@zapier/zapier-sdk 0.49.0 → 0.51.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. package/CHANGELOG.md +25 -0
  2. package/README.md +15 -12
  3. package/dist/api/auth.d.ts +1 -6
  4. package/dist/api/auth.d.ts.map +1 -1
  5. package/dist/api/auth.js +34 -27
  6. package/dist/api/client.d.ts.map +1 -1
  7. package/dist/api/client.js +20 -17
  8. package/dist/api/index.d.ts +1 -1
  9. package/dist/api/index.d.ts.map +1 -1
  10. package/dist/api/index.js +1 -1
  11. package/dist/api/schemas.d.ts +3 -3
  12. package/dist/api/types.d.ts +8 -7
  13. package/dist/api/types.d.ts.map +1 -1
  14. package/dist/auth.d.ts +13 -2
  15. package/dist/auth.d.ts.map +1 -1
  16. package/dist/auth.js +95 -11
  17. package/dist/constants.d.ts +8 -9
  18. package/dist/constants.d.ts.map +1 -1
  19. package/dist/constants.js +8 -11
  20. package/dist/experimental.cjs +184 -52
  21. package/dist/experimental.d.mts +2 -2
  22. package/dist/experimental.d.ts +26 -26
  23. package/dist/experimental.mjs +183 -52
  24. package/dist/{index-C2vsvjgN.d.mts → index-C52BjTXh.d.mts} +124 -18
  25. package/dist/{index-C2vsvjgN.d.ts → index-C52BjTXh.d.ts} +124 -18
  26. package/dist/index.cjs +184 -52
  27. package/dist/index.d.mts +1 -1
  28. package/dist/index.d.ts +2 -1
  29. package/dist/index.d.ts.map +1 -1
  30. package/dist/index.js +1 -0
  31. package/dist/index.mjs +183 -52
  32. package/dist/plugins/api/index.d.ts.map +1 -1
  33. package/dist/plugins/api/index.js +1 -2
  34. package/dist/plugins/apps/index.d.ts +2 -2
  35. package/dist/plugins/deprecated/inputFields.d.ts +18 -18
  36. package/dist/plugins/getAction/index.d.ts +6 -6
  37. package/dist/plugins/getAction/schemas.d.ts +4 -4
  38. package/dist/plugins/getActionInputFieldsSchema/index.d.ts +5 -5
  39. package/dist/plugins/getActionInputFieldsSchema/schemas.d.ts +4 -4
  40. package/dist/plugins/listActionInputFieldChoices/index.d.ts +5 -5
  41. package/dist/plugins/listActionInputFieldChoices/schemas.d.ts +4 -4
  42. package/dist/plugins/listActionInputFields/index.d.ts +5 -5
  43. package/dist/plugins/listActionInputFields/schemas.d.ts +4 -4
  44. package/dist/plugins/listActions/index.d.ts +3 -3
  45. package/dist/plugins/listActions/schemas.d.ts +4 -4
  46. package/dist/plugins/runAction/index.d.ts +5 -5
  47. package/dist/plugins/runAction/schemas.d.ts +4 -4
  48. package/dist/plugins/triggers/getTriggerInputFieldsSchema/index.d.ts +2 -2
  49. package/dist/plugins/triggers/listTriggerInputFieldChoices/index.d.ts +2 -2
  50. package/dist/plugins/triggers/listTriggerInputFields/index.d.ts +2 -2
  51. package/dist/schemas/Action.d.ts +1 -1
  52. package/dist/sdk.d.ts +52 -52
  53. package/dist/types/errors.d.ts +5 -5
  54. package/dist/types/properties.d.ts +1 -1
  55. package/dist/types/sdk.d.ts +2 -2
  56. package/dist/types/sdk.d.ts.map +1 -1
  57. package/dist/types/sdk.js +4 -11
  58. package/dist/utils/telemetry.d.ts +11 -0
  59. package/dist/utils/telemetry.d.ts.map +1 -0
  60. package/dist/utils/telemetry.js +19 -0
  61. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,30 @@
1
1
  # @zapier/zapier-sdk
2
2
 
3
+ ## 0.51.0
4
+
5
+ ### Minor Changes
6
+
7
+ - ef1c97d: Default SDK auth to client credentials
8
+
9
+ ### Patch Changes
10
+
11
+ - f5a734d: Updated the experimental Triggers notice in all three package READMEs to clarify that the feature is in closed beta, with a link to contact us for access.
12
+
13
+ ## 0.50.0
14
+
15
+ ### Minor Changes
16
+
17
+ - cd8f37b: Collapse the approval-flow surface into a single tri-state `approvalMode` option.
18
+
19
+ What changed:
20
+ - `approvalMode` is now `"disabled" | "poll" | "throw"` (was `"poll" | "fail"`).
21
+ - `"disabled"` is the default. While the approval flow is alpha, callers must opt in explicitly via `approvalMode: "poll"` or `approvalMode: "throw"` (or the `ZAPIER_APPROVAL_MODE` env var). On an approval-required response, `"disabled"` throws a `ZapierApprovalError` with `status: "approval_required"` without creating an approval.
22
+ - The `isInteractive` SDK option and the `ZAPIER_IS_INTERACTIVE` env var have been removed. Their role is subsumed by `approvalMode`: choosing `"poll"` / `"throw"` is the explicit opt-in that previously required `isInteractive: true`.
23
+ - `"fail"` has been renamed to `"throw"` (both the option value and the `ZAPIER_APPROVAL_MODE` env var value). The behavior is unchanged: throw a `ZapierApprovalError` carrying the approval URL so the caller can surface it.
