npm - @microsoft/sentinel-cli - Versions diffs - 0.1.0 → 0.2.0 - Mend

@microsoft/sentinel-cli 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +987 -378
package/package.json +4 -2

package/dist/index.js CHANGED Viewed

@@ -44,7 +44,7 @@ var require_correlationService = __commonJS({
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.CorrelationService = void 0;
     var crypto_1 = require("crypto");
-    var CorrelationService = class {
+    var CorrelationService4 = class {
       /**
        * Creates a new correlation context with a unique ID for request tracking.
        * @returns A UUID string to be used as a correlation ID in API requests and telemetry.
@@ -61,7 +61,7 @@ var require_correlationService = __commonJS({
         return response?.headers?.["x-ms-correlation-request-id"];
       }
     };
-    exports2.CorrelationService = CorrelationService;
+    exports2.CorrelationService = CorrelationService4;
   }
 });
@@ -187,7 +187,7 @@ var require_requestService = __commonJS({
       retryableStatusCodes: Object.freeze([429, 500, 502, 503, 504]),
       retryableErrors: Object.freeze(["ECONNRESET", "ETIMEDOUT", "ENOTFOUND", "ECONNABORTED"])
     });
-    var RequestService = class {
+    var RequestService3 = class {
       telemetry;
       headerBuilder;
       constructor(telemetry, headerBuilder) {
@@ -439,7 +439,7 @@ var require_requestService = __commonJS({
         return urlObj.toString();
       }
     };
-    exports2.RequestService = RequestService;
+    exports2.RequestService = RequestService3;
     function getPathFromUrl(url) {
       const urlObject = new URL(url);
       return urlObject.pathname;
@@ -473,13 +473,61 @@ var require_client = __commonJS({
   }
 });
-// ../../packages/common/dist/src/constants.js
+// ../../packages/common/dist/src/constants/jobEventNames.js
+var require_jobEventNames = __commonJS({
+  "../../packages/common/dist/src/constants/jobEventNames.js"(exports2) {
+    "use strict";
+    init_cjs_shims();
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.JobApiEvents = void 0;
+    exports2.JobApiEvents = {
+      LOAD_JOBS: "JobsPanel.Load.Jobs",
+      CREATE_JOB: "Jobs.Create.Job",
+      GET_JOB: "Jobs.Get.Job",
+      DELETE_JOB: "Jobs.Delete.Job"
+    };
+  }
+});
+// ../../packages/common/dist/src/constants/lakeEventNames.js
+var require_lakeEventNames = __commonJS({
+  "../../packages/common/dist/src/constants/lakeEventNames.js"(exports2) {
+    "use strict";
+    init_cjs_shims();
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.LakeApiEvents = void 0;
+    exports2.LakeApiEvents = {
+      LOAD_TABLES: "LakeTablesPanel.Load.Tables",
+      LOAD_DATABASES: "LakeTablesPanel.Load.Databases"
+    };
+  }
+});
+// ../../packages/common/dist/src/constants/index.js
 var require_constants = __commonJS({
-  "../../packages/common/dist/src/constants.js"(exports2) {
+  "../../packages/common/dist/src/constants/index.js"(exports2) {
     "use strict";
     init_cjs_shims();
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      var desc = Object.getOwnPropertyDescriptor(m, k);
+      if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+        desc = { enumerable: true, get: function() {
+          return m[k];
+        } };
+      }
+      Object.defineProperty(o, k2, desc);
+    }) : (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      o[k2] = m[k];
+    }));
+    var __exportStar = exports2 && exports2.__exportStar || function(m, exports3) {
+      for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports3, p)) __createBinding(exports3, m, p);
+    };
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.FulfillmentStatus = exports2.PackageManifestIdValues = exports2.PackageManifestTypes = exports2.CANCEL_DEPLOYMENT_REQUEST_TYPE = exports2.NEW_DEPLOYMENT_REQUEST_TYPE = void 0;
+    __exportStar(require_jobEventNames(), exports2);
+    __exportStar(require_lakeEventNames(), exports2);
