# @zapier/zapier-sdk ## 0.65.0 ### Minor Changes - 9138968: Add the workflow-run experimental code-substrate plugins: `listWorkflowRuns`, `getWorkflowRun`, and `getTriggerRun`. All three live behind `@zapier/zapier-sdk/experimental` only — the stable subpath does not surface them. `listWorkflowRuns` is paginated against the backend's cursor + limit contract; `getWorkflowRun` looks up a run by id; `getTriggerRun` walks from a trigger id to its associated run, useful immediately after firing a trigger when the caller has the trigger id but not yet the run id. All ID inputs are UUID-validated at the schema boundary. Handlers pass the API response through verbatim — schemas stay as `outputSchema` for docs and types, but consumers see any richer fields the server adds without an SDK release. Adds `workflowRunIdResolver` — a dependent resolver scoped to the parent workflow — so CLI commands taking a run id present an interactive picker via `sdk.listWorkflowRuns({ workflow })`. `getTriggerRun` does not register a picker for `trigger`; users typically have the trigger id from a recent fire and pass it directly. ## 0.64.0 ### Minor Changes - 913aa6b: Add the workflow-version experimental code-substrate plugins: `publishWorkflowVersion`, `listWorkflowVersions`, and `getWorkflowVersion`. All three are registered only in `@zapier/zapier-sdk/experimental`; the stable subpath does not expose them. `listWorkflowVersions` is paginated (cursor + pageSize); `publishWorkflowVersion` POSTs `source_files` (filename → contents) plus optional `dependencies`, `zapier_durable_version`, and `enabled` (defaults to true) to publish a new version; `getWorkflowVersion` returns the full version state including source files. Handlers pass API responses through verbatim (no client-side `.parse()` re-emission) so callers see any richer fields the server adds later without an SDK release. Adds `workflowVersionIdResolver` — a dependent resolver scoped to a parent workflow, mirrored on `tableRecordIdResolver`'s shape — so commands that take a version id present an interactive picker via `sdk.listWorkflowVersions({ workflow })` in the CLI. All ID inputs are UUID-validated at the boundary so non-UUID strings fail with a clear schema error instead of an opaque 500 from the backend's `::uuid` cast. ## 0.63.0 ### Minor Changes - dfa3cea: Add the durable-run-write experimental code-substrate plugins: `runDurable` and `cancelDurableRun`. Both are registered only in `@zapier/zapier-sdk/experimental`; the stable subpath does not expose them. `runDurable` POSTs to sdkdurableapi `/api/v0/runs` with `source_files` (filename → contents), optional `input`/`dependencies`/`zapier_durable_version`/`connections`/`app_versions`, and a `private` input that maps to `is_private` on the wire. Returns the run ID immediately in `initialized` status — callers that need terminal status poll via `getDurableRun`; no built-in polling. `cancelDurableRun` POSTs to `/api/v0/runs/:id/cancel`, returns `{ id, status: "cancelled" }` on success, and propagates `ZapierNotFoundError` (404) and `ZapierConflictError` (409 — run already terminal) so callers can distinguish those outcomes. `runDurable` passes the API response through verbatim (no client-side `.parse()` re-emission) so callers see any richer fields the server adds later without an SDK release. Input field naming follows the in-tree convention (`run` rather than `runId`); UUID-validated at the input boundary. `cancelDurableRun` reuses `durableRunIdResolver` from the reads MR for ID pickers. ## 0.62.0 ### Minor Changes - eb9b408: Add the durable-run-read experimental code-substrate plugins: `listDurableRuns` and `getDurableRun`. Both are registered only in `@zapier/zapier-sdk/experimental`; the stable subpath does not expose them. `listDurableRuns` is paginated (cursor + pageSize) per the sdkdurableapi `/api/v0/runs` contract; `getDurableRun` returns the full run state with nested execution and operations journal. Handlers pass API responses through verbatim (no client-side `.parse()` re-emission) so callers see any richer fields the server adds later without an SDK release. Also adds `durableRunIdResolver` in `src/resolvers/durableRunId.ts` so commands that take a run id present an interactive picker via `sdk.listDurableRuns()` in the CLI (uses `toIterable` to pull across pages). Input field naming follows the in-tree convention (`run` rather than the fork's `runId`); input is validated as a UUID at the boundary so non-UUID strings fail with