c8y-nitro 0.3.0 → 0.4.0

package/dist/utils.mjs

@@ -1,8 +1,444 @@
-import { useDeployedTenantCredentials, useSubscribedTenantCredentials, useUserTenantCredentials } from "./utils/credentials.mjs";
-import { useDeployedTenantClient, useSubscribedTenantClients, useUserClient, useUserTenantClient } from "./utils/client.mjs";
-import { useUser, useUserRoles } from "./utils/resources.mjs";
-import { hasUserRequiredRole, isUserFromAllowedTenant, isUserFromDeployedTenant } from "./utils/middleware.mjs";
-import { useTenantOption } from "./utils/tenantOptions.mjs";
-import { createError, createLogger, useLogger } from "./utils/logging.mjs";
-
-export { createError, createLogger, hasUserRequiredRole, isUserFromAllowedTenant, isUserFromDeployedTenant, useDeployedTenantClient, useDeployedTenantCredentials, useLogger, useSubscribedTenantClients, useSubscribedTenantCredentials, useTenantOption, useUser, useUserClient, useUserRoles, useUserTenantClient, useUserTenantCredentials };
+import process from "node:process";
+import { useLogger } from "evlog/nitro/v3";
+import { BasicAuth, Client, MicroserviceClientRequestAuth } from "@c8y/client";
+import { defineCachedFunction } from "nitro/cache";
+import { HTTPError, defineHandler } from "nitro/h3";
+import { useStorage } from "nitro/storage";
+import { useRuntimeConfig } from "nitro/runtime-config";
+import { createError, createLogger } from "evlog";
+//#region src/utils/internal/common.ts
+/**
+* Converts undici Request headers to the format expected by MicroserviceClientRequestAuth.\
+* Extracts the following headers from the request:
+* - `authorization`: Used for Basic Auth or Bearer token authentication
+* - `cookie`: Used to extract XSRF-TOKEN and authorization token from cookies
+*
+* The MicroserviceClientRequestAuth class will automatically:
+* - Extract XSRF-TOKEN from cookies for CSRF protection
+* - Extract authorization token from cookies (prioritized over header auth)
+* - Fall back to Authorization header if no cookie-based auth is present
+*
+* @param request - The HTTP request containing headers
+* @returns Headers object compatible with \@c8y/client's MicroserviceClientRequestAuth
+*/
+function convertRequestHeadersToC8yFormat(request) {
+	const headers = {};
+	const authorization = request.headers.get("authorization");
+	if (authorization) headers.authorization = authorization;
+	const cookie = request.headers.get("cookie");
+	if (cookie) headers.cookie = cookie;
+	return headers;
+}
+//#endregion
+//#region src/utils/credentials.ts
+/**
+* Fetches credentials for all tenants subscribed to this microservice.\
+* Uses bootstrap credentials from runtime config to query the microservice subscriptions API.\
+* Results are cached based on the configured TTL (default: 10 minutes).\
+* @returns Object mapping tenant IDs to their respective credentials
+* @config Cache TTL can be configured via:
+* - `c8y.cache.credentialsTTL` in the Nitro config (value in seconds)
+* - `NITRO_C8Y_CACHE_CREDENTIALS_TTL` environment variable
+* @example
+* // Get all subscribed tenant credentials:
+* const credentials = await useSubscribedTenantCredentials()
+* console.log(Object.keys(credentials)) // ['t12345', 't67890']
+*
+* // Access specific tenant:
+* const tenant1Creds = credentials['t12345']
+*
+* // Invalidate cache:
+* await useSubscribedTenantCredentials.invalidate()
+*
+* // Force refresh:
+* const freshCreds = await useSubscribedTenantCredentials.refresh()
+*/
+const useSubscribedTenantCredentials = Object.assign(defineCachedFunction(async () => {
+	return (await Client.getMicroserviceSubscriptions({
+		tenant: process.env.C8Y_BOOTSTRAP_TENANT,
+		user: process.env.C8Y_BOOTSTRAP_USER,
+		password: process.env.C8Y_BOOTSTRAP_PASSWORD
+	}, process.env.C8Y_BASEURL)).reduce((acc, cred) => {
+		if (cred.tenant) acc[cred.tenant] = cred;
+		return acc;
+	}, {});
+}, {
+	maxAge: useRuntimeConfig().c8yCredentialsCacheTTL ?? 600,
+	name: "_c8y_nitro_get_subscribed_tenant_credentials",
+	group: "c8y_nitro",
+	swr: false
+}), {
+	invalidate: async () => {
+		await useStorage("cache").removeItem(`c8y_nitro:functions:_c8y_nitro_get_subscribed_tenant_credentials.json`);
+	},
+	refresh: async () => {
+		await useSubscribedTenantCredentials.invalidate();
+		return await useSubscribedTenantCredentials();
+	}
+});
+/**
+* Fetches credentials for the tenant where this microservice is deployed.\
+* Uses the C8Y_BOOTSTRAP_TENANT environment variable to identify the deployed tenant.\
+* Returns credentials from the subscribed tenant credentials cache (cached based on configured TTL, default: 10 minutes).