     exports2.NEW_DEPLOYMENT_REQUEST_TYPE = "NewDeploymentRequest";
     exports2.CANCEL_DEPLOYMENT_REQUEST_TYPE = "CancelSubscription";
     var PackageManifestTypes;
@@ -539,10 +587,10 @@ var require_securityPlatformEnvironment = __commonJS({
     init_cjs_shims();
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.SecurityPlatformEnvironment = void 0;
-    var SecurityPlatformEnvironment5;
-    (function(SecurityPlatformEnvironment6) {
-      SecurityPlatformEnvironment6["Production"] = "production";
-    })(SecurityPlatformEnvironment5 || (exports2.SecurityPlatformEnvironment = SecurityPlatformEnvironment5 = {}));
+    var SecurityPlatformEnvironment8;
+    (function(SecurityPlatformEnvironment9) {
+      SecurityPlatformEnvironment9["Production"] = "production";
+    })(SecurityPlatformEnvironment8 || (exports2.SecurityPlatformEnvironment = SecurityPlatformEnvironment8 = {}));
   }
 });
@@ -644,9 +692,9 @@ var require_api_env = __commonJS({
     "use strict";
     init_cjs_shims();
     Object.defineProperty(exports2, "__esModule", { value: true });
-    exports2.getApiEnv = getApiEnv5;
+    exports2.getApiEnv = getApiEnv8;
     var helper_1 = require_helper();
-    function getApiEnv5(env) {
+    function getApiEnv8(env) {
       return (0, helper_1.getEnvironmentConfig)(env);
     }
   }
@@ -2690,6 +2738,15 @@ var require_jobResponse = __commonJS({
   }
 });
+// ../../packages/common/dist/src/models/jobs/listJobsResult.js
+var require_listJobsResult = __commonJS({
+  "../../packages/common/dist/src/models/jobs/listJobsResult.js"(exports2) {
+    "use strict";
+    init_cjs_shims();
+    Object.defineProperty(exports2, "__esModule", { value: true });
+  }
+});
 // ../../packages/common/dist/src/models/jobs/index.js
 var require_jobs = __commonJS({
   "../../packages/common/dist/src/models/jobs/index.js"(exports2) {
@@ -2719,6 +2776,7 @@ var require_jobs = __commonJS({
     __exportStar(require_repeatFrequency(), exports2);
     __exportStar(require_jobTrigger(), exports2);
     __exportStar(require_jobResponse(), exports2);
+    __exportStar(require_listJobsResult(), exports2);
   }
 });
@@ -2844,6 +2902,228 @@ var require_models = __commonJS({
   }
 });
+// ../../packages/common/dist/src/services/jobs/jobApiClient.js
+var require_jobApiClient = __commonJS({
+  "../../packages/common/dist/src/services/jobs/jobApiClient.js"(exports2) {
+    "use strict";
+    init_cjs_shims();
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.JobApiClient = void 0;
+    var sentinel_graph_job_1 = require_dist();
+    var jobEventNames_1 = require_jobEventNames();
+    var API_VERSION = "2023-09-30-preview";
+    var JOB_PATHS = {
+      JOBS: "/jobs"
+    };
+    var JobApiClient2 = class {
+      requestService;
+      baseUrl;
+      constructor(options) {
+        this.requestService = options.requestService;
+        this.baseUrl = options.baseUrl.replace(/\/+$/, "");
+      }
+      get jobsUrl() {
+        return `${this.baseUrl}${JOB_PATHS.JOBS}`;
+      }
+      jobUrl(jobName) {
+        return `${this.jobsUrl}/${encodeURIComponent(jobName)}`;
+      }
+      async createJob(jobName, payload, token, requestId) {
+        if (!jobName?.trim()) {
+          throw new Error("Job name is required");
+        }
+        return this.requestService.put({
+          url: this.jobUrl(jobName),
+          params: { "api-version": API_VERSION },
+          eventName: jobEventNames_1.JobApiEvents.CREATE_JOB,
+          body: JSON.stringify(payload),
+          token,
+          requestId
+        });
+      }
+      async getJob(jobName, token, requestId) {
+        if (!jobName?.trim()) {
+          throw new Error("Job name is required");
+        }
+        return this.requestService.get({
+          url: this.jobUrl(jobName),
+          params: { "api-version": API_VERSION },
+          eventName: jobEventNames_1.JobApiEvents.GET_JOB,
