@zapier/zapier-sdk 0.76.0 → 0.76.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # @zapier/zapier-sdk
2
2
 
3
+ ## 0.76.2
4
+
5
+ ### Patch Changes
6
+
7
+ - 27ca0c5: Add zapier-sdk-agent header to identify the AI agent using the SDK
8
+
9
+ ## 0.76.1
10
+
11
+ ### Patch Changes
12
+
13
+ - 745e172: Include client id and auth mechanism in client-side telemetry
14
+
3
15
  ## 0.76.0
4
16
 
5
17
  ### Minor Changes
@@ -1 +1 @@
1
- {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAIjB,MAAM,SAAS,CAAC;AA0kDjB,eAAO,MAAM,eAAe,GAAI,SAAS,gBAAgB,KAAG,SAW3D,CAAC"}
1
+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAIjB,MAAM,SAAS,CAAC;AAglDjB,eAAO,MAAM,eAAe,GAAI,SAAS,gBAAgB,KAAG,SAW3D,CAAC"}
@@ -14,6 +14,7 @@ import { sleep, calculateExponentialBackoffMs } from "../utils/retry-utils";
14
14
  import { isPlainObject } from "../utils/type-guard-utils";
15
15
  import { isAbortError } from "../utils/abort-utils";
16
16
  import { getCallerContext } from "../utils/caller-context";
17
+ import { getAgent } from "../utils/agent";
17
18
  import { createSseParserStream, jsonFrames, } from "./sse-parser";
18
19
  import { consumeApprovalReviewStream } from "./approval-review-stream";
19
20
  import { ZapierApiError, ZapierApprovalError, ZapierAuthenticationError, ZapierConfigurationError, ZapierTimeoutError, ZapierValidationError, ZapierResourceNotFoundError, ZapierRateLimitError, } from "../types/errors";
@@ -766,6 +767,10 @@ class ZapierApiClient {
766
767
  headers.set("zapier-service", sdkService);
767
768
  headers.set("x-zapier-service", sdkService);
768
769
  }
770
+ const agent = getAgent();
771
+ if (agent) {
772
+ headers.set("zapier-sdk-agent", agent);
773
+ }
769
774
  const callerPackage = this.options.callerPackage;
770
775
  if (callerPackage) {
771
776
  headers.set("zapier-sdk-package", callerPackage.name);
package/dist/auth.d.ts CHANGED
@@ -42,6 +42,18 @@ export interface ResolveAuthTokenOptions {
42
42
  */
43
43
  cache?: ZapierCache;
44
44
  }
45
+ export declare enum AuthMechanism {
46
+ ClientCredentials = "client_credentials",
47
+ Jwt = "jwt",
48
+ Token = "token",
49
+ Pkce = "pkce",
50
+ None = "none"
51
+ }
52
+ export interface ResolvedAuth {
53
+ token?: string;
54
+ mechanism: AuthMechanism;
55
+ clientId: string | null;
56
+ }
45
57
  /**
46
58
  * Clear in-process caches. Useful for testing or to force the next
47
59
  * resolve to re-import the default cache adapter. Does not touch
@@ -104,7 +116,8 @@ export declare function isCliLoginAvailable(): boolean | undefined;
104
116
  */
105
117
  export declare function getTokenFromCliLogin(options: CliLoginOptions): Promise<string | undefined>;
106
118
  /**
107
- * Resolves an auth token from wherever it can be found.
119
+ * Resolves auth from wherever it can be found, returning the token plus
120
+ * metadata about how it was resolved.
108
121
  *
109
122
  * Resolution order:
110
123
  * 1. Explicit credentials option (or deprecated token option)
@@ -116,8 +129,10 @@ export declare function getTokenFromCliLogin(options: CliLoginOptions): Promise<
116
129
  * - Client credentials: Exchanged for an access token (with caching)
117
130
  * - PKCE: Delegates to CLI login (throws if not available)
118
131
  *
119
- * Returns undefined if no valid token is found.
132
+ * When no auth can be resolved, returns a ResolvedAuth with
133
+ * mechanism: None and no token.
120
134
  */
135
+ export declare function resolveAuth(options?: ResolveAuthTokenOptions): Promise<ResolvedAuth>;
121
136
  export declare function resolveAuthToken(options?: ResolveAuthTokenOptions): Promise<string | undefined>;
122
137
  /**
123
138
  * Invalidate the cached token for the given credentials, if applicable.
