libretto 0.6.31 → 0.6.33

package/README.md

@@ -95,7 +95,7 @@ All Libretto state lives in a `.libretto/` directory at your project root. See t
 
 ## Telemetry
 
-Libretto records anonymous CLI telemetry to help understand CLI usage and help us prioritize improvements. Each resolved command can send only an install id, timestamp, command event name such as `libretto run`, error boolean, package version, and build channel (`node_modules`, `source`, or `unknown`). Libretto does not send command arguments, URLs, project paths, auth state, API keys, error messages or details, or user identity.
+Libretto records CLI telemetry to help understand CLI usage and help us prioritize improvements. Each resolved command can send only an install id, timestamp, command event name such as `libretto run`, error boolean, package version, build channel (`node_modules`, `source`, or `unknown`), and, when signed into Libretto Cloud, the configured cloud user id. Libretto does not send command arguments, URLs, project paths, session cookies, API keys, error messages or details, or emails.
 
 The install id is stored in the telemetry file at `~/.libretto/telemetry.json`. The implementation lives in [`src/cli/core/telemetry.ts`](src/cli/core/telemetry.ts).
 

package/README.template.md

@@ -93,7 +93,7 @@ All Libretto state lives in a `.libretto/` directory at your project root. See t
 
 ## Telemetry
 
-Libretto records anonymous CLI telemetry to help understand CLI usage and help us prioritize improvements. Each resolved command can send only an install id, timestamp, command event name such as `libretto run`, error boolean, package version, and build channel (`node_modules`, `source`, or `unknown`). Libretto does not send command arguments, URLs, project paths, auth state, API keys, error messages or details, or user identity.
+Libretto records CLI telemetry to help understand CLI usage and help us prioritize improvements. Each resolved command can send only an install id, timestamp, command event name such as `libretto run`, error boolean, package version, build channel (`node_modules`, `source`, or `unknown`), and, when signed into Libretto Cloud, the configured cloud user id. Libretto does not send command arguments, URLs, project paths, session cookies, API keys, error messages or details, or emails.
 
 The install id is stored in the telemetry file at `~/.libretto/telemetry.json`. The implementation lives in [`{{LIBRETTO_PATH_PREFIX}}src/cli/core/telemetry.ts`]({{LIBRETTO_PATH_PREFIX}}src/cli/core/telemetry.ts).
 

