@zapier/zapier-sdk-cli 0.54.1 → 0.54.2

package/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @zapier/zapier-sdk-cli
 
+## 0.54.2
+
+### Patch Changes
+
+- c50db26: Fixed logout so it reliably clears local authentication state even when the server cannot revoke the credential. Previously a failed revocation could abort logout and strand the user with credentials they could not remove. Re-login flows are unaffected; they still surface revocation failures before replacing credentials.
+- Updated dependencies [c50db26]
+  - @zapier/zapier-sdk@0.69.2
+  - @zapier/zapier-sdk-mcp@0.13.26
+
 ## 0.54.1
 
 ### Patch Changes

package/dist/cli.cjs

@@ -1573,7 +1573,7 @@ var SHARED_COMMAND_CLI_OPTIONS = [
 
 // package.json
 var package_default = {
-  version: "0.54.1"};
+  version: "0.54.2"};
 
 // src/telemetry/builders.ts
 function createCliBaseEvent(context = {}) {
@@ -3470,7 +3470,8 @@ function sleep(ms) {
 async function withRetry({
   action,
   attempts = 3,
-  initialDelayMs = 100
+  initialDelayMs = 100,
+  shouldRetry = () => true
 }) {
   if (attempts <= 0) {
     throw new Error("withRetry: attempts must be greater than 0");
@@ -3481,9 +3482,8 @@ async function withRetry({
       return await action();
     } catch (err) {
       lastError = err;
-      if (i < attempts - 1) {
-        await sleep(initialDelayMs * 2 ** i);
-      }
+      if (!shouldRetry(err) || i >= attempts - 1) break;
+      await sleep(initialDelayMs * 2 ** i);
     }
   }
   throw lastError;
@@ -3503,32 +3503,50 @@ function getStatusCode(err) {
   }
   return void 0;
 }
+var REVOKE_WARNING_TAIL = "Local state will be cleared, but the credential may still be active. Verify or revoke via `list-client-credentials` or `delete-client-credentials`.";
+var REVOKE_REJECTED_WARNING = "Could not revoke the credential on the server: the request was rejected (your current credentials may lack permission to revoke it). Local state has been cleared, but the credential may still be active on the server \u2014 run `login` to re-authenticate, then `delete-client-credentials` to remove it.";
 async function revokeCredentials({
   api: api2,
   credentials: credentials2,
-  onEvent
+  onEvent,
+  alwaysClearLocalState = false
 }) {
-  await withRetry({
-    action: async () => {
-      try {
-        await api2.delete(
-          `/api/v0/client-credentials/${credentials2.clientId}`,
-          void 0,
-          { authRequired: true, requiredScopes: ["credentials"] }
-        );
-      } catch (err) {
-        const status = getStatusCode(err);
-        if (status === 404) return;
-        if (status === 401) {
-          console.warn(
-            "Could not revoke credentials on the server (unauthorized). Local state will be cleared, but the credential may still be active. Verify or revoke via `list-client-credentials` or `delete-client-credentials`."
+  try {
+    await withRetry({
+      // Permanent errors (403/400) won't change on retry — fail fast instead of
+      // burning the backoff budget. The outer catch then rethrows (re-login) or
+      // swallows and clears local state (logout) per `alwaysClearLocalState`.
+      shouldRetry: (err) => !zapierSdk.isPermanentHttpError(err),
+      action: async () => {
+        try {
+          await api2.delete(
+            `/api/v0/client-credentials/${credentials2.clientId}`,
+            void 0,
+            { authRequired: true, requiredScopes: ["credentials"] }
           );
-          return;
+        } catch (err) {
+          const status = getStatusCode(err);
+          if (status === 404) return;
+          if (status === 401) {
+            console.warn(
+              "Could not revoke credentials on the server (unauthorized). " + REVOKE_WARNING_TAIL
+            );
+            return;
+          }
+          throw err;
         }
-        throw err;
       }
+    });
+  } catch (err) {
+    if (!alwaysClearLocalState) throw err;
+    if (zapierSdk.isPermanentHttpError(err)) {
+      console.warn(REVOKE_REJECTED_WARNING);
+    } else {
+      console.warn(
+        "Could not revoke credentials on the server. " + REVOKE_WARNING_TAIL
+      );
     }
-  });
+  }
   try {
     await deleteStoredClientCredentials({
       name: credentials2.name,
@@ -4628,7 +4646,8 @@ var logoutPlugin = zapierSdk.definePlugin(
       await revokeCredentials({
         api: sdk2.context.api,
         credentials: activeCredentials,
-        onEvent
+        onEvent,
+        alwaysClearLocalState: true
       });
       console.log("\u2705 Successfully logged out");
     }
@@ -7153,7 +7172,7 @@ var watchTriggerInboxCliPlugin = zapierSdk.definePlugin(
 // package.json with { type: 'json' }
 var package_default2 = {
   name: "@zapier/zapier-sdk-cli",
-  version: "0.54.1"};
+  version: "0.54.2"};
 
