@constructive-sdk/cli 0.12.23 → 0.13.0

package/esm/objects/orm/input-types.d.ts

@@ -629,6 +629,26 @@ export interface SetAndCommitInput {
     kids?: string[];
     ktree?: string[];
 }
+export interface RequestUploadUrlInput {
+    /** Bucket key (e.g., "public", "private") */
+    bucketKey: string;
+    /** SHA-256 content hash computed by the client (hex-encoded, 64 chars) */
+    contentHash: string;
+    /** MIME type of the file (e.g., "image/png") */
+    contentType: string;
+    /** File size in bytes */
+    size: number;
+    /** Original filename (optional, for display and Content-Disposition) */
+    filename?: string;
+}
+export interface ConfirmUploadInput {
+    /** The file ID returned by requestUploadUrl */
+    fileId: string;
+}
+export interface ProvisionBucketInput {
+    /** The logical bucket key (e.g., "public", "private") */
+    bucketKey: string;
+}
 /** A connection to a list of `Object` values. */
 export interface ObjectConnection {
     nodes: Object[];
@@ -708,6 +728,60 @@ export type SetAndCommitPayloadSelect = {
     clientMutationId?: boolean;
     result?: boolean;
 };
+export interface RequestUploadUrlPayload {
+    /** Presigned PUT URL (null if file was deduplicated) */
+    uploadUrl?: string | null;
+    /** The file ID (existing if deduplicated, new if fresh upload) */
+    fileId: string;
+    /** The S3 object key */
+    key: string;
+    /** Whether this file was deduplicated (already exists with same hash) */
+    deduplicated: boolean;
+    /** Presigned URL expiry time (null if deduplicated) */
+    expiresAt?: string | null;
+}
+export type RequestUploadUrlPayloadSelect = {
+    uploadUrl?: boolean;
+    fileId?: boolean;
+    key?: boolean;
+    deduplicated?: boolean;
+    expiresAt?: boolean;
+};
+export interface ConfirmUploadPayload {
+    /** The confirmed file ID */
+    fileId: string;
+    /** New file status */
+    status: string;
+    /** Whether confirmation succeeded */
+    success: boolean;
+}
+export type ConfirmUploadPayloadSelect = {
+    fileId?: boolean;
+    status?: boolean;
+    success?: boolean;
+};
+export interface ProvisionBucketPayload {
+    /** Whether provisioning succeeded */
+    success: boolean;
+    /** The S3 bucket name that was provisioned */
+    bucketName: string;
+    /** The access type applied */
+    accessType: string;
+    /** The storage provider used */
+    provider: string;
+    /** The S3 endpoint (null for AWS S3 default) */
+    endpoint?: string | null;
+    /** Error message if provisioning failed */
+    error?: string | null;
+}
+export type ProvisionBucketPayloadSelect = {
+    success?: boolean;
+    bucketName?: boolean;
+    accessType?: boolean;
+    provider?: boolean;
+    endpoint?: boolean;
+    error?: boolean;
+};
 export interface CreateObjectPayload {
     clientMutationId?: string | null;
     /** The `Object` that was created by this mutation. */

package/esm/objects/orm/mutation/index.d.ts

@@ -6,7 +6,7 @@
 import { OrmClient } from '../client';
 import { QueryBuilder } from '../query-builder';
 import type { InferSelectResult, StrictSelect } from '../select-types';
-import type { FreezeObjectsInput, InitEmptyRepoInput, RemoveNodeAtPathInput, SetDataAtPathInput, SetPropsAndCommitInput, InsertNodeAtPathInput, UpdateNodeAtPathInput, SetAndCommitInput, FreezeObjectsPayload, InitEmptyRepoPayload, RemoveNodeAtPathPayload, SetDataAtPathPayload, SetPropsAndCommitPayload, InsertNodeAtPathPayload, UpdateNodeAtPathPayload, SetAndCommitPayload, FreezeObjectsPayloadSelect, InitEmptyRepoPayloadSelect, RemoveNodeAtPathPayloadSelect, SetDataAtPathPayloadSelect, SetPropsAndCommitPayloadSelect, InsertNodeAtPathPayloadSelect, UpdateNodeAtPathPayloadSelect, SetAndCommitPayloadSelect } from '../input-types';
+import type { FreezeObjectsInput, InitEmptyRepoInput, RemoveNodeAtPathInput, SetDataAtPathInput, SetPropsAndCommitInput, InsertNodeAtPathInput, UpdateNodeAtPathInput, SetAndCommitInput, RequestUploadUrlInput, ConfirmUploadInput, ProvisionBucketInput, FreezeObjectsPayload, InitEmptyRepoPayload, RemoveNodeAtPathPayload, SetDataAtPathPayload, SetPropsAndCommitPayload, InsertNodeAtPathPayload, UpdateNodeAtPathPayload, SetAndCommitPayload, RequestUploadUrlPayload, ConfirmUploadPayload, ProvisionBucketPayload, FreezeObjectsPayloadSelect, InitEmptyRepoPayloadSelect, RemoveNodeAtPathPayloadSelect, SetDataAtPathPayloadSelect, SetPropsAndCommitPayloadSelect, InsertNodeAtPathPayloadSelect, UpdateNodeAtPathPayloadSelect, SetAndCommitPayloadSelect, RequestUploadUrlPayloadSelect, ConfirmUploadPayloadSelect, ProvisionBucketPayloadSelect } from '../input-types';
 export interface FreezeObjectsVariables {
     input: FreezeObjectsInput;
 }
@@ -31,6 +31,35 @@ export interface UpdateNodeAtPathVariables {
 export interface SetAndCommitVariables {
     input: SetAndCommitInput;
 }
+/**
+ * Variables for requestUploadUrl
+ * Request a presigned URL for uploading a file directly to S3.
+Client computes SHA-256 of the file content and provides it here.
+If a file with the same hash already exists (dedup), returns the
+existing file ID and deduplicated=true with no uploadUrl.
+ */
+export interface RequestUploadUrlVariables {
+    input: RequestUploadUrlInput;
+}
+/**
+ * Variables for confirmUpload
+ * Confirm that a file has been uploaded to S3.
+Verifies the object exists in S3, checks content-type,
+and transitions the file status from 'pending' to 'ready'.
+ */
+export interface ConfirmUploadVariables {
+    input: ConfirmUploadInput;
+}
+/**
+ * Variables for provisionBucket
+ * Provision an S3 bucket for a logical bucket in the database.
+Reads the bucket config via RLS, then creates and configures
+the S3 bucket with the appropriate privacy policies, CORS rules,
+and lifecycle settings.
+ */
+export interface ProvisionBucketVariables {
+    input: ProvisionBucketInput;
+}
 export declare function createMutationOperations(client: OrmClient): {
     freezeObjects: <S extends FreezeObjectsPayloadSelect>(args: FreezeObjectsVariables, options: {
         select: S;
@@ -72,4 +101,19 @@ export declare function createMutationOperations(client: OrmClient): {
     } & StrictSelect<S, SetAndCommitPayloadSelect>) => QueryBuilder<{
         setAndCommit: InferSelectResult<SetAndCommitPayload, S> | null;
     }>;
+    requestUploadUrl: <S extends RequestUploadUrlPayloadSelect>(args: RequestUploadUrlVariables, options: {
+        select: S;
+    } & StrictSelect<S, RequestUploadUrlPayloadSelect>) => QueryBuilder<{
+        requestUploadUrl: InferSelectResult<RequestUploadUrlPayload, S> | null;
+    }>;
+    confirmUpload: <S extends ConfirmUploadPayloadSelect>(args: ConfirmUploadVariables, options: {
+        select: S;
+    } & StrictSelect<S, ConfirmUploadPayloadSelect>) => QueryBuilder<{
+        confirmUpload: InferSelectResult<ConfirmUploadPayload, S> | null;
+    }>;
+    provisionBucket: <S extends ProvisionBucketPayloadSelect>(args: ProvisionBucketVariables, options: {
+        select: S;
+    } & StrictSelect<S, ProvisionBucketPayloadSelect>) => QueryBuilder<{
+        provisionBucket: InferSelectResult<ProvisionBucketPayload, S> | null;
+    }>;
 };

