UiPath Coded Apps

Preview — skill is under active development; surface and behavior may change.

Build, debug, and deploy UiPath Coded Web Applications and Coded Action Apps using the uip codedapp CLI and @uipath/uipath-typescript SDK.

When to Use This Skill

• User wants to build, debug, or deploy a UiPath Coded Web App or Coded Action App
• User asks about uip codedapp commands, .uipath/ directory, app.config.json, or action-schema.json
• User wants to scaffold a new React/Vue frontend for UiPath Cloud or an Action Center form
• User wants to push/pull source between local and Studio Web
• User wants to use the @uipath/uipath-typescript SDK from a coded app
• User wants to run the full pipeline (build → pack → publish → deploy)

App Types

Coded apps are not registered in .uipx solutions. They have no project.uiproj / project.json, so uip solution project add does not apply. A coded app can live alongside a solution directory but deploys independently via uip codedapp publish (and uip codedapp deploy), not via uip solution pack / publish / deploy.

Critical Rules

1. Identify the app type before doing anything else. Ask: “Are you building a Coded Web App (custom frontend deployed to UiPath Cloud) or a Coded Action App (form for Action Center human task reviews)?” The two paths diverge on scaffolding, redirect URI, and publish flag — do not guess.
2. Always check login status first. Run uip login status --output json before any cloud command. If not logged in, run uip login.
3. Never skip the build step. Run npm run build after scaffolding (to verify the scaffold compiles) and again before pack or push (to produce the deployable dist/). Verify dist/ exists each time.
4. Pack → Publish → Deploy order is required. Each step depends on the previous one producing its output.
5. Bump the version for re-publish. If the same version already exists in Orchestrator, publish will fail.
6. Action apps require -t Action on publish. Run uip codedapp publish -t Action (not the default Web type).
7. Never handle access tokens manually. Do not pass, print, parse, source, or set cached access tokens. Use uip login and supported uip codedapp commands; the CLI manages authentication.
8. Base URL must use the API subdomain. https://api.uipath.com not https://cloud.uipath.com. See the table below.
9. vite.config.ts must always set base: './'. The platform handles URL routing — apps must use relative asset paths. Do not use a routing name or a sub-path here.
10. Use getAppBase() from @uipath/uipath-typescript for any absolute URL constructed at runtime — router basename, image src, fetch paths. Deployed apps mount at a non-root prefix; /-rooted paths work locally but 404 after deploy. Vite’s base: './' only fixes import-time references.
11. uip codedapp deploy must run non-interactively. Pass the folder key as --folder-key <GUID> (or as UIPATH_FOLDER_KEY=<GUID> env-var prefix — either works). The interactive folder picker fails in non-TTY contexts (CI, agent shells). If the user provides a folder name, resolve it to a key with uip or folders list --output json and match on the Name field (output rows are { Key, Name, Path, Description, Type, ParentKey }). The uip or ... commands require the Orchestrator tool — install once via uip tools install @uipath/orchestrator-tool (check first with uip tools list).
12. Guard against text overflow in every UI. See patterns.md “Preventing Text Overflow”.
13. Inspect the DF schema before writing analytics, filters, or seeds. Run uip df entities get <ENTITY_ID> --output json to inspect fields and types. At runtime, use entities.getById(<id>) from the app’s authenticated session. DF doesn’t behave like a typical RDBMS; see sdk/data-fabric.md “Anti-shapes & gotchas”.
14. Every list call returns ONE page — even with no options. There is no “give me everything” path. Applies to getAll, getAllRecords, queryRecordsById, getFileMetaData, etc. getAll() with no options does NOT return all rows; the SDK sends no pageSize and the server applies its own cap, wrapped in a misleadingly-named NonPaginatedResponse. To list every row from a source that may exceed the cap, you MUST loop the cursor: while (page.hasNextPage) { page = await getAll({ cursor: page.nextCursor }) } and accumulate items. Reading result.items.length after a single call is almost always a bug. See sdk/pagination.md.
15. Tables of dynamic data must paginate, not dump all rows in one scroll. Page size 25–50 with next/prev/page-number controls and a “Showing X–Y of Z” summary. Top-N + “see all” is acceptable for explicitly summary panels (e.g., “Top 10 oldest”). Infinite-scroll-of-N-rows is unusable for operational dashboards. Applies to any table backed by any service (DF entities, Tasks, Jobs, Conversations, Process Instances, etc.). See patterns.md “Tabular Data”.
16. When adding any new SDK method call, verify VITE_UIPATH_SCOPE already includes the required scope. Write operations, action methods (Jobs.stop, Tasks.complete, ProcessInstances.cancel, etc.), or first use of a new service typically need broader scopes than read-only flows. Mismatched scopes fail silently with 401 / 403 on the first call. See oauth-scopes.md for the per-method scope table.

