@zapier/zapier-sdk-cli 0.50.0 → 0.51.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/README.md +26 -25
  3. package/dist/cli.cjs +32 -9
  4. package/dist/cli.mjs +32 -9
  5. package/dist/experimental.cjs +31 -8
  6. package/dist/experimental.mjs +31 -8
  7. package/dist/index.cjs +32 -9
  8. package/dist/index.mjs +32 -9
  9. package/dist/package.json +2 -1
  10. package/dist/src/plugins/login/index.d.ts +1 -0
  11. package/dist/src/plugins/login/index.js +9 -2
  12. package/dist/src/plugins/login/schemas.d.ts +1 -0
  13. package/dist/src/plugins/login/schemas.js +4 -0
  14. package/dist/src/utils/auth/client-credentials.d.ts +11 -1
  15. package/dist/src/utils/auth/client-credentials.js +18 -4
  16. package/dist/tsconfig.tsbuildinfo +1 -1
  17. package/package.json +4 -3
package/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # @zapier/zapier-sdk-cli
2
2
 
3
+ ## 0.51.0
4
+
5
+ ### Minor Changes
6
+
7
+ - d2aa0e9: Allow opting into approvals during login
8
+
9
+ ### Patch Changes
10
+
11
+ - Updated dependencies [d2aa0e9]
12
+ - @zapier/zapier-sdk@0.56.0
13
+ - @zapier/zapier-sdk-mcp@0.13.8
14
+
3
15
  ## 0.50.0
4
16
 
5
17
  ### Minor Changes
package/README.md CHANGED
@@ -134,27 +134,27 @@ npx zapier-sdk fetch "https://gmail.googleapis.com/gmail/v1/users/me/labels" --c
134
134
 
135
135
  These options are available for all commands:
136
136
 
137
- | Option | Short | Description |
138
- | -------------------------------------- | ----- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
139
- | `--version` | `-V` | Display version number |
140
- | `--help` | `-h` | Display help for command |
141
- | `--credentials <token>` | | Authentication token. |
142
- | `--credentials-client-id <id>` | | OAuth client ID for authentication. |
143
- | `--credentials-client-secret <secret>` | | OAuth client secret for authentication. |
144
- | `--credentials-base-url <url>` | | Override authentication base URL. |
145
- | `--debug` | | Enable debug logging. |
146
- | `--base-url <url>` | | Base URL for Zapier API endpoints. |
147
- | `--tracking-base-url <url>` | | Base URL for Zapier tracking endpoints. |
148
- | `--max-network-retries <count>` | | Max retries for rate-limited requests (default: 3). |
149
- | `--max-network-retry-delay-ms <ms>` | | Max delay in ms to wait for retry (default: 60000). |
150
- | `--max-concurrent-requests <count>` | | Max concurrent in-flight HTTP requests (default: 200, max: 10000). |
151
- | `--approval-timeout-ms <ms>` | | Timeout in ms for approval polling. Default: 600000 (10 min). |
152
- | `--max-approval-retries` | | Maximum number of sequential approval rounds per request (one per gating policy) before giving up. Default: 2. |
153
- | `--approval-mode` | | Approval flow behavior. "disabled" (default) throws a ZapierApprovalError on approval-required responses without creating an approval. "poll" creates the approval, opens it in a browser, polls until resolved, and retries the original request. "throw" creates the approval and throws a ZapierApprovalError with the approval URL so the caller can surface it. Defaults to the ZAPIER_APPROVAL_MODE env var, then "disabled". |
154
- | `--can-include-shared-connections` | | Allow listing shared connections. |
155
- | `--can-include-shared-tables` | | Allow listing shared tables. |
156
- | `--can-delete-tables` | | Allow deleting tables. |
157
- | `--json` | | Output raw JSON instead of formatted results |
137
+ | Option | Short | Description |
138
+ | -------------------------------------- | ----- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
139
+ | `--version` | `-V` | Display version number |
140
+ | `--help` | `-h` | Display help for command |
141
+ | `--credentials <token>` | | Authentication token. |
142
+ | `--credentials-client-id <id>` | | OAuth client ID for authentication. |
143
+ | `--credentials-client-secret <secret>` | | OAuth client secret for authentication. |
144
+ | `--credentials-base-url <url>` | | Override authentication base URL. |
145
+ | `--debug` | | Enable debug logging. |
146
+ | `--base-url <url>` | | Base URL for Zapier API endpoints. |
147
+ | `--tracking-base-url <url>` | | Base URL for Zapier tracking endpoints. |
148
+ | `--max-network-retries <count>` | | Max retries for rate-limited requests (default: 3). |
149
+ | `--max-network-retry-delay-ms <ms>` | | Max delay in ms to wait for retry (default: 60000). |
150
+ | `--max-concurrent-requests <count>` | | Max concurrent in-flight HTTP requests (default: 200, max: 10000). |
151
+ | `--approval-timeout-ms <ms>` | | Timeout in ms for approval polling. Default: 600000 (10 min). |
152
+ | `--max-approval-retries` | | Maximum number of sequential approval rounds per request (one per gating policy) before giving up. Default: 2. |
153
+ | `--approval-mode` | | Approval flow behavior. "poll" creates the approval, opens it in a browser, polls until resolved, and retries the original request. "throw" creates the approval and throws a ZapierApprovalError with the approval URL so the caller can surface it. "disabled" throws a ZapierApprovalError on approval-required responses without creating an approval. Resolution order is: explicit option, then ZAPIER_APPROVAL_MODE, then the default behavior (poll for interactive TTY, throw otherwise). |
154
+ | `--can-include-shared-connections` | | Allow listing shared connections. |
155
+ | `--can-include-shared-tables` | | Allow listing shared tables. |
156
+ | `--can-delete-tables` | | Allow deleting tables. |
157
+ | `--json` | | Output raw JSON instead of formatted results |
158
158
 
