@uipath/uipath-typescript 1.1.1 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.umd.js CHANGED
@@ -3887,6 +3887,7 @@
3887
3887
  * Checks if code is running in a browser environment
3888
3888
  */
3889
3889
  const isBrowser = typeof window !== 'undefined' && typeof window.document !== 'undefined';
3890
+ const isInActionCenter = isBrowser && window.self != window.top && window.location.href.includes('source=ActionCenter');
3890
3891
 
3891
3892
  /**
3892
3893
  * Session storage keys used by the auth module
@@ -4203,6 +4204,102 @@
4203
4204
  };
4204
4205
  }
4205
4206
 
4207
+ var ActionCenterEventNames;
4208
+ (function (ActionCenterEventNames) {
4209
+ ActionCenterEventNames["TOKENREFRESHED"] = "AC.tokenRefreshed";
4210
+ ActionCenterEventNames["REFRESHTOKEN"] = "AC.refreshToken";
4211
+ })(ActionCenterEventNames || (ActionCenterEventNames = {}));
4212
+
4213
+ const AUTHENTICATION_TIMEOUT = 8000;
4214
+ class ActionCenterTokenManager {
4215
+ constructor(config, onTokenRefreshed) {
4216
+ this.config = config;
4217
+ this.onTokenRefreshed = onTokenRefreshed;
4218
+ this.parentOrigin = new URLSearchParams(window.location.search).get('basedomain');
4219
+ this.refreshPromise = null;
4220
+ }
4221
+ async refreshAccessToken(tokenInfo) {
4222
+ if (!this.isTokenExpired(tokenInfo)) {
4223
+ return tokenInfo.token;
4224
+ }
4225
+ if (this.refreshPromise) {
4226
+ return this.refreshPromise;
4227
+ }
4228
+ this.refreshPromise = new Promise((resolve, reject) => {
4229
+ const content = {
4230
+ clientId: this.config.clientId,
4231
+ scope: this.config.scope,
4232
+ };
4233
+ this.sendMessageToParent(ActionCenterEventNames.REFRESHTOKEN, content);
4234
+ const messageListener = (event) => {
4235
+ if (event.origin !== this.parentOrigin)
4236
+ return;
4237
+ if (event.data?.eventType !== ActionCenterEventNames.TOKENREFRESHED)
4238
+ return;
4239
+ clearTimeout(timer);
4240
+ if (event.data?.content?.token) {
4241
+ const { accessToken, expiresAt } = event.data.content.token;
4242
+ this.onTokenRefreshed({ token: accessToken, type: 'secret', expiresAt });
4243
+ resolve(accessToken);
4244
+ }
4245
+ else {
4246
+ reject(new AuthenticationError({
4247
+ message: 'Failed to fetch access token',
4248
+ statusCode: HttpStatus.UNAUTHORIZED,
4249
+ }));
4250
+ }
4251
+ this.refreshPromise = null;
4252
+ this.cleanup(messageListener);
4253
+ };
4254
+ const timer = setTimeout(() => {
4255
+ reject(new AuthenticationError({
4256
+ message: 'Failed to fetch access token',
4257
+ statusCode: HttpStatus.UNAUTHORIZED,
4258
+ }));
4259
+ this.refreshPromise = null;
4260
+ this.cleanup(messageListener);
4261
+ }, AUTHENTICATION_TIMEOUT);
4262
+ window.addEventListener('message', messageListener);
4263
+ });
4264
+ return this.refreshPromise;
4265
+ }
4266
+ isTokenExpired(tokenInfo) {
4267
+ if (!tokenInfo?.expiresAt) {
4268
+ return true;
4269
+ }
4270
+ return new Date() >= tokenInfo.expiresAt;
4271
+ }
4272
+ sendMessageToParent(eventType, content) {
4273
+ if (window.parent && this.isValidOrigin(this.parentOrigin)) {
4274
+ try {
4275
+ window.parent.postMessage({ eventType, content }, this.parentOrigin);
4276
+ }
4277
+ catch (error) {
4278
+ console.warn('Failed to send message to Action Center', JSON.stringify(error));
4279
+ }
4280
+ }
4281
+ }
4282
+ cleanup(messageListener) {
4283
+ window.removeEventListener('message', messageListener);
4284
+ }
4285
+ isValidOrigin(origin) {
4286
+ const ALLOWED_ORIGINS = ['https://alpha.uipath.com', 'https://staging.uipath.com', 'https://cloud.uipath.com'];
4287
+ if (!origin) {
4288
+ return false;
4289
+ }
4290
+ if (ALLOWED_ORIGINS.includes(origin)) {
4291
+ return true;
4292
+ }
4293
+ try {
4294
+ const url = new URL(origin);
4295
+ return url.hostname === 'localhost';
4296
+ }
4297
+ catch {
4298
+ return false;
4299
+ }
4300
+ }
4301
+ }
4302
+
4206
4303
  /**
4207
4304
  * TokenManager is responsible for managing authentication tokens.
