@zapier/zapier-sdk-cli 0.52.10 → 0.53.0

package/dist/src/utils/auth/oauth-flow.d.ts

@@ -1,12 +1,37 @@
 import { type PkceCredentials } from "../../login";
-export interface OauthTokens {
-    accessToken: string;
-    refreshToken: string;
-    expiresIn: number;
-}
+import { buildBrowserAuthUrl, OAUTH_LOOPBACK_HOST, type OauthTokens } from "./oauth-transaction";
+export { buildBrowserAuthUrl, OAUTH_LOOPBACK_HOST };
+export type { OauthFlowEntryPoint, OauthTokens } from "./oauth-transaction";
+export type OauthFlowProgressEvent = {
+    type: "browser_opening";
+    url: string;
+} | {
+    type: "browser_opened";
+    url: string;
+} | {
+    type: "browser_open_failed";
+    url: string;
+    reason: string;
+} | {
+    type: "callback_waiting";
+} | {
+    type: "callback_accepted";
+} | {
+    type: "token_exchange_started";
+} | {
+    type: "token_exchange_completed";
+};
 export interface RunOauthFlowOptions {
     timeoutMs?: number;
     pkceCredentials?: PkceCredentials;
     baseUrl?: string;
+    silent?: boolean;
+    onProgress?: (event: OauthFlowProgressEvent) => void;
+    recoveryMessage?: string;
+}
+interface RunSignupOauthFlowOptions extends RunOauthFlowOptions {
+    headless?: boolean;
+    interactive?: boolean;
 }
-export declare function runOauthFlow({ timeoutMs, pkceCredentials, baseUrl, }: RunOauthFlowOptions): Promise<OauthTokens>;
+export declare function runLoginOauthFlow(options: RunOauthFlowOptions): Promise<OauthTokens>;
+export declare function runSignupOauthFlow(options: RunSignupOauthFlowOptions): Promise<OauthTokens>;

package/dist/src/utils/auth/oauth-flow.js

@@ -1,90 +1,223 @@
-import open from "open";
-import crypto from "node:crypto";
 import express from "express";
-import pkceChallenge from "pkce-challenge";
-import { AUTH_MODE_HEADER, LOGIN_PORTS, LOGIN_TIMEOUT_MS } from "../constants";
-import { spinPromise } from "../spinner";
-import log from "../log";
-import api from "../api/client";
+import { createInterface } from "node:readline/promises";
+import open from "open";
+import { LOGIN_PORTS, LOGIN_TIMEOUT_MS } from "../constants";
+import { ZapierCliUserCancellationError, ZapierCliValidationError, } from "../errors";
 import getCallablePromise from "../getCallablePromise";
-import { getPkceLoginConfig } from "../../login";
-import { ZapierCliUserCancellationError } from "../errors";
-const findAvailablePort = () => {
+import log from "../log";
+import { spinPromise } from "../spinner";
+import { getCallbackCode } from "./oauth-callback";
+import { buildBrowserAuthUrl, exchangeOauthCode, OAUTH_LOOPBACK_HOST, prepareOauthTransaction, } from "./oauth-transaction";
+export { buildBrowserAuthUrl, OAUTH_LOOPBACK_HOST };
+class OauthFlowTimeoutError extends Error {
+    constructor(timeoutMs) {
+        super("OAuth flow timed out");
+        this.timeoutMs = timeoutMs;
+        this.name = "OauthFlowTimeoutError";
+    }
+}
+class OauthAuthorizationDeniedError extends Error {
+    constructor(reason) {
+        super("OAuth authorization denied");
+        this.reason = reason;
+        this.name = "OauthAuthorizationDeniedError";
+    }
+}
+function findAvailablePort() {
     return new Promise((resolve, reject) => {
         let portIndex = 0;
         const tryPort = (port) => {
-            const server = express().listen(port, () => {
+            const server = express().listen(port, OAUTH_LOOPBACK_HOST, () => {
                 server.close();
                 resolve(port);
             });
             server.on("error", (err) => {
-                if (err.code === "EADDRINUSE") {
-                    if (portIndex < LOGIN_PORTS.length) {
-                        tryPort(LOGIN_PORTS[portIndex++]);
-                    }
-                    else {
-                        reject(new Error(`All configured OAuth callback ports are busy: ${LOGIN_PORTS.join(", ")}. Please try again later or close applications using these ports.`));
-                    }
+                if (err.code === "EADDRINUSE" && portIndex < LOGIN_PORTS.length) {
+                    tryPort(LOGIN_PORTS[portIndex++]);