+* @returns Credentials for the deployed tenant
+* @throws {HTTPError} If no credentials found for the deployed tenant
+* @example
+* // Get deployed tenant credentials:
+* const creds = await useDeployedTenantCredentials()
+* console.log(creds.tenant, creds.user)
+*
+* // Invalidate cache:
+* await useDeployedTenantCredentials.invalidate()
+*
+* // Force refresh:
+* const freshCreds = await useDeployedTenantCredentials.refresh()
+* @note This function is not cached separately. It uses the cache of `useSubscribedTenantCredentials()`. Invalidating or refreshing one will refresh `useDeployedTenantCredentials()`s cache.
+*/
+const useDeployedTenantCredentials = Object.assign(async () => {
+	const tenant = process.env.C8Y_BOOTSTRAP_TENANT;
+	const allCredsPromise = await useSubscribedTenantCredentials();
+	if (!allCredsPromise[tenant]) throw new HTTPError({
+		message: `No credentials found for tenant deployed tenant '${tenant}'`,
+		status: 500,
+		statusText: "Internal Server Error"
+	});
+	return allCredsPromise[tenant];
+}, {
+	invalidate: useSubscribedTenantCredentials.invalidate,
+	refresh: async () => {
+		await useDeployedTenantCredentials.invalidate();
+		return await useDeployedTenantCredentials();
+	}
+});
+/**
+* Fetches credentials for the tenant of the current user making the request.\
+* Extracts the user's tenant ID from the request headers and returns corresponding credentials.\
+* Results are cached in the request context for subsequent calls within the same request.
+* @param requestOrEvent - The H3Event or ServerRequest from the current request
+* @returns Credentials for the user's tenant
+* @throws {HTTPError} If no subscribed tenant credentials found for the user's tenant
+* @example
+* // In a request handler:
+* const userCreds = await useUserTenantCredentials(event)
+* console.log(userCreds.tenant, userCreds.user)
+*
+* // Credentials are automatically cached for the request duration
+* const sameCreds = await useUserTenantCredentials(event) // Uses cached value
+*/
+async function useUserTenantCredentials(requestOrEvent) {
+	const request = "req" in requestOrEvent ? requestOrEvent.req : requestOrEvent;
+	if (request.context?.["c8y_user_tenant_credentials"]) return request.context["c8y_user_tenant_credentials"];
+	const tenantId = useUserClient(requestOrEvent).core.tenant;
+	const userTenantCreds = (await useSubscribedTenantCredentials())[tenantId];
+	if (!userTenantCreds) throw new HTTPError({
+		message: `No subscribed tenant credentials found for user tenant '${tenantId}'`,
+		status: 500,
+		statusText: "Internal Server Error"
+	});
+	request.context ??= {};
+	request.context["c8y_user_tenant_credentials"] = userTenantCreds;
+	return userTenantCreds;
+}
+//#endregion
+//#region src/utils/client.ts
+/**
+* Creates a Cumulocity client authenticated with the current user's credentials.\
+* Extracts credentials from the Authorization header of the current request.
+* @param requestOrEvent - The H3Event or ServerRequest from the current request
+* @returns A configured Cumulocity Client instance
+* @example
+* // In a request handler:
+* const client = useUserClient(event)
+* const { data } = await client.inventory.list()
+*/
+function useUserClient(requestOrEvent) {
+	const request = "req" in requestOrEvent ? requestOrEvent.req : requestOrEvent;
+	if (request.context?.["c8y_user_client"]) return request.context["c8y_user_client"];
+	const client = new Client(new MicroserviceClientRequestAuth(convertRequestHeadersToC8yFormat(request)), process.env.C8Y_BASEURL);
+	request.context ??= {};
+	request.context["c8y_user_client"] = client;
+	return client;
+}
+/**
+* Creates a Cumulocity client for the tenant of the current user.\
+* Uses the tenant's service user credentials rather than the user's own credentials.
