auth0-deploy-cli 8.27.0 → 8.29.0

package/.circleci/config.yml

@@ -10,7 +10,7 @@ jobs:
     working_directory: ~/repo
     steps:
       - checkout
-      - run: npm ci
+      - run: npm i
       - run: AUTH0_HTTP_RECORDINGS="lockdown" npm run test:e2e:node-module
 
   e2e_test_as_cli:
@@ -19,7 +19,7 @@ jobs:
     working_directory: ~/repo
     steps:
       - checkout
-      - run: npm ci
+      - run: npm i
       - run: npm run test:e2e:cli
 
   unit_test:
@@ -34,11 +34,11 @@ jobs:
       - checkout
       - restore_cache:
           keys:
-            - v<< parameters.v >>-npm-deps-{{ checksum "package-lock.json" }}
+            - v<< parameters.v >>-npm-deps-{{ checksum "package.json" }}
             - v<< parameters.v >>-npm-deps-
-      - run: npm ci
+      - run: npm i
       - save_cache:
-          key: v<< parameters.v >>-npm-deps-{{ checksum "package-lock.json" }}
+          key: v<< parameters.v >>-npm-deps-{{ checksum "package.json" }}
           paths:
             - node_modules
       - run: npm run lint
@@ -90,7 +90,7 @@ jobs:
     working_directory: ~/repo
     steps:
       - checkout
-      - run: npm ci
+      - run: npm i
       - run: npx tsc --noEmit
 
   does_lint_pass:
@@ -99,7 +99,7 @@ jobs:
     working_directory: ~/repo
     steps:
       - checkout
-      - run: npm ci
+      - run: npm i
       - run: npm run lint
 
 workflows:

package/CHANGELOG.md

@@ -7,6 +7,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [8.29.0] - 2026-03-03
+
+### Added
+
+- Add DPoP support for proof-of-possession mechanism in `resourceServers` (GA) [#1311]
+- Add `supplemental signals` configuration for Akamai integration.(EA) [#1310]
+
+## [8.28.0] - 2026-02-20
+
+### Added
+
+- Add support for managing `action-modules`.(EA) [#1302]
+- Add support for managing `modules` in `actions`.(EA) [#1302]
+
 ## [8.27.0] - 2026-02-13
 
 ### Added
@@ -1652,7 +1666,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#1294]: https://github.com/auth0/auth0-deploy-cli/issues/1294
 [#1297]: https://github.com/auth0/auth0-deploy-cli/issues/1297
 [#1298]: https://github.com/auth0/auth0-deploy-cli/issues/1298
-[Unreleased]: https://github.com/auth0/auth0-deploy-cli/compare/v8.27.0...HEAD
+[#1302]: https://github.com/auth0/auth0-deploy-cli/issues/1302
+[#1310]: https://github.com/auth0/auth0-deploy-cli/issues/1310
+[#1311]: https://github.com/auth0/auth0-deploy-cli/issues/1311
+[Unreleased]: https://github.com/auth0/auth0-deploy-cli/compare/v8.29.0...HEAD
+[8.29.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.28.0...v8.29.0
+[8.28.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.27.0...v8.28.0
 [8.27.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.26.0...v8.27.0
 [8.26.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.25.0...v8.26.0
 [8.25.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.24.0...v8.25.0

package/CONTRIBUTING.md

@@ -27,7 +27,7 @@ Thank you for your interest in contributing! This guide will help you get starte
 
 ```bash
 # Install dependencies
-npm ci
+npm i
 ```
 
 ## Development Workflow

package/lib/context/directory/handlers/actionModules.d.ts

@@ -0,0 +1,5 @@
+import { DirectoryHandler } from '.';
+import { Asset, ParsedAsset } from '../../../types';
+type ParsedActionModules = ParsedAsset<'actionModules', Asset[]>;
+declare const actionModulesHandler: DirectoryHandler<ParsedActionModules>;
+export default actionModulesHandler;