 // src/sdk.ts
 zapierSdk.injectCliLogin(login_exports);

package/dist/cli.mjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import { Command, CommanderError, Option } from 'commander';
 import { z } from 'zod';
-import { definePlugin, createPluginMethod, OutputPropertySchema, ZapierBundleError, DEFAULT_CONFIG_PATH, ZapierValidationError, ZapierUnknownError, ZapierReleaseTriggerMessageSignal, injectCliLogin, BaseSdkOptionsSchema, getOrCreateApiClient, invalidateCachedToken, batch, toSnakeCase, ZapierAbortDrainSignal, createZapierSdkStack as createZapierSdkStack$1, addPlugin as addPlugin$1, ZapierError, isCredentialsObject, buildApplicationLifecycleEvent, ZapierAuthenticationError, isPositional, runWithTelemetryContext, buildCapabilityMessage, formatErrorMessage, getOsInfo, getPlatformVersions, getCiPlatform, isCi, getReleaseId, getCurrentTimestamp, generateEventId } from '@zapier/zapier-sdk';
+import { definePlugin, createPluginMethod, OutputPropertySchema, ZapierBundleError, DEFAULT_CONFIG_PATH, ZapierValidationError, ZapierUnknownError, ZapierReleaseTriggerMessageSignal, injectCliLogin, BaseSdkOptionsSchema, getOrCreateApiClient, isPermanentHttpError, invalidateCachedToken, batch, toSnakeCase, ZapierAbortDrainSignal, createZapierSdkStack as createZapierSdkStack$1, addPlugin as addPlugin$1, ZapierError, isCredentialsObject, buildApplicationLifecycleEvent, ZapierAuthenticationError, isPositional, runWithTelemetryContext, buildCapabilityMessage, formatErrorMessage, getOsInfo, getPlatformVersions, getCiPlatform, isCi, getReleaseId, getCurrentTimestamp, generateEventId } from '@zapier/zapier-sdk';
 import inquirer from 'inquirer';
 import search from '@inquirer/search';
 import chalk from 'chalk';
@@ -1531,7 +1531,7 @@ var SHARED_COMMAND_CLI_OPTIONS = [
 
 // package.json
 var package_default = {
-  version: "0.54.1"};
+  version: "0.54.2"};
 