+* @param requestOrEvent - The H3Event or ServerRequest from the current request
+* @returns A configured Cumulocity Client instance for the user's tenant
+* @example
+* // In a request handler:
+* const tenantClient = await useUserTenantClient(event)
+* const { data } = await tenantClient.inventory.list()
+*/
+async function useUserTenantClient(requestOrEvent) {
+	const request = "req" in requestOrEvent ? requestOrEvent.req : requestOrEvent;
+	if (request.context?.["c8y_user_tenant_client"]) return request.context["c8y_user_tenant_client"];
+	const tenantId = useUserClient(requestOrEvent).core.tenant;
+	const creds = await useSubscribedTenantCredentials();
+	if (!creds[tenantId]) throw new HTTPError({
+		message: `No subscribed tenant credentials found for user tenant '${tenantId}'`,
+		status: 500,
+		statusText: "Internal Server Error"
+	});
+	const tenantClient = new Client(new BasicAuth(creds[tenantId]), process.env.C8Y_BASEURL);
+	request.context ??= {};
+	request.context["c8y_user_tenant_client"] = tenantClient;
+	return tenantClient;
+}
+/**
+* Creates Cumulocity clients for all tenants subscribed to this microservice.\
+* Each client is authenticated with that tenant's service user credentials.\
+* @returns Object mapping tenant IDs to their respective Client instances
+* @example
+* // Get clients for all subscribed tenants:
+* const clients = await useSubscribedTenantClients()
+* for (const [tenant, client] of Object.entries(clients)) {
+*   const { data } = await client.inventory.list()
+*   console.log(`Tenant ${tenant} has ${data.length} inventory items`)
+* }
+*/
+async function useSubscribedTenantClients() {
+	const creds = await useSubscribedTenantCredentials();
+	const clients = {};
+	for (const [tenant, tenantCreds] of Object.entries(creds)) clients[tenant] = new Client(new BasicAuth(tenantCreds), process.env.C8Y_BASEURL);
+	return clients;
+}
+/**
+* Creates a Cumulocity client for the tenant where this microservice is deployed.\
+* Uses the bootstrap tenant ID from runtime config to identify the deployed tenant.\
+* @returns A configured Cumulocity Client instance for the deployed tenant
+* @example
+* // Get client for the tenant hosting this microservice:
+* const client = await useDeployedTenantClient()
+* const { data } = await client.application.list()
+*/
+async function useDeployedTenantClient() {
+	const creds = await useSubscribedTenantCredentials();
+	const tenant = process.env.C8Y_BOOTSTRAP_TENANT;
+	if (!creds[tenant]) throw new HTTPError({
+		message: `No subscribed tenant credentials found for tenant '${tenant}'`,
+		status: 500,
+		statusText: "Internal Server Error"
+	});
+	return new Client(new BasicAuth(creds[tenant]), process.env.C8Y_BASEURL);
+}
+//#endregion
+//#region src/utils/resources.ts
+/**
+* Fetches the current user from Cumulocity using credentials extracted from the current request's headers.
+* This is a non-cached version - fetches fresh data on every call.
+* @param requestOrEvent - The H3Event or ServerRequest from the current request
+* @returns The current user object from Cumulocity
+* @example
+* // In a request handler:
+* const user = await useUser(event)
+* console.log(user.userName, user.email)
+*/
+async function useUser(requestOrEvent) {
+	const request = "req" in requestOrEvent ? requestOrEvent.req : requestOrEvent;
+	if (request.context?.["c8y_user"]) return request.context["c8y_user"];
+	const { res, data: user } = await useUserClient(requestOrEvent).user.currentWithEffectiveRoles();
+	if (!res.ok) throw new HTTPError({
+		message: `Failed to fetch current user`,
+		status: res.status,
+		statusText: res.statusText
+	});
+	request.context ??= {};
+	request.context["c8y_user"] = user;
+	return user;
+}
+/**
+* Fetches the roles of the current user from Cumulocity.
+* Internally calls `useUser()` and extracts role IDs from the user object.
+* This is a non-cached version - fetches fresh data on every call.