package/esm/objects/orm/mutation/index.js

@@ -98,5 +98,41 @@ export function createMutationOperations(client) {
                 },
             ], connectionFieldsMap, 'SetAndCommitPayload'),
         }),
+        requestUploadUrl: (args, options) => new QueryBuilder({
+            client,
+            operation: 'mutation',
+            operationName: 'RequestUploadUrl',
+            fieldName: 'requestUploadUrl',
+            ...buildCustomDocument('mutation', 'RequestUploadUrl', 'requestUploadUrl', options.select, args, [
+                {
+                    name: 'input',
+                    type: 'RequestUploadUrlInput!',
+                },
+            ], connectionFieldsMap, 'RequestUploadUrlPayload'),
+        }),
+        confirmUpload: (args, options) => new QueryBuilder({
+            client,
+            operation: 'mutation',
+            operationName: 'ConfirmUpload',
+            fieldName: 'confirmUpload',
+            ...buildCustomDocument('mutation', 'ConfirmUpload', 'confirmUpload', options.select, args, [
+                {
+                    name: 'input',
+                    type: 'ConfirmUploadInput!',
+                },
+            ], connectionFieldsMap, 'ConfirmUploadPayload'),
+        }),
+        provisionBucket: (args, options) => new QueryBuilder({
+            client,
+            operation: 'mutation',
+            operationName: 'ProvisionBucket',
+            fieldName: 'provisionBucket',
+            ...buildCustomDocument('mutation', 'ProvisionBucket', 'provisionBucket', options.select, args, [
+                {
+                    name: 'input',
+                    type: 'ProvisionBucketInput!',
+                },
+            ], connectionFieldsMap, 'ProvisionBucketPayload'),
+        }),
     };
 }

package/esm/public/cli/commands/confirm-upload.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI command for mutation confirmUpload
+ * @generated by @constructive-io/graphql-codegen
+ * DO NOT EDIT - changes will be overwritten
+ */
+import { CLIOptions, Inquirerer } from 'inquirerer';
+declare const _default: (argv: Partial<Record<string, unknown>>, prompter: Inquirerer, _options: CLIOptions) => Promise<void>;
+export default _default;

package/esm/public/cli/commands/confirm-upload.js

@@ -0,0 +1,34 @@
+import { getClient } from '../executor';
+import { unflattenDotNotation, buildSelectFromPaths } from '../utils';
+export default async (argv, prompter, _options) => {
+    try {
+        if (argv.help || argv.h) {
+            console.log("confirm-upload - Confirm that a file has been uploaded to S3.\nVerifies the object exists in S3, checks content-type,\nand transitions the file status from 'pending' to 'ready'.\n\nUsage: confirm-upload [OPTIONS]\n");
+            process.exit(0);
+        }
+        const answers = await prompter.prompt(argv, [
+            {
+                type: 'text',
+                name: 'input',
+                message: 'The exclusive input argument for this mutation. An object type, make sure to see documentation for this object\u2019s fields.',
+                required: true,
+            },
+        ]);
+        const client = getClient();
+        const parsedAnswers = unflattenDotNotation(answers);
+        const selectFields = buildSelectFromPaths(argv.select ?? 'clientMutationId');
+        const result = await client.mutation
+            .confirmUpload(parsedAnswers, {
+            select: selectFields,
+        })
+            .execute();
+        console.log(JSON.stringify(result, null, 2));
+    }
+    catch (error) {
+        console.error('Failed: confirmUpload');
+        if (error instanceof Error) {
+            console.error(error.message);
+        }
+        process.exit(1);
+    }
+};

package/esm/public/cli/commands/provision-bucket.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI command for mutation provisionBucket
+ * @generated by @constructive-io/graphql-codegen
+ * DO NOT EDIT - changes will be overwritten
+ */
+import { CLIOptions, Inquirerer } from 'inquirerer';
+declare const _default: (argv: Partial<Record<string, unknown>>, prompter: Inquirerer, _options: CLIOptions) => Promise<void>;
+export default _default;