 // src/telemetry/builders.ts
 function createCliBaseEvent(context = {}) {
@@ -3428,7 +3428,8 @@ function sleep(ms) {
 async function withRetry({
   action,
   attempts = 3,
-  initialDelayMs = 100
+  initialDelayMs = 100,
+  shouldRetry = () => true
 }) {
   if (attempts <= 0) {
     throw new Error("withRetry: attempts must be greater than 0");
@@ -3439,9 +3440,8 @@ async function withRetry({
       return await action();
     } catch (err) {
       lastError = err;
-      if (i < attempts - 1) {
-        await sleep(initialDelayMs * 2 ** i);
-      }
+      if (!shouldRetry(err) || i >= attempts - 1) break;
+      await sleep(initialDelayMs * 2 ** i);
     }
   }
   throw lastError;
@@ -3461,32 +3461,50 @@ function getStatusCode(err) {
   }
   return void 0;
 }
+var REVOKE_WARNING_TAIL = "Local state will be cleared, but the credential may still be active. Verify or revoke via `list-client-credentials` or `delete-client-credentials`.";
+var REVOKE_REJECTED_WARNING = "Could not revoke the credential on the server: the request was rejected (your current credentials may lack permission to revoke it). Local state has been cleared, but the credential may still be active on the server \u2014 run `login` to re-authenticate, then `delete-client-credentials` to remove it.";
 async function revokeCredentials({
   api: api2,
   credentials: credentials2,
-  onEvent
+  onEvent,
+  alwaysClearLocalState = false
 }) {
-  await withRetry({
-    action: async () => {
-      try {
-        await api2.delete(
-          `/api/v0/client-credentials/${credentials2.clientId}`,
-          void 0,
-          { authRequired: true, requiredScopes: ["credentials"] }
-        );
-      } catch (err) {
-        const status = getStatusCode(err);
-        if (status === 404) return;
-        if (status === 401) {
-          console.warn(
-            "Could not revoke credentials on the server (unauthorized). Local state will be cleared, but the credential may still be active. Verify or revoke via `list-client-credentials` or `delete-client-credentials`."
+  try {
+    await withRetry({
+      // Permanent errors (403/400) won't change on retry — fail fast instead of
+      // burning the backoff budget. The outer catch then rethrows (re-login) or
+      // swallows and clears local state (logout) per `alwaysClearLocalState`.
+      shouldRetry: (err) => !isPermanentHttpError(err),
+      action: async () => {
+        try {
+          await api2.delete(
+            `/api/v0/client-credentials/${credentials2.clientId}`,
+            void 0,
+            { authRequired: true, requiredScopes: ["credentials"] }
           );
-          return;
+        } catch (err) {
+          const status = getStatusCode(err);
+          if (status === 404) return;
+          if (status === 401) {
+            console.warn(
+              "Could not revoke credentials on the server (unauthorized). " + REVOKE_WARNING_TAIL
+            );
+            return;
+          }
+          throw err;
         }
-        throw err;
       }
+    });
+  } catch (err) {
+    if (!alwaysClearLocalState) throw err;
+    if (isPermanentHttpError(err)) {
+      console.warn(REVOKE_REJECTED_WARNING);
+    } else {
+      console.warn(
+        "Could not revoke credentials on the server. " + REVOKE_WARNING_TAIL
+      );
     }
-  });
+  }
   try {
     await deleteStoredClientCredentials({
       name: credentials2.name,
@@ -4586,7 +4604,8 @@ var logoutPlugin = definePlugin(
       await revokeCredentials({
         api: sdk2.context.api,
         credentials: activeCredentials,
-        onEvent
+        onEvent,
+        alwaysClearLocalState: true
       });
       console.log("\u2705 Successfully logged out");
     }
@@ -7111,7 +7130,7 @@ var watchTriggerInboxCliPlugin = definePlugin(
 // package.json with { type: 'json' }
 var package_default2 = {
   name: "@zapier/zapier-sdk-cli",
-  version: "0.54.1"};
+  version: "0.54.2"};
 
 // src/sdk.ts
 injectCliLogin(login_exports);