4208
4305
  * It provides token operations for a specific client ID.
@@ -4221,6 +4318,11 @@
4221
4318
  this.config = config;
4222
4319
  this.isOAuth = isOAuth;
4223
4320
  this.refreshPromise = null;
4321
+ this.actionCenterTokenManager = null;
4322
+ if (isInActionCenter) {
4323
+ this.actionCenterTokenManager = new ActionCenterTokenManager(config, (tokenInfo) => this.setToken(tokenInfo));
4324
+ this.isOAuth = false;
4325
+ }
4224
4326
  }
4225
4327
  /**
4226
4328
  * Checks if a token is expired
@@ -4248,6 +4350,9 @@
4248
4350
  message: 'No authentication token available. Make sure to initialize the SDK first.'
4249
4351
  });
4250
4352
  }
4353
+ if (this.actionCenterTokenManager) {
4354
+ return await this.actionCenterTokenManager.refreshAccessToken(tokenInfo);
4355
+ }
4251
4356
  // For secret-based tokens, they never expire
4252
4357
  if (tokenInfo.type === 'secret') {
4253
4358
  return tokenInfo.token;
@@ -4392,9 +4497,6 @@
4392
4497
  clearToken() {
4393
4498
  this.currentToken = undefined;
4394
4499
  this.executionContext.set('tokenInfo', undefined);
4395
- const headers = this.executionContext.getHeaders();
4396
- delete headers['Authorization'];
4397
- this.executionContext.setHeaders(headers);
4398
4500
  // Remove from session storage if this is an OAuth token
4399
4501
  if (isBrowser && this.isOAuth) {
4400
4502
  try {
@@ -4410,10 +4512,6 @@
4410
4512
  */
4411
4513
  _updateExecutionContext(tokenInfo) {
4412
4514
  this.executionContext.set('tokenInfo', tokenInfo);
4413
- // Update authorization header
4414
- this.executionContext.setHeaders({
4415
- 'Authorization': `Bearer ${tokenInfo.token}`
4416
- });
4417
4515
  }
4418
4516
  /**
4419
4517
  * Refreshes the access token using the stored refresh token.
@@ -4617,8 +4715,15 @@
4617
4715
 
4618
4716
  class AuthService {
4619
4717
  constructor(config, executionContext) {
4620
- // Check if we should use stored OAuth context instead of provided config
4621
- const storedContext = AuthService.getStoredOAuthContext();
4718
+ // Only use stored OAuth context when completing an active callback (URL has ?code=).
4719
+ // If stored context exists but we're NOT in a callback, it's stale from a
4720
+ // failed/abandoned flow (e.g. scope mismatch, invalid redirect URI) and must
4721
+ // be cleared so the fresh config takes effect.
4722
+ const isCallback = AuthService.isInOAuthCallback();
4723
+ const storedContext = isCallback ? AuthService.getStoredOAuthContext() : null;
4724
+ if (!isCallback) {
4725
+ AuthService._clearStoredOAuthContext();
4726
+ }
4622
4727
  const effectiveConfig = storedContext ? AuthService._mergeConfigWithContext(config, storedContext) : config;
4623
4728
  this.config = effectiveConfig;
4624
4729
  const isOAuth = hasOAuthConfig(effectiveConfig);
@@ -4665,6 +4770,22 @@
4665
4770
  return null;
4666
4771
  }
4667
4772
  }
4773
+ /**
4774
+ * Clear stale OAuth context from session storage.
4775
+ * Called when there is no active OAuth callback, meaning any stored context
4776
+ * is left over from a failed or abandoned flow.