+          token,
+          requestId
+        });
+      }
+      async deleteJob(jobName, token, requestId) {
+        if (!jobName?.trim()) {
+          throw new Error("Job name is required");
+        }
+        return this.requestService.delete({
+          url: this.jobUrl(jobName),
+          params: { "api-version": API_VERSION },
+          eventName: jobEventNames_1.JobApiEvents.DELETE_JOB,
+          token,
+          requestId
+        });
+      }
+      async listJobs(token, requestId) {
+        const jobs = [];
+        let continuationToken = void 0;
+        do {
+          const params = { jobType: sentinel_graph_job_1.JobType.Notebook, "api-version": API_VERSION };
+          if (continuationToken !== null && continuationToken !== void 0) {
+            params.continuationToken = continuationToken;
+          }
+          const data = await this.requestService.get({
+            url: this.jobsUrl,
+            params,
+            eventName: jobEventNames_1.JobApiEvents.LOAD_JOBS,
+            token,
+            requestId
+          });
+          if (data?.results) {
+            const pageJobs = data.results.map((result) => {
+              if (!result.jobDefinition.jobName) {
+                return null;
+              }
+              return {
+                jobName: result.jobDefinition.jobName,
+                id: result.jobDefinition.jobDefinitionId,
+                isDisabled: result.jobDefinition.isDisabled,
+                jobType: result.jobDefinition.jobType
+              };
+            }).filter((job) => job !== null);
+            jobs.push(...pageJobs);
+          }
+          continuationToken = data?.continuationToken ?? null;
+        } while (continuationToken !== null);
+        return jobs;
+      }
+    };
+    exports2.JobApiClient = JobApiClient2;
+  }
+});
+// ../../packages/common/dist/src/services/jobs/index.js
+var require_jobs2 = __commonJS({
+  "../../packages/common/dist/src/services/jobs/index.js"(exports2) {
+    "use strict";
+    init_cjs_shims();
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.JobApiClient = void 0;
+    var jobApiClient_1 = require_jobApiClient();
+    Object.defineProperty(exports2, "JobApiClient", { enumerable: true, get: function() {
+      return jobApiClient_1.JobApiClient;
+    } });
+  }
+});
+// ../../packages/common/dist/src/services/lake/lakeApiClient.js
+var require_lakeApiClient = __commonJS({
+  "../../packages/common/dist/src/services/lake/lakeApiClient.js"(exports2) {
+    "use strict";
+    init_cjs_shims();
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.LakeApiClient = void 0;
+    exports2.isFederatedTable = isFederatedTable;
+    exports2.getFederatedDatasourceKind = getFederatedDatasourceKind;
+    var lakeEventNames_1 = require_lakeEventNames();
+    var FEDERATED_TABLE_TYPE = "Federated";
+    function isFederatedTable(table) {
+      return table.tableType === FEDERATED_TABLE_TYPE;
+    }
+    function getFederatedDatasourceKind(table) {
+      return table.fabricDetails?.federationDetails?.federatedDatasourceKind;
+    }
+    var API_VERSION = {
+      DATABASES_API_VERSION: "2024-07-01",
+      TABLES_API_VERSION: "2024-05-01-preview"
+    };
+    var LAKE_PATHS = {
+      TABLES: "/lake/tables",
+      DATABASES: "/lake/databases"
+    };
+    var LakeApiClient2 = class {
+      requestService;
+      telemetry;
+      baseUrl;
+      constructor(options) {
+        this.requestService = options.requestService;
+        this.telemetry = options.telemetry;
+        this.baseUrl = options.baseUrl.replace(/\/+$/, "");
+      }
+      get tablesUrl() {
+        return `${this.baseUrl}${LAKE_PATHS.TABLES}`;
+      }
+      get databasesUrl() {
+        return `${this.baseUrl}${LAKE_PATHS.DATABASES}`;
+      }
+      /**
+       * Fetches all lake tables. If a database is specified, fetches tables for that database only.
