libretto 0.6.24 → 0.6.25

package/dist/cli/core/browser.js

@@ -1,13 +1,27 @@
 import {
   chromium
 } from "playwright";
-import { existsSync, readFileSync, unlinkSync } from "node:fs";
-import { mkdir, writeFile } from "node:fs/promises";
-import { dirname, join } from "node:path";
+import {
+  existsSync,
+  readFileSync,
+  unlinkSync
+} from "node:fs";
 import { createServer } from "node:net";
+import { join } from "node:path";
 import { isWindowsNamedPipePath } from "../../shared/ipc/socket-transport.js";
-import { getSessionProviderClosePath, PROFILES_DIR } from "./context.js";
+import { getSessionProviderClosePath } from "./context.js";
 import { readLibrettoConfig } from "./config.js";
+import {
+  captureAuthProfileStorageState,
+  parseAuthProfileSites
+} from "../../shared/workflow/auth-profile-state.js";
+import {
+  formatMissingLocalAuthProfileMessage,
+  getProfilePath,
+  hasProfile,
+  normalizeProfileName,
+  writeProfile
+} from "./profiles.js";
 import {
   getCloudProviderApi,
   getProviderStartupTimeoutMs
@@ -80,12 +94,6 @@ function normalizeUrl(url) {
 function normalizeDomain(url) {
   return url.hostname.replace(/^www\./, "");
 }
-function getProfilePath(domain) {
-  return join(PROFILES_DIR, `${domain}.json`);
-}
-function hasProfile(domain) {
-  return existsSync(getProfilePath(domain));
-}
 async function tryConnectToCDP(endpoint, logger, timeoutMs = 5e3) {
   logger.info("cdp-connect-attempt", { endpoint, timeoutMs });
   try {
@@ -304,30 +312,34 @@ async function runOpen(rawUrl, headed, session, logger, options) {
   const port = await pickFreePort();
   const runLogPath = logFileForSession(session);
   const browserMode = headed ? "headed" : "headless";
-  const authDomain = options?.authProfileDomain ? normalizeDomain(normalizeUrl(options.authProfileDomain)) : void 0;
-  if (authDomain) {
-    const authProfilePath = getProfilePath(authDomain);
-    if (!existsSync(authProfilePath)) {
+  const authProfileName = options?.authProfileName ? normalizeProfileName(options.authProfileName) : void 0;
+  if (authProfileName) {
+    const authProfilePath = getProfilePath(authProfileName);
+    if (!hasProfile(authProfileName)) {
       throw new Error(
-        `No saved auth profile for "${authDomain}". Save one first: libretto open https://${authDomain} --headed --session <name>, log in, then run: libretto save ${authDomain} --session <name>`
+        formatMissingLocalAuthProfileMessage({
+          profileName: authProfileName,
+          profilePath: authProfilePath,
+          session
+        })
       );
     }
   }
   const supportsSavedProfile = parsedUrl.protocol === "http:" || parsedUrl.protocol === "https:";
-  const domain = authDomain ?? (supportsSavedProfile ? normalizeDomain(parsedUrl) : void 0);
-  const profilePath = domain ? getProfilePath(domain) : void 0;
-  const useProfile = domain ? hasProfile(domain) : false;
+  const profileName = authProfileName ?? (supportsSavedProfile ? normalizeDomain(parsedUrl) : void 0);
+  const profilePath = profileName ? getProfilePath(profileName) : void 0;
+  const useProfile = profileName ? hasProfile(profileName) : false;
   logger.info("open-launching", {
     url,
     mode: browserMode,
     session,
     port,
-    domain,
+    profileName,
     useProfile,
     profilePath: useProfile ? profilePath : void 0
   });
   if (useProfile) {
-    console.log(`Loading saved profile for ${domain}`);
+    console.log(`Loading saved profile ${profileName}`);
   }
   console.log(`Launching ${browserMode} browser (session: ${session})...`);
   const { pid, socketPath: daemonSocketPath, client } = await DaemonClient.spawn({