package/lib/context/directory/handlers/actionModules.js

@@ -0,0 +1,91 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const path_1 = __importDefault(require("path"));
+const fs_extra_1 = __importDefault(require("fs-extra"));
+const tools_1 = require("../../../tools");
+const utils_1 = require("../../../utils");
+const logger_1 = __importDefault(require("../../../logger"));
+function parse(context) {
+    const modulesFolder = path_1.default.join(context.filePath, tools_1.constants.ACTION_MODULES_DIRECTORY);
+    if (!(0, utils_1.existsMustBeDir)(modulesFolder))
+        return { actionModules: null };
+    const files = (0, utils_1.getFiles)(modulesFolder, ['.json']);
+    const actionModules = files.map((file) => {
+        const module = {
+            ...(0, utils_1.loadJSON)(file, {
+                mappings: context.mappings,
+                disableKeywordReplacement: context.disableKeywordReplacement,
+            }),
+        };
+        const moduleFolder = path_1.default.join(tools_1.constants.ACTION_MODULES_DIRECTORY, `${module.name}`);
+        if (module.code) {
+            // The `module.code` can be a file path. It needs to be loaded.
+            // It can be a relative path, so we need to handle both cases.
+            const unixPath = module.code.replace(/[\\/]+/g, '/').replace(/^([a-zA-Z]+:|\.\/)/, '');
+            if (fs_extra_1.default.existsSync(unixPath)) {
+                module.code = context.loadFile(unixPath, moduleFolder);
+            }
+            else {
+                module.code = context.loadFile(path_1.default.join(context.filePath, module.code), moduleFolder);
+            }
+        }
+        return module;
+    });
+    return { actionModules };
+}
+function mapSecrets(secrets) {
+    if (typeof secrets === 'string') {
+        return secrets;
+    }
+    if (secrets && secrets.length > 0) {
+        return secrets.map((secret) => ({ name: secret.name, value: secret.value }));
+    }
+    return [];
+}
+function mapModuleCode(filePath, module) {
+    const { code } = module;
+    if (!code) {
+        return '';
+    }
+    const moduleName = (0, utils_1.sanitize)(module.name);
+    const moduleFolder = path_1.default.join(filePath, tools_1.constants.ACTION_MODULES_DIRECTORY, `${moduleName}`);
+    fs_extra_1.default.ensureDirSync(moduleFolder);
+    const codeFile = path_1.default.join(moduleFolder, 'code.js');
+    logger_1.default.info(`Writing ${codeFile}`);
+    fs_extra_1.default.writeFileSync(codeFile, code);
+    return `./${tools_1.constants.ACTION_MODULES_DIRECTORY}/${moduleName}/code.js`;
+}
+function mapToActionModule(filePath, module, includeIdentifiers) {
+    return {
+        ...(includeIdentifiers && module.id ? { id: module.id } : {}),
+        name: module.name,
+        code: mapModuleCode(filePath, module),
+        dependencies: module.dependencies,
+        secrets: mapSecrets(module.secrets),
+        actions_using_module_total: module.actions_using_module_total,
+        all_changes_published: module.all_changes_published,
+        latest_version_number: module.latest_version_number,
+    };
+}
+async function dump(context) {
+    const { actionModules } = context.assets;
+    if (!actionModules)
+        return;
+    // Create action modules folder
+    const modulesFolder = path_1.default.join(context.filePath, tools_1.constants.ACTION_MODULES_DIRECTORY);
+    fs_extra_1.default.ensureDirSync(modulesFolder);
+    const includeIdentifiers = Boolean(context.config.AUTH0_EXPORT_IDENTIFIERS);
+    actionModules.forEach((module) => {
+        const name = (0, utils_1.sanitize)(module.name);
+        const moduleFile = path_1.default.join(modulesFolder, `${name}.json`);
+        (0, utils_1.dumpJSON)(moduleFile, mapToActionModule(context.filePath, module, includeIdentifiers));
+    });
+}
+const actionModulesHandler = {
+    parse,
+    dump,
+};
+exports.default = actionModulesHandler;

package/lib/context/directory/handlers/actions.js

@@ -73,6 +73,10 @@ function mapToAction(filePath, action, includeIdentifiers) {
         supported_triggers: action.supported_triggers,
         deployed: action.deployed || action.all_changes_deployed,
         installed_integration_id: action.installed_integration_id,
+        modules: action.modules?.map((module) => ({
+            module_name: module.module_name,
+            module_version_number: module.module_version_number,
+        })),
     };
 }
 async function dump(context) {

package/lib/context/directory/handlers/index.js

@@ -20,6 +20,7 @@ const guardianPhoneFactorSelectedProvider_1 = __importDefault(require("./guardia
 const guardianPolicies_1 = __importDefault(require("./guardianPolicies"));
 const roles_1 = __importDefault(require("./roles"));
 const actions_1 = __importDefault(require("./actions"));
+const actionModules_1 = __importDefault(require("./actionModules"));
 const organizations_1 = __importDefault(require("./organizations"));
 const triggers_1 = __importDefault(require("./triggers"));
 const attackProtection_1 = __importDefault(require("./attackProtection"));
@@ -41,6 +42,7 @@ const networkACLs_1 = __importDefault(require("./networkACLs"));
 const userAttributeProfiles_1 = __importDefault(require("./userAttributeProfiles"));
 const connectionProfiles_1 = __importDefault(require("./connectionProfiles"));
 const tokenExchangeProfiles_1 = __importDefault(require("./tokenExchangeProfiles"));
+const supplementalSignals_1 = __importDefault(require("./supplementalSignals"));
 const selfServiceProfiles_1 = __importDefault(require("./selfServiceProfiles"));
 const directoryHandlers = {
     rules: rules_1.default,
@@ -63,6 +65,7 @@ const directoryHandlers = {
     guardianPolicies: guardianPolicies_1.default,
     roles: roles_1.default,
     actions: actions_1.default,
+    actionModules: actionModules_1.default,
     organizations: organizations_1.default,
     triggers: triggers_1.default,
     attackProtection: attackProtection_1.default,
@@ -82,5 +85,6 @@ const directoryHandlers = {
     userAttributeProfiles: userAttributeProfiles_1.default,
     connectionProfiles: connectionProfiles_1.default,
     tokenExchangeProfiles: tokenExchangeProfiles_1.default,
+    supplementalSignals: supplementalSignals_1.default,
 };
 exports.default = directoryHandlers;

