auth0-deploy-cli 8.29.2 → 8.30.0

package/.circleci/config.yml

@@ -48,42 +48,6 @@ jobs:
           paths: .
       - codecov/upload
 
-  deploy:
-    parameters:
-      v:
-        type: string
-        default: "lts"
-    docker:
-      - image: cimg/node:<< parameters.v >>
-    working_directory: ~/repo
-    steps:
-      - attach_workspace:
-          at: ~/repo
-      - run:
-          name: Authenticate with registry
-          command: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/repo/.npmrc
-      - run:
-          name: Publish package
-          command: npm publish
-
-  deploy_beta:
-    parameters:
-      v:
-        type: string
-        default: "lts"
-    docker:
-      - image: cimg/node:<< parameters.v >>
-    working_directory: ~/repo
-    steps:
-      - attach_workspace:
-          at: ~/repo
-      - run:
-          name: Authenticate with registry
-          command: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/repo/.npmrc
-      - run:
-          name: Publish beta package
-          command: npm publish --tag beta
-
   does_typescript_compile:
     docker:
       - image: cimg/node:22.12.0
@@ -128,48 +92,3 @@ workflows:
           name: Unit tests with Node current
           v: "22.12.0"
 
-  test_and_deploy:
-    jobs:
-      - unit_test:
-          name: Unit tests with Node LTS
-          v: "lts"
-          filters:
-            branches:
-              only: master
-            tags:
-              only: /^v.*/
-      - deploy:
-          name: Publish to NPM
-          v: "lts"
-          requires:
-            - Unit tests with Node LTS
-          filters:
-            branches:
-              ignore: /.*/
-            tags:
-              only: /^v[0-9]+\.[0-9]+\.[0-9]+$/
-          context:
-            - publish-npm
-
-  test_and_deploy_beta:
-    jobs:
-      - unit_test:
-          name: Unit tests with Node LTS (Beta)
-          v: "lts"
-          filters:
-            branches:
-              only: beta
-            tags:
-              only: /^v[0-9]+\.[0-9]+\.[0-9]+-beta\.[0-9]+$/
-      - deploy_beta:
-          name: Publish Beta to NPM
-          v: "lts"
-          requires:
-            - Unit tests with Node LTS (Beta)
-          filters:
-            branches:
-              ignore: /.*/
-            tags:
-              only: /^v[0-9]+\.[0-9]+\.[0-9]+-beta\.[0-9]+$/
-          context:
-            - publish-npm

package/.github/workflows/npm-publish.yml

@@ -0,0 +1,52 @@
+name: Publish package to npm
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version: 22.14.0
+          registry-url: https://registry.npmjs.org
+          package-manager-cache: false
+
+      - name: Update npm for trusted publishing
+        run: npm install --global npm@11
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Build package
+        run: npm run build
+
+      - name: Determine npm dist-tag
+        id: npm_dist_tag
+        shell: bash
+        run: |
+          VERSION="${GITHUB_REF_NAME#v}"
+
+          if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-beta\.[0-9]+)?$ ]]; then
+            echo "Unsupported release tag: ${GITHUB_REF_NAME}" >&2
+            exit 1
+          fi
+
+          if [[ "$VERSION" == *"-beta."* ]]; then
+            echo "value=beta" >> "$GITHUB_OUTPUT"
+          else
+            echo "value=latest" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Publish package
+        run: npm publish --tag "${{ steps.npm_dist_tag.outputs.value }}"

package/CHANGELOG.md

@@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [8.30.0] - 2026-04-02
+
+### Added
+
+- Add support for passkey enrollment in `prompts` partials. [#1328]
+- Add support for `dpop_signing_alg` validation in OIDC and Okta `connections`. [#1343]
+
+### Fixed
+
+- Fix action module fetching logic to resolve correct module IDs. [#1340]
+- Fix `AUTH0_EXCLUDED_*` options not respected during export. [#1342]
+
+## [8.29.3] - 2026-03-25
+
+### Fixed
+
+- Fix Universal Login Authentication Profile reverting to Identifier+Password after import when branding is included. [#1333]
+- Fix efficiency and reliability of fetching `enabled_clients` for `connections`. [#1334]
+
 ## [8.29.2] - 2026-03-17
 