24
+ - `approvalMode`, `approvalTimeoutMs`, and `maxApprovalRetries` are now part of the public API (no longer marked `internal: true`).
25
+
26
+ There is no back-compat shim. `approvalMode: "fail"` and `isInteractive: <anything>` will fail Zod validation up front.
27
+
3
28
  ## 0.49.0
4
29
 
5
30
  ### Minor Changes
package/README.md CHANGED
@@ -329,17 +329,20 @@ console.log(emojiData.emoji);
329
329
 
330
330
  The `createZapierSdk(...)` factory function is the main entry point for the SDK. It provides methods for managing connections, listing apps, running actions, and more.
331
331
 
332
- | Name | Type | Required | Default | Possible Values | Description |
333
- | ----------------------------- | -------------------------- | -------- | ------- | --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
334
- | `credentials` | `string, object, function` | ❌ | — | — | Authentication credentials. Can be a string (token or API key), a client credentials object ({ clientId, clientSecret }), a PKCE object ({ clientId }), or a function returning any of those. |
335
- | `debug` | `boolean` | ❌ | — | — | Enable debug logging. |
336
- | `baseUrl` | `string` | ❌ | — | — | Base URL for Zapier API endpoints. |
337
- | `trackingBaseUrl` | `string` | ❌ | — | — | Base URL for Zapier tracking endpoints. |
338
- | `maxNetworkRetries` | `number` | ❌ | — | — | Max retries for rate-limited requests (default: 3). |
339
- | `maxNetworkRetryDelayMs` | `number` | ❌ | — | — | Max delay in ms to wait for retry (default: 60000). |
340
- | `canIncludeSharedConnections` | `boolean` | ❌ | — | — | Allow listing shared connections. |
341
- | `canIncludeSharedTables` | `boolean` | ❌ | — | — | Allow listing shared tables. |
342
- | `canDeleteTables` | `boolean` | ❌ | — | | Allow deleting tables. |
332
+ | Name | Type | Required | Default | Possible Values | Description |
333
+ | ----------------------------- | -------------------------- | -------- | ------- | --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
334
+ | `credentials` | `string, object, function` | ❌ | — | — | Authentication credentials. Can be a string (token or API key), a client credentials object ({ clientId, clientSecret }), a PKCE object ({ clientId }), or a function returning any of those. |
335
+ | `debug` | `boolean` | ❌ | — | — | Enable debug logging. |
336
+ | `baseUrl` | `string` | ❌ | — | — | Base URL for Zapier API endpoints. |
337
+ | `trackingBaseUrl` | `string` | ❌ | — | — | Base URL for Zapier tracking endpoints. |
338
+ | `maxNetworkRetries` | `number` | ❌ | — | — | Max retries for rate-limited requests (default: 3). |
339
+ | `maxNetworkRetryDelayMs` | `number` | ❌ | — | — | Max delay in ms to wait for retry (default: 60000). |
340
+ | `approvalTimeoutMs` | `number` | ❌ | — | — | Timeout in ms for approval polling. Default: 600000 (10 min). |
341
+ | `maxApprovalRetries` | `number` | ❌ | — | — | Maximum number of sequential approval rounds per request (one per gating policy) before giving up. Default: 2. |
342
+ | `approvalMode` | `string` | ❌ | — | `disabled`, `poll`, `throw` | Approval flow behavior. "disabled" (default) throws a ZapierApprovalError on approval-required responses without creating an approval. "poll" creates the approval, opens it in a browser, polls until resolved, and retries the original request. "throw" creates the approval and throws a ZapierApprovalError with the approval URL so the caller can surface it. Defaults to the ZAPIER_APPROVAL_MODE env var, then "disabled". |
343
+ | `canIncludeSharedConnections` | `boolean` | ❌ | — | — | Allow listing shared connections. |
344
+ | `canIncludeSharedTables` | `boolean` | ❌ | — | — | Allow listing shared tables. |
345
+ | `canDeleteTables` | `boolean` | ❌ | — | — | Allow deleting tables. |
343
346
 
344
347
  ## Named Connections
345
348
 
@@ -1789,7 +1792,7 @@ const result = await zapier.updateTableRecords({
1789
1792
 
1790
1793
  ### Triggers (Experimental)
1791
1794
 
1792
- > Experimental. Import from `"@zapier/zapier-sdk/experimental"` to use these methods. Methods and behavior may change, and availabilitiy may be limited to some users.
1795
+ > ⚠️ **Closed beta.** Import from `"@zapier/zapier-sdk/experimental"` to use these methods. Methods and behavior may change. [Contact us](https://npsup.zapier.app/contact-us?product=Zapier%20SDK) to request access.
1793
1796
 
1794
1797
  #### `ackTriggerInboxMessages` 🧪 _experimental_
1795
1798
 
package/dist/api/auth.d.ts CHANGED
@@ -6,12 +6,7 @@
6
6
  */
7
7
  export declare function isJwt(token: string): boolean;
8
8
  export declare function getAuthorizationHeader(token: string): string;
9
- /**
10
- * Extract user IDs from JWT token
11
- * Decodes the JWT payload and extracts customuser_id and account_id
12
- * Handles nested JWTs for service tokens
13
- * Returns null values on any failure (silent-by-design)
14
- */
9
+ /** Never throws — an auth decode error must not take down request telemetry. */
15
10
  export declare function extractUserIdsFromJwt(token: string): {
16
11
  customuser_id: number | null;
17
12
  account_id: number | null;
package/dist/api/auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/api/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,wBAAgB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAW5C;AAaD,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAO5D;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG;IACpD,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B,CAwCA"}
1
+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/api/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,wBAAgB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAW5C;AAaD,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAO5D;AA8BD,gFAAgF;AAChF,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG;IACpD,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B,CAmBA"}
package/dist/api/auth.js CHANGED
@@ -33,38 +33,45 @@ export function getAuthorizationHeader(token) {
33
33
  // Default to Bearer for other token types
34
34
  return `Bearer ${token}`;
35
35
  }
36
- /**
37
- * Extract user IDs from JWT token
38
- * Decodes the JWT payload and extracts customuser_id and account_id
39
- * Handles nested JWTs for service tokens
40
- * Returns null values on any failure (silent-by-design)
41
- */
42
- export function extractUserIdsFromJwt(token) {
36
+ // Handles nested service-JWT shape (`sub_type: "service"` with `njwt`). Lenient — falls back to outer payload on nested parse failure.