package/dist/experimental.cjs

@@ -814,7 +814,8 @@ function sleep(ms) {
 async function withRetry({
   action,
   attempts = 3,
-  initialDelayMs = 100
+  initialDelayMs = 100,
+  shouldRetry = () => true
 }) {
   if (attempts <= 0) {
     throw new Error("withRetry: attempts must be greater than 0");
@@ -825,9 +826,8 @@ async function withRetry({
       return await action();
     } catch (err) {
       lastError = err;
-      if (i < attempts - 1) {
-        await sleep(initialDelayMs * 2 ** i);
-      }
+      if (!shouldRetry(err) || i >= attempts - 1) break;
+      await sleep(initialDelayMs * 2 ** i);
     }
   }
   throw lastError;
@@ -847,32 +847,50 @@ function getStatusCode(err) {
   }
   return void 0;
 }
+var REVOKE_WARNING_TAIL = "Local state will be cleared, but the credential may still be active. Verify or revoke via `list-client-credentials` or `delete-client-credentials`.";
+var REVOKE_REJECTED_WARNING = "Could not revoke the credential on the server: the request was rejected (your current credentials may lack permission to revoke it). Local state has been cleared, but the credential may still be active on the server \u2014 run `login` to re-authenticate, then `delete-client-credentials` to remove it.";
 async function revokeCredentials({
   api: api2,
   credentials,
-  onEvent
+  onEvent,
+  alwaysClearLocalState = false
 }) {
-  await withRetry({
-    action: async () => {
-      try {
-        await api2.delete(
-          `/api/v0/client-credentials/${credentials.clientId}`,
-          void 0,
-          { authRequired: true, requiredScopes: ["credentials"] }
-        );
-      } catch (err) {
-        const status = getStatusCode(err);
-        if (status === 404) return;
-        if (status === 401) {
-          console.warn(
-            "Could not revoke credentials on the server (unauthorized). Local state will be cleared, but the credential may still be active. Verify or revoke via `list-client-credentials` or `delete-client-credentials`."
+  try {
+    await withRetry({
+      // Permanent errors (403/400) won't change on retry — fail fast instead of
+      // burning the backoff budget. The outer catch then rethrows (re-login) or
+      // swallows and clears local state (logout) per `alwaysClearLocalState`.
+      shouldRetry: (err) => !zapierSdk.isPermanentHttpError(err),
+      action: async () => {
+        try {
+          await api2.delete(
+            `/api/v0/client-credentials/${credentials.clientId}`,
+            void 0,
+            { authRequired: true, requiredScopes: ["credentials"] }
           );
-          return;
+        } catch (err) {
+          const status = getStatusCode(err);
+          if (status === 404) return;
+          if (status === 401) {
+            console.warn(
+              "Could not revoke credentials on the server (unauthorized). " + REVOKE_WARNING_TAIL
+            );
+            return;
+          }
+          throw err;
         }
-        throw err;
       }
+    });
+  } catch (err) {
+    if (!alwaysClearLocalState) throw err;
+    if (zapierSdk.isPermanentHttpError(err)) {
+      console.warn(REVOKE_REJECTED_WARNING);
+    } else {
+      console.warn(
+        "Could not revoke credentials on the server. " + REVOKE_WARNING_TAIL
+      );
     }
-  });
+  }
   try {
     await deleteStoredClientCredentials({
       name: credentials.name,
@@ -1998,7 +2016,8 @@ var logoutPlugin = zapierSdk.definePlugin(
       await revokeCredentials({
         api: sdk2.context.api,
         credentials: activeCredentials,
-        onEvent
+        onEvent,
+        alwaysClearLocalState: true
       });
       console.log("\u2705 Successfully logged out");
     }
@@ -4506,7 +4525,7 @@ var watchTriggerInboxCliPlugin = zapierSdk.definePlugin(
 // package.json with { type: 'json' }
 var package_default = {
   name: "@zapier/zapier-sdk-cli",
-  version: "0.54.1"};
+  version: "0.54.2"};
 
 // src/experimental.ts
 experimental.injectCliLogin(login_exports);