@@ -449,67 +461,70 @@ async function runOpenWithProvider(rawUrl, providerName, session, logger, access
   });
   console.log(`Browser open (${providerName}): ${url}`);
 }
-async function runSave(urlOrDomain, session, logger) {
-  logger.info("save-start", { urlOrDomain, session });
-  const { browser, context, page } = await connect(session, logger);
-  try {
-    await new Promise((r) => setTimeout(r, 500));
-    const domain = normalizeDomain(normalizeUrl(urlOrDomain));
-    const profilePath = getProfilePath(domain);
-    const cdpSession = await context.newCDPSession(page);
-    const { cookies: rawCookies } = await cdpSession.send(
-      "Network.getAllCookies"
+async function runSave(profileName, session, logger, options = { sites: "" }) {
+  const normalizedProfileName = normalizeProfileName(profileName);
+  const sites = parseAuthProfileSites(options.sites);
+  if (sites.length === 0) {
+    throw new Error("Pass at least one site with --sites <site[,site]>.");
+  }
+  logger.info("save-start", { profileName: normalizedProfileName, session, sites });
+  const state = readSessionStateOrThrow(session);
+  if (!state.daemonSocketPath) {
+    throw new Error(
+      `Session "${session}" has no daemon socket. Close and reopen the session, then run libretto save again.`
     );
-    const cookies = rawCookies.map((c) => {
-      const cookie = { ...c };
-      if (cookie.partitionKey && typeof cookie.partitionKey === "object") {
-        delete cookie.partitionKey;
-      }
-      return cookie;
-    });
-    await cdpSession.detach();
-    const origins = [];
-    for (const ctx of browser.contexts()) {
-      for (const pg of ctx.pages()) {
-        try {
-          const origin = new URL(pg.url()).origin;
-          const localStorage = await pg.evaluate(() => {
-            const items = [];
-            for (let i = 0; i < window.localStorage.length; i++) {
-              const key = window.localStorage.key(i);
-              if (key) {
-                items.push({
-                  name: key,
-                  value: window.localStorage.getItem(key) || ""
-                });
-              }
-            }
-            return items;
-          });
-          if (localStorage.length > 0) {
-            origins.push({ origin, localStorage });
-          }
-        } catch {
-        }
-      }
-    }
-    const state = { cookies, origins };
-    await mkdir(dirname(profilePath), { recursive: true });
-    await writeFile(profilePath, JSON.stringify(state, null, 2));
+  }
+  const client = await DaemonClient.connect(state.daemonSocketPath);
+  try {
+    const storageState = await client.captureAuthProfileStorageState({ sites });
+    const profilePath = await writeProfile(normalizedProfileName, storageState);
     logger.info("save-success", {
-      domain,
+      profileName: normalizedProfileName,
+      sites,
       profilePath,
-      cookieCount: cookies.length,
-      originCount: origins.length
+      cookieCount: storageState.cookies?.length ?? 0,
+      originCount: storageState.origins?.length ?? 0
     });
-    console.log(`Profile saved for ${domain}`);
+    console.log(`Profile saved: ${normalizedProfileName}`);
     console.log(`   Location: ${profilePath}`);
-    console.log(`   Cookies: ${cookies.length}, Origins: ${origins.length}`);
+    console.log(`   Sites: ${sites.join(", ")}`);
+    console.log(
+      `   Cookies: ${storageState.cookies?.length ?? 0}, Origins: ${storageState.origins?.length ?? 0}`
+    );
   } catch (err) {
-    logger.error("save-error", { error: err, urlOrDomain, session });
