@constructive-sdk/cli 0.12.22 → 0.13.0

package/objects/orm/mutation/index.d.ts

@@ -6,7 +6,7 @@
 import { OrmClient } from '../client';
 import { QueryBuilder } from '../query-builder';
 import type { InferSelectResult, StrictSelect } from '../select-types';
-import type { FreezeObjectsInput, InitEmptyRepoInput, RemoveNodeAtPathInput, SetDataAtPathInput, SetPropsAndCommitInput, InsertNodeAtPathInput, UpdateNodeAtPathInput, SetAndCommitInput, FreezeObjectsPayload, InitEmptyRepoPayload, RemoveNodeAtPathPayload, SetDataAtPathPayload, SetPropsAndCommitPayload, InsertNodeAtPathPayload, UpdateNodeAtPathPayload, SetAndCommitPayload, FreezeObjectsPayloadSelect, InitEmptyRepoPayloadSelect, RemoveNodeAtPathPayloadSelect, SetDataAtPathPayloadSelect, SetPropsAndCommitPayloadSelect, InsertNodeAtPathPayloadSelect, UpdateNodeAtPathPayloadSelect, SetAndCommitPayloadSelect } from '../input-types';
+import type { FreezeObjectsInput, InitEmptyRepoInput, RemoveNodeAtPathInput, SetDataAtPathInput, SetPropsAndCommitInput, InsertNodeAtPathInput, UpdateNodeAtPathInput, SetAndCommitInput, RequestUploadUrlInput, ConfirmUploadInput, ProvisionBucketInput, FreezeObjectsPayload, InitEmptyRepoPayload, RemoveNodeAtPathPayload, SetDataAtPathPayload, SetPropsAndCommitPayload, InsertNodeAtPathPayload, UpdateNodeAtPathPayload, SetAndCommitPayload, RequestUploadUrlPayload, ConfirmUploadPayload, ProvisionBucketPayload, FreezeObjectsPayloadSelect, InitEmptyRepoPayloadSelect, RemoveNodeAtPathPayloadSelect, SetDataAtPathPayloadSelect, SetPropsAndCommitPayloadSelect, InsertNodeAtPathPayloadSelect, UpdateNodeAtPathPayloadSelect, SetAndCommitPayloadSelect, RequestUploadUrlPayloadSelect, ConfirmUploadPayloadSelect, ProvisionBucketPayloadSelect } from '../input-types';
 export interface FreezeObjectsVariables {
     input: FreezeObjectsInput;
 }
@@ -31,6 +31,35 @@ export interface UpdateNodeAtPathVariables {
 export interface SetAndCommitVariables {
     input: SetAndCommitInput;
 }
+/**
+ * Variables for requestUploadUrl
+ * Request a presigned URL for uploading a file directly to S3.
+Client computes SHA-256 of the file content and provides it here.
+If a file with the same hash already exists (dedup), returns the
+existing file ID and deduplicated=true with no uploadUrl.
+ */
+export interface RequestUploadUrlVariables {
+    input: RequestUploadUrlInput;
+}
+/**
+ * Variables for confirmUpload
+ * Confirm that a file has been uploaded to S3.
+Verifies the object exists in S3, checks content-type,
+and transitions the file status from 'pending' to 'ready'.
+ */
+export interface ConfirmUploadVariables {
+    input: ConfirmUploadInput;
+}
+/**
+ * Variables for provisionBucket
+ * Provision an S3 bucket for a logical bucket in the database.
+Reads the bucket config via RLS, then creates and configures
+the S3 bucket with the appropriate privacy policies, CORS rules,
+and lifecycle settings.
+ */
+export interface ProvisionBucketVariables {
+    input: ProvisionBucketInput;
+}
 export declare function createMutationOperations(client: OrmClient): {
     freezeObjects: <S extends FreezeObjectsPayloadSelect>(args: FreezeObjectsVariables, options: {
         select: S;
@@ -72,4 +101,19 @@ export declare function createMutationOperations(client: OrmClient): {
     } & StrictSelect<S, SetAndCommitPayloadSelect>) => QueryBuilder<{
         setAndCommit: InferSelectResult<SetAndCommitPayload, S> | null;
     }>;
+    requestUploadUrl: <S extends RequestUploadUrlPayloadSelect>(args: RequestUploadUrlVariables, options: {
+        select: S;
+    } & StrictSelect<S, RequestUploadUrlPayloadSelect>) => QueryBuilder<{
+        requestUploadUrl: InferSelectResult<RequestUploadUrlPayload, S> | null;
+    }>;
+    confirmUpload: <S extends ConfirmUploadPayloadSelect>(args: ConfirmUploadVariables, options: {
+        select: S;
+    } & StrictSelect<S, ConfirmUploadPayloadSelect>) => QueryBuilder<{
+        confirmUpload: InferSelectResult<ConfirmUploadPayload, S> | null;
+    }>;
+    provisionBucket: <S extends ProvisionBucketPayloadSelect>(args: ProvisionBucketVariables, options: {
+        select: S;
+    } & StrictSelect<S, ProvisionBucketPayloadSelect>) => QueryBuilder<{
+        provisionBucket: InferSelectResult<ProvisionBucketPayload, S> | null;
+    }>;
 };