+                }
+                else if (err.code === "EADDRINUSE") {
+                    reject(new Error(`All configured OAuth callback ports are busy: ${LOGIN_PORTS.join(", ")}. Please try again later or close applications using these ports.`));
                 }
                 else {
                     reject(err);
                 }
             });
         };
-        if (LOGIN_PORTS.length > 0) {
+        if (LOGIN_PORTS.length > 0)
             tryPort(LOGIN_PORTS[portIndex++]);
-        }
-        else {
+        else
             reject(new Error("No OAuth callback ports configured"));
+    });
+}
+export async function runLoginOauthFlow(options) {
+    return runOauthFlowEntryPoint({
+        ...options,
+        entryPoint: "login",
+        authAction: "log in",
+        flowName: "Login",
+    });
+}
+export async function runSignupOauthFlow(options) {
+    if (options.headless) {
+        return runOauthFlowEntryPoint({
+            ...options,
+            entryPoint: "signup",
+            authAction: "sign up",
+            flowName: "Signup",
+            headless: true,
+        });
+    }
+    return runOauthFlowEntryPoint({
+        ...options,
+        entryPoint: "signup",
+        authAction: "sign up",
+        flowName: "Signup",
+    });
+}
+async function runOauthFlowEntryPoint({ flowName, ...options }) {
+    try {
+        return options.headless
+            ? await runHeadlessSignupOauthFlow(options)
+            : await runOauthFlow(options);
+    }
+    catch (error) {
+        if (error instanceof OauthFlowTimeoutError) {
+            throw new Error(withRecoveryMessage(`${flowName} timed out after ${Math.round(error.timeoutMs / 1000)} seconds.`, options.recoveryMessage));
         }
+        if (error instanceof OauthAuthorizationDeniedError) {
+            throw new Error(withRecoveryMessage(`Authorization denied: ${error.reason}.`, options.recoveryMessage));
+        }
+        if (error instanceof ZapierCliUserCancellationError && !options.silent) {
+            log.info(`\n❌ ${flowName} cancelled by user`);
+        }
+        throw error;
+    }
+}
+function withRecoveryMessage(message, recoveryMessage) {
+    return recoveryMessage ? `${message} ${recoveryMessage}` : message;
+}
+async function runOauthFlow({ timeoutMs = LOGIN_TIMEOUT_MS, pkceCredentials, baseUrl, entryPoint, authAction, silent = false, onProgress, }) {
+    const port = await findAvailablePort();
+    if (!silent)
+        log.info(`Using port ${port} for OAuth callback`);
+    const transaction = await prepareOauthTransaction({
+        pkceCredentials,
+        baseUrl,
+        redirectUri: `http://${OAUTH_LOOPBACK_HOST}:${port}/oauth`,
+        entryPoint,
+    });
+    const code = await collectLocalCallbackCode({
+        transaction,
+        timeoutMs,
+        authAction,
+        silent,
+        onProgress,
     });
-};
-const generateRandomString = () => {
-    const array = new Uint32Array(28);
-    crypto.getRandomValues(array);
-    return Array.from(array, (dec) => ("0" + dec.toString(16)).slice(-2)).join("");
-};
-function ensureOfflineAccess(scope) {
-    if (scope.includes("offline_access")) {
-        return scope;
+    onProgress?.({ type: "callback_accepted" });
+    if (!silent)
+        log.info("Exchanging authorization code for tokens...");
+    onProgress?.({ type: "token_exchange_started" });
+    const tokens = await exchangeOauthCode({ ...transaction, code });
+    if (!silent)
+        log.info("Token exchange completed successfully");
+    onProgress?.({ type: "token_exchange_completed" });
+    return tokens;
+}
+async function readHeadlessCallbackUrl({ timeoutMs, interactive, recoveryMessage, }) {
+    const timeoutMessage = withRecoveryMessage(`Signup timed out after ${Math.round(timeoutMs / 1000)} seconds.`, recoveryMessage);
+    const missingCallbackUrlMessage = withRecoveryMessage("Paste the final OAuth callback URL from your browser.", recoveryMessage);
+    // Keep TTY echo enabled for paste feedback; the PKCE code is single-use, verifier-protected, and exchanged immediately.