+    logger.error("save-error", { error: err, profileName, session, sites });
     throw err;
   } finally {
-    disconnectBrowser(browser, logger, session);
+    client.destroy();
+  }
+}
+async function runFetchChromeProfile(profileName, cdpUrl, logger, options) {
+  const normalizedProfileName = normalizeProfileName(profileName);
+  const sites = parseAuthProfileSites(options.sites);
+  if (sites.length === 0) {
+    throw new Error("Pass at least one site with --sites <site[,site]>.");
+  }
+  logger.info("fetch-chrome-profile-start", {
+    profileName: normalizedProfileName,
+    cdpUrl,
+    sites
+  });
+  const browser = await chromium.connectOverCDP(cdpUrl);
+  try {
+    const context = browser.contexts()[0];
+    if (!context) {
+      throw new Error("Connected Chrome instance has no browser context.");
+    }
+    const state = await captureAuthProfileStorageState(context, sites);
+    const profilePath = await writeProfile(normalizedProfileName, state);
+    console.log(`Profile fetched: ${normalizedProfileName}`);
+    console.log(`   Location: ${profilePath}`);
+    console.log(`   Sites: ${sites.join(", ")}`);
+    console.log(
+      `   Cookies: ${state.cookies?.length ?? 0}, Origins: ${state.origins?.length ?? 0}`
+    );
+  } finally {
+    disconnectBrowser(browser, logger);
   }
 }
 async function runClose(session, logger) {
@@ -1007,9 +1022,7 @@ function getScreenshotBaseName(title) {
 export {
   connect,
   disconnectBrowser,
-  getProfilePath,
   getScreenshotBaseName,
-  hasProfile,
   normalizeDomain,
   normalizeUrl,
   resolvePath,
@@ -1017,6 +1030,7 @@ export {
   runClose,
   runCloseAll,
   runConnect,
+  runFetchChromeProfile,
   runOpen,
   runOpenWithProvider,
   runPages,

package/dist/cli/core/daemon/daemon.js

@@ -23,13 +23,13 @@ import {
 import {
   getDaemonSocketPath
 } from "./ipc.js";
-import { wrapPageForActionLogging } from "../telemetry.js";
+import { wrapPageForActionLogging } from "../session-logs.js";
 import {
+  formatMissingLocalAuthProfileMessage,
   getProfilePath,
   hasProfile,
-  normalizeDomain,
-  normalizeUrl
-} from "../browser.js";
+  normalizeProfileName
+} from "../profiles.js";
 import { handlePages } from "./pages.js";
 import { handleExec, handleReadonlyExec } from "./exec.js";
 import { DaemonExecRepl } from "./exec-repl.js";
@@ -48,6 +48,7 @@ import {
 } from "../workflow-runtime.js";
 import { WorkflowController } from "../workflow-runner/runner.js";
 import { validateWorkflowInput } from "../../../shared/workflow/workflow.js";
+import { captureAuthProfileStorageState } from "../../../shared/workflow/auth-profile-state.js";
 function isOperationalPage(page) {
   const url = page.url();
   return !url.startsWith("devtools://") && !url.startsWith("chrome-error://");
@@ -68,26 +69,14 @@ class UserFacingStartupError extends Error {
     this.name = "UserFacingStartupError";
   }
 }
-function getMissingLocalAuthProfileError(args) {
-  return [
-    `Local auth profile not found for domain "${args.normalizedDomain}".`,
-    `Expected profile file: ${args.profilePath}`,
-    "To create it:",
-    `  1. libretto open https://${args.normalizedDomain} --headed --session ${args.session}`,
-    "  2. Log in manually in the browser window.",
-    `  3. libretto save ${args.normalizedDomain} --session ${args.session}`
-  ].join("\n");
-}
 function resolveAuthProfileStorageStatePath(args) {
-  if (!args.authProfileDomain) return void 0;
-  const normalizedDomain = normalizeDomain(
-    normalizeUrl(args.authProfileDomain)
-  );
-  const profilePath = getProfilePath(normalizedDomain);
-  if (!hasProfile(normalizedDomain)) {
+  if (!args.authProfileName) return void 0;