@@ -1 +1 @@
1
- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,KAAK,EACV,WAAW,EAEX,uBAAuB,EACxB,MAAM,qBAAqB,CAAC;AAK7B,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,SAAS,CAAC;AAG9D,YAAY,EACV,WAAW,EACX,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAG5C,YAAY,EACV,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,aAAa,GACd,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EACV,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,gDAAgD;IAChD,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB;;;;;OAKG;IACH,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AA8BD;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,IAAI,CAItC;AAgDD;;;;;GAKG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB,GAAG,OAAO,CAAC,IAAI,CAAC,CAWhB;AAoID;;GAEG;AACH,UAAU,eAAe;IACvB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,WAAW,CAAC,EAAE;QACZ,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAGD,KAAK,cAAc,GAAG,cAAc,8BAA8B,CAAC,GAAG;IACpE,oBAAoB,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE;QAChC,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,KAAK;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS,CAAC;IAC3E,0BAA0B,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE;QACtC,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,KAAK,OAAO,CAAC,uBAAuB,GAAG,SAAS,CAAC,CAAC;CACpD,CAAC;AA6BF;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI,CAE3D;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,GAAG,SAAS,CAGzD;AA2BD;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAK7B;AAkED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CA4B7B;AAqHD;;;;GAIG;AACH,wBAAsB,0BAA0B,CAAC,OAAO,EAAE;IACxD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB,GAAG,OAAO,CAAC,IAAI,CAAC,CAehB"}
1
+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,KAAK,EACV,WAAW,EAEX,uBAAuB,EACxB,MAAM,qBAAqB,CAAC;AAK7B,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,SAAS,CAAC;AAG9D,YAAY,EACV,WAAW,EACX,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAG5C,YAAY,EACV,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,aAAa,GACd,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EACV,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,gDAAgD;IAChD,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB;;;;;OAKG;IACH,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED,oBAAY,aAAa;IACvB,iBAAiB,uBAAuB;IACxC,GAAG,QAAQ;IACX,KAAK,UAAU;IACf,IAAI,SAAS;IACb,IAAI,SAAS;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,aAAa,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAkCD;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,IAAI,CAItC;AAgDD;;;;;GAKG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB,GAAG,OAAO,CAAC,IAAI,CAAC,CAWhB;AAoID;;GAEG;AACH,UAAU,eAAe;IACvB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,WAAW,CAAC,EAAE;QACZ,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAGD,KAAK,cAAc,GAAG,cAAc,8BAA8B,CAAC,GAAG;IACpE,oBAAoB,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE;QAChC,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,KAAK;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS,CAAC;IAC3E,0BAA0B,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE;QACtC,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,KAAK,OAAO,CAAC,uBAAuB,GAAG,SAAS,CAAC,CAAC;CACpD,CAAC;AA6BF;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI,CAE3D;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,GAAG,SAAS,CAGzD;AA2BD;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAK7B;AA6ED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,WAAW,CAC/B,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,YAAY,CAAC,CAqCvB;AAED,wBAAsB,gBAAgB,CACpC,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAE7B;AA2ID;;;;GAIG;AACH,wBAAsB,0BAA0B,CAAC,OAAO,EAAE;IACxD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB,GAAG,OAAO,CAAC,IAAI,CAAC,CAehB"}
package/dist/auth.js CHANGED