159
159
  ## Available Commands
160
160
 
@@ -178,14 +178,15 @@ Log in to Zapier to access your account
178
178
 
179
179
  **Options:**
180
180
 
181
- | Option | Type | Required | Default | Possible Values | Description |
182
- | ----------- | -------- | -------- | ------- | --------------- | --------------------------------------- |
183
- | `--timeout` | `string` | ❌ | — | — | Login timeout in seconds (default: 300) |
181
+ | Option | Type | Required | Default | Possible Values | Description |
182
+ | ----------------- | --------- | -------- | ------- | --------------- | -------------------------------------------------------------- |
183
+ | `--timeout` | `string` | ❌ | — | — | Login timeout in seconds (default: 300) |
184
+ | `--use-approvals` | `boolean` | ❌ | — | — | Require approvals for actions performed with these credentials |
184
185
 
185
186
  **Usage:**
186
187
 
187
188
  ```bash
188
- npx zapier-sdk login [--timeout]
189
+ npx zapier-sdk login [--timeout] [--use-approvals]
189
190
  ```
190
191
 
191
192
  #### `logout`
package/dist/cli.cjs CHANGED
@@ -1572,7 +1572,7 @@ var SHARED_COMMAND_CLI_OPTIONS = [
1572
1572
 
1573
1573
  // package.json
1574
1574
  var package_default = {
1575
- version: "0.50.0"};
1575
+ version: "0.51.0"};
1576
1576
 
1577
1577
  // src/telemetry/builders.ts
1578
1578
  function createCliBaseEvent(context = {}) {
@@ -3804,10 +3804,18 @@ async function runOauthFlow({
3804
3804
 
