@uipath/uipath-typescript 1.1.1 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -3878,6 +3878,7 @@ class ExecutionContext {
3878
3878
  * Checks if code is running in a browser environment
3879
3879
  */
3880
3880
  const isBrowser = typeof window !== 'undefined' && typeof window.document !== 'undefined';
3881
+ const isInActionCenter = isBrowser && window.self != window.top && window.location.href.includes('source=ActionCenter');
3881
3882
 
3882
3883
  /**
3883
3884
  * Session storage keys used by the auth module
@@ -4180,6 +4181,102 @@ function getErrorDetails(error) {
4180
4181
  };
4181
4182
  }
4182
4183
 
4184
+ var ActionCenterEventNames;
4185
+ (function (ActionCenterEventNames) {
4186
+ ActionCenterEventNames["TOKENREFRESHED"] = "AC.tokenRefreshed";
4187
+ ActionCenterEventNames["REFRESHTOKEN"] = "AC.refreshToken";
4188
+ })(ActionCenterEventNames || (ActionCenterEventNames = {}));
4189
+
4190
+ const AUTHENTICATION_TIMEOUT = 8000;
4191
+ class ActionCenterTokenManager {
4192
+ constructor(config, onTokenRefreshed) {
4193
+ this.config = config;
4194
+ this.onTokenRefreshed = onTokenRefreshed;
4195
+ this.parentOrigin = new URLSearchParams(window.location.search).get('basedomain');
4196
+ this.refreshPromise = null;
4197
+ }
4198
+ async refreshAccessToken(tokenInfo) {
4199
+ if (!this.isTokenExpired(tokenInfo)) {
4200
+ return tokenInfo.token;
4201
+ }
4202
+ if (this.refreshPromise) {
4203
+ return this.refreshPromise;
4204
+ }
4205
+ this.refreshPromise = new Promise((resolve, reject) => {
4206
+ const content = {
4207
+ clientId: this.config.clientId,
4208
+ scope: this.config.scope,
4209
+ };
4210
+ this.sendMessageToParent(ActionCenterEventNames.REFRESHTOKEN, content);
4211
+ const messageListener = (event) => {
4212
+ if (event.origin !== this.parentOrigin)
4213
+ return;
4214
+ if (event.data?.eventType !== ActionCenterEventNames.TOKENREFRESHED)
4215
+ return;
4216
+ clearTimeout(timer);
4217
+ if (event.data?.content?.token) {
4218
+ const { accessToken, expiresAt } = event.data.content.token;
4219
+ this.onTokenRefreshed({ token: accessToken, type: 'secret', expiresAt });
4220
+ resolve(accessToken);
4221
+ }
4222
+ else {
4223
+ reject(new AuthenticationError({
4224
+ message: 'Failed to fetch access token',
4225
+ statusCode: HttpStatus.UNAUTHORIZED,
4226
+ }));
4227
+ }
4228
+ this.refreshPromise = null;
4229
+ this.cleanup(messageListener);
4230
+ };
4231
+ const timer = setTimeout(() => {
4232
+ reject(new AuthenticationError({
4233
+ message: 'Failed to fetch access token',
4234
+ statusCode: HttpStatus.UNAUTHORIZED,
4235
+ }));
4236
+ this.refreshPromise = null;
4237
+ this.cleanup(messageListener);
4238
+ }, AUTHENTICATION_TIMEOUT);
4239
+ window.addEventListener('message', messageListener);
4240
+ });
4241
+ return this.refreshPromise;
4242
+ }
4243
+ isTokenExpired(tokenInfo) {
4244
+ if (!tokenInfo?.expiresAt) {
4245
+ return true;
4246
+ }
4247
+ return new Date() >= tokenInfo.expiresAt;
4248
+ }
4249
+ sendMessageToParent(eventType, content) {
4250
+ if (window.parent && this.isValidOrigin(this.parentOrigin)) {
4251
+ try {
4252
+ window.parent.postMessage({ eventType, content }, this.parentOrigin);
4253
+ }
4254
+ catch (error) {
4255
+ console.warn('Failed to send message to Action Center', JSON.stringify(error));
4256
+ }
4257
+ }
4258
+ }
4259
+ cleanup(messageListener) {
4260
+ window.removeEventListener('message', messageListener);
4261
+ }
4262
+ isValidOrigin(origin) {
4263
+ const ALLOWED_ORIGINS = ['https://alpha.uipath.com', 'https://staging.uipath.com', 'https://cloud.uipath.com'];
4264
+ if (!origin) {
4265
+ return false;
4266
+ }
4267
+ if (ALLOWED_ORIGINS.includes(origin)) {
4268
+ return true;
4269
+ }
4270
+ try {
4271
+ const url = new URL(origin);
4272
+ return url.hostname === 'localhost';
4273
+ }
4274
+ catch {
4275
+ return false;
4276
+ }
4277
+ }
4278
+ }
4279
+
4183
4280
  /**
4184
4281
  * TokenManager is responsible for managing authentication tokens.
