreshAccessToken(tokenInfo) {
4199
+ if (!this.isTokenExpired(tokenInfo)) {
4200
+ return tokenInfo.token;
4201
+ }
4202
+ if (this.refreshPromise) {
4203
+ return this.refreshPromise;
4204
+ }
4205
+ this.refreshPromise = new Promise((resolve, reject) => {
4206
+ const content = {
4207
+ clientId: this.config.clientId,
4208
+ scope: this.config.scope,
4209
+ };
4210
+ this.sendMessageToParent(ActionCenterEventNames.REFRESHTOKEN, content);
4211
+ const messageListener = (event) => {
4212
+ if (event.origin !== this.parentOrigin)
4213
+ return;
4214
+ if (event.data?.eventType !== ActionCenterEventNames.TOKENREFRESHED)
4215
+ return;
4216
+ clearTimeout(timer);
4217
+ if (event.data?.content?.token) {
4218
+ const { accessToken, expiresAt } = event.data.content.token;
4219
+ this.onTokenRefreshed({ token: accessToken, type: 'secret', expiresAt });
4220
+ resolve(accessToken);
4221
+ }
4222
+ else {
4223
+ reject(new AuthenticationError({
4224
+ message: 'Failed to fetch access token',
4225
+ statusCode: HttpStatus.UNAUTHORIZED,
4226
+ }));
4227
+ }
4228
+ this.refreshPromise = null;
4229
+ this.cleanup(messageListener);
4230
+ };
4231
+ const timer = setTimeout(() => {
4232
+ reject(new AuthenticationError({
4233
+ message: 'Failed to fetch access token',
4234
+ statusCode: HttpStatus.UNAUTHORIZED,
4235
+ }));
4236
+ this.refreshPromise = null;
4237
+ this.cleanup(messageListener);
4238
+ }, AUTHENTICATION_TIMEOUT);
4239
+ window.addEventListener('message', messageListener);
4240
+ });
4241
+ return this.refreshPromise;
4242
+ }
4243
+ isTokenExpired(tokenInfo) {
4244
+ if (!tokenInfo?.expiresAt) {
4245
+ return true;
4246
+ }
4247
+ return new Date() >= tokenInfo.expiresAt;
4248
+ }
4249
+ sendMessageToParent(eventType, content) {
4250
+ if (window.parent && this.isValidOrigin(this.parentOrigin)) {
4251
+ try {
4252
+ window.parent.postMessage({ eventType, content }, this.parentOrigin);
4253
+ }
4254
+ catch (error) {
4255
+ console.warn('Failed to send message to Action Center', JSON.stringify(error));
4256
+ }
4257
+ }
4258
+ }
4259
+ cleanup(messageListener) {
4260
+ window.removeEventListener('message', messageListener);
4261
+ }
4262
+ isValidOrigin(origin) {
4263
+ const ALLOWED_ORIGINS = ['https://alpha.uipath.com', 'https://staging.uipath.com', 'https://cloud.uipath.com'];
4264
+ if (!origin) {
4265
+ return false;
4266
+ }
4267
+ if (ALLOWED_ORIGINS.includes(origin)) {
4268
+ return true;
4269
+ }
4270
+ try {
4271
+ const url = new URL(origin);
4272
+ return url.hostname === 'localhost';
4273
+ }
4274
+ catch {
4275
+ return false;
4276
+ }
4277
+ }
4278
+ }
4279
+
4174
4280
  /**
4175
4281
  * TokenManager is responsible for managing authentication tokens.
4176
4282
  * It provides token operations for a specific client ID.
@@ -4188,8 +4294,12 @@ class TokenManager {
4188
4294
  this.executionContext = executionContext;
4189
4295
  this.config = config;
4190
4296
  this.isOAuth = isOAuth;
4191
- this.STORAGE_KEY_PREFIX = 'uipath_sdk_user_token-';
4192
4297
  this.refreshPromise = null;
4298
+ this.actionCenterTokenManager = null;
4299
+ if (isInActionCenter) {
4300
+ this.actionCenterTokenManager = new ActionCenterTokenManager(config, (tokenInfo) => this.setToken(tokenInfo));
4301
+ this.isOAuth = false;
4302
+ }
4193
4303
  }
4194
4304
  /**
4195
4305
  * Checks if a token is expired
@@ -4217,6 +4327,9 @@ class TokenManager {
4217
4327
  message: 'No authentication token available. Make sure to initialize the SDK first.'