37
+ function readJwtPayload(token) {
43
38
  const parts = parseJwt(token);
44
- if (!parts) {
45
- return { customuser_id: null, account_id: null };
46
- }
39
+ if (!parts)
40
+ return null;
41
+ let payload;
47
42
  try {
48
- const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString("utf-8"));
49
- let actualPayload = payload;
50
- if (payload.sub_type === "service" && payload.njwt) {
51
- const nestedParts = payload.njwt.split(".");
52
- if (nestedParts.length === 3) {
53
- actualPayload = JSON.parse(Buffer.from(nestedParts[1], "base64url").toString("utf-8"));
43
+ payload = JSON.parse(Buffer.from(parts[1], "base64url").toString("utf-8"));
44
+ }
45
+ catch {
46
+ return null;
47
+ }
48
+ if (payload["sub_type"] === "service" &&
49
+ typeof payload["njwt"] === "string") {
50
+ const nestedParts = parseJwt(payload["njwt"]);
51
+ if (nestedParts) {
52
+ try {
53
+ return JSON.parse(Buffer.from(nestedParts[1], "base64url").toString("utf-8"));
54
+ }
55
+ catch {
56
+ // Fall through to outer payload.
54
57
  }
55
58
  }
56
- const accountId = actualPayload["zap:acc"] != null
57
- ? parseInt(String(actualPayload["zap:acc"]), 10)
58
- : null;
59
- const customUserId = actualPayload.sub_type === "customuser" && actualPayload.sub != null
60
- ? parseInt(String(actualPayload.sub), 10)
61
- : null;
62
- return {
63
- customuser_id: customUserId !== null && !isNaN(customUserId) ? customUserId : null,
64
- account_id: accountId !== null && !isNaN(accountId) ? accountId : null,
65
- };
66
59
  }
67
- catch {
60
+ return payload;
61
+ }
62
+ /** Never throws — an auth decode error must not take down request telemetry. */
63
+ export function extractUserIdsFromJwt(token) {
64
+ const payload = readJwtPayload(token);
65
+ if (!payload) {
68
66
  return { customuser_id: null, account_id: null };
69
67
  }
68
+ const accRaw = payload["zap:acc"];
69
+ const accountId = accRaw != null ? parseInt(String(accRaw), 10) : null;
70
+ const customUserId = payload["sub_type"] === "customuser" && payload["sub"] != null
71
+ ? parseInt(String(payload["sub"]), 10)
72
+ : null;
73
+ return {
74
+ customuser_id: customUserId !== null && !isNaN(customUserId) ? customUserId : null,
75
+ account_id: accountId !== null && !isNaN(accountId) ? accountId : null,
76
+ };
70
77
  }
package/dist/api/client.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAGjB,MAAM,SAAS,CAAC;AAyjCjB,eAAO,MAAM,eAAe,GAAI,SAAS,gBAAgB,KAAG,SAW3D,CAAC"}
1
+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAGjB,MAAM,SAAS,CAAC;AA4jCjB,eAAO,MAAM,eAAe,GAAI,SAAS,gBAAgB,KAAG,SAW3D,CAAC"}
package/dist/api/client.js CHANGED
@@ -12,7 +12,7 @@ import { getZapierBaseUrl, isLocalhostBaseUrl } from "../utils/url-utils";
12
12
  import { sleep, calculateExponentialBackoffMs } from "../utils/retry-utils";
13
13
  import { isPlainObject } from "../utils/type-guard-utils";
14
14
  import { ZapierApiError, ZapierApprovalError, ZapierAuthenticationError, ZapierTimeoutError, ZapierValidationError, ZapierResourceNotFoundError, ZapierRateLimitError, } from "../types/errors";
15
- import { ZAPIER_MAX_NETWORK_RETRIES, ZAPIER_MAX_NETWORK_RETRY_DELAY_MS, getZapierIsInteractive, getZapierApprovalMode, getZapierSdkService, DEFAULT_APPROVAL_TIMEOUT_MS, DEFAULT_MAX_APPROVAL_RETRIES, } from "../constants";
15
+ import { ZAPIER_MAX_NETWORK_RETRIES, ZAPIER_MAX_NETWORK_RETRY_DELAY_MS, getZapierApprovalMode, getZapierSdkService, DEFAULT_APPROVAL_TIMEOUT_MS, DEFAULT_MAX_APPROVAL_RETRIES, } from "../constants";
16
16
  import { SDK_VERSION } from "../sdk-version";
17
17
  import { openApproval } from "../utils/open-approval";
18
18
  import { z } from "zod";
@@ -249,13 +249,13 @@ class ZapierApiClient {
249
249
  // and throw `max_retries_exceeded` below.
250
250
  if (attempt === maxRetries)
251
251
  break;
252
- // Approval requires opening a URL in a browser. If the caller's session
253
- // can't do that (CI, server, headless container), surface a distinct
254
- // status so callers can branch on "retry interactively or use
255
- // approvalMode: 'fail'" vs. a real policy denial.