package/dist/cli/commands/auth.js

@@ -1,7 +1,7 @@
+import { spawn } from "node:child_process";
 import { z } from "zod";
 import { SimpleCLI } from "affordance";
 import {
-  ApiCallError,
   betterAuthCall,
   NOT_AUTHENTICATED_MESSAGE,
   orpcCall,
@@ -13,12 +13,29 @@ import {
   authStatePath,
   clearAuthState,
   readAuthState,
-  setCookieToCookieHeader,
   writeAuthState
 } from "../core/auth-storage.js";
-import { prompt, promptPassword, slugify } from "../core/prompt.js";
-function isSlugTakenData(data) {
-  return !!data && typeof data === "object" && data.reason === "slug_taken";
+function resolveHostedWebsiteUrl() {
+  return process.env.LIBRETTO_WEBSITE_URL?.trim() || "https://libretto.sh";
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function openBrowser(url) {
+  const command = process.platform === "darwin" ? "open" : process.platform === "win32" ? "cmd" : "xdg-open";
+  const args = process.platform === "win32" ? ["/c", "start", "", url] : [url];
+  try {
+    const child = spawn(command, args, {
+      detached: true,
+      stdio: "ignore"
+    });
+    child.on("error", () => {
+    });
+    child.unref();
+    return true;
+  } catch {
+    return false;
+  }
 }
 async function getCurrentSession(apiUrl, cookie) {
   try {
@@ -33,33 +50,89 @@ async function getCurrentSession(apiUrl, cookie) {
     return null;
   }
 }
-async function pollForVerification(apiUrl, pollIntervalMs = 4e3, maxWaitMs = 10 * 60 * 1e3) {
-  const start = Date.now();
-  while (Date.now() - start < maxWaitMs) {
-    const session = await getCurrentSession(apiUrl);
-    if (session?.user.emailVerified) return true;
-    process.stdout.write(".");
-    await new Promise((r) => setTimeout(r, pollIntervalMs));
+async function runBrowserAuthFlow(options) {
+  const login = await orpcCall({
+    apiUrl: options.apiUrl,
+    path: "/v1/auth/cliLoginCreate",
+    unauthenticated: true
+  });
+  const loginUrl = new URL("/signin", options.websiteUrl);
+  loginUrl.searchParams.set("cliLoginId", login.requestId);
+  loginUrl.searchParams.set("cliLoginSecret", login.secret);
+  if (options.mode === "signup") {
+    loginUrl.searchParams.set("mode", "signup");
   }
+  console.log(
+    options.mode === "signup" ? "Sign up for Libretto Cloud in your browser:" : "Sign in to Libretto Cloud in your browser:"
+  );
+  console.log(`  ${loginUrl.toString()}`);
   console.log();
-  return false;
-}
-async function persistSignupSession(apiUrl, result) {
-  const cookie = setCookieToCookieHeader(result.setCookie);
-  if (!cookie) {
-    throw new Error("Sign-up did not return a session cookie. Check the server.");
+  if (openBrowser(loginUrl.toString())) {
+    console.log("Opened the page in your default browser.");
+    console.log("If it didn't open, copy the link above into your browser.");
+    console.log();
+  } else {
+    console.log("Copy the link above into your browser.");
+    console.log();
   }
-  const next = {
-    apiUrl,
-    session: {
-      cookie,
-      userId: result.userId,
-      email: result.email,
-      expiresAt: null
+  console.log(
+    options.mode === "signup" ? "Waiting for browser sign-up" : "Waiting for browser sign-in"
+  );
+  const expiresAt = new Date(login.expiresAt).getTime();
+  let verificationHintShown = false;
+  while (Date.now() < expiresAt) {
+    const result = await orpcCall({
+      apiUrl: options.apiUrl,
+      path: "/v1/auth/cliLoginPoll",
+      input: {
+        requestId: login.requestId,
+        secret: login.secret
+      },
+      unauthenticated: true
+    });
+    if (result.status === "expired") {
+      throw new Error(
+        `Auth request expired. Run \`libretto cloud auth ${options.mode}\` again.`
+      );
     }
-  };
-  await writeAuthState(next);
-  return next;
+    if (result.status === "approved") {
+      const session = await getCurrentSession(options.apiUrl, result.cookieHeader);
+      if (!session?.user?.id) {
+        throw new Error(
+          "Browser auth succeeded, but the returned session could not be verified."
+        );
+      }
+      const next = {
+        apiUrl: options.apiUrl,
+        session: {
+          cookie: result.cookieHeader,