 ### Fixed
@@ -1685,7 +1704,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#1320]: https://github.com/auth0/auth0-deploy-cli/issues/1320
 [#1321]: https://github.com/auth0/auth0-deploy-cli/issues/1321
 [#1322]: https://github.com/auth0/auth0-deploy-cli/issues/1322
-[Unreleased]: https://github.com/auth0/auth0-deploy-cli/compare/v8.29.2...HEAD
+[#1328]: https://github.com/auth0/auth0-deploy-cli/issues/1328
+[#1333]: https://github.com/auth0/auth0-deploy-cli/issues/1333
+[#1334]: https://github.com/auth0/auth0-deploy-cli/issues/1334
+[#1340]: https://github.com/auth0/auth0-deploy-cli/issues/1340
+[#1342]: https://github.com/auth0/auth0-deploy-cli/issues/1342
+[#1343]: https://github.com/auth0/auth0-deploy-cli/issues/1343
+[Unreleased]: https://github.com/auth0/auth0-deploy-cli/compare/v8.30.0...HEAD
+[8.30.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.29.3...v8.30.0
+[8.29.3]: https://github.com/auth0/auth0-deploy-cli/compare/v8.29.2...v8.29.3
 [8.29.2]: https://github.com/auth0/auth0-deploy-cli/compare/v8.29.1...v8.29.2
 [8.29.1]: https://github.com/auth0/auth0-deploy-cli/compare/v8.29.0...v8.29.1
 [8.29.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.28.0...v8.29.0

package/lib/context/directory/handlers/clientGrants.js

@@ -25,13 +25,14 @@ function parse(context) {
     };
 }
 async function dump(context) {
-    const { clientGrants } = context.assets;
+    let { clientGrants } = context.assets;
     if (!clientGrants)
         return; // Skip, nothing to dump
     const grantsFolder = path_1.default.join(context.filePath, tools_1.constants.CLIENTS_GRANTS_DIRECTORY);
     fs_extra_1.default.ensureDirSync(grantsFolder);
     if (clientGrants.length === 0)
         return;
+    const excludedClientsByNames = (context.assets.exclude && context.assets.exclude.clients) || [];
     const allResourceServers = await (0, client_1.paginate)(context.mgmtClient.resourceServers.list, {
         paginate: true,
         include_totals: true,
@@ -40,6 +41,13 @@ async function dump(context) {
         paginate: true,
         include_totals: true,
     });
+    // Filter out grants for excluded clients
+    if (excludedClientsByNames.length) {
+        const excludedClientIds = new Set(allClients
+            .filter((c) => c.name !== undefined && excludedClientsByNames.includes(c.name))
+            .map((c) => c.client_id));
+        clientGrants = clientGrants.filter((grant) => !excludedClientIds.has(grant.client_id));
+    }
     // Convert client_id to the client name for readability
     clientGrants.forEach((grant) => {
         const dumpGrant = { ...grant };

package/lib/context/directory/handlers/clients.js

@@ -36,10 +36,15 @@ function parse(context) {
     };
 }
 async function dump(context) {
-    const { clients } = context.assets;
+    let { clients } = context.assets;
     const { userAttributeProfiles, connectionProfiles } = context.assets;
     if (!clients)
         return; // Skip, nothing to dump
+    // Filter excluded clients
+    const excludedClients = (context.assets.exclude && context.assets.exclude.clients) || [];
+    if (excludedClients.length) {
+        clients = clients.filter((client) => !excludedClients.includes(client.name ?? ''));
+    }
     const clientsFolder = path_1.default.join(context.filePath, tools_1.constants.CLIENTS_DIRECTORY);
     fs_extra_1.default.ensureDirSync(clientsFolder);
     clients.forEach((client) => {

package/lib/context/directory/handlers/connections.js

@@ -40,9 +40,15 @@ function parse(context) {
     };
 }
 async function dump(context) {
-    const { connections, clientsOrig } = context.assets;
+    let { connections } = context.assets;
+    const { clientsOrig } = context.assets;
     if (!connections)
         return; // Skip, nothing to dump
+    // Filter excluded connections
+    const excludedConnections = (context.assets.exclude && context.assets.exclude.connections) || [];
+    if (excludedConnections.length) {
+        connections = connections.filter((connection) => !excludedConnections.includes(connection.name));
+    }
     const connectionsFolder = path_1.default.join(context.filePath, tools_1.constants.CONNECTIONS_DIRECTORY);
     fs_extra_1.default.ensureDirSync(connectionsFolder);
     // Convert enabled_clients from id to name