@@ -16,6 +16,14 @@ import { createMemoryCache } from "./cache";
16
16
  const DEFAULT_AUTH_BASE_URL = "https://zapier.com";
17
17
  export { createMemoryCache } from "./cache";
18
18
  export { isClientCredentials, isPkceCredentials, isCredentialsObject, isCredentialsFunction, } from "./types/credentials";
19
+ export var AuthMechanism;
20
+ (function (AuthMechanism) {
21
+ AuthMechanism["ClientCredentials"] = "client_credentials";
22
+ AuthMechanism["Jwt"] = "jwt";
23
+ AuthMechanism["Token"] = "token";
24
+ AuthMechanism["Pkce"] = "pkce";
25
+ AuthMechanism["None"] = "none";
26
+ })(AuthMechanism || (AuthMechanism = {}));
19
27
  /**
20
28
  * In-flight token exchange promises to prevent duplicate exchanges
21
29
  * inside the same process. When an exchange is in progress, subsequent
@@ -266,7 +274,7 @@ export async function getTokenFromCliLogin(options) {
266
274
  return undefined;
267
275
  return await cliLogin.getToken(options);
268
276
  }
269
- async function tryStoredClientCredentialToken(options) {
277
+ async function tryStoredClientCredentialAuth(options) {
270
278
  const activeCredential = await getActiveCredentialsFromCli(options.baseUrl);
271
279
  if (!activeCredential)
272
280
  return undefined;
@@ -279,8 +287,13 @@ async function tryStoredClientCredentialToken(options) {
279
287
  });
280
288
  const cache = await resolveCache(options);
281
289
  const pending = pendingExchanges.get(cacheKey);
282
- if (pending)
283
- return pending;
290
+ if (pending) {
291
+ return {
292
+ token: await pending,
293
+ mechanism: AuthMechanism.ClientCredentials,
294
+ clientId: activeCredential.clientId,
295
+ };
296
+ }
284
297
  const cached = await readCachedToken(cacheKey, cache);
285
298
  if (cached !== undefined) {
286
299
  if (options.debug)
@@ -288,8 +301,12 @@ async function tryStoredClientCredentialToken(options) {
288
301
  // (smoke tests, scripts) pipe `zapier-sdk --debug ... --json` into a
289
302
  // JSON parser.
290
303
  console.error(`[auth] Using cached token (clientId: ${activeCredential.clientId})`);
291
- emitAuthResolved(options.onEvent, "client_credentials");
292
- return cached;
304
+ emitAuthResolved(options.onEvent, AuthMechanism.ClientCredentials);
305
+ return {
306
+ token: cached,
307
+ mechanism: AuthMechanism.ClientCredentials,
308
+ clientId: activeCredential.clientId,
309
+ };
293
310
  }
294
311
  const storedCredential = await getStoredClientCredentialsFromCli(resolvedBaseUrl);
295
312
  if (!storedCredential) {
@@ -306,12 +323,17 @@ async function tryStoredClientCredentialToken(options) {
306
323
  }
307
324
  if (options.debug)
308
325
  console.error(`[auth] Using stored client credential (clientId: ${storedCredential.clientId})`);
309
- const token = await resolveAuthTokenFromCredentials(storedCredential, options);
310
- emitAuthResolved(options.onEvent, "client_credentials");
311
- return token;
326
+ const auth = await resolveAuthFromCredentials(storedCredential, options);
327
+ emitAuthResolved(options.onEvent, AuthMechanism.ClientCredentials);
328
+ return {
329
+ token: auth.token,
330
+ mechanism: AuthMechanism.ClientCredentials,
331
+ clientId: activeCredential.clientId,
332
+ };
312
333
  }
313
334
  /**
314
- * Resolves an auth token from wherever it can be found.
335
+ * Resolves auth from wherever it can be found, returning the token plus
336
+ * metadata about how it was resolved.
315
337
  *
316
338
  * Resolution order:
317
339
  * 1. Explicit credentials option (or deprecated token option)
@@ -323,9 +345,10 @@ async function tryStoredClientCredentialToken(options) {
323
345
  * - Client credentials: Exchanged for an access token (with caching)
324
346
  * - PKCE: Delegates to CLI login (throws if not available)
325
347
  *
326
- * Returns undefined if no valid token is found.
348
+ * When no auth can be resolved, returns a ResolvedAuth with
349
+ * mechanism: None and no token.