+  const profileName = normalizeProfileName(args.authProfileName);
+  const profilePath = getProfilePath(profileName);
+  if (!hasProfile(profileName)) {
     throw new UserFacingStartupError(
-      getMissingLocalAuthProfileError({
-        normalizedDomain,
+      formatMissingLocalAuthProfileMessage({
+        profileName,
         profilePath,
         session: args.session
       })
@@ -253,6 +242,10 @@ class BrowserDaemon {
   // ── Launch mode ────────────────────────────────────────────────────
   static async launchBrowser(args) {
     const { session, browser: config } = args;
+    const storageStatePath = config.storageStatePath ?? resolveAuthProfileStorageStatePath({
+      authProfileName: args.workflow?.authProfileName,
+      session
+    });
     const windowPositionArg = config.windowPosition ? `--window-position=${config.windowPosition.x},${config.windowPosition.y}` : void 0;
     const browser = await chromium.launch({
       headless: !config.headed,
@@ -264,10 +257,6 @@ class BrowserDaemon {
         ...windowPositionArg ? [windowPositionArg] : []
       ]
     });
-    const storageStatePath = config.storageStatePath ?? resolveAuthProfileStorageStatePath({
-      authProfileDomain: args.workflow?.authProfileDomain,
-      session
-    });
     const context = await browser.newContext({
       ...storageStatePath ? { storageState: storageStatePath } : {},
       viewport: {
@@ -331,7 +320,10 @@ class BrowserDaemon {
       getProviderSession: () => providerSession
     });
     try {
-      providerSession = await provider.createSession();
+      providerSession = await provider.createSession({
+        authProfileName: config.authProfileName,
+        authProfilePersist: config.authProfilePersist
+      });
       const browser = await chromium.connectOverCDP(
         providerSession.cdpEndpoint
       );
@@ -471,6 +463,9 @@ class BrowserDaemon {
       pages: () => this.withRequestTimeout(() => handlePages(this.pageById, this.page)),
       exec: (args) => this.runExec(args),
       readonlyExec: (args) => this.runReadonlyExec(args),
+      captureAuthProfileStorageState: (args) => this.withRequestTimeout(
+        () => captureAuthProfileStorageState(this.context, args.sites)
+      ),
       snapshot: (args) => this.runSnapshot(args),
       getWorkflowStatus: () => this.getWorkflowStatus(),
       resumeWorkflow: () => this.resumeWorkflow(),
@@ -584,6 +579,7 @@ class BrowserDaemon {
       page: this.page,
       context: this.context,
       logger: this.logger,
+      refreshLocalAuthProfiles: !this.externallyManaged,
       onLog: (event) => {
         void this.broadcast("workflowOutput", event);
       },
@@ -680,36 +676,52 @@ async function main() {
   const config = JSON.parse(process.argv[2]);
   const headed = config.browser.kind === "launch" ? config.browser.headed : false;
   let loadedWorkflow;
+  let workflowConfig = config.workflow;
+  let browserConfig = config.browser;
   if (config.workflow) {
     try {
       loadedWorkflow = await loadDefaultWorkflow(
         getAbsoluteIntegrationPath(config.workflow.integrationPath)
       );
       validateWorkflowInput(loadedWorkflow, config.workflow.params ?? {});
+      const authProfileName = loadedWorkflow.authProfileName;
+      const authProfilePersist = loadedWorkflow.authProfileRefresh === true;
+      workflowConfig = {
+        ...config.workflow,
+        authProfileName,
+        authProfilePersist
+      };
+      if (config.browser.kind === "provider") {
+        browserConfig = {
+          ...config.browser,
+          authProfileName,
+          authProfilePersist