256
- const isInteractive = this.options.isInteractive ?? getZapierIsInteractive();
257
- if (!isInteractive) {
258
- throw new ZapierApprovalError("Approval required but session is not interactive", { status: "approval_required" });
252
+ // Resolve the mode: explicit option > env var > "disabled" (conservative
253
+ // default while the approval flow is alpha + opt-in). When disabled,
254
+ // surface a distinct status so callers can branch on "enable approvals
255
+ // explicitly" vs. a real policy denial.
256
+ const mode = this.options.approvalMode ?? getZapierApprovalMode() ?? "disabled";
257
+ if (mode === "disabled") {
258
+ throw new ZapierApprovalError("Approvals are disabled. Set approvalMode to 'poll' or 'throw' (or ZAPIER_APPROVAL_MODE) to enable.", { status: "approval_required" });
259
259
  }
260
260
  // `approvalContext` is a builder, not a value, because the SDK may
261
261
  // retry the same request across multiple approval rounds and each POST
@@ -266,10 +266,10 @@ class ZapierApiClient {
266
266
  throw new ZapierApiError(`Received 403 approval_required for ${path}, but the caller did not provide an approvalContext builder. Every approval-capable request must pass approvalContext so the SDK can create the approval with the correct policy context.`, { statusCode: 403 });
267
267
  }
268
268
  // Create the approval, open the URL (poll mode) or throw with the URL
269
- // attached (fail mode), and wait for terminal resolution. Returns only
269
+ // attached (throw mode), and wait for terminal resolution. Returns only
270
270
  // on "approved" — every other outcome throws from inside the helper.
271
271
  // On return, loop back to retry the original request.
272
- await this.runOneApprovalRound(init.approvalContext);
272
+ await this.runOneApprovalRound(init.approvalContext, mode);
273
273
  }
274
274
  // Only reachable when the final attempt returned `approval_required`
275
275
  // (see the `break` above). Every other terminal outcome throws inline.
@@ -625,8 +625,9 @@ class ZapierApiClient {
625
625
  }
626
626
  // Check if we have an auth token available
627
627
  const wasMissingAuthToken = options.authRequired &&
628
- (await this.getAuthToken({ requiredScopes: options.requiredScopes })) ==
629
- null;
628
+ (await this.getAuthToken({
629
+ requiredScopes: options.requiredScopes,
630
+ })) == null;
630
631
  const response = await this.fetch(path, {
631
632
  ...options,
632
633
  method,
@@ -651,10 +652,13 @@ class ZapierApiClient {
651
652
  }
652
653
  /**
653
654
  * Run a single approval round: create the approval, open the URL (poll mode)
654
- * or throw (fail mode), poll until resolved, and emit events. Throws on
655
+ * or throw (throw mode), poll until resolved, and emit events. Throws on
655
656
  * denied/timeout/unexpected status. Returns on approved.
657
+ *
658
+ * Caller is responsible for passing a non-"disabled" mode; this method
659
+ * unconditionally creates an approval.
656
660
  */
657
- async runOneApprovalRound(buildContext) {
661
+ async runOneApprovalRound(buildContext, mode) {
658
662
  const context = buildContext();
659
663
  // Route through rawFetch so the approval POST shares auth + 429 retry.
660
664
  let approvalResponse;
@@ -733,8 +737,7 @@ class ZapierApiClient {
733
737
  approvalId: approval.approval_id,
734
738
  approvalUrl: approval.approval_url,
735
739
  });
736
- const approvalMode = this.options.approvalMode ?? getZapierApprovalMode();
737
- if (approvalMode === "fail") {
740
+ if (mode === "throw") {
738
741
  throw new ZapierApprovalError("This request requires approval.", {
739
742
  approvalId: approval.approval_id,
740
743
  approvalUrl: approval.approval_url,
@@ -742,7 +745,7 @@ class ZapierApiClient {
742
745
  status: "pending",
743
746
  });
744
747
  }
745
- // approvalMode: "poll" (default) — open browser and poll
748
+ // mode === "poll" — open browser and poll
746
749
  await openApproval(approval.approval_url);
747
750
  const timeoutMs = this.options.approvalTimeoutMs ?? DEFAULT_APPROVAL_TIMEOUT_MS;
748
751
  let rawPollResult;
package/dist/api/index.d.ts CHANGED
@@ -8,7 +8,7 @@
8
8
  export type { ApiClient, ApiClientOptions, RequestOptions, PollOptions, DebugLogger, Action, Field, Choice, ActionExecutionResult, ActionField, ActionFieldChoice, NeedsRequest, NeedsResponse, Connection, ConnectionsResponse, Implementation, ImplementationsResponse, } from "./types";
9
9
  import type { ApiClient } from "./types";
10
10
  import type { Credentials } from "../types/credentials";
11
- export { isJwt, getAuthorizationHeader } from "./auth";
11
+ export { isJwt, getAuthorizationHeader, extractUserIdsFromJwt } from "./auth";
12
12