4185
4282
  * It provides token operations for a specific client ID.
@@ -4198,6 +4295,11 @@ class TokenManager {
4198
4295
  this.config = config;
4199
4296
  this.isOAuth = isOAuth;
4200
4297
  this.refreshPromise = null;
4298
+ this.actionCenterTokenManager = null;
4299
+ if (isInActionCenter) {
4300
+ this.actionCenterTokenManager = new ActionCenterTokenManager(config, (tokenInfo) => this.setToken(tokenInfo));
4301
+ this.isOAuth = false;
4302
+ }
4201
4303
  }
4202
4304
  /**
4203
4305
  * Checks if a token is expired
@@ -4225,6 +4327,9 @@ class TokenManager {
4225
4327
  message: 'No authentication token available. Make sure to initialize the SDK first.'
4226
4328
  });
4227
4329
  }
4330
+ if (this.actionCenterTokenManager) {
4331
+ return await this.actionCenterTokenManager.refreshAccessToken(tokenInfo);
4332
+ }
4228
4333
  // For secret-based tokens, they never expire
4229
4334
  if (tokenInfo.type === 'secret') {
4230
4335
  return tokenInfo.token;
@@ -4369,9 +4474,6 @@ class TokenManager {
4369
4474
  clearToken() {
4370
4475
  this.currentToken = undefined;
4371
4476
  this.executionContext.set('tokenInfo', undefined);
4372
- const headers = this.executionContext.getHeaders();
4373
- delete headers['Authorization'];
4374
- this.executionContext.setHeaders(headers);
4375
4477
  // Remove from session storage if this is an OAuth token
4376
4478
  if (isBrowser && this.isOAuth) {
4377
4479
  try {
@@ -4387,10 +4489,6 @@ class TokenManager {
4387
4489
  */
4388
4490
  _updateExecutionContext(tokenInfo) {
4389
4491
  this.executionContext.set('tokenInfo', tokenInfo);
4390
- // Update authorization header
4391
- this.executionContext.setHeaders({
4392
- 'Authorization': `Bearer ${tokenInfo.token}`
4393
- });
4394
4492
  }
4395
4493
  /**
4396
4494
  * Refreshes the access token using the stored refresh token.
@@ -4478,8 +4576,15 @@ const IDENTITY_ENDPOINTS = {
4478
4576
 
4479
4577
  class AuthService {
4480
4578
  constructor(config, executionContext) {
4481
- // Check if we should use stored OAuth context instead of provided config
4482
- const storedContext = AuthService.getStoredOAuthContext();
4579
+ // Only use stored OAuth context when completing an active callback (URL has ?code=).
4580
+ // If stored context exists but we're NOT in a callback, it's stale from a
4581
+ // failed/abandoned flow (e.g. scope mismatch, invalid redirect URI) and must
4582
+ // be cleared so the fresh config takes effect.