+        };
+      }
     } catch (error) {
       throw new UserFacingStartupError(
         error instanceof Error ? error.message : String(error)
       );
     }
   }
-  const daemon = config.browser.kind === "provider" ? await BrowserDaemon.connectToProvider({
+  const daemon = browserConfig.kind === "provider" ? await BrowserDaemon.connectToProvider({
     session: config.session,
     experiments: config.experiments,
-    browser: config.browser
-  }) : config.browser.kind === "connect" ? await BrowserDaemon.connectToEndpoint({
+    browser: browserConfig
+  }) : browserConfig.kind === "connect" ? await BrowserDaemon.connectToEndpoint({
     session: config.session,
     experiments: config.experiments,
-    browser: config.browser
+    browser: browserConfig
   }) : await BrowserDaemon.launchBrowser({
     session: config.session,
     experiments: config.experiments,
-    browser: config.browser,
-    workflow: config.workflow
+    browser: browserConfig,
+    workflow: workflowConfig
   });
-  if (config.workflow) {
+  if (workflowConfig) {
     void waitForSessionState(config.session).then(
       () => daemon.startWorkflow({
-        workflow: config.workflow,
+        workflow: workflowConfig,
         headed,
         loadedWorkflow
       })

package/dist/cli/core/daemon/ipc.js

@@ -232,6 +232,9 @@ class DaemonClient {
   async readonlyExec(args) {
     return this.ipc.call.readonlyExec(args);
   }
+  async captureAuthProfileStorageState(args) {
+    return this.ipc.call.captureAuthProfileStorageState(args);
+  }
   async snapshot(args = {}) {
     return this.ipc.call.snapshot(args);
   }

package/dist/cli/core/deploy-artifact.js

@@ -20,6 +20,7 @@ import {
   getWorkflowsFromModuleExports,
   LIBRETTO_WORKFLOW_BRAND
 } from "../../shared/workflow/workflow.js";
+import { normalizeCredentialNames } from "../../shared/workflow/credentials.js";
 const DEFAULT_RUNTIME_EXTERNALS = [
   "libretto",
   "playwright",
@@ -27,6 +28,7 @@ const DEFAULT_RUNTIME_EXTERNALS = [
   "chromium-bidi"
 ];
 const BUILT_IN_MANIFEST_DEPENDENCIES = ["libretto"];
+const DEPLOY_METADATA_FILENAME = ".libretto-workflows.json";
 const SOURCE_FILE_EXTENSIONS = [
   "",
   ".ts",
@@ -430,6 +432,12 @@ function writeDeployManifest(args) {
     ) + "\n"
   );
 }
+function writeDeployMetadata(args) {
+  writeFileSync(
+    join(args.outputDir, DEPLOY_METADATA_FILENAME),
+    JSON.stringify({ workflows: args.workflows }, null, 2) + "\n"
+  );
+}
 function shouldVendorCurrentLibretto(versionSpec) {
   return versionSpec.startsWith("file:") || versionSpec.startsWith("link:") || versionSpec.startsWith("workspace:") || versionSpec.startsWith("portal:") || versionSpec.includes("&path:");
 }
@@ -498,11 +506,15 @@ function createExternalDiscoveryStub() {
     }
   });
 }
-function createDiscoveryLibrettoModule(workflowNames) {
+function createDiscoveryLibrettoModule(workflowsByName) {
   const moduleShape = {
     LIBRETTO_WORKFLOW_BRAND,
-    workflow: (name) => {
-      workflowNames.add(name);
+    workflow: (name, definitionOrHandler) => {
+      workflowsByName.set(name, {
+        name,
+        ...extractDiscoveryCredentialMetadata(definitionOrHandler),
+        ...extractDiscoveryAuthProfileMetadata(definitionOrHandler)
+      });
       return {
         [LIBRETTO_WORKFLOW_BRAND]: true,
         name,
@@ -524,14 +536,37 @@ function createDiscoveryLibrettoModule(workflowNames) {
     }
   });
 }
-function discoverBundledWorkflowNames(args) {
+function extractDiscoveryCredentialMetadata(definitionOrHandler) {
+  if (!definitionOrHandler || typeof definitionOrHandler !== "object" || !("credentials" in definitionOrHandler)) {