3805
3805
  // src/utils/auth/client-credentials.ts
3806
3806
  var CREDENTIALS_SCOPES = ["external", "credentials"];
3807
- async function createCredentialsOnServer(api2, name) {
3807
+ var EMPTY_POLICY = {
3808
+ version: 2,
3809
+ statements: []
3810
+ };
3811
+ async function createCredentialsOnServer(api2, name, policy) {
3808
3812
  const response = await api2.post(
3809
3813
  "/api/v0/client-credentials",
3810
- { name, allowed_scopes: CREDENTIALS_SCOPES },
3814
+ {
3815
+ name,
3816
+ allowed_scopes: CREDENTIALS_SCOPES,
3817
+ ...policy !== void 0 && { policy }
3818
+ },
3811
3819
  { authRequired: true, requiredScopes: ["credentials"] }
3812
3820
  );
3813
3821
  return {
@@ -3824,9 +3832,14 @@ async function deleteCredentialsOnServer(api2, clientId) {
3824
3832
  async function setupClientCredentials({
3825
3833
  api: api2,
3826
3834
  name,
3827
- credentialsBaseUrl: credentialsBaseUrl2
3835
+ credentialsBaseUrl: credentialsBaseUrl2,
3836
+ policy
3828
3837
  }) {
3829
- const { clientId, clientSecret } = await createCredentialsOnServer(api2, name);
3838
+ const { clientId, clientSecret } = await createCredentialsOnServer(
3839
+ api2,
3840
+ name,
3841
+ policy
3842
+ );
3830
3843
  try {
3831
3844
  await withRetry({
3832
3845
  action: () => storeClientCredentials({
@@ -3868,7 +3881,10 @@ async function resolveCredentialsBaseUrl(context) {
3868
3881
  return getBaseUrlFromResolvedCredentials(resolvedCredentials) ?? getBaseUrlFromOptionsCredentials(context.options?.credentials) ?? context.options?.baseUrl;
3869
3882
  }
3870
3883
  var LoginSchema = zod.z.object({
3871
- timeout: zod.z.string().optional().describe("Login timeout in seconds (default: 300)")
3884
+ timeout: zod.z.string().optional().describe("Login timeout in seconds (default: 300)"),
3885
+ useApprovals: zod.z.boolean().optional().describe(
3886
+ "Require approvals for actions performed with these credentials"
3887
+ )
3872
3888
  }).describe("Log in to Zapier to access your account");
3873
3889
 
3874
3890
  // src/plugins/login/index.ts
@@ -3962,7 +3978,9 @@ function emitLoginSuccess({
3962
3978
  sdk.context.eventEmission.emit(
3963
3979
  "platform.sdk.ApplicationLifecycleEvent",
3964
3980
  zapierSdk.buildApplicationLifecycleEvent(
3965
- { lifecycle_event_type: "login_success" },
3981
+ {
3982
+ lifecycle_event_type: "login_success"
3983
+ },
3966
3984
  {
3967
3985
  customuser_id: profile.user_id,
3968
3986
  account_id: profile.roles[0]?.account_id ?? null
@@ -4034,15 +4052,20 @@ var loginPlugin = zapierSdk.definePlugin(
4034
4052
  profile.email,
4035
4053
  credentialsBaseUrl2
4036
4054
  );
4055
+ const useApprovals = options.useApprovals === true;
4037
4056
  await setupClientCredentials({
4038
4057
  api: scopedApi,
4039
4058
  name: credentialName,
4040
- credentialsBaseUrl: credentialsBaseUrl2
4059
+ credentialsBaseUrl: credentialsBaseUrl2,
4060
+ ...useApprovals && { policy: EMPTY_POLICY }
4041
4061
  });
4042
4062
  await bestEffortClearLegacyJwtState();
4043
4063
  console.log(
4044
4064
  `\u2705 Credentials "${credentialName}" created and set as default. You are ready to use the Zapier SDK.`
4045
4065
  );
4066
+ if (useApprovals) {
4067
+ console.log("\u{1F510} Approvals are enabled for these credentials.");
4068
+ }
4046
4069
  emitLoginSuccess({ sdk: sdk2, profile });
4047
4070
  }
4048
4071
  })
@@ -6603,7 +6626,7 @@ var watchTriggerInboxCliPlugin = zapierSdk.definePlugin(
6603
6626
  // package.json with { type: 'json' }
6604
6627
  var package_default2 = {
6605
6628
  name: "@zapier/zapier-sdk-cli",
6606
- version: "0.50.0"};
6629
+ version: "0.51.0"};
6607
6630
 