+          userId: result.userId,
+          email: result.email,
+          expiresAt: session.session.expiresAt ?? result.sessionExpiresAt
+        }
+      };
+      await writeAuthState(next);
+      console.log();
+      console.log(`Logged in as ${result.email}.`);
+      if (!result.emailVerified) {
+        console.log(
+          "Heads up: your email isn't verified yet. Click the verification link in your inbox to finish setup."
+        );
+      }
+      return;
+    }
+    if (options.mode === "signup" && !verificationHintShown) {
+      console.log();
+      console.log("After signing up with email/password, verify your email to finish CLI auth.");
+      verificationHintShown = true;
+    }
+    process.stdout.write(".");
+    await sleep(2e3);
+  }
+  console.log();
+  throw new Error(
+    `Auth request expired. Run \`libretto cloud auth ${options.mode}\` again.`
+  );
 }
 async function resolveActiveOrgId(apiUrl, credential) {
   const { data: orgs } = await betterAuthCall({
@@ -88,149 +161,22 @@ async function issueApiKey(apiUrl, name, credential) {
   return data;
 }
 const signupCommand = SimpleCLI.command({
-  description: "Create a new hosted-platform account and organization"
+  description: "Open the hosted-platform sign-up page"
 }).input(SimpleCLI.input({ positionals: [], named: {} })).handle(async () => {
-  const apiUrl = resolveHostedApiUrl();
-  console.log("Sign up for libretto cloud");
-  console.log();
-  console.log("Heads up: a libretto user can only belong to one organization.");
-  console.log(
-    "If your team already has a libretto org, ask a teammate for an invite instead \u2014 switching orgs later isn't supported."
-  );
-  console.log("Type 'q' at the name prompt to quit if that applies to you.");
-  console.log();
-  const name = await prompt("Your name:");
-  if (name.toLowerCase() === "q" || name.length === 0) {
-    console.log(
-      "OK \u2014 ask an existing teammate to run `libretto cloud auth invite <your-email>` and then run `libretto cloud auth accept-invite <slug> <invitation-id>` from this machine."
-    );
-    return;
-  }
-  const email = await prompt("Your email:");
-  const password = await promptPassword("Choose a password (8+ chars):");
-  const orgName = await prompt("Organization name:");
-  const defaultSlug = slugify(orgName);
-  let orgSlug = (await prompt("Organization slug:", { defaultValue: defaultSlug })).toLowerCase();
-  const debugNotificationEmail = await prompt(
-    "Alert email (for hosted workflow failures):",
-    { defaultValue: email }
-  );
-  console.log();
-  console.log("Creating account...");
-  let result;
-  while (true) {
-    try {
-      result = await orpcCall({
-        apiUrl,
-        path: "/v1/auth/signupAndCreateOrg",
-        input: {
-          name,
-          email,
-          password,
-          organizationName: orgName,
-          organizationSlug: orgSlug,
-          debugNotificationEmail
-        },
-        unauthenticated: true
-      });
-      break;
-    } catch (e) {
-      if (e instanceof ApiCallError && e.code === "CONFLICT" && isSlugTakenData(e.data)) {
-        console.log();
-        console.log(e.message);
-        orgSlug = (await prompt("Organization slug:")).toLowerCase();
-        continue;
-      }
-      throw e;
-    }
-  }
-  await persistSignupSession(apiUrl, result);
-  console.log(`Account created. Verification email sent to ${result.email}.`);
-  console.log("Click the link in the email to verify, then return here.");
-  console.log("Waiting for verification");
-  const verified = await pollForVerification(apiUrl);
-  if (!verified) {
-    console.log();
-    console.log(
-      "Timed out waiting for email verification. Click the link in the email when you're ready \u2014 your CLI session is already saved, no need to re-run signup."
-    );
-    return;
-  }
-  console.log();
-  console.log("Email verified. You're logged in.");
-  console.log(`Session saved to ${authStatePath()}`);
-  console.log();
-  console.log("To generate an API key, run:");
-  console.log("  libretto cloud auth api-key issue --label <label>");
-  console.log("Then add LIBRETTO_API_KEY=<key> to your project's .env file.");
-});