4218
4328
  });
4219
4329
  }
4330
+ if (this.actionCenterTokenManager) {
4331
+ return await this.actionCenterTokenManager.refreshAccessToken(tokenInfo);
4332
+ }
4220
4333
  // For secret-based tokens, they never expire
4221
4334
  if (tokenInfo.type === 'secret') {
4222
4335
  return tokenInfo.token;
@@ -4242,7 +4355,7 @@ class TokenManager {
4242
4355
  * Gets the storage key for this TokenManager instance
4243
4356
  */
4244
4357
  _getStorageKey() {
4245
- return `${this.STORAGE_KEY_PREFIX}${this.config.clientId}`;
4358
+ return `${AUTH_STORAGE_KEYS.TOKEN_PREFIX}${this.config.clientId}`;
4246
4359
  }
4247
4360
  /**
4248
4361
  * Loads token from session storage if available
@@ -4361,9 +4474,6 @@ class TokenManager {
4361
4474
  clearToken() {
4362
4475
  this.currentToken = undefined;
4363
4476
  this.executionContext.set('tokenInfo', undefined);
4364
- const headers = this.executionContext.getHeaders();
4365
- delete headers['Authorization'];
4366
- this.executionContext.setHeaders(headers);
4367
4477
  // Remove from session storage if this is an OAuth token
4368
4478
  if (isBrowser && this.isOAuth) {
4369
4479
  try {
@@ -4379,10 +4489,6 @@ class TokenManager {
4379
4489
  */
4380
4490
  _updateExecutionContext(tokenInfo) {
4381
4491
  this.executionContext.set('tokenInfo', tokenInfo);
4382
- // Update authorization header
4383
- this.executionContext.setHeaders({
4384
- 'Authorization': `Bearer ${tokenInfo.token}`
4385
- });
4386
4492
  }
4387
4493
  /**
4388
4494
  * Refreshes the access token using the stored refresh token.
@@ -4470,8 +4576,15 @@ const IDENTITY_ENDPOINTS = {
4470
4576
 
4471
4577
  class AuthService {
4472
4578
  constructor(config, executionContext) {
4473
- // Check if we should use stored OAuth context instead of provided config
4474
- const storedContext = AuthService.getStoredOAuthContext();
4579
+ // Only use stored OAuth context when completing an active callback (URL has ?code=).
4580
+ // If stored context exists but we're NOT in a callback, it's stale from a
4581
+ // failed/abandoned flow (e.g. scope mismatch, invalid redirect URI) and must
4582
+ // be cleared so the fresh config takes effect.
4583
+ const isCallback = AuthService.isInOAuthCallback();
4584
+ const storedContext = isCallback ? AuthService.getStoredOAuthContext() : null;
4585
+ if (!isCallback) {
4586
+ AuthService._clearStoredOAuthContext();
4587
+ }
4475
4588
  const effectiveConfig = storedContext ? AuthService._mergeConfigWithContext(config, storedContext) : config;
4476
4589
  this.config = effectiveConfig;
4477
4590
  const isOAuth = hasOAuthConfig(effectiveConfig);
@@ -4488,7 +4601,7 @@ class AuthService {
4488
4601
  return false;
4489
4602
  const urlParams = new URLSearchParams(window.location.search);
4490
4603
  const code = urlParams.get('code');
4491
- const hasCodeVerifier = sessionStorage.getItem('uipath_sdk_code_verifier');
4604
+ const hasCodeVerifier = sessionStorage.getItem(AUTH_STORAGE_KEYS.CODE_VERIFIER);
4492
4605
  return !!(code && hasCodeVerifier);
4493
4606
  }
4494
4607
  /**
@@ -4499,7 +4612,7 @@ class AuthService {
4499
4612
  return null;
4500
4613
  }
4501
4614
  try {
4502
- const stored = sessionStorage.getItem('uipath_sdk_oauth_context');
4615
+ const stored = sessionStorage.getItem(AUTH_STORAGE_KEYS.OAUTH_CONTEXT);
4503
4616
  if (!stored) {
4504
4617
  return null;
4505
4618
  }
@@ -4507,17 +4620,33 @@ class AuthService {
4507
4620
  // Validate required fields
4508
4621
  if (!context.codeVerifier || !context.clientId || !context.redirectUri ||
4509
4622
  !context.baseUrl || !context.orgName) {
4510
- sessionStorage.removeItem('uipath_sdk_oauth_context');
4623
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.OAUTH_CONTEXT);
4511
4624
  return null;
4512
4625
  }
4513
4626
  return context;
4514
4627
  }
4515
4628
  catch (error) {
4516
- sessionStorage.removeItem('uipath_sdk_oauth_context');
4629
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.OAUTH_CONTEXT);
4517
4630
  console.warn('Failed to parse stored OAuth context from session storage', error);
4518
4631
  return null;
4519
4632
  }
4520
4633
  }
4634
+ /**
4635
+ * Clear stale OAuth context from session storage.
4636
+ * Called when there is no active OAuth callback, meaning any stored context
4637
+ * is left over from a failed or abandoned flow.