package/esm/public/cli/commands/provision-bucket.js

@@ -0,0 +1,34 @@
+import { getClient } from '../executor';
+import { unflattenDotNotation, buildSelectFromPaths } from '../utils';
+export default async (argv, prompter, _options) => {
+    try {
+        if (argv.help || argv.h) {
+            console.log('provision-bucket - Provision an S3 bucket for a logical bucket in the database.\nReads the bucket config via RLS, then creates and configures\nthe S3 bucket with the appropriate privacy policies, CORS rules,\nand lifecycle settings.\n\nUsage: provision-bucket [OPTIONS]\n');
+            process.exit(0);
+        }
+        const answers = await prompter.prompt(argv, [
+            {
+                type: 'text',
+                name: 'input',
+                message: 'The exclusive input argument for this mutation. An object type, make sure to see documentation for this object\u2019s fields.',
+                required: true,
+            },
+        ]);
+        const client = getClient();
+        const parsedAnswers = unflattenDotNotation(answers);
+        const selectFields = buildSelectFromPaths(argv.select ?? 'clientMutationId');
+        const result = await client.mutation
+            .provisionBucket(parsedAnswers, {
+            select: selectFields,
+        })
+            .execute();
+        console.log(JSON.stringify(result, null, 2));
+    }
+    catch (error) {
+        console.error('Failed: provisionBucket');
+        if (error instanceof Error) {
+            console.error(error.message);
+        }
+        process.exit(1);
+    }
+};

package/esm/public/cli/commands/request-upload-url.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI command for mutation requestUploadUrl
+ * @generated by @constructive-io/graphql-codegen
+ * DO NOT EDIT - changes will be overwritten
+ */
+import { CLIOptions, Inquirerer } from 'inquirerer';
+declare const _default: (argv: Partial<Record<string, unknown>>, prompter: Inquirerer, _options: CLIOptions) => Promise<void>;
+export default _default;

package/esm/public/cli/commands/request-upload-url.js

@@ -0,0 +1,34 @@
+import { getClient } from '../executor';
+import { unflattenDotNotation, buildSelectFromPaths } from '../utils';
+export default async (argv, prompter, _options) => {
+    try {
+        if (argv.help || argv.h) {
+            console.log('request-upload-url - Request a presigned URL for uploading a file directly to S3.\nClient computes SHA-256 of the file content and provides it here.\nIf a file with the same hash already exists (dedup), returns the\nexisting file ID and deduplicated=true with no uploadUrl.\n\nUsage: request-upload-url [OPTIONS]\n');
+            process.exit(0);
+        }
+        const answers = await prompter.prompt(argv, [
+            {
+                type: 'text',
+                name: 'input',
+                message: 'The exclusive input argument for this mutation. An object type, make sure to see documentation for this object\u2019s fields.',
+                required: true,
+            },
+        ]);
+        const client = getClient();
+        const parsedAnswers = unflattenDotNotation(answers);
+        const selectFields = buildSelectFromPaths(argv.select ?? 'clientMutationId');
+        const result = await client.mutation
+            .requestUploadUrl(parsedAnswers, {
+            select: selectFields,
+        })
+            .execute();
+        console.log(JSON.stringify(result, null, 2));
+    }
+    catch (error) {
+        console.error('Failed: requestUploadUrl');
+        if (error instanceof Error) {
+            console.error(error.message);
+        }
+        process.exit(1);
+    }
+};