package/objects/orm/mutation/index.js

@@ -101,5 +101,41 @@ function createMutationOperations(client) {
                 },
             ], input_types_1.connectionFieldsMap, 'SetAndCommitPayload'),
         }),
+        requestUploadUrl: (args, options) => new query_builder_1.QueryBuilder({
+            client,
+            operation: 'mutation',
+            operationName: 'RequestUploadUrl',
+            fieldName: 'requestUploadUrl',
+            ...(0, query_builder_1.buildCustomDocument)('mutation', 'RequestUploadUrl', 'requestUploadUrl', options.select, args, [
+                {
+                    name: 'input',
+                    type: 'RequestUploadUrlInput!',
+                },
+            ], input_types_1.connectionFieldsMap, 'RequestUploadUrlPayload'),
+        }),
+        confirmUpload: (args, options) => new query_builder_1.QueryBuilder({
+            client,
+            operation: 'mutation',
+            operationName: 'ConfirmUpload',
+            fieldName: 'confirmUpload',
+            ...(0, query_builder_1.buildCustomDocument)('mutation', 'ConfirmUpload', 'confirmUpload', options.select, args, [
+                {
+                    name: 'input',
+                    type: 'ConfirmUploadInput!',
+                },
+            ], input_types_1.connectionFieldsMap, 'ConfirmUploadPayload'),
+        }),
+        provisionBucket: (args, options) => new query_builder_1.QueryBuilder({
+            client,
+            operation: 'mutation',
+            operationName: 'ProvisionBucket',
+            fieldName: 'provisionBucket',
+            ...(0, query_builder_1.buildCustomDocument)('mutation', 'ProvisionBucket', 'provisionBucket', options.select, args, [
+                {
+                    name: 'input',
+                    type: 'ProvisionBucketInput!',
+                },
+            ], input_types_1.connectionFieldsMap, 'ProvisionBucketPayload'),
+        }),
     };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@constructive-sdk/cli",
-  "version": "0.12.22",
+  "version": "0.13.0",
   "author": "Constructive <developers@constructive.io>",
   "description": "Constructive CLI SDK - Auto-generated GraphQL CLI with ORM client, context management, and interactive prompts",
   "main": "index.js",
@@ -46,7 +46,7 @@
   ],
   "dependencies": {
     "@0no-co/graphql.web": "^1.1.2",
-    "@constructive-io/graphql-types": "^3.4.3",
+    "@constructive-io/graphql-types": "^3.4.4",
     "appstash": "^0.7.0",
     "gql-ast": "^3.4.2",
     "graphql": "16.13.0",
@@ -55,11 +55,11 @@
     "yanse": "^0.2.1"
   },
   "devDependencies": {
-    "@constructive-io/graphql-codegen": "^4.28.5",
+    "@constructive-io/graphql-codegen": "^4.29.0",
     "@types/node": "^22.19.11",
     "makage": "^0.3.0",
     "tsx": "^4.19.0",
     "typescript": "^5.9.3"
   },
-  "gitHead": "9356877ea3ea61013b28b1496f015776e82ccb85"
+  "gitHead": "3bf7c522cf9f9d2595750ac7cea81d470b3e6c30"
 }

package/public/cli/commands/confirm-upload.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI command for mutation confirmUpload
+ * @generated by @constructive-io/graphql-codegen
+ * DO NOT EDIT - changes will be overwritten
+ */
+import { CLIOptions, Inquirerer } from 'inquirerer';
+declare const _default: (argv: Partial<Record<string, unknown>>, prompter: Inquirerer, _options: CLIOptions) => Promise<void>;
+export default _default;

package/public/cli/commands/confirm-upload.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const executor_1 = require("../executor");
+const utils_1 = require("../utils");
+exports.default = async (argv, prompter, _options) => {
+    try {
+        if (argv.help || argv.h) {
+            console.log("confirm-upload - Confirm that a file has been uploaded to S3.\nVerifies the object exists in S3, checks content-type,\nand transitions the file status from 'pending' to 'ready'.\n\nUsage: confirm-upload [OPTIONS]\n");
+            process.exit(0);
+        }
+        const answers = await prompter.prompt(argv, [
+            {
+                type: 'text',
+                name: 'input',
+                message: 'The exclusive input argument for this mutation. An object type, make sure to see documentation for this object\u2019s fields.',
+                required: true,
+            },
+        ]);
+        const client = (0, executor_1.getClient)();
+        const parsedAnswers = (0, utils_1.unflattenDotNotation)(answers);
+        const selectFields = (0, utils_1.buildSelectFromPaths)(argv.select ?? 'clientMutationId');
+        const result = await client.mutation
+            .confirmUpload(parsedAnswers, {
+            select: selectFields,
+        })
+            .execute();
+        console.log(JSON.stringify(result, null, 2));
+    }
+    catch (error) {
+        console.error('Failed: confirmUpload');
+        if (error instanceof Error) {
+            console.error(error.message);
+        }
+        process.exit(1);
+    }
+};

package/public/cli/commands/provision-bucket.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI command for mutation provisionBucket
+ * @generated by @constructive-io/graphql-codegen
+ * DO NOT EDIT - changes will be overwritten
+ */
+import { CLIOptions, Inquirerer } from 'inquirerer';
+declare const _default: (argv: Partial<Record<string, unknown>>, prompter: Inquirerer, _options: CLIOptions) => Promise<void>;
+export default _default;

