@zapier/zapier-sdk 0.70.3 → 0.71.0

package/dist/experimental.mjs

@@ -1168,6 +1168,8 @@ var ZapierApprovalError = class extends ZapierError {
     this.approvalStatus = options.status;
     this.approvalUrl = options.approvalUrl;
     this.pollUrl = options.pollUrl;
+    this.streamUrl = options.streamUrl;
+    this.reason = options.reason;
   }
 };
 var ZapierRelayError = class extends ZapierError {
@@ -1310,6 +1312,11 @@ function getZapierApprovalMode() {
     return value;
   return void 0;
 }
+function getZapierOpenAutoModeApprovalsInBrowser() {
+  const value = globalThis.process?.env?.ZAPIER_OPEN_AUTO_MODE_APPROVALS_IN_BROWSER;
+  if (value === void 0) return void 0;
+  return value === "true";
+}
 function getZapierDefaultApprovalMode() {
   const isInteractive = !!globalThis.process?.stdin?.isTTY && !!globalThis.process?.stdout?.isTTY;
   return isInteractive ? "poll" : "throw";
@@ -3184,9 +3191,101 @@ function createSseParserStream() {
     }
   });
 }
+var ApprovalReviewChunkSchema = z.discriminatedUnion("type", [
+  z.object({
+    type: z.literal("text-delta"),
+    delta: z.string()
+  }).passthrough(),
+  z.object({
+    type: z.literal("tool-input-available"),
+    toolCallId: z.string(),
+    toolName: z.string()
+  }).passthrough(),
+  z.object({
+    type: z.literal("tool-output-available"),
+    toolCallId: z.string(),
+    output: z.unknown()
+  }).passthrough()
+]);
+var ReportDecisionOutputSchema = z.object({
+  success: z.boolean().optional(),
+  decision: z.enum(["approved", "denied"]),
+  reason: z.string().optional()
+}).passthrough();
+async function consumeApprovalReviewStream({
+  approvalId,
+  streamUrl,
+  signal,
+  stream,
+  emitEvent
+}) {
+  try {
+    const toolNames = /* @__PURE__ */ new Map();
+    for await (const frame of stream(streamUrl, {
+      method: "GET",
+      headers: {
+        "Accept-Encoding": "identity"
+      },
+      signal
+    })) {
+      if (!frame.parsed) continue;
+      const payload = parseApprovalReviewStreamPayload(frame.data, toolNames);
+      if (!payload) continue;
+      if (payload.kind === "message") {
+        emitEvent("approval:review_message", {
+          approvalId,
+          streamUrl,
+          data: payload.data,
+          message: payload.message
+        });
+        continue;
+      }
+      emitEvent("approval:review_decision", {
+        approvalId,
+        streamUrl,
+        data: payload.data,
+        decision: payload.decision,
+        ...payload.reason ? { reason: payload.reason } : {}
+      });
+    }
+  } catch (err) {
+    if (isAbortError(err) || signal.aborted) return;
+    emitEvent("approval:review_stream_error", {
+      approvalId,
+      streamUrl,
+      message: err instanceof Error ? err.message : String(err)
+    });
+  }
+}
+function parseApprovalReviewStreamPayload(parsed, toolNames) {
+  const chunk = ApprovalReviewChunkSchema.safeParse(parsed);
+  if (!chunk.success) return void 0;
+  switch (chunk.data.type) {
+    case "text-delta": {
+      const message = chunk.data.delta.trim();
+      return message.length > 0 ? { kind: "message", data: parsed, message } : void 0;
+    }
+    case "tool-input-available":
+      toolNames.set(chunk.data.toolCallId, chunk.data.toolName);
+      return void 0;
+    case "tool-output-available": {
+      if (toolNames.get(chunk.data.toolCallId) !== "report_decision") {
+        return void 0;
+      }
+      const decision = ReportDecisionOutputSchema.safeParse(chunk.data.output);
+      if (!decision.success) return void 0;
+      return {
+        kind: "decision",
+        data: parsed,
+        decision: decision.data.decision,
+        ...decision.data.reason ? { reason: decision.data.reason } : {}
+      };
+    }
+  }
+}
 
 // src/sdk-version.ts
-var SDK_VERSION = (typeof process !== "undefined" && process.env ? "0.70.3" : void 0) || "unknown";
+var SDK_VERSION = (typeof process !== "undefined" && process.env ? "0.71.0" : void 0) || "unknown";
 
 // src/utils/open-url.ts
 var nodePrefix = "node:";
@@ -3238,6 +3337,9 @@ var openUrl = async (url) => {
   } else if (platform === "win32") {
     command = "rundll32";
     args = ["url.dll,FileProtocolHandler", target];
+  } else if (platform === "linux") {
+    command = "xdg-open";
+    args = [target];
   } else {
     throw new Error(`Unsupported platform: ${platform}`);
   }
@@ -3260,16 +3362,39 @@ async function openApproval(url) {
   } catch {
   }
 }
-var ApprovalStatusSchema = z.enum(["pending_approval", "approved", "denied"]);
+var ApprovalStatusSchema = z.enum([
+  "pending_approval",
+  "approved",
+  "denied",
+  "failed"
+]);
+var ApprovalModeSchema = z.enum(["manual", "auto"]);
 var CreateApprovalResponseSchema = z.object({
+  id: z.string().optional(),
   status: ApprovalStatusSchema,
-  approval_id: z.string(),
+  approval_id: z.string().optional(),
+  mode: ApprovalModeSchema,
   approval_url: z.string().url(),
-  poll_url: z.string().url()
+  poll_url: z.string().url(),
+  stream_url: z.string().url().optional(),
+  reason: z.string().optional()
+}).transform((approval, ctx) => {
+  const id = approval.id ?? approval.approval_id;
+  if (!id) {
+    ctx.addIssue({
+      code: "custom",
+      message: "Approval response must include id"
+    });
+    return z.NEVER;
+  }
+  return { ...approval, id };
 });
 var PollApprovalResponseSchema = z.object({
+  id: z.string().optional(),
   status: ApprovalStatusSchema,
-  approval_id: z.string()
+  approval_id: z.string().optional(),
+  mode: ApprovalModeSchema.optional(),
+  reason: z.string().optional()
 });
 var APPROVAL_MAX_POLLING_INTERVAL_MS = 5e3;
 function parseRateLimitHeaders(response) {
@@ -3542,7 +3667,11 @@ var ZapierApiClient = class {
             { statusCode: 403 }
           );
         }
-        await this.runOneApprovalRound(init.approvalContext, mode);
+        await this.runOneApprovalRound(
+          init.approvalContext,
+          mode,
+          init.signal ?? void 0
+        );
       }
       throw new ZapierApprovalError(
         `Exceeded maximum approval retries (${maxRetries}) for ${path}`,
@@ -3570,6 +3699,7 @@ var ZapierApiClient = class {
      * any frame), so transport / auth failures surface as usual.
      */
     this.fetchJsonStream = (path, init) => jsonFrames(this.fetchStream(path, init));
+    this.streamTrustedJsonUrl = (url, init) => jsonFrames(this.streamTrustedSseUrl(url, init));
     this.get = async (path, options = {}) => {
       return this.fetchJson("GET", path, void 0, options);
     };
@@ -3909,7 +4039,7 @@ var ZapierApiClient = class {
   // bound `fetchStream` arrow above for parity with the other client methods.
   async *streamSse(path, init) {
     const { onOpen, headers: initHeaders, ...fetchInit } = init ?? {};
-    const signal = fetchInit.signal;
+    const signal = fetchInit.signal ?? void 0;
     if (signal?.aborted) return;
     const wasMissingAuthToken = fetchInit.authRequired === true && await this.getAuthToken({
       requiredScopes: fetchInit.requiredScopes
@@ -3927,13 +4057,62 @@ var ZapierApiClient = class {
       if (signal?.aborted || isAbortError(err)) return;
       throw err;
     }
+    yield* this.readSseResponse({
+      response,
+      signal,
+      onOpen,
+      wasMissingAuthToken,
+      requiredScopes: fetchInit.requiredScopes
+    });
+  }
+  // Approval `stream_url` is server-supplied and origin-pinned before use, like
+  // `poll_url`; keep absolute-URL streaming private rather than widening the
+  // public path-based `fetchStream` API.