package/lib/context/directory/handlers/supplementalSignals.d.ts

@@ -0,0 +1,6 @@
+import { DirectoryHandler } from '.';
+import { ParsedAsset } from '../../../types';
+import { SupplementalSignals } from '../../../tools/auth0/handlers/supplementalSignals';
+type ParsedSupplementalSignals = ParsedAsset<'supplementalSignals', SupplementalSignals>;
+declare const _default: DirectoryHandler<ParsedSupplementalSignals>;
+export default _default;

package/lib/context/directory/handlers/supplementalSignals.js

@@ -0,0 +1,34 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const path_1 = __importDefault(require("path"));
+const utils_1 = require("../../../utils");
+function parse(context) {
+    const baseFolder = path_1.default.join(context.filePath);
+    if (!(0, utils_1.existsMustBeDir)(baseFolder))
+        return { supplementalSignals: null }; // Skip
+    const supplementalSignalsFile = path_1.default.join(baseFolder, 'supplemental-signals.json');
+    if (!(0, utils_1.isFile)(supplementalSignalsFile)) {
+        return { supplementalSignals: null };
+    }
+    const supplementalSignals = (0, utils_1.loadJSON)(supplementalSignalsFile, {
+        mappings: context.mappings,
+        disableKeywordReplacement: context.disableKeywordReplacement,
+    });
+    return {
+        supplementalSignals,
+    };
+}
+async function dump(context) {
+    const { supplementalSignals } = context.assets;
+    if (!supplementalSignals)
+        return; // Skip, nothing to dump
+    const supplementalSignalsFile = path_1.default.join(context.filePath, 'supplemental-signals.json');
+    (0, utils_1.dumpJSON)(supplementalSignalsFile, supplementalSignals);
+}
+exports.default = {
+    parse,
+    dump,
+};

package/lib/context/yaml/handlers/actionModules.d.ts

@@ -0,0 +1,6 @@
+import { YAMLHandler } from '.';
+import { ParsedAsset } from '../../../types';
+import { ActionModule } from '../../../tools/auth0/handlers/actionModules';
+type ParsedActionModules = ParsedAsset<'actionModules', Partial<ActionModule>[]>;
+declare const ActionModulesHandler: YAMLHandler<ParsedActionModules>;
+export default ActionModulesHandler;

package/lib/context/yaml/handlers/actionModules.js

@@ -0,0 +1,68 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const path_1 = __importDefault(require("path"));
+const fs_extra_1 = __importDefault(require("fs-extra"));
+const tools_1 = require("../../../tools");
+const utils_1 = require("../../../utils");
+const logger_1 = __importDefault(require("../../../logger"));
+async function parse(context) {
+    const { actionModules } = context.assets;
+    if (!actionModules)
+        return { actionModules: null };
+    return {
+        actionModules: [
+            ...actionModules.map((module) => ({
+                ...module,
+                code: context.loadFile(module.code || ''),
+            })),
+        ],
+    };
+}
+function mapSecrets(secrets) {
+    if (typeof secrets === 'string') {
+        return secrets;
+    }
+    if (secrets && secrets.length > 0) {
+        return secrets.map((secret) => ({ name: secret.name, value: secret.value }));
+    }
+    return [];
+}
+function mapModuleCode(basePath, module) {
+    const { code } = module;
+    if (!code) {
+        return '';
+    }
+    const moduleName = (0, utils_1.sanitize)(module.name);
+    const modulesFolder = path_1.default.join(basePath, tools_1.constants.ACTION_MODULES_DIRECTORY, moduleName);
+    fs_extra_1.default.ensureDirSync(modulesFolder);
+    const codeFile = path_1.default.join(modulesFolder, 'code.js');
+    logger_1.default.info(`Writing ${codeFile}`);
+    fs_extra_1.default.writeFileSync(codeFile, code);
+    return `./${tools_1.constants.ACTION_MODULES_DIRECTORY}/${moduleName}/code.js`;
+}
+async function dump(context) {
+    const { actionModules } = context.assets;
+    if (!actionModules || actionModules.length === 0)
+        return { actionModules: null };
+    const includeIdentifiers = Boolean(context.config.AUTH0_EXPORT_IDENTIFIERS);
+    return {
+        actionModules: actionModules?.map((module) => ({
+            ...(includeIdentifiers && module.id ? { id: module.id } : {}),
+            name: module.name,
+            code: mapModuleCode(context.basePath, module),
+            dependencies: module.dependencies || [],
+            secrets: mapSecrets(module.secrets),
+            actions_using_module_total: module.actions_using_module_total,
+            all_changes_published: module.all_changes_published,
+            latest_version_number: module.latest_version_number,
+        })),
+    };
+}
+const ActionModulesHandler = {
+    parse,
+    dump,
+};
+exports.default = ActionModulesHandler;

package/lib/context/yaml/handlers/actions.js

@@ -77,6 +77,10 @@ async function dump(context) {
             status: action.status,
             secrets: mapSecrets(action.secrets),
             supported_triggers: action.supported_triggers,
+            modules: action.modules?.map((module) => ({
+                module_name: module.module_name,
+                module_version_number: module.module_version_number,
+            })),
         })),
     };
 }