+    const rl = createInterface({ input: process.stdin, output: process.stderr });
+    const abortController = new AbortController();
+    const timeoutTimer = setTimeout(() => abortController.abort(), timeoutMs);
+    const readUrl = interactive
+        ? rl.question("Paste the final OAuth callback URL: ", {
+            signal: abortController.signal,
+        })
+        : new Promise((resolve, reject) => {
+            let settled = false;
+            const settleResolve = (value) => {
+                settled = true;
+                resolve(value);
+            };
+            const settleReject = (error) => {
+                if (settled)
+                    return;
+                settled = true;
+                reject(error);
+            };
+            abortController.signal.addEventListener("abort", () => settleReject(new Error(timeoutMessage)), { once: true });
+            rl.once("line", settleResolve);
+            rl.once("close", () => settleReject(new ZapierCliValidationError(missingCallbackUrlMessage)));
+            rl.once("error", settleReject);
+        });
+    try {
+        return await readUrl.catch((error) => {
+            if (error instanceof Error && error.name === "AbortError") {
+                throw new Error(timeoutMessage);
+            }
+            throw error;
+        });
+    }
+    finally {
+        clearTimeout(timeoutTimer);
+        rl.close();
     }
-    return `${scope} offline_access`;
 }
-// Does not persist anything — caller decides what to do with the tokens.
-export async function runOauthFlow({ timeoutMs = LOGIN_TIMEOUT_MS, pkceCredentials, baseUrl, }) {
-    const { clientId, tokenUrl, authorizeUrl } = getPkceLoginConfig({
-        credentials: pkceCredentials,
+async function runHeadlessSignupOauthFlow({ timeoutMs = LOGIN_TIMEOUT_MS, pkceCredentials, baseUrl, interactive = true, onProgress, recoveryMessage, }) {
+    const port = LOGIN_PORTS[0];
+    if (port === undefined) {
+        throw new Error("No OAuth callback ports configured");
+    }
+    const transaction = await prepareOauthTransaction({
+        pkceCredentials,
         baseUrl,
+        redirectUri: `http://${OAUTH_LOOPBACK_HOST}:${port}/oauth`,
+        entryPoint: "signup",
+    });
+    console.log("Use this mode when signing up from a machine that has no browser.");
+    console.log("Open this signup URL in a browser on another machine:");
+    console.log(transaction.browserAuthUrl);
+    console.log(`When the browser lands on ${transaction.redirectUri} and cannot connect, paste the full final URL back here.`);
+    const callbackUrl = await readHeadlessCallbackUrl({
+        timeoutMs,
+        interactive,
+        recoveryMessage,
     });
-    const scope = ensureOfflineAccess(pkceCredentials?.scope || "internal credentials");
-    const availablePort = await findAvailablePort();
-    const redirectUri = `http://localhost:${availablePort}/oauth`;
-    log.info(`Using port ${availablePort} for OAuth callback`);
-    const { promise: promisedCode, resolve: setCode, reject: rejectCode, } = getCallablePromise();
-    const oauthState = generateRandomString();
-    const expressApp = express();
-    expressApp.get("/oauth", (req, res) => {
+    const code = getCallbackCode({
+        callbackUrl,
+        transaction,
+        recoveryMessage,
+    });
+    onProgress?.({ type: "callback_accepted" });
+    console.log("Exchanging authorization code for tokens...");
+    onProgress?.({ type: "token_exchange_started" });
+    const tokens = await exchangeOauthCode({ ...transaction, code });
+    onProgress?.({ type: "token_exchange_completed" });
+    return tokens;
+}
+async function collectLocalCallbackCode({ transaction, timeoutMs, authAction, silent, onProgress, }) {
+    const { promise, resolve, reject } = getCallablePromise();
+    const app = express();
+    app.get("/oauth", (req, res) => {
         res.setHeader("Connection", "close");
-        if (req.query.state !== oauthState) {
-            rejectCode(new Error("OAuth state mismatch — possible CSRF"));
+        if (req.query.state !== transaction.state) {
             res.status(400).end("Invalid state. You can close this tab.");
-            return;
         }
-        if (req.query.error) {
-            const desc = req.query.error_description ?? req.query.error;
-            rejectCode(new Error(`Authorization denied: ${desc}`));
+        else if (req.query.error) {
+            reject(new OauthAuthorizationDeniedError(String(req.query.error_description ?? req.query.error)));