+       */
+      async fetchLakeTables(accessToken, clientRequestId, database) {
+        const span = this.telemetry.span(lakeEventNames_1.LakeApiEvents.LOAD_TABLES, { requestId: clientRequestId ?? "" });
+        try {
+          let url = this.tablesUrl;
+          let params = database ? { databaseName: database.databaseName } : void 0;
+          const tables = [];
+          do {
+            const response = await this.fetchTables(url, accessToken, clientRequestId, params);
+            tables.push(...response.items);
+            url = response.nextLink || null;
+            params = void 0;
+          } while (url);
+          return tables;
+        } finally {
+          span.end();
+        }
+      }
+      async fetchDatabases(accessToken, clientRequestId) {
+        const data = await this.requestService.get({
+          url: this.databasesUrl,
+          params: { "api-version": API_VERSION.DATABASES_API_VERSION },
+          eventName: lakeEventNames_1.LakeApiEvents.LOAD_DATABASES,
+          token: accessToken,
+          requestId: clientRequestId
+        });
+        return data.value;
+      }
+      async fetchTables(url, accessToken, clientRequestId, params) {
+        return this.requestService.get({
+          url,
+          params: {
+            "api-version": API_VERSION.TABLES_API_VERSION,
+            ...params
+          },
+          eventName: lakeEventNames_1.LakeApiEvents.LOAD_TABLES,
+          token: accessToken,
+          requestId: clientRequestId
+        });
+      }
+    };
+    exports2.LakeApiClient = LakeApiClient2;
+  }
+});
+// ../../packages/common/dist/src/services/lake/index.js
+var require_lake2 = __commonJS({
+  "../../packages/common/dist/src/services/lake/index.js"(exports2) {
+    "use strict";
+    init_cjs_shims();
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.getFederatedDatasourceKind = exports2.isFederatedTable = exports2.LakeApiClient = void 0;
+    var lakeApiClient_1 = require_lakeApiClient();
+    Object.defineProperty(exports2, "LakeApiClient", { enumerable: true, get: function() {
+      return lakeApiClient_1.LakeApiClient;
+    } });
+    Object.defineProperty(exports2, "isFederatedTable", { enumerable: true, get: function() {
+      return lakeApiClient_1.isFederatedTable;
+    } });
+    Object.defineProperty(exports2, "getFederatedDatasourceKind", { enumerable: true, get: function() {
+      return lakeApiClient_1.getFederatedDatasourceKind;
+    } });
+  }
+});
 // ../../packages/common/dist/src/services/httpService.js
 var require_httpService = __commonJS({
   "../../packages/common/dist/src/services/httpService.js"(exports2) {
@@ -2855,7 +3135,7 @@ var require_httpService = __commonJS({
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.HttpService = void 0;
     var axios_1 = __importDefault(require("axios"));
-    var HttpService2 = class {
+    var HttpService = class {
       httpInstance;
       // Implement the interface
       constructor(httpInstance) {
@@ -2920,7 +3200,7 @@ var require_httpService = __commonJS({
         }
       }
     };
-    exports2.HttpService = HttpService2;
+    exports2.HttpService = HttpService;
   }
 });
@@ -2933,81 +3213,6 @@ var require_httpServiceInterface = __commonJS({
   }
 });
-// ../../packages/common/dist/src/services/jobService.js
-var require_jobService = __commonJS({
-  "../../packages/common/dist/src/services/jobService.js"(exports2) {
-    "use strict";
-    init_cjs_shims();
-    Object.defineProperty(exports2, "__esModule", { value: true });
-    exports2.JobService = void 0;
-    var JobService2 = class {
-      env;
-      region;
-      httpInstance;
-      API_VERSION = "2023-09-30-preview";
-      constructor(env, region, httpInstance) {
-        this.env = env;
-        this.region = region;
-        this.httpInstance = httpInstance;
-        if (!env || !region) {
-          throw new Error("Environment and region must be provided.");
-        }
-        if (!env.regions[region]) {
-          throw new Error(`Region ${region} is not configured.`);
-        }
-        if (!httpInstance) {
-          throw new Error("HTTP service instance must be provided.");