327
350
  */
328
- export async function resolveAuthToken(options = {}) {
351
+ export async function resolveAuth(options = {}) {
329
352
  // Resolve credentials from options and env vars
330
353
  const credentials = await resolveCredentials({
331
354
  credentials: options.credentials,
@@ -334,11 +357,11 @@ export async function resolveAuthToken(options = {}) {
334
357
  });
335
358
  // If we got credentials, process them based on type
336
359
  if (credentials !== undefined) {
337
- return resolveAuthTokenFromCredentials(credentials, options);
360
+ return resolveAuthFromCredentials(credentials, options);
338
361
  }
339
- const storedToken = await tryStoredClientCredentialToken(options);
340
- if (storedToken !== undefined)
341
- return storedToken;
362
+ const storedAuth = await tryStoredClientCredentialAuth(options);
363
+ if (storedAuth !== undefined)
364
+ return storedAuth;
342
365
  if (options.debug) {
343
366
  console.error("[auth] Using JWT (no stored client credential found)");
344
367
  }
@@ -348,17 +371,33 @@ export async function resolveAuthToken(options = {}) {
348
371
  debug: options.debug,
349
372
  });
350
373
  if (jwtToken !== undefined) {
351
- emitAuthResolved(options.onEvent, "jwt");
374
+ emitAuthResolved(options.onEvent, AuthMechanism.Jwt);
375
+ return {
376
+ token: jwtToken,
377
+ mechanism: AuthMechanism.Jwt,
378
+ clientId: null,
379
+ };
352
380
  }
353
- return jwtToken;
381
+ return {
382
+ token: undefined,
383
+ mechanism: AuthMechanism.None,
384
+ clientId: null,
385
+ };
386
+ }
387
+ export async function resolveAuthToken(options = {}) {
388
+ return (await resolveAuth(options)).token;
354
389
  }
355
390
  /**
356
391
  * Resolve an auth token from resolved credentials.
357
392
  */
358
- async function resolveAuthTokenFromCredentials(credentials, options) {
393
+ async function resolveAuthFromCredentials(credentials, options) {
359
394
  if (typeof credentials === "string") {
360
- emitAuthResolved(options.onEvent, "token");
361
- return credentials;
395
+ emitAuthResolved(options.onEvent, AuthMechanism.Token);
396
+ return {
397
+ token: credentials,
398
+ mechanism: AuthMechanism.Token,
399
+ clientId: null,
400
+ };
362
401
  }
363
402
  // Client credentials: exchange + cache through a pluggable cache
364
403
  // adapter. Resolution order:
@@ -384,12 +423,21 @@ async function resolveAuthTokenFromCredentials(credentials, options) {
384
423
  if (options.debug) {
385
424
  console.error(`[auth] Using cached token (clientId: ${clientId})`);
386
425
  }
387
- return cached;
426
+ return {
427
+ token: cached,
428
+ mechanism: AuthMechanism.ClientCredentials,
429
+ clientId: credentials.clientId,
430
+ };
388
431
  }
389
432
  // In-process dedup
390
433
  const pending = pendingExchanges.get(cacheKey);
391
- if (pending)
392
- return pending;
434
+ if (pending) {
435
+ return {
436
+ token: await pending,
437
+ mechanism: AuthMechanism.ClientCredentials,
438
+ clientId: credentials.clientId,
439
+ };
440
+ }
393
441
  // Serialize exchange + persist inside the lock (when the adapter
394
442
  // supports cross-process locking). The second acquirer re-reads the
395
443
  // cache under the lock and uses the first's token instead of firing
@@ -426,7 +474,11 @@ async function resolveAuthTokenFromCredentials(credentials, options) {
426
474
  pendingExchanges.delete(cacheKey);
427
475
  });
428
476
  pendingExchanges.set(cacheKey, exchangePromise);
429
- return exchangePromise;
477
+ return {
478
+ token: await exchangePromise,
479
+ mechanism: AuthMechanism.ClientCredentials,
480
+ clientId: credentials.clientId,
481
+ };
430
482
  }
431
483
  // PKCE credentials: delegate to CLI login
432
484
  if (isPkceCredentials(credentials)) {