             res.end("Authorization was denied. You can close this tab.");
-            return;
         }
-        if (!req.query.code) {
-            rejectCode(new Error("No authorization code received"));
+        else if (!req.query.code) {
+            reject(new Error("No authorization code received"));
             res.end("No authorization code received. You can close this tab.");
-            return;
         }
-        setCode(String(req.query.code));
-        res.end("You can now close this tab and return to the CLI.");
+        else {
+            resolve(String(req.query.code));
+            res.end("You can now close this tab and return to the CLI.");
+        }
     });
-    const server = expressApp.listen(availablePort);
+    const server = app.listen(Number(new URL(transaction.redirectUri).port), OAUTH_LOOPBACK_HOST);
     const connections = new Set();
     server.on("connection", (conn) => {
         connections.add(conn);
@@ -92,70 +225,89 @@ export async function runOauthFlow({ timeoutMs = LOGIN_TIMEOUT_MS, pkceCredentia
     });
     const cleanup = () => {
         server.close();
-        log.info("\n❌ Login cancelled by user");
-        rejectCode(new ZapierCliUserCancellationError());
+        reject(new ZapierCliUserCancellationError());
     };
     process.on("SIGINT", cleanup);
     process.on("SIGTERM", cleanup);
-    const { code_verifier: codeVerifier, code_challenge: codeChallenge } = await pkceChallenge();
-    const authUrl = `${authorizeUrl}?${new URLSearchParams({
-        response_type: "code",
-        client_id: clientId,
-        redirect_uri: redirectUri,
-        scope,
-        state: oauthState,
-        code_challenge: codeChallenge,
-        code_challenge_method: "S256",
-    }).toString()}`;
-    log.info("Opening your browser to log in.");
-    log.info("If it doesn't open, visit:", authUrl);
-    open(authUrl);
     let timeoutTimer;
     try {
-        await spinPromise(Promise.race([
-            promisedCode,
-            new Promise((_resolve, reject) => {
+        await waitForServerListening(server);
+        await openBrowser({ transaction, authAction, silent, onProgress });
+        const waitForCode = Promise.race([
+            promise,
+            new Promise((_resolve, rejectTimeout) => {
                 timeoutTimer = setTimeout(() => {
-                    reject(new Error(`Login timed out after ${Math.round(timeoutMs / 1000)} seconds.`));
+                    rejectTimeout(new OauthFlowTimeoutError(timeoutMs));
                 }, timeoutMs);
             }),
-        ]), "Waiting for you to login and authorize");
+        ]);
+        onProgress?.({ type: "callback_waiting" });
+        return silent
+            ? await waitForCode
+            : await spinPromise(waitForCode, `Waiting for you to ${authAction} and authorize`);
     }
     finally {
-        if (timeoutTimer) {
+        if (timeoutTimer)
             clearTimeout(timeoutTimer);
-        }
         process.off("SIGINT", cleanup);
         process.off("SIGTERM", cleanup);
-        await new Promise((resolve) => {
-            const timeout = setTimeout(() => {
-                log.info("Server close timed out, forcing connection shutdown...");
-                connections.forEach((conn) => conn.destroy());
-                resolve();
-            }, 1000);
-            server.close(() => {
-                clearTimeout(timeout);
-                resolve();
-            });
+        await closeServer({ server, connections, silent });
+    }
+}
+async function waitForServerListening(server) {
+    if (server.listening)
+        return;
+    await new Promise((resolve, reject) => {
+        const cleanup = () => {
+            server.off("listening", handleListening);
+            server.off("error", handleError);
+        };
+        const handleListening = () => {
+            cleanup();
+            resolve();
+        };
+        const handleError = (error) => {
+            cleanup();
+            reject(error);
+        };
+        server.once("listening", handleListening);
+        server.once("error", handleError);
+    });
+}
+async function openBrowser({ transaction, authAction, silent, onProgress, }) {
+    if (!silent) {
+        log.info(`Opening your browser to ${authAction}.`);
+        log.info("If it doesn't open, visit:", transaction.browserAuthUrl);
+    }
+    onProgress?.({ type: "browser_opening", url: transaction.browserAuthUrl });
+    try {
+        await open(transaction.browserAuthUrl);
+        onProgress?.({ type: "browser_opened", url: transaction.browserAuthUrl });
+    }