4777
+ */
4778
+ static _clearStoredOAuthContext() {
4779
+ if (!isBrowser)
4780
+ return;
4781
+ try {
4782
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.OAUTH_CONTEXT);
4783
+ sessionStorage.removeItem(AUTH_STORAGE_KEYS.CODE_VERIFIER);
4784
+ }
4785
+ catch {
4786
+ // Ignore storage errors
4787
+ }
4788
+ }
4668
4789
  /**
4669
4790
  * Merges provided config with stored OAuth context, prioritizing stored values
4670
4791
  */
@@ -4973,14 +5094,42 @@
4973
5094
  }
4974
5095
  }
4975
5096
 
5097
+ /**
5098
+ * Check if config has all required base fields
5099
+ */
5100
+ function hasRequiredBaseFields(config) {
5101
+ return Boolean(config.baseUrl && config.orgName && config.tenantName);
5102
+ }
5103
+ /**
5104
+ * Check if config has exactly one authentication method (secret XOR oauth)
5105
+ * Returns true if exactly one auth method is present, false otherwise
5106
+ */
5107
+ function hasValidAuthConfig(config) {
5108
+ const hasSecret = hasSecretConfig(config);
5109
+ const hasOAuth = hasOAuthConfig(config);
5110
+ // XOR: exactly one auth method, not both, not neither
5111
+ return hasSecret !== hasOAuth;
5112
+ }
4976
5113
  function validateConfig(config) {
4977
- if (!config.baseUrl || !config.orgName || !config.tenantName) {
5114
+ if (!hasRequiredBaseFields(config)) {
4978
5115
  throw new Error('Missing required configuration: baseUrl, orgName, and tenantName are required');
4979
5116
  }
4980
- if (!hasSecretConfig(config) && !hasOAuthConfig(config)) {
4981
- throw new Error('Invalid configuration: must provide either secret or (clientId, redirectUri, and scope)');
5117
+ const hasSecret = hasSecretConfig(config);
5118
+ const hasOAuth = hasOAuthConfig(config);
5119
+ if (hasSecret && hasOAuth) {
5120
+ throw new Error('Invalid configuration: cannot provide both secret and OAuth credentials. Choose one authentication method.');
5121
+ }
5122
+ if (!hasSecret && !hasOAuth) {
5123
+ throw new Error('Invalid configuration: must provide either secret or OAuth credentials (clientId, redirectUri, and scope)');
4982
5124
  }
4983
5125
  }
5126
+ /**
5127
+ * Check if partial config has all required fields for a complete SDK config
5128
+ * Requires base fields and exactly one authentication method (secret XOR oauth)
5129
+ */
5130
+ function isCompleteConfig(config) {
5131
+ return hasRequiredBaseFields(config) && hasValidAuthConfig(config);
5132
+ }
4984
5133
  function normalizeBaseUrl(url) {
4985
5134
  return url.endsWith('/') ? url.slice(0, -1) : url;
4986
5135
  }
@@ -8746,7 +8895,7 @@
8746
8895
  // Connection string placeholder that will be replaced during build
8747
8896
  const CONNECTION_STRING = "InstrumentationKey=a6efa11d-1feb-4508-9738-e13e12dcae5e;IngestionEndpoint=https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnostics.monitor.azure.com/;ApplicationId=7c58eb1c-9581-4ba6-839e-11725848a037";
8748
8897
  // SDK Version placeholder
8749
- const SDK_VERSION = "1.1.1";
8898
+ const SDK_VERSION = "1.1.2";
8750
8899
  const VERSION = "Version";
8751
8900
  const SERVICE = "Service";
8752
8901
  const CLOUD_ORGANIZATION_NAME = "CloudOrganizationName";
@@ -9075,19 +9224,71 @@
9075
9224
  }
9076
9225
  }
9077
9226
 
9078
- var _UiPath_config, _UiPath_authService, _UiPath_initialized;
9227
+ /**
9228
+ * UiPath meta tag names for runtime configuration.
9229
+ *
9230
+ * These meta tags are injected at deployment time by the Apps Service
9231
+ * to configure SDK authentication and asset resolution in production.