4638
+ */
4639
+ static _clearStoredOAuthContext() {
4640
+ if (!isBrowser)
4641
+ return;
4642
+ try {
4643
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.OAUTH_CONTEXT);
4644
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.CODE_VERIFIER);
4645
+ }
4646
+ catch {
4647
+ // Ignore storage errors
4648
+ }
4649
+ }
4521
4650
  /**
4522
4651
  * Merges provided config with stored OAuth context, prioritizing stored values
4523
4652
  */
@@ -4588,7 +4717,7 @@ class AuthService {
4588
4717
  throw new Error('OAuth flow is only supported in browser environments');
4589
4718
  }
4590
4719
  // Check if we have a stored code verifier indicating we're in an OAuth flow
4591
- const codeVerifier = sessionStorage.getItem('uipath_sdk_code_verifier');
4720
+ const codeVerifier = sessionStorage.getItem(AUTH_STORAGE_KEYS.CODE_VERIFIER);
4592
4721
  const isInOAuthFlow = codeVerifier !== null;
4593
4722
  const urlParams = new URLSearchParams(window.location.search);
4594
4723
  const code = urlParams.get('code');
@@ -4597,7 +4726,7 @@ class AuthService {
4597
4726
  // We're expecting a callback - validate parameters
4598
4727
  if (!code) {
4599
4728
  // Clear stored state on error
4600
- sessionStorage.removeItem('uipath_sdk_code_verifier');
4729
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.CODE_VERIFIER);
4601
4730
  throw new Error('Authorization code missing in OAuth callback');
4602
4731
  }
4603
4732
  // Validate the authorization code format before using it
@@ -4605,7 +4734,7 @@ class AuthService {
4605
4734
  const codePattern = /^[A-Za-z0-9\-._~+/]+=*$/;
4606
4735
  if (!codePattern.test(code)) {
4607
4736
  // Clear stored state on error
4608
- sessionStorage.removeItem('uipath_sdk_code_verifier');
4737
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.CODE_VERIFIER);
4609
4738
  throw new Error('Invalid authorization code format');
4610
4739
  }
4611
4740
  // Authorization code is present and validated, so we can exchange it for a token.
@@ -4646,6 +4775,24 @@ class AuthService {
4646
4775
  hasValidToken() {
4647
4776
  return this.tokenManager.hasValidToken();
4648
4777
  }
4778
+ /**
4779
+ * Clears all authentication state including tokens and stored OAuth context.
4780
+ */
4781
+ logout() {
4782
+ this.tokenManager.clearToken();
4783
+ // Clear OAuth context from session storage. These are normally cleaned up in _handleOAuthCallback after a successful
4784
+ // token exchange, but if a user calls logout() while an OAuth flow is
4785
+ // mid-redirect (before callback completes), they'd be left behind.
4786
+ if (isBrowser) {
4787
+ try {
4788
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.OAUTH_CONTEXT);
4789
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.CODE_VERIFIER);
4790
+ }
4791
+ catch (error) {
4792
+ console.warn('Failed to clear OAuth context from session storage', error);
4793
+ }
4794
+ }
4795
+ }
4649
4796
  /**
4650
4797
  * Get the current token
4651
4798
  */
@@ -4777,8 +4924,8 @@ class AuthService {
4777
4924
  tenantName: this.config.tenantName,
4778
4925
  scope
4779
4926
  };
4780
- sessionStorage.setItem('uipath_sdk_oauth_context', JSON.stringify(oauthContext));
4781
- sessionStorage.setItem('uipath_sdk_code_verifier', codeVerifier);
4927
+ sessionStorage.setItem(AUTH_STORAGE_KEYS.OAUTH_CONTEXT, JSON.stringify(oauthContext));
4928
+ sessionStorage.setItem(AUTH_STORAGE_KEYS.CODE_VERIFIER, codeVerifier);
4782
4929
  const authUrl = this.getAuthorizationUrl({
4783
4930
  clientId,
4784
4931
  redirectUri,
@@ -4788,7 +4935,7 @@ class AuthService {
4788
4935
  window.location.href = authUrl;
4789
4936
  }
4790
4937
  async _handleOAuthCallback(code, clientId, redirectUri) {
4791
- const codeVerifier = sessionStorage.getItem('uipath_sdk_code_verifier');
4938
+ const codeVerifier = sessionStorage.getItem(AUTH_STORAGE_KEYS.CODE_VERIFIER);
4792
4939
  if (!codeVerifier) {
4793
4940
  throw new Error('Code verifier not found in session storage. Authentication may have been interrupted.');
4794
4941
  }
@@ -4799,8 +4946,8 @@ class AuthService {
4799
4946
  codeVerifier
4800
4947
  });
4801
4948
  // Clear OAuth context and code verifier after successful token exchange
4802
- sessionStorage.removeItem('uipath_sdk_oauth_context');
4803
- sessionStorage.removeItem('uipath_sdk_code_verifier');
4949
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.OAUTH_CONTEXT);
4950
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.CODE_VERIFIER);
4804
4951
  const url = new URL(window.location.href);
4805
4952
  url.searchParams.delete('code');
4806
4953
  url.searchParams.delete('state');
@@ -4808,14 +4955,42 @@ class AuthService {
4808
4955
  }
4809
4956
  }
4810
4957
 
4958
+ /**
4959
+ * Check if config has all required base fields
4960
+ */
4961
+ function hasRequiredBaseFields(config) {
4962
+ return Boolean(config.baseUrl && config.orgName && config.tenantName);
4963
+ }
4964
+ /**
4965
+ * Check if config has exactly one authentication method (secret XOR oauth)
4966
+ * Returns true if exactly one auth method is present, false otherwise