+    catch (err) {
+        const reason = err instanceof Error ? err.message : String(err);
+        if (!silent) {
+            log.info(`Browser did not open automatically to ${authAction}: ${reason}`);
+            log.info("Visit this URL manually:", transaction.browserAuthUrl);
+        }
+        onProgress?.({
+            type: "browser_open_failed",
+            url: transaction.browserAuthUrl,
+            reason,
         });
     }
-    log.info("Exchanging authorization code for tokens...");
-    const { data } = await api.post(tokenUrl, {
-        grant_type: "authorization_code",
-        code: await promisedCode,
-        redirect_uri: redirectUri,
-        client_id: clientId,
-        code_verifier: codeVerifier,
-    }, {
-        headers: {
-            [AUTH_MODE_HEADER]: "no",
-            "Content-Type": "application/x-www-form-urlencoded",
-        },
+}
+async function closeServer({ server, connections, silent, }) {
+    await new Promise((resolve) => {
+        const timeout = setTimeout(() => {
+            if (!silent)
+                log.info("Server close timed out, forcing connection shutdown...");
+            connections.forEach((conn) => conn.destroy());
+            resolve();
+        }, 1000);
+        server.close(() => {
+            clearTimeout(timeout);
+            resolve();
+        });
     });
-    log.info("Token exchange completed successfully");
-    return {
-        accessToken: data.access_token,
-        refreshToken: data.refresh_token,
-        expiresIn: data.expires_in,
-    };
 }

package/dist/src/utils/auth/oauth-transaction.d.ts

@@ -0,0 +1,35 @@
+import { type PkceCredentials } from "../../login";
+export declare const OAUTH_LOOPBACK_HOST = "localhost";
+export interface OauthTokens {
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+}
+export type OauthFlowEntryPoint = "login" | "signup";
+interface PrepareOauthTransactionOptions {
+    pkceCredentials?: PkceCredentials;
+    baseUrl?: string;
+    redirectUri: string;
+    entryPoint?: OauthFlowEntryPoint;
+}
+export interface OauthTransaction {
+    browserAuthUrl: string;
+    clientId: string;
+    codeVerifier: string;
+    redirectUri: string;
+    state: string;
+    tokenUrl: string;
+}
+export declare function buildBrowserAuthUrl({ authorizeUrl, entryPoint, }: {
+    authorizeUrl: string;
+    entryPoint?: OauthFlowEntryPoint;
+}): string;
+export declare function prepareOauthTransaction({ pkceCredentials, baseUrl, redirectUri, entryPoint, }: PrepareOauthTransactionOptions): Promise<OauthTransaction>;
+export declare function exchangeOauthCode({ tokenUrl, code, redirectUri, clientId, codeVerifier, }: {
+    tokenUrl: string;
+    code: string;
+    redirectUri: string;
+    clientId: string;
+    codeVerifier: string;
+}): Promise<OauthTokens>;
+export {};

package/dist/src/utils/auth/oauth-transaction.js

@@ -0,0 +1,69 @@
+import crypto from "node:crypto";
+import pkceChallenge from "pkce-challenge";
+import { AUTH_MODE_HEADER } from "../constants";
+import api from "../api/client";
+import { getPkceLoginConfig } from "../../login";
+export const OAUTH_LOOPBACK_HOST = "localhost";
+export function buildBrowserAuthUrl({ authorizeUrl, entryPoint = "login", }) {
+    if (entryPoint === "login")
+        return authorizeUrl;
+    const parsedAuthorizeUrl = new URL(authorizeUrl);
+    const signupUrl = new URL("/sign-up", parsedAuthorizeUrl);
+    signupUrl.searchParams.set("skipOnboarding", "true");
+    signupUrl.searchParams.set("next", `${parsedAuthorizeUrl.pathname}${parsedAuthorizeUrl.search}`);
+    return signupUrl.toString();
+}
+function generateRandomString() {
+    const array = new Uint32Array(28);
+    crypto.getRandomValues(array);
+    return Array.from(array, (dec) => ("0" + dec.toString(16)).slice(-2)).join("");
+}
+function ensureOfflineAccess(scope) {
+    if (scope.includes("offline_access"))
+        return scope;
+    return `${scope} offline_access`;
+}
+export async function prepareOauthTransaction({ pkceCredentials, baseUrl, redirectUri, entryPoint = "login", }) {
+    const { clientId, tokenUrl, authorizeUrl } = getPkceLoginConfig({
+        credentials: pkceCredentials,
+        baseUrl,
+    });
+    const { code_verifier: codeVerifier, code_challenge: codeChallenge } = await pkceChallenge();
+    const state = generateRandomString();
+    const authUrl = `${authorizeUrl}?${new URLSearchParams({
+        response_type: "code",
+        client_id: clientId,
+        redirect_uri: redirectUri,
+        scope: ensureOfflineAccess(pkceCredentials?.scope || "internal credentials"),