Task Navigation

CLI Setup

# Install the UiPath CLI (run once)
npm install -g @uipath/cli

# Install the coded apps tool
uip tools install @uipath/codedapp-tool

# Install the Orchestrator tool (needed to resolve folder name → key for deploy)
uip tools install @uipath/orchestrator-tool

# Verify both are installed
uip tools list

# Resolve uip if not on PATH
UIP=$(command -v uip 2>/dev/null || npm root -g 2>/dev/null | sed 's|/node_modules$||')/bin/uip
$UIP --version

Authenticate before any cloud command:

uip login status --output json         # check if logged in
uip login                              # interactive OAuth (opens browser)
uip login --authority https://alpha.uipath.com   # non-production environments

Environment Variables

Base URL by environment:

Quick Deploy (Full Pipeline)

Do NOT pause between steps to ask “should I continue?” — execute the full pipeline. Only stop if you need auth credentials or an app name.

1. Auth — uip login status --output json. If not logged in, ask the user for their environment and run uip login.
2. Build — npm run build. Verify ls dist/.
3. Pack — uip codedapp pack dist -n <name> --version <version>. Produces .uipath/<name>.<version>.nupkg. Bump version if previously published.
4. Publish — uip codedapp publish (add -t Action for action apps). Verify cat .uipath/app.config.json.
5. Deploy — uip codedapp deploy -n <name> --folder-key <GUID>. Resolve the GUID from a user-provided folder name via uip or folders list --output json. Never let the command go interactive. Share the app URL with the user.

SDK Module Imports

See references/sdk/imports.md for the subpath ↔ class mapping, type import conventions, and anti-pattern examples. Core rules are listed under Anti-patterns below.

Key Concepts

App Config (.uipath/app.config.json)

Created by publish, consumed by deploy. Contains appName, systemName, appType, deploymentId, appUrl. Do not delete .uipath/ between publish and deploy.

Action Schema (action-schema.json)

Action apps define a data contract between the form and the Maestro/Agent workflow. It has four sections: inputs (read-only data from automation), outputs (user-filled fields), inOuts (pre-populated but editable), and outcomes (submission buttons like Approve/Reject).

Troubleshooting

See references/debug.md for detailed diagnosis steps.

Folder identifier names differ across CLI and SDK. The CLI uses UIPATH_FOLDER_KEY / --folder-key (string) and applies only to uip codedapp deploy. SDK methods use different parameters: Maestro services (MaestroProcesses, ProcessInstances, Cases) take folderKey (string GUID), Orchestrator services (Assets, Queues, Buckets, Processes) take folderId (number). Do not pass the CLI env var into SDK calls. To bridge from a Maestro folderKey to an Orchestrator folderId, see sdk/maestro.md — and never parseInt(folderKey), the GUID is not numeric.

Completion Output

When you finish a task, report only what’s applicable to the work actually done:

1. What was done — files created, edited, or deleted (list paths); CLI commands run
2. Stage reached — one of: scaffolded / built / packed / published / deployed
3. Artifacts produced (report only the ones that actually exist):
   • dist/ — if npm run build was run
   • .uipath/<name>.<version>.nupkg — if pack was run
   • .uipath/app.config.json with deploymentId — if publish was run
   • Live deployment URL (appUrl from app.config.json) — if deploy was run
   • External Application client ID — if one was created this session
4. Next steps, depending on where the task stopped:
   • Scaffolded only: cd <app-name> && npm run dev to run locally
   • Built but not packed: ready to uip codedapp pack when the user wants to deploy
   • Published but not deployed: run uip codedapp deploy to go live
   • Deployed (Web): open/share the deployment URL; verify sign-in flow
   • Deployed (Action): the app will render in Action Center human tasks triggered by Maestro/Agent workflows matching the routing name
5. Open issues — any auth failures, scope mismatches, missing folder key, skipped steps, or errors left unresolved

If a later stage was requested but skipped (e.g., user asked to deploy but only publish succeeded), call it out explicitly in the next-steps section.

Anti-patterns

These pitfalls are not already covered by the Critical Rules. For rules stated as positive requirements, see the Critical Rules section at the top.

• Don’t import service classes from the package root — use the subpath (e.g., @uipath/uipath-typescript/assets).
• Don’t use the deprecated dot-chain sdk.entities.getAll() — use constructor DI: new Entities(sdk).
• Don’t delete .uipath/ between publish and deploy — deploy reads app.config.json written by publish.