4583
+ const isCallback = AuthService.isInOAuthCallback();
4584
+ const storedContext = isCallback ? AuthService.getStoredOAuthContext() : null;
4585
+ if (!isCallback) {
4586
+ AuthService._clearStoredOAuthContext();
4587
+ }
4483
4588
  const effectiveConfig = storedContext ? AuthService._mergeConfigWithContext(config, storedContext) : config;
4484
4589
  this.config = effectiveConfig;
4485
4590
  const isOAuth = hasOAuthConfig(effectiveConfig);
@@ -4526,6 +4631,22 @@ class AuthService {
4526
4631
  return null;
4527
4632
  }
4528
4633
  }
4634
+ /**
4635
+ * Clear stale OAuth context from session storage.
4636
+ * Called when there is no active OAuth callback, meaning any stored context
4637
+ * is left over from a failed or abandoned flow.
4638
+ */
4639
+ static _clearStoredOAuthContext() {
4640
+ if (!isBrowser)
4641
+ return;
4642
+ try {
4643
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.OAUTH_CONTEXT);
4644
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.CODE_VERIFIER);
4645
+ }
4646
+ catch {
4647
+ // Ignore storage errors
4648
+ }
4649
+ }
4529
4650
  /**
4530
4651
  * Merges provided config with stored OAuth context, prioritizing stored values
4531
4652
  */
@@ -4834,14 +4955,42 @@ class AuthService {
4834
4955
  }
4835
4956
  }
4836
4957
 
4958
+ /**
4959
+ * Check if config has all required base fields
4960
+ */
4961
+ function hasRequiredBaseFields(config) {
4962
+ return Boolean(config.baseUrl && config.orgName && config.tenantName);
4963
+ }
4964
+ /**
4965
+ * Check if config has exactly one authentication method (secret XOR oauth)
4966
+ * Returns true if exactly one auth method is present, false otherwise
4967
+ */
4968
+ function hasValidAuthConfig(config) {
4969
+ const hasSecret = hasSecretConfig(config);
4970
+ const hasOAuth = hasOAuthConfig(config);
4971
+ // XOR: exactly one auth method, not both, not neither
4972
+ return hasSecret !== hasOAuth;
4973
+ }
4837
4974
  function validateConfig(config) {
4838
- if (!config.baseUrl || !config.orgName || !config.tenantName) {
4975
+ if (!hasRequiredBaseFields(config)) {
4839
4976
  throw new Error('Missing required configuration: baseUrl, orgName, and tenantName are required');
4840
4977
  }
4841
- if (!hasSecretConfig(config) && !hasOAuthConfig(config)) {
4842
- throw new Error('Invalid configuration: must provide either secret or (clientId, redirectUri, and scope)');
4978
+ const hasSecret = hasSecretConfig(config);
4979
+ const hasOAuth = hasOAuthConfig(config);
4980
+ if (hasSecret && hasOAuth) {
4981
+ throw new Error('Invalid configuration: cannot provide both secret and OAuth credentials. Choose one authentication method.');
4982
+ }
4983
+ if (!hasSecret && !hasOAuth) {
4984
+ throw new Error('Invalid configuration: must provide either secret or OAuth credentials (clientId, redirectUri, and scope)');
4843
4985
  }
4844
4986
  }
4987
+ /**
4988
+ * Check if partial config has all required fields for a complete SDK config
4989
+ * Requires base fields and exactly one authentication method (secret XOR oauth)
4990
+ */
4991
+ function isCompleteConfig(config) {
4992
+ return hasRequiredBaseFields(config) && hasValidAuthConfig(config);
4993
+ }
4845
4994
  function normalizeBaseUrl(url) {
4846
4995
  return url.endsWith('/') ? url.slice(0, -1) : url;
4847
4996
  }
@@ -4852,7 +5001,7 @@ function normalizeBaseUrl(url) {
4852
5001
  // Connection string placeholder that will be replaced during build
4853
5002
  const CONNECTION_STRING = "InstrumentationKey=a6efa11d-1feb-4508-9738-e13e12dcae5e;IngestionEndpoint=https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnostics.monitor.azure.com/;ApplicationId=7c58eb1c-9581-4ba6-839e-11725848a037";
4854
5003
  // SDK Version placeholder
4855
- const SDK_VERSION = "1.1.1";
5004
+ const SDK_VERSION = "1.1.2";
4856
5005
  const VERSION = "Version";
4857
5006
  const SERVICE = "Service";
4858
5007
  const CLOUD_ORGANIZATION_NAME = "CloudOrganizationName";
@@ -5181,19 +5330,71 @@ class SDKInternalsRegistry {
5181
5330
  }
5182
5331
  }
5183
5332
 
5184
- var _UiPath_config, _UiPath_authService, _UiPath_initialized;
5333
+ /**
5334
+ * UiPath meta tag names for runtime configuration.