+        state,
+        code_challenge: codeChallenge,
+        code_challenge_method: "S256",
+    }).toString()}`;
+    return {
+        browserAuthUrl: buildBrowserAuthUrl({ authorizeUrl: authUrl, entryPoint }),
+        clientId,
+        codeVerifier,
+        redirectUri,
+        state,
+        tokenUrl,
+    };
+}
+export async function exchangeOauthCode({ tokenUrl, code, redirectUri, clientId, codeVerifier, }) {
+    const { data } = await api.post(tokenUrl, {
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: redirectUri,
+        client_id: clientId,
+        code_verifier: codeVerifier,
+    }, {
+        headers: {
+            [AUTH_MODE_HEADER]: "no",
+            "Content-Type": "application/x-www-form-urlencoded",
+        },
+    });
+    return {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token,
+        expiresIn: data.expires_in,
+    };
+}

package/dist/src/utils/cli-generator.js

@@ -472,14 +472,20 @@ function createCommandConfig(cliCommandName, functionInfo, sdk) {
         const startTime = Date.now();
         let success = true;
         let errorMessage = null;
-        let resolvedParams = {};
+        // `resolvedParams` is populated below either by `resolveParameters` or
+        // by copying `rawParams`. The renderer captures this object by
+        // reference and reads from it inside formatter callbacks, so we
+        // mutate it in place (via `Object.assign`) once params are resolved
+        // rather than reassigning the binding, which would leave the
+        // renderer holding the empty initial object.
+        const resolvedParams = {};
         // The last argument is always the command object with parsed options
         const commandObj = args[args.length - 1];
         const options = commandObj.opts();
         // interactiveMode is true by default; --json disables it
         const interactiveMode = !options.json;
         const renderer = interactiveMode
-            ? createInteractiveRenderer()
+            ? createInteractiveRenderer({ sdk, params: resolvedParams })
             : createJsonRenderer();
         try {
             emitDeprecationWarning({
@@ -509,15 +515,16 @@ function createCommandConfig(cliCommandName, functionInfo, sdk) {
             }
             if (schema && !usesInputParameters) {
                 const resolver = new SchemaParameterResolver();
-                resolvedParams = (await resolver.resolveParameters(schema, rawParams, sdk, functionInfo.name, {
+                const resolved = (await resolver.resolveParameters(schema, rawParams, sdk, functionInfo.name, {
                     interactiveMode,
                     debug: !!options.debug ||
                         process.env.DEBUG === "true" ||
                         process.argv.includes("--debug"),
                 }));
+                Object.assign(resolvedParams, resolved);
             }
             else {
-                resolvedParams = rawParams;
+                Object.assign(resolvedParams, rawParams);
             }
             const confirm = functionInfo.confirm;
             let confirmMessageAfter;
@@ -543,7 +550,7 @@ function createCommandConfig(cliCommandName, functionInfo, sdk) {
                         sdkResult,
                         maxItems,
                     });
-                    renderer.renderCollectedList(allItems, {
+                    await renderer.renderCollectedList(allItems, {
                         maxItems,
                         userSpecifiedMaxItems: hasUserSpecifiedMaxItems,
                         functionInfo,
@@ -575,7 +582,7 @@ function createCommandConfig(cliCommandName, functionInfo, sdk) {
                         await renderer.renderResponse(normalizedResult.value);
                     }
                     else if (normalizedResult.kind === "list") {
-                        renderer.renderCollectedList(normalizedResult.data, {
+                        await renderer.renderCollectedList(normalizedResult.data, {
                             maxItems: resolvedParams.maxItems,
                             userSpecifiedMaxItems: hasUserSpecifiedMaxItems,
                             functionInfo,
@@ -635,7 +642,7 @@ function createCommandConfig(cliCommandName, functionInfo, sdk) {
         description,
         parameters,
         handler,
-        hidden: functionInfo.categories?.includes("deprecated") ?? false,
+        hidden: !!functionInfo.deprecation,
         aliases: functionInfo.aliases,
         supportsJsonOutput: functionInfo.supportsJsonOutput,
     };