4967
+ */
4968
+ function hasValidAuthConfig(config) {
4969
+ const hasSecret = hasSecretConfig(config);
4970
+ const hasOAuth = hasOAuthConfig(config);
4971
+ // XOR: exactly one auth method, not both, not neither
4972
+ return hasSecret !== hasOAuth;
4973
+ }
4811
4974
  function validateConfig(config) {
4812
- if (!config.baseUrl || !config.orgName || !config.tenantName) {
4975
+ if (!hasRequiredBaseFields(config)) {
4813
4976
  throw new Error('Missing required configuration: baseUrl, orgName, and tenantName are required');
4814
4977
  }
4815
- if (!hasSecretConfig(config) && !hasOAuthConfig(config)) {
4816
- throw new Error('Invalid configuration: must provide either secret or (clientId, redirectUri, and scope)');
4978
+ const hasSecret = hasSecretConfig(config);
4979
+ const hasOAuth = hasOAuthConfig(config);
4980
+ if (hasSecret && hasOAuth) {
4981
+ throw new Error('Invalid configuration: cannot provide both secret and OAuth credentials. Choose one authentication method.');
4982
+ }
4983
+ if (!hasSecret && !hasOAuth) {
4984
+ throw new Error('Invalid configuration: must provide either secret or OAuth credentials (clientId, redirectUri, and scope)');
4817
4985
  }
4818
4986
  }
4987
+ /**
4988
+ * Check if partial config has all required fields for a complete SDK config
4989
+ * Requires base fields and exactly one authentication method (secret XOR oauth)
4990
+ */
4991
+ function isCompleteConfig(config) {
4992
+ return hasRequiredBaseFields(config) && hasValidAuthConfig(config);
4993
+ }
4819
4994
  function normalizeBaseUrl(url) {
4820
4995
  return url.endsWith('/') ? url.slice(0, -1) : url;
4821
4996
  }
@@ -4826,7 +5001,7 @@ function normalizeBaseUrl(url) {
4826
5001
  // Connection string placeholder that will be replaced during build
4827
5002
  const CONNECTION_STRING = "InstrumentationKey=a6efa11d-1feb-4508-9738-e13e12dcae5e;IngestionEndpoint=https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnostics.monitor.azure.com/;ApplicationId=7c58eb1c-9581-4ba6-839e-11725848a037";
4828
5003
  // SDK Version placeholder
4829
- const SDK_VERSION = "1.1.0";
5004
+ const SDK_VERSION = "1.1.2";
4830
5005
  const VERSION = "Version";
4831
5006
  const SERVICE = "Service";
4832
5007
  const CLOUD_ORGANIZATION_NAME = "CloudOrganizationName";
@@ -5034,6 +5209,65 @@ const telemetryClient = TelemetryClient.getInstance();
5034
5209
  /**
5035
5210
  * SDK Track decorator and function for telemetry
5036
5211
  */
5212
+ /**
5213
+ * Common tracking logic shared between method and function decorators
5214
+ */
5215
+ function createTrackedFunction(originalFunction, nameOrOptions, fallbackName, opts) {
5216
+ return function (...args) {
5217
+ // Determine if we should track this call
5218
+ let shouldTrack = true;
5219
+ if (opts.condition !== undefined) {
5220
+ if (typeof opts.condition === 'function') {
5221
+ shouldTrack = opts.condition.apply(this, args);
5222
+ }
5223
+ else {
5224
+ shouldTrack = opts.condition;
5225
+ }
5226
+ }
5227
+ // Track the event if enabled
5228
+ if (shouldTrack) {
5229
+ // Use the full name provided in the decorator (e.g., "Queue.GetAll")
5230
+ const serviceMethod = typeof nameOrOptions === 'string'
5231
+ ? nameOrOptions
5232
+ : fallbackName;
5233
+ // Use 'Sdk.Run' as the name and serviceMethod as the service
5234
+ telemetryClient.track(serviceMethod, SDK_RUN_EVENT, opts.attributes);
5235
+ }
5236
+ // Execute the original function
5237
+ return originalFunction.apply(this, args);
5238
+ };
5239
+ }
5240
+ /**
5241
+ * Track decorator that can be used to automatically track function calls
5242
+ *
5243
+ * Usage:
5244
+ * @track("Service.Method")
5245
+ * function myFunction() { ... }
5246
+ *
5247
+ * @track("Queue.GetAll")
5248
+ * async getAll() { ... }
5249
+ *
5250
+ * @track("Tasks.Create")
5251
+ * async create() { ... }
5252
+ *
5253
+ * @track("Assets.Update", { condition: false })
5254
+ * function myFunction() { ... }
5255
+ *
5256
+ * @track("Processes.Start", { attributes: { customProp: "value" } })
5257
+ * function myFunction() { ... }
5258
+ */
5259
+ function track(nameOrOptions, options) {
5260
+ return function decorator(_target, propertyKey, descriptor) {
5261
+ const opts = typeof nameOrOptions === 'object' ? nameOrOptions : options || {};
5262
+ if (descriptor && typeof descriptor.value === 'function') {
5263
+ // Method decorator
5264
+ descriptor.value = createTrackedFunction(descriptor.value, nameOrOptions, propertyKey || 'unknown_method', opts);
5265
+ return descriptor;
5266
+ }
5267
+ // Function decorator
5268
+ return (originalFunction) => createTrackedFunction(originalFunction, nameOrOptions, originalFunction.name || 'unknown_function', opts);
5269
+ };
5270
+ }
5037
5271
  /**
5038
5272
  * Direct tracking function
5039
5273
  */
@@ -5096,19 +5330,71 @@ class SDKInternalsRegistry {
5096
5330
  }
5097
5331
  }
5098
5332
 
5099
- var _UiPath_config, _UiPath_authService, _UiPath_initialized;
5333
+ /**
5334
+ * UiPath meta tag names for runtime configuration.