5335
+ *
5336
+ * These meta tags are injected at deployment time by the Apps Service
5337
+ * to configure SDK authentication and asset resolution in production.
5338
+ */
5339
+ var UiPathMetaTags;
5340
+ (function (UiPathMetaTags) {
5341
+ // SDK/OAuth configuration
5342
+ UiPathMetaTags["CLIENT_ID"] = "uipath:client-id";
5343
+ UiPathMetaTags["SCOPE"] = "uipath:scope";
5344
+ UiPathMetaTags["ORG_NAME"] = "uipath:org-name";
5345
+ UiPathMetaTags["TENANT_NAME"] = "uipath:tenant-name";
5346
+ UiPathMetaTags["BASE_URL"] = "uipath:base-url";
5347
+ UiPathMetaTags["REDIRECT_URI"] = "uipath:redirect-uri";
5348
+ // Asset resolution and routing
5349
+ UiPathMetaTags["CDN_BASE"] = "uipath:cdn-base";
5350
+ UiPathMetaTags["APP_BASE"] = "uipath:app-base";
5351
+ })(UiPathMetaTags || (UiPathMetaTags = {}));
5352
+
5353
+ /**
5354
+ * Get the content of a meta tag by name.
5355
+ * Returns undefined if not in browser environment or meta tag is not found.
5356
+ */
5357
+ function getMetaTagContent(name) {
5358
+ if (!isBrowser)
5359
+ return undefined;
5360
+ return document.querySelector(`meta[name="${name}"]`)?.content;
5361
+ }
5362
+ /**
5363
+ * Load configuration from HTML meta tags injected at runtime.
5364
+ * These meta tags are injected by @uipath/coded-apps during build
5365
+ * or by the Apps service during deployment.
5366
+ *
5367
+ * Returns partial config with values found, or null if no meta tags present.
5368
+ */
5369
+ function loadFromMetaTags() {
5370
+ if (!isBrowser)
5371
+ return null;
5372
+ const config = {
5373
+ clientId: getMetaTagContent(UiPathMetaTags.CLIENT_ID),
5374
+ scope: getMetaTagContent(UiPathMetaTags.SCOPE),
5375
+ orgName: getMetaTagContent(UiPathMetaTags.ORG_NAME),
5376
+ tenantName: getMetaTagContent(UiPathMetaTags.TENANT_NAME),
5377
+ baseUrl: getMetaTagContent(UiPathMetaTags.BASE_URL),
5378
+ redirectUri: getMetaTagContent(UiPathMetaTags.REDIRECT_URI),
5379
+ };
5380
+ const hasAnyValue = Object.values(config).some(Boolean);
5381
+ return hasAnyValue ? config : null;
5382
+ }
5383
+
5384
+ var _UiPath_instances, _UiPath_config, _UiPath_authService, _UiPath_initialized, _UiPath_partialConfig, _UiPath_initializeWithConfig, _UiPath_loadConfig;
5185
5385
  /**
5186
5386
  * UiPath - Core SDK class for authentication and configuration management.