@@ -438,7 +490,11 @@ async function resolveAuthTokenFromCredentials(credentials, options) {
438
490
  debug: options.debug,
439
491
  });
440
492
  if (storedToken) {
441
- return storedToken;
493
+ return {
494
+ token: storedToken,
495
+ mechanism: AuthMechanism.Pkce,
496
+ clientId: null,
497
+ };
442
498
  }
443
499
  // No stored token - user needs to run login
444
500
  throw new Error("PKCE credentials require interactive login. " +
@@ -2809,6 +2809,14 @@ function createMemoryCache() {
2809
2809
 
2810
2810
  // src/auth.ts
2811
2811
  var DEFAULT_AUTH_BASE_URL = "https://zapier.com";
2812
+ var AuthMechanism = /* @__PURE__ */ ((AuthMechanism2) => {
2813
+ AuthMechanism2["ClientCredentials"] = "client_credentials";
2814
+ AuthMechanism2["Jwt"] = "jwt";
2815
+ AuthMechanism2["Token"] = "token";
2816
+ AuthMechanism2["Pkce"] = "pkce";
2817
+ AuthMechanism2["None"] = "none";
2818
+ return AuthMechanism2;
2819
+ })(AuthMechanism || {});
2812
2820
  var pendingExchanges = /* @__PURE__ */ new Map();
2813
2821
  var cachedDefaultCache;
2814
2822
  function buildCacheKey(options) {
@@ -2986,7 +2994,7 @@ async function getTokenFromCliLogin(options) {
2986
2994
  if (!cliLogin) return void 0;
2987
2995
  return await cliLogin.getToken(options);
2988
2996
  }
2989
- async function tryStoredClientCredentialToken(options) {
2997
+ async function tryStoredClientCredentialAuth(options) {
2990
2998
  const activeCredential = await getActiveCredentialsFromCli(options.baseUrl);
2991
2999
  if (!activeCredential) return void 0;
2992
3000
  const resolvedBaseUrl = activeCredential.baseUrl || options.baseUrl || DEFAULT_AUTH_BASE_URL;
@@ -3001,15 +3009,25 @@ async function tryStoredClientCredentialToken(options) {
3001
3009
  });
3002
3010
  const cache = await resolveCache(options);
3003
3011
  const pending = pendingExchanges.get(cacheKey);
3004
- if (pending) return pending;
3012
+ if (pending) {
3013
+ return {
3014
+ token: await pending,
3015
+ mechanism: "client_credentials" /* ClientCredentials */,
3016
+ clientId: activeCredential.clientId
3017
+ };
3018
+ }
3005
3019
  const cached = await readCachedToken(cacheKey, cache);
3006
3020
  if (cached !== void 0) {
3007
3021
  if (options.debug)
3008
3022
  console.error(
3009
3023
  `[auth] Using cached token (clientId: ${activeCredential.clientId})`
3010
3024
  );
3011
- emitAuthResolved(options.onEvent, "client_credentials");
3012
- return cached;
3025
+ emitAuthResolved(options.onEvent, "client_credentials" /* ClientCredentials */);
3026
+ return {
3027
+ token: cached,
3028
+ mechanism: "client_credentials" /* ClientCredentials */,
3029
+ clientId: activeCredential.clientId
3030
+ };
3013
3031
  }
3014
3032
  const storedCredential = await getStoredClientCredentialsFromCli(resolvedBaseUrl);
3015
3033
  if (!storedCredential) {
@@ -3027,24 +3045,25 @@ async function tryStoredClientCredentialToken(options) {
3027
3045
  console.error(
3028
3046
  `[auth] Using stored client credential (clientId: ${storedCredential.clientId})`
3029
3047
  );
3030
- const token = await resolveAuthTokenFromCredentials(
3031
- storedCredential,
3032
- options
3033
- );
3034
- emitAuthResolved(options.onEvent, "client_credentials");
3035
- return token;
3048
+ const auth = await resolveAuthFromCredentials(storedCredential, options);
3049
+ emitAuthResolved(options.onEvent, "client_credentials" /* ClientCredentials */);
3050
+ return {
3051
+ token: auth.token,
3052
+ mechanism: "client_credentials" /* ClientCredentials */,
3053
+ clientId: activeCredential.clientId
3054
+ };
3036
3055
  }
3037
- async function resolveAuthToken(options = {}) {
3056
+ async function resolveAuth(options = {}) {
3038
3057
  const credentials = await resolveCredentials({
3039
3058
  credentials: options.credentials,