package/dist/experimental.mjs

@@ -7,7 +7,7 @@ import crypto, { createHash } from 'crypto';
 import * as path from 'path';
 import { resolve, join, dirname, basename, relative, extname } from 'path';
 import * as lockfile from 'proper-lockfile';
-import { definePlugin, createPluginMethod, OutputPropertySchema, ZapierBundleError, DEFAULT_CONFIG_PATH, ZapierValidationError, ZapierUnknownError, ZapierReleaseTriggerMessageSignal, getOrCreateApiClient, invalidateCachedToken, batch, toSnakeCase, ZapierAbortDrainSignal, isCredentialsObject, buildApplicationLifecycleEvent, ZapierAuthenticationError, ZapierError } from '@zapier/zapier-sdk';
+import { definePlugin, createPluginMethod, OutputPropertySchema, ZapierBundleError, DEFAULT_CONFIG_PATH, ZapierValidationError, ZapierUnknownError, ZapierReleaseTriggerMessageSignal, getOrCreateApiClient, isPermanentHttpError, invalidateCachedToken, batch, toSnakeCase, ZapierAbortDrainSignal, isCredentialsObject, buildApplicationLifecycleEvent, ZapierAuthenticationError, ZapierError } from '@zapier/zapier-sdk';
 import { z } from 'zod';
 import { injectCliLogin, createZapierSdkStack, addPlugin } from '@zapier/zapier-sdk/experimental';
 import { hostname } from 'os';
@@ -778,7 +778,8 @@ function sleep(ms) {
 async function withRetry({
   action,
   attempts = 3,
-  initialDelayMs = 100
+  initialDelayMs = 100,
+  shouldRetry = () => true
 }) {
   if (attempts <= 0) {
     throw new Error("withRetry: attempts must be greater than 0");
@@ -789,9 +790,8 @@ async function withRetry({
       return await action();
     } catch (err) {
       lastError = err;
-      if (i < attempts - 1) {
-        await sleep(initialDelayMs * 2 ** i);
-      }
+      if (!shouldRetry(err) || i >= attempts - 1) break;
+      await sleep(initialDelayMs * 2 ** i);
     }
   }
   throw lastError;
@@ -811,32 +811,50 @@ function getStatusCode(err) {
   }
   return void 0;
 }
+var REVOKE_WARNING_TAIL = "Local state will be cleared, but the credential may still be active. Verify or revoke via `list-client-credentials` or `delete-client-credentials`.";
+var REVOKE_REJECTED_WARNING = "Could not revoke the credential on the server: the request was rejected (your current credentials may lack permission to revoke it). Local state has been cleared, but the credential may still be active on the server \u2014 run `login` to re-authenticate, then `delete-client-credentials` to remove it.";
 async function revokeCredentials({
   api: api2,
   credentials,
-  onEvent
+  onEvent,
+  alwaysClearLocalState = false
 }) {
-  await withRetry({
-    action: async () => {
-      try {
-        await api2.delete(
-          `/api/v0/client-credentials/${credentials.clientId}`,
-          void 0,
-          { authRequired: true, requiredScopes: ["credentials"] }
-        );
-      } catch (err) {
-        const status = getStatusCode(err);
-        if (status === 404) return;
-        if (status === 401) {
-          console.warn(
-            "Could not revoke credentials on the server (unauthorized). Local state will be cleared, but the credential may still be active. Verify or revoke via `list-client-credentials` or `delete-client-credentials`."
+  try {
+    await withRetry({
+      // Permanent errors (403/400) won't change on retry — fail fast instead of
+      // burning the backoff budget. The outer catch then rethrows (re-login) or
+      // swallows and clears local state (logout) per `alwaysClearLocalState`.
+      shouldRetry: (err) => !isPermanentHttpError(err),
+      action: async () => {
+        try {
+          await api2.delete(
+            `/api/v0/client-credentials/${credentials.clientId}`,
+            void 0,
+            { authRequired: true, requiredScopes: ["credentials"] }
           );
-          return;
+        } catch (err) {
+          const status = getStatusCode(err);
+          if (status === 404) return;
+          if (status === 401) {
+            console.warn(
+              "Could not revoke credentials on the server (unauthorized). " + REVOKE_WARNING_TAIL
+            );
+            return;
+          }
+          throw err;
         }
-        throw err;
       }
+    });
+  } catch (err) {
+    if (!alwaysClearLocalState) throw err;
+    if (isPermanentHttpError(err)) {
+      console.warn(REVOKE_REJECTED_WARNING);
+    } else {
+      console.warn(
+        "Could not revoke credentials on the server. " + REVOKE_WARNING_TAIL
+      );
     }
-  });
+  }
   try {
     await deleteStoredClientCredentials({
       name: credentials.name,
@@ -1962,7 +1980,8 @@ var logoutPlugin = definePlugin(
       await revokeCredentials({
         api: sdk2.context.api,
         credentials: activeCredentials,
-        onEvent
+        onEvent,
+        alwaysClearLocalState: true
       });
       console.log("\u2705 Successfully logged out");
     }
@@ -4470,7 +4489,7 @@ var watchTriggerInboxCliPlugin = definePlugin(
 // package.json with { type: 'json' }
 var package_default = {
   name: "@zapier/zapier-sdk-cli",
-  version: "0.54.1"};
+  version: "0.54.2"};
 