5187
5387
  *
5188
5388
  * Handles authentication, configuration, and provides access to SDK internals
5189
5389
  * for service instantiation in the modular pattern.
5190
5390
  *
5391
+ * Supports two usage patterns:
5392
+ * 1. Full config in constructor — for server-side or explicit configuration
5393
+ * 2. No config / partial config — loads from meta tags injected by @uipath/coded-apps plugin
5394
+ *
5191
5395
  * @example
5192
5396
  * ```typescript
5193
- * // Modular pattern
5194
- * import { UiPath } from '@uipath/uipath-typescript/core';
5195
- * import { Entities } from '@uipath/uipath-typescript/entities';
5196
- *
5397
+ * // Explicit config
5197
5398
  * const sdk = new UiPath({
5198
5399
  * baseUrl: 'https://cloud.uipath.com',
5199
5400
  * orgName: 'myorg',
@@ -5202,70 +5403,47 @@ var _UiPath_config, _UiPath_authService, _UiPath_initialized;
5202
5403
  * redirectUri: 'http://localhost:3000/callback',
5203
5404
  * scope: 'OR.Users OR.Robots'
5204
5405
  * });
5205
- *
5206
5406
  * await sdk.initialize();
5407
+ * ```
5207
5408
  *
5208
- * const entitiesService = new Entities(sdk);
5209
- * const allEntities = await entitiesService.getAll();
5409
+ * @example
5410
+ * ```typescript
5411
+ * // Auto-load from meta tags (coded apps)
5412
+ * const sdk = new UiPath();
5413
+ * await sdk.initialize();
5210
5414
  * ```
5211
5415
  */
5212
5416
  class UiPath {
5213
5417
  constructor(config) {
5418
+ _UiPath_instances.add(this);
5214
5419
  // Private fields - true runtime privacy, not visible via Object.keys()
5215
5420
  _UiPath_config.set(this, void 0);
5216
5421
  _UiPath_authService.set(this, void 0);
5217
5422
  _UiPath_initialized.set(this, false);
5218
- // Validate and normalize the configuration
5219
- validateConfig(config);
5220
- const hasSecretAuth = hasSecretConfig(config);
5221
- const hasOAuthAuth = hasOAuthConfig(config);
5222
- // Initialize core components
5223
- const internalConfig = new UiPathConfig({
5224
- baseUrl: normalizeBaseUrl(config.baseUrl),
5225
- orgName: config.orgName,
5226
- tenantName: config.tenantName,
5227
- secret: hasSecretAuth ? config.secret : undefined,
5228
- clientId: hasOAuthAuth ? config.clientId : undefined,
5229
- redirectUri: hasOAuthAuth ? config.redirectUri : undefined,
5230
- scope: hasOAuthAuth ? config.scope : undefined
5231
- });
5232
- const executionContext = new ExecutionContext();
5233
- __classPrivateFieldSet(this, _UiPath_authService, new AuthService(internalConfig, executionContext), "f");
5234
- __classPrivateFieldSet(this, _UiPath_config, internalConfig, "f");
5235
- // Store internals in SDKInternalsRegistry (not visible on instance)
5236
- SDKInternalsRegistry.set(this, {
5237
- config: internalConfig,
5238
- context: executionContext,
5239
- tokenManager: __classPrivateFieldGet(this, _UiPath_authService, "f").getTokenManager()
5240
- });
5241
- // Expose read-only config for user convenience
5242
- this.config = {
5243
- baseUrl: internalConfig.baseUrl,
5244
- orgName: internalConfig.orgName,
5245
- tenantName: internalConfig.tenantName
5246
- };
5247
- // Initialize telemetry with SDK configuration
5248
- telemetryClient.initialize({
5249
- baseUrl: config.baseUrl,
5250
- orgName: config.orgName,
5251
- tenantName: config.tenantName,
5252
- clientId: hasOAuthAuth ? config.clientId : undefined,
5253
- redirectUri: hasOAuthAuth ? config.redirectUri : undefined