-        }
-        this.httpInstance = httpInstance;
-      }
-      async getHttpInstance() {
-        return this.httpInstance;
-      }
-      getBaseUrl() {
-        const regionConfig = this.env.regions[this.region];
-        return regionConfig.gatewayEndpoint;
-      }
-      async createJob(jobName, payload) {
-        if (!jobName?.trim()) {
-          throw new Error("Job name is required");
-        }
-        const httpInstance = await this.getHttpInstance();
-        const url = `${this.getBaseUrl()}jobs/${encodeURIComponent(jobName)}?api-version=${this.API_VERSION}`;
-        const { data } = await httpInstance.put(url, payload);
-        return data;
-      }
-      async getJob(jobName) {
-        if (!jobName?.trim()) {
-          throw new Error("Job name is required");
-        }
-        const httpInstance = await this.getHttpInstance();
-        const url = `${this.getBaseUrl()}jobs/${encodeURIComponent(jobName)}?api-version=${this.API_VERSION}`;
-        const { data } = await httpInstance.get(url);
-        return data;
-      }
-      async deleteJob(jobName) {
-        if (!jobName?.trim()) {
-          throw new Error("Job name is required");
-        }
-        const httpInstance = await this.getHttpInstance();
-        const url = `${this.getBaseUrl()}jobs/${encodeURIComponent(jobName)}?api-version=${this.API_VERSION}`;
-        const { data } = await httpInstance.delete(url);
-        return data;
-      }
-    };
-    exports2.JobService = JobService2;
-  }
-});
-// ../../packages/common/dist/src/services/jobServiceInterface.js
-var require_jobServiceInterface = __commonJS({
-  "../../packages/common/dist/src/services/jobServiceInterface.js"(exports2) {
-    "use strict";
-    init_cjs_shims();
-    Object.defineProperty(exports2, "__esModule", { value: true });
-  }
-});
 // ../../node_modules/.pnpm/js-yaml@4.1.1/node_modules/js-yaml/lib/common.js
 var require_common2 = __commonJS({
   "../../node_modules/.pnpm/js-yaml@4.1.1/node_modules/js-yaml/lib/common.js"(exports2, module2) {
@@ -7056,10 +7261,10 @@ var require_services = __commonJS({
     };
     Object.defineProperty(exports2, "__esModule", { value: true });
     __exportStar(require_httpConstants(), exports2);
+    __exportStar(require_jobs2(), exports2);
+    __exportStar(require_lake2(), exports2);
     __exportStar(require_httpService(), exports2);
     __exportStar(require_httpServiceInterface(), exports2);
-    __exportStar(require_jobService(), exports2);
-    __exportStar(require_jobServiceInterface(), exports2);
     __exportStar(require_manifestProcessorService(), exports2);
     __exportStar(require_manifestProcessorServiceInterface(), exports2);
     __exportStar(require_packageService(), exports2);
@@ -7210,14 +7415,115 @@ function addCreateZipCommand(packageCommand) {
   });
 }
-// src/commands/login.ts
+// src/commands/lake/database.ts
 init_cjs_shims();
-var os5 = __toESM(require("os"));
+var import_common9 = __toESM(require_src());
-// src/actions/authCodeLogin.ts
+// src/actions/lake/index.ts
+init_cjs_shims();
+// src/actions/lake/listDatabases.ts
 init_cjs_shims();
-var import_child_process = require("child_process");
 var import_common3 = __toESM(require_src());
+async function listDatabases(databaseService, accessToken) {
+  const requestId = import_common3.CorrelationService.createCorrelationContext();
+  console.info("Fetching databases...");
+  return databaseService.listDatabases(accessToken, requestId);
+}
+// src/actions/lake/listTables.ts
+init_cjs_shims();
+var import_common4 = __toESM(require_src());
+async function listTables(tableService, accessToken, database) {
+  const requestId = import_common4.CorrelationService.createCorrelationContext();
+  const scope = database ? ` for database "${database.databaseName}"` : "";
+  console.info(`Fetching lake tables${scope}...`);
+  return tableService.listTables(accessToken, requestId, database);
+}
+// src/services/lake/index.ts
+init_cjs_shims();
+// src/services/lake/databaseService.ts
+init_cjs_shims();
+var DatabaseService = class {
+  constructor(lakeApiClient) {
+    this.lakeApiClient = lakeApiClient;
+  }