9232
+ */
9233
+ exports.UiPathMetaTags = void 0;
9234
+ (function (UiPathMetaTags) {
9235
+ // SDK/OAuth configuration
9236
+ UiPathMetaTags["CLIENT_ID"] = "uipath:client-id";
9237
+ UiPathMetaTags["SCOPE"] = "uipath:scope";
9238
+ UiPathMetaTags["ORG_NAME"] = "uipath:org-name";
9239
+ UiPathMetaTags["TENANT_NAME"] = "uipath:tenant-name";
9240
+ UiPathMetaTags["BASE_URL"] = "uipath:base-url";
9241
+ UiPathMetaTags["REDIRECT_URI"] = "uipath:redirect-uri";
9242
+ // Asset resolution and routing
9243
+ UiPathMetaTags["CDN_BASE"] = "uipath:cdn-base";
9244
+ UiPathMetaTags["APP_BASE"] = "uipath:app-base";
9245
+ })(exports.UiPathMetaTags || (exports.UiPathMetaTags = {}));
9246
+
9247
+ /**
9248
+ * Get the content of a meta tag by name.
9249
+ * Returns undefined if not in browser environment or meta tag is not found.
9250
+ */
9251
+ function getMetaTagContent(name) {
9252
+ if (!isBrowser)
9253
+ return undefined;
9254
+ return document.querySelector(`meta[name="${name}"]`)?.content;
9255
+ }
9256
+ /**
9257
+ * Load configuration from HTML meta tags injected at runtime.
9258
+ * These meta tags are injected by @uipath/coded-apps during build
9259
+ * or by the Apps service during deployment.
9260
+ *
9261
+ * Returns partial config with values found, or null if no meta tags present.
9262
+ */
9263
+ function loadFromMetaTags() {
9264
+ if (!isBrowser)
9265
+ return null;
9266
+ const config = {
9267
+ clientId: getMetaTagContent(exports.UiPathMetaTags.CLIENT_ID),
9268
+ scope: getMetaTagContent(exports.UiPathMetaTags.SCOPE),
9269
+ orgName: getMetaTagContent(exports.UiPathMetaTags.ORG_NAME),
9270
+ tenantName: getMetaTagContent(exports.UiPathMetaTags.TENANT_NAME),
9271
+ baseUrl: getMetaTagContent(exports.UiPathMetaTags.BASE_URL),
9272
+ redirectUri: getMetaTagContent(exports.UiPathMetaTags.REDIRECT_URI),
9273
+ };
9274
+ const hasAnyValue = Object.values(config).some(Boolean);
9275
+ return hasAnyValue ? config : null;
9276
+ }
9277
+
9278
+ var _UiPath_instances, _UiPath_config, _UiPath_authService, _UiPath_initialized, _UiPath_partialConfig, _UiPath_initializeWithConfig, _UiPath_loadConfig;
9079
9279
  /**
9080
9280
  * UiPath - Core SDK class for authentication and configuration management.
9081
9281
  *
9082
9282
  * Handles authentication, configuration, and provides access to SDK internals
9083
9283
  * for service instantiation in the modular pattern.
9084
9284
  *
9285
+ * Supports two usage patterns:
9286
+ * 1. Full config in constructor — for server-side or explicit configuration
9287
+ * 2. No config / partial config — loads from meta tags injected by @uipath/coded-apps plugin
9288
+ *
9085
9289
  * @example
9086
9290
  * ```typescript
9087
- * // Modular pattern
9088
- * import { UiPath } from '@uipath/uipath-typescript/core';
9089
- * import { Entities } from '@uipath/uipath-typescript/entities';
9090
- *
9291
+ * // Explicit config
9091
9292
  * const sdk = new UiPath({
9092
9293
  * baseUrl: 'https://cloud.uipath.com',
9093
9294
  * orgName: 'myorg',
@@ -9096,70 +9297,47 @@
9096
9297
  * redirectUri: 'http://localhost:3000/callback',
9097
9298
  * scope: 'OR.Users OR.Robots'
9098
9299
  * });
9099
- *
9100
9300
  * await sdk.initialize();
9301
+ * ```
9101
9302
  *
9102
- * const entitiesService = new Entities(sdk);
9103
- * const allEntities = await entitiesService.getAll();
9303
+ * @example
9304
+ * ```typescript
9305
+ * // Auto-load from meta tags (coded apps)