package/public/cli/commands/provision-bucket.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const executor_1 = require("../executor");
+const utils_1 = require("../utils");
+exports.default = async (argv, prompter, _options) => {
+    try {
+        if (argv.help || argv.h) {
+            console.log('provision-bucket - Provision an S3 bucket for a logical bucket in the database.\nReads the bucket config via RLS, then creates and configures\nthe S3 bucket with the appropriate privacy policies, CORS rules,\nand lifecycle settings.\n\nUsage: provision-bucket [OPTIONS]\n');
+            process.exit(0);
+        }
+        const answers = await prompter.prompt(argv, [
+            {
+                type: 'text',
+                name: 'input',
+                message: 'The exclusive input argument for this mutation. An object type, make sure to see documentation for this object\u2019s fields.',
+                required: true,
+            },
+        ]);
+        const client = (0, executor_1.getClient)();
+        const parsedAnswers = (0, utils_1.unflattenDotNotation)(answers);
+        const selectFields = (0, utils_1.buildSelectFromPaths)(argv.select ?? 'clientMutationId');
+        const result = await client.mutation
+            .provisionBucket(parsedAnswers, {
+            select: selectFields,
+        })
+            .execute();
+        console.log(JSON.stringify(result, null, 2));
+    }
+    catch (error) {
+        console.error('Failed: provisionBucket');
+        if (error instanceof Error) {
+            console.error(error.message);
+        }
+        process.exit(1);
+    }
+};

package/public/cli/commands/request-upload-url.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI command for mutation requestUploadUrl
+ * @generated by @constructive-io/graphql-codegen
+ * DO NOT EDIT - changes will be overwritten
+ */
+import { CLIOptions, Inquirerer } from 'inquirerer';
+declare const _default: (argv: Partial<Record<string, unknown>>, prompter: Inquirerer, _options: CLIOptions) => Promise<void>;
+export default _default;

package/public/cli/commands/request-upload-url.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const executor_1 = require("../executor");
+const utils_1 = require("../utils");
+exports.default = async (argv, prompter, _options) => {
+    try {
+        if (argv.help || argv.h) {
+            console.log('request-upload-url - Request a presigned URL for uploading a file directly to S3.\nClient computes SHA-256 of the file content and provides it here.\nIf a file with the same hash already exists (dedup), returns the\nexisting file ID and deduplicated=true with no uploadUrl.\n\nUsage: request-upload-url [OPTIONS]\n');
+            process.exit(0);
+        }
+        const answers = await prompter.prompt(argv, [
+            {
+                type: 'text',
+                name: 'input',
+                message: 'The exclusive input argument for this mutation. An object type, make sure to see documentation for this object\u2019s fields.',
+                required: true,
+            },
+        ]);
+        const client = (0, executor_1.getClient)();
+        const parsedAnswers = (0, utils_1.unflattenDotNotation)(answers);
+        const selectFields = (0, utils_1.buildSelectFromPaths)(argv.select ?? 'clientMutationId');
+        const result = await client.mutation
+            .requestUploadUrl(parsedAnswers, {
+            select: selectFields,
+        })
+            .execute();
+        console.log(JSON.stringify(result, null, 2));
+    }
+    catch (error) {
+        console.error('Failed: requestUploadUrl');
+        if (error instanceof Error) {
+            console.error(error.message);
+        }
+        process.exit(1);
+    }
+};

package/public/cli/commands/storage-module.js

@@ -20,6 +20,10 @@ const fieldSchema = {
     filesTableName: 'string',
     uploadRequestsTableName: 'string',
     entityTableId: 'uuid',
+    endpoint: 'string',
+    publicUrlPrefix: 'string',
+    provider: 'string',
+    allowedOrigins: 'string',
     uploadUrlExpirySeconds: 'int',
     downloadUrlExpirySeconds: 'int',
     defaultMaxFileSize: 'int',
@@ -79,6 +83,10 @@ async function handleList(argv, _prompter) {
             filesTableName: true,
             uploadRequestsTableName: true,
             entityTableId: true,
+            endpoint: true,
+            publicUrlPrefix: true,
+            provider: true,
+            allowedOrigins: true,
             uploadUrlExpirySeconds: true,
             downloadUrlExpirySeconds: true,
             defaultMaxFileSize: true,
@@ -112,6 +120,10 @@ async function handleFindFirst(argv, _prompter) {
             filesTableName: true,
             uploadRequestsTableName: true,
             entityTableId: true,
+            endpoint: true,
+            publicUrlPrefix: true,
+            provider: true,
+            allowedOrigins: true,
             uploadUrlExpirySeconds: true,
             downloadUrlExpirySeconds: true,
             defaultMaxFileSize: true,
@@ -157,6 +169,10 @@ async function handleGet(argv, prompter) {
                 filesTableName: true,
                 uploadRequestsTableName: true,
                 entityTableId: true,
+                endpoint: true,
+                publicUrlPrefix: true,
+                provider: true,
+                allowedOrigins: true,
                 uploadUrlExpirySeconds: true,
                 downloadUrlExpirySeconds: true,
                 defaultMaxFileSize: true,
@@ -247,6 +263,34 @@ async function handleCreate(argv, prompter) {
                 required: false,
                 skipPrompt: true,
             },
+            {
+                type: 'text',
+                name: 'endpoint',
+                message: 'endpoint',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'publicUrlPrefix',
+                message: 'publicUrlPrefix',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'provider',
+                message: 'provider',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'allowedOrigins',
+                message: 'allowedOrigins',
+                required: false,
+                skipPrompt: true,
+            },
             {
                 type: 'text',
                 name: 'uploadUrlExpirySeconds',
@@ -299,6 +343,10 @@ async function handleCreate(argv, prompter) {
                 filesTableName: cleanedData.filesTableName,
                 uploadRequestsTableName: cleanedData.uploadRequestsTableName,
                 entityTableId: cleanedData.entityTableId,
+                endpoint: cleanedData.endpoint,
+                publicUrlPrefix: cleanedData.publicUrlPrefix,
+                provider: cleanedData.provider,
+                allowedOrigins: cleanedData.allowedOrigins,
                 uploadUrlExpirySeconds: cleanedData.uploadUrlExpirySeconds,
                 downloadUrlExpirySeconds: cleanedData.downloadUrlExpirySeconds,
                 defaultMaxFileSize: cleanedData.defaultMaxFileSize,
@@ -317,6 +365,10 @@ async function handleCreate(argv, prompter) {
                 filesTableName: true,
                 uploadRequestsTableName: true,
                 entityTableId: true,
+                endpoint: true,
+                publicUrlPrefix: true,
+                provider: true,
+                allowedOrigins: true,
                 uploadUrlExpirySeconds: true,
                 downloadUrlExpirySeconds: true,
                 defaultMaxFileSize: true,
@@ -413,6 +465,34 @@ async function handleUpdate(argv, prompter) {
                 required: false,
                 skipPrompt: true,
             },
+            {
+                type: 'text',
+                name: 'endpoint',
+                message: 'endpoint',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'publicUrlPrefix',
+                message: 'publicUrlPrefix',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'provider',
+                message: 'provider',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'allowedOrigins',
+                message: 'allowedOrigins',
+                required: false,
+                skipPrompt: true,
+            },
             {
                 type: 'text',
                 name: 'uploadUrlExpirySeconds',
@@ -468,6 +548,10 @@ async function handleUpdate(argv, prompter) {
                 filesTableName: cleanedData.filesTableName,
                 uploadRequestsTableName: cleanedData.uploadRequestsTableName,
                 entityTableId: cleanedData.entityTableId,
+                endpoint: cleanedData.endpoint,
+                publicUrlPrefix: cleanedData.publicUrlPrefix,
+                provider: cleanedData.provider,
+                allowedOrigins: cleanedData.allowedOrigins,
                 uploadUrlExpirySeconds: cleanedData.uploadUrlExpirySeconds,
                 downloadUrlExpirySeconds: cleanedData.downloadUrlExpirySeconds,
                 defaultMaxFileSize: cleanedData.defaultMaxFileSize,
@@ -486,6 +570,10 @@ async function handleUpdate(argv, prompter) {
                 filesTableName: true,
                 uploadRequestsTableName: true,
                 entityTableId: true,
+                endpoint: true,
+                publicUrlPrefix: true,
+                provider: true,
+                allowedOrigins: true,
                 uploadUrlExpirySeconds: true,
                 downloadUrlExpirySeconds: true,
                 defaultMaxFileSize: true,