3040
3059
  token: options.token,
3041
3060
  baseUrl: options.baseUrl
3042
3061
  });
3043
3062
  if (credentials !== void 0) {
3044
- return resolveAuthTokenFromCredentials(credentials, options);
3063
+ return resolveAuthFromCredentials(credentials, options);
3045
3064
  }
3046
- const storedToken = await tryStoredClientCredentialToken(options);
3047
- if (storedToken !== void 0) return storedToken;
3065
+ const storedAuth = await tryStoredClientCredentialAuth(options);
3066
+ if (storedAuth !== void 0) return storedAuth;
3048
3067
  if (options.debug) {
3049
3068
  console.error("[auth] Using JWT (no stored client credential found)");
3050
3069
  }
@@ -3054,14 +3073,30 @@ async function resolveAuthToken(options = {}) {
3054
3073
  debug: options.debug
3055
3074
  });
3056
3075
  if (jwtToken !== void 0) {
3057
- emitAuthResolved(options.onEvent, "jwt");
3076
+ emitAuthResolved(options.onEvent, "jwt" /* Jwt */);
3077
+ return {
3078
+ token: jwtToken,
3079
+ mechanism: "jwt" /* Jwt */,
3080
+ clientId: null
3081
+ };
3058
3082
  }
3059
- return jwtToken;
3083
+ return {
3084
+ token: void 0,
3085
+ mechanism: "none" /* None */,
3086
+ clientId: null
3087
+ };
3088
+ }
3089
+ async function resolveAuthToken(options = {}) {
3090
+ return (await resolveAuth(options)).token;
3060
3091
  }
3061
- async function resolveAuthTokenFromCredentials(credentials, options) {
3092
+ async function resolveAuthFromCredentials(credentials, options) {
3062
3093
  if (typeof credentials === "string") {
3063
- emitAuthResolved(options.onEvent, "token");
3064
- return credentials;
3094
+ emitAuthResolved(options.onEvent, "token" /* Token */);
3095
+ return {
3096
+ token: credentials,
3097
+ mechanism: "token" /* Token */,
3098
+ clientId: null
3099
+ };
3065
3100
  }
3066
3101
  if (isClientCredentials(credentials)) {
3067
3102
  const { clientId } = credentials;
@@ -3078,10 +3113,20 @@ async function resolveAuthTokenFromCredentials(credentials, options) {
3078
3113
  if (options.debug) {
3079
3114
  console.error(`[auth] Using cached token (clientId: ${clientId})`);
3080
3115
  }
3081
- return cached;
3116
+ return {
3117
+ token: cached,
3118
+ mechanism: "client_credentials" /* ClientCredentials */,
3119
+ clientId: credentials.clientId
3120
+ };
3082
3121
  }
3083
3122
  const pending = pendingExchanges.get(cacheKey);
3084
- if (pending) return pending;
3123
+ if (pending) {
3124
+ return {
3125
+ token: await pending,
3126
+ mechanism: "client_credentials" /* ClientCredentials */,
3127
+ clientId: credentials.clientId
3128
+ };
3129
+ }
3085
3130
  const runLocked = async () => {
3086
3131
  const recheck = await readCachedToken(cacheKey, cache);
3087
3132
  if (recheck !== void 0) {
@@ -3114,7 +3159,11 @@ async function resolveAuthTokenFromCredentials(credentials, options) {
3114
3159
  pendingExchanges.delete(cacheKey);
3115
3160
  });
3116
3161
  pendingExchanges.set(cacheKey, exchangePromise);
3117
- return exchangePromise;
3162
+ return {
3163
+ token: await exchangePromise,
3164
+ mechanism: "client_credentials" /* ClientCredentials */,
3165
+ clientId: credentials.clientId
3166
+ };
3118
3167
  }
3119
3168
  if (isPkceCredentials(credentials)) {
3120
3169
  const storedToken = await getTokenFromCliLogin({
@@ -3124,7 +3173,11 @@ async function resolveAuthTokenFromCredentials(credentials, options) {
3124
3173
  debug: options.debug
3125
3174
  });
3126
3175
  if (storedToken) {
3127
- return storedToken;
3176
+ return {
3177
+ token: storedToken,
3178
+ mechanism: "pkce" /* Pkce */,
3179
+ clientId: null
3180
+ };
3128
3181
  }
3129
3182
  throw new Error(
3130
3183
  "PKCE credentials require interactive login. Please run the 'login' command with the CLI first, or use client_credentials flow."