package/lib/context/yaml/handlers/index.js

@@ -21,6 +21,7 @@ const guardianPolicies_1 = __importDefault(require("./guardianPolicies"));
 const roles_1 = __importDefault(require("./roles"));
 const organizations_1 = __importDefault(require("./organizations"));
 const actions_1 = __importDefault(require("./actions"));
+const actionModules_1 = __importDefault(require("./actionModules"));
 const triggers_1 = __importDefault(require("./triggers"));
 const attackProtection_1 = __importDefault(require("./attackProtection"));
 const riskAssessment_1 = __importDefault(require("./riskAssessment"));
@@ -41,6 +42,7 @@ const networkACLs_1 = __importDefault(require("./networkACLs"));
 const userAttributeProfiles_1 = __importDefault(require("./userAttributeProfiles"));
 const connectionProfiles_1 = __importDefault(require("./connectionProfiles"));
 const tokenExchangeProfiles_1 = __importDefault(require("./tokenExchangeProfiles"));
+const supplementalSignals_1 = __importDefault(require("./supplementalSignals"));
 const selfServiceProfiles_1 = __importDefault(require("./selfServiceProfiles"));
 const yamlHandlers = {
     rules: rules_1.default,
@@ -63,6 +65,7 @@ const yamlHandlers = {
     guardianPhoneFactorSelectedProvider: guardianPhoneFactorSelectedProvider_1.default,
     guardianPolicies: guardianPolicies_1.default,
     actions: actions_1.default,
+    actionModules: actionModules_1.default,
     organizations: organizations_1.default,
     triggers: triggers_1.default,
     attackProtection: attackProtection_1.default,
@@ -82,5 +85,6 @@ const yamlHandlers = {
     userAttributeProfiles: userAttributeProfiles_1.default,
     connectionProfiles: connectionProfiles_1.default,
     tokenExchangeProfiles: tokenExchangeProfiles_1.default,
+    supplementalSignals: supplementalSignals_1.default,
 };
 exports.default = yamlHandlers;

package/lib/context/yaml/handlers/supplementalSignals.d.ts

@@ -0,0 +1,6 @@
+import { YAMLHandler } from '.';
+import { ParsedAsset } from '../../../types';
+import { SupplementalSignals } from '../../../tools/auth0/handlers/supplementalSignals';
+type ParsedSupplementalSignals = ParsedAsset<'supplementalSignals', SupplementalSignals>;
+declare const supplementalSignalsHandler: YAMLHandler<ParsedSupplementalSignals>;
+export default supplementalSignalsHandler;

package/lib/context/yaml/handlers/supplementalSignals.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+async function parseAndDump(context) {
+    const { supplementalSignals } = context.assets;
+    if (!supplementalSignals)
+        return { supplementalSignals: null };
+    return {
+        supplementalSignals,
+    };
+}
+const supplementalSignalsHandler = {
+    parse: parseAndDump,
+    dump: parseAndDump,
+};
+exports.default = supplementalSignalsHandler;

package/lib/tools/auth0/handlers/actionModules.d.ts

@@ -0,0 +1,64 @@
+import DefaultAPIHandler from './default';
+import { Asset, Assets } from '../../../types';
+import { Management } from 'auth0';
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        required: string[];
+        additionalProperties: boolean;
+        properties: {
+            name: {
+                type: string;
+            };
+            code: {
+                type: string;
+            };
+            dependencies: {
+                type: string;
+                items: {
+                    type: string;
+                    additionalProperties: boolean;
+                    properties: {
+                        name: {
+                            type: string;
+                        };
+                        version: {
+                            type: string;
+                        };
+                    };
+                };
+            };
+            secrets: {
+                type: string;
+                items: {
+                    type: string;
+                    properties: {
+                        name: {
+                            type: string;
+                        };
+                        value: {
+                            type: string;
+                        };
+                    };
+                    required: string[];
+                };
+            };
+            all_changes_published: {
+                type: string;
+            };
+        };
+    };
+};
+export type ActionModule = Management.ActionModuleListItem;
+export default class ActionModulesHandler extends DefaultAPIHandler {
+    existing: ActionModule[] | null;
+    constructor(options: DefaultAPIHandler);
+    createModule(module: Management.CreateActionModuleRequestContent): Promise<Management.CreateActionModuleResponseContent>;
+    updateModule(moduleId: string, module: Management.UpdateActionModuleRequestContent): Promise<Management.UpdateActionModuleResponseContent>;
+    deleteModule(moduleId: string): Promise<void>;
+    objString(module: ActionModule): string;
+    publishActionModules(modules: ActionModule[]): Promise<void>;
+    getType(): Promise<Asset[] | null>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/actionModules.js