package/esm/public/cli/commands/storage-module.js

@@ -18,6 +18,10 @@ const fieldSchema = {
     filesTableName: 'string',
     uploadRequestsTableName: 'string',
     entityTableId: 'uuid',
+    endpoint: 'string',
+    publicUrlPrefix: 'string',
+    provider: 'string',
+    allowedOrigins: 'string',
     uploadUrlExpirySeconds: 'int',
     downloadUrlExpirySeconds: 'int',
     defaultMaxFileSize: 'int',
@@ -77,6 +81,10 @@ async function handleList(argv, _prompter) {
             filesTableName: true,
             uploadRequestsTableName: true,
             entityTableId: true,
+            endpoint: true,
+            publicUrlPrefix: true,
+            provider: true,
+            allowedOrigins: true,
             uploadUrlExpirySeconds: true,
             downloadUrlExpirySeconds: true,
             defaultMaxFileSize: true,
@@ -110,6 +118,10 @@ async function handleFindFirst(argv, _prompter) {
             filesTableName: true,
             uploadRequestsTableName: true,
             entityTableId: true,
+            endpoint: true,
+            publicUrlPrefix: true,
+            provider: true,
+            allowedOrigins: true,
             uploadUrlExpirySeconds: true,
             downloadUrlExpirySeconds: true,
             defaultMaxFileSize: true,
@@ -155,6 +167,10 @@ async function handleGet(argv, prompter) {
                 filesTableName: true,
                 uploadRequestsTableName: true,
                 entityTableId: true,
+                endpoint: true,
+                publicUrlPrefix: true,
+                provider: true,
+                allowedOrigins: true,
                 uploadUrlExpirySeconds: true,
                 downloadUrlExpirySeconds: true,
                 defaultMaxFileSize: true,
@@ -245,6 +261,34 @@ async function handleCreate(argv, prompter) {
                 required: false,
                 skipPrompt: true,
             },
+            {
+                type: 'text',
+                name: 'endpoint',
+                message: 'endpoint',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'publicUrlPrefix',
+                message: 'publicUrlPrefix',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'provider',
+                message: 'provider',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'allowedOrigins',
+                message: 'allowedOrigins',
+                required: false,
+                skipPrompt: true,
+            },
             {
                 type: 'text',
                 name: 'uploadUrlExpirySeconds',
@@ -297,6 +341,10 @@ async function handleCreate(argv, prompter) {
                 filesTableName: cleanedData.filesTableName,
                 uploadRequestsTableName: cleanedData.uploadRequestsTableName,
                 entityTableId: cleanedData.entityTableId,
+                endpoint: cleanedData.endpoint,
+                publicUrlPrefix: cleanedData.publicUrlPrefix,
+                provider: cleanedData.provider,
+                allowedOrigins: cleanedData.allowedOrigins,
                 uploadUrlExpirySeconds: cleanedData.uploadUrlExpirySeconds,
                 downloadUrlExpirySeconds: cleanedData.downloadUrlExpirySeconds,
                 defaultMaxFileSize: cleanedData.defaultMaxFileSize,
@@ -315,6 +363,10 @@ async function handleCreate(argv, prompter) {
                 filesTableName: true,
                 uploadRequestsTableName: true,
                 entityTableId: true,
+                endpoint: true,
+                publicUrlPrefix: true,
+                provider: true,
+                allowedOrigins: true,
                 uploadUrlExpirySeconds: true,
                 downloadUrlExpirySeconds: true,
                 defaultMaxFileSize: true,
@@ -411,6 +463,34 @@ async function handleUpdate(argv, prompter) {
                 required: false,
                 skipPrompt: true,
             },
+            {
+                type: 'text',
+                name: 'endpoint',
+                message: 'endpoint',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'publicUrlPrefix',
+                message: 'publicUrlPrefix',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'provider',
+                message: 'provider',
+                required: false,
+                skipPrompt: true,
+            },
+            {
+                type: 'text',
+                name: 'allowedOrigins',
+                message: 'allowedOrigins',
+                required: false,
+                skipPrompt: true,
+            },
             {
                 type: 'text',
                 name: 'uploadUrlExpirySeconds',
@@ -466,6 +546,10 @@ async function handleUpdate(argv, prompter) {
                 filesTableName: cleanedData.filesTableName,
                 uploadRequestsTableName: cleanedData.uploadRequestsTableName,
                 entityTableId: cleanedData.entityTableId,
+                endpoint: cleanedData.endpoint,
+                publicUrlPrefix: cleanedData.publicUrlPrefix,
+                provider: cleanedData.provider,
+                allowedOrigins: cleanedData.allowedOrigins,
                 uploadUrlExpirySeconds: cleanedData.uploadUrlExpirySeconds,
                 downloadUrlExpirySeconds: cleanedData.downloadUrlExpirySeconds,
                 defaultMaxFileSize: cleanedData.defaultMaxFileSize,
@@ -484,6 +568,10 @@ async function handleUpdate(argv, prompter) {
                 filesTableName: true,
                 uploadRequestsTableName: true,
                 entityTableId: true,
+                endpoint: true,
+                publicUrlPrefix: true,
+                provider: true,
+                allowedOrigins: true,
                 uploadUrlExpirySeconds: true,
                 downloadUrlExpirySeconds: true,
                 defaultMaxFileSize: true,