-const loginCommand = SimpleCLI.command({
-  description: "Sign in to an existing hosted-platform account"
-}).input(SimpleCLI.input({ positionals: [], named: {} })).handle(async () => {
-  const apiUrl = resolveHostedApiUrl();
-  const email = await prompt("Email:");
-  const password = await promptPassword("Password:");
-  const { data, setCookie } = await betterAuthCall({
-    apiUrl,
-    path: "/api/auth/sign-in/email",
-    input: { email, password },
-    unauthenticated: true
+  await runBrowserAuthFlow({
+    mode: "signup",
+    apiUrl: resolveHostedApiUrl(),
+    websiteUrl: resolveHostedWebsiteUrl()
   });
-  const cookie = setCookieToCookieHeader(setCookie);
-  if (!cookie) {
-    throw new Error("Login response did not include a session cookie.");
-  }
-  const session = await getCurrentSession(apiUrl, cookie);
-  const next = {
-    apiUrl,
-    session: {
-      cookie,
-      userId: data.user.id,
-      email: data.user.email,
-      expiresAt: session?.session.expiresAt ?? null
-    }
-  };
-  await writeAuthState(next);
-  console.log(`Logged in as ${data.user.email}.`);
-  if (!data.user.emailVerified) {
-    console.log(
-      "Heads up: your email isn't verified yet. Re-sending the verification link to your inbox \u2014 click it to finish setup."
-    );
-    try {
-      await betterAuthCall({
-        apiUrl,
-        path: "/api/auth/send-verification-email",
-        input: {
-          email: data.user.email,
-          callbackURL: `${apiUrl}/auth/verified`
-        },
-        unauthenticated: true
-      });
-      console.log(`Verification email sent to ${data.user.email}.`);
-    } catch (error) {
-      const message = error instanceof Error ? error.message : "unknown error";
-      console.log(
-        `Couldn't resend the verification email (${message}). Try again, or hit /api/auth/send-verification-email directly.`
-      );
-    }
-  }
 });
-const forgotPasswordCommand = SimpleCLI.command({
-  description: "Send a password reset email"
+const loginCommand = SimpleCLI.command({
+  description: "Open the hosted-platform sign-in page"
 }).input(SimpleCLI.input({ positionals: [], named: {} })).handle(async () => {
-  const apiUrl = resolveHostedApiUrl();
-  const email = await prompt("Email:");
-  const result = await orpcCall({
-    apiUrl,
-    path: "/v1/auth/requestPasswordReset",
-    input: { email },
-    unauthenticated: true
+  await runBrowserAuthFlow({
+    mode: "login",
+    apiUrl: resolveHostedApiUrl(),
+    websiteUrl: resolveHostedWebsiteUrl()
   });
-  if (result.status === "not_found") {
-    console.log(`No Libretto account exists for ${email}.`);
-    return;
-  }
-  console.log(`Password reset link sent to ${email}.`);
 });
 const logoutCommand = SimpleCLI.command({
   description: "Clear local libretto credentials"
@@ -260,7 +206,7 @@ const inviteCommand = SimpleCLI.command({
     ],
     named: {
       role: SimpleCLI.option(
-        z.enum(["member", "admin", "owner"]).default("member"),
+        z.enum(["member", "owner"]).default("member"),
         { help: "Role to assign (default: member)." }
       )
     }
@@ -293,108 +239,17 @@ const inviteCommand = SimpleCLI.command({
   const org = orgs?.find((o) => o.id === data.organizationId);
   const orgName = org?.name ?? "<your-org-name>";
   const orgSlug = org?.slug ?? "<your-org-slug>";
+  const inviteUrl = new URL("/invite", resolveHostedWebsiteUrl());
+  inviteUrl.searchParams.set("tenantSlug", orgSlug);
+  inviteUrl.searchParams.set("invitationId", data.id);
+  inviteUrl.searchParams.set("accept", "1");
   console.log(`Invitation sent to ${data.email}.`);
   console.log(`Invitation id: ${data.id}`);
   console.log(`Organization:  ${orgName} (${orgSlug})`);
   console.log(`Expires at:    ${data.expiresAt}`);
   console.log();
-  console.log("Tell them to run:");
-  console.log(
-    `  libretto cloud auth accept-invite ${orgSlug} ${data.id}`
-  );
-});
-const acceptInviteCommand = SimpleCLI.command({
-  description: "Accept an organization invitation"
-}).input(
-  SimpleCLI.input({
-    positionals: [
-      SimpleCLI.positional(
-        "tenantSlug",
-        z.string().min(2).max(60).regex(/^[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/, {