6608
6631
  // src/sdk.ts
6609
6632
  zapierSdk.injectCliLogin(login_exports);
package/dist/cli.mjs CHANGED
@@ -1530,7 +1530,7 @@ var SHARED_COMMAND_CLI_OPTIONS = [
1530
1530
 
1531
1531
  // package.json
1532
1532
  var package_default = {
1533
- version: "0.50.0"};
1533
+ version: "0.51.0"};
1534
1534
 
1535
1535
  // src/telemetry/builders.ts
1536
1536
  function createCliBaseEvent(context = {}) {
@@ -3762,10 +3762,18 @@ async function runOauthFlow({
3762
3762
 
3763
3763
  // src/utils/auth/client-credentials.ts
3764
3764
  var CREDENTIALS_SCOPES = ["external", "credentials"];
3765
- async function createCredentialsOnServer(api2, name) {
3765
+ var EMPTY_POLICY = {
3766
+ version: 2,
3767
+ statements: []
3768
+ };
3769
+ async function createCredentialsOnServer(api2, name, policy) {
3766
3770
  const response = await api2.post(
3767
3771
  "/api/v0/client-credentials",
3768
- { name, allowed_scopes: CREDENTIALS_SCOPES },
3772
+ {
3773
+ name,
3774
+ allowed_scopes: CREDENTIALS_SCOPES,
3775
+ ...policy !== void 0 && { policy }
3776
+ },
3769
3777
  { authRequired: true, requiredScopes: ["credentials"] }
3770
3778
  );
3771
3779
  return {
@@ -3782,9 +3790,14 @@ async function deleteCredentialsOnServer(api2, clientId) {
3782
3790
  async function setupClientCredentials({
3783
3791
  api: api2,
3784
3792
  name,
3785
- credentialsBaseUrl: credentialsBaseUrl2
3793
+ credentialsBaseUrl: credentialsBaseUrl2,
3794
+ policy
3786
3795
  }) {
3787
- const { clientId, clientSecret } = await createCredentialsOnServer(api2, name);
3796
+ const { clientId, clientSecret } = await createCredentialsOnServer(
3797
+ api2,
3798
+ name,
3799
+ policy
3800
+ );
3788
3801
  try {
3789
3802
  await withRetry({
3790
3803
  action: () => storeClientCredentials({
@@ -3826,7 +3839,10 @@ async function resolveCredentialsBaseUrl(context) {
3826
3839
  return getBaseUrlFromResolvedCredentials(resolvedCredentials) ?? getBaseUrlFromOptionsCredentials(context.options?.credentials) ?? context.options?.baseUrl;
3827
3840
  }
3828
3841
  var LoginSchema = z.object({
3829
- timeout: z.string().optional().describe("Login timeout in seconds (default: 300)")
3842
+ timeout: z.string().optional().describe("Login timeout in seconds (default: 300)"),
3843
+ useApprovals: z.boolean().optional().describe(
3844
+ "Require approvals for actions performed with these credentials"
3845
+ )
3830
3846
  }).describe("Log in to Zapier to access your account");
3831
3847
 