5254
- });
5255
- // Track SDK initialization
5256
- trackEvent('Sdk.Auth');
5257
- // Auto-initialize for secret-based auth
5258
- if (hasSecretAuth) {
5259
- __classPrivateFieldGet(this, _UiPath_authService, "f").authenticateWithSecret(config.secret);
5260
- __classPrivateFieldSet(this, _UiPath_initialized, true, "f");
5423
+ _UiPath_partialConfig.set(this, void 0);
5424
+ // Load configuration from meta tags
5425
+ const configFromMetaTags = loadFromMetaTags();
5426
+ // Merge configuration: constructor config overrides meta tags
5427
+ const mergedConfig = config ? { ...configFromMetaTags, ...config } : configFromMetaTags;
5428
+ if (mergedConfig && isCompleteConfig(mergedConfig)) {
5429
+ __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_initializeWithConfig).call(this, mergedConfig);
5430
+ }
5431
+ else if (config) {
5432
+ __classPrivateFieldSet(this, _UiPath_partialConfig, config, "f");
5261
5433
  }
5262
5434
  }
5263
5435
  /**
5264
5436
  * Initialize the SDK based on the provided configuration.
5265
5437
  * This method handles both OAuth flow initiation and completion automatically.
5266
5438
  * For secret-based authentication, initialization is automatic and this returns immediately.
5439
+ * If no config was provided in constructor, loads from meta tags.
5267
5440
  */
5268
5441
  async initialize() {
5442
+ // Load config from meta tags if not provided in constructor
5443
+ if (!__classPrivateFieldGet(this, _UiPath_config, "f")) {
5444
+ const loadedConfig = __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_loadConfig).call(this);
5445
+ __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_initializeWithConfig).call(this, loadedConfig);
5446
+ }
5269
5447
  // For secret-based auth, it's already initialized in constructor
5270
5448
  if (hasSecretConfig(__classPrivateFieldGet(this, _UiPath_config, "f"))) {
5271
5449
  return;
@@ -5312,6 +5490,11 @@ class UiPath {
5312
5490
  if (!AuthService.isInOAuthCallback()) {
5313
5491
  throw new Error('Not in OAuth callback state. Call initialize() first to start OAuth flow.');
5314
5492
  }
5493
+ // Load config if not yet initialized
5494
+ if (!__classPrivateFieldGet(this, _UiPath_config, "f")) {
5495
+ const loadedConfig = __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_loadConfig).call(this);
5496
+ __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_initializeWithConfig).call(this, loadedConfig);
5497
+ }
5315
5498
  try {
5316
5499
  const success = await __classPrivateFieldGet(this, _UiPath_authService, "f").authenticate(__classPrivateFieldGet(this, _UiPath_config, "f"));
5317
5500
  if (success && this.isAuthenticated()) {
@@ -5329,13 +5512,13 @@ class UiPath {
5329
5512
  * Check if the user is authenticated (has valid token)
5330
5513
  */
5331
5514
  isAuthenticated() {
5332
- return __classPrivateFieldGet(this, _UiPath_authService, "f").hasValidToken();
5515
+ return __classPrivateFieldGet(this, _UiPath_authService, "f")?.hasValidToken() ?? false;
5333
5516
  }
5334
5517
  /**
5335
5518
  * Get the current authentication token
5336
5519
  */
5337
5520
  getToken() {
5338
- return __classPrivateFieldGet(this, _UiPath_authService, "f").getToken();
5521
+ return __classPrivateFieldGet(this, _UiPath_authService, "f")?.getToken();
5339
5522
  }
5340
5523
  /**
5341
5524
  * Logout from the SDK, clearing all authentication state.