+  async listDatabases(accessToken, requestId) {
+    return this.lakeApiClient.fetchDatabases(accessToken, requestId);
+  }
+};
+// src/services/lake/tableService.ts
+init_cjs_shims();
+var TableService = class {
+  constructor(lakeApiClient) {
+    this.lakeApiClient = lakeApiClient;
+  }
+  async listTables(accessToken, requestId, database) {
+    return this.lakeApiClient.fetchLakeTables(accessToken, requestId, database);
+  }
+};
+// src/services/lake/databaseLookup.ts
+init_cjs_shims();
+var SYSTEM_TABLES_DISPLAY_NAME = "System tables";
+var DEFAULT_DATABASE = { databaseName: "default" };
+async function lookupDatabase(options, lakeApiClient, accessToken) {
+  if (options.databaseId) {
+    if (options.databaseId === SYSTEM_TABLES_DISPLAY_NAME) {
+      return DEFAULT_DATABASE;
+    }
+    return lookupDatabaseById(options.databaseId, lakeApiClient, accessToken);
+  }
+  if (options.databaseName) {
+    if (options.databaseName === SYSTEM_TABLES_DISPLAY_NAME) {
+      return DEFAULT_DATABASE;
+    }
+    return lookupDatabaseByName(options.databaseName, lakeApiClient, accessToken);
+  }
+  return void 0;
+}
+async function lookupDatabaseById(databaseId, lakeApiClient, accessToken) {
+  const databaseService = new DatabaseService(lakeApiClient);
+  const databases = await listDatabases(databaseService, accessToken);
+  const match = databases.find((db) => db.databaseName === databaseId);
+  if (!match) {
+    console.error(
+      `Error: database "${databaseId}" not found. Run "sentinel database list" to see available databases.`
+    );
+    process.exit(1);
+  }
+  return match;
+}
+async function lookupDatabaseByName(databaseName, lakeApiClient, accessToken) {
+  const databaseService = new DatabaseService(lakeApiClient);
+  const databases = await listDatabases(databaseService, accessToken);
+  const match = databases.find((db) => db.sentinelWorkspace?.name === databaseName);
+  if (!match) {
+    console.error(
+      `Error: database "${databaseName}" not found. Run "sentinel database list" to see available databases.`
+    );
+    process.exit(1);
+  }
+  return match;
+}
+// src/services/getToken.ts
+init_cjs_shims();
+// src/auth/constants.ts
+init_cjs_shims();
+// src/auth/provider/TokenProviderFactory.ts
+init_cjs_shims();
+// src/auth/provider/DeviceCodeTokenProvider.ts
+init_cjs_shims();
+// src/services/msalAuth.ts
+init_cjs_shims();
 // src/auth/msalInstance.ts
 init_cjs_shims();
@@ -7241,8 +7547,8 @@ var PlatformType = /* @__PURE__ */ ((PlatformType2) => {
 })(PlatformType || {});
 async function createPersistence() {
   const cacheFilePath = import_path.default.join(import_os.default.homedir(), ".nsdcli-cache.json");
-  const platform3 = import_os.default.platform();
-  switch (platform3) {
+  const platform4 = import_os.default.platform();
+  switch (platform4) {
     case "win32" /* Windows */:
       return await import_msal_node_extensions.FilePersistenceWithDataProtection.create(cacheFilePath, import_msal_node_extensions.DataProtectionScope.CurrentUser);
     case "darwin" /* MacOS */:
@@ -7251,7 +7557,7 @@ async function createPersistence() {
       return await import_msal_node_extensions.LibSecretPersistence.create("nsdcli.service", "nsdcli.account", "nsdcli");
     default:
       throw new Error(
-        `Unsupported platform: ${platform3}. Supported platforms are: ${Object.values(PlatformType).join(", ")}`
+        `Unsupported platform: ${platform4}. Supported platforms are: ${Object.values(PlatformType).join(", ")}`
       );
   }
 }
@@ -7273,12 +7579,13 @@ async function getMsalConfig(environment, useCachePlugin = true, authorityOverri
     cache: cachePlugin ? { cachePlugin } : void 0,
     system: {
       loggerOptions: {
-        loggerCallback(_level, message, containsPii) {
-          if (!containsPii) {
-            console.log(message);
-          }
+        // Suppress all MSAL internal logs from appearing in CLI output.
+        // MSAL's Info/Verbose messages are library internals not useful to end users.
+        // Only Warning and above are passed to this callback, and we intentionally
+        // discard them to keep the CLI output clean.