9306
+ * const sdk = new UiPath();
9307
+ * await sdk.initialize();
9104
9308
  * ```
9105
9309
  */
9106
9310
  let UiPath$1 = class UiPath {
9107
9311
  constructor(config) {
9312
+ _UiPath_instances.add(this);
9108
9313
  // Private fields - true runtime privacy, not visible via Object.keys()
9109
9314
  _UiPath_config.set(this, void 0);
9110
9315
  _UiPath_authService.set(this, void 0);
9111
9316
  _UiPath_initialized.set(this, false);
9112
- // Validate and normalize the configuration
9113
- validateConfig(config);
9114
- const hasSecretAuth = hasSecretConfig(config);
9115
- const hasOAuthAuth = hasOAuthConfig(config);
9116
- // Initialize core components
9117
- const internalConfig = new UiPathConfig({
9118
- baseUrl: normalizeBaseUrl(config.baseUrl),
9119
- orgName: config.orgName,
9120
- tenantName: config.tenantName,
9121
- secret: hasSecretAuth ? config.secret : undefined,
9122
- clientId: hasOAuthAuth ? config.clientId : undefined,
9123
- redirectUri: hasOAuthAuth ? config.redirectUri : undefined,
9124
- scope: hasOAuthAuth ? config.scope : undefined
9125
- });
9126
- const executionContext = new ExecutionContext();
9127
- __classPrivateFieldSet(this, _UiPath_authService, new AuthService(internalConfig, executionContext), "f");
9128
- __classPrivateFieldSet(this, _UiPath_config, internalConfig, "f");
9129
- // Store internals in SDKInternalsRegistry (not visible on instance)
9130
- SDKInternalsRegistry.set(this, {
9131
- config: internalConfig,
9132
- context: executionContext,
9133
- tokenManager: __classPrivateFieldGet(this, _UiPath_authService, "f").getTokenManager()
9134
- });
9135
- // Expose read-only config for user convenience
9136
- this.config = {
9137
- baseUrl: internalConfig.baseUrl,
9138
- orgName: internalConfig.orgName,
9139
- tenantName: internalConfig.tenantName
9140
- };
9141
- // Initialize telemetry with SDK configuration
9142
- telemetryClient.initialize({
9143
- baseUrl: config.baseUrl,
9144
- orgName: config.orgName,
9145
- tenantName: config.tenantName,
9146
- clientId: hasOAuthAuth ? config.clientId : undefined,
9147
- redirectUri: hasOAuthAuth ? config.redirectUri : undefined
9148
- });
9149
- // Track SDK initialization
9150
- trackEvent('Sdk.Auth');
9151
- // Auto-initialize for secret-based auth
9152
- if (hasSecretAuth) {
9153
- __classPrivateFieldGet(this, _UiPath_authService, "f").authenticateWithSecret(config.secret);
9154
- __classPrivateFieldSet(this, _UiPath_initialized, true, "f");
9317
+ _UiPath_partialConfig.set(this, void 0);
9318
+ // Load configuration from meta tags
9319
+ const configFromMetaTags = loadFromMetaTags();
9320
+ // Merge configuration: constructor config overrides meta tags
9321
+ const mergedConfig = config ? { ...configFromMetaTags, ...config } : configFromMetaTags;
9322
+ if (mergedConfig && isCompleteConfig(mergedConfig)) {
9323
+ __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_initializeWithConfig).call(this, mergedConfig);
9324
+ }
9325
+ else if (config) {
9326
+ __classPrivateFieldSet(this, _UiPath_partialConfig, config, "f");
9155
9327
  }
9156
9328
  }
9157
9329
  /**
9158
9330
  * Initialize the SDK based on the provided configuration.
9159
9331
  * This method handles both OAuth flow initiation and completion automatically.
9160
9332
  * For secret-based authentication, initialization is automatic and this returns immediately.
9333
+ * If no config was provided in constructor, loads from meta tags.