3832
3848
  // src/plugins/login/index.ts
@@ -3920,7 +3936,9 @@ function emitLoginSuccess({
3920
3936
  sdk.context.eventEmission.emit(
3921
3937
  "platform.sdk.ApplicationLifecycleEvent",
3922
3938
  buildApplicationLifecycleEvent(
3923
- { lifecycle_event_type: "login_success" },
3939
+ {
3940
+ lifecycle_event_type: "login_success"
3941
+ },
3924
3942
  {
3925
3943
  customuser_id: profile.user_id,
3926
3944
  account_id: profile.roles[0]?.account_id ?? null
@@ -3992,15 +4010,20 @@ var loginPlugin = definePlugin(
3992
4010
  profile.email,
3993
4011
  credentialsBaseUrl2
3994
4012
  );
4013
+ const useApprovals = options.useApprovals === true;
3995
4014
  await setupClientCredentials({
3996
4015
  api: scopedApi,
3997
4016
  name: credentialName,
3998
- credentialsBaseUrl: credentialsBaseUrl2
4017
+ credentialsBaseUrl: credentialsBaseUrl2,
4018
+ ...useApprovals && { policy: EMPTY_POLICY }
3999
4019
  });
4000
4020
  await bestEffortClearLegacyJwtState();
4001
4021
  console.log(
4002
4022
  `\u2705 Credentials "${credentialName}" created and set as default. You are ready to use the Zapier SDK.`
4003
4023
  );
4024
+ if (useApprovals) {
4025
+ console.log("\u{1F510} Approvals are enabled for these credentials.");
4026
+ }
4004
4027
  emitLoginSuccess({ sdk: sdk2, profile });
4005
4028
  }
4006
4029
  })
@@ -6561,7 +6584,7 @@ var watchTriggerInboxCliPlugin = definePlugin(
6561
6584
  // package.json with { type: 'json' }
6562
6585
  var package_default2 = {
6563
6586
  name: "@zapier/zapier-sdk-cli",
6564
- version: "0.50.0"};
6587
+ version: "0.51.0"};
6565
6588
 
6566
6589
  // src/sdk.ts
6567
6590
  injectCliLogin(login_exports);
package/dist/experimental.cjs CHANGED
@@ -1181,10 +1181,18 @@ async function runOauthFlow({
1181
1181
 
1182
1182
  // src/utils/auth/client-credentials.ts
1183
1183
  var CREDENTIALS_SCOPES = ["external", "credentials"];
1184
- async function createCredentialsOnServer(api2, name) {
1184
+ var EMPTY_POLICY = {
1185
+ version: 2,
1186
+ statements: []
1187
+ };
1188
+ async function createCredentialsOnServer(api2, name, policy) {
1185
1189
  const response = await api2.post(
1186
1190
  "/api/v0/client-credentials",
1187
- { name, allowed_scopes: CREDENTIALS_SCOPES },
1191
+ {
1192
+ name,
1193
+ allowed_scopes: CREDENTIALS_SCOPES,
1194
+ ...policy !== void 0 && { policy }
1195
+ },
1188
1196
  { authRequired: true, requiredScopes: ["credentials"] }
1189
1197
  );
1190
1198
  return {
@@ -1201,9 +1209,14 @@ async function deleteCredentialsOnServer(api2, clientId) {
1201
1209
  async function setupClientCredentials({
1202
1210
  api: api2,
1203
1211
  name,
1204
- credentialsBaseUrl
1212
+ credentialsBaseUrl,
1213
+ policy
1205
1214
  }) {
1206
- const { clientId, clientSecret } = await createCredentialsOnServer(api2, name);
1215
+ const { clientId, clientSecret } = await createCredentialsOnServer(
1216
+ api2,
1217
+ name,
1218
+ policy
1219
+ );
1207
1220
  try {
1208
1221
  await withRetry({
1209
1222
  action: () => storeClientCredentials({
@@ -1245,7 +1258,10 @@ async function resolveCredentialsBaseUrl(context) {
1245
1258
  return getBaseUrlFromResolvedCredentials(resolvedCredentials) ?? getBaseUrlFromOptionsCredentials(context.options?.credentials) ?? context.options?.baseUrl;
1246
1259
  }
1247
1260
  var LoginSchema = zod.z.object({
1248
- timeout: zod.z.string().optional().describe("Login timeout in seconds (default: 300)")
1261
+ timeout: zod.z.string().optional().describe("Login timeout in seconds (default: 300)"),
1262
+ useApprovals: zod.z.boolean().optional().describe(
1263
+ "Require approvals for actions performed with these credentials"
1264
+ )
1249
1265
  }).describe("Log in to Zapier to access your account");
1250
1266
 