+  async *streamTrustedSseUrl(url, init) {
+    const { onOpen, headers: initHeaders, ...fetchInit } = init ?? {};
+    const signal = fetchInit.signal ?? void 0;
+    if (signal?.aborted) return;
+    const wasMissingAuthToken = fetchInit.authRequired === true && await this.getAuthToken({
+      requiredScopes: fetchInit.requiredScopes
+    }) == null;
+    const headers = new Headers(initHeaders);
+    if (!headers.has("Accept")) headers.set("Accept", "text/event-stream");
+    let response;
+    try {
+      response = await this.withSemaphore(
+        { url, method: fetchInit.method ?? "GET", signal },
+        () => this.rawFetchUrl(url, {
+          ...fetchInit,
+          method: fetchInit.method ?? "GET",
+          headers
+        })
+      );
+    } catch (err) {
+      if (signal?.aborted || isAbortError(err)) return;
+      throw err;
+    }
+    yield* this.readSseResponse({
+      response,
+      signal,
+      onOpen,
+      wasMissingAuthToken,
+      requiredScopes: fetchInit.requiredScopes
+    });
+  }
+  async *readSseResponse({
+    response,
+    signal,
+    onOpen,
+    wasMissingAuthToken,
+    requiredScopes
+  }) {
     if (!response.ok) {
       const { data } = await this.parseResult(response);
       await this.throwForErrorResponse({
         response,
         responseData: data,
         wasMissingAuthToken,
-        requiredScopes: fetchInit.requiredScopes
+        requiredScopes
       });
     }
     if (!response.body) return;
@@ -3959,12 +4138,12 @@ var ZapierApiClient = class {
   /**
    * Run a single approval round: create the approval, open the URL (poll mode)
    * or throw (throw mode), poll until resolved, and emit events. Throws on
-   * denied/timeout/unexpected status. Returns on approved.
+   * denied/failed/timeout/unexpected status. Returns on approved.
    *
    * Caller is responsible for passing a non-"disabled" mode; this method
    * unconditionally creates an approval.
    */
-  async runOneApprovalRound(buildContext, mode) {
+  async runOneApprovalRound(buildContext, mode, signal) {
     const context = buildContext();
     let approvalResponse;
     try {
@@ -3974,9 +4153,11 @@ var ZapierApiClient = class {
           "Content-Type": "application/json",
           Accept: "application/json"
         },
-        body: JSON.stringify({ context })
+        body: JSON.stringify({ context }),
+        signal
       });
     } catch (err) {
+      if (isAbortError(err)) throw err;
       throw new ZapierApiError("Failed to create approval request", {
         statusCode: 0,
         cause: err
@@ -4029,6 +4210,9 @@ var ZapierApiClient = class {
     };
     if (!isLocalhostBaseUrl(this.options.baseUrl)) {
       assertApprovalOrigin(approval.poll_url, sdkapiOrigin, "poll_url");
+      if (approval.stream_url) {
+        assertApprovalOrigin(approval.stream_url, sdkapiOrigin, "stream_url");
+      }
       assertApprovalOrigin(
         approval.approval_url,
         browserOrigin,
@@ -4036,19 +4220,79 @@ var ZapierApiClient = class {
       );
     }
     this.emitEvent("approval:required", {
-      approvalId: approval.approval_id,
-      approvalUrl: approval.approval_url
+      approvalId: approval.id,
+      approvalUrl: approval.approval_url,
+      mode: approval.mode,
+      ...approval.stream_url ? { streamUrl: approval.stream_url } : {}
     });
-    if (mode === "throw") {
-      throw new ZapierApprovalError("This request requires approval.", {
-        approvalId: approval.approval_id,
-        approvalUrl: approval.approval_url,
-        pollUrl: approval.poll_url,
-        status: "pending"
-      });
+    const shouldOpenAutoModeApproval = this.options.openAutoModeApprovalsInBrowser ?? getZapierOpenAutoModeApprovalsInBrowser() ?? false;
+    if (approval.mode === "auto") {
+      if (shouldOpenAutoModeApproval) {
+        await openApproval(approval.approval_url);
+      }
+      if (approval.status === "approved") {
+        this.emitEvent("approval:approved", {
+          approvalId: approval.id
+        });
+        return;
+      }
+      if (approval.status === "denied") {
+        this.emitEvent("approval:denied", {
+          approvalId: approval.id,
+          ...approval.reason ? { reason: approval.reason } : {}
+        });
+        throw new ZapierApprovalError(
+          approval.reason ? `Request denied: ${approval.reason}` : "Request denied by user",
+          {
+            approvalId: approval.id,
+            status: "denied",
+            reason: approval.reason
+          }
+        );
+      }
+      if (approval.status === "failed") {
+        this.throwApprovalFailed({
+          approvalId: approval.id,
+          approvalUrl: approval.approval_url,
+          pollUrl: approval.poll_url,
+          streamUrl: approval.stream_url,
+          reason: approval.reason
+        });
+      }
+    } else {
+      if (mode === "throw") {
+        throw new ZapierApprovalError("This request requires approval.", {
+          approvalId: approval.id,
+          approvalUrl: approval.approval_url,
+          pollUrl: approval.poll_url,
+          streamUrl: approval.stream_url,
+          status: "pending"
+        });
+      }
+      await openApproval(approval.approval_url);
     }
-    await openApproval(approval.approval_url);
     const timeoutMs = this.options.approvalTimeoutMs ?? DEFAULT_APPROVAL_TIMEOUT_MS;
+    let streamAbortController;
+    let streamPromise;
+    let removeStreamAbortListener;
+    if (approval.mode === "auto" && approval.stream_url) {
+      const streamUrl = approval.stream_url;
+      streamAbortController = new AbortController();
+      const abortStream = () => streamAbortController?.abort();
+      if (signal?.aborted) {
+        abortStream();
+      } else if (signal) {
+        signal.addEventListener("abort", abortStream, { once: true });
+        removeStreamAbortListener = () => signal.removeEventListener("abort", abortStream);
+      }
+      streamPromise = consumeApprovalReviewStream({
+        approvalId: approval.id,
+        streamUrl,
+        signal: streamAbortController.signal,
+        stream: (url, streamInit) => this.streamTrustedJsonUrl(url, streamInit),
+        emitEvent: (type, payload) => this.emitEvent(type, payload)
+      });
+    }
     let rawPollResult;
     try {
       rawPollResult = await pollUntilComplete({
@@ -4059,14 +4303,16 @@ var ZapierApiClient = class {
         // semaphore — but we deliberately do not hold a slot across the
         // sleep between polls or across the human-approval wait.