package/esm/public/cli/commands.js

@@ -175,6 +175,9 @@ import sendVerificationEmailCmd from './commands/send-verification-email';
 import forgotPasswordCmd from './commands/forgot-password';
 import verifyPasswordCmd from './commands/verify-password';
 import verifyTotpCmd from './commands/verify-totp';
+import requestUploadUrlCmd from './commands/request-upload-url';
+import confirmUploadCmd from './commands/confirm-upload';
+import provisionBucketCmd from './commands/provision-bucket';
 const createCommandMap = () => ({
     context: contextCmd,
     auth: authCmd,
@@ -347,8 +350,11 @@ const createCommandMap = () => ({
     'forgot-password': forgotPasswordCmd,
     'verify-password': verifyPasswordCmd,
     'verify-totp': verifyTotpCmd,
+    'request-upload-url': requestUploadUrlCmd,
+    'confirm-upload': confirmUploadCmd,
+    'provision-bucket': provisionBucketCmd,
 });
-const usage = "\ncsdk <command>\n\nCommands:\n  context               Manage API contexts\n  auth                  Manage authentication\n  org-get-managers-record orgGetManagersRecord CRUD operations\n  org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n  get-all-record       getAllRecord CRUD operations\n  object               object CRUD operations\n  app-permission       appPermission CRUD operations\n  org-permission       orgPermission CRUD operations\n  app-level-requirement appLevelRequirement CRUD operations\n  database             database CRUD operations\n  schema               schema CRUD operations\n  table                table CRUD operations\n  check-constraint     checkConstraint CRUD operations\n  field                field CRUD operations\n  foreign-key-constraint foreignKeyConstraint CRUD operations\n  full-text-search     fullTextSearch CRUD operations\n  index                index CRUD operations\n  policy               policy CRUD operations\n  primary-key-constraint primaryKeyConstraint CRUD operations\n  table-grant          tableGrant CRUD operations\n  trigger              trigger CRUD operations\n  unique-constraint    uniqueConstraint CRUD operations\n  view                 view CRUD operations\n  view-table           viewTable CRUD operations\n  view-grant           viewGrant CRUD operations\n  view-rule            viewRule CRUD operations\n  embedding-chunk      embeddingChunk CRUD operations\n  table-template-module tableTemplateModule CRUD operations\n  secure-table-provision secureTableProvision CRUD operations\n  relation-provision   relationProvision CRUD operations\n  schema-grant         schemaGrant CRUD operations\n  default-privilege    defaultPrivilege CRUD operations\n  enum                 enum CRUD operations\n  api-schema           apiSchema CRUD operations\n  api-module           apiModule CRUD operations\n  domain               domain CRUD operations\n  site-metadatum       siteMetadatum CRUD operations\n  site-module          siteModule CRUD operations\n  site-theme           siteTheme CRUD operations\n  trigger-function     triggerFunction CRUD operations\n  database-transfer    databaseTransfer CRUD operations\n  api                  api CRUD operations\n  site                 site CRUD operations\n  app                  app CRUD operations\n  connected-accounts-module connectedAccountsModule CRUD operations\n  crypto-addresses-module cryptoAddressesModule CRUD operations\n  crypto-auth-module   cryptoAuthModule CRUD operations\n  default-ids-module   defaultIdsModule CRUD operations\n  denormalized-table-field denormalizedTableField CRUD operations\n  emails-module        emailsModule CRUD operations\n  encrypted-secrets-module encryptedSecretsModule CRUD operations\n  invites-module       invitesModule CRUD operations\n  levels-module        levelsModule CRUD operations\n  limits-module        limitsModule CRUD operations\n  membership-types-module membershipTypesModule CRUD operations\n  memberships-module   membershipsModule CRUD operations\n  permissions-module   permissionsModule CRUD operations\n  phone-numbers-module phoneNumbersModule CRUD operations\n  profiles-module      profilesModule CRUD operations\n  secrets-module       secretsModule CRUD operations\n  sessions-module      sessionsModule CRUD operations\n  user-auth-module     userAuthModule CRUD operations\n  users-module         usersModule CRUD operations\n  blueprint            blueprint CRUD operations\n  blueprint-template   blueprintTemplate CRUD operations\n  blueprint-construction blueprintConstruction CRUD operations\n  storage-module       storageModule CRUD operations\n  database-provision-module databaseProvisionModule CRUD operations\n  app-admin-grant      appAdminGrant CRUD operations\n  app-owner-grant      appOwnerGrant CRUD operations\n  app-grant            appGrant CRUD operations\n  org-membership       orgMembership CRUD operations\n  org-member           orgMember CRUD operations\n  org-admin-grant      orgAdminGrant CRUD operations\n  org-owner-grant      orgOwnerGrant CRUD operations\n  org-grant            orgGrant CRUD operations\n  org-chart-edge       orgChartEdge CRUD operations\n  org-chart-edge-grant orgChartEdgeGrant CRUD operations\n  org-permission-default orgPermissionDefault CRUD operations\n  app-limit            appLimit CRUD operations\n  org-limit            orgLimit CRUD operations\n  app-step             appStep CRUD operations\n  app-achievement      appAchievement CRUD operations\n  app-level            appLevel CRUD operations\n  email                email CRUD operations\n  phone-number         phoneNumber CRUD operations\n  crypto-address       cryptoAddress CRUD operations\n  connected-account    connectedAccount CRUD operations\n  invite               invite CRUD operations\n  claimed-invite       claimedInvite CRUD operations\n  org-invite           orgInvite CRUD operations\n  org-claimed-invite   orgClaimedInvite CRUD operations\n  audit-log            auditLog CRUD operations\n  app-permission-default appPermissionDefault CRUD operations\n  ref                  ref CRUD operations\n  store                store CRUD operations\n  role-type            roleType CRUD operations\n  migrate-file         migrateFile CRUD operations\n  app-limit-default    appLimitDefault CRUD operations\n  org-limit-default    orgLimitDefault CRUD operations\n  membership-type      membershipType CRUD operations\n  app-membership-default appMembershipDefault CRUD operations\n  commit               commit CRUD operations\n  org-membership-default orgMembershipDefault CRUD operations\n  rls-module           rlsModule CRUD operations\n  sql-action           sqlAction CRUD operations\n  user                 user CRUD operations\n  ast-migration        astMigration CRUD operations\n  app-membership       appMembership CRUD operations\n  hierarchy-module     hierarchyModule CRUD operations\n  current-user-id      currentUserId\n  current-ip-address   currentIpAddress\n  current-user-agent   currentUserAgent\n  app-permissions-get-padded-mask appPermissionsGetPaddedMask\n  org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n  steps-achieved       stepsAchieved\n  rev-parse            revParse\n  org-is-manager-of    orgIsManagerOf\n  app-permissions-get-mask appPermissionsGetMask\n  org-permissions-get-mask orgPermissionsGetMask\n  resolve-blueprint-table Resolves a table_name (with optional schema_name) to a table_id. Resolution order: (1) if schema_name provided, exact lookup via metaschema_public.schema.name + metaschema_public.table; (2) check local table_map (tables created in current blueprint); (3) search metaschema_public.table by name across all schemas; (4) if multiple matches, throw ambiguous error asking for schema_name; (5) if no match, throw not-found error.\n  app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n  org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n  get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-object-at-path   getObjectAtPath\n  app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n  org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n  steps-required       Reads and enables pagination through a set of `AppLevelRequirement`.