5335
+ *
5336
+ * These meta tags are injected at deployment time by the Apps Service
5337
+ * to configure SDK authentication and asset resolution in production.
5338
+ */
5339
+ var UiPathMetaTags;
5340
+ (function (UiPathMetaTags) {
5341
+ // SDK/OAuth configuration
5342
+ UiPathMetaTags["CLIENT_ID"] = "uipath:client-id";
5343
+ UiPathMetaTags["SCOPE"] = "uipath:scope";
5344
+ UiPathMetaTags["ORG_NAME"] = "uipath:org-name";
5345
+ UiPathMetaTags["TENANT_NAME"] = "uipath:tenant-name";
5346
+ UiPathMetaTags["BASE_URL"] = "uipath:base-url";
5347
+ UiPathMetaTags["REDIRECT_URI"] = "uipath:redirect-uri";
5348
+ // Asset resolution and routing
5349
+ UiPathMetaTags["CDN_BASE"] = "uipath:cdn-base";
5350
+ UiPathMetaTags["APP_BASE"] = "uipath:app-base";
5351
+ })(UiPathMetaTags || (UiPathMetaTags = {}));
5352
+
5353
+ /**
5354
+ * Get the content of a meta tag by name.
5355
+ * Returns undefined if not in browser environment or meta tag is not found.
5356
+ */
5357
+ function getMetaTagContent(name) {
5358
+ if (!isBrowser)
5359
+ return undefined;
5360
+ return document.querySelector(`meta[name="${name}"]`)?.content;
5361
+ }
5362
+ /**
5363
+ * Load configuration from HTML meta tags injected at runtime.
5364
+ * These meta tags are injected by @uipath/coded-apps during build
5365
+ * or by the Apps service during deployment.
5366
+ *
5367
+ * Returns partial config with values found, or null if no meta tags present.
5368
+ */
5369
+ function loadFromMetaTags() {
5370
+ if (!isBrowser)
5371
+ return null;
5372
+ const config = {
5373
+ clientId: getMetaTagContent(UiPathMetaTags.CLIENT_ID),
5374
+ scope: getMetaTagContent(UiPathMetaTags.SCOPE),
5375
+ orgName: getMetaTagContent(UiPathMetaTags.ORG_NAME),
5376
+ tenantName: getMetaTagContent(UiPathMetaTags.TENANT_NAME),
5377
+ baseUrl: getMetaTagContent(UiPathMetaTags.BASE_URL),
5378
+ redirectUri: getMetaTagContent(UiPathMetaTags.REDIRECT_URI),
5379
+ };
5380
+ const hasAnyValue = Object.values(config).some(Boolean);
5381
+ return hasAnyValue ? config : null;
5382
+ }
5383
+
5384
+ var _UiPath_instances, _UiPath_config, _UiPath_authService, _UiPath_initialized, _UiPath_partialConfig, _UiPath_initializeWithConfig, _UiPath_loadConfig;
5100
5385
  /**
5101
5386
  * UiPath - Core SDK class for authentication and configuration management.
5102
5387
  *
5103
5388
  * Handles authentication, configuration, and provides access to SDK internals
5104
5389
  * for service instantiation in the modular pattern.