         fetchPoll: () => this.withSemaphore(
-          { url: approval.poll_url, method: "GET" },
+          { url: approval.poll_url, method: "GET", signal },
           () => this.rawFetchUrl(approval.poll_url, {
             method: "GET",
-            headers: { Accept: "application/json" }
+            headers: { Accept: "application/json" },
+            signal
           })
         ),
         timeoutMs,
         maxPollingIntervalMs: APPROVAL_MAX_POLLING_INTERVAL_MS,
+        signal,
         isPending: (body2) => {
           const parsed = PollApprovalResponseSchema.safeParse(body2);
           return parsed.success && parsed.data.status === "pending_approval";
@@ -4074,25 +4320,38 @@ var ZapierApiClient = class {
       });
     } catch (err) {
       if (!(err instanceof ZapierTimeoutError)) {
+        this.emitEvent("approval:error", {
+          approvalId: approval.id,
+          message: err instanceof Error ? err.message : String(err)
+        });
         throw err;
       }
       this.emitEvent("approval:timeout", {
-        approvalId: approval.approval_id
+        approvalId: approval.id
       });
       throw new ZapierApprovalError(
         `Approval timed out after ${timeoutMs / 1e3} seconds`,
         {
-          approvalId: approval.approval_id,
+          approvalId: approval.id,
           approvalUrl: approval.approval_url,
           pollUrl: approval.poll_url,
+          streamUrl: approval.stream_url,
           status: "timeout",
           cause: err
         }
       );
+    } finally {
+      removeStreamAbortListener?.();
+      streamAbortController?.abort();
+      await streamPromise;
     }
     const pollParse = PollApprovalResponseSchema.safeParse(rawPollResult);
     if (!pollParse.success) {
       const bodyPreview = typeof rawPollResult === "string" ? rawPollResult : JSON.stringify(rawPollResult);
+      this.emitEvent("approval:error", {
+        approvalId: approval.id,
+        message: `Failed to parse approval poll response: ${bodyPreview}`
+      });
       throw new ZapierApiError(
         `Failed to parse approval poll response: ${bodyPreview}`,
         {
@@ -4105,22 +4364,63 @@ var ZapierApiClient = class {
     const pollResult = pollParse.data;
     if (pollResult.status === "denied") {
       this.emitEvent("approval:denied", {
-        approvalId: approval.approval_id
+        approvalId: approval.id,
+        ...pollResult.reason ? { reason: pollResult.reason } : {}
       });
-      throw new ZapierApprovalError("Request denied by user", {
-        approvalId: approval.approval_id,
-        status: "denied"
+      throw new ZapierApprovalError(
+        pollResult.reason ? `Request denied: ${pollResult.reason}` : "Request denied by user",
+        {
+          approvalId: approval.id,
+          status: "denied",
+          reason: pollResult.reason
+        }
+      );
+    }
+    if (pollResult.status === "failed") {
+      this.throwApprovalFailed({
+        approvalId: approval.id,
+        approvalUrl: approval.approval_url,
+        pollUrl: approval.poll_url,
+        streamUrl: approval.stream_url,
+        reason: pollResult.reason
       });
     }
     if (pollResult.status !== "approved") {
+      this.emitEvent("approval:error", {
+        approvalId: approval.id,
+        message: `Unexpected approval status received: ${pollResult.status}`
+      });
       throw new ZapierApiError(
         `Unexpected approval status received: ${pollResult.status}`
       );
     }
     this.emitEvent("approval:approved", {
-      approvalId: approval.approval_id
+      approvalId: approval.id
     });
   }
+  throwApprovalFailed({
+    approvalId,
+    approvalUrl,
+    pollUrl,
+    streamUrl,
+    reason
+  }) {
+    this.emitEvent("approval:failed", {
+      approvalId,
+      ...reason ? { reason } : {}
+    });
+    throw new ZapierApprovalError(
+      reason ? `Approval failed: ${reason}` : "Approval failed",
+      {
+        approvalId,
+        approvalUrl,
+        pollUrl,
+        streamUrl,
+        status: "failed",
+        reason
+      }
+    );
+  }
 };
 var createZapierApi = (options) => {
   const { debug = false, fetch: originalFetch = globalThis.fetch } = options;
@@ -4181,6 +4481,7 @@ var apiPlugin = definePlugin(
       approvalTimeoutMs,
       maxApprovalRetries,
       approvalMode,
+      openAutoModeApprovalsInBrowser,
       callerPackage
     } = sdk.context.options;
     const api = createZapierApi({
@@ -4196,6 +4497,7 @@ var apiPlugin = definePlugin(
       approvalTimeoutMs,
       maxApprovalRetries,
       approvalMode,
+      openAutoModeApprovalsInBrowser,
       callerPackage
     });
     return {
@@ -6433,6 +6735,260 @@ var findUniqueConnectionPlugin = definePlugin(
     }
   })
 );
+var GetConnectionStartUrlSchema = z.object({
+  app: AppPropertySchema
+}).describe(
+  "Mint a short-lived URL that begins an SDK-initiated connection flow. The URL is signed by zapier.com and bound to the current user/account \u2014 opening it in a different browser session will fail the binding check. Returns the URL as data so the caller decides what to do with it.\n\nUse this directly (rather than the higher-level `create-connection`) when you want either of: (a) hand off the URL and *not* block waiting for completion \u2014 call this alone, skip `wait-for-new-connection` entirely, or (b) do something custom between minting the URL and waiting for the connection \u2014 call this, then email or DM the URL, render it as a QR code for mobile sign-in, etc., then call `wait-for-new-connection`. For the common case where you'd just print and poll back-to-back, `create-connection` is one call.\n\nPair with `wait-for-new-connection` to detect completion: pass the `startedAt` returned here straight through (it's the server's mint time, so polling isn't affected by client clock skew). Example (JS):\n\n```ts\nconst { data: { url, app, startedAt } } = await zapier.getConnectionStartUrl({ app: 'slack' });\n// hand `url` off \u2014 print it, DM it, email it, render a button, whatever\nconst { data: conn } = await zapier.waitForNewConnection({ app, startedAt });\n```"
+);
+var GetConnectionStartUrlItemSchema = z.object({
+  url: z.string().describe(
+    "URL the user should open in their browser to complete the auth flow. Single-use, time-limited."
+  ),
+  expiresAt: z.number().describe(
+    "Unix timestamp (seconds) after which the URL's signature is rejected by zapier.com."
+  ),
+  startedAt: z.number().describe(
+    "Unix timestamp (seconds) when the server minted the URL. Use it as the `startedAt` for `wait-for-new-connection` so polling is anchored to server time rather than a possibly-skewed client clock."
+  ),
+  app: z.string().describe(
+    "Versionless app key the URL was minted for (e.g., 'SlackCLIAPI'). Useful for downstream filtering."
+  )
+}).describe(
+  "The signed start-URL plus metadata needed to poll for completion."
+);
+
+// src/plugins/getConnectionStartUrl/index.ts
+var START_PATH = "/zapier/api/authentications/v1/sdk/connections/start";
+var getConnectionStartUrlPlugin = definePlugin(
+  (sdk) => createPluginMethod(sdk, {
+    name: "getConnectionStartUrl",
+    categories: ["connection"],
+    type: "create",
+    itemType: "ConnectionStartUrl",
+    inputSchema: GetConnectionStartUrlSchema,
+    outputSchema: GetConnectionStartUrlItemSchema,
+    resolvers: { app: appKeyResolver },
+    handler: async ({
+      sdk: inner,
+      options
+    }) => {
+      const versionedKey = await inner.context.getVersionedImplementationId(
+        options.app
+      );
+      const selectedApi = versionedKey ? versionedKey.split("@")[0] : options.app;
+      setMethodMetadata({ selectedApi });
+      const response = await inner.context.api.post(
+        START_PATH,
+        { selected_api: selectedApi },
+        { authRequired: true }
+      );
+      return {
+        data: GetConnectionStartUrlItemSchema.parse({
+          url: response.url,
+          expiresAt: response.expires_at,
+          startedAt: response.started_at,
+          app: selectedApi
+        })
+      };
+    }
+  })
+);
+var WaitForNewConnectionSchema = z.object({
+  app: AppPropertySchema,
+  startedAt: z.number().int().nonnegative().describe(
+    "Unix timestamp (seconds). Only connections whose `date` is at or after this value count as 'new'. Prefer the `startedAt` returned by `get-connection-start-url` \u2014 it's server-stamped, so the comparison isn't thrown off by client clock skew. If you mint the timestamp yourself, capture it *before* showing the start URL so a fast OAuth completion isn't missed."
+  ),
+  timeoutMs: z.number().int().positive().optional().describe(
+    "How long to wait before giving up. Default 5 minutes (300_000)."
+  ),
+  pollIntervalMs: z.number().int().positive().optional().describe(
+    "Delay before the first poll request, in ms. Default 3 seconds (3_000). Subsequent polling cadence is managed by the SDK's polling primitive (backoff with sane defaults)."
+  )
+}).describe(
+  "Wait for a new connection to appear for the given app. Polls `/api/v0/connections` with server-side `ordering=-date` until the most recent matching row's `date` is at or after the started-at timestamp, then returns it. Pair with `get-connection-start-url` \u2014 that mints the URL the user opens, this waits for the resulting connection to land. Errors with a timeout after the configured timeout (default 5 min). Example (JS):\n\n```ts\nconst { data: { url, app, startedAt } } = await zapier.getConnectionStartUrl({ app: 'slack' });\n// show `url` to the user via the channel they're reading from\nconst { data: conn } = await zapier.waitForNewConnection({ app, startedAt });\n```"
+);
+var WaitForNewConnectionItemSchema = z.object({
+  id: z.string().describe(
+    "The new connection's ID. Public UUID when available, falling back to the numeric ID."
+  ),
+  app: z.string().describe(
+    "Versionless app key the connection was created for (e.g., 'SlackCLIAPI')."
+  ),
+  title: z.string().nullable().optional().describe(
+    "Human-readable connection title set by the auth flow, when available."
+  )
+}).describe("The new connection that was detected.");
+
+// src/plugins/waitForNewConnection/index.ts
+var CONNECTIONS_PATH = "/api/v0/connections";
+var waitForNewConnectionPlugin = definePlugin(
+  (sdk) => createPluginMethod(sdk, {
+    name: "waitForNewConnection",
+    categories: ["connection"],
+    type: "item",
+    itemType: "Connection",
+    inputSchema: WaitForNewConnectionSchema,
+    outputSchema: WaitForNewConnectionItemSchema,
+    resolvers: { app: appKeyResolver },
+    handler: async ({
+      sdk: inner,
+      options
+    }) => {
+      const versionedKey = await inner.context.getVersionedImplementationId(
+        options.app
+      );
+      const appKey = versionedKey ? versionedKey.split("@")[0] : options.app;
+      setMethodMetadata({ selectedApi: appKey });
+      try {
+        const top = await inner.context.api.poll(
+          CONNECTIONS_PATH,
+          {
+            searchParams: {
+              app_key: appKey,
+              // Scope to the current user's own connections. The connection
+              // we're waiting on is by definition owned by the caller; without
+              // this the one-row head-check could match a teammate's freshly
+              // created connection for the same app.