-          message: "Slug must be lowercase letters, numbers, and hyphens (no leading/trailing hyphen)."
-        }),
-        {
-          help: "Slug of the organization you're joining. Must match the org slug in the invitation email \u2014 acts as a confirmation step."
-        }
-      ),
-      SimpleCLI.positional("invitationId", z.string().min(1), {
-        help: "Invitation id from the invite email."
-      })
-    ],
-    named: {}
-  })
-).handle(async ({ input }) => {
-  const stored = await readAuthState();
-  const apiUrl = resolveHostedApiUrl();
-  const credential = pickCredential(stored);
-  const expectedTenantSlug = input.tenantSlug;
-  if (credential.source !== "none") {
-    const { data: existingOrgs } = await betterAuthCall({
-      apiUrl,
-      path: "/api/auth/organization/list",
-      method: "GET",
-      credential
-    });
-    if (Array.isArray(existingOrgs) && existingOrgs.length > 0) {
-      throw new Error(
-        [
-          "You're already a member of an organization.",
-          "A libretto user can only belong to one organization at a time.",
-          "To accept this invite: log out, delete the existing account, and re-run `libretto cloud auth accept-invite` with a new account (or a fresh email)."
-        ].join("\n")
-      );
-    }
-    const { data: invitation } = await betterAuthCall({
-      apiUrl,
-      path: `/api/auth/organization/get-invitation?id=${encodeURIComponent(input.invitationId)}`,
-      method: "GET",
-      credential
-    });
-    if (!invitation?.organizationSlug || invitation.organizationSlug !== expectedTenantSlug) {
-      throw new Error(
-        "Organization slug doesn't match this invitation. Double-check the slug shown in the invitation email."
-      );
-    }
-    await betterAuthCall({
-      apiUrl,
-      path: "/api/auth/organization/accept-invitation",
-      input: { invitationId: input.invitationId },
-      credential
-    });
-    console.log(`Invitation accepted. You're now a member of ${invitation.organizationName}.`);
-    return;
-  }
-  console.log("Accepting invite \u2014 let's create your account.");
-  const name = await prompt("Your name:");
-  const password = await promptPassword("Choose a password (8+ chars):");
-  const result = await orpcCall({
-    apiUrl,
-    path: "/v1/auth/acceptInviteAndSignup",
-    input: {
-      invitationId: input.invitationId,
-      tenantSlug: input.tenantSlug,
-      name,
-      password
-    },
-    unauthenticated: true
-  });
-  await persistSignupSession(apiUrl, result);
-  console.log(`Account created. Verification email sent to ${result.email}.`);
-  console.log("Click the link in the email and return here.");
-  console.log("Waiting for verification");
-  const verified = await pollForVerification(apiUrl);
-  if (!verified) {
-    console.log();
-    console.log(
-      "Timed out waiting for email verification. Click the link in the email when ready \u2014 your CLI session is already saved."
-    );
-    return;
-  }
-  console.log();
-  console.log("Email verified. You're logged in and a member of the organization.");
-  console.log("To generate an API key, run:");
-  console.log("  libretto cloud auth api-key issue --label <label>");
-  console.log("Then add LIBRETTO_API_KEY=<key> to your project's .env file.");
+  console.log("Invite link:");
+  console.log(`  ${inviteUrl.toString()}`);
 });
 const apiKeyIssueCommand = SimpleCLI.command({
   description: "Issue a new API key for the active organization"
@@ -515,10 +370,8 @@ const authCommands = SimpleCLI.group({
   routes: {
     signup: signupCommand,
     login: loginCommand,
-    "forgot-password": forgotPasswordCommand,
     logout: logoutCommand,
     invite: inviteCommand,
-    "accept-invite": acceptInviteCommand,
     whoami: whoamiCommand,
     "api-key": SimpleCLI.group({
       description: "Manage API keys",
@@ -531,12 +384,10 @@ const authCommands = SimpleCLI.group({
   }
 });
 export {
-  acceptInviteCommand,
   apiKeyIssueCommand,
   apiKeyListCommand,
   apiKeyRevokeCommand,
   authCommands,
-  forgotPasswordCommand,
   inviteCommand,
   loginCommand,
   logoutCommand,