package/public/cli/commands.js

@@ -181,6 +181,9 @@ const send_verification_email_1 = __importDefault(require("./commands/send-verif
 const forgot_password_1 = __importDefault(require("./commands/forgot-password"));
 const verify_password_1 = __importDefault(require("./commands/verify-password"));
 const verify_totp_1 = __importDefault(require("./commands/verify-totp"));
+const request_upload_url_1 = __importDefault(require("./commands/request-upload-url"));
+const confirm_upload_1 = __importDefault(require("./commands/confirm-upload"));
+const provision_bucket_1 = __importDefault(require("./commands/provision-bucket"));
 const createCommandMap = () => ({
     context: context_1.default,
     auth: auth_1.default,
@@ -353,8 +356,11 @@ const createCommandMap = () => ({
     'forgot-password': forgot_password_1.default,
     'verify-password': verify_password_1.default,
     'verify-totp': verify_totp_1.default,
+    'request-upload-url': request_upload_url_1.default,
+    'confirm-upload': confirm_upload_1.default,
+    'provision-bucket': provision_bucket_1.default,
 });
-const usage = "\ncsdk <command>\n\nCommands:\n  context               Manage API contexts\n  auth                  Manage authentication\n  org-get-managers-record orgGetManagersRecord CRUD operations\n  org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n  get-all-record       getAllRecord CRUD operations\n  object               object CRUD operations\n  app-permission       appPermission CRUD operations\n  org-permission       orgPermission CRUD operations\n  app-level-requirement appLevelRequirement CRUD operations\n  database             database CRUD operations\n  schema               schema CRUD operations\n  table                table CRUD operations\n  check-constraint     checkConstraint CRUD operations\n  field                field CRUD operations\n  foreign-key-constraint foreignKeyConstraint CRUD operations\n  full-text-search     fullTextSearch CRUD operations\n  index                index CRUD operations\n  policy               policy CRUD operations\n  primary-key-constraint primaryKeyConstraint CRUD operations\n  table-grant          tableGrant CRUD operations\n  trigger              trigger CRUD operations\n  unique-constraint    uniqueConstraint CRUD operations\n  view                 view CRUD operations\n  view-table           viewTable CRUD operations\n  view-grant           viewGrant CRUD operations\n  view-rule            viewRule CRUD operations\n  embedding-chunk      embeddingChunk CRUD operations\n  table-template-module tableTemplateModule CRUD operations\n  secure-table-provision secureTableProvision CRUD operations\n  relation-provision   relationProvision CRUD operations\n  schema-grant         schemaGrant CRUD operations\n  default-privilege    defaultPrivilege CRUD operations\n  enum                 enum CRUD operations\n  api-schema           apiSchema CRUD operations\n  api-module           apiModule CRUD operations\n  domain               domain CRUD operations\n  site-metadatum       siteMetadatum CRUD operations\n  site-module          siteModule CRUD operations\n  site-theme           siteTheme CRUD operations\n  trigger-function     triggerFunction CRUD operations\n  database-transfer    databaseTransfer CRUD operations\n  api                  api CRUD operations\n  site                 site CRUD operations\n  app                  app CRUD operations\n  connected-accounts-module connectedAccountsModule CRUD operations\n  crypto-addresses-module cryptoAddressesModule CRUD operations\n  crypto-auth-module   cryptoAuthModule CRUD operations\n  default-ids-module   defaultIdsModule CRUD operations\n  denormalized-table-field denormalizedTableField CRUD operations\n  emails-module        emailsModule CRUD operations\n  encrypted-secrets-module encryptedSecretsModule CRUD operations\n  invites-module       invitesModule CRUD operations\n  levels-module        levelsModule CRUD operations\n  limits-module        limitsModule CRUD operations\n  membership-types-module membershipTypesModule CRUD operations\n  memberships-module   membershipsModule CRUD operations\n  permissions-module   permissionsModule CRUD operations\n  phone-numbers-module phoneNumbersModule CRUD operations\n  profiles-module      profilesModule CRUD operations\n  secrets-module       secretsModule CRUD operations\n  sessions-module      sessionsModule CRUD operations\n  user-auth-module     userAuthModule CRUD operations\n  users-module         usersModule CRUD operations\n  blueprint            blueprint CRUD operations\n  blueprint-template   blueprintTemplate CRUD operations\n  blueprint-construction blueprintConstruction CRUD operations\n  storage-module       storageModule CRUD operations\n  database-provision-module databaseProvisionModule CRUD operations\n  app-admin-grant      appAdminGrant CRUD operations\n  app-owner-grant      appOwnerGrant CRUD operations\n  app-grant            appGrant CRUD operations\n  org-membership       orgMembership CRUD operations\n  org-member           orgMember CRUD operations\n  org-admin-grant      orgAdminGrant CRUD operations\n  org-owner-grant      orgOwnerGrant CRUD operations\n  org-grant            orgGrant CRUD operations\n  org-chart-edge       orgChartEdge CRUD operations\n  org-chart-edge-grant orgChartEdgeGrant CRUD operations\n  org-permission-default orgPermissionDefault CRUD operations\n  app-limit            appLimit CRUD operations\n  org-limit            orgLimit CRUD operations\n  app-step             appStep CRUD operations\n  app-achievement      appAchievement CRUD operations\n  app-level            appLevel CRUD operations\n  email                email CRUD operations\n  phone-number         phoneNumber CRUD operations\n  crypto-address       cryptoAddress CRUD operations\n  connected-account    connectedAccount CRUD operations\n  invite               invite CRUD operations\n  claimed-invite       claimedInvite CRUD operations\n  org-invite           orgInvite CRUD operations\n  org-claimed-invite   orgClaimedInvite CRUD operations\n  audit-log            auditLog CRUD operations\n  app-permission-default appPermissionDefault CRUD operations\n  ref                  ref CRUD operations\n  