@@ -0,0 +1,200 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.schema = void 0;
+const default_1 = __importStar(require("./default"));
+const logger_1 = __importDefault(require("../../../logger"));
+const client_1 = require("../client");
+exports.schema = {
+    type: 'array',
+    items: {
+        type: 'object',
+        required: ['name', 'code'],
+        additionalProperties: true,
+        properties: {
+            name: { type: 'string' },
+            code: { type: 'string' },
+            dependencies: {
+                type: 'array',
+                items: {
+                    type: 'object',
+                    additionalProperties: false,
+                    properties: {
+                        name: { type: 'string' },
+                        version: { type: 'string' },
+                    },
+                },
+            },
+            secrets: {
+                type: 'array',
+                items: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                        value: { type: 'string' },
+                    },
+                    required: ['name'],
+                },
+            },
+            all_changes_published: { type: 'boolean' },
+        },
+    },
+};
+class ActionModulesHandler extends default_1.default {
+    constructor(options) {
+        super({
+            ...options,
+            type: 'actionModules',
+            id: 'id',
+            identifiers: ['id', 'name'],
+            stripUpdateFields: [
+                'name',
+                'actions_using_module_total',
+                'all_changes_published',
+                'latest_version_number',
+                'created_at',
+                'updated_at',
+            ],
+            stripCreateFields: [
+                'actions_using_module_total',
+                'latest_version_number',
+                'created_at',
+                'updated_at',
+            ],
+            functions: {
+                create: (module) => this.createModule(module),
+                update: (id, module) => this.updateModule(id, module),
+                delete: (id) => this.deleteModule(id),
+            },
+        });
+    }
+    async createModule(module) {
+        if ('all_changes_published' in module) {
+            delete module.all_changes_published;
+        }
+        const createdModule = await this.client.actions.modules.create(module);
+        return createdModule;
+    }
+    async updateModule(moduleId, module) {
+        const updatableModule = {
+            code: module.code,
+            dependencies: module.dependencies,
+            secrets: module.secrets,
+        };
+        return this.client.actions.modules.update(moduleId, updatableModule);
+    }
+    async deleteModule(moduleId) {
+        return this.client.actions.modules.delete(moduleId);
+    }
+    objString(module) {
+        return super.objString({ id: module.id, name: module.name });
+    }
+    async publishActionModules(modules) {
+        await this.client.pool
+            .addEachTask({
+            data: modules || [],
+            generator: (module) => this.client.actions.modules.versions
+                .create(module.id)
+                .then(() => {
+                logger_1.default.info(`Published [${this.type}]: ${this.objString(module)}`);
+            })
+                .catch((err) => {
+                throw new Error(`Problem Publishing ${this.type} ${this.objString(module)}\n${err}`);
+            }),
+        })
+            .promise();
+    }
+    async getType() {
+        if (this.existing)
+            return this.existing;
+        try {
+            const modules = await (0, client_1.paginate)(this.client.actions.modules.list, {
+                paginate: true,
+            });
+            this.existing = modules;
+            return this.existing;
+        }
+        catch (err) {
+            if (err.statusCode === 404 || err.statusCode === 501) {
+                return null;
+            }
+            if (err.statusCode === 403 || err.errorCode === 'feature_not_enabled') {
+                logger_1.default.debug('Skipping action modules because it is not enabled.');
+                return null;
+            }
+            throw err;
+        }
+    }
+    // Before actions are processed
+    async processChanges(assets) {
+        const { actionModules } = assets;
+        // Do nothing if not set
+        if (!actionModules)
+            return;
+        const changes = await this.calcChanges(assets);
+        await super.processChanges(assets, changes);
+        // Refresh module list to get latest state with all_changes_published field
+        const postProcessedModules = await (async () => {
+            this.existing = null; // Clear the cache
+            return this.getType();
+        })();
+        // Publish modules that have unpublished changes
+        const modulesToPublish = [
+            ...changes.create
+                .filter((module) => module.all_changes_published === true)
+                .map((moduleWithoutId) => {
+                // Add IDs to just-created modules
+                const moduleId = postProcessedModules?.find((postProcessedModule) => postProcessedModule.name === moduleWithoutId.name)?.id;
+                const module = postProcessedModules?.find((postProcessedModule) => postProcessedModule.id === moduleId);
+                return module;
+            }),
+            ...changes.update.filter((module) => module.all_changes_published === true),
+        ].filter((module) => module !== undefined);
+        await this.publishActionModules(modulesToPublish);
+    }
+}
+exports.default = ActionModulesHandler;
+__decorate([
+    (0, default_1.order)('50')
+], ActionModulesHandler.prototype, "processChanges", null);

package/lib/tools/auth0/handlers/actions.d.ts

@@ -1,6 +1,7 @@
 import { Management } from 'auth0';
 import DefaultAPIHandler from './default';
-import { Asset, Assets } from '../../../types';
+import { Asset, Assets, CalculatedChanges } from '../../../types';
+import { ActionModule } from './actionModules';
 export type Action = Management.Action & {
     deployed?: boolean;
 };
@@ -80,6 +81,21 @@ export declare const schema: {
                     };
                 };
             };
+            modules: {
+                type: string;
+                items: {
+                    type: string;
+                    required: string[];
+                    properties: {
+                        module_name: {
+                            type: string;
+                        };
+                        module_version_number: {
+                            type: string;
+                        };
+                    };
+                };
+            };
             deployed: {
                 type: string;
             };
@@ -101,6 +117,8 @@ export default class ActionHandler extends DefaultAPIHandler {
     deployAction(action: any): Promise<void>;
     actionChanges(action: any, found: any): Promise<Asset>;
     getType(): Promise<Asset[] | null>;
+    calcChanges(assets: Assets): Promise<CalculatedChanges>;
+    enrichActionWithModuleIds(action: Action, modules: ActionModule[]): Promise<Action>;
     processChanges(assets: Assets): Promise<void>;
 }
 export {};