  export { createDebugLogger, createDebugFetch } from "./debug";
13
13
  export { pollUntilComplete } from "./polling";
14
14
  export { createZapierApi } from "./client";
package/dist/api/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EAEV,SAAS,EACT,gBAAgB,EAChB,cAAc,EACd,WAAW,EACX,WAAW,EAEX,MAAM,EACN,KAAK,EACL,MAAM,EACN,qBAAqB,EACrB,WAAW,EACX,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,UAAU,EACV,mBAAmB,EACnB,cAAc,EACd,uBAAuB,GACxB,MAAM,SAAS,CAAC;AAGjB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAIxD,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,MAAM,QAAQ,CAAC;AAGvD,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAG9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAG9C,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAM3C,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;CACjC,GAAG,SAAS,CAsBZ"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EAEV,SAAS,EACT,gBAAgB,EAChB,cAAc,EACd,WAAW,EACX,WAAW,EAEX,MAAM,EACN,KAAK,EACL,MAAM,EACN,qBAAqB,EACrB,WAAW,EACX,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,UAAU,EACV,mBAAmB,EACnB,cAAc,EACd,uBAAuB,GACxB,MAAM,SAAS,CAAC;AAGjB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAIxD,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,QAAQ,CAAC;AAG9E,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAG9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAG9C,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAM3C,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;CACjC,GAAG,SAAS,CAsBZ"}
package/dist/api/index.js CHANGED
@@ -7,7 +7,7 @@
7
7
  */
8
8
  import { ZAPIER_BASE_URL } from "../constants";
9
9
  // Re-export authentication utilities
10
- export { isJwt, getAuthorizationHeader } from "./auth";
10
+ export { isJwt, getAuthorizationHeader, extractUserIdsFromJwt } from "./auth";
11
11
  // Re-export debug utilities
12
12
  export { createDebugLogger, createDebugFetch } from "./debug";
13
13
  // Re-export polling utilities
package/dist/api/schemas.d.ts CHANGED
@@ -66,13 +66,13 @@ export declare const ActionSchema: z.ZodObject<{
66
66
  id: z.ZodOptional<z.ZodString>;
67
67
  type: z.ZodEnum<{
68
68
  filter: "filter";
69
+ write: "write";
69
70
  read: "read";
70
71
  read_bulk: "read_bulk";
71
72
  run: "run";
72
73
  search: "search";
73
74
  search_and_write: "search_and_write";
74
75
  search_or_write: "search_or_write";
75
- write: "write";
76
76
  }>;
77
77
  key: z.ZodString;
78
78
  name: z.ZodString;
@@ -314,13 +314,13 @@ export declare const ImplementationSchema: z.ZodObject<{
314
314
  id: z.ZodOptional<z.ZodString>;
315
315
  type: z.ZodEnum<{
316
316
  filter: "filter";
317
+ write: "write";
317
318
  read: "read";
318
319
  read_bulk: "read_bulk";
319
320
  run: "run";
320
321
  search: "search";
321
322
  search_and_write: "search_and_write";
322
323
  search_or_write: "search_or_write";
323
- write: "write";
324
324
  }>;
325
325
  key: z.ZodString;
326
326
  name: z.ZodString;
@@ -356,13 +356,13 @@ export declare const ImplementationsResponseSchema: z.ZodObject<{
356
356
  id: z.ZodOptional<z.ZodString>;
357
357
  type: z.ZodEnum<{
358
358
  filter: "filter";
359
+ write: "write";
359
360
  read: "read";
360
361
  read_bulk: "read_bulk";
361
362
  run: "run";
362
363
  search: "search";
363
364
  search_and_write: "search_and_write";
364
365
  search_or_write: "search_or_write";
365
- write: "write";
366
366
  }>;
367
367
  key: z.ZodString;
368
368
  name: z.ZodString;
package/dist/api/types.d.ts CHANGED
@@ -40,16 +40,17 @@ export interface ApiClientOptions {
40
40
  * Default is 60000 (60 seconds).
41
41
  */
42
42
  maxNetworkRetryDelayMs?: number;
43
- /**
44
- * Whether this session is interactive (user can visit approval URLs).
45
- */
46
- isInteractive?: boolean;
47
43
  /**
48
44
  * Controls how the approval flow is handled.
49
- * - "poll": (default) Opens the approval URL in a browser and polls until resolved.
50
- * - "fail": Creates the approval and throws a ZapierApprovalError immediately with the approval URL.
45
+ * - "disabled": (default when env var is unset) Throw a ZapierApprovalError
46
+ * on approval-required responses without creating an approval.
47
+ * - "poll": Create the approval, open the URL in a browser, poll until
48
+ * resolved, and retry the original request on success.
49
+ * - "throw": Create the approval and throw a ZapierApprovalError immediately
50
+ * with the approval URL so the caller can surface it.
51
+ * Defaults to the ZAPIER_APPROVAL_MODE env var, then "disabled".
51
52
  */
52
- approvalMode?: "poll" | "fail";
53
+ approvalMode?: "disabled" | "poll" | "throw";
53
54
  /**
54
55
  * Timeout in ms for approval polling. Default: 600000 (10 minutes).