\n  current-user         currentUser\n  send-account-deletion-email sendAccountDeletionEmail\n  sign-out             signOut\n  accept-database-transfer acceptDatabaseTransfer\n  cancel-database-transfer cancelDatabaseTransfer\n  reject-database-transfer rejectDatabaseTransfer\n  submit-invite-code   submitInviteCode\n  submit-org-invite-code submitOrgInviteCode\n  check-password       checkPassword\n  confirm-delete-account confirmDeleteAccount\n  set-password         setPassword\n  verify-email         verifyEmail\n  freeze-objects       freezeObjects\n  init-empty-repo      initEmptyRepo\n  construct-blueprint  Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Five phases: (1) provision_table() for each table with all nodes[], fields[], policies[], grants, and table-level indexes/fts/unique_constraints in a single call, (2) provision_relation() for each relation, (3) provision_index() for top-level indexes, (4) provision_full_text_search() for top-level FTS, (5) provision_unique_constraint() for top-level unique constraints. Tables are identified by table_name with optional per-table schema_name. Relations use $type for relation_type with source_table/target_table. Returns the construction record ID on success, NULL on failure.\n  reset-password       resetPassword\n  remove-node-at-path  removeNodeAtPath\n  copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n  bootstrap-user       bootstrapUser\n  set-field-order      setFieldOrder\n  provision-unique-constraint Creates a unique constraint on a table. Accepts a jsonb definition with columns (array of field names). Graceful: skips if the exact same unique constraint already exists.\n  provision-full-text-search Creates a full-text search configuration on a table. Accepts a jsonb definition with field (tsvector column name) and sources (array of {field, weight, lang}). Graceful: skips if FTS config already exists for the same (table_id, field_id). Returns the fts_id.\n  provision-index      Creates an index on a table. Accepts a jsonb definition with columns (array of names or single column string), access_method (default BTREE), is_unique, op_classes, options, and name (auto-generated if omitted). Graceful: skips if an index with the same (table_id, field_ids, access_method) already exists. Returns the index_id.\n  set-data-at-path     setDataAtPath\n  set-props-and-commit setPropsAndCommit\n  provision-database-with-user provisionDatabaseWithUser\n  insert-node-at-path  insertNodeAtPath\n  update-node-at-path  updateNodeAtPath\n  set-and-commit       setAndCommit\n  provision-relation   Composable relation provisioning: creates FK fields, indexes, unique constraints, and junction tables depending on the relation_type. Supports RelationBelongsTo, RelationHasOne, RelationHasMany, and RelationManyToMany. ManyToMany uses provision_table() internally for junction table creation with full node/grant/policy support. All operations are graceful (skip existing). Returns (out_field_id, out_junction_table_id, out_source_field_id, out_target_field_id).\n  apply-rls            applyRls\n  sign-in-one-time-token signInOneTimeToken\n  create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n  - database_name: Name for the new database (required)\n  - owner_id: UUID of the owner user (required)\n  - include_invites: Include invite system (default: true)\n  - include_groups: Include group-level memberships (default: false)\n  - include_levels: Include levels/achievements (default: false)\n  - bitlen: Bit length for permission masks (default: 64)\n  - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true);  -- with invites and groups\n\n  extend-token-expires extendTokenExpires\n  sign-in              signIn\n  sign-up              signUp\n  one-time-token       oneTimeToken\n  provision-table      Composable table provisioning: creates or finds a table, then creates fields (so Data* modules can reference them), applies N nodes (Data* modules), enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).\n  send-verification-email sendVerificationEmail\n  forgot-password      forgotPassword\n  verify-password      verifyPassword\n  verify-totp          verifyTotp\n\n  --help, -h            Show this help message\n  --version, -v         Show version\n";
+const usage = "\ncsdk <command>\n\nCommands:\n  context               Manage API contexts\n  auth                  Manage authentication\n  org-get-managers-record orgGetManagersRecord CRUD operations\n  org-get-subordinates-record orgGetSubordinatesRecord CRUD operations\n  get-all-record       getAllRecord CRUD operations\n  object               object CRUD operations\n  app-permission       appPermission CRUD operations\n  org-permission       orgPermission CRUD operations\n  app-level-requirement appLevelRequirement CRUD operations\n  database             database CRUD operations\n  schema               schema CRUD operations\n  table                table CRUD operations\n  check-constraint     checkConstraint CRUD operations\n  field                field CRUD operations\n  foreign-key-constraint foreignKeyConstraint CRUD operations\n  full-text-search     fullTextSearch CRUD operations\n  index                index CRUD operations\n  policy               policy CRUD operations\n  primary-key-constraint primaryKeyConstraint CRUD operations\n  table-grant          tableGrant CRUD operations\n  trigger              trigger CRUD operations\n  unique-constraint    uniqueConstraint CRUD operations\n  view                 view CRUD operations\n  view-table           viewTable CRUD operations\n  view-grant           viewGrant CRUD operations\n  view-rule            viewRule CRUD operations\n  embedding-chunk      embeddingChunk CRUD operations\n  table-template-module tableTemplateModule CRUD operations\n  secure-table-provision secureTableProvision CRUD operations\n  relation-provision   relationProvision CRUD operations\n  schema-grant         schemaGrant CRUD operations\n  default-privilege    defaultPrivilege CRUD operations\n  enum                 enum CRUD operations\n  api-schema           apiSchema CRUD operations\n  api-module           apiModule CRUD operations\n  domain               domain CRUD operations\n  site-metadatum       siteMetadatum CRUD operations\n  site-module          siteModule CRUD operations\n  site-theme           siteTheme CRUD operations\n  trigger-function     triggerFunction CRUD operations\n  database-transfer    databaseTransfer CRUD operations\n  api                  api CRUD operations\n  site                 site CRUD operations\n  app                  app CRUD operations\n  connected-accounts-module connectedAccountsModule CRUD operations\n  crypto-addresses-module cryptoAddressesModule CRUD operations\n  crypto-auth-module   cryptoAuthModule CRUD operations\n  default-ids-module   defaultIdsModule CRUD operations\n  denormalized-table-field denormalizedTableField CRUD operations\n  emails-module        emailsModule CRUD operations\n  encrypted-secrets-module encryptedSecretsModule CRUD operations\n  invites-module       invitesModule CRUD operations\n  levels-module        levelsModule CRUD operations\n  limits-module        limitsModule CRUD operations\n  membership-types-module membershipTypesModule CRUD operations\n  memberships-module   membershipsModule CRUD operations\n  permissions-module   permissionsModule CRUD operations\n  phone-numbers-module phoneNumbersModule CRUD operations\n  profiles-module      profilesModule CRUD operations\n  secrets-module       secretsModule CRUD operations\n  sessions-module      sessionsModule CRUD operations\n  user-auth-module     userAuthModule CRUD operations\n  users-module         usersModule CRUD operations\n  blueprint            blueprint CRUD operations\n  blueprint-template   blueprintTemplate CRUD operations\n  blueprint-construction blueprintConstruction CRUD operations\n  storage-module       storageModule CRUD operations\n  database-provision-module databaseProvisionModule CRUD operations\n  app-admin-grant      appAdminGrant CRUD operations\n  app-owner-grant      appOwnerGrant CRUD operations\n  app-grant            appGrant CRUD operations\n  org-membership       orgMembership CRUD operations\n  org-member           orgMember CRUD operations\n  org-admin-grant      orgAdminGrant CRUD operations\n  org-owner-grant      orgOwnerGrant CRUD operations\n  org-grant            orgGrant CRUD operations\n  org-chart-edge       orgChartEdge CRUD operations\n  org-chart-edge-grant orgChartEdgeGrant CRUD operations\n  org-permission-default orgPermissionDefault CRUD operations\n  app-limit            appLimit CRUD operations\n  org-limit            orgLimit CRUD operations\n  app-step             appStep CRUD operations\n  app-achievement      appAchievement CRUD operations\n  app-level            appLevel CRUD operations\n  email                email CRUD operations\n  phone-number         phoneNumber CRUD operations\n  crypto-address       cryptoAddress CRUD operations\n  connected-account    connectedAccount CRUD operations\n  invite               