@@ -5343,14 +5526,71 @@ class UiPath {
5343
5526
  */
5344
5527
  logout() {
5345
5528
  // Secret-based auth has no session to end — skip silently
5346
- if (hasSecretConfig(__classPrivateFieldGet(this, _UiPath_config, "f"))) {
5529
+ if (__classPrivateFieldGet(this, _UiPath_config, "f") && hasSecretConfig(__classPrivateFieldGet(this, _UiPath_config, "f"))) {
5347
5530
  return;
5348
5531
  }
5349
- __classPrivateFieldGet(this, _UiPath_authService, "f").logout();
5532
+ __classPrivateFieldGet(this, _UiPath_authService, "f")?.logout();
5350
5533
  __classPrivateFieldSet(this, _UiPath_initialized, false, "f");
5351
5534
  }
5352
5535
  }
5353
- _UiPath_config = new WeakMap(), _UiPath_authService = new WeakMap(), _UiPath_initialized = new WeakMap();
5536
+ _UiPath_config = new WeakMap(), _UiPath_authService = new WeakMap(), _UiPath_initialized = new WeakMap(), _UiPath_partialConfig = new WeakMap(), _UiPath_instances = new WeakSet(), _UiPath_initializeWithConfig = function _UiPath_initializeWithConfig(config) {
5537
+ // Validate and normalize the configuration
5538
+ validateConfig(config);
5539
+ const hasSecretAuth = hasSecretConfig(config);
5540
+ const hasOAuthAuth = hasOAuthConfig(config);
5541
+ // Initialize core components
5542
+ const internalConfig = new UiPathConfig({
5543
+ baseUrl: normalizeBaseUrl(config.baseUrl),
5544
+ orgName: config.orgName,
5545
+ tenantName: config.tenantName,
5546
+ secret: hasSecretAuth ? config.secret : undefined,
5547
+ clientId: hasOAuthAuth ? config.clientId : undefined,
5548
+ redirectUri: hasOAuthAuth ? config.redirectUri : undefined,
5549
+ scope: hasOAuthAuth ? config.scope : undefined
5550
+ });
5551
+ const executionContext = new ExecutionContext();
5552
+ __classPrivateFieldSet(this, _UiPath_authService, new AuthService(internalConfig, executionContext), "f");
5553
+ __classPrivateFieldSet(this, _UiPath_config, internalConfig, "f");
5554
+ // Store internals in SDKInternalsRegistry (not visible on instance)
5555
+ SDKInternalsRegistry.set(this, {
5556
+ config: internalConfig,
5557
+ context: executionContext,
5558
+ tokenManager: __classPrivateFieldGet(this, _UiPath_authService, "f").getTokenManager()
5559
+ });
5560
+ // Expose read-only config for user convenience
5561
+ this.config = {
5562
+ baseUrl: internalConfig.baseUrl,
5563
+ orgName: internalConfig.orgName,
5564
+ tenantName: internalConfig.tenantName
5565
+ };
5566
+ // Initialize telemetry with SDK configuration
5567
+ telemetryClient.initialize({
5568
+ baseUrl: config.baseUrl,
5569
+ orgName: config.orgName,
5570
+ tenantName: config.tenantName,
5571
+ clientId: hasOAuthAuth ? config.clientId : undefined,
5572
+ redirectUri: hasOAuthAuth ? config.redirectUri : undefined
5573
+ });
5574
+ // Track SDK initialization
5575
+ trackEvent('Sdk.Auth');
5576
+ /** Auto-initialize for secret-based auth
5577
+ * When viewed in Action Center, initialize tokenInfo with empty token. When an sdk call is made Action Center passes the token to sdk.