store                store CRUD operations\n  role-type            roleType CRUD operations\n  migrate-file         migrateFile CRUD operations\n  app-limit-default    appLimitDefault CRUD operations\n  org-limit-default    orgLimitDefault CRUD operations\n  membership-type      membershipType CRUD operations\n  app-membership-default appMembershipDefault CRUD operations\n  commit               commit CRUD operations\n  org-membership-default orgMembershipDefault CRUD operations\n  rls-module           rlsModule CRUD operations\n  sql-action           sqlAction CRUD operations\n  user                 user CRUD operations\n  ast-migration        astMigration CRUD operations\n  app-membership       appMembership CRUD operations\n  hierarchy-module     hierarchyModule CRUD operations\n  current-user-id      currentUserId\n  current-ip-address   currentIpAddress\n  current-user-agent   currentUserAgent\n  app-permissions-get-padded-mask appPermissionsGetPaddedMask\n  org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n  steps-achieved       stepsAchieved\n  rev-parse            revParse\n  org-is-manager-of    orgIsManagerOf\n  app-permissions-get-mask appPermissionsGetMask\n  org-permissions-get-mask orgPermissionsGetMask\n  resolve-blueprint-table Resolves a table_name (with optional schema_name) to a table_id. Resolution order: (1) if schema_name provided, exact lookup via metaschema_public.schema.name + metaschema_public.table; (2) check local table_map (tables created in current blueprint); (3) search metaschema_public.table by name across all schemas; (4) if multiple matches, throw ambiguous error asking for schema_name; (5) if no match, throw not-found error.\n  app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n  org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n  get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-object-at-path   getObjectAtPath\n  app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n  org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n  steps-required       Reads and enables pagination through a set of `AppLevelRequirement`.\n  current-user         currentUser\n  send-account-deletion-email sendAccountDeletionEmail\n  sign-out             signOut\n  accept-database-transfer acceptDatabaseTransfer\n  cancel-database-transfer cancelDatabaseTransfer\n  reject-database-transfer rejectDatabaseTransfer\n  submit-invite-code   submitInviteCode\n  submit-org-invite-code submitOrgInviteCode\n  check-password       checkPassword\n  confirm-delete-account confirmDeleteAccount\n  set-password         setPassword\n  verify-email         verifyEmail\n  freeze-objects       freezeObjects\n  init-empty-repo      initEmptyRepo\n  construct-blueprint  Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Five phases: (1) provision_table() for each table with all nodes[], fields[], policies[], grants, and table-level indexes/fts/unique_constraints in a single call, (2) provision_relation() for each relation, (3) provision_index() for top-level indexes, (4) provision_full_text_search() for top-level FTS, (5) provision_unique_constraint() for top-level unique constraints. Tables are identified by table_name with optional per-table schema_name. Relations use $type for relation_type with source_table/target_table. Returns the construction record ID on success, NULL on failure.\n  reset-password       resetPassword\n  remove-node-at-path  removeNodeAtPath\n  copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n  bootstrap-user       bootstrapUser\n  set-field-order      setFieldOrder\n  provision-unique-constraint Creates a unique constraint on a table. Accepts a jsonb definition with columns (array of field names). Graceful: skips if the exact same unique constraint already exists.\n  provision-full-text-search Creates a full-text search configuration on a table. Accepts a jsonb definition with field (tsvector column name) and sources (array of {field, weight, lang}). Graceful: skips if FTS config already exists for the same (table_id, field_id). Returns the fts_id.\n  provision-index      Creates an index on a table. Accepts a jsonb definition with columns (array of names or single column string), access_method (default BTREE), is_unique, op_classes, options, and name (auto-generated if omitted). Graceful: skips if an index with the same (table_id, field_ids, access_method) already exists. Returns the index_id.\n  set-data-at-path     setDataAtPath\n  set-props-and-commit setPropsAndCommit\n  provision-database-with-user provisionDatabaseWithUser\n  insert-node-at-path  insertNodeAtPath\n  update-node-at-path  updateNodeAtPath\n  set-and-commit       setAndCommit\n  provision-relation   Composable relation provisioning: creates FK fields, indexes, unique constraints, and junction tables depending on the relation_type. Supports RelationBelongsTo, RelationHasOne, RelationHasMany, and RelationManyToMany. ManyToMany uses provision_table() internally for junction table creation with full node/grant/policy support. All operations are graceful (skip existing). Returns (out_field_id, out_junction_table_id, out_source_field_id, out_target_field_id).\n  apply-rls            applyRls\n  sign-in-one-time-token signInOneTimeToken\n  create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n  - database_name: Name for the new database (required)\n  - owner_id: UUID of the owner user (required)\n  - include_invites: Include invite system (default: true)\n  - include_groups: Include group-level memberships (default: false)\n  - include_levels: Include levels/achievements (default: false)\n  - bitlen: Bit length for permission masks (default: 64)\n  - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true);  -- with invites and groups\n\n  extend-token-expires extendTokenExpires\n  sign-in              signIn\n  sign-up              signUp\n  one-time-token       oneTimeToken\n  provision-table      Composable table provisioning: creates or finds a table, then creates fields (so Data* modules can reference them), applies N nodes (Data* modules), enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).\n  send-verification-email sendVerificationEmail\n  forgot-password      forgotPassword\n  verify-password      verifyPassword\n  verify-totp          verifyTotp\n\n  --help, -h            Show this help message\n  --version, -v         Show version\n";