9161
9334
  */
9162
9335
  async initialize() {
9336
+ // Load config from meta tags if not provided in constructor
9337
+ if (!__classPrivateFieldGet(this, _UiPath_config, "f")) {
9338
+ const loadedConfig = __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_loadConfig).call(this);
9339
+ __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_initializeWithConfig).call(this, loadedConfig);
9340
+ }
9163
9341
  // For secret-based auth, it's already initialized in constructor
9164
9342
  if (hasSecretConfig(__classPrivateFieldGet(this, _UiPath_config, "f"))) {
9165
9343
  return;
@@ -9206,6 +9384,11 @@
9206
9384
  if (!AuthService.isInOAuthCallback()) {
9207
9385
  throw new Error('Not in OAuth callback state. Call initialize() first to start OAuth flow.');
9208
9386
  }
9387
+ // Load config if not yet initialized
9388
+ if (!__classPrivateFieldGet(this, _UiPath_config, "f")) {
9389
+ const loadedConfig = __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_loadConfig).call(this);
9390
+ __classPrivateFieldGet(this, _UiPath_instances, "m", _UiPath_initializeWithConfig).call(this, loadedConfig);
9391
+ }
9209
9392
  try {
9210
9393
  const success = await __classPrivateFieldGet(this, _UiPath_authService, "f").authenticate(__classPrivateFieldGet(this, _UiPath_config, "f"));
9211
9394
  if (success && this.isAuthenticated()) {
@@ -9223,13 +9406,13 @@
9223
9406
  * Check if the user is authenticated (has valid token)
9224
9407
  */
9225
9408
  isAuthenticated() {
9226
- return __classPrivateFieldGet(this, _UiPath_authService, "f").hasValidToken();
9409
+ return __classPrivateFieldGet(this, _UiPath_authService, "f")?.hasValidToken() ?? false;
9227
9410
  }
9228
9411
  /**
9229
9412
  * Get the current authentication token
9230
9413
  */
9231
9414
  getToken() {
9232
- return __classPrivateFieldGet(this, _UiPath_authService, "f").getToken();
9415
+ return __classPrivateFieldGet(this, _UiPath_authService, "f")?.getToken();
9233
9416
  }
9234
9417
  /**
9235
9418
  * Logout from the SDK, clearing all authentication state.
@@ -9237,14 +9420,71 @@
9237
9420
  */
9238
9421
  logout() {
9239
9422
  // Secret-based auth has no session to end — skip silently
9240
- if (hasSecretConfig(__classPrivateFieldGet(this, _UiPath_config, "f"))) {
9423
+ if (__classPrivateFieldGet(this, _UiPath_config, "f") && hasSecretConfig(__classPrivateFieldGet(this, _UiPath_config, "f"))) {
9241
9424
  return;
9242
9425
  }
9243
- __classPrivateFieldGet(this, _UiPath_authService, "f").logout();
9426
+ __classPrivateFieldGet(this, _UiPath_authService, "f")?.logout();
9244
9427
  __classPrivateFieldSet(this, _UiPath_initialized, false, "f");
9245
9428
  }
9246
9429
  };
9247
- _UiPath_config = new WeakMap(), _UiPath_authService = new WeakMap(), _UiPath_initialized = new WeakMap();
9430
+ _UiPath_config = new WeakMap(), _UiPath_authService = new WeakMap(), _UiPath_initialized = new WeakMap(), _UiPath_partialConfig = new WeakMap(), _UiPath_instances = new WeakSet(), _UiPath_initializeWithConfig = function _UiPath_initializeWithConfig(config) {
9431
+ // Validate and normalize the configuration
9432
+ validateConfig(config);
9433
+ const hasSecretAuth = hasSecretConfig(config);
9434
+ const hasOAuthAuth = hasOAuthConfig(config);
9435
+ // Initialize core components
9436
+ const internalConfig = new UiPathConfig({
9437
+ baseUrl: normalizeBaseUrl(config.baseUrl),
9438
+ orgName: config.orgName,
9439
+ tenantName: config.tenantName,
9440
+ secret: hasSecretAuth ? config.secret : undefined,
9441
+ clientId: hasOAuthAuth ? config.clientId : undefined,
9442
+ redirectUri: hasOAuthAuth ? config.redirectUri : undefined,
9443
+ scope: hasOAuthAuth ? config.scope : undefined
9444
+ });
9445
+ const executionContext = new ExecutionContext();
9446
+ __classPrivateFieldSet(this, _UiPath_authService, new AuthService(internalConfig, executionContext), "f");
9447
+ __classPrivateFieldSet(this, _UiPath_config, internalConfig, "f");
9448
+ // Store internals in SDKInternalsRegistry (not visible on instance)
9449
+ SDKInternalsRegistry.set(this, {
9450
+ config: internalConfig,
9451
+ context: executionContext,
9452
+ tokenManager: __classPrivateFieldGet(this, _UiPath_authService, "f").getTokenManager()
9453
+ });
9454
+ // Expose read-only config for user convenience
9455
+ this.config = {
9456
+ baseUrl: internalConfig.baseUrl,
9457
+ orgName: internalConfig.orgName,
9458
+ tenantName: internalConfig.tenantName
9459
+ };
9460
+ // Initialize telemetry with SDK configuration
9461
+ telemetryClient.initialize({
9462
+ baseUrl: config.baseUrl,
9463
+ orgName: config.orgName,
9464
+ tenantName: config.tenantName,
9465
+ clientId: hasOAuthAuth ? config.clientId : undefined,
9466
+ redirectUri: hasOAuthAuth ? config.redirectUri : undefined
9467
+ });
9468
+ // Track SDK initialization
9469
+ trackEvent('Sdk.Auth');
9470
+ /** Auto-initialize for secret-based auth
9471
+ * When viewed in Action Center, initialize tokenInfo with empty token. When an sdk call is made Action Center passes the token to sdk.