+* @param requestOrEvent - The H3Event or ServerRequest from the current request
+* @returns Array of role ID strings assigned to the current user
+* @example
+* // In a request handler:
+* const roles = await useUserRoles(event)
+* console.log(roles) // ['ROLE_INVENTORY_READ', 'ROLE_INVENTORY_ADMIN']
+*/
+async function useUserRoles(requestOrEvent) {
+	const request = "req" in requestOrEvent ? requestOrEvent.req : requestOrEvent;
+	if (request.context?.["c8y_user_roles"]) return request.context["c8y_user_roles"];
+	const userRoles = (await useUser(requestOrEvent)).effectiveRoles?.map((role) => role.name) ?? [];
+	request.context ??= {};
+	request.context["c8y_user_roles"] = userRoles;
+	return userRoles;
+}
+//#endregion
+//#region src/utils/middleware.ts
+function hasUserRequiredRole(roleOrRoles) {
+	return defineHandler(async (event) => {
+		const requiredRoles = Array.isArray(roleOrRoles) ? roleOrRoles : [roleOrRoles];
+		const userRoles = await useUserRoles(event);
+		if (!requiredRoles.some((role) => userRoles.includes(role))) throw new HTTPError({
+			status: 403,
+			statusText: "Forbidden",
+			message: `User does not have required role(s) to access this resource: ${requiredRoles.join(", ")}`
+		});
+	});
+}
+function isUserFromAllowedTenant(tenantIdOrIds) {
+	return defineHandler(async (event) => {
+		const allowedTenants = Array.isArray(tenantIdOrIds) ? tenantIdOrIds : [tenantIdOrIds];
+		const userTenantId = useUserClient(event).core.tenant;
+		if (!allowedTenants.includes(userTenantId)) throw new HTTPError({
+			status: 403,
+			statusText: "Forbidden",
+			message: `User's tenant '${userTenantId}' is not allowed to access this resource. Allowed tenants: ${allowedTenants.join(", ")}`
+		});
+	});
+}
+/**
+* Middleware to check if the current user belongs to the deployed tenant.\
+* The deployed tenant is where this microservice is hosted (C8Y_BOOTSTRAP_TENANT).\
+* If the user's tenant doesn't match the deployed tenant, throws a 403 Forbidden error.\
+* Must be used within a request handler context.\
+* @returns Event handler that validates user is from deployed tenant
+* @example
+* // Only allow users from the deployed tenant:
+* export default defineHandler({
+*  middleware: [isUserFromDeployedTenant()],
+*  handler: async () => {
+*   return { message: 'You have access' }
+*  }
+* })
+*/
+function isUserFromDeployedTenant() {
+	return defineHandler(async (event) => {
+		const userTenantId = useUserClient(event).core.tenant;
+		const deployedTenantId = process.env.C8Y_BOOTSTRAP_TENANT;
+		if (!deployedTenantId) throw new HTTPError({
+			status: 500,
+			statusText: "Internal Server Error",
+			message: "C8Y_BOOTSTRAP_TENANT environment variable is not set"
+		});
+		if (userTenantId !== deployedTenantId) throw new HTTPError({
+			status: 403,
+			statusText: "Forbidden",
+			message: `Only users from tenant '${deployedTenantId}' can access this resource.`
+		});
+	});
+}
+//#endregion
+//#region src/utils/tenantOptions.ts
+/**
+* Gets the cache TTL for a specific tenant option key.
+* Uses per-key override if defined, otherwise falls back to default TTL.
+* @param key - The tenant option key
+*/
+function getTenantOptionCacheTTL(key) {
+	const config = useRuntimeConfig();
+	return config.c8yTenantOptionsPerKeyTTL?.[key] ?? config.c8yDefaultTenantOptionsTTL ?? 600;
+}
+/**
+* Internal storage for cached functions per key
+*/
+const tenantOptionFetchers = {};
+/**
+* Factory function that creates a cached fetcher for a specific tenant option key.
+* @param key - The tenant option key
+*/
+function createCachedTenantOptionFetcher(key) {
+	const cacheName = `_c8y_nitro_tenant_option_${key.replace(/\./g, "_")}`;
+	const fetcher = defineCachedFunction(async () => {
+		const client = await useDeployedTenantClient();
+		const category = useRuntimeConfig().c8ySettingsCategory;
+		const apiKey = key.replace(/^credentials\./, "");
+		try {
+			return (await client.options.tenant.detail({
+				key: apiKey,
+				category
+			})).data.value;
+		} catch (error) {
+			if (error?.res?.status === 404 || error?.status === 404) return;
+			throw error;
+		}
+	}, {
+		maxAge: getTenantOptionCacheTTL(key),
+		name: cacheName,
+		group: "c8y_nitro",
+		swr: false
+	});
+	return Object.assign(fetcher, {
+		invalidate: async () => {
+			const completeKey = `c8y_nitro:functions:${cacheName}.json`;
+			await useStorage("cache").removeItem(completeKey);
+		},
+		refresh: async () => {
+			const completeKey = `c8y_nitro:functions:${cacheName}.json`;
+			await useStorage("cache").removeItem(completeKey);
+			return await fetcher();
+		}
+	});
+}
+/**
+* Gets or creates a cached fetcher for a specific tenant option key.