5578
+ */
5579
+ if (hasSecretAuth || isInActionCenter) {
5580
+ __classPrivateFieldGet(this, _UiPath_authService, "f").authenticateWithSecret(config.secret ?? '');
5581
+ __classPrivateFieldSet(this, _UiPath_initialized, true, "f");
5582
+ }
5583
+ }, _UiPath_loadConfig = function _UiPath_loadConfig() {
5584
+ // Load from meta tags
5585
+ const metaConfig = loadFromMetaTags();
5586
+ // Merge with any partial config from constructor (constructor overrides meta tags)
5587
+ const merged = { ...metaConfig, ...__classPrivateFieldGet(this, _UiPath_partialConfig, "f") };
5588
+ if (!isCompleteConfig(merged)) {
5589
+ throw new Error('UiPath SDK configuration not found. ' +
5590
+ 'Ensure @uipath/coded-apps plugin is set up in your bundler to inject configuration during development and build.');
5591
+ }
5592
+ return merged;
5593
+ };
5354
5594
 
5355
5595
  /**
5356
5596
  * Constants used throughout the pagination system
@@ -16,6 +16,9 @@ type UiPathSDKConfig = BaseConfig & ({
16
16
  } | ({
17
17
  secret?: never;
18
18
  } & OAuthFields));
19
+ type PartialUiPathConfig = Partial<BaseConfig & OAuthFields & {
20
+ secret: string;
21
+ }>;
19
22
 
20
23
  /**
21
24
  * IUiPath - Interface for UiPath SDK instance
@@ -69,12 +72,13 @@ interface IUiPath {
69
72
  * Handles authentication, configuration, and provides access to SDK internals
70
73
  * for service instantiation in the modular pattern.
71
74
  *
75
+ * Supports two usage patterns:
76
+ * 1. Full config in constructor — for server-side or explicit configuration
77
+ * 2. No config / partial config — loads from meta tags injected by @uipath/coded-apps plugin
78
+ *
72
79
  * @example
73
80
  * ```typescript
74
- * // Modular pattern
75
- * import { UiPath } from '@uipath/uipath-typescript/core';
76
- * import { Entities } from '@uipath/uipath-typescript/entities';
77
- *
81
+ * // Explicit config
78
82
  * const sdk = new UiPath({
79
83
  * baseUrl: 'https://cloud.uipath.com',
80
84
  * orgName: 'myorg',
@@ -83,22 +87,26 @@ interface IUiPath {
83
87
  * redirectUri: 'http://localhost:3000/callback',
84
88
  * scope: 'OR.Users OR.Robots'
85
89
  * });
86
- *
87
90
  * await sdk.initialize();
91
+ * ```
88
92
  *
89
- * const entitiesService = new Entities(sdk);
90
- * const allEntities = await entitiesService.getAll();
93
+ * @example
94
+ * ```typescript
95
+ * // Auto-load from meta tags (coded apps)
96
+ * const sdk = new UiPath();
97
+ * await sdk.initialize();
91
98
  * ```
92
99
  */
93
100
  declare class UiPath implements IUiPath {
94
101
  #private;
95
102
  /** Read-only config for user convenience */
96
103
  readonly config: Readonly<BaseConfig>;
97
- constructor(config: UiPathSDKConfig);
104
+ constructor(config?: PartialUiPathConfig);
98
105
  /**
99
106
  * Initialize the SDK based on the provided configuration.
100
107
  * This method handles both OAuth flow initiation and completion automatically.
101
108
  * For secret-based authentication, initialization is automatic and this returns immediately.
109
+ * If no config was provided in constructor, loads from meta tags.
102
110
  */
103
111
  initialize(): Promise<void>;
104
112
  /**
@@ -487,7 +495,7 @@ declare const telemetryClient: TelemetryClient;
487
495
  * SDK Telemetry constants
488
496
  */
489
497
  declare const CONNECTION_STRING = "InstrumentationKey=a6efa11d-1feb-4508-9738-e13e12dcae5e;IngestionEndpoint=https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnostics.monitor.azure.com/;ApplicationId=7c58eb1c-9581-4ba6-839e-11725848a037";
490
- declare const SDK_VERSION = "1.1.1";
498
+ declare const SDK_VERSION = "1.1.2";
491
499
  declare const VERSION = "Version";
492
500
  declare const SERVICE = "Service";
493
501
  declare const CLOUD_ORGANIZATION_NAME = "CloudOrganizationName";