+    return { credentialNames: [] };
+  }
+  const rawCredentials = definitionOrHandler.credentials;
+  return {
+    credentialNames: Array.isArray(rawCredentials) ? normalizeCredentialNames(rawCredentials) : []
+  };
+}
+function extractDiscoveryAuthProfileMetadata(definitionOrHandler) {
+  if (!definitionOrHandler || typeof definitionOrHandler !== "object" || !("authProfile" in definitionOrHandler)) {
+    return {};
+  }
+  const authProfile = definitionOrHandler.authProfile;
+  if (typeof authProfile === "string") return { authProfileName: authProfile };
+  if (!authProfile || typeof authProfile !== "object") return {};
+  const record = authProfile;
+  if (typeof record.name !== "string") return {};
+  return {
+    authProfileName: record.name,
+    ...typeof record.refresh === "boolean" ? { authProfileRefresh: record.refresh } : {}
+  };
+}
+function discoverBundledWorkflows(args) {
   const discoveryPath = join(
     args.absSourceDir,
     `.libretto-deploy-discovery-${process.pid}-${Date.now()}.cjs`
   );
   const originalRequire = Module.prototype.require;
-  const workflowNames = /* @__PURE__ */ new Set();
-  const discoveryLibrettoModule = createDiscoveryLibrettoModule(workflowNames);
+  const workflowsByName = /* @__PURE__ */ new Map();
+  const discoveryLibrettoModule = createDiscoveryLibrettoModule(workflowsByName);
   let loadedModuleExports = null;
   try {
     writeFileSync(discoveryPath, args.bundleBuffer);
@@ -556,10 +591,10 @@ ${formatBuildError(error)}`
     delete require2.cache?.[discoveryPath];
     rmSync(discoveryPath, { force: true });
   }
-  const discoveredWorkflowNames = [...workflowNames].sort(
-    (left, right) => left.localeCompare(right)
+  const discoveredWorkflows = [...workflowsByName.values()].sort(
+    (left, right) => left.name.localeCompare(right.name)
   );
-  if (discoveredWorkflowNames.length === 0) {
+  if (discoveredWorkflows.length === 0) {
     throw new Error(
       `No workflows were found in ${args.absEntryPoint}. Import the workflow files you want to deploy from the entry point, or export a workflow directly from it.`
     );
@@ -569,15 +604,15 @@ ${formatBuildError(error)}`
       (workflow) => workflow.name
     )
   );
-  const nonExportedWorkflowNames = discoveredWorkflowNames.filter(
-    (name) => !exportedWorkflowNames.has(name)
+  const nonExportedWorkflowNames = discoveredWorkflows.filter(
+    (workflow) => !exportedWorkflowNames.has(workflow.name)
   );
   if (nonExportedWorkflowNames.length > 0) {
     throw new Error(
-      `Workflows discovered in ${args.absEntryPoint} must be exported from the deploy entry point. Re-export them from the entry point or export them through a \`workflows\` object. Non-exported workflows: ${nonExportedWorkflowNames.join(", ")}`
+      `Workflows discovered in ${args.absEntryPoint} must be exported from the deploy entry point. Re-export them from the entry point or export them through a \`workflows\` object. Non-exported workflows: ${nonExportedWorkflowNames.map((workflow) => workflow.name).join(", ")}`
     );
   }
-  return discoveredWorkflowNames;
+  return discoveredWorkflows;
 }
 function createBootstrapSource(args) {
   const bundleHash = createHash("sha256").update(args.bundleBuffer).digest("hex").slice(0, 16);
@@ -585,8 +620,12 @@ function createBootstrapSource(args) {
     "base64"
   );
   const outputPrefix = `${normalizePackageName(args.deploymentName)}-`;
-  const exportLines = args.workflowNames.map(
-    (name, index) => `export const ${getGeneratedWorkflowExportName(index)} = createWorkflowProxy(${JSON.stringify(name)});`