package/lib/tools/auth0/handlers/actions.js

@@ -95,6 +95,17 @@ exports.schema = {
                     },
                 },
             },
+            modules: {
+                type: 'array',
+                items: {
+                    type: 'object',
+                    required: ['module_name', 'module_version_number'],
+                    properties: {
+                        module_name: { type: 'string' },
+                        module_version_number: { type: 'number' },
+                    },
+                },
+            },
             deployed: { type: 'boolean' },
             status: { type: 'string' },
         },
@@ -203,6 +214,9 @@ class ActionHandler extends default_1.default {
         if (!(0, utils_1.areArraysEquals)(action.supported_triggers, found.supported_triggers)) {
             actionChanges.supported_triggers = action.supported_triggers;
         }
+        if (!(0, utils_1.areArraysEquals)(action.modules, found.modules)) {
+            actionChanges.modules = action.modules;
+        }
         return actionChanges;
     }
     async getType() {
@@ -234,6 +248,80 @@ class ActionHandler extends default_1.default {
             throw err;
         }
     }
+    async calcChanges(assets) {
+        let { actions, actionModules } = assets;
+        // Do nothing if not set
+        if (!actions)
+            return {
+                del: [],
+                create: [],
+                update: [],
+                conflicts: [],
+            };
+        let modules = null;
+        if (actionModules && actionModules.length > 0) {
+            modules = actionModules;
+        }
+        else {
+            try {
+                modules = await (0, client_1.paginate)(this.client.actions.modules.list, {
+                    paginate: true,
+                });
+            }
+            catch {
+                logger_1.default.debug('Skipping actions modules enrichment because action modules could not be retrieved.');
+                modules = null;
+            }
+        }
+        if (modules != null) {
+            // Use task queue to process actions in parallel
+            const processedActions = await this.client.pool
+                .addEachTask({
+                data: actions || [],
+                generator: (action) => this.enrichActionWithModuleIds(action, modules),
+            })
+                .promise();
+            actions = processedActions;
+        }
+        return super.calcChanges({ ...assets, actions });
+    }
+    async enrichActionWithModuleIds(action, modules) {
+        if (!action.modules || action.modules.length === 0) {
+            return action;
+        }
+        const updatedModules = await this.client.pool
+            .addEachTask({
+            data: action.modules,
+            generator: async (module) => {
+                const foundModule = modules.find((m) => m.name === module.module_name);
+                if (foundModule && foundModule.id) {
+                    // paginate to get all versions of the module
+                    const allModuleVersions = [];
+                    let moduleVersions = await this.client.actions.modules.versions.list(foundModule.id);
+                    // Process first page
+                    allModuleVersions.push(...moduleVersions.data);
+                    // Fetch remaining pages
+                    while (moduleVersions.hasNextPage()) {
+                        moduleVersions = await moduleVersions.getNextPage();
+                        allModuleVersions.push(...moduleVersions.data);
+                    }
+                    return {
+                        module_name: module.module_name,
+                        module_id: foundModule.id,
+                        module_version_number: module.module_version_number,
+                        module_version_id: allModuleVersions?.find((v) => v.version_number === module.module_version_number)
+                            ?.id || '',
+                    };
+                }
+                return module;
+            },
+        })
+            .promise();
+        return {
+            ...action,
+            modules: updatedModules,
+        };
+    }
     async processChanges(assets) {
         const { actions } = assets;
         // Do nothing if not set
@@ -271,5 +359,5 @@ class ActionHandler extends default_1.default {
 }
 exports.default = ActionHandler;
 __decorate([
-    (0, default_1.order)('50')
+    (0, default_1.order)('51')
 ], ActionHandler.prototype, "processChanges", null);

package/lib/tools/auth0/handlers/index.js

@@ -57,6 +57,7 @@ const phoneProviders = __importStar(require("./phoneProvider"));
 const phoneTemplates = __importStar(require("./phoneTemplates"));
 const prompts = __importStar(require("./prompts"));
 const actions = __importStar(require("./actions"));
+const actionModules = __importStar(require("./actionModules"));
 const triggers = __importStar(require("./triggers"));
 const organizations = __importStar(require("./organizations"));
 const attackProtection = __importStar(require("./attackProtection"));
@@ -72,6 +73,7 @@ const networkACLs = __importStar(require("./networkACLs"));
 const userAttributeProfiles = __importStar(require("./userAttributeProfiles"));
 const connectionProfiles = __importStar(require("./connectionProfiles"));
 const tokenExchangeProfiles = __importStar(require("./tokenExchangeProfiles"));
+const supplementalSignals = __importStar(require("./supplementalSignals"));
 const auth0ApiHandlers = {
     rules,
     rulesConfigs,
@@ -98,6 +100,7 @@ const auth0ApiHandlers = {
     //@ts-ignore because prompts have not been universally implemented yet
     prompts,
     actions,
+    actionModules,
     triggers,
     organizations,
     attackProtection,
@@ -113,5 +116,6 @@ const auth0ApiHandlers = {
     userAttributeProfiles,
     connectionProfiles,
     tokenExchangeProfiles,
+    supplementalSignals,
 };
 exports.default = auth0ApiHandlers; // TODO: apply stronger types to schema properties