package/lib/context/directory/handlers/databases.js

@@ -65,9 +65,14 @@ function parse(context) {
     };
 }
 async function dump(context) {
-    const { databases } = context.assets;
+    let { databases } = context.assets;
     if (!databases)
         return; // Skip, nothing to dump
+    // Filter excluded databases
+    const excludedDatabases = (context.assets.exclude && context.assets.exclude.databases) || [];
+    if (excludedDatabases.length) {
+        databases = databases.filter((database) => !excludedDatabases.includes(database.name));
+    }
     const databasesFolder = path_1.default.join(context.filePath, tools_1.constants.DATABASE_CONNECTIONS_DIRECTORY);
     fs_extra_1.default.ensureDirSync(databasesFolder);
     databases.forEach((database) => {

package/lib/context/directory/handlers/resourceServers.js

@@ -24,10 +24,15 @@ function parse(context) {
     };
 }
 async function dump(context) {
-    const { resourceServers } = context.assets;
+    let { resourceServers } = context.assets;
     let { clients } = context.assets;
     if (!resourceServers)
         return; // Skip, nothing to dump
+    // Filter excluded resource servers
+    const excludedResourceServers = (context.assets.exclude && context.assets.exclude.resourceServers) || [];
+    if (excludedResourceServers.length) {
+        resourceServers = resourceServers.filter((resourceServer) => !excludedResourceServers.includes(resourceServer.name ?? ''));
+    }
     const resourceServersFolder = path_1.default.join(context.filePath, tools_1.constants.RESOURCE_SERVERS_DIRECTORY);
     fs_extra_1.default.ensureDirSync(resourceServersFolder);
     if (clients === undefined) {

package/lib/context/directory/handlers/rules.js

@@ -30,9 +30,14 @@ function parse(context) {
     };
 }
 async function dump(context) {
-    const { rules } = context.assets;
+    let { rules } = context.assets;
     if (!rules)
         return; // Skip, nothing to dump
+    // Filter excluded rules
+    const excludedRules = (context.assets.exclude && context.assets.exclude.rules) || [];
+    if (excludedRules.length) {
+        rules = rules.filter((rule) => !excludedRules.includes(rule.name));
+    }
     // Create Rules folder
     const rulesFolder = path_1.default.join(context.filePath, tools_1.constants.RULES_DIRECTORY);
     fs_extra_1.default.ensureDirSync(rulesFolder);

package/lib/context/yaml/handlers/clientGrants.js

@@ -12,7 +12,7 @@ async function parse(context) {
 }
 async function dump(context) {
     let { clients } = context.assets;
-    const { clientGrants } = context.assets;
+    let { clientGrants } = context.assets;
     if (!clientGrants)
         return { clientGrants: null };
     if (clients === undefined) {
@@ -21,6 +21,14 @@ async function dump(context) {
             include_totals: true,
         });
     }
+    // Filter out grants for excluded clients
+    const excludedClientsByNames = (context.assets.exclude && context.assets.exclude.clients) || [];
+    if (excludedClientsByNames.length) {
+        const excludedClientIds = new Set((clients || [])
+            .filter((c) => c.name !== undefined && excludedClientsByNames.includes(c.name))
+            .map((c) => c.client_id));
+        clientGrants = clientGrants.filter((grant) => !excludedClientIds.has(grant.client_id));
+    }
     // Convert client_id to the client name for readability
     return {
         clientGrants: clientGrants.map((grant) => {

package/lib/context/yaml/handlers/clients.js

@@ -36,6 +36,11 @@ async function dump(context) {
     const { userAttributeProfiles, connectionProfiles } = context.assets;
     if (!clients)
         return { clients: null };
+    // Filter excluded clients
+    const excludedClients = (context.assets.exclude && context.assets.exclude.clients) || [];
+    if (excludedClients.length) {
+        clients = clients.filter((client) => !excludedClients.includes(client.name ?? ''));
+    }
     // map ids to names for user attribute profiles and connection profiles
     clients = clients.map((client) => {
         const userAttributeProfileId = client?.express_configuration?.user_attribute_profile_id;

package/lib/context/yaml/handlers/connections.js

@@ -50,9 +50,15 @@ const getFormattedOptions = (connection, clients) => {
     }
 };
 async function dump(context) {
-    const { connections, clients } = context.assets;
+    let { connections } = context.assets;
+    const { clients } = context.assets;
     if (!connections)
         return { connections: null };
+    // Filter excluded connections
+    const excludedConnections = (context.assets.exclude && context.assets.exclude.connections) || [];
+    if (excludedConnections.length) {
+        connections = connections.filter((connection) => !excludedConnections.includes(connection.name));
+    }
     return {
         connections: connections.map((connection) => {
             let dumpedConnection = {