a clear schema error instead of an opaque 500 from the backend's `::uuid` cast. ## 0.61.0 ### Minor Changes - 4827ffe: Add the workflow-write experimental code-substrate plugins: `createWorkflow`, `updateWorkflow`, `enableWorkflow`, `disableWorkflow`, `deleteWorkflow`. All five are registered only in `@zapier/zapier-sdk/experimental`; the stable subpath does not expose them. The four ID-based ops (update, enable, disable, delete) reuse `workflowIdResolver` so callers get an interactive picker via `sdk.listWorkflows()`. `deleteWorkflow` is marked `confirm: "delete"` for an explicit confirmation prompt before the destructive call. Input field naming follows the in-tree convention (`workflow` rather than the fork's `workflowId`, matching `tableIdResolver`'s shape) and is validated as a UUID at the input boundary so non-UUID strings fail with a clear schema error instead of an opaque 500 from the backend's `::uuid` cast. Response shapes match what the durableworkflowzaps handlers actually emit — no fabricated `is_private` / `created_by_user_id` / `triggers` fields. Handlers pass API responses through verbatim (no client-side `.parse()` re-emission) so callers see any richer fields the server adds later without an SDK release. ### Patch Changes - 104daa3: Fix login/logout reliability bugs. **Bug fixes:** - `logout` now warns and still clears local keychain/registry state when the server returns 401 during revocation (404 is still silently swallowed; 401 is surfaced as a console warning so users know to verify or revoke the credential manually if needed) - Re-login no longer fails with "already exists" when a locally-orphaned registry entry has the same name as the desired new credential - `logout` no longer prompts for confirmation before deleting credentials; it always proceeds immediately, which also fixes hangs in non-TTY/CI environments **Deprecations:** - `--skip-prompts` on `login` and `init` is deprecated in favour of `--non-interactive`. The old flag continues to work with a deprecation warning. ## 0.60.0 ### Minor Changes - f12598a: Add the workflow-read experimental plugins: `listWorkflows` and `getWorkflow`. Both are registered only in `@zapier/zapier-sdk/experimental`; the stable subpath does not expose them. `listWorkflows` uses `createPaginatedPluginMethod` (page-iterator + `pageSize`/`cursor`/`maxItems` options) so callers can iterate via `for await (const page of sdk.listWorkflows())` or `toIterable(sdk.listWorkflows())`. The backend does not paginate today; the SDK treats a missing `next_cursor` as the last page, so server-side pagination drops in without an SDK API change. Introduces `packages/zapier-sdk/src/plugins/codeSubstrate/shared.ts` with `codeSubstrateDefaults` (`{ categories: ["code-workflow"], experimental: true }`) that subsequent code-workflow plugins spread into their `createPluginMethod` configs. Also adds `workflowIdResolver` in `src/resolvers/workflowId.ts` (mirrors `tableIdResolver` / `triggerInboxResolver`) so commands that take a workflow id present an interactive picker via `sdk.listWorkflows()` in the CLI. Workflow-write commands (`createWorkflow`, `updateWorkflow`, `enable/disable/deleteWorkflow`) land in a follow-up MR. ## 0.59.0 ### Minor Changes - e9da7e9: Register `/sdkdurableapi` and `/durableworkflowzaps` in the API client's path configuration so plugins can route to those services via the sdkapi proxy. Requests to `/sdkdurableapi/...` and `/durableworkflowzaps/...` now resolve under `https://sdkapi.zapier.com/api/v0/sdk//...` with the standard `Authorization` header, matching the existing `/zapier`, `/tables`, and `/trigger-inbox` entries. The existing `getAuthorizationHeader` auto-detects JWTs and formats them as `JWT `. Enables in-tree plugins (e.g. forthcoming experimental code-substrate plugins) to call durable services through `sdk.context.api` without rolling their own HTTP client. ## 0.58.0 ### Minor Changes - afbd4b6: Export `eventEmissionPlugin` (and its config/cleanup helpers) from the package root so consumers can compose their own SDK with `createSdk`. The plugin's existing helpers and types are now exposed via the plugin module itself instead of being re-listed in the SDK index. ## 0.57.0 ### Minor Changes - 5457bdd: Added a `trash` option to `listTableRecords` and `listTableFields` for controlling soft-deleted item visibility. Accepts `"exclude"` (default, active items only), `"include"` (active and soft-deleted), or `"only"` (soft-deleted items only). ## 0.56.2 ### Patch