1251
1267
  // src/plugins/login/index.ts
@@ -1339,7 +1355,9 @@ function emitLoginSuccess({
1339
1355
  sdk.context.eventEmission.emit(
1340
1356
  "platform.sdk.ApplicationLifecycleEvent",
1341
1357
  zapierSdk.buildApplicationLifecycleEvent(
1342
- { lifecycle_event_type: "login_success" },
1358
+ {
1359
+ lifecycle_event_type: "login_success"
1360
+ },
1343
1361
  {
1344
1362
  customuser_id: profile.user_id,
1345
1363
  account_id: profile.roles[0]?.account_id ?? null
@@ -1411,15 +1429,20 @@ var loginPlugin = zapierSdk.definePlugin(
1411
1429
  profile.email,
1412
1430
  credentialsBaseUrl
1413
1431
  );
1432
+ const useApprovals = options.useApprovals === true;
1414
1433
  await setupClientCredentials({
1415
1434
  api: scopedApi,
1416
1435
  name: credentialName,
1417
- credentialsBaseUrl
1436
+ credentialsBaseUrl,
1437
+ ...useApprovals && { policy: EMPTY_POLICY }
1418
1438
  });
1419
1439
  await bestEffortClearLegacyJwtState();
1420
1440
  console.log(
1421
1441
  `\u2705 Credentials "${credentialName}" created and set as default. You are ready to use the Zapier SDK.`
1422
1442
  );
1443
+ if (useApprovals) {
1444
+ console.log("\u{1F510} Approvals are enabled for these credentials.");
1445
+ }
1423
1446
  emitLoginSuccess({ sdk: sdk2, profile });
1424
1447
  }
1425
1448
  })
@@ -3963,7 +3986,7 @@ var watchTriggerInboxCliPlugin = zapierSdk.definePlugin(
3963
3986
  // package.json with { type: 'json' }
3964
3987
  var package_default = {
3965
3988
  name: "@zapier/zapier-sdk-cli",
3966
- version: "0.50.0"};
3989
+ version: "0.51.0"};
3967
3990
 
3968
3991
  // src/experimental.ts
3969
3992
  experimental.injectCliLogin(login_exports);
package/dist/experimental.mjs CHANGED
@@ -1145,10 +1145,18 @@ async function runOauthFlow({
1145
1145
 
1146
1146
  // src/utils/auth/client-credentials.ts
1147
1147
  var CREDENTIALS_SCOPES = ["external", "credentials"];
1148
- async function createCredentialsOnServer(api2, name) {
1148
+ var EMPTY_POLICY = {
1149
+ version: 2,
1150
+ statements: []
1151
+ };
1152
+ async function createCredentialsOnServer(api2, name, policy) {
1149
1153
  const response = await api2.post(
1150
1154
  "/api/v0/client-credentials",
1151
- { name, allowed_scopes: CREDENTIALS_SCOPES },
1155
+ {
1156
+ name,
1157
+ allowed_scopes: CREDENTIALS_SCOPES,
1158
+ ...policy !== void 0 && { policy }
1159
+ },
1152
1160
  { authRequired: true, requiredScopes: ["credentials"] }
1153
1161
  );
1154
1162
  return {
@@ -1165,9 +1173,14 @@ async function deleteCredentialsOnServer(api2, clientId) {
1165
1173
  async function setupClientCredentials({
1166
1174
  api: api2,
1167
1175
  name,
1168
- credentialsBaseUrl
1176
+ credentialsBaseUrl,
1177
+ policy
1169
1178
  }) {
1170
- const { clientId, clientSecret } = await createCredentialsOnServer(api2, name);
1179
+ const { clientId, clientSecret } = await createCredentialsOnServer(
1180
+ api2,
1181
+ name,
1182
+ policy
1183
+ );
1171
1184
  try {
1172
1185
  await withRetry({
1173
1186
  action: () => storeClientCredentials({
@@ -1209,7 +1222,10 @@ async function resolveCredentialsBaseUrl(context) {
1209
1222
  return getBaseUrlFromResolvedCredentials(resolvedCredentials) ?? getBaseUrlFromOptionsCredentials(context.options?.credentials) ?? context.options?.baseUrl;
1210
1223
  }
1211
1224
  var LoginSchema = z.object({
1212
- timeout: z.string().optional().describe("Login timeout in seconds (default: 300)")
1225
+ timeout: z.string().optional().describe("Login timeout in seconds (default: 300)"),
1226
+ useApprovals: z.boolean().optional().describe(
1227
+ "Require approvals for actions performed with these credentials"
1228
+ )
1213
1229
  }).describe("Log in to Zapier to access your account");
1214
1230
 