55
56
  */
package/dist/api/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/api/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EACV,gBAAgB,EAChB,yBAAyB,EAC1B,MAAM,gDAAgD,CAAC;AACxD,OAAO,KAAK,EACV,wBAAwB,EACxB,iCAAiC,EAClC,MAAM,oDAAoD,CAAC;AAC5D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAC7B,OAAO,KAAK,EACV,iBAAiB,EACjB,UAAU,EACV,iBAAiB,EACjB,uBAAuB,EACvB,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,2BAA2B,EAC3B,uBAAuB,EACvB,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACT,kBAAkB,EAClB,mBAAmB,EACnB,oBAAoB,EACpB,6BAA6B,EAC7B,aAAa,EACb,sBAAsB,EACtB,wBAAwB,EACxB,yBAAyB,EACzB,6BAA6B,EAC7B,8BAA8B,EAC/B,MAAM,WAAW,CAAC;AAMnB,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;IACpC;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC;;OAEG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC/B;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;;;;OAMG;IACH,aAAa,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAClD;;;OAGG;IACH,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,cAAc,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;IACzE,IAAI,EAAE,CAAC,CAAC,GAAG,OAAO,EAChB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,cAAc,KACrB,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB,GAAG,EAAE,CAAC,CAAC,GAAG,OAAO,EACf,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,cAAc,KACrB,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB,KAAK,EAAE,CAAC,CAAC,GAAG,OAAO,EACjB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,cAAc,KACrB,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB,MAAM,EAAE,CAAC,CAAC,GAAG,OAAO,EAClB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,cAAc,KACrB,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB,IAAI,EAAE,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;IACvE,KAAK,EAAE,CACL,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,WAAW,GAAG;QACnB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,MAAM,cAAc,CAAC;KACxC,KACE,OAAO,CAAC,QAAQ,CAAC,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,kBAAkB,CAAC,EAAE,CAAC,SAAS,EAAE;QAC/B,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,OAAO,CAAC;KACf,KAAK,KAAK,GAAG,SAAS,CAAC;IACxB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IAClD;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,cAAc,CAAC;IACvC;;;;;OAKG;IACH,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,WAAY,SAAQ,cAAc;IACjD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,uGAAuG;IACvG,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,KAAK,OAAO,CAAC;IAC3C,eAAe,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,KAAK,OAAO,CAAC;CAClD;AAED,MAAM,WAAW,WAAW;IAC1B,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;CACzC;AAOD,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAC9C,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AACxE,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAClD,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAClD,MAAM,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAChD,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAChF,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AACxE,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAG5D,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,SAAS,CAAC,CAAC;AAC5C,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AACpD,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAGtE,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAC9D,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAGhE,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAC3C,OAAO,6BAA6B,CACrC,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAC/C,OAAO,iCAAiC,CACzC,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAC3C,OAAO,6BAA6B,CACrC,CAAC;AACF,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAC5C,OAAO,8BAA8B,CACtC,CAAC"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/api/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EACV,gBAAgB,EAChB,yBAAyB,EAC1B,MAAM,gDAAgD,CAAC;AACxD,OAAO,KAAK,EACV,wBAAwB,EACxB,iCAAiC,EAClC,MAAM,oDAAoD,CAAC;AAC5D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAC7B,OAAO,KAAK,EACV,iBAAiB,EACjB,UAAU,EACV,iBAAiB,EACjB,uBAAuB,EACvB,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,2BAA2B,EAC3B,uBAAuB,EACvB,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACT,kBAAkB,EAClB,mBAAmB,EACnB,oBAAoB,EACpB,6BAA6B,EAC7B,aAAa,EACb,sBAAsB,EACtB,wBAAwB,EACxB,yBAAyB,EACzB,6BAA6B,EAC7B,8BAA8B,EAC/B,MAAM,WAAW,CAAC;AAMnB,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;IACpC;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC;;;;;;;;;OASG;IACH,YAAY,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;;;;OAMG;IACH,aAAa,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAClD;;;OAGG;IACH,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,cAAc,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;IACzE,IAAI,EAAE,CAAC,CAAC,GAAG,OAAO,EAChB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,cAAc,KACrB,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB,GAAG,EAAE,CAAC,CAAC,GAAG,OAAO,EACf,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,cAAc,KACrB,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB,KAAK,EAAE,CAAC,CAAC,GAAG,OAAO,EACjB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,cAAc,KACrB,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB,MAAM,EAAE,CAAC,CAAC,GAAG,OAAO,EAClB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,cAAc,KACrB,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB,IAAI,EAAE,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;IACvE,KAAK,EAAE,CACL,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,WAAW,GAAG;QACnB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,MAAM,cAAc,CAAC;KACxC,KACE,OAAO,CAAC,QAAQ,CAAC,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,kBAAkB,CAAC,EAAE,CAAC,SAAS,EAAE;QAC/B,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,OAAO,CAAC;KACf,KAAK,KAAK,GAAG,SAAS,CAAC;IACxB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IAClD;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,cAAc,CAAC;IACvC;;;;;OAKG;IACH,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,WAAY,SAAQ,cAAc;IACjD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,uGAAuG;IACvG,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,KAAK,OAAO,CAAC;IAC3C,eAAe,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,KAAK,OAAO,CAAC;CAClD;AAED,MAAM,WAAW,WAAW;IAC1B,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;CACzC;AAOD,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAC9C,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AACxE,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAClD,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAClD,MAAM,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAChD,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAChF,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AACxE,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAG5D,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,SAAS,CAAC,CAAC;AAC5C,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AACpD,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAGtE,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAC9D,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAGhE,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAC3C,OAAO,6BAA6B,CACrC,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAC/C,OAAO,iCAAiC,CACzC,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAC3C,OAAO,6BAA6B,CACrC,CAAC;AACF,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAC5C,OAAO,8BAA8B,CACtC,CAAC"}
package/dist/auth.d.ts CHANGED
@@ -9,7 +9,7 @@
9
9
  * @zapier/zapier-sdk-cli package (imported via its `./login` subpath).
10
10
  */
11
11
  import type { EventCallback } from "./types/events";
12
- import type { Credentials } from "./types/credentials";
12
+ import type { Credentials, ClientCredentialsObject } from "./types/credentials";
13
13
  import { type ZapierCache } from "./cache";
14
14
  export type { ZapierCache, ZapierCacheEntry, ZapierCacheSetOptions, } from "./cache";
15
15
  export { createMemoryCache } from "./cache";
@@ -74,7 +74,18 @@ interface CliLoginOptions {
74
74
  };
75
75
  debug?: boolean;
76
76
  }
77
- type CliLoginModule = typeof import("@zapier/zapier-sdk-cli/login");
77
+ type CliLoginModule = typeof import("@zapier/zapier-sdk-cli/login") & {
78
+ getActiveCredentials?: (options?: {
79
+ baseUrl?: string;
80
+ }) => {
81
+ clientId: string;
82
+ scopes: string[];
83
+ baseUrl?: string;
84
+ } | undefined;
85
+ getStoredClientCredentials?: (options?: {
86
+ baseUrl?: string;
87
+ }) => Promise<ClientCredentialsObject | undefined>;
88
+ };
78
89
  /**
79
90
  * Inject an already-loaded CLI login module so the SDK skips its dynamic import.