package/dist/cli/commands/browser.js

@@ -112,6 +112,7 @@ const openCommand = SimpleCLI.command({
     await runOpenWithProvider(
       input.url,
       providerName,
+      input.headless,
       ctx.session,
       ctx.logger,
       resolveRequestedSessionMode(input.readOnly, input.writeAccess),

package/dist/cli/commands/cloud-credentials.js

@@ -1,18 +1,7 @@
 import { SimpleCLI } from "affordance";
-import { orpcCall, resolveApiUrl } from "../core/auth-fetch.js";
+import { orpcCall } from "../core/auth-fetch.js";
+import { withCloudApiKey } from "./shared.js";
 const CLOUD_CREDENTIAL_ENV_PREFIX = "LIBRETTO_CLOUD_";
-function requireApiKeyCredential() {
-  const apiKey = process.env.LIBRETTO_API_KEY?.trim();
-  if (!apiKey) {
-    throw new Error(
-      "LIBRETTO_API_KEY is required to manage Libretto Cloud credentials. Issue one with `libretto cloud auth api-key issue --label <label>`."
-    );
-  }
-  return {
-    apiUrl: resolveApiUrl(null),
-    credential: { source: "env-api-key", apiKey }
-  };
-}
 function parseEnvCredentials(prefix) {
   const credentials = {};
   for (const [key, value] of Object.entries(process.env)) {
@@ -29,22 +18,21 @@ const pushCredentialCommand = SimpleCLI.command({
 }).input(SimpleCLI.input({
   positionals: [],
   named: {}
-})).handle(async () => {
+})).use(withCloudApiKey("manage Libretto Cloud credentials")).handle(async ({ ctx }) => {
   const credentials = parseEnvCredentials(CLOUD_CREDENTIAL_ENV_PREFIX);
   if (credentials.length === 0) {
     throw new Error(
       `No non-empty env vars found with prefix ${CLOUD_CREDENTIAL_ENV_PREFIX}.`
     );
   }
-  const { apiUrl, credential } = requireApiKeyCredential();
   let created = 0;
   let updated = 0;
   for (const item of credentials) {
     const response = await orpcCall({
-      apiUrl,
+      apiUrl: ctx.apiUrl,
       path: "/v1/credentials/upsert",
       input: item,
-      credential
+      credential: ctx.credential
     });
     if (response.overwritten) {
       updated += 1;