invite CRUD operations\n  claimed-invite       claimedInvite CRUD operations\n  org-invite           orgInvite CRUD operations\n  org-claimed-invite   orgClaimedInvite CRUD operations\n  audit-log            auditLog CRUD operations\n  app-permission-default appPermissionDefault CRUD operations\n  ref                  ref CRUD operations\n  store                store CRUD operations\n  role-type            roleType CRUD operations\n  migrate-file         migrateFile CRUD operations\n  app-limit-default    appLimitDefault CRUD operations\n  org-limit-default    orgLimitDefault CRUD operations\n  membership-type      membershipType CRUD operations\n  app-membership-default appMembershipDefault CRUD operations\n  commit               commit CRUD operations\n  org-membership-default orgMembershipDefault CRUD operations\n  rls-module           rlsModule CRUD operations\n  sql-action           sqlAction CRUD operations\n  user                 user CRUD operations\n  ast-migration        astMigration CRUD operations\n  app-membership       appMembership CRUD operations\n  hierarchy-module     hierarchyModule CRUD operations\n  current-user-id      currentUserId\n  current-ip-address   currentIpAddress\n  current-user-agent   currentUserAgent\n  app-permissions-get-padded-mask appPermissionsGetPaddedMask\n  org-permissions-get-padded-mask orgPermissionsGetPaddedMask\n  steps-achieved       stepsAchieved\n  rev-parse            revParse\n  org-is-manager-of    orgIsManagerOf\n  app-permissions-get-mask appPermissionsGetMask\n  org-permissions-get-mask orgPermissionsGetMask\n  resolve-blueprint-table Resolves a table_name (with optional schema_name) to a table_id. Resolution order: (1) if schema_name provided, exact lookup via metaschema_public.schema.name + metaschema_public.table; (2) check local table_map (tables created in current blueprint); (3) search metaschema_public.table by name across all schemas; (4) if multiple matches, throw ambiguous error asking for schema_name; (5) if no match, throw not-found error.\n  app-permissions-get-mask-by-names appPermissionsGetMaskByNames\n  org-permissions-get-mask-by-names orgPermissionsGetMaskByNames\n  get-all-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-path-objects-from-root Reads and enables pagination through a set of `Object`.\n  get-object-at-path   getObjectAtPath\n  app-permissions-get-by-mask Reads and enables pagination through a set of `AppPermission`.\n  org-permissions-get-by-mask Reads and enables pagination through a set of `OrgPermission`.\n  steps-required       Reads and enables pagination through a set of `AppLevelRequirement`.\n  current-user         currentUser\n  send-account-deletion-email sendAccountDeletionEmail\n  sign-out             signOut\n  accept-database-transfer acceptDatabaseTransfer\n  cancel-database-transfer cancelDatabaseTransfer\n  reject-database-transfer rejectDatabaseTransfer\n  submit-invite-code   submitInviteCode\n  submit-org-invite-code submitOrgInviteCode\n  check-password       checkPassword\n  confirm-delete-account confirmDeleteAccount\n  set-password         setPassword\n  verify-email         verifyEmail\n  freeze-objects       freezeObjects\n  init-empty-repo      initEmptyRepo\n  construct-blueprint  Executes a blueprint definition by delegating to provision_* procedures. Creates a blueprint_construction record to track the attempt. Five phases: (1) provision_table() for each table with all nodes[], fields[], policies[], grants, and table-level indexes/fts/unique_constraints in a single call, (2) provision_relation() for each relation, (3) provision_index() for top-level indexes, (4) provision_full_text_search() for top-level FTS, (5) provision_unique_constraint() for top-level unique constraints. Tables are identified by table_name with optional per-table schema_name. Relations use $type for relation_type with source_table/target_table. Returns the construction record ID on success, NULL on failure.\n  reset-password       resetPassword\n  remove-node-at-path  removeNodeAtPath\n  copy-template-to-blueprint Creates a new blueprint by copying a template definition. Checks visibility: owners can always copy their own templates, others require public visibility. Increments the template copy_count. Returns the new blueprint ID.\n  bootstrap-user       bootstrapUser\n  set-field-order      setFieldOrder\n  provision-unique-constraint Creates a unique constraint on a table. Accepts a jsonb definition with columns (array of field names). Graceful: skips if the exact same unique constraint already exists.\n  provision-full-text-search Creates a full-text search configuration on a table. Accepts a jsonb definition with field (tsvector column name) and sources (array of {field, weight, lang}). Graceful: skips if FTS config already exists for the same (table_id, field_id). Returns the fts_id.\n  provision-index      Creates an index on a table. Accepts a jsonb definition with columns (array of names or single column string), access_method (default BTREE), is_unique, op_classes, options, and name (auto-generated if omitted). Graceful: skips if an index with the same (table_id, field_ids, access_method) already exists. Returns the index_id.\n  set-data-at-path     setDataAtPath\n  set-props-and-commit setPropsAndCommit\n  provision-database-with-user provisionDatabaseWithUser\n  insert-node-at-path  insertNodeAtPath\n  update-node-at-path  updateNodeAtPath\n  set-and-commit       setAndCommit\n  provision-relation   Composable relation provisioning: creates FK fields, indexes, unique constraints, and junction tables depending on the relation_type. Supports RelationBelongsTo, RelationHasOne, RelationHasMany, and RelationManyToMany. ManyToMany uses provision_table() internally for junction table creation with full node/grant/policy support. All operations are graceful (skip existing). Returns (out_field_id, out_junction_table_id, out_source_field_id, out_target_field_id).\n  apply-rls            applyRls\n  sign-in-one-time-token signInOneTimeToken\n  create-user-database Creates a new user database with all required modules, permissions, and RLS policies.\n\nParameters:\n  - database_name: Name for the new database (required)\n  - owner_id: UUID of the owner user (required)\n  - include_invites: Include invite system (default: true)\n  - include_groups: Include group-level memberships (default: false)\n  - include_levels: Include levels/achievements (default: false)\n  - bitlen: Bit length for permission masks (default: 64)\n  - tokens_expiration: Token expiration interval (default: 30 days)\n\nReturns the database_id UUID of the newly created database.\n\nExample usage:\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid);\n  SELECT metaschema_public.create_user_database('my_app', 'a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11'::uuid, true, true);  -- with invites and groups\n\n  extend-token-expires extendTokenExpires\n  sign-in              signIn\n  sign-up              signUp\n  one-time-token       oneTimeToken\n  provision-table      Composable table provisioning: creates or finds a table, then creates fields (so Data* modules can reference them), applies N nodes (Data* modules), enables RLS, creates grants, creates N policies, and optionally creates table-level indexes/full_text_searches/unique_constraints. All operations are graceful (skip existing). Accepts multiple nodes and multiple policies per call, unlike secure_table_provision which is limited to one of each. Returns (out_table_id, out_fields).\n  send-verification-email sendVerificationEmail\n  forgot-password      forgotPassword\n  verify-password      verifyPassword\n  verify-totp          verifyTotp\n  request-upload-url   Request a presigned URL for uploading a file directly to S3.\nClient computes SHA-256 of the file content and provides it here.\nIf a file with the same hash already exists (dedup), returns the\nexisting file ID and deduplicated=true with no uploadUrl.\n  confirm-upload       Confirm that a file has been uploaded to S3.\nVerifies the object exists in S3, checks content-type,\nand transitions the file status from 'pending' to 'ready'.\n  provision-bucket     Provision an S3 bucket for a logical bucket in the database.\nReads the bucket config via RLS, then creates and configures\nthe S3 bucket with the appropriate privacy policies, CORS rules,\nand lifecycle settings.\n\n  --help, -h            Show this help message\n  --version, -v         Show version\n";
 export const commands = async (argv, prompter, options) => {
     if (argv.help || argv.h) {
         console.log(usage);