80
91
  * This guarantees CLI and SDK share the same module instance in the same process.
package/dist/auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,KAAK,EAAE,WAAW,EAAuB,MAAM,qBAAqB,CAAC;AAG5E,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,SAAS,CAAC;AAG9D,YAAY,EACV,WAAW,EACX,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAG5C,YAAY,EACV,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,aAAa,GACd,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EACV,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,gDAAgD;IAChD,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB;;;;;OAKG;IACH,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AA8BD;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,IAAI,CAItC;AAqCD;;;;;GAKG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB,GAAG,OAAO,CAAC,IAAI,CAAC,CAWhB;AAiID;;GAEG;AACH,UAAU,eAAe;IACvB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,WAAW,CAAC,EAAE;QACZ,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAGD,KAAK,cAAc,GAAG,cAAc,8BAA8B,CAAC,CAAC;AA6BpE;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI,CAE3D;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,GAAG,SAAS,CAGzD;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAK7B;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAmB7B;AA2GD;;;;GAIG;AACH,wBAAsB,0BAA0B,CAAC,OAAO,EAAE;IACxD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB,GAAG,OAAO,CAAC,IAAI,CAAC,CAehB"}
1
+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,KAAK,EACV,WAAW,EAEX,uBAAuB,EACxB,MAAM,qBAAqB,CAAC;AAK7B,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,SAAS,CAAC;AAG9D,YAAY,EACV,WAAW,EACX,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAG5C,YAAY,EACV,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,aAAa,GACd,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EACV,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,gDAAgD;IAChD,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB;;;;;OAKG;IACH,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AA8BD;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,IAAI,CAItC;AAgDD;;;;;GAKG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB,GAAG,OAAO,CAAC,IAAI,CAAC,CAWhB;AAiID;;GAEG;AACH,UAAU,eAAe;IACvB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,WAAW,CAAC,EAAE;QACZ,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAGD,KAAK,cAAc,GAAG,cAAc,8BAA8B,CAAC,GAAG;IACpE,oBAAoB,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE;QAChC,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,KAAK;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS,CAAC;IAC3E,0BAA0B,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE;QACtC,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,KAAK,OAAO,CAAC,uBAAuB,GAAG,SAAS,CAAC,CAAC;CACpD,CAAC;AA6BF;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI,CAE3D;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,GAAG,SAAS,CAGzD;AA2BD;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAK7B;AA+DD;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CA4B7B;AAqHD;;;;GAIG;AACH,wBAAsB,0BAA0B,CAAC,OAAO,EAAE;IACxD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB,GAAG,OAAO,CAAC,IAAI,CAAC,CAehB"}
package/dist/auth.js CHANGED
@@ -9,6 +9,8 @@
9
9
  * @zapier/zapier-sdk-cli package (imported via its `./login` subpath).
10
10
  */
11
11
  import { isClientCredentials, isPkceCredentials } from "./types/credentials";
12
+ import { ZapierAuthenticationError } from "./types/errors";
13
+ import { emitOnce } from "./utils/telemetry";
12
14
  import { resolveCredentials, getClientIdFromCredentials } from "./credentials";
13
15
  import { createMemoryCache } from "./cache";
14
16
  const DEFAULT_AUTH_BASE_URL = "https://zapier.com";
@@ -61,8 +63,10 @@ async function resolveCache(options) {
61
63
  if (cliLogin?.createCache) {
62
64
  try {
63
65
  const cache = cliLogin.createCache();
64
- cachedDefaultCache = cache;
65
- return cache;
66
+ if (cache) {
67
+ cachedDefaultCache = cache;
68
+ return cache;
69
+ }
66
70
  }
67
71
  catch {
68
72
  // Fall through to in-memory if the CLI provider can't be constructed.
@@ -77,6 +81,12 @@ function entryIsValid(entry) {
77
81
  return true;
78
82
  return entry.expiresAt > Date.now() + TOKEN_EXPIRATION_BUFFER_MS;
79
83
  }
84
+ async function readCachedToken(cacheKey, cache) {
85
+ const cached = await cache.get(cacheKey);
86
+ if (cached && entryIsValid(cached))
87
+ return cached.value;
88
+ return undefined;
89
+ }
80
90
  /**
81
91
  * Invalidate the cached token for a given client_credentials identity.
82
92
  * Called on 401 so the next request re-exchanges. Clears both the
@@ -227,6 +237,23 @@ export function isCliLoginAvailable() {
227
237
  return undefined;
228
238
  return cachedCliLogin !== false;
229
239
  }
240
+ function emitAuthResolved(onEvent, mechanism) {
241
+ if (onEvent) {
242
+ emitOnce(onEvent, {
243
+ type: "auth_resolved",
244
+ payload: { mechanism },
245
+ timestamp: Date.now(),
246
+ });
247
+ }
248
+ }
249
+ async function getActiveCredentialsFromCli(baseUrl) {
250
+ const cliLogin = await getCliLogin();
251
+ return cliLogin?.getActiveCredentials?.({ baseUrl });
252
+ }
253
+ async function getStoredClientCredentialsFromCli(baseUrl) {
254
+ const cliLogin = await getCliLogin();
255
+ return cliLogin?.getStoredClientCredentials?.({ baseUrl });
256
+ }
230
257
  /**
231
258
  * Attempts to get a token from the CLI login package.