+  const exportLines = args.workflows.map(
+    (workflow, index) => `export const ${getGeneratedWorkflowExportName(index)} = createWorkflowProxy(${JSON.stringify(workflow.name)}, ${JSON.stringify({
+      credentialNames: workflow.credentialNames,
+      authProfileName: workflow.authProfileName,
+      authProfileRefresh: workflow.authProfileRefresh
+    })});`
   ).join("\n");
   return `import { createRequire } from "node:module";
 import { existsSync, writeFileSync } from "node:fs";
@@ -616,8 +655,8 @@ function ensureBundleFile() {
   return BUNDLE_FILENAME;
 }
 
-function createWorkflowProxy(workflowName) {
-  return workflow(workflowName, async (ctx, input) => {
+function createWorkflowProxy(workflowName, metadata) {
+  const handler = async (ctx, input) => {
     const impl = nativeRequire(ensureBundleFile());
     const target = getWorkflowFromModuleExports(impl, workflowName);
     if (!target || typeof target.run !== "function") {
@@ -626,6 +665,26 @@ function createWorkflowProxy(workflowName) {
       );
     }
     return await target.run(ctx, input);
+  };
+
+  if (!metadata?.authProfileName) {
+    return workflow(workflowName, {
+      credentials: Array.isArray(metadata?.credentialNames)
+        ? metadata.credentialNames
+        : [],
+      handler,
+    });
+  }
+
+  return workflow(workflowName, {
+    credentials: Array.isArray(metadata.credentialNames)
+      ? metadata.credentialNames
+      : [],
+    authProfile: {
+      name: metadata.authProfileName,
+      ...(typeof metadata.authProfileRefresh === "boolean" ? { refresh: metadata.authProfileRefresh } : {}),
+    },
+    handler,
   });
 }
 
@@ -657,7 +716,7 @@ async function writeBundledDeployEntrypoint(args) {
         "Bundler did not produce a deployment implementation file."
       );
     }
-    const workflowNames = discoverBundledWorkflowNames({
+    const workflows = discoverBundledWorkflows({
       absEntryPoint: args.absEntryPoint,
       absSourceDir: args.absSourceDir,
       bundleBuffer: Buffer.from(bundledImplementation.contents),
@@ -668,9 +727,10 @@ async function writeBundledDeployEntrypoint(args) {
       createBootstrapSource({
         bundleBuffer: Buffer.from(bundledImplementation.contents),
         deploymentName: args.deploymentName,
-        workflowNames
+        workflows
       })
     );
+    return workflows;
   } catch (error) {
     throw new Error(
       `Failed to bundle deploy entry point ${args.absEntryPoint}.
@@ -694,7 +754,7 @@ async function createHostedDeployPackage(args) {
   const workspacePackages = discoverWorkspacePackages(absSourceDir);
   let callerOwnsTempRoot = false;
   try {
-    await writeBundledDeployEntrypoint({
+    const workflows = await writeBundledDeployEntrypoint({
       absEntryPoint,
       absSourceDir,
       deploymentName: args.deploymentName,
@@ -712,13 +772,15 @@ async function createHostedDeployPackage(args) {
       outputDir,
       sourceDir: absSourceDir
     });
+    writeDeployMetadata({ outputDir, workflows });
     callerOwnsTempRoot = true;
     return {
       cleanup: () => {
         rmSync(tempRoot, { force: true, recursive: true });
       },
       entryPoint: "index.js",
-      outputDir
+      outputDir,
+      workflows
     };
   } finally {
     if (!callerOwnsTempRoot) {
@@ -735,7 +797,8 @@ async function buildHostedDeployTarball(args) {
     });
     return {
       entryPoint: deployPackage.entryPoint,
-      source: readFileSync(tarPath).toString("base64")
+      source: readFileSync(tarPath).toString("base64"),
+      workflows: deployPackage.workflows
     };
   } finally {
     deployPackage.cleanup();