+              owner: "me",
+              is_expired: "false",
+              ordering: "-date",
+              page_size: "1"
+            },
+            authRequired: true,
+            timeoutMs: options.timeoutMs ?? 3e5,
+            initialDelay: options.pollIntervalMs ?? 3e3,
+            isPending: (body) => {
+              const rows = body.data ?? [];
+              const head = rows[0];
+              if (!head?.date) return true;
+              const created = Math.floor(new Date(head.date).getTime() / 1e3);
+              return !Number.isFinite(created) || created < options.startedAt;
+            },
+            resultExtractor: (body) => (
+              // `isPending` guaranteed a fresh row at index 0 before this fires.
+              body.data[0]
+            )
+          }
+        );
+        return {
+          data: WaitForNewConnectionItemSchema.parse({
+            id: String(top.public_id ?? top.id),
+            app: appKey,
+            title: top.title ?? null
+          })
+        };
+      } catch (err) {
+        if (err instanceof ZapierTimeoutError) {
+          throw new ZapierTimeoutError(
+            `Timed out waiting for a new "${appKey}" connection. If the user completed the auth flow, retrieve the connection via sdk.getConnection({ id }) with the ID shown on the completion page.`
+          );
+        }
+        throw err;
+      }
+    }
+  })
+);
+
+// src/utils/should-open-browser.ts
+function shouldOpenBrowser() {
+  if (isCiEnv()) return false;
+  const env = globalThis.process?.env;
+  if (env?.SSH_TTY || env?.SSH_CONNECTION) return false;
+  if (globalThis.process?.platform === "linux" && !env?.DISPLAY && !env?.WAYLAND_DISPLAY) {
+    return false;
+  }
+  return true;
+}
+function isCiEnv() {
+  const env = globalThis.process?.env;
+  return !!(env?.CI || env?.CONTINUOUS_INTEGRATION || env?.GITHUB_ACTIONS || env?.JENKINS_URL || env?.GITLAB_CI || env?.CIRCLECI || env?.TRAVIS || env?.BUILDKITE || env?.DRONE || env?.BITBUCKET_PIPELINES_UUID);
+}
+var CreateConnectionSchema = z.object({
+  app: AppPropertySchema,
+  browser: z.enum(["auto", "always", "never"]).default("auto").describe(
+    "When to auto-open the URL in a browser. `auto` (default) opens in local sessions and skips opening in CI / SSH / headless-Linux. `always` forces the open attempt. `never` skips it. The URL is always printed to stderr regardless \u2014 a failed or skipped open degrades gracefully to copy-paste."
+  ),
+  timeoutMs: z.number().int().positive().optional().describe(
+    "How long to wait for the user to complete the connection flow before giving up. Default 5 minutes (300_000)."
+  ),
+  pollIntervalMs: z.number().int().positive().optional().describe(
+    "Delay before the first poll request, in ms. Default 3 seconds (3_000). Subsequent polling cadence is managed by the SDK's polling primitive (backoff with sane defaults)."
+  )
+}).describe(
+  "Create a new app connection, end-to-end. Mints the start URL via `get-connection-start-url`, prints it to stderr, opportunistically opens it in a browser when it looks safe to do so (skipping CI / SSH / headless-Linux by default \u2014 pass `--browser always` to force, `--browser never` to suppress), then polls via `wait-for-new-connection` until the user completes OAuth and the new connection appears. Returns the connection.\n\nThis is the right command for most callers. Reach for the lower-level building blocks when you want either of: (a) hand off the URL and *not* block on completion \u2014 call `get-connection-start-url` alone, no `wait-for-new-connection` needed, or (b) do something custom between minting the URL and waiting \u2014 call `get-connection-start-url`, do your work (email or DM the URL, render a QR code, etc.), then `wait-for-new-connection`."
+);
+var CreateConnectionItemSchema = z.object({
+  id: z.string().describe(
+    "The new connection's ID. Public UUID when available, falling back to the numeric ID."
+  ),
+  app: z.string().describe(
+    "Versionless app key the connection was created for (e.g., 'SlackCLIAPI')."
+  ),
+  title: z.string().nullable().optional().describe(
+    "Human-readable connection title set by the auth flow, when available."
+  )
+}).describe("The newly created connection.");
+
+// src/plugins/createConnection/index.ts
+var createConnectionPlugin = definePlugin(
+  (sdk) => createPluginMethod(sdk, {
+    name: "createConnection",
+    categories: ["connection"],
+    type: "create",
+    itemType: "Connection",
+    inputSchema: CreateConnectionSchema,
+    outputSchema: CreateConnectionItemSchema,
+    resolvers: { app: appKeyResolver },
+    formatter: {
+      format: (item) => ({
+        title: `Connection created: ${item.title || item.id}`,
+        id: item.id,
+        details: [
+          { text: `App: ${item.app}`, style: "normal" },
+          { text: `ID:  ${item.id}`, style: "accent" }
+        ]
+      })
+    },
+    handler: async ({
+      sdk: inner,
+      options
+    }) => {
+      const { data: start } = await inner.getConnectionStartUrl({
+        app: options.app
+      });
+      setMethodMetadata({ selectedApi: start.app });
+      console.error(
+        `
+Open this URL to complete the connection:
+  ${start.url}
+`
+      );
+      const shouldOpen = options.browser === "always" || options.browser === "auto" && shouldOpenBrowser();
+      if (shouldOpen) {
+        try {
+          await open_url_default(start.url);
+        } catch {
+        }
+      }
+      const { data: fresh } = await inner.waitForNewConnection({
+        app: start.app,
+        // Server-stamped mint time: measured on the same clock as a
+        // connection's `date`, so the freshness check is immune to
+        // client/server clock skew.
+        startedAt: start.startedAt,
+        timeoutMs: options.timeoutMs,
+        pollIntervalMs: options.pollIntervalMs
+      });
+      return {
+        data: CreateConnectionItemSchema.parse({
+          id: fresh.id,
+          app: start.app,
+          title: fresh.title ?? null
+        })
+      };
+    }
+  })
+);
 
 // src/plugins/deprecated/authentications.ts
 var listAuthenticationsPlugin = definePlugin(
@@ -9490,7 +10046,7 @@ function createZapierSdkWithoutRegistry(options = {}) {
   return createZapierSdk(options);
 }
 function createZapierSdkStack(options = {}) {
-  return createZapierCoreStack().use(createOptionsPlugin(options)).use(eventEmissionPlugin).use(apiPlugin).use(manifestPlugin).use(capabilitiesPlugin).use(connectionsPlugin).use(listAppsPlugin).use(getAppPlugin).use(listConnectionsPlugin).use(getConnectionPlugin).use(findFirstConnectionPlugin).use(findUniqueConnectionPlugin).use(listActionsPlugin).use(getActionPlugin).use(listActionInputFieldsPlugin).use(getActionInputFieldsSchemaPlugin).use(listActionInputFieldChoicesPlugin).use(listInputFieldsDeprecatedPlugin).use(getInputFieldsSchemaDeprecatedPlugin).use(listInputFieldChoicesDeprecatedPlugin).use(runActionPlugin).use(listAuthenticationsPlugin).use(getAuthenticationPlugin).use(findFirstAuthenticationPlugin).use(findUniqueAuthenticationPlugin).use(listClientCredentialsPlugin).use(createClientCredentialsPlugin).use(deleteClientCredentialsPlugin).use(fetchPlugin).use(requestPlugin).use(listTablesPlugin).use(getTablePlugin).use(deleteTablePlugin).use(createTablePlugin).use(listTableFieldsPlugin).use(createTableFieldsPlugin).use(deleteTableFieldsPlugin).use(listTableRecordsPlugin).use(getTableRecordPlugin).use(createTableRecordsPlugin).use(deleteTableRecordsPlugin).use(updateTableRecordsPlugin).use(appsPlugin).use(getProfilePlugin);
+  return createZapierCoreStack().use(createOptionsPlugin(options)).use(eventEmissionPlugin).use(apiPlugin).use(manifestPlugin).use(capabilitiesPlugin).use(connectionsPlugin).use(listAppsPlugin).use(getAppPlugin).use(listConnectionsPlugin).use(getConnectionPlugin).use(findFirstConnectionPlugin).use(findUniqueConnectionPlugin).use(getConnectionStartUrlPlugin).use(waitForNewConnectionPlugin).use(createConnectionPlugin).use(listActionsPlugin).use(getActionPlugin).use(listActionInputFieldsPlugin).use(getActionInputFieldsSchemaPlugin).use(listActionInputFieldChoicesPlugin).use(listInputFieldsDeprecatedPlugin).use(getInputFieldsSchemaDeprecatedPlugin).use(listInputFieldChoicesDeprecatedPlugin).use(runActionPlugin).use(listAuthenticationsPlugin).use(getAuthenticationPlugin).use(findFirstAuthenticationPlugin).use(findUniqueAuthenticationPlugin).use(listClientCredentialsPlugin).use(createClientCredentialsPlugin).use(deleteClientCredentialsPlugin).use(fetchPlugin).use(requestPlugin).use(listTablesPlugin).use(getTablePlugin).use(deleteTablePlugin).use(createTablePlugin).use(listTableFieldsPlugin).use(createTableFieldsPlugin).use(deleteTableFieldsPlugin).use(listTableRecordsPlugin).use(getTableRecordPlugin).use(createTableRecordsPlugin).use(deleteTableRecordsPlugin).use(updateTableRecordsPlugin).use(appsPlugin).use(getProfilePlugin);
 }
 function createZapierSdk(options = {}) {
   return withDeprecatedAddPlugin(createZapierSdkStack(options).toSdk());
@@ -11195,6 +11751,52 @@ var codeSubstrateDefaults = {
   categories: ["code-workflow"],
   experimental: true
 };
+var ConnectionBindingSchema = z.object({
+  connection_id: z.union([
+    z.number().int().positive(),
+    z.string().regex(/^[1-9][0-9]*$/, "must be a positive integer string"),
+    z.string().uuid("must be a UUID")
+  ]).describe(
+    "Zapier connection ID. Positive integer (legacy) or UUID string (newer)."