package/dist/cli/commands/cloud-jobs.js

@@ -0,0 +1,125 @@
+import { readFileSync } from "node:fs";
+import { z } from "zod";
+import { SimpleCLI } from "affordance";
+import { orpcCall } from "../core/auth-fetch.js";
+import { withCloudApiKey } from "./shared.js";
+const createJobUsage = "Usage: libretto cloud jobs create <workflow> [--params <json> | --params-file <path>]";
+function parseJsonObject(label, raw) {
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (error) {
+    throw new Error(
+      `Invalid JSON in ${label}: ${error instanceof Error ? error.message : String(error)}`
+    );
+  }
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new Error(`${label} must be a JSON object.`);
+  }
+  return parsed;
+}
+function readJsonObjectFile(label, filePath) {
+  let content;
+  try {
+    content = readFileSync(filePath, "utf8");
+  } catch {
+    throw new Error(
+      `Could not read ${label} "${filePath}". Ensure the file exists and is readable.`
+    );
+  }
+  return parseJsonObject(label, content);
+}
+const createCloudJobInput = SimpleCLI.input({
+  positionals: [
+    SimpleCLI.positional("workflow", z.string().optional(), {
+      help: "Deployed workflow name to run"
+    })
+  ],
+  named: {
+    params: SimpleCLI.option(z.string().optional(), {
+      help: "Inline JSON params object"
+    }),
+    paramsFile: SimpleCLI.option(z.string().optional(), {
+      name: "params-file",
+      help: "Path to a JSON params file"
+    }),
+    credentialId: SimpleCLI.option(z.string().optional(), {
+      name: "credential-id",
+      help: "Stored cloud credential id to pass to the workflow"
+    }),
+    timeoutSeconds: SimpleCLI.option(z.coerce.number().int().min(1).optional(), {
+      name: "timeout-seconds",
+      help: "Job timeout in seconds"
+    }),
+    headed: SimpleCLI.flag({ help: "Run browser in headed mode" }),
+    headless: SimpleCLI.flag({ help: "Run browser in headless mode" }),
+    callbackUrl: SimpleCLI.option(z.string().optional(), {
+      name: "callback-url",
+      help: "Per-job callback URL"
+    }),
+    callbackSecret: SimpleCLI.option(z.string().optional(), {
+      name: "callback-secret",
+      help: "Secret used to sign the per-job callback"
+    }),
+    skipCallbacks: SimpleCLI.flag({
+      name: "skip-callbacks",
+      help: "Skip stored webhook callbacks for this job"
+    }),
+    residentialProxy: SimpleCLI.option(z.string().optional(), {
+      name: "residential-proxy",
+      help: "Residential proxy config as a JSON object"
+    })
+  }
+}).refine((input) => Boolean(input.workflow), createJobUsage).refine(
+  (input) => !(input.params && input.paramsFile),
+  "Pass either --params or --params-file, not both."
+).refine(
+  (input) => !(input.headed && input.headless),
+  "Cannot pass both --headed and --headless."
+).refine(
+  (input) => !input.callbackUrl && !input.callbackSecret || Boolean(input.callbackUrl && input.callbackSecret),
+  "Pass both --callback-url and --callback-secret, or omit both."
+);
+const createCloudJobCommand = SimpleCLI.command({
+  description: "Create a Libretto Cloud job for a deployed workflow"
+}).input(createCloudJobInput).use(withCloudApiKey("create Libretto Cloud jobs")).handle(async ({ input, ctx }) => {
+  const params = input.paramsFile ? readJsonObjectFile("--params-file", input.paramsFile) : input.params ? parseJsonObject("--params", input.params) : {};
+  const residentialProxy = input.residentialProxy ? parseJsonObject("--residential-proxy", input.residentialProxy) : void 0;
+  const payload = {
+    workflow: input.workflow,
+    params
+  };
+  if (input.credentialId) payload.credential_id = input.credentialId;
+  if (input.timeoutSeconds !== void 0) {
+    payload.timeout_seconds = input.timeoutSeconds;
+  }
+  if (input.headed) payload.headless = false;
+  if (input.headless) payload.headless = true;
+  if (input.callbackUrl) payload.callback_url = input.callbackUrl;
+  if (input.callbackSecret) payload.callback_secret = input.callbackSecret;
+  if (input.skipCallbacks) payload.skip_callbacks = true;
+  if (residentialProxy !== void 0) {
+    payload.residential_proxy = residentialProxy;
+  }
+  const response = await orpcCall({
+    apiUrl: ctx.apiUrl,
+    path: "/v1/jobs/create",
+    input: payload,
+    credential: ctx.credential
+  });
+  console.log(`Job created: ${response.job_id}`);
+  console.log(`Status: ${response.status}`);
+  console.log(response.message);
+  return response.job_id;
+});
+const cloudJobCommands = SimpleCLI.group({
+  description: "Create and manage hosted jobs",
+  routes: {
+    create: createCloudJobCommand
+  }
+});
+export {
+  cloudJobCommands,
+  createCloudJobCommand,
+  createCloudJobInput
+};