package/esm/public/cli/executor.d.ts

@@ -416,5 +416,20 @@ export declare function getClient(contextName?: string): {
         } & import("..").StrictSelect<S, import("../orm/input-types").VerifyTotpPayloadSelect>) => import("..").QueryBuilder<{
             verifyTotp: import("..").InferSelectResult<import("../orm/input-types").VerifyTotpPayload, S> | null;
         }>;
+        requestUploadUrl: <S extends import("../orm/input-types").RequestUploadUrlPayloadSelect>(args: import("../orm/mutation").RequestUploadUrlVariables, options: {
+            select: S;
+        } & import("..").StrictSelect<S, import("../orm/input-types").RequestUploadUrlPayloadSelect>) => import("..").QueryBuilder<{
+            requestUploadUrl: import("..").InferSelectResult<import("../orm/input-types").RequestUploadUrlPayload, S> | null;
+        }>;
+        confirmUpload: <S extends import("../orm/input-types").ConfirmUploadPayloadSelect>(args: import("../orm/mutation").ConfirmUploadVariables, options: {
+            select: S;
+        } & import("..").StrictSelect<S, import("../orm/input-types").ConfirmUploadPayloadSelect>) => import("..").QueryBuilder<{
+            confirmUpload: import("..").InferSelectResult<import("../orm/input-types").ConfirmUploadPayload, S> | null;
+        }>;
+        provisionBucket: <S extends import("../orm/input-types").ProvisionBucketPayloadSelect>(args: import("../orm/mutation").ProvisionBucketVariables, options: {
+            select: S;
+        } & import("..").StrictSelect<S, import("../orm/input-types").ProvisionBucketPayloadSelect>) => import("..").QueryBuilder<{
+            provisionBucket: import("..").InferSelectResult<import("../orm/input-types").ProvisionBucketPayload, S> | null;
+        }>;
     };
 };

package/esm/public/orm/index.d.ts

@@ -555,5 +555,20 @@ export declare function createClient(config: OrmClientConfig): {
         } & import("./select-types").StrictSelect<S, import("./input-types").VerifyTotpPayloadSelect>) => import("./query-builder").QueryBuilder<{
             verifyTotp: import("./select-types").InferSelectResult<import("./input-types").VerifyTotpPayload, S> | null;
         }>;
+        requestUploadUrl: <S extends import("./input-types").RequestUploadUrlPayloadSelect>(args: import("./mutation").RequestUploadUrlVariables, options: {
+            select: S;
+        } & import("./select-types").StrictSelect<S, import("./input-types").RequestUploadUrlPayloadSelect>) => import("./query-builder").QueryBuilder<{
+            requestUploadUrl: import("./select-types").InferSelectResult<import("./input-types").RequestUploadUrlPayload, S> | null;
+        }>;
+        confirmUpload: <S extends import("./input-types").ConfirmUploadPayloadSelect>(args: import("./mutation").ConfirmUploadVariables, options: {
+            select: S;
+        } & import("./select-types").StrictSelect<S, import("./input-types").ConfirmUploadPayloadSelect>) => import("./query-builder").QueryBuilder<{
+            confirmUpload: import("./select-types").InferSelectResult<import("./input-types").ConfirmUploadPayload, S> | null;
+        }>;
+        provisionBucket: <S extends import("./input-types").ProvisionBucketPayloadSelect>(args: import("./mutation").ProvisionBucketVariables, options: {
+            select: S;
+        } & import("./select-types").StrictSelect<S, import("./input-types").ProvisionBucketPayloadSelect>) => import("./query-builder").QueryBuilder<{
+            provisionBucket: import("./select-types").InferSelectResult<import("./input-types").ProvisionBucketPayload, S> | null;
+        }>;
     };
 };