+  )
+}).describe(
+  "Connection binding: maps a single alias to a concrete connection."
+);
+var AppVersionBindingSchema = z.object({
+  implementation_name: z.string().describe("App implementation identifier (e.g. 'SlackCLIAPI')"),
+  version: z.string().optional().describe("App implementation version (e.g. '1.27.1')")
+}).describe("App-version binding: maps a single alias to an app version.");
+var WorkflowVersionTriggerConfigSchema = z.object({
+  selected_api: z.string().describe("Zapier app/API identifier (e.g. 'GoogleSheetsAPI')"),
+  action: z.string().describe("Trigger action key (e.g. 'new_row')"),
+  authentication_id: z.string().nullish().describe(
+    "Connection ID for the trigger source. Omit or pass null for no-auth triggers (e.g. Schedule by Zapier)."
+  ),
+  params: z.record(z.string(), z.unknown()).optional().describe("Trigger parameters as a JSON object")
+}).describe("Trigger configuration persisted on a workflow version.");
+var WorkflowTriggerStatusSchema = z.enum([
+  "unclaimed",
+  "pending",
+  "active",
+  "releasing",
+  "released",
+  "failed"
+]);
+var WorkflowTriggerSchema = z.object({
+  selected_api: z.string().describe("Zapier app/API identifier (e.g. 'GoogleSheetsAPI')"),
+  action: z.string().describe("Trigger action key (e.g. 'new_row')"),
+  authentication_id: z.string().nullish().describe(
+    "Connection ID for the trigger source. Null for no-auth triggers."
+  ),
+  params: z.record(z.string(), z.unknown()).optional().describe("Trigger parameters as a JSON object"),
+  status: WorkflowTriggerStatusSchema.describe(
+    "Live trigger claim status \u2014 whether the trigger is currently subscribed to its source."
+  )
+}).describe(
+  "Trigger from a workflow's current version, combined with the live claim status."
+);
+
+// src/plugins/codeSubstrate/listWorkflows/schemas.ts
 var WorkflowItemSchema = z.object({
   id: z.string().describe("Workflow ID (UUID)"),
   name: z.string().describe("Workflow name"),
@@ -11203,9 +11805,16 @@ var WorkflowItemSchema = z.object({
     "Public webhook URL that fires this workflow when POSTed to. Embeds a secret trigger token in the path \u2014 treat as sensitive."
   ),
   enabled: z.boolean().describe("Whether the workflow currently accepts triggers"),
+  is_private: z.boolean().describe(
+    "Whether the workflow is private to the creating user. False means account-visible."
+  ),
+  created_by_user_id: z.string().nullable().describe("User ID of the workflow creator (null in legacy data)"),
   current_version_id: z.string().nullable().describe(
     "ID of the workflow version that runs handle. Null until a version is published."
   ),
+  triggers: z.array(WorkflowTriggerSchema).describe(
+    "Trigger configurations from the current version, with live claim status. Empty array when the workflow has no triggers."
+  ),
   created_at: z.string().describe("When the workflow was created (ISO-8601)"),
   updated_at: z.string().describe("When the workflow was last modified (ISO-8601)")
 });
@@ -11264,7 +11873,12 @@ var WorkflowVersionSchema = z.object({
   // Backend column is NOT NULL (see durableworkflowzaps prisma schema:
   // workflow_versions.created_by_user_id), so this is always emitted.
   created_by_user_id: z.string().describe("ID of the user who published this version"),
-  created_at: z.string().describe("When the version was published (ISO-8601)")
+  created_at: z.string().describe("When the version was published (ISO-8601)"),
+  trigger: WorkflowVersionTriggerConfigSchema.nullable().describe(
+    "Trigger configuration persisted on this version, or null for webhook-only workflows."
+  ),
+  connections: z.record(z.string(), ConnectionBindingSchema).nullable().describe("Connection aliases bound on this version (or null)."),
+  app_versions: z.record(z.string(), AppVersionBindingSchema).nullable().describe("App-version pins bound on this version (or null).")
 });
 var GetWorkflowOptionsSchema = z.object({
   workflow: z.string().uuid().describe("Durable workflow ID")
@@ -11279,9 +11893,16 @@ var GetWorkflowResponseSchema = z.object({
     "Public webhook URL that fires this workflow when POSTed to. Embeds a secret trigger token in the path \u2014 treat as sensitive."
   ),
   enabled: z.boolean().describe("Whether the workflow currently accepts triggers"),
+  is_private: z.boolean().describe(
+    "Whether the workflow is private to the creating user. False means account-visible."
+  ),
+  created_by_user_id: z.string().nullable().describe("User ID of the workflow creator (null in legacy data)"),
   current_version: WorkflowVersionSchema.optional().describe(
     "The currently published version, if any. Absent for workflows with no version published yet."
   ),
+  triggers: z.array(WorkflowTriggerSchema).describe(
+    "Trigger configurations from the current version, with live claim status. Empty array when the workflow has no triggers."
+  ),
   created_at: z.string().describe("When the workflow was created (ISO-8601)"),
   updated_at: z.string().describe("When the workflow was last modified (ISO-8601)")
 });
@@ -11377,6 +11998,10 @@ var UpdateWorkflowResponseSchema = z.object({
     "Public webhook URL that fires this workflow when POSTed to. Embeds a secret trigger token in the path \u2014 treat as sensitive."
   ),
   enabled: z.boolean().describe("Whether the workflow currently accepts triggers"),
+  is_private: z.boolean().describe(
+    "Whether the workflow is private to the creating user. False means account-visible."
+  ),
+  created_by_user_id: z.string().nullable().describe("User ID of the workflow creator (null in legacy data)"),
   created_at: z.string().describe("When the workflow was created (ISO-8601)"),
   updated_at: z.string().describe("When this update was applied (ISO-8601)")
 });
@@ -11712,6 +12337,19 @@ var AppVersionMapEntrySchema = z.object({
   implementation_name: z.string().min(1).describe("Zapier app implementation name (e.g. `SlackCLIAPI`)"),
   version: z.string().optional().describe("Pinned app version (e.g. `1.27.1`). Latest if omitted.")
 });
+var RunNotificationEventSchema = z.enum(["started", "progress", "completed", "error", "cancelled"]).describe("Run lifecycle event this notification subscribes to");
+var RunNotificationSchema = z.object({
+  type: z.literal("webhook").optional().describe("Notification transport. Webhook is the only supported type."),
+  url: z.string().url().describe(
+    "URL to POST event notifications to. Payload is `{run_id, event}`."
+  ),
+  max_retries: z.number().int().min(0).max(10).optional().describe(
+    "Max delivery attempts with exponential backoff. Defaults to 3 server-side."
+  ),
+  events: z.array(RunNotificationEventSchema).min(1).describe("One or more lifecycle events to subscribe this URL to.")
+}).describe(
+  "Webhook subscriber for run lifecycle events. Server POSTs `{run_id, event}` on each subscribed transition."
+);
 var RunDurableOptionsSchema = z.object({
   source_files: z.record(z.string(), z.string()).refine((files) => Object.keys(files).length > 0, {
     message: "source_files must contain at least one file"
@@ -11727,7 +12365,10 @@ var RunDurableOptionsSchema = z.object({
   app_versions: z.record(z.string(), AppVersionMapEntrySchema).optional().describe(
     "Pinned app versions. Maps app keys (slugs) to implementation names and versions."