9472
+ */
9473
+ if (hasSecretAuth || isInActionCenter) {
9474
+ __classPrivateFieldGet(this, _UiPath_authService, "f").authenticateWithSecret(config.secret ?? '');
9475
+ __classPrivateFieldSet(this, _UiPath_initialized, true, "f");
9476
+ }
9477
+ }, _UiPath_loadConfig = function _UiPath_loadConfig() {
9478
+ // Load from meta tags
9479
+ const metaConfig = loadFromMetaTags();
9480
+ // Merge with any partial config from constructor (constructor overrides meta tags)
9481
+ const merged = { ...metaConfig, ...__classPrivateFieldGet(this, _UiPath_partialConfig, "f") };
9482
+ if (!isCompleteConfig(merged)) {
9483
+ throw new Error('UiPath SDK configuration not found. ' +
9484
+ 'Ensure @uipath/coded-apps plugin is set up in your bundler to inject configuration during development and build.');
9485
+ }
9486
+ return merged;
9487
+ };
9248
9488
 
9249
9489
  /**
9250
9490
  * Type guards for error response types
@@ -9523,15 +9763,6 @@
9523
9763
  async getDefaultHeaders() {
9524
9764
  // Get headers from execution context first
9525
9765
  const contextHeaders = this.executionContext.getHeaders();
9526
- // If Authorization header is already set in context, use that
9527
- if (contextHeaders['Authorization']) {
9528
- return {
9529
- ...contextHeaders,
9530
- 'Content-Type': CONTENT_TYPES.JSON,
9531
- ...this.defaultHeaders,
9532
- ...this.clientConfig.headers
9533
- };
9534
- }
9535
9766
  const token = await this.getValidToken();
9536
9767
  return {
9537
9768
  ...contextHeaders,
@@ -14875,6 +15106,81 @@
14875
15106
  ...CommonFieldMap
14876
15107
  };
14877
15108
 
15109
+ /**
15110
+ * Asset resolution utilities for UiPath Coded Apps
15111
+ *
15112
+ * These helpers enable developers to write code that works identically
15113
+ * in local development and production environments.
15114
+ *
15115
+ * Values are read from meta tags injected at deployment:
15116
+ * - <meta name="uipath:cdn-base" content="https://cdn.example.com/appId/folder">
15117
+ * - <meta name="uipath:app-base" content="/org/apps_/.../public">
15118
+ */
15119
+ /**
15120
+ * Resolves an asset path to the CDN URL (if available)
15121
+ *
15122
+ * In local development: returns path as-is (loads from local dev server)
15123
+ * In production: prepends CDN base URL from meta tag
15124
+ *
15125
+ * @param path - The asset path (e.g., './assets/logo.png' or '/assets/logo.png')
15126
+ * @returns The resolved asset URL
15127
+ *
15128
+ * @example
15129
+ * ```tsx
15130
+ * import { getAsset } from '@uipath/uipath-typescript';
15131
+ * import logoPath from './assets/logo.png';
15132
+ *
15133
+ * function MyComponent() {
15134
+ * return <img src={getAsset(logoPath)} alt="Logo" />;
15135
+ * }
15136
+ * ```
15137
+ */
15138
+ function getAsset(path) {
15139
+ // If path is already an absolute URL, return as-is
15140
+ if (path.startsWith('http://') || path.startsWith('https://')) {
15141
+ return path;
15142
+ }
15143
+ const cdnBase = getMetaTagContent(exports.UiPathMetaTags.CDN_BASE);
15144
+ if (!cdnBase)
15145
+ return path;
15146
+ // Normalize CDN base URL to remove trailing slash
15147
+ const normalizedCdnBase = normalizeBaseUrl(cdnBase);
15148
+ // Normalize path to ensure it starts with /
15149
+ let normalizedPath = path;
15150
+ if (normalizedPath.startsWith('./')) {
15151
+ normalizedPath = normalizedPath.substring(1); // ./assets -> /assets
15152
+ }
15153
+ else if (!normalizedPath.startsWith('/')) {
15154
+ normalizedPath = '/' + normalizedPath; // assets -> /assets