package/lib/context/yaml/handlers/databases.js

@@ -31,9 +31,15 @@ async function parse(context) {
     };
 }
 async function dump(context) {
-    const { databases, clients } = context.assets;
+    let { databases } = context.assets;
+    const { clients } = context.assets;
     if (!databases)
         return { databases: null };
+    // Filter excluded databases
+    const excludedDatabases = (context.assets.exclude && context.assets.exclude.databases) || [];
+    if (excludedDatabases.length) {
+        databases = databases.filter((database) => !excludedDatabases.includes(database.name));
+    }
     const sortCustomScripts = ([name1], [name2]) => {
         if (name1 === name2)
             return 0;

package/lib/context/yaml/handlers/resourceServers.js

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const client_1 = require("../../../tools/auth0/client");
 const utils_1 = require("../../../utils");
-async function dumpAndParse(context) {
+async function parse(context) {
     const { resourceServers } = context.assets;
     let { clients } = context.assets;
     if (!resourceServers) {
@@ -24,8 +24,35 @@ async function dumpAndParse(context) {
         }),
     };
 }
+async function dump(context) {
+    let { resourceServers } = context.assets;
+    let { clients } = context.assets;
+    if (!resourceServers) {
+        return { resourceServers: null };
+    }
+    // Filter excluded resource servers
+    const excludedResourceServers = (context.assets.exclude && context.assets.exclude.resourceServers) || [];
+    if (excludedResourceServers.length) {
+        resourceServers = resourceServers.filter((rs) => !excludedResourceServers.includes(rs.name ?? ''));
+    }
+    if (clients === undefined) {
+        clients = await (0, client_1.paginate)(context.mgmtClient.clients.list, {
+            paginate: true,
+            include_totals: true,
+        });
+    }
+    return {
+        resourceServers: resourceServers.map((rs) => {
+            const dumpResourceServer = { ...rs };
+            if (dumpResourceServer.client_id) {
+                dumpResourceServer.client_id = (0, utils_1.convertClientIdToName)(dumpResourceServer.client_id, clients || []);
+            }
+            return dumpResourceServer;
+        }),
+    };
+}
 const resourceServersHandler = {
-    parse: dumpAndParse,
-    dump: dumpAndParse,
+    parse,
+    dump,
 };
 exports.default = resourceServersHandler;

package/lib/context/yaml/handlers/rules.js

@@ -25,6 +25,11 @@ async function dump(context) {
     if (!rules) {
         return { rules: null };
     }
+    // Filter excluded rules
+    const excludedRules = (context.assets.exclude && context.assets.exclude.rules) || [];
+    if (excludedRules.length) {
+        rules = rules.filter((rule) => !excludedRules.includes(rule.name));
+    }
     // Create Rules folder
     const rulesFolder = path_1.default.join(context.basePath, 'rules');
     fs_extra_1.default.ensureDirSync(rulesFolder);

package/lib/tools/auth0/handlers/actions.js

@@ -249,7 +249,7 @@ class ActionHandler extends default_1.default {
         }
     }
     async calcChanges(assets) {
-        let { actions, actionModules } = assets;
+        let { actions } = assets;
         // Do nothing if not set
         if (!actions)
             return {
@@ -259,19 +259,14 @@ class ActionHandler extends default_1.default {
                 conflicts: [],
             };
         let modules = null;
-        if (actionModules && actionModules.length > 0) {
-            modules = actionModules;
+        try {
+            modules = await (0, client_1.paginate)(this.client.actions.modules.list, {
+                paginate: true,
+            });
         }
-        else {
-            try {
-                modules = await (0, client_1.paginate)(this.client.actions.modules.list, {
-                    paginate: true,
-                });
-            }
-            catch {
-                logger_1.default.debug('Skipping actions modules enrichment because action modules could not be retrieved.');
-                modules = null;
-            }
+        catch {
+            logger_1.default.debug('Skipping actions modules enrichment because action modules could not be retrieved.');
+            modules = null;
         }
         if (modules != null) {
             // Use task queue to process actions in parallel
@@ -305,12 +300,15 @@ class ActionHandler extends default_1.default {
                         moduleVersions = await moduleVersions.getNextPage();
                         allModuleVersions.push(...moduleVersions.data);
                     }
+                    const moduleVersionId = allModuleVersions?.find((v) => v.version_number === module.module_version_number)?.id;
+                    if (!moduleVersionId) {
+                        throw new Error(`Could not find action module version id for module '${module.module_name}' version '${module.module_version_number}'`);
+                    }
                     return {
                         module_name: module.module_name,
                         module_id: foundModule.id,
                         module_version_number: module.module_version_number,
-                        module_version_id: allModuleVersions?.find((v) => v.version_number === module.module_version_number)
-                            ?.id || '',
+                        module_version_id: moduleVersionId,
                     };
                 }
                 return module;