+const usage = "\ncsdk <command>\n\nCommands:\n  context               Manage API contexts\n  auth                  Manage authentication\n  org-get-managers-record orgGetManagersRecord CRUD operations\n  org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n  get-all-record       getAllRecord CRUD operations\n  object               object CRUD operations\n  app-permission       appPermission CRUD operations\n  org-permission       orgPermission CRUD operations\n  app-level-requirement appLevelRequirement CRUD operations\n  database             database CRUD operations\n  schema               schema CRUD operations\n  table                table CRUD operations\n  check-constraint     checkConstraint CRUD operations\n  field                field CRUD operations\n  foreign-key-constraint foreignKeyConstraint CRUD operations\n  full-text-search     fullTextSearch CRUD operations\n  index                index CRUD operations\n  policy               policy CRUD operations\n  primary-key-constraint primaryKeyConstraint CRUD operations\n  table-grant          tableGrant CRUD operations\n  trigger              trigger CRUD operations\n  unique-constraint    uniqueConstraint CRUD operations\n  view                 view CRUD operations\n  view-table           viewTable CRUD operations\n  view-grant           viewGrant CRUD operations\n  view-rule            viewRule CRUD operations\n  embedding-chunk      embeddingChunk CRUD operations\n  table-template-module tableTemplateModule CRUD operations\n  secure-table-provision secureTableProvision CRUD operations\n  relation-provision   relationProvision CRUD operations\n  schema-grant         schemaGrant CRUD operations\n  default-privilege    defaultPrivilege CRUD operations\n  enum                 enum CRUD operations\n  api-schema           apiSchema CRUD operations\n  api-module           apiModule CRUD operations\n  domain               domain CRUD operations\n  site-metadatum       siteMetadatum CRUD operations\n  site-module          siteModule CRUD operations\n  site-theme           siteTheme CRUD operations\n  trigger-function     triggerFunction CRUD operations\n  database-transfer    databaseTransfer CRUD operations\n  api                  api CRUD operations\n  site                 site CRUD operations\n  app                  app CRUD operations\n  connected-accounts-module connectedAccountsModule CRUD operations\n  crypto-addresses-module cryptoAddressesModule CRUD operations\n  crypto-auth-module   cryptoAuthModule CRUD operations\n  default-ids-module   defaultIdsModule CRUD operations\n  denormalized-table-field denormalizedTableField CRUD operations\n  emails-module        emailsModule CRUD operations\n  encrypted-secrets-module encryptedSecretsModule CRUD operations\n  invites-module       invitesModule CRUD operations\n  levels-module        levelsModule CRUD operations\n  limits-module        limitsModule CRUD operations\n  membership-types-module membershipTypesModule CRUD operations\n  memberships-module   membershipsModule CRUD operations\n  permissions-module   permissionsModule CRUD operations\n  phone-numbers-module phoneNumbersModule CRUD operations\n  profiles-module      profilesModule CRUD operations\n  secrets-module       secretsModule CRUD operations\n  sessions-module      sessionsModule CRUD operations\n  user-auth-module     userAuthModule CRUD operations\n  users-module         usersModule CRUD operations\n  blueprint            blueprint CRUD operations\n  blueprint-template   blueprintTemplate CRUD operations\n  blueprint-construction blueprintConstruction CRUD operations\n  storage-module       storageModule CRUD operations\n  database-provision-module databaseProvisionModule CRUD operations\n  app-admin-grant      appAdminGrant CRUD operations\n  app-owner-grant      appOwnerGrant CRUD operations\n  app-grant            appGrant CRUD operations\n  org-membership       orgMembership CRUD operations\n  org-member           orgMember CRUD operations\n  org-admin-grant      orgAdminGrant CRUD operations\n  org-owner-grant      orgOwnerGrant CRUD operations\n  org-grant            orgGrant CRUD operations\n  org-chart-edge       orgChartEdge CRUD operations\n  org-chart-edge-grant orgChartEdgeGrant CRUD operations\n  org-permission-default orgPermissionDefault CRUD operations\n  app-limit            appLimit CRUD operations\n  org-limit            orgLimit CRUD operations\n  app-step             appStep CRUD operations\n  app-achievement      appAchievement CRUD operations\n  app-level            appLevel CRUD operations\n  email                email CRUD operations\n  phone-number         phoneNumber CRUD operations\n  crypto-address       cryptoAddress CRUD operations\n  connected-account    connectedAccount CRUD operations\n  invite               invite CRUD operations\n  claimed-invite       claimedInvite CRUD operations\n  org-invite           orgInvite CRUD operations\n  org-claimed-invite   orgClaimedInvite CRUD operations\n  audit-log            auditLog CRUD operations\n  app-permission-default appPermissionDefault CRUD operations\n  ref                  ref CRUD operations\n  store                store CRUD operations\n  role-type            roleType CRUD operations\n  migrate-file         migrateFile CRUD operations\n  app-limit-default    appLimitDefault CRUD operations\n  org-limit-default    orgLimitDefault CRUD operations\n  membership-type      membershipType CRUD operations\n  app-membership-default appMembershipDefault CRUD operations\n  commit               commit CRUD operations\n  org-membership-default orgMembershipDefault CRUD operations\n  rls-module           rlsModule CRUD operations\n  sql-action           sqlAction CRUD operations\n  user                 user CRUD operations\n  ast-migration        astMigration CRUD operations\n  app-membership       appMembership CRUD operations\n  hierarchy-module     hierarchyModule CRUD operations\n  current-user-id      currentUserId\n  current-ip-address   currentIpAddress\n  current-user-agent   currentUserAgent\n  app-permissions-get-padded-mask appPermissionsGetPaddedMask\n  org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n  steps-achieved       stepsAchieved\n  rev-parse            revParse\n  org-is-manager-of    orgIsManagerOf\n  app-permissions-get-mask appPermissionsGetMask\n  org-permissions-get-mask orgPermissionsGetMask\n  resolve-blueprint-table Resolves a table_name (with optional schema_name) to a table_id. Resolution order: (1) if schema_name provided, exact lookup via metaschema_public.schema.name + metaschema_public.table; (2) check local table_map (tables created in current blueprint); (3) search metaschema_public.table by name across all schemas; (4) if multiple matches, throw ambiguous error asking for schema_name; (5) if no match, throw not-found error.