5105
5390
  *
5391
+ * Supports two usage patterns:
5392
+ * 1. Full config in constructor — for server-side or explicit configuration
5393
+ * 2. No config / partial config — loads from meta tags injected by @uipath/coded-apps plugin
5394
+ *
5106
5395
  * @example
5107
5396
  * ```typescript
5108
- * // Modular pattern
5109
- * import { UiPath } from '@uipath/uipath-typescript/core';
5110
- * import { Entities } from '@uipath/uipath-typescript/entities';
5111
- *
5397
+ * // Explicit config
5112
5398
  * const sdk = new UiPath({
5113
5399
  * baseUrl: 'https://cloud.uipath.com',
5114
5400
  * orgName: 'myorg',
@@ -5117,70 +5403,47 @@ var _UiPath_config, _UiPath_authService, _UiPath_initialized;
5117
5403
  * redirectUri: 'http://localhost:3000/callback',
5118
5404
  * scope: 'OR.Users OR.Robots'
5119
5405
  * });
5120
- *
5121
5406
  * await sdk.initialize();
5407
+ * ```
5122
5408
  *
5123
- * const entitiesService = new Entities(sdk);
5124
- * const allEntities = await entitiesService.getAll();
5409
+ * @example
5410
+ * ```typescript
5411
+ * // Auto-load from meta tags (coded apps)
5412
+ * const sdk = new UiPath();
5413
+ * await sdk.initialize();
5125
5414
  * ```
5126
5415
  */
5127
5416
  class UiPath {
5128
5417
  constructor(config) {
5418
+ _UiPath_instances.add(this);
5129
5419
  // Private fields - true runtime privacy, not visible via Object.keys()
5130
5420
  _UiPath_config.set(this, void 0);
5131
5421
  _UiPath_authService.set(this, void 0);
5132
5422
  _UiPath_initialized.set(this, false);
5133
- // Validate and normalize the configuration
5134
- validateConfig(config);
5135
- const hasSecretAuth = hasSecretConfig(config);
5136
- const hasOAuthAuth = hasOAuthConfig(config);
5137
- // Initialize core components
5138
- const internalConfig = new UiPathConfig({
5139
- baseUrl: normalizeBaseUrl(config.baseUrl),
5140
- orgName: config.orgName,
5141
- tenantName: config.tenantName,
5142
- secret: hasSecretAuth ? config.secret : undefined,
5143
- clientId: hasOAuthAuth ? config.clientId : undefined,
5144
- redirectUri: hasOAuthAuth ? config.redirectUri : undefined,
5145
- scope: hasOAuthAuth ? config.scope : undefined
5146
- });
5147
- const executionContext = new ExecutionContext();
5148
- __classPrivateFieldSet(this, _UiPath_authService, new AuthService(internalConfig, executionContext), "f");
5149
- __classPrivateFieldSet(this, _UiPath_config, internalConfig, "f");
5150
- // Store internals in SDKInternalsRegistry (not visible on instance)
5151
- SDKInternalsRegistry.set(this, {
5152
- config: internalConfig,
5153
- context: executionContext,
5154
- tokenManager: __classPrivateFieldGet(this, _UiPath_authService, "f").getTokenManager()
5155
- });
5156
- // Expose read-only config for user convenience
5157
- this.config = {
5158
- baseUrl: internalConfig.baseUrl,
5159
- orgName: internalConfig.orgName,
5160
- tenantName: internalConfig.tenantName
5161
- };
5162
- // Initialize telemetry with SDK configuration
5163
- telemetryClient.initialize({
5164
- baseUrl: config.baseUrl,
5165
- orgName: config.orgName,
5166
- tenantName: config.tenantName,
5167
- clientId: hasOAuthAuth ? config.clientId : undefined,
5168
- redirectUri: hasOAuthAuth ? config.redirectUri : undefined
5169
- });
5170
- // Track SDK initialization
5171
- trackEvent('Sdk.Auth');
5172
- // Auto-initialize for secret-based auth
5173
- if (hasSecretAuth) {
5174
- __classPrivateFieldGet(this, _UiPath_authService, "f").authenticateWithSecret(config.secret);
5175
- __classPrivateFieldSet(this, _UiPath_initialized, true, "f");
5423
+ _UiPath_partialConfig.set(this, void 0);
5424
+ // Load configuration from meta tags
5425
+ const configFromMetaTags = loadFromMetaTags();
5426
+ // Merge configuration: constructor config overrides meta tags
5427
+ const mergedConfig = config ? { ...configFromMetaTags, ...config } : configFromMetaTags;
5428
+ if (mergedConfig && isCompleteConfig(mergedConfig)) {
5429
+ __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_initializeWithConfig).call(this, mergedConfig);
5430
+ }
5431
+ else if (config) {
5432
+ __classPrivateFieldSet(this, _UiPath_partialConfig, config, "f");
5176
5433
  }
5177
5434
  }
5178
5435
  /**
5179
5436
  * Initialize the SDK based on the provided configuration.
5180
5437
  * This method handles both OAuth flow initiation and completion automatically.
5181
5438
  * For secret-based authentication, initialization is automatic and this returns immediately.
5439
+ * If no config was provided in constructor, loads from meta tags.