package/lib/tools/auth0/handlers/resourceServers.d.ts

@@ -49,6 +49,10 @@ export declare const schema: {
                     required: {
                         type: string;
                     };
+                    required_for: {
+                        type: string;
+                        enum: ("public_clients" | "confidential_clients" | "all_clients")[];
+                    };
                 };
                 required: string[];
             };

package/lib/tools/auth0/handlers/resourceServers.js

@@ -41,6 +41,10 @@ exports.schema = {
                         enum: Object.values(auth0_1.Management.ResourceServerProofOfPossessionMechanismEnum),
                     },
                     required: { type: 'boolean' },
+                    required_for: {
+                        type: 'string',
+                        enum: Object.values(auth0_1.Management.ResourceServerProofOfPossessionRequiredForEnum),
+                    },
                 },
                 required: ['mechanism', 'required'],
             },

package/lib/tools/auth0/handlers/supplementalSignals.d.ts

@@ -0,0 +1,19 @@
+import { Management } from 'auth0';
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+    properties: {
+        akamai_enabled: {
+            type: string;
+            description: string;
+        };
+    };
+};
+export type SupplementalSignals = Management.GetSupplementalSignalsResponseContent;
+export default class SupplementalSignalsHandler extends DefaultHandler {
+    existing: SupplementalSignals | null;
+    constructor(options: DefaultHandler);
+    getType(): Promise<Asset | null>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/supplementalSignals.js

@@ -0,0 +1,102 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.schema = void 0;
+const auth0_1 = require("auth0");
+const default_1 = __importStar(require("./default"));
+const logger_1 = __importDefault(require("../../../logger"));
+exports.schema = {
+    type: 'object',
+    properties: {
+        akamai_enabled: {
+            type: 'boolean',
+            description: 'Enable Akamai supplemental signals integration',
+        },
+    },
+};
+class SupplementalSignalsHandler extends default_1.default {
+    constructor(options) {
+        super({
+            ...options,
+            type: 'supplementalSignals',
+        });
+    }
+    async getType() {
+        try {
+            const supplementalSignals = await this.client.supplementalSignals.get();
+            this.existing = supplementalSignals;
+            return supplementalSignals;
+        }
+        catch (err) {
+            if (err instanceof auth0_1.ManagementError && err.statusCode === 403) {
+                logger_1.default.debug('Supplemental Signals unavailable: insufficient scope or missing attack_protection entitlement.');
+                return null;
+            }
+            throw err;
+        }
+    }
+    async processChanges(assets) {
+        const { supplementalSignals } = assets;
+        if (!supplementalSignals)
+            return;
+        if (Object.keys(supplementalSignals).length > 0) {
+            try {
+                await this.client.supplementalSignals.patch(supplementalSignals);
+                this.updated += 1;
+                this.didUpdate(supplementalSignals);
+            }
+            catch (err) {
+                if (err instanceof auth0_1.ManagementError && err.statusCode === 403) {
+                    logger_1.default.debug('Supplemental Signals unavailable: insufficient scope or missing attack_protection entitlement.');
+                    return;
+                }
+                throw err;
+            }
+        }
+    }
+}
+exports.default = SupplementalSignalsHandler;
+__decorate([
+    (0, default_1.order)('100')
+], SupplementalSignalsHandler.prototype, "processChanges", null);

package/lib/tools/constants.d.ts

@@ -8,6 +8,7 @@ declare const constants: {
     OBFUSCATED_SECRET_VALUE: string;
     HOOKS_DIRECTORY: string;
     ACTIONS_DIRECTORY: string;
+    ACTION_MODULES_DIRECTORY: string;
     TRIGGERS_DIRECTORY: string;
     RULES_CONFIGS_DIRECTORY: string;
     PAGES_DIRECTORY: string;
@@ -88,5 +89,6 @@ declare const constants: {
     USER_ATTRIBUTE_PROFILES_DIRECTORY: string;
     CONNECTION_PROFILES_DIRECTORY: string;
     TOKEN_EXCHANGE_PROFILES_DIRECTORY: string;
+    SUPPLEMENTAL_SIGNALS_DIRECTORY: string;
 };
 export default constants;

package/lib/tools/constants.js

@@ -31,6 +31,7 @@ const constants = {
     OBFUSCATED_SECRET_VALUE,
     HOOKS_DIRECTORY: 'hooks',
     ACTIONS_DIRECTORY: 'actions',
+    ACTION_MODULES_DIRECTORY: 'action-modules',
     TRIGGERS_DIRECTORY: 'triggers',
     RULES_CONFIGS_DIRECTORY: 'rules-configs',
     PAGES_DIRECTORY: 'pages',
@@ -216,5 +217,6 @@ const constants = {
     USER_ATTRIBUTE_PROFILES_DIRECTORY: 'user-attribute-profiles',
     CONNECTION_PROFILES_DIRECTORY: 'connection-profiles',
     TOKEN_EXCHANGE_PROFILES_DIRECTORY: 'token-exchange-profiles',
+    SUPPLEMENTAL_SIGNALS_DIRECTORY: 'supplemental-signals',
 };
 exports.default = constants;