1215
1231
  // src/plugins/login/index.ts
@@ -1303,7 +1319,9 @@ function emitLoginSuccess({
1303
1319
  sdk.context.eventEmission.emit(
1304
1320
  "platform.sdk.ApplicationLifecycleEvent",
1305
1321
  buildApplicationLifecycleEvent(
1306
- { lifecycle_event_type: "login_success" },
1322
+ {
1323
+ lifecycle_event_type: "login_success"
1324
+ },
1307
1325
  {
1308
1326
  customuser_id: profile.user_id,
1309
1327
  account_id: profile.roles[0]?.account_id ?? null
@@ -1375,15 +1393,20 @@ var loginPlugin = definePlugin(
1375
1393
  profile.email,
1376
1394
  credentialsBaseUrl
1377
1395
  );
1396
+ const useApprovals = options.useApprovals === true;
1378
1397
  await setupClientCredentials({
1379
1398
  api: scopedApi,
1380
1399
  name: credentialName,
1381
- credentialsBaseUrl
1400
+ credentialsBaseUrl,
1401
+ ...useApprovals && { policy: EMPTY_POLICY }
1382
1402
  });
1383
1403
  await bestEffortClearLegacyJwtState();
1384
1404
  console.log(
1385
1405
  `\u2705 Credentials "${credentialName}" created and set as default. You are ready to use the Zapier SDK.`
1386
1406
  );
1407
+ if (useApprovals) {
1408
+ console.log("\u{1F510} Approvals are enabled for these credentials.");
1409
+ }
1387
1410
  emitLoginSuccess({ sdk: sdk2, profile });
1388
1411
  }
1389
1412
  })
@@ -3927,7 +3950,7 @@ var watchTriggerInboxCliPlugin = definePlugin(
3927
3950
  // package.json with { type: 'json' }
3928
3951
  var package_default = {
3929
3952
  name: "@zapier/zapier-sdk-cli",
3930
- version: "0.50.0"};
3953
+ version: "0.51.0"};
3931
3954
 
3932
3955
  // src/experimental.ts
3933
3956
  injectCliLogin(login_exports);
package/dist/index.cjs CHANGED
@@ -1180,10 +1180,18 @@ async function runOauthFlow({
1180
1180
 