\n  app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n  org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n  get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-object-at-path   getObjectAtPath\n  app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n  org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n  steps-required       Reads and enables pagination through a set of `AppLevelRequirement`.\n  current-user         currentUser\n  send-account-deletion-email sendAccountDeletionEmail\n  sign-out             signOut\n  accept-database-transfer acceptDatabaseTransfer\n  cancel-database-transfer cancelDatabaseTransfer\n  reject-database-transfer rejectDatabaseTransfer\n  submit-invite-code   submitInviteCode\n  submit-org-invite-code submitOrgInviteCode\n  check-password       checkPassword\n  confirm-delete-account confirmDeleteAccount\n  set-password         setPassword\n  verify-email         verifyEmail\n  freeze-objects       freezeObjects\n  init-empty-repo      initEmptyRepo\n  construct-blueprint  Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Five phases: (1) provision_table() for each table with all nodes[], fields[], policies[], grants, and table-level indexes/fts/unique_constraints in a single call, (2) provision_relation() for each relation, (3) provision_index() for top-level indexes, (4) provision_full_text_search() for top-level FTS, (5) provision_unique_constraint() for top-level unique constraints. Tables are identified by table_name with optional per-table schema_name. Relations use $type for relation_type with source_table/target_table. Returns the construction record ID on success, NULL on failure.\n  reset-password       resetPassword\n  remove-node-at-path  removeNodeAtPath\n  copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n  bootstrap-user       bootstrapUser\n  set-field-order      setFieldOrder\n  provision-unique-constraint Creates a unique constraint on a table. Accepts a jsonb definition with columns (array of field names). Graceful: skips if the exact same unique constraint already exists.\n  provision-full-text-search Creates a full-text search configuration on a table. Accepts a jsonb definition with field (tsvector column name) and sources (array of {field, weight, lang}). Graceful: skips if FTS config already exists for the same (table_id, field_id). Returns the fts_id.\n  provision-index      Creates an index on a table. Accepts a jsonb definition with columns (array of names or single column string), access_method (default BTREE), is_unique, op_classes, options, and name (auto-generated if omitted). Graceful: skips if an index with the same (table_id, field_ids, access_method) already exists. Returns the index_id.\n  set-data-at-path     setDataAtPath\n  set-props-and-commit setPropsAndCommit\n  provision-database-with-user provisionDatabaseWithUser\n  insert-node-at-path  insertNodeAtPath\n  update-node-at-path  updateNodeAtPath\n  set-and-commit       setAndCommit\n  provision-relation   Composable relation provisioning: creates FK fields, indexes, unique constraints, and junction tables depending on the relation_type. Supports RelationBelongsTo, RelationHasOne, RelationHasMany, and RelationManyToMany. ManyToMany uses provision_table() internally for junction table creation with full node/grant/policy support. All operations are graceful (skip existing). Returns (out_field_id, out_junction_table_id, out_source_field_id, out_target_field_id).\n  apply-rls            applyRls\n  sign-in-one-time-token signInOneTimeToken\n  create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n  - database_name: Name for the new database (required)\n  - owner_id: UUID of the owner user (required)\n  - include_invites: Include invite system (default: true)\n  - include_groups: Include group-level memberships (default: false)\n  - include_levels: Include levels/achievements (default: false)\n  - bitlen: Bit length for permission masks (default: 64)\n  - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true);  -- with invites and groups\n\n  extend-token-expires extendTokenExpires\n  sign-in              signIn\n  sign-up              signUp\n  one-time-token       oneTimeToken\n  provision-table      Composable table provisioning: creates or finds a table, then creates fields (so Data* modules can reference them), applies N nodes (Data* modules), enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).\n  send-verification-email sendVerificationEmail\n  forgot-password      forgotPassword\n  verify-password      verifyPassword\n  verify-totp          verifyTotp\n  request-upload-url   Request a presigned URL for uploading a file directly to S3.\nClient computes SHA-256 of the file content and provides it here.\nIf a file with the same hash already exists (dedup), returns the\nexisting file ID and deduplicated=true with no uploadUrl.\n  confirm-upload       Confirm that a file has been uploaded to S3.\nVerifies the object exists in S3, checks content-type,\nand transitions the file status from 'pending' to 'ready'.\n  provision-bucket     Provision an S3 bucket for a logical bucket in the database.\nReads the bucket config via RLS, then creates and configures\nthe S3 bucket with the appropriate privacy policies, CORS rules,\nand lifecycle settings.\n\n  --help, -h            Show this help message\n  --version, -v         Show version\n";
 const commands = async (argv, prompter, options) => {
     if (argv.help || argv.h) {
         console.log(usage);