package/lib/types.d.ts

@@ -1,6 +1,7 @@
 import { Management, ManagementClient } from 'auth0';
 import { PromisePoolExecutor } from 'promise-pool-executor';
 import { Action } from './tools/auth0/handlers/actions';
+import { ActionModule } from './tools/auth0/handlers/actionModules';
 import { Prompts } from './tools/auth0/handlers/prompts';
 import { Tenant } from './tools/auth0/handlers/tenant';
 import { Page } from './tools/auth0/handlers/pages';
@@ -19,6 +20,7 @@ import { UserAttributeProfile } from './tools/auth0/handlers/userAttributeProfil
 import { AttackProtection } from './tools/auth0/handlers/attackProtection';
 import { TokenExchangeProfile } from './tools/auth0/handlers/tokenExchangeProfiles';
 import { RiskAssessment } from './tools/auth0/handlers/riskAssessment';
+import { SupplementalSignals } from './tools/auth0/handlers/supplementalSignals';
 type SharedPaginationParams = {
     checkpoint?: boolean;
     paginate?: boolean;
@@ -91,6 +93,7 @@ export type Asset = {
 };
 export type Assets = Partial<{
     actions: Action[] | null;
+    actionModules: ActionModule[] | null;
     attackProtection: AttackProtection | null;
     riskAssessment: RiskAssessment | null;
     branding: (Asset & {
@@ -129,6 +132,7 @@ export type Assets = Partial<{
     rulesConfigs: Asset[] | null;
     tenant: Tenant | null;
     triggers: Asset[] | null;
+    supplementalSignals: SupplementalSignals | null;
     exclude?: {
         [key: string]: string[];
     };
@@ -153,7 +157,7 @@ export type CalculatedChanges = {
     conflicts: Asset[];
     create: Asset[];
 };
-export type AssetTypes = 'rules' | 'rulesConfigs' | 'hooks' | 'pages' | 'databases' | 'clientGrants' | 'resourceServers' | 'clients' | 'connections' | 'tenant' | 'emailProvider' | 'emailTemplates' | 'guardianFactors' | 'guardianFactorProviders' | 'guardianFactorTemplates' | 'guardianPhoneFactorMessageTypes' | 'guardianPhoneFactorSelectedProvider' | 'guardianPolicies' | 'roles' | 'actions' | 'organizations' | 'triggers' | 'attackProtection' | 'riskAssessment' | 'branding' | 'phoneProviders' | 'phoneTemplates' | 'logStreams' | 'prompts' | 'customDomains' | 'themes' | 'forms' | 'flows' | 'flowVaultConnections' | 'selfServiceProfiles' | 'networkACLs' | 'userAttributeProfiles' | 'connectionProfiles' | 'tokenExchangeProfiles';
+export type AssetTypes = 'rules' | 'rulesConfigs' | 'hooks' | 'pages' | 'databases' | 'clientGrants' | 'resourceServers' | 'clients' | 'connections' | 'tenant' | 'emailProvider' | 'emailTemplates' | 'guardianFactors' | 'guardianFactorProviders' | 'guardianFactorTemplates' | 'guardianPhoneFactorMessageTypes' | 'guardianPhoneFactorSelectedProvider' | 'guardianPolicies' | 'roles' | 'actions' | 'actionModules' | 'organizations' | 'triggers' | 'attackProtection' | 'riskAssessment' | 'branding' | 'phoneProviders' | 'phoneTemplates' | 'logStreams' | 'prompts' | 'customDomains' | 'themes' | 'forms' | 'flows' | 'flowVaultConnections' | 'selfServiceProfiles' | 'networkACLs' | 'userAttributeProfiles' | 'connectionProfiles' | 'tokenExchangeProfiles' | 'supplementalSignals';
 export type KeywordMappings = {
     [key: string]: (string | number)[] | string | number;
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-deploy-cli",
-  "version": "8.27.0",
+  "version": "8.29.0",
   "description": "A command line tool for deploying updates to your Auth0 tenant",
   "main": "lib/index.js",
   "bin": {
@@ -42,16 +42,16 @@
     "nconf": "^0.13.0",
     "promise-pool-executor": "^1.1.1",
     "sanitize-filename": "^1.6.3",
-    "undici": "^7.21.0",
+    "undici": "^7.22.0",
     "winston": "^3.19.0",
     "yargs": "^15.4.1"
   },
   "devDependencies": {
+    "@eslint/js": "^9.39.2",
     "@types/fs-extra": "^9.0.13",
     "@types/lodash": "^4.17.23",
     "@types/mocha": "^10.0.10",
     "@types/nconf": "^0.10.7",
-    "@eslint/js": "^9.39.2",
     "@typescript-eslint/eslint-plugin": "^8.55.0",
     "@typescript-eslint/parser": "^8.55.0",
     "chai": "^4.5.0",