+* @param key - The tenant option key
+*/
+function getOrCreateFetcher(key) {
+	let fetcher = tenantOptionFetchers[key];
+	if (!fetcher) {
+		fetcher = createCachedTenantOptionFetcher(key);
+		tenantOptionFetchers[key] = fetcher;
+	}
+	return fetcher;
+}
+/**
+* Fetches a tenant option value by key.\
+* Uses the deployed tenant's service user credentials to access the Options API.\
+* Results are cached based on the configured TTL (default: 10 minutes).
+*
+* @param key - The tenant option key to fetch (as defined in `manifest.settings`)
+* @returns The option value as a string
+*
+* @config Cache TTL can be configured via:
+* - `c8y.cache.defaultTenantOptionsTTL` — Default TTL for all keys (in seconds)
+* - `c8y.cache.tenantOptions` — Per-key TTL overrides
+* - `NITRO_C8Y_DEFAULT_TENANT_OPTIONS_TTL` — Environment variable for default TTL
+*
+* @note For encrypted options (keys starting with `credentials.`), the value is automatically
+* decrypted by Cumulocity if this microservice is the owner of the option (category matches
+* the microservice's settingsCategory/contextPath/name). The `credentials.` prefix is
+* automatically stripped when calling the API.
+*
+* @example
+* // Fetch a tenant option:
+* const value = await useTenantOption('myOption')
+*
+* // Fetch an encrypted secret:
+* const secret = await useTenantOption('credentials.apiKey')
+*
+* // Invalidate cache for a specific key:
+* await useTenantOption.invalidate('myOption')
+*
+* // Force refresh a specific key:
+* const fresh = await useTenantOption.refresh('myOption')
+*
+* // Invalidate all tenant option caches:
+* await useTenantOption.invalidateAll()
+*
+* // Refresh all tenant options:
+* const all = await useTenantOption.refreshAll()
+*/
+const useTenantOption = Object.assign(async (key) => {
+	return await getOrCreateFetcher(key)();
+}, {
+	invalidate: async (key) => {
+		const fetcher = tenantOptionFetchers[key];
+		if (fetcher) await fetcher.invalidate();
+	},
+	refresh: async (key) => {
+		return await getOrCreateFetcher(key).refresh();
+	},
+	invalidateAll: async () => {
+		await Promise.all(Object.values(tenantOptionFetchers).map((fetcher) => fetcher?.invalidate()));
+	},
+	refreshAll: async () => {
+		const entries = Object.entries(tenantOptionFetchers);
+		const values = await Promise.all(entries.map(([, fetcher]) => fetcher?.refresh()));
+		return Object.fromEntries(entries.map(([key], i) => [key, values[i]]));
+	}
+});
+//#endregion
+export { createError, createLogger, hasUserRequiredRole, isUserFromAllowedTenant, isUserFromDeployedTenant, useDeployedTenantClient, useDeployedTenantCredentials, useLogger, useSubscribedTenantClients, useSubscribedTenantCredentials, useTenantOption, useUser, useUserClient, useUserRoles, useUserTenantClient, useUserTenantCredentials };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "c8y-nitro",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "type": "module",
   "description": "Lightning fast Cumulocity IoT microservice development powered by Nitro",
   "keywords": [
@@ -48,29 +48,29 @@
     "dist"
   ],
   "dependencies": {
-    "c12": "^4.0.0-beta.2",
-    "citty": "^0.2.0",
+    "c12": "^4.0.0-beta.3",
+    "citty": "^0.2.1",
     "consola": "^3.4.2",
-    "evlog": "^2.1.0",
+    "evlog": "^2.6.0",
     "jszip": "^3.10.1",
     "pathe": "^2.0.3",
     "pkg-types": "^2.3.0",
     "spinnies": "^0.5.1",
-    "tinyexec": "^1.0.2"
+    "tinyexec": "^1.0.4"
   },
   "devDependencies": {
     "@schplitt/eslint-config": "^1.3.1",
     "@types/spinnies": "^0.5.3",
     "bumpp": "^10.4.1",
-    "eslint": "^10.0.0",
-    "memfs": "^4.56.10",
-    "tsdown": "^0.20.3",
+    "eslint": "^10.0.3",