package/public/cli/executor.d.ts

@@ -416,5 +416,20 @@ export declare function getClient(contextName?: string): {
         } & import("../orm").StrictSelect<S, import("../orm/input-types").VerifyTotpPayloadSelect>) => import("../orm").QueryBuilder<{
             verifyTotp: import("../orm").InferSelectResult<import("../orm/input-types").VerifyTotpPayload, S> | null;
         }>;
+        requestUploadUrl: <S extends import("../orm/input-types").RequestUploadUrlPayloadSelect>(args: import("../orm/mutation").RequestUploadUrlVariables, options: {
+            select: S;
+        } & import("../orm").StrictSelect<S, import("../orm/input-types").RequestUploadUrlPayloadSelect>) => import("../orm").QueryBuilder<{
+            requestUploadUrl: import("../orm").InferSelectResult<import("../orm/input-types").RequestUploadUrlPayload, S> | null;
+        }>;
+        confirmUpload: <S extends import("../orm/input-types").ConfirmUploadPayloadSelect>(args: import("../orm/mutation").ConfirmUploadVariables, options: {
+            select: S;
+        } & import("../orm").StrictSelect<S, import("../orm/input-types").ConfirmUploadPayloadSelect>) => import("../orm").QueryBuilder<{
+            confirmUpload: import("../orm").InferSelectResult<import("../orm/input-types").ConfirmUploadPayload, S> | null;
+        }>;
+        provisionBucket: <S extends import("../orm/input-types").ProvisionBucketPayloadSelect>(args: import("../orm/mutation").ProvisionBucketVariables, options: {
+            select: S;
+        } & import("../orm").StrictSelect<S, import("../orm/input-types").ProvisionBucketPayloadSelect>) => import("../orm").QueryBuilder<{
+            provisionBucket: import("../orm").InferSelectResult<import("../orm/input-types").ProvisionBucketPayload, S> | null;
+        }>;
     };
 };

package/public/orm/index.d.ts

@@ -555,5 +555,20 @@ export declare function createClient(config: OrmClientConfig): {
         } & import("./select-types").StrictSelect<S, import("./input-types").VerifyTotpPayloadSelect>) => import("./query-builder").QueryBuilder<{
             verifyTotp: import("./select-types").InferSelectResult<import("./input-types").VerifyTotpPayload, S> | null;
         }>;
+        requestUploadUrl: <S extends import("./input-types").RequestUploadUrlPayloadSelect>(args: import("./mutation").RequestUploadUrlVariables, options: {
+            select: S;
+        } & import("./select-types").StrictSelect<S, import("./input-types").RequestUploadUrlPayloadSelect>) => import("./query-builder").QueryBuilder<{
+            requestUploadUrl: import("./select-types").InferSelectResult<import("./input-types").RequestUploadUrlPayload, S> | null;
+        }>;
+        confirmUpload: <S extends import("./input-types").ConfirmUploadPayloadSelect>(args: import("./mutation").ConfirmUploadVariables, options: {
+            select: S;
+        } & import("./select-types").StrictSelect<S, import("./input-types").ConfirmUploadPayloadSelect>) => import("./query-builder").QueryBuilder<{
+            confirmUpload: import("./select-types").InferSelectResult<import("./input-types").ConfirmUploadPayload, S> | null;
+        }>;
+        provisionBucket: <S extends import("./input-types").ProvisionBucketPayloadSelect>(args: import("./mutation").ProvisionBucketVariables, options: {
+            select: S;
+        } & import("./select-types").StrictSelect<S, import("./input-types").ProvisionBucketPayloadSelect>) => import("./query-builder").QueryBuilder<{
+            provisionBucket: import("./select-types").InferSelectResult<import("./input-types").ProvisionBucketPayload, S> | null;
+        }>;
     };
 };