232
259
  *
@@ -239,6 +266,47 @@ export async function getTokenFromCliLogin(options) {
239
266
  return undefined;
240
267
  return await cliLogin.getToken(options);
241
268
  }
269
+ async function tryStoredClientCredentialToken(options) {
270
+ const activeCredential = await getActiveCredentialsFromCli(options.baseUrl);
271
+ if (!activeCredential)
272
+ return undefined;
273
+ const resolvedBaseUrl = activeCredential.baseUrl || options.baseUrl || DEFAULT_AUTH_BASE_URL;
274
+ const mergedScopes = mergeScopes(activeCredential.scopes.join(" "), options.requiredScopes);
275
+ const cacheKey = buildCacheKey({
276
+ clientId: activeCredential.clientId,
277
+ scopes: mergedScopes,
278
+ baseUrl: resolvedBaseUrl,
279
+ });
280
+ const cache = await resolveCache(options);
281
+ const pending = pendingExchanges.get(cacheKey);
282
+ if (pending)
283
+ return pending;
284
+ const cached = await readCachedToken(cacheKey, cache);
285
+ if (cached !== undefined) {
286
+ if (options.debug)
287
+ console.log(`[auth] Using cached token (clientId: ${activeCredential.clientId})`);
288
+ emitAuthResolved(options.onEvent, "client_credentials");
289
+ return cached;
290
+ }
291
+ const storedCredential = await getStoredClientCredentialsFromCli(resolvedBaseUrl);
292
+ if (!storedCredential) {
293
+ // Active credential pointer exists but the keychain secret is missing.
294
+ // Falling back to JWT would silently downgrade a migrated user; surface
295
+ // the broken state so they re-run login to recreate the secret.
296
+ await invalidateCachedToken({
297
+ clientId: activeCredential.clientId,
298
+ scopes: activeCredential.scopes,
299
+ baseUrl: resolvedBaseUrl,
300
+ cache: options.cache,
301
+ });
302
+ throw new ZapierAuthenticationError(`Stored client credential is missing its secret (clientId: ${activeCredential.clientId}). Run \`zapier-sdk login\` to recreate it.`);
303
+ }
304
+ if (options.debug)
305
+ console.log(`[auth] Using stored client credential (clientId: ${storedCredential.clientId})`);
306
+ const token = await resolveAuthTokenFromCredentials(storedCredential, options);
307
+ emitAuthResolved(options.onEvent, "client_credentials");
308
+ return token;
309
+ }
242
310
  /**
243
311
  * Resolves an auth token from wherever it can be found.
244
312
  *
@@ -265,19 +333,28 @@ export async function resolveAuthToken(options = {}) {
265
333
  if (credentials !== undefined) {
266
334
  return resolveAuthTokenFromCredentials(credentials, options);
267
335
  }
268
- // No credentials from options or env, try CLI login for stored token
269
- return getTokenFromCliLogin({
336
+ const storedToken = await tryStoredClientCredentialToken(options);
337
+ if (storedToken !== undefined)
338
+ return storedToken;
339
+ if (options.debug) {
340
+ console.log("[auth] Using JWT (no stored client credential found)");
341
+ }
342
+ const jwtToken = await getTokenFromCliLogin({
270
343
  onEvent: options.onEvent,
271
344
  fetch: options.fetch,
272
345
  debug: options.debug,
273
346
  });
347
+ if (jwtToken !== undefined) {
348
+ emitAuthResolved(options.onEvent, "jwt");
349
+ }
350
+ return jwtToken;
274
351
  }
275
352
  /**
276
353
  * Resolve an auth token from resolved credentials.
277
354
  */
278
355
  async function resolveAuthTokenFromCredentials(credentials, options) {
279
- // String credentials are used directly as tokens
280
356
  if (typeof credentials === "string") {
357
+ emitAuthResolved(options.onEvent, "token");
281
358
  return credentials;
282
359
  }
283
360
  // Client credentials: exchange + cache through a pluggable cache
@@ -299,9 +376,12 @@ async function resolveAuthTokenFromCredentials(credentials, options) {
299
376
  });
300
377
  const cache = await resolveCache(options);
301
378
  // Fast-path read
302
- const cached = await cache.get(cacheKey);
303
- if (cached && entryIsValid(cached)) {
304
- return cached.value;
379
+ const cached = await readCachedToken(cacheKey, cache);
380
+ if (cached !== undefined) {
381
+ if (options.debug) {
382
+ console.log(`[auth] Using cached token (clientId: ${clientId})`);
383
+ }
384
+ return cached;
305
385
  }
306
386
  // In-process dedup
307
387
  const pending = pendingExchanges.get(cacheKey);
@@ -312,9 +392,13 @@ async function resolveAuthTokenFromCredentials(credentials, options) {
312
392
  // cache under the lock and uses the first's token instead of firing
313
393
  // another exchange.
314
394
  const runLocked = async () => {
315
- const recheck = await cache.get(cacheKey);
316
- if (recheck && entryIsValid(recheck))
317
- return recheck.value;
395
+ const recheck = await readCachedToken(cacheKey, cache);
396
+ if (recheck !== undefined) {
397
+ if (options.debug) {
398
+ console.log(`[auth] Using cached token (clientId: ${clientId}, locked recheck)`);
399
+ }
400
+ return recheck;
401
+ }
318
402
  const { accessToken, expiresIn } = await exchangeClientCredentials({
319
403
  clientId: credentials.clientId,
320
404
  clientSecret: credentials.clientSecret,