+    "memfs": "^4.56.11",
+    "tsdown": "^0.21.2",
     "typescript": "^5.9.3",
-    "vitest": "^4.0.18"
+    "vitest": "^4.1.0"
   },
   "peerDependencies": {
     "@c8y/client": ">=1021",
-    "nitro": "v3.0.1-alpha.2"
+    "nitro": "3.0.260311-beta"
   },
   "engines": {
     "node": ">=24.0.0"

package/dist/cli/commands/bootstrap.mjs

@@ -1,64 +0,0 @@
-import { createC8yManifest } from "../../module/manifest.mjs";
-import { createBasicAuthHeader, createMicroservice, findMicroserviceByName, getBootstrapCredentials, subscribeToApplication, updateMicroservice } from "../utils/c8y-api.mjs";
-import { writeBootstrapCredentials } from "../utils/env-file.mjs";
-import { loadC8yConfig, validateBootstrapEnv } from "../utils/config.mjs";
-import { defineCommand, runCommand } from "citty";
-import { consola } from "consola";
-
-//#region src/cli/commands/bootstrap.ts
-var bootstrap_default = defineCommand({
-	meta: {
-		name: "bootstrap",
-		description: "Bootstrap your microservice to the development tenant"
-	},
-	args: {},
-	async run() {
-		consola.info("Loading configuration...");
-		const { env, c8yOptions, configDir } = await loadC8yConfig();
-		consola.info("Validating environment variables...");
-		const envVars = validateBootstrapEnv(env);
-		consola.info("Building manifest...");
-		const manifest = await createC8yManifest(configDir, c8yOptions?.manifest);
-		consola.success(`Manifest created for: ${manifest.name} v${manifest.version}`);
-		const authHeader = createBasicAuthHeader(envVars.C8Y_DEVELOPMENT_TENANT, envVars.C8Y_DEVELOPMENT_USER, envVars.C8Y_DEVELOPMENT_PASSWORD);
-		consola.info(`Checking if microservice "${manifest.name}" exists...`);
-		const existingApp = await findMicroserviceByName(envVars.C8Y_BASEURL, manifest.name, authHeader);
-		let appId;
-		if (existingApp) {
-			consola.warn(`Microservice "${manifest.name}" already exists on development tenant (ID: ${existingApp.id})`);
-			if (!await consola.prompt("Do you want to update the existing microservice?", {
-				type: "confirm",
-				cancel: "reject"
-			})) {
-				consola.info("Bootstrap cancelled.");
-				return;
-			}
-			consola.info("Updating microservice...");
-			appId = (await updateMicroservice(envVars.C8Y_BASEURL, existingApp.id, manifest, authHeader)).id;
-			consola.success(`Microservice updated successfully (ID: ${appId})`);
-		} else {
-			consola.info("Creating microservice...");
-			appId = (await createMicroservice(envVars.C8Y_BASEURL, manifest, authHeader)).id;
-			consola.success(`Microservice created successfully (ID: ${appId})`);
-		}
-		consola.info("Subscribing tenant to application...");
-		await subscribeToApplication(envVars.C8Y_BASEURL, envVars.C8Y_DEVELOPMENT_TENANT, appId, authHeader);
-		consola.success("Tenant subscribed to application");
-		consola.info("Fetching bootstrap credentials...");
-		const credentials = await getBootstrapCredentials(envVars.C8Y_BASEURL, appId, authHeader);
-		consola.info("Writing bootstrap credentials...");
-		const envFileName = await writeBootstrapCredentials(configDir, {
-			C8Y_BOOTSTRAP_TENANT: credentials.tenant,
-			C8Y_BOOTSTRAP_USER: credentials.name,
-			C8Y_BOOTSTRAP_PASSWORD: credentials.password
-		});
-		consola.success(`Bootstrap credentials written to ${envFileName}`);
-		if (manifest.roles && manifest.roles.length > 0) {
-			if (await consola.prompt("Do you want to manage microservice roles for your development user?", { type: "confirm" })) await runCommand(await import("./roles.mjs").then((r) => r.default), { rawArgs: [] });
-		}
-		consola.success("Bootstrap complete!");
-	}
-});
-
-//#endregion
-export { bootstrap_default as default };