Changes - 884d0fc: Update ensureTriggerInbox to use new PUT endpoint in upstream Trigger Inbox API ## 0.56.1 ### Patch Changes - cc0c9cf: Clarified the `releaseOnError` option description for `drainTriggerInbox` and `consumeTriggerInbox`: errors release the message when the drain finishes, not immediately. ## 0.56.0 ### Minor Changes - d2aa0e9: Allow opting into approvals during login ## 0.55.0 ### Minor Changes - ce779d1: Add `hint?: string | string[]` to `PromptConfig.choices`. The CLI renders it after the choice's `name` as dimmed parens; an unset `hint` with a primitive `value` auto-renders the value. All built-in resolvers migrate to the new shape, so existing dropdowns get small visual cleanups (dim parens, no `ID:` prefix, dash converted to parens, em-dash in `tableRecordId` gone). Plugin authors who embed the value in `name` (e.g. `"Foo (${id})"`) should drop the embedded parens; the auto-default appends a second otherwise. ## 0.54.1 ### Patch Changes - 22a1727: Add optional `name` parameter to `createTriggerInbox` method ## 0.54.0 ### Minor Changes - ecfb727: Add type-to-filter to interactive single-select dropdowns: dynamic resolvers (apps, connections, tables, table records, etc.) and SELECT-format field choices. `(Load more...)` remains reachable even when a search yields zero matches, so users can pull the next page and try again. Dynamic resolvers also gain an `inputType: "search"` mode: the CLI prompts for free-form text, hands it to `fetch` as `search`, and either short-circuits on a primitive return (exact match) or renders results as a search-filterable dropdown. Empty results expose `(Use "foo" as-is)` and `(Try a different search)` so a required parameter can never strand the user. The built-in `appKey` resolver now uses this mode (`getApp` for exact match, `listApps --search` for fallback). `DynamicResolver` is now a discriminated union of `DynamicListResolver` and `DynamicSearchResolver`. Note for plugin authors: the `placeholder` field is now typed as `never` on the list variant, so a classic list resolver that was previously setting an unused `placeholder` will see a TypeScript error. Move it into a search-mode variant (`inputType: "search"`) or drop it — the CLI never read it on list resolvers. ## 0.53.0 ### Minor Changes - 23352c8: Trigger inbox fixes and additions: - Send `connection_id: null` for trigger inboxes without a connection so connection-less apps (e.g. tables) work correctly. - Add `listTriggers`, a read variant of `listActions` that lists an app's triggers. - Add interactive resolvers to trigger inbox message methods: `ackTriggerInboxMessages` and `releaseTriggerInboxMessages` prompt for `messages` with a multi-select of leased messages; `leaseTriggerInboxMessages` prompts for `leaseLimit` and `leaseSeconds`. - CLI: coerce static prompt input to the schema's underlying type so numeric/boolean fields (e.g. `leaseLimit`, `leaseSeconds`) no longer fail Zod validation with "expected number, received string". ## 0.52.0 ### Minor Changes - 7984fae: Add a configurable concurrency limit so the SDK queues requests beyond `maxConcurrentRequests` (FIFO) instead of firing them all at once. Default is 200. Configurable via the `createZapierSdk({ maxConcurrentRequests })` option or the `ZAPIER_MAX_CONCURRENT_REQUESTS` env var (the option wins). Pass `Infinity` to disable. Slots are held across 429 retries (so server backoff isn't undermined by extra parallelism) but released as soon as response headers arrive — streaming responses (SSE, long-running chunked reads) do not pin a permit for the lifetime of the body. Queued acquires respect `AbortSignal`. Queued requests emit `api:concurrency_wait_start` / `api:concurrency_wait_end` events for diagnostics. ## 0.51.0 ### Minor Changes - ef1c97d: Default SDK auth to client credentials ### Patch Changes - f5a734d: Updated the experimental Triggers notice in all three package READMEs to clarify that the feature is in closed beta, with a link to contact us for access. ## 0.50.0 ### Minor Changes - cd8f37b: Collapse the approval-flow surface into a single tri-state `approvalMode` option. What changed: - `approvalMode` is now `"disabled" | "poll" | "throw"` (was `"poll" | "fail"`). - `"disabled"` is the default. While the approval flow is alpha, callers must opt in explicitly via `approvalMode: "poll"` or `approvalMode: "throw"` (or the `ZAPIER_APPROVAL_MODE` env var). On an approval-required response, `"disabled"` throws a `ZapierApprovalError` with `status: "approval_required"` without creating an approval. - The `isInteractive` SDK option and the `ZAPIER_IS_INTERACTIVE` env var have been removed. Their role is subsumed by `approvalMode`: choosing `"poll"` / `"throw"` is the explicit opt-in that previously required `isInteractive: true`. - `"fail"` has been renamed to `"throw"` (both the option value and the `ZAPIER_APPROVAL_MODE` env var value). The behavior is unchanged: throw a `ZapierApprovalError` carrying the approval URL so the caller can surface it. - `approvalMode`, `approvalTimeoutMs`, and `maxApprovalRetries` are now part of the public API (no longer marked `internal: true`). There is no back-compat shim. `approvalMode: "fail"` and `isInteractive: ` will fail Zod validation up front. ## 0.49.0 ### Minor Changes - 529663c: Add experimental support for triggers. ## 0.48.1 ### Patch Changes - 5ec7992: Document return type shapes in SDK README. ## 0.48.0 ### Minor Changes - c7cff63: Adds an extension mechanism that lets the CLI and MCP server load additional plugin packages at runtime. Set `ZAPIER_SDK_EXTENSIONS` to a comma-separated list of package specifiers, or pass them via the new `extensions` option — methods they contribute show up automatically as CLI commands and MCP tools, no per-project wiring required. When a plugin tries to register a method, context field, or meta entry that's already registered by another plugin in the chain, `addPlugin` now logs a warning and skips the duplicate plugin's contribution rather than silently overwriting. This catches the common foot-gun of an extension accidentally shadowing a built-in SDK method. Intentional duplicates can be expressed via `composePlugins(...)`, and meta-only overrides (e.g. tagging a built-in method as deprecated) continue to work unchanged. ## 0.47.1 ### Patch Changes - 4ab820a: Skip the approval `poll_url` and `approval_url` origin checks when `baseUrl` (or `ZAPIER_BASE_URL`) points at `localhost` / `127.0.0.1`. Local dev runs sdkapi, approvalsapi, and the approval frontend on different ports, so the origin pin can never match. The check is intended to stop a compromised sdkapi from redirecting bearer-token traffic to an attacker host — a threat that doesn't apply when the developer owns every service on the machine. ## 0.47.0 ### Minor Changes - e45ce2f: Add `composePlugins(...subPlugins)` for bundling N plugins into a single `Plugin` so a consumer can call `addPlugin(combined)` once. Bag-mode composition: throws on duplicate root keys or duplicate `context.meta` keys, intersects each sub-plugin's TSdk requirements, and flows through the existing single-plugin `addPlugin` without the type-widening an array overload would impose. ## 0.46.2 ### Patch Changes - fcb47ea: Set npm package homepage links to public SDK documentation. ## 0.46.1 ### Patch Changes - 591ddb5: Removed custom error handlers and added definePlugin, createPluginMethod, and createPaginatedPluginMethod to reduce plugin boilerplate. ## 0.46.0 ### Minor Changes - bd887ab: Rename the client credentials persistence seam from storage to cache and expose the CLI filesystem/keychain adapter as a best-effort cache. ## 0.45.2 ### Patch Changes - 783e180: Convert API query params from camelCase to snake_case (appKeys -> app_keys, pageSize -> page_size) to match the updated API contract. Also updated all `zapier-sdk-*` packages to Zod to 4.3.6 ## 0.45.1 ### Patch Changes - cb0d898: Added telemetry headers so sdkapi can attribute traffic to the SDK entry point that produced it. Every outbound request now includes `x-zapier-sdk-version`, with `x-zapier-service` added when `ZAPIER_SDK_SERVICE` is set. Requests originating from `createZapierCliSdk` or `createZapierMcpServer` additionally include `x-zapier-sdk-package` and `x-zapier-sdk-package-version` identifying the wrapping package; direct `createZapierSdk` callers omit those two. Headers are applied after caller-supplied header merging, so they can't be spoofed via per-request `options.headers`. ## 0.45.0 ### Minor Changes - 15dce25: `registryPlugin` is now deprecated, because `getRegistry` is built into the SDK and added after each plugin is added. Plugins will always be registered; there is no need to call `createZapierSdkWithoutRegistry`, add custom plugins, and then `.addPlugin(registryPlugin)`. Because of this, `createZapierSdkWithoutRegistry` is now deprecated, and calling it will still give you an SDK with `getRegistry` on it. Calling `addPlugin(registryPlugin)` on that SDK is a no-op. ## 