 // src/experimental.ts
 injectCliLogin(login_exports);

package/dist/index.cjs

@@ -813,7 +813,8 @@ function sleep(ms) {
 async function withRetry({
   action,
   attempts = 3,
-  initialDelayMs = 100
+  initialDelayMs = 100,
+  shouldRetry = () => true
 }) {
   if (attempts <= 0) {
     throw new Error("withRetry: attempts must be greater than 0");
@@ -824,9 +825,8 @@ async function withRetry({
       return await action();
     } catch (err) {
       lastError = err;
-      if (i < attempts - 1) {
-        await sleep(initialDelayMs * 2 ** i);
-      }
+      if (!shouldRetry(err) || i >= attempts - 1) break;
+      await sleep(initialDelayMs * 2 ** i);
     }
   }
   throw lastError;
@@ -846,32 +846,50 @@ function getStatusCode(err) {
   }
   return void 0;
 }
+var REVOKE_WARNING_TAIL = "Local state will be cleared, but the credential may still be active. Verify or revoke via `list-client-credentials` or `delete-client-credentials`.";
+var REVOKE_REJECTED_WARNING = "Could not revoke the credential on the server: the request was rejected (your current credentials may lack permission to revoke it). Local state has been cleared, but the credential may still be active on the server \u2014 run `login` to re-authenticate, then `delete-client-credentials` to remove it.";
 async function revokeCredentials({
   api: api2,
   credentials,
-  onEvent
+  onEvent,
+  alwaysClearLocalState = false
 }) {
-  await withRetry({
-    action: async () => {
-      try {
-        await api2.delete(
-          `/api/v0/client-credentials/${credentials.clientId}`,
-          void 0,
-          { authRequired: true, requiredScopes: ["credentials"] }
-        );
-      } catch (err) {
-        const status = getStatusCode(err);
-        if (status === 404) return;
-        if (status === 401) {
-          console.warn(
-            "Could not revoke credentials on the server (unauthorized). Local state will be cleared, but the credential may still be active. Verify or revoke via `list-client-credentials` or `delete-client-credentials`."
+  try {
+    await withRetry({
+      // Permanent errors (403/400) won't change on retry — fail fast instead of
+      // burning the backoff budget. The outer catch then rethrows (re-login) or
+      // swallows and clears local state (logout) per `alwaysClearLocalState`.
+      shouldRetry: (err) => !zapierSdk.isPermanentHttpError(err),
+      action: async () => {
+        try {
+          await api2.delete(
+            `/api/v0/client-credentials/${credentials.clientId}`,
+            void 0,
+            { authRequired: true, requiredScopes: ["credentials"] }
           );
-          return;
+        } catch (err) {
+          const status = getStatusCode(err);
+          if (status === 404) return;
+          if (status === 401) {
+            console.warn(
+              "Could not revoke credentials on the server (unauthorized). " + REVOKE_WARNING_TAIL
+            );
+            return;
+          }
+          throw err;
         }
-        throw err;
       }
+    });
+  } catch (err) {
+    if (!alwaysClearLocalState) throw err;
+    if (zapierSdk.isPermanentHttpError(err)) {
+      console.warn(REVOKE_REJECTED_WARNING);
+    } else {
+      console.warn(
+        "Could not revoke credentials on the server. " + REVOKE_WARNING_TAIL
+      );
     }
-  });
+  }
   try {
     await deleteStoredClientCredentials({
       name: credentials.name,
@@ -1997,7 +2015,8 @@ var logoutPlugin = zapierSdk.definePlugin(
       await revokeCredentials({
         api: sdk2.context.api,
         credentials: activeCredentials,
-        onEvent
+        onEvent,
+        alwaysClearLocalState: true
       });
       console.log("\u2705 Successfully logged out");
     }
@@ -4505,7 +4524,7 @@ zapierSdk.definePlugin(
 // package.json with { type: 'json' }
 var package_default = {
   name: "@zapier/zapier-sdk-cli",
-  version: "0.54.1"};
+  version: "0.54.2"};
 
 // src/sdk.ts
 zapierSdk.injectCliLogin(login_exports);
@@ -4533,7 +4552,7 @@ function createZapierCliSdk(options = {}) {
 
 // package.json
 var package_default2 = {
-  version: "0.54.1"};
+  version: "0.54.2"};
 
 // src/telemetry/builders.ts
 function createCliBaseEvent(context = {}) {