+        loggerCallback() {
         },
-        logLevel: import_msal_node.LogLevel.Info,
+        logLevel: import_msal_node.LogLevel.Warning,
         piiLoggingEnabled: false
       }
     }
@@ -7302,54 +7609,50 @@ var getMsalInstance = async (env, authorityOverride) => {
   return msalInstances.get(key);
 };
-// src/actions/authCodeLogin.ts
-var apiEnv = (0, import_common3.getApiEnv)(import_common3.SecurityPlatformEnvironment.Production);
-function openSystemBrowser(url) {
-  return new Promise((resolve, reject) => {
-    const command = process.platform === "darwin" ? "open" : "xdg-open";
-    (0, import_child_process.execFile)(command, [url], (error) => {
-      if (error) {
-        reject(new Error(`Failed to open browser: ${error.message}`));
-      } else {
-        resolve();
-      }
-    });
-  });
-}
-async function browserAuthLogin(scopes) {
-  const msalInstance = await getMsalInstance(apiEnv);
-  console.log("\u{1F510} Starting browser login. A browser window will open.");
-  const result = await msalInstance.acquireTokenInteractive({
-    scopes,
-    openBrowser: openSystemBrowser,
-    successTemplate: "<h1>Authentication successful</h1><p>You may close this tab and return to the terminal.</p>",
-    errorTemplate: "<h1>Authentication failed</h1><p>{error}</p>"
-  });
-  if (!result?.accessToken) {
-    throw new Error("Token acquisition failed: received null or empty token.");
-  }
-  console.log("\u{1F511} Token acquired successfully.");
-  return result.accessToken;
-}
+// src/services/msalAuth.ts
+var import_common6 = __toESM(require_src());
-// src/actions/brokerLogin.ts
+// src/actions/defaultLogin.ts
 init_cjs_shims();
-var import_common4 = __toESM(require_src());
-var import_fs = __toESM(require("fs"));
-var import_os2 = __toESM(require("os"));
-var import_path2 = __toESM(require("path"));
-var apiEnv2 = (0, import_common4.getApiEnv)(import_common4.SecurityPlatformEnvironment.Production);
-var SENTINEL_DIR = import_path2.default.join(import_os2.default.homedir(), ".sentinel");
-var BROKER_ACCOUNT_FILE = import_path2.default.join(SENTINEL_DIR, "broker-account.json");
-function saveBrokerAccount(account, authority) {
-  import_fs.default.mkdirSync(SENTINEL_DIR, { recursive: true, mode: 448 });
-  const session = { account, authority };
-  const tempFile = `${BROKER_ACCOUNT_FILE}.tmp`;
-  import_fs.default.writeFileSync(tempFile, JSON.stringify(session, null, 2), { encoding: "utf8", mode: 384 });
-  import_fs.default.renameSync(tempFile, BROKER_ACCOUNT_FILE);
-}
-function loadBrokerAccount() {
-  try {
+var import_identity = require("@azure/identity");
+var DefaultCredentialProvider = class _DefaultCredentialProvider {
+  static instance;
+  constructor() {
+  }
+  static getInstance() {
+    if (!_DefaultCredentialProvider.instance) {
+      _DefaultCredentialProvider.instance = new _DefaultCredentialProvider();
+    }
+    return _DefaultCredentialProvider.instance;
+  }
+  async getToken(scopes) {
+    const credential = new import_identity.DefaultAzureCredential();
+    const token = await credential.getToken(scopes);
+    if (!token) {
+      throw new Error("Failed to acquire token using DefaultAzureCredential.");
+    }
+    return token;
+  }
+};
+// src/actions/brokerLogin.ts
+init_cjs_shims();
+var import_common5 = __toESM(require_src());
+var import_fs = __toESM(require("fs"));
+var import_os2 = __toESM(require("os"));
+var import_path2 = __toESM(require("path"));
+var apiEnv = (0, import_common5.getApiEnv)(import_common5.SecurityPlatformEnvironment.Production);
+var SENTINEL_DIR = import_path2.default.join(import_os2.default.homedir(), ".sentinel");
+var BROKER_ACCOUNT_FILE = import_path2.default.join(SENTINEL_DIR, "broker-account.json");
+function saveBrokerAccount(account, authority) {
+  import_fs.default.mkdirSync(SENTINEL_DIR, { recursive: true, mode: 448 });
+  const session = { account, authority };
+  const tempFile = `${BROKER_ACCOUNT_FILE}.tmp`;
+  import_fs.default.writeFileSync(tempFile, JSON.stringify(session, null, 2), { encoding: "utf8", mode: 384 });
+  import_fs.default.renameSync(tempFile, BROKER_ACCOUNT_FILE);
+}
+function loadBrokerAccount() {
+  try {
     if (import_fs.default.existsSync(BROKER_ACCOUNT_FILE)) {
       const raw = import_fs.default.readFileSync