0.44.0 ### Minor Changes - fd8660c: Allow UUID connection IDs in the `.zapierrc` connections map. `ConnectionEntrySchema.connectionId` now accepts either a positive integer (legacy form) or a UUID-format string (returned by the Zapier connections API for newer connections). ## 0.43.0 ### Minor Changes - 8df8761: Add an experimental interactive approval flow for policy-gated actions. When an action requires approval, the SDK detects the `approval_required` response, prompts for approval in interactive sessions, and automatically retries the original request once approved. Non-interactive sessions receive a clear error explaining that approval is required. This flow is experimental and its behavior may change in future releases. ## 0.42.1 ### Patch Changes - 707c57a: Simplify plugin system: plugins now receive sdk as a positional parameter with context at sdk.context. The Plugin type takes 2 generics (input SDK shape, output provides) instead of 3. Context is shallow-frozen to prevent reassignment of top-level properties. createSdk() is now zero-arg; SDK options are injected via createOptionsPlugin(options) through addPlugin like any other state. Plugins that need options declare it as an explicit context dependency. The addPluginOptions second argument to addPlugin has been removed. ## 0.42.0 ### Minor Changes - 55e8330: Support maxTime for SDK fetch & CLI curl - Relay extended timeout ## 0.41.2 ### Patch Changes - 3cf1a98: Fix connection resolution for no-auth apps ## 0.41.1 ### Patch Changes - 53c165a: `formatErrorMessage` now renders `ZapierRateLimitError` details (limit used, time until retry, retry count) instead of just the bare "Rate limited" message. CLI, MCP, and any consumer using `formatErrorMessage` now surface which rate-limit window tripped and how long until it resets. ## 0.41.0 ### Minor Changes - 912e960: Prefer public IDs over numeric IDs in responses ## 0.40.4 ### Patch Changes - e3f5a81: Replace Node-only imports (timers/promises, os) with browser-safe alternatives and add browser compatibility test suite ## 0.40.3 ### Patch Changes - b250545: Connections - Replace isExpired with expired ## 0.40.2 ### Patch Changes - 362bc56: Make sure CLI only shows non-deprecated positional parameters. ## 0.40.1 ### Patch Changes - 5391c65: Fix ordering problem with tables CLI commands. ## 0.40.0 ### Minor Changes - 39e296a: Removing Id or Key suffixes from parameter names to make them flexible to be ID, key, name, alias, etc. ## 0.39.1 ### Patch Changes - b4c0560: Accept UUID authentication IDs without coercion. Stop coercing authentication IDs to numbers, allowing UUIDs and other string identifiers to pass through unchanged. Update Zod schemas to accept string or number for authentication_id fields. ## 0.39.0 ### Minor Changes - a20d36a: Add define primitives (defineTool, defineDurable, defineComponent) via @zapier/zapier-sdk/define entrypoint and app registry via @zapier/zapier-sdk/apps entrypoint. ## 0.38.0 ### Minor Changes - 2906101: Default `listConnections` and `listTables` to only return your own items. Gate shared access and table deletion behind boolean flags: `canIncludeSharedConnections`, `canIncludeSharedTables`, `canDeleteTables`. Set via SDK options, `.zapierrc`, CLI flags (`--can-delete-tables`), or env vars (`ZAPIER_CAN_DELETE_TABLES=true`). ## 0.37.0 ### Minor Changes - 307aa98: Add named connections support. A new `connection` parameter on `runAction`, the apps proxy, and `fetch` resolves a connection alias (string) from a connections map, or accepts a numeric `connectionId` directly. The map is provided via the `connections` field in `.zapierrc` (or the inline `manifest` option on `createZapierSdk()`). ## 0.36.0 ### Minor Changes - 3a447d3: Add support for pagination in Run Action ## 0.35.0 ### Minor Changes - d4534f3: Add support for Tables. ## 0.34.1 ### Patch Changes - 6c5bba9: Fix fetch type for app proxy without generated types. ## 0.34.0 ### Minor Changes - 3700f6a: Fix --json output ## 0.33.4 ### Patch Changes - d9e0f1d: Fix user properties being overwritten by context merge in telemetry events ## 0.33.3 ### Patch Changes - f676852: Suppress resolver method calls from emitting telemetry events ## 0.33.2 ### Patch Changes - 623dc25: Add deprecation warning for fetch CLI command ## 0.33.1 ### Patch Changes - 42edf6e: Remove test files from published packages ## 0.33.0 ### Minor Changes - f442359: Credential env vars (ZAPIER_CREDENTIALS, ZAPIER_CREDENTIALS_CLIENT_ID, ZAPIER_CREDENTIALS_CLIENT_SECRET, ZAPIER_CREDENTIALS_BASE_URL, ZAPIER_CREDENTIALS_SCOPE) are