   ),
-  private: z.boolean().optional().describe("Only the creating user can see the run (default false)")
+  private: z.boolean().optional().describe("Only the creating user can see the run (default false)"),
+  notifications: z.array(RunNotificationSchema).optional().describe(
+    "Webhook subscribers for run lifecycle events. Each entry specifies a URL and the events it subscribes to."
+  )
 }).describe(
   "Run a workflow source file as a run-once durable run on sdkdurableapi (no deployed workflow required). Returns the run ID immediately; poll via getDurableRun for terminal status."
 );
@@ -11773,6 +12414,9 @@ var runDurablePlugin = definePlugin(
       if (options.private !== void 0) {
         body.is_private = options.private;
       }
+      if (options.notifications !== void 0) {
+        body.notifications = options.notifications;
+      }
       const raw = await sdk2.context.api.post(
         "/sdkdurableapi/api/v0/runs",
         body,
@@ -11820,34 +12464,6 @@ var cancelDurableRunPlugin = definePlugin(
     }
   })
 );
-var CONNECTION_ID_PATTERN = /^([1-9][0-9]*|[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$/;
-var ConnectionBindingSchema = z.object({
-  connection_id: z.union([
-    z.number().int().positive(),
-    z.string().regex(
-      CONNECTION_ID_PATTERN,
-      "connection_id must be a positive integer string or UUID"
-    )
-  ]).describe(
-    "Zapier connection ID. Positive integer (legacy) or UUID string (newer)."
-  )
-}).describe(
-  "Connection binding: maps a single alias to a concrete connection."
-);
-var AppVersionBindingSchema = z.object({
-  implementation_name: z.string().describe("App implementation identifier (e.g. 'SlackCLIAPI')"),
-  version: z.string().optional().describe("App implementation version (e.g. '1.27.1')")
-}).describe("App-version binding: maps a single alias to an app version.");
-var TriggerConfigSchema = z.object({
-  selected_api: z.string().describe("Zapier app/API identifier (e.g. 'GoogleSheetsAPI')"),
-  action: z.string().describe("Trigger action key (e.g. 'new_row')"),
-  authentication_id: z.string().nullish().describe(
-    "Connection ID for the trigger source. Omit or pass null for no-auth triggers (e.g. Schedule by Zapier)."
-  ),
-  params: z.record(z.string(), z.unknown()).optional().describe("Trigger parameters as a JSON object")
-}).describe(
-  "Zapier trigger configuration. When set, the workflow subscribes to trigger events."
-);
 var PublishWorkflowVersionOptionsSchema = z.object({
   workflow: z.string().uuid().describe("Durable workflow ID"),
   source_files: z.record(z.string(), z.string()).refine((files) => Object.keys(files).length > 0, {
@@ -11866,7 +12482,7 @@ var PublishWorkflowVersionOptionsSchema = z.object({
   app_versions: z.record(z.string(), AppVersionBindingSchema).nullish().describe(
     "Map of app keys to pinned app implementation/version used by the workflow. Pass `null` to clear an existing binding."
   ),
-  trigger: TriggerConfigSchema.optional().describe(
+  trigger: WorkflowVersionTriggerConfigSchema.optional().describe(
     "Trigger configuration. When provided, the workflow subscribes to a Zapier trigger; omit for webhook-only workflows."
   )
 }).describe(
@@ -11881,7 +12497,12 @@ var PublishWorkflowVersionResponseSchema = z.object({
   ),
   dependencies: z.record(z.string(), z.string()).nullable().describe("Additional npm dependencies pinned for this version (or null)"),
   created_by_user_id: z.string().describe("ID of the user who published this version"),
-  created_at: z.string().describe("When the version was published (ISO-8601)")
+  created_at: z.string().describe("When the version was published (ISO-8601)"),
+  trigger: WorkflowVersionTriggerConfigSchema.nullable().describe(
+    "Trigger configuration persisted on this version, or null for webhook-only workflows."
+  ),
+  connections: z.record(z.string(), ConnectionBindingSchema).nullable().describe("Connection aliases bound on this version (or null)."),
+  app_versions: z.record(z.string(), AppVersionBindingSchema).nullable().describe("App-version pins bound on this version (or null).")
 });
 
 // src/plugins/codeSubstrate/publishWorkflowVersion/index.ts
@@ -11937,7 +12558,12 @@ var WorkflowVersionListItemSchema = z.object({
   ),
   dependencies: z.record(z.string(), z.string()).nullable().describe("Additional npm dependencies pinned for this version (or null)"),
   created_by_user_id: z.string().describe("ID of the user who published this version"),
-  created_at: z.string().describe("When the version was published (ISO-8601)")
+  created_at: z.string().describe("When the version was published (ISO-8601)"),
+  trigger: WorkflowVersionTriggerConfigSchema.nullable().describe(
+    "Trigger configuration persisted on this version, or null for webhook-only workflows."
+  ),
+  connections: z.record(z.string(), ConnectionBindingSchema).nullable().describe("Connection aliases bound on this version (or null)."),
+  app_versions: z.record(z.string(), AppVersionBindingSchema).nullable().describe("App-version pins bound on this version (or null).")
 });
 var ListWorkflowVersionsOptionsSchema = z.object({
   workflow: z.string().uuid().describe("Durable workflow ID"),
@@ -12005,7 +12631,12 @@ var GetWorkflowVersionResponseSchema = z.object({
   ),
   dependencies: z.record(z.string(), z.string()).nullable().describe("Additional npm dependencies pinned for this version (or null)"),
   created_by_user_id: z.string().describe("ID of the user who published this version"),
-  created_at: z.string().describe("When the version was published (ISO-8601)")
+  created_at: z.string().describe("When the version was published (ISO-8601)"),
+  trigger: WorkflowVersionTriggerConfigSchema.nullable().describe(
+    "Trigger configuration persisted on this version, or null for webhook-only workflows."
+  ),
+  connections: z.record(z.string(), ConnectionBindingSchema).nullable().describe("Connection aliases bound on this version (or null)."),
+  app_versions: z.record(z.string(), AppVersionBindingSchema).nullable().describe("App-version pins bound on this version (or null).")
 });
 
 // src/plugins/codeSubstrate/getWorkflowVersion/index.ts
@@ -12408,7 +13039,10 @@ var BaseSdkOptionsSchema = z.object({
     "Maximum number of sequential approval rounds per request (one per gating policy) before giving up. Default: 2."
   ),
   approvalMode: z.enum(["disabled", "poll", "throw"]).optional().describe(
-    'Approval flow behavior. "poll" creates the approval, opens it in a browser, polls until resolved, and retries the original request. "throw" creates the approval and throws a ZapierApprovalError with the approval URL so the caller can surface it. "disabled" throws a ZapierApprovalError on approval-required responses without creating an approval. Resolution order is: explicit option, then ZAPIER_APPROVAL_MODE, then the default behavior (poll for interactive TTY, throw otherwise).'
+    'Approval flow behavior for manual approvals. "poll" creates the approval, opens it in a browser, polls until resolved, and retries the original request. "throw" creates the manual approval and throws a ZapierApprovalError with the approval URL so the caller can surface it. Server-created auto-mode approvals always poll until they reach a terminal status and retry the original request on approval, even when this option is "throw". "disabled" throws a ZapierApprovalError on approval-required responses without creating an approval. Resolution order is: explicit option, then ZAPIER_APPROVAL_MODE, then the default behavior (poll for interactive TTY, throw otherwise).'
+  ),
+  openAutoModeApprovalsInBrowser: z.boolean().optional().describe(
+    "By default, auto-mode approvals do not open in a browser. Enable this option to open the approval URL and watch the approval process. Resolution order is: explicit option, then ZAPIER_OPEN_AUTO_MODE_APPROVALS_IN_BROWSER, then false."