package/lib/tools/auth0/handlers/connections.d.ts

@@ -16,6 +16,12 @@ export declare const schema: {
             };
             options: {
                 type: string;
+                properties: {
+                    dpop_signing_alg: {
+                        type: string;
+                        enum: ("ES256" | "Ed25519")[];
+                    };
+                };
             };
             enabled_clients: {
                 type: string;

package/lib/tools/auth0/handlers/connections.js

@@ -51,6 +51,15 @@ const utils_1 = require("../../utils");
 const client_1 = require("../client");
 const scimHandler_1 = __importDefault(require("./scimHandler"));
 const logger_1 = __importDefault(require("../../../logger"));
+const connectionOptionsSchema = {
+    type: 'object',
+    properties: {
+        dpop_signing_alg: {
+            type: 'string',
+            enum: Object.values(auth0_1.Management.ConnectionDpopSigningAlgEnum),
+        },
+    },
+};
 exports.schema = {
     type: 'array',
     items: {
@@ -58,7 +67,7 @@ exports.schema = {
         properties: {
             name: { type: 'string' },
             strategy: { type: 'string' },
-            options: { type: 'object' },
+            options: connectionOptionsSchema,
             enabled_clients: { type: 'array', items: { type: 'string' } },
             realms: { type: 'array', items: { type: 'string' } },
             metadata: { type: 'object' },
@@ -166,10 +175,18 @@ const getConnectionEnabledClients = async (auth0Client, connectionId) => {
     if (!connectionId)
         return null;
     try {
-        const enabledClients = await (0, client_1.paginate)((params) => auth0Client.connections.clients.get(connectionId, params), { checkpoint: true, take: 100 });
+        logger_1.default.debug(`Getting enabled clients for connection ${connectionId}`);
+        const enabledClients = [];
+        let page = await auth0Client.connections.clients.get(connectionId, { take: 100 });
+        enabledClients.push(...(page.data || []));
+        while (page.hasNextPage && page.hasNextPage()) {
+            page = await page.getNextPage();
+            enabledClients.push(...(page.data || []));
+        }
         return enabledClients.filter((client) => !!client?.client_id).map((client) => client.client_id);
     }
     catch (error) {
+        logger_1.default.warn(`Unable to retrieve enabled clients for connection ${connectionId}: ${error?.message}`);
         return null;
     }
 };
@@ -473,27 +490,35 @@ class ConnectionsHandler extends default_1.default {
         this.existing = filteredConnections;
         if (this.existing === null)
             return [];
-        const connectionsWithEnabledClients = await Promise.all(filteredConnections.map(async (con) => {
-            if (!con?.id)
-                return con;
-            const enabledClients = await (0, exports.getConnectionEnabledClients)(this.client, con.id);
-            // Cast to Asset to allow adding properties
-            let connection = { ...con };
-            if (enabledClients && enabledClients?.length) {
-                connection.enabled_clients = enabledClients;
-            }
-            if (connection.strategy === 'google-apps' && directoryProvisioningConfigs) {
-                const dirProvConfig = directoryProvisioningConfigs.find((congigCon) => congigCon.connection_id === con.id);
-                if (dirProvConfig) {
-                    connection.directory_provisioning_configuration = {
-                        mapping: dirProvConfig.mapping,
-                        synchronize_automatically: dirProvConfig.synchronize_automatically,
-                    };
+        const connectionTasks = filteredConnections.map((con, index) => ({ con, index }));
+        const connectionsWithEnabledClients = await this.client.pool
+            .addEachTask({
+            data: connectionTasks,
+            generator: async ({ con, index }) => {
+                if (!con?.id) {
+                    return { index, connection: con };
                 }
-            }
-            return connection;
-        }));
-        this.existing = connectionsWithEnabledClients;
+                const enabledClients = await (0, exports.getConnectionEnabledClients)(this.client, con.id);
+                let connection = { ...con };
+                if (enabledClients?.length) {
+                    connection.enabled_clients = enabledClients;
+                }
+                if (connection.strategy === 'google-apps' && directoryProvisioningConfigs) {
+                    const dirProvConfig = directoryProvisioningConfigs.find((configCon) => configCon.connection_id === con.id);
+                    if (dirProvConfig) {
+                        connection.directory_provisioning_configuration = {
+                            mapping: dirProvConfig.mapping,
+                            synchronize_automatically: dirProvConfig.synchronize_automatically,
+                        };
+                    }
+                }
+                return { index, connection };
+            },
+        })
+            .promise();
+        this.existing = connectionsWithEnabledClients
+            .sort((a, b) => a.index - b.index)
+            .map(({ connection }) => connection);
         // Apply `scim_configuration` to all the relevant `SCIM` connections. This method mutates `this.existing`.
         await this.scimHandler.applyScimConfiguration(this.existing);
         return this.existing;