now read at call time rather than at import time. If you set or modify these env vars after importing the SDK, the updated values will now be picked up correctly. Also fixes baseUrl not being passed through when calling resolveAuthToken with an explicit baseUrl option. ## 0.32.5 ### Patch Changes - 0feaeb1: Fix telemetry sdk_version via build-time constant ## 0.32.4 ### Patch Changes - 1334eac: Emit login_success lifecycle event on CLI login ## 0.32.3 ### Patch Changes - 04000f6: Skip connection selection for apps that do not require auth ## 0.32.2 ### Patch Changes - a6dec83: Fix base URL with trailing slash bypassing sdkapi. ## 0.32.1 ### Patch Changes - c7be13e: Fix bug where `add` command hangs after completing successfully ## 0.32.0 ### Minor Changes - 250cb7d: Store CLI login credentials in system keychain. ## 0.31.4 ### Patch Changes - 026ae46: Properly capture and type errors from downstream proxy service. ## 0.31.3 ### Patch Changes - c98008a: Add callContext option to EventEmissionConfig to track where SDK method calls originate. MethodCalledEvent telemetry events now populate call_context with "sdk", "cli", or "mcp" instead of null. ## 0.31.2 ### Patch Changes - 1ae0349: Improve error message when credentials can't be found. Also improve module resolution for login module. ## 0.31.1 ### Patch Changes - b0f273f: Enrich MethodCalledEvent with selected_api, operation_type, operation_key ## 0.31.0 ### Minor Changes - 4a874c6: Add Zod schema for base SDK options, autodoc generation for SDK factory options and CLI base command options ## 0.30.0 ### Minor Changes - 0055854: Remove internal `_telemetry` property from all method option types ## 0.29.0 ### Minor Changes - ad5ee3b: Adds a new curl plugin. Switch -v flag to -V for version information. Fix CLI to properly handle string and object types. Add redirect passthrough to fetch plugin (to support curl plugin). ## 0.28.0 ### Minor Changes - b2e5675: Retry on 429s with appropriate backoff. Add maxNetworkRetries and maxNetworkRetryDelayMs options (also configurable via ZAPIER_MAX_NETWORK_RETRIES and ZAPIER_MAX_NETWORK_RETRY_DELAY_MS environment variables). ## 0.27.1 ### Patch Changes - 4ad0f34: Removed the `overall` option from the feedback command, since that will be inferred now. Also made it ask for feedback if you don't provide a value for it. ## 0.27.0 ### Minor Changes - 9fb0b48: Switch from "authentication" to "connection" everywhere. ## 0.26.0 ### Minor Changes - bfdd383: Remove authenticationTemplate option from fetch. ## 0.25.3 ### Patch Changes - 7ab8539: Adding feedback command for submitting SDK feedback ## 0.25.2 ### Patch Changes - 642713b: Update README with more detail and more attention on fetch. ## 0.25.1 ### Patch Changes - aacaf22: Improved `fetch` to automatically set the correct `Content-Type` header based on the request body type. `FormData`, `Blob`, and other binary bodies are now handled correctly instead of being misidentified as JSON. ## 0.25.0 ### Minor Changes - b0b7eb3: Add timeoutMs for setting the timeout for polling action results. ## 0.24.0 ### Minor Changes - d72cda1: Deprecates request() in favor of self-contained fetch(). The fetch plugin now handles URL-to-relay transformation, header normalization, and body content-type inference directly instead of delegating to request. The request plugin is preserved as a backward-compatible shim that forwards to fetch. CLI and MCP now expose a fetch command via a new inputParameters registry concept for multi-positional-argument functions. ## 0.23.2 ### Patch Changes - 9664bd0: Fix polling for callback actions. ## 0.23.1 ### Patch Changes - c95e1d4: Add debug option inside event emission plugin. ## 0.23.0 ### Minor Changes - 7cf2b12: Add debug logging to zapier-sdk-cli-login. Only allow one token refresh at a time. ## 0.22.1 ### Patch Changes - 8ebde4b: Add required scopes for credentials methods. ## 0.22.0 ### Minor Changes - f54f895: Fix allowed_scopes parameter to be allowedScopes. ## 0.21.1 ### Patch Changes - dd54c22: `request` and `fetch` now require auth and provide a more helpful error message ## 0.21.0 ### Minor Changes - 33e2a8f: Added methods/commands for creating/listing/deleting client credentials. ## 0.20.1 ### Patch Changes - 7bd3c5c: Fix process listener memory leak in event emission plugin ## 0.20.0 - Correction for accidentally publishing a major version update. ## 1.1.0 ### Minor Changes - 4dd27eb: Add isExpired