   ),
   // Internal
   manifestPath: z.string().optional().describe("Path to a .zapierrc manifest file for app version locking.").meta({ internal: true }),
@@ -12436,10 +13070,10 @@ var registryPlugin = definePlugin((_sdk) => {
 
 // src/experimental.ts
 function createZapierSdkStack2(options = {}) {
-  return createZapierCoreStack().use(createOptionsPlugin(options)).use(eventEmissionPlugin).use(apiPlugin).use(manifestPlugin).use(capabilitiesPlugin).use(connectionsPlugin).use(listAppsPlugin).use(getAppPlugin).use(listConnectionsPlugin).use(getConnectionPlugin).use(findFirstConnectionPlugin).use(findUniqueConnectionPlugin).use(listActionsPlugin).use(getActionPlugin).use(listActionInputFieldsPlugin).use(getActionInputFieldsSchemaPlugin).use(listActionInputFieldChoicesPlugin).use(listInputFieldsDeprecatedPlugin).use(getInputFieldsSchemaDeprecatedPlugin).use(listInputFieldChoicesDeprecatedPlugin).use(runActionPlugin).use(listAuthenticationsPlugin).use(getAuthenticationPlugin).use(findFirstAuthenticationPlugin).use(findUniqueAuthenticationPlugin).use(listClientCredentialsPlugin).use(createClientCredentialsPlugin).use(deleteClientCredentialsPlugin).use(fetchPlugin).use(requestPlugin).use(listTriggerInboxesPlugin).use(createTriggerInboxPlugin).use(ensureTriggerInboxPlugin).use(getTriggerInboxPlugin).use(updateTriggerInboxPlugin).use(deleteTriggerInboxPlugin).use(pauseTriggerInboxPlugin).use(resumeTriggerInboxPlugin).use(listTriggerInboxMessagesPlugin).use(leaseTriggerInboxMessagesPlugin).use(ackTriggerInboxMessagesPlugin).use(releaseTriggerInboxMessagesPlugin).use(drainTriggerInboxPlugin).use(watchTriggerInboxPlugin).use(listTriggersPlugin).use(listTriggerInputFieldsPlugin).use(listTriggerInputFieldChoicesPlugin).use(getTriggerInputFieldsSchemaPlugin).use(listTablesPlugin).use(getTablePlugin).use(deleteTablePlugin).use(createTablePlugin).use(listTableFieldsPlugin).use(createTableFieldsPlugin).use(deleteTableFieldsPlugin).use(listTableRecordsPlugin).use(getTableRecordPlugin).use(createTableRecordsPlugin).use(deleteTableRecordsPlugin).use(updateTableRecordsPlugin).use(listWorkflowsPlugin).use(getWorkflowPlugin).use(createWorkflowPlugin).use(updateWorkflowPlugin).use(enableWorkflowPlugin).use(disableWorkflowPlugin).use(deleteWorkflowPlugin).use(listDurableRunsPlugin).use(getDurableRunPlugin).use(runDurablePlugin).use(cancelDurableRunPlugin).use(publishWorkflowVersionPlugin).use(listWorkflowVersionsPlugin).use(getWorkflowVersionPlugin).use(listWorkflowRunsPlugin).use(getWorkflowRunPlugin).use(getTriggerRunPlugin).use(triggerWorkflowPlugin).use(appsPlugin).use(getProfilePlugin);
+  return createZapierCoreStack().use(createOptionsPlugin(options)).use(eventEmissionPlugin).use(apiPlugin).use(manifestPlugin).use(capabilitiesPlugin).use(connectionsPlugin).use(listAppsPlugin).use(getAppPlugin).use(listConnectionsPlugin).use(getConnectionPlugin).use(findFirstConnectionPlugin).use(findUniqueConnectionPlugin).use(getConnectionStartUrlPlugin).use(waitForNewConnectionPlugin).use(createConnectionPlugin).use(listActionsPlugin).use(getActionPlugin).use(listActionInputFieldsPlugin).use(getActionInputFieldsSchemaPlugin).use(listActionInputFieldChoicesPlugin).use(listInputFieldsDeprecatedPlugin).use(getInputFieldsSchemaDeprecatedPlugin).use(listInputFieldChoicesDeprecatedPlugin).use(runActionPlugin).use(listAuthenticationsPlugin).use(getAuthenticationPlugin).use(findFirstAuthenticationPlugin).use(findUniqueAuthenticationPlugin).use(listClientCredentialsPlugin).use(createClientCredentialsPlugin).use(deleteClientCredentialsPlugin).use(fetchPlugin).use(requestPlugin).use(listTriggerInboxesPlugin).use(createTriggerInboxPlugin).use(ensureTriggerInboxPlugin).use(getTriggerInboxPlugin).use(updateTriggerInboxPlugin).use(deleteTriggerInboxPlugin).use(pauseTriggerInboxPlugin).use(resumeTriggerInboxPlugin).use(listTriggerInboxMessagesPlugin).use(leaseTriggerInboxMessagesPlugin).use(ackTriggerInboxMessagesPlugin).use(releaseTriggerInboxMessagesPlugin).use(drainTriggerInboxPlugin).use(watchTriggerInboxPlugin).use(listTriggersPlugin).use(listTriggerInputFieldsPlugin).use(listTriggerInputFieldChoicesPlugin).use(getTriggerInputFieldsSchemaPlugin).use(listTablesPlugin).use(getTablePlugin).use(deleteTablePlugin).use(createTablePlugin).use(listTableFieldsPlugin).use(createTableFieldsPlugin).use(deleteTableFieldsPlugin).use(listTableRecordsPlugin).use(getTableRecordPlugin).use(createTableRecordsPlugin).use(deleteTableRecordsPlugin).use(updateTableRecordsPlugin).use(listWorkflowsPlugin).use(getWorkflowPlugin).use(createWorkflowPlugin).use(updateWorkflowPlugin).use(enableWorkflowPlugin).use(disableWorkflowPlugin).use(deleteWorkflowPlugin).use(listDurableRunsPlugin).use(getDurableRunPlugin).use(runDurablePlugin).use(cancelDurableRunPlugin).use(publishWorkflowVersionPlugin).use(listWorkflowVersionsPlugin).use(getWorkflowVersionPlugin).use(listWorkflowRunsPlugin).use(getWorkflowRunPlugin).use(getTriggerRunPlugin).use(triggerWorkflowPlugin).use(appsPlugin).use(getProfilePlugin);
 }
 function createZapierSdk2(options = {}) {
   return withDeprecatedAddPlugin(createZapierSdkStack2(options).toSdk());
 }
 
-export { ActionKeyPropertySchema, ActionPropertySchema, ActionTimeoutMsPropertySchema, ActionTypePropertySchema, AppKeyPropertySchema, AppPropertySchema, AppsPropertySchema, AuthenticationIdPropertySchema, BaseSdkOptionsSchema, CONTEXT_CACHE_MAX_SIZE, CONTEXT_CACHE_TTL_MS, CORE_ERROR_SYMBOL, ClientCredentialsObjectSchema, ConnectionEntrySchema, ConnectionIdPropertySchema, ConnectionPropertySchema, ConnectionsMapSchema, ConnectionsPropertySchema, CoreErrorCode, CredentialsFunctionSchema, CredentialsObjectSchema, CredentialsSchema, DEFAULT_ACTION_TIMEOUT_MS, DEFAULT_APPROVAL_TIMEOUT_MS, DEFAULT_CONFIG_PATH, DEFAULT_MAX_APPROVAL_RETRIES, DEFAULT_PAGE_SIZE, DebugPropertySchema, FieldsPropertySchema, InputFieldPropertySchema, InputsPropertySchema, LeaseLimitPropertySchema, LeasePropertySchema, LeaseSecondsPropertySchema, LimitPropertySchema, MAX_CONCURRENCY_LIMIT, MAX_PAGE_LIMIT, OffsetPropertySchema, OutputPropertySchema, ParamsPropertySchema, PkceCredentialsObjectSchema, RecordPropertySchema, RecordsPropertySchema, RelayFetchSchema, RelayRequestSchema, ResolvedCredentialsSchema, TablePropertySchema, TablesPropertySchema, TriggerInboxNamePropertySchema, TriggerInboxPropertySchema, ZAPIER_BASE_URL, ZAPIER_MAX_CONCURRENT_REQUESTS, ZAPIER_MAX_NETWORK_RETRIES, ZAPIER_MAX_NETWORK_RETRY_DELAY_MS, ZapierAbortDrainSignal, ZapierActionError, ZapierApiError, ZapierAppNotFoundError, ZapierApprovalError, ZapierAuthenticationError, ZapierBundleError, ZapierConfigurationError, ZapierConflictError, ZapierError, ZapierNotFoundError, ZapierRateLimitError, ZapierRelayError, ZapierReleaseTriggerMessageSignal, ZapierResourceNotFoundError, ZapierSignal, ZapierTimeoutError, ZapierUnknownError, ZapierValidationError, actionKeyResolver, actionTypeResolver, addPlugin, apiPlugin, appKeyResolver, appsPlugin, connectionIdGenericResolver as authenticationIdGenericResolver, connectionIdResolver as