1181
1181
  // src/utils/auth/client-credentials.ts
1182
1182
  var CREDENTIALS_SCOPES = ["external", "credentials"];
1183
- async function createCredentialsOnServer(api2, name) {
1183
+ var EMPTY_POLICY = {
1184
+ version: 2,
1185
+ statements: []
1186
+ };
1187
+ async function createCredentialsOnServer(api2, name, policy) {
1184
1188
  const response = await api2.post(
1185
1189
  "/api/v0/client-credentials",
1186
- { name, allowed_scopes: CREDENTIALS_SCOPES },
1190
+ {
1191
+ name,
1192
+ allowed_scopes: CREDENTIALS_SCOPES,
1193
+ ...policy !== void 0 && { policy }
1194
+ },
1187
1195
  { authRequired: true, requiredScopes: ["credentials"] }
1188
1196
  );
1189
1197
  return {
@@ -1200,9 +1208,14 @@ async function deleteCredentialsOnServer(api2, clientId) {
1200
1208
  async function setupClientCredentials({
1201
1209
  api: api2,
1202
1210
  name,
1203
- credentialsBaseUrl
1211
+ credentialsBaseUrl,
1212
+ policy
1204
1213
  }) {
1205
- const { clientId, clientSecret } = await createCredentialsOnServer(api2, name);
1214
+ const { clientId, clientSecret } = await createCredentialsOnServer(
1215
+ api2,
1216
+ name,
1217
+ policy
1218
+ );
1206
1219
  try {
1207
1220
  await withRetry({
1208
1221
  action: () => storeClientCredentials({
@@ -1244,7 +1257,10 @@ async function resolveCredentialsBaseUrl(context) {
1244
1257
  return getBaseUrlFromResolvedCredentials(resolvedCredentials) ?? getBaseUrlFromOptionsCredentials(context.options?.credentials) ?? context.options?.baseUrl;
1245
1258
  }
1246
1259
  var LoginSchema = zod.z.object({
1247
- timeout: zod.z.string().optional().describe("Login timeout in seconds (default: 300)")
1260
+ timeout: zod.z.string().optional().describe("Login timeout in seconds (default: 300)"),
1261
+ useApprovals: zod.z.boolean().optional().describe(
1262
+ "Require approvals for actions performed with these credentials"
1263
+ )
1248
1264
  }).describe("Log in to Zapier to access your account");
1249
1265
 
1250
1266
  // src/plugins/login/index.ts
@@ -1338,7 +1354,9 @@ function emitLoginSuccess({
1338
1354
  sdk.context.eventEmission.emit(
1339
1355
  "platform.sdk.ApplicationLifecycleEvent",
1340
1356
  zapierSdk.buildApplicationLifecycleEvent(
1341
- { lifecycle_event_type: "login_success" },
1357
+ {
1358
+ lifecycle_event_type: "login_success"
1359
+ },
1342
1360
  {
1343
1361
  customuser_id: profile.user_id,
1344
1362
  account_id: profile.roles[0]?.account_id ?? null
@@ -1410,15 +1428,20 @@ var loginPlugin = zapierSdk.definePlugin(
1410
1428
  profile.email,
1411
1429
  credentialsBaseUrl
1412
1430
  );
1431
+ const useApprovals = options.useApprovals === true;
1413
1432
  await setupClientCredentials({
1414
1433
  api: scopedApi,
1415
1434
  name: credentialName,
1416
- credentialsBaseUrl
1435
+ credentialsBaseUrl,
1436
+ ...useApprovals && { policy: EMPTY_POLICY }
1417
1437
  });
1418
1438
  await bestEffortClearLegacyJwtState();
1419
1439
  console.log(
1420
1440
  `\u2705 Credentials "${credentialName}" created and set as default. You are ready to use the Zapier SDK.`
1421
1441
  );
1442
+ if (useApprovals) {
1443
+ console.log("\u{1F510} Approvals are enabled for these credentials.");
1444
+ }
1422
1445
  emitLoginSuccess({ sdk: sdk2, profile });
1423
1446
  }
1424
1447
  })
@@ -3962,7 +3985,7 @@ zapierSdk.definePlugin(
3962
3985
  // package.json with { type: 'json' }
3963
3986
  var package_default = {
3964
3987
  name: "@zapier/zapier-sdk-cli",
3965
- version: "0.50.0"};
3988
+ version: "0.51.0"};
3966
3989
 
3967
3990
  // src/sdk.ts
3968
3991
  zapierSdk.injectCliLogin(login_exports);
@@ -3990,7 +4013,7 @@ function createZapierCliSdk(options = {}) {
3990
4013
 
3991
4014
  // package.json
3992
4015
  var package_default2 = {
3993
- version: "0.50.0"};
4016
+ version: "0.51.0"};
3994
4017
 
3995
4018
  // src/telemetry/builders.ts
3996
4019
  function createCliBaseEvent(context = {}) {