@@ -3167,6 +3220,38 @@ function getCallerContext() {
3167
3220
  }
3168
3221
  }
3169
3222
 
3223
+ // src/utils/agent.ts
3224
+ var isTruthy = (value) => {
3225
+ const lower = value.toLowerCase();
3226
+ return lower === "1" || lower === "true";
3227
+ };
3228
+ var isNonEmpty = (value) => value !== "";
3229
+ var agentDetectors = [
3230
+ { name: "claude-code", key: "CLAUDECODE", predicate: isTruthy },
3231
+ { name: "github-copilot", key: "COPILOT_AGENT", predicate: isTruthy },
3232
+ { name: "cursor", key: "CURSOR_AGENT", predicate: isTruthy },
3233
+ { name: "codex", key: "CODEX_SANDBOX", predicate: isNonEmpty },
3234
+ { name: "gemini-cli", key: "GEMINI_CLI", predicate: isTruthy },
3235
+ { name: "augment", key: "AUGMENT_AGENT", predicate: isTruthy },
3236
+ { name: "cline", key: "CLINE_ACTIVE", predicate: isTruthy },
3237
+ { name: "opencode", key: "OPENCODE_CLIENT", predicate: isNonEmpty }
3238
+ ];
3239
+ function getAgent() {
3240
+ try {
3241
+ const env = globalThis.process?.env;
3242
+ if (!env) return null;
3243
+ for (const detector of agentDetectors) {
3244
+ const value = env[detector.key];
3245
+ if (value !== void 0 && detector.predicate(value)) {
3246
+ return detector.name;
3247
+ }
3248
+ }
3249
+ return null;
3250
+ } catch {
3251
+ return null;
3252
+ }
3253
+ }
3254
+
3170
3255
  // src/api/sse-parser.ts
3171
3256
  async function* jsonFrames(source) {
3172
3257
  for await (const { data } of source) {
@@ -3318,7 +3403,7 @@ function parseApprovalReviewStreamPayload(parsed, toolNames) {
3318
3403
  }
3319
3404
 
3320
3405
  // src/sdk-version.ts
3321
- var SDK_VERSION = (typeof process !== "undefined" && process.env ? "0.76.0" : void 0) || "unknown";
3406
+ var SDK_VERSION = (typeof process !== "undefined" && process.env ? "0.76.2" : void 0) || "unknown";
3322
3407
 
3323
3408
  // src/utils/open-url.ts
3324
3409
  var nodePrefix = "node:";
@@ -4036,6 +4121,10 @@ var ZapierApiClient = class {
4036
4121
  headers.set("zapier-service", sdkService);
4037
4122
  headers.set("x-zapier-service", sdkService);
4038
4123
  }
4124
+ const agent = getAgent();
4125
+ if (agent) {
4126
+ headers.set("zapier-sdk-agent", agent);
4127
+ }
4039
4128
  const callerPackage = this.options.callerPackage;
4040
4129
  if (callerPackage) {
4041
4130
  headers.set("zapier-sdk-package", callerPackage.name);
@@ -9549,36 +9638,6 @@ function getTtyContext() {
9549
9638
  return { stdin_is_tty: null, stdout_is_tty: null };
9550
9639
  }
9551
9640
  }
9552
- var isTruthy = (value) => {
9553
- const lower = value.toLowerCase();
9554
- return lower === "1" || lower === "true";
9555
- };
9556
- var isNonEmpty = (value) => value !== "";
9557
- var agentDetectors = [
9558
- { name: "claude-code", key: "CLAUDECODE", predicate: isTruthy },
9559
- { name: "github-copilot", key: "COPILOT_AGENT", predicate: isTruthy },
9560
- { name: "cursor", key: "CURSOR_AGENT", predicate: isTruthy },
9561
- { name: "codex", key: "CODEX_SANDBOX", predicate: isNonEmpty },
9562
- { name: "gemini-cli", key: "GEMINI_CLI", predicate: isTruthy },
9563
- { name: "augment", key: "AUGMENT_AGENT", predicate: isTruthy },
9564
- { name: "cline", key: "CLINE_ACTIVE", predicate: isTruthy },
9565
- { name: "opencode", key: "OPENCODE_CLIENT", predicate: isNonEmpty }
9566
- ];
9567
- function getAgent() {
9568
- try {
9569
- const env = globalThis.process?.env;
9570
- if (!env) return null;
9571
- for (const detector of agentDetectors) {
9572
- const value = env[detector.key];
9573
- if (value !== void 0 && detector.predicate(value)) {
9574
- return detector.name;
9575
- }
9576
- }
9577
- return null;
9578
- } catch {
9579
- return null;
9580
- }
9581
- }
9582
9641
 
9583
9642