authenticationIdResolver, batch, buildApplicationLifecycleEvent, buildCapabilityMessage, buildErrorEvent, buildErrorEventWithContext, buildMethodCalledEvent, cleanupEventListeners, clearTokenCache, clientCredentialsNameResolver, clientIdResolver, composePlugins, connectionIdGenericResolver, connectionIdResolver, connectionsPlugin, createBaseEvent, createClientCredentialsPlugin, createCorePlugin, createFunction, createMemoryCache, createOptionsPlugin, createPaginatedPluginMethod, createPluginMethod, createPluginStack, createSdk, createTableFieldsPlugin, createTablePlugin, createTableRecordsPlugin, createZapierApi, createZapierCoreStack, createZapierSdk2 as createZapierSdk, createZapierSdkStack2 as createZapierSdkStack, createZapierSdkWithoutRegistry, definePlugin, deleteClientCredentialsPlugin, deleteTableFieldsPlugin, deleteTablePlugin, deleteTableRecordsPlugin, durableRunIdResolver, eventEmissionPlugin, fetchPlugin, findFirstConnectionPlugin, findManifestEntry, findUniqueConnectionPlugin, formatErrorMessage, generateEventId, getActionInputFieldsSchemaPlugin, getActionPlugin, getAgent, getAppPlugin, getBaseUrlFromCredentials, getCiPlatform, getClientIdFromCredentials, getConnectionPlugin, getCoreErrorCause, getCoreErrorCode, getCpuTime, getCurrentTimestamp, getMemoryUsage, getOrCreateApiClient, getOsInfo, getPlatformVersions, getPreferredManifestEntryKey, getProfilePlugin, getReleaseId, getTablePlugin, getTableRecordPlugin, getTokenFromCliLogin, getTtyContext, getZapierApprovalMode, getZapierDefaultApprovalMode, getZapierSdkService, injectCliLogin, inputFieldKeyResolver, inputsAllOptionalResolver, inputsResolver, invalidateCachedToken, invalidateCredentialsToken, isCi, isCliLoginAvailable, isClientCredentials, isCoreError, isCredentialsFunction, isCredentialsObject, isPermanentHttpError, isPkceCredentials, isPositional, listActionInputFieldChoicesPlugin, listActionInputFieldsPlugin, listActionsPlugin, listAppsPlugin, listClientCredentialsPlugin, listConnectionsPlugin, listTableFieldsPlugin, listTableRecordsPlugin, listTablesPlugin, logDeprecation2 as logDeprecation, manifestPlugin, parseConcurrencyEnvVar, readManifestFromFile, registryPlugin, requestPlugin, resetDeprecationWarnings2 as resetDeprecationWarnings, resolveAuthToken, resolveCredentials, resolveCredentialsFromEnv, runActionPlugin, runInMethodScope, runWithTelemetryContext, tableFieldIdsResolver, tableFieldsResolver, tableFiltersResolver, tableIdResolver, tableNameResolver, tableRecordIdResolver, tableRecordIdsResolver, tableRecordsResolver, tableSortResolver, tableUpdateRecordsResolver, toSnakeCase, toTitleCase, triggerInboxResolver, triggerMessagesResolver, updateTableRecordsPlugin, workflowIdResolver, workflowRunIdResolver, workflowVersionIdResolver, zapierAdaptError };
+export { ActionKeyPropertySchema, ActionPropertySchema, ActionTimeoutMsPropertySchema, ActionTypePropertySchema, AppKeyPropertySchema, AppPropertySchema, AppsPropertySchema, AuthenticationIdPropertySchema, BaseSdkOptionsSchema, CONTEXT_CACHE_MAX_SIZE, CONTEXT_CACHE_TTL_MS, CORE_ERROR_SYMBOL, ClientCredentialsObjectSchema, ConnectionEntrySchema, ConnectionIdPropertySchema, ConnectionPropertySchema, ConnectionsMapSchema, ConnectionsPropertySchema, CoreErrorCode, CredentialsFunctionSchema, CredentialsObjectSchema, CredentialsSchema, DEFAULT_ACTION_TIMEOUT_MS, DEFAULT_APPROVAL_TIMEOUT_MS, DEFAULT_CONFIG_PATH, DEFAULT_MAX_APPROVAL_RETRIES, DEFAULT_PAGE_SIZE, DebugPropertySchema, FieldsPropertySchema, InputFieldPropertySchema, InputsPropertySchema, LeaseLimitPropertySchema, LeasePropertySchema, LeaseSecondsPropertySchema, LimitPropertySchema, MAX_CONCURRENCY_LIMIT, MAX_PAGE_LIMIT, OffsetPropertySchema, OutputPropertySchema, ParamsPropertySchema, PkceCredentialsObjectSchema, RecordPropertySchema, RecordsPropertySchema, RelayFetchSchema, RelayRequestSchema, ResolvedCredentialsSchema, TablePropertySchema, TablesPropertySchema, TriggerInboxNamePropertySchema, TriggerInboxPropertySchema, ZAPIER_BASE_URL, ZAPIER_MAX_CONCURRENT_REQUESTS, ZAPIER_MAX_NETWORK_RETRIES, ZAPIER_MAX_NETWORK_RETRY_DELAY_MS, ZapierAbortDrainSignal, ZapierActionError, ZapierApiError, ZapierAppNotFoundError, ZapierApprovalError, ZapierAuthenticationError, ZapierBundleError, ZapierConfigurationError, ZapierConflictError, ZapierError, ZapierNotFoundError, ZapierRateLimitError, ZapierRelayError, ZapierReleaseTriggerMessageSignal, ZapierResourceNotFoundError, ZapierSignal, ZapierTimeoutError, ZapierUnknownError, ZapierValidationError, actionKeyResolver, actionTypeResolver, addPlugin, apiPlugin, appKeyResolver, appsPlugin, connectionIdGenericResolver as authenticationIdGenericResolver, connectionIdResolver as authenticationIdResolver, batch, buildApplicationLifecycleEvent, buildCapabilityMessage, buildErrorEvent, buildErrorEventWithContext, buildMethodCalledEvent, cleanupEventListeners, clearTokenCache, clientCredentialsNameResolver, clientIdResolver, composePlugins, connectionIdGenericResolver, connectionIdResolver, connectionsPlugin, createBaseEvent, createClientCredentialsPlugin, createCorePlugin, createFunction, createMemoryCache, createOptionsPlugin, createPaginatedPluginMethod, createPluginMethod, createPluginStack, createSdk, createTableFieldsPlugin, createTablePlugin, createTableRecordsPlugin, createZapierApi, createZapierCoreStack, createZapierSdk2 as createZapierSdk, createZapierSdkStack2 as createZapierSdkStack, createZapierSdkWithoutRegistry, definePlugin, deleteClientCredentialsPlugin, deleteTableFieldsPlugin, deleteTablePlugin, deleteTableRecordsPlugin, durableRunIdResolver, eventEmissionPlugin, fetchPlugin, findFirstConnectionPlugin, findManifestEntry, findUniqueConnectionPlugin, formatErrorMessage, generateEventId, getActionInputFieldsSchemaPlugin, getActionPlugin, getAgent, getAppPlugin, getBaseUrlFromCredentials, getCiPlatform, getClientIdFromCredentials, getConnectionPlugin, getCoreErrorCause, getCoreErrorCode, getCpuTime, getCurrentTimestamp, getMemoryUsage, getOrCreateApiClient, getOsInfo, getPlatformVersions, getPreferredManifestEntryKey, getProfilePlugin, getReleaseId, getTablePlugin, getTableRecordPlugin, getTokenFromCliLogin, getTtyContext, getZapierApprovalMode, getZapierDefaultApprovalMode, getZapierOpenAutoModeApprovalsInBrowser, getZapierSdkService, injectCliLogin, inputFieldKeyResolver, inputsAllOptionalResolver, inputsResolver, invalidateCachedToken, invalidateCredentialsToken, isCi, isCliLoginAvailable, isClientCredentials, isCoreError, isCredentialsFunction, isCredentialsObject, isPermanentHttpError, isPkceCredentials, isPositional, listActionInputFieldChoicesPlugin, listActionInputFieldsPlugin, listActionsPlugin, listAppsPlugin, listClientCredentialsPlugin, listConnectionsPlugin, listTableFieldsPlugin, listTableRecordsPlugin, listTablesPlugin, logDeprecation2 as logDeprecation, manifestPlugin, parseConcurrencyEnvVar, readManifestFromFile, registryPlugin, requestPlugin, resetDeprecationWarnings2 as resetDeprecationWarnings, resolveAuthToken, resolveCredentials, resolveCredentialsFromEnv, runActionPlugin, runInMethodScope, runWithTelemetryContext, tableFieldIdsResolver, tableFieldsResolver, tableFiltersResolver, tableIdResolver, tableNameResolver, tableRecordIdResolver, tableRecordIdsResolver, tableRecordsResolver, tableSortResolver, tableUpdateRecordsResolver, toSnakeCase, toTitleCase, triggerInboxResolver, triggerMessagesResolver, updateTableRecordsPlugin, workflowIdResolver, workflowRunIdResolver, workflowVersionIdResolver, zapierAdaptError };