parameter to listAuthentications for filtering authentications by expiration status. ## 1.0.3 ### Patch Changes - e393401: Adds CLAUDE.md documentation files to the zapier-sdk and zapier-sdk-cli packages to help users get up to speed faster when using AI assistants like Claude, Cursor, etc. ## 1.0.2 ### Patch Changes - 00ef417: Resolved confusing "Failed to read manifest from .zapierrc" error ## 1.0.1 ### Patch Changes - aba842a: Updated docs to remove reference to deprecated token option. ## 1.0.0 ### Minor Changes - 97ff6c0: Add support for client credentials. ### Patch Changes - Updated dependencies [97ff6c0] - @zapier/zapier-sdk-cli-login@0.4.0 ## 0.18.4 ### Patch Changes - 3bc3cad: - Migrated `listApps` to call sdkapi endpoints directly, removing the temporary handler infrastructure. - Schemas now imported from `@zapier/zapier-sdk-core` for shared type definitions ## 0.18.3 ### Patch Changes - 7c59b01: - `listAuthentications` now routes through the proxy. It also imports and overrides a shared schema from `zapier-sdk-core` ## 0.18.2 ### Patch Changes - 76fb606: - `getAuthentication` plugin now routes through proxy instead of direct Zapier API's ## 0.18.1 ### Patch Changes - ee5beb6: Refactor transport classes to factory functions ## 0.18.0 ### Minor Changes - c2eab85: Switch numeric IDs to strings. ## 0.17.0 ### Minor Changes - 79b47f7: Renaming user_id to profile_id in authentications. ## 0.16.3 ### Patch Changes - 870f2aa: Fix CLI process hanging after login and on signal handling - Clear login timeout timer after successful authentication to allow process exit - Use timer.unref() on telemetry timeouts so they don't block process exit - Add explicit process.exit() in signal handlers with correct exit codes ## 0.16.2 ### Patch Changes - 93cbb3c: Fix search to prefer public app versions over private when user has access to both ## 0.16.1 ### Patch Changes - 142c1ce: Fix CLI UX issues: stdout truncation when piped, nullable schema detection for Zod 4, error body display, and auto Content-Type for JSON bodies ## 0.16.0 ### Minor Changes - 24ae4f0: Upgrade to Zod 4 - Update all packages to use Zod 4 - Migrate internal API access from `_def` to `_zod.def` - Update `z.record()` calls to include explicit key types - Fix schema introspection for documentation generation and CLI - Update MCP schema converter for Zod 4 structure ## 0.15.13 ### Patch Changes - d08fa90: Add proper license - Updated dependencies [d08fa90] - @zapier/zapier-sdk-cli-login@0.3.5 ## 0.15.12 ### Patch Changes - 9989512: Deduplicate plugin names in telemetry implementations ## 0.15.11 ### Patch Changes - 64de0b0: Emit MethodCalledEvent telemetry event ## 0.15.10 ### Patch Changes - 2f1fc5c: Remove inaccurate `peak_memory_usage_bytes` values from telemetry events ## 0.15.9 ### Patch Changes - 450b009: Fix getAction to search across all paginated results ## 0.15.8 ### Patch Changes - 371315e: Extract main logic/transformations of getAuthentication into temporary-internal-core to prepare for full migration ## 0.15.7 ### Patch Changes - 9f3695b: Make sure path of base URL is used when overriding base URL. ## 0.15.6 ### Patch Changes - 6a0e0db: Fix telemetry user context to use token from SDK options and Deduplicate JWT validation logic ## 0.15.5 ### Patch Changes - 712c02b: Refactored temporary route override pattern ## 0.15.4 ### Patch Changes - f7e552e: Add synchronous customuser_id and account_id retrieval to event emission plugin ## 0.15.3 ### Patch Changes - 6657f05: Defined shape and support for configured actions in the .zapierrc manifest file ## 0.15.2 ### Patch Changes - e4a3457: Extract listApps API and schemas ## 0.15.1 ### Patch Changes - 4c78fb0: Added `getInputFieldsSchema` plugin to retrieve JSON Schema for action inputs ## 0.15.0 ### Minor Changes - f92bc07: Route all API requests through new service. ## 0.14.0 ### Minor Changes - 3f2f104: - Introduce a `services` layer for reusability between plugins - `listInputFieldChoices` now supports returning static choices if they exist ## 0.13.9 ### Patch Changes - 492e2f9: - Add new `batch` utility method to handle concurency limits, retries, timeouts and exponential backoffs. - Refactor `generateAppTypes` in CLI to use the new `batch` utility ## 0.13.8 ### Patch Changes - 6de89a9: Allow overriding ZAPIER_BASE_URL with env vars, and also add new ZAPIER_TRACKING_BASE_URL, ZAPIER_AUTH_BASE_URL, and ZAPIER_AUTH_CLIENT_ID env vars and parameters. - Updated dependencies [6de89a9] - @zapier/zapier-sdk-cli-login@0.3.4 ## 0.13.7 ### Patch Changes - c1d3c9c: Publish zapier-sdk as a public package. - 16b4930: Only publish compiled TS files. ## 0.13.6 ### Patch Changes - a563cda: Extend ZapierCliSdkOptions with the base ZapierSdkOptions so we can see the token and other properties when initializing with createZapierSdkCli - Updated dependencies [9b7a954] - @zapier/zapier-sdk-cli-login@0.3.3 ## 0.13.5 ### Patch Changes - 05ce6f7: 1. Extracted manifest creation and type generation into flexible base plugins that can be used by other consumers. 