15155
+ }
15156
+ return normalizedCdnBase + normalizedPath;
15157
+ }
15158
+ /**
15159
+ * Returns the app base path for router configuration
15160
+ *
15161
+ * In local development: returns '/'
15162
+ * In production: returns the deployed app path from meta tag
15163
+ *
15164
+ * @returns The app base path
15165
+ *
15166
+ * @example
15167
+ * ```tsx
15168
+ * import { getAppBase } from '@uipath/uipath-typescript';
15169
+ * import { BrowserRouter } from 'react-router-dom';
15170
+ *
15171
+ * function App() {
15172
+ * return (
15173
+ * <BrowserRouter basename={getAppBase()}>
15174
+ * {/* routes *\/}
15175
+ * </BrowserRouter>
15176
+ * );
15177
+ * }
15178
+ * ```
15179
+ */
15180
+ function getAppBase() {
15181
+ return getMetaTagContent(exports.UiPathMetaTags.APP_BASE) || '/';
15182
+ }
15183
+
14878
15184
  exports.APP_NAME = APP_NAME;
14879
15185
  exports.AgentMap = AgentMap;
14880
15186
  exports.AuthenticationError = AuthenticationError;
@@ -14917,6 +15223,8 @@
14917
15223
  exports.createProcessInstanceWithMethods = createProcessInstanceWithMethods;
14918
15224
  exports.createProcessWithMethods = createProcessWithMethods;
14919
15225
  exports.createTaskWithMethods = createTaskWithMethods;
15226
+ exports.getAppBase = getAppBase;
15227
+ exports.getAsset = getAsset;
14920
15228
  exports.getErrorDetails = getErrorDetails;
14921
15229
  exports.getLimitedPageSize = getLimitedPageSize;
14922
15230
  exports.isAuthenticationError = isAuthenticationError;
@@ -14927,6 +15235,7 @@
14927
15235
  exports.isServerError = isServerError;
14928
15236
  exports.isUiPathError = isUiPathError;
14929
15237
  exports.isValidationError = isValidationError;
15238
+ exports.loadFromMetaTags = loadFromMetaTags;
14930
15239
  exports.telemetryClient = telemetryClient;
14931
15240
  exports.track = track;
14932
15241
  exports.trackEvent = trackEvent;
@@ -549,15 +549,6 @@ class ApiClient {
549
549
  async getDefaultHeaders() {
550
550
  // Get headers from execution context first
551
551
  const contextHeaders = this.executionContext.getHeaders();
552
- // If Authorization header is already set in context, use that
553
- if (contextHeaders['Authorization']) {
554
- return {
555
- ...contextHeaders,
556
- 'Content-Type': CONTENT_TYPES.JSON,
557
- ...this.defaultHeaders,
558
- ...this.clientConfig.headers
559
- };
560
- }
561
552
  const token = await this.getValidToken();
562
553
  return {
563
554
  ...contextHeaders,
@@ -684,6 +675,7 @@ function filterUndefined(obj) {
684
675
  * Checks if code is running in a browser environment
685
676
  */
686
677
  const isBrowser = typeof window !== 'undefined' && typeof window.document !== 'undefined';
678
+ isBrowser && window.self != window.top && window.location.href.includes('source=ActionCenter');
687
679
 
688
680
  /**
689
681
  * Base64 encoding/decoding
@@ -1734,7 +1726,7 @@ class BpmnHelpers {
1734
1726
  // Connection string placeholder that will be replaced during build
1735
1727
  const CONNECTION_STRING = "InstrumentationKey=a6efa11d-1feb-4508-9738-e13e12dcae5e;IngestionEndpoint=https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnostics.monitor.azure.com/;ApplicationId=7c58eb1c-9581-4ba6-839e-11725848a037";
1736
1728
  // SDK Version placeholder
1737
- const SDK_VERSION = "1.1.1";
1729
+ const SDK_VERSION = "1.1.2";
1738
1730
  const VERSION = "Version";
1739
1731
  const SERVICE = "Service";
1740
1732
  const CLOUD_ORGANIZATION_NAME = "CloudOrganizationName";