5182
5440
  */
5183
5441
  async initialize() {
5442
+ // Load config from meta tags if not provided in constructor
5443
+ if (!__classPrivateFieldGet(this, _UiPath_config, "f")) {
5444
+ const loadedConfig = __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_loadConfig).call(this);
5445
+ __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_initializeWithConfig).call(this, loadedConfig);
5446
+ }
5184
5447
  // For secret-based auth, it's already initialized in constructor
5185
5448
  if (hasSecretConfig(__classPrivateFieldGet(this, _UiPath_config, "f"))) {
5186
5449
  return;
@@ -5227,6 +5490,11 @@ class UiPath {
5227
5490
  if (!AuthService.isInOAuthCallback()) {
5228
5491
  throw new Error('Not in OAuth callback state. Call initialize() first to start OAuth flow.');
5229
5492
  }
5493
+ // Load config if not yet initialized
5494
+ if (!__classPrivateFieldGet(this, _UiPath_config, "f")) {
5495
+ const loadedConfig = __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_loadConfig).call(this);
5496
+ __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_initializeWithConfig).call(this, loadedConfig);
5497
+ }
5230
5498
  try {
5231
5499
  const success = await __classPrivateFieldGet(this, _UiPath_authService, "f").authenticate(__classPrivateFieldGet(this, _UiPath_config, "f"));
5232
5500
  if (success && this.isAuthenticated()) {
@@ -5244,16 +5512,85 @@ class UiPath {
5244
5512
  * Check if the user is authenticated (has valid token)
5245
5513
  */
5246
5514
  isAuthenticated() {
5247
- return __classPrivateFieldGet(this, _UiPath_authService, "f").hasValidToken();
5515
+ return __classPrivateFieldGet(this, _UiPath_authService, "f")?.hasValidToken() ?? false;
5248
5516
  }
5249
5517
  /**
5250
5518
  * Get the current authentication token
5251
5519
  */
5252
5520
  getToken() {
5253
- return __classPrivateFieldGet(this, _UiPath_authService, "f").getToken();
5521
+ return __classPrivateFieldGet(this, _UiPath_authService, "f")?.getToken();
5254
5522
  }
5255
- }
5256
- _UiPath_config = new WeakMap(), _UiPath_authService = new WeakMap(), _UiPath_initialized = new WeakMap();
5523
+ /**
5524
+ * Logout from the SDK, clearing all authentication state.
5525
+ * After calling this method, the user will need to re-initialize to authenticate again.
5526
+ */
5527
+ logout() {
5528
+ // Secret-based auth has no session to end — skip silently
5529
+ if (__classPrivateFieldGet(this, _UiPath_config, "f") && hasSecretConfig(__classPrivateFieldGet(this, _UiPath_config, "f"))) {
5530
+ return;
5531
+ }
5532
+ __classPrivateFieldGet(this, _UiPath_authService, "f")?.logout();
5533
+ __classPrivateFieldSet(this, _UiPath_initialized, false, "f");
5534
+ }
5535
+ }
5536
+ _UiPath_config = new WeakMap(), _UiPath_authService = new WeakMap(), _UiPath_initialized = new WeakMap(), _UiPath_partialConfig = new WeakMap(), _UiPath_instances = new WeakSet(), _UiPath_initializeWithConfig = function _UiPath_initializeWithConfig(config) {
5537
+ // Validate and normalize the configuration
5538
+ validateConfig(config);
5539
+ const hasSecretAuth = hasSecretConfig(config);
5540
+ const hasOAuthAuth = hasOAuthConfig(config);
5541
+ // Initialize core components
5542
+ const internalConfig = new UiPathConfig({
5543
+ baseUrl: normalizeBaseUrl(config.baseUrl),
5544
+ orgName: config.orgName,
5545
+ tenantName: config.tenantName,
5546
+ secret: hasSecretAuth ? config.secret : undefined,
5547
+ clientId: hasOAuthAuth ? config.clientId : undefined,
5548
+ redirectUri: hasOAuthAuth ? config.redirectUri : undefined,
5549
+ scope: hasOAuthAuth ? config.scope : undefined
5550
+ });
5551
+ const executionContext = new ExecutionContext();
5552
+ __classPrivateFieldSet(this, _UiPath_authService, new AuthService(internalConfig, executionContext), "f");
5553
+ __classPrivateFieldSet(this, _UiPath_config, internalConfig, "f");
5554
+ // Store internals in SDKInternalsRegistry (not visible on instance)
5555
+ SDKInternalsRegistry.set(this, {
5556
+ config: internalConfig,
5557
+ context: executionContext,
5558
+ tokenManager: __classPrivateFieldGet(this, _UiPath_authService, "f").getTokenManager()
5559
+ });
5560
+ // Expose read-only config for user convenience
5561
+ this.config = {
5562
+ baseUrl: internalConfig.baseUrl,
5563
+ orgName: internalConfig.orgName,
5564
+ tenantName: internalConfig.tenantName
5565
+ };
5566
+ // Initialize telemetry with SDK configuration
5567
+ telemetryClient.initialize({
5568
+ baseUrl: config.baseUrl,
5569
+ orgName: config.orgName,
5570
+ tenantName: config.tenantName,
5571
+ clientId: hasOAuthAuth ? config.clientId : undefined,
5572
+ redirectUri: hasOAuthAuth ? config.redirectUri : undefined
5573
+ });
5574
+ // Track SDK initialization
5575
+ trackEvent('Sdk.Auth');
5576
+ /** Auto-initialize for secret-based auth
5577
+ * When viewed in Action Center, initialize tokenInfo with empty token. When an sdk call is made Action Center passes the token to sdk.