2. Updated updateManifestEntry function from base SDK to allow manipulating manifest as file or as JSON ## 0.13.4 ### Patch Changes - 80732ea: Add basic event-driven telemetry for key lifecycle events and CLI logins ## 0.13.3 ### Patch Changes - 53fa85e: Show id and key properties when listing actions. Allow getAction to use an id or key. Make runAction pass action_id to API to ensure it always works. ## 0.13.2 ### Patch Changes - 325d5c2: Fix bug where adding apps with dashed slugs would create types with syntax errors. All valid keys are now valid properties on the apps interface. ## 0.13.1 ### Patch Changes - a607e3a: Fixes a bug where listApps would return all apps if no appKeys were resolved to app locators. This in turn fixes the `add` command hanging when using only invalid app keys (since it would try to add all apps), and it fixes getApp which returned the first app of all apps for an invalid slug, since it just calls to listApps. ## 0.13.0 ### Minor Changes - 53ad336: Tweak list-apps output. Hint at slug for appKey parameters. Fix type gen for new field format. Fix action normalization. ## 0.12.1 ### Patch Changes - c2f88bc: Fix usage examples, add rough apps proxy examples ## 0.12.0 ### Minor Changes - 21d8487: Improved get started README and added more documentation to the add plugin ## 0.11.2 ### Patch Changes - 407245e: Add packages to meta so we can document `fetch` for SDK but not CLI/MCP. ## 0.11.1 ### Patch Changes - 0002fe9: Updated doc generation ## 0.11.0 ### Minor Changes - 12c6d3d: Return nested fields with fieldsets instead of flat fields. Also have CLI properly create line items from fieldsets for run-action. ## 0.10.0 ### Minor Changes - 3184903: No more global resolver registry, each plugin function has its own resolvers. Plugin function meta also stores output schema and some function type info to avoid some special case code for handling lists, documenting functions, etc. findFirstAuthentication throws an error to make all item functions consistent. Various other schema and output cleanup. ## 0.9.1 ### Patch Changes - 3cfed98: Reducing any usages ## 0.9.0 ### Minor Changes - 5ccaec6: AST-based type gen instead of string-based. Added `add` function for locking app versions and generating types. Removed `lockVersion` and `generateTypes functions. Manifest matching on slug or implementation name. ## 0.8.3 ### Patch Changes - ed235b6: Adds improved backoff logic to the API polling ## 0.8.2 ### Patch Changes - bef5467: Change type imports to disallow inline imports ## 0.8.1 ### Patch Changes - 319a05f: Expanding no explicit any coverage ## 0.8.0 ### Minor Changes - 3a39eee: Add listInputFieldChoices method ## 0.7.0 ### Minor Changes - 096d674: Changed incorrect account_id parameter to accountId. Also made sure all CLI parameters are documented as kebab-case. ## 0.6.4 ### Patch Changes - 4315531: All CLI commands are now just local plugins used to build a CLI specific SDK, and that CLI specific SDK is used to generate the CLI docs. ## 0.6.3 ### Patch Changes - 5b74010: Manifest is now lazy loading so it doesn't warn until you try to use it. ## 0.6.2 ### Patch Changes - ac0624d: Update warning message to reference correct lock-version command ## 0.6.1 ### Patch Changes - 38fe5c4: Clean up no .zapierrc warning ## 0.6.0 ### Minor Changes - c472d6f: Add manifest plugin to consume a supplied manifest, as well as lockVersion plugin to create or update the manifest. - c402bcd: Remove \_\_registry in favor of getRegistry that also provides categories for functions. ### Patch Changes - e08365e: Add support for lock file in generate-types command ## 0.5.2 ### Patch Changes - 218a3ca: reducing 'any' usage with minimal changes to runtime - Updated dependencies [218a3ca] - @zapier/zapier-sdk-cli-login@0.3.2 ## 0.5.1 ### Patch Changes - c662f79: Add proper README with dynamically-listed methods ## 0.5.0 ### Minor Changes - 741c385: All functions are now plugins, so _everything_ is a plugin.