  // src/plugins/eventEmission/builders.ts
9584
9643
  function createBaseEvent(context = {}) {
@@ -9588,6 +9647,8 @@ function createBaseEvent(context = {}) {
9588
9647
  release_id: getReleaseId(),
9589
9648
  customuser_id: context.customuser_id,
9590
9649
  account_id: context.account_id,
9650
+ client_id: context.client_id ?? null,
9651
+ auth_mechanism: context.auth_mechanism ?? null,
9591
9652
  identity_id: context.identity_id,
9592
9653
  visitor_id: context.visitor_id,
9593
9654
  correlation_id: context.correlation_id
@@ -9741,6 +9802,20 @@ function cleanupEventListeners() {
9741
9802
  var APPLICATION_LIFECYCLE_EVENT_SUBJECT = "platform.sdk.ApplicationLifecycleEvent";
9742
9803
  var ERROR_OCCURRED_EVENT_SUBJECT = "platform.sdk.ErrorOccurredEvent";
9743
9804
  var METHOD_CALLED_EVENT_SUBJECT = "platform.sdk.MethodCalledEvent";
9805
+ var NULL_EVENT_CONTEXT = Object.freeze({
9806
+ customuser_id: null,
9807
+ account_id: null,
9808
+ client_id: null,
9809
+ auth_mechanism: null
9810
+ });
9811
+ function buildEventAuthContext(auth) {
9812
+ const userIds = auth.token ? extractUserIdsFromJwt(auth.token) : { customuser_id: null, account_id: null };
9813
+ return {
9814
+ ...userIds,
9815
+ client_id: auth.clientId,
9816
+ auth_mechanism: auth.mechanism
9817
+ };
9818
+ }
9744
9819
  async function emitWithTimeout(transport, subject, event) {
9745
9820
  try {
9746
9821
  await Promise.race([
@@ -9816,16 +9891,11 @@ var eventEmissionPlugin = definePlugin(
9816
9891
  const getUserContext = (async () => {
9817
9892
  if (config.enabled) {
9818
9893
  try {
9819
- const token = await resolveAuthToken({
9820
- ...options
9821
- });
9822
- if (token) {
9823
- return extractUserIdsFromJwt(token);
9824
- }
9894
+ return buildEventAuthContext(await resolveAuth({ ...options }));
9825
9895
  } catch {
9826
9896
  }
9827
9897
  }
9828
- return { customuser_id: null, account_id: null };
9898
+ return NULL_EVENT_CONTEXT;
9829
9899
  })();
9830
9900
  const startupTime = Date.now();
9831
9901
  let shutdownStartTime = null;
@@ -9858,6 +9928,8 @@ var eventEmissionPlugin = definePlugin(
9858
9928
  release_id: getReleaseId(),
9859
9929
  customuser_id: null,
9860
9930
  account_id: null,
9931
+ client_id: null,
9932
+ auth_mechanism: null,
9861
9933
  identity_id: null,
9862
9934
  visitor_id: null,
9863
9935
  correlation_id: null
@@ -9886,6 +9958,8 @@ var eventEmissionPlugin = definePlugin(
9886
9958
  release_id: getReleaseId(),
9887
9959
  customuser_id: null,
9888
9960
  account_id: null,
9961
+ client_id: null,
9962
+ auth_mechanism: null,
9889
9963
  identity_id: null,
9890
9964
  visitor_id: null,
9891
9965
  correlation_id: null
@@ -13259,6 +13333,7 @@ exports.ActionTypePropertySchema = ActionTypePropertySchema;
13259
13333
  exports.AppKeyPropertySchema = AppKeyPropertySchema;
13260
13334
  exports.AppPropertySchema = AppPropertySchema;
13261
13335
  exports.AppsPropertySchema = AppsPropertySchema;
13336
+ exports.AuthMechanism = AuthMechanism;
13262
13337
  exports.AuthenticationIdPropertySchema = AuthenticationIdPropertySchema;
13263
13338
  exports.BaseSdkOptionsSchema = BaseSdkOptionsSchema;
13264
13339
  exports.CONTEXT_CACHE_MAX_SIZE = CONTEXT_CACHE_MAX_SIZE;
@@ -13437,6 +13512,7 @@ exports.readManifestFromFile = readManifestFromFile;
13437
13512
  exports.registryPlugin = registryPlugin;
13438
13513
  exports.requestPlugin = requestPlugin;
13439
13514
  exports.resetDeprecationWarnings = resetDeprecationWarnings2;
13515
+ exports.resolveAuth = resolveAuth;
13440
13516
  exports.resolveAuthToken = resolveAuthToken;
13441
13517
  exports.resolveCredentials = resolveCredentials;
13442
13518
  exports.resolveCredentialsFromEnv = resolveCredentialsFromEnv;