5578
+ */
5579
+ if (hasSecretAuth || isInActionCenter) {
5580
+ __classPrivateFieldGet(this, _UiPath_authService, "f").authenticateWithSecret(config.secret ?? '');
5581
+ __classPrivateFieldSet(this, _UiPath_initialized, true, "f");
5582
+ }
5583
+ }, _UiPath_loadConfig = function _UiPath_loadConfig() {
5584
+ // Load from meta tags
5585
+ const metaConfig = loadFromMetaTags();
5586
+ // Merge with any partial config from constructor (constructor overrides meta tags)
5587
+ const merged = { ...metaConfig, ...__classPrivateFieldGet(this, _UiPath_partialConfig, "f") };
5588
+ if (!isCompleteConfig(merged)) {
5589
+ throw new Error('UiPath SDK configuration not found. ' +
5590
+ 'Ensure @uipath/coded-apps plugin is set up in your bundler to inject configuration during development and build.');
5591
+ }
5592
+ return merged;
5593
+ };
5257
5594
 
5258
5595
  /**
5259
5596
  * Constants used throughout the pagination system
@@ -5278,8 +5615,16 @@ function getLimitedPageSize(pageSize) {
5278
5615
  return Math.max(1, Math.min(pageSize, MAX_PAGE_SIZE));
5279
5616
  }
5280
5617
 
5618
+ exports.APP_NAME = APP_NAME;
5281
5619
  exports.AuthenticationError = AuthenticationError;
5282
5620
  exports.AuthorizationError = AuthorizationError;
5621
+ exports.CLOUD_CLIENT_ID = CLOUD_CLIENT_ID;
5622
+ exports.CLOUD_ORGANIZATION_NAME = CLOUD_ORGANIZATION_NAME;
5623
+ exports.CLOUD_REDIRECT_URI = CLOUD_REDIRECT_URI;
5624
+ exports.CLOUD_ROLE_NAME = CLOUD_ROLE_NAME;
5625
+ exports.CLOUD_TENANT_NAME = CLOUD_TENANT_NAME;
5626
+ exports.CLOUD_URL = CLOUD_URL;
5627
+ exports.CONNECTION_STRING = CONNECTION_STRING;
5283
5628
  exports.DEFAULT_ITEMS_FIELD = DEFAULT_ITEMS_FIELD;
5284
5629
  exports.DEFAULT_PAGE_SIZE = DEFAULT_PAGE_SIZE;
5285
5630
  exports.DEFAULT_TOTAL_COUNT_FIELD = DEFAULT_TOTAL_COUNT_FIELD;
@@ -5289,9 +5634,16 @@ exports.MAX_PAGE_SIZE = MAX_PAGE_SIZE;
5289
5634
  exports.NetworkError = NetworkError;
5290
5635
  exports.NotFoundError = NotFoundError;
5291
5636
  exports.RateLimitError = RateLimitError;
5637
+ exports.SDK_LOGGER_NAME = SDK_LOGGER_NAME;
5638
+ exports.SDK_RUN_EVENT = SDK_RUN_EVENT;
5639
+ exports.SDK_SERVICE_NAME = SDK_SERVICE_NAME;
5640
+ exports.SDK_VERSION = SDK_VERSION;
5641
+ exports.SERVICE = SERVICE;
5292
5642
  exports.ServerError = ServerError;
5643
+ exports.UNKNOWN = UNKNOWN;
5293
5644
  exports.UiPath = UiPath;
5294
5645
  exports.UiPathError = UiPathError;
5646
+ exports.VERSION = VERSION;
5295
5647
  exports.ValidationError = ValidationError;
5296
5648
  exports.getErrorDetails = getErrorDetails;
5297
5649
  exports.getLimitedPageSize = getLimitedPageSize;
@@ -5303,3 +5655,6 @@ exports.isRateLimitError = isRateLimitError;
5303
5655
  exports.isServerError = isServerError;
5304
5656
  exports.isUiPathError = isUiPathError;
5305
5657
  exports.isValidationError = isValidationError;
5658
+ exports.telemetryClient = telemetryClient;
5659
+ exports.track = track;
5660
+ exports.trackEvent = trackEvent;