package/lib/tools/auth0/handlers/prompts.js

@@ -1,4 +1,43 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -6,7 +45,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.schema = void 0;
 const lodash_1 = require("lodash");
 const auth0_1 = require("auth0");
-const default_1 = __importDefault(require("./default"));
+const default_1 = __importStar(require("./default"));
 const types_1 = require("../../../types");
 const logger_1 = __importDefault(require("../../../logger"));
 const client_1 = require("../client");
@@ -122,7 +161,10 @@ const customPartialsPromptTypes = [
     'signup',
     'signup-id',
     'signup-password',
+    'passkeys',
 ];
+// Prompts that may not be available on all tenants (early access features)
+const optionalPartialsPromptTypes = ['passkeys'];
 const customPartialsScreenTypes = [
     'login',
     'login-id',
@@ -132,6 +174,8 @@ const customPartialsScreenTypes = [
     'signup-password',
     'login-passwordless-sms-otp',
     'login-passwordless-email-code',
+    'passkeys-enrollment',
+    'passkeys-enrollment-local',
 ];
 const customPartialsInsertionPoints = [
     'form-content-start',
@@ -319,6 +363,19 @@ class PromptsHandler extends default_1.default {
                 this.IsFeatureSupported = false;
                 return null;
             }
+            // Handle 400 errors for prompt types not available on all tenants (early access features)
+            // Error format: "Path validation error: 'Invalid value \"passkeys\"' on property prompt (Name of the prompt)."
+            if (error &&
+                error?.statusCode === 400 &&
+                error.message?.includes('Path validation error') &&
+                error.message?.includes('on property prompt')) {
+                // Check if the error message contains any of the optional prompt types
+                const unavailablePrompt = optionalPartialsPromptTypes.find((promptType) => error.message?.includes(promptType));
+                if (unavailablePrompt) {
+                    logger_1.default.warn(`Skipping partials for prompt type '${unavailablePrompt}' because it is not available on this tenant.`);
+                    return null;
+                }
+            }
             if (error && error.statusCode === 429) {
                 logger_1.default.error(`The global rate limit has been exceeded, resulting in a ${error.statusCode} error. ${error.message}. Although this is an error, it is not blocking the pipeline.`);
                 return null;
@@ -459,3 +516,6 @@ class PromptsHandler extends default_1.default {
     }
 }
 exports.default = PromptsHandler;
+__decorate([
+    (0, default_1.order)('80')
+], PromptsHandler.prototype, "processChanges", null);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-deploy-cli",
-  "version": "8.29.2",
+  "version": "8.30.0",
   "description": "A command line tool for deploying updates to your Auth0 tenant",
   "main": "lib/index.js",
   "bin": {
@@ -11,7 +11,7 @@
     "lint": "eslint . && kacl lint",
     "format": "npx prettier --write .",
     "test": "ts-mocha -p tsconfig.json --recursive 'test/**/*.test*' --exclude 'test/e2e/*' --timeout 20000",
-    "test:e2e:node-module": "ts-mocha -p tsconfig.json --recursive 'test/e2e/*.test*' --timeout 120000",
+    "test:e2e:node-module": "ts-mocha -p tsconfig.json --recursive 'test/e2e/*.test*' --timeout 150000",
     "test:e2e:cli": "sh ./test/e2e/e2e-cli.sh",
     "test:coverage": "nyc npm run test && nyc report --reporter=lcov",
     "build": "rimraf ./lib && npx tsc",
@@ -33,7 +33,7 @@
   "homepage": "https://github.com/auth0/auth0-deploy-cli#readme",
   "dependencies": {
     "ajv": "^6.12.6",
-    "auth0": "^5.4.0",
+    "auth0": "^5.5.0",
     "dot-prop": "^5.3.0",
     "fs-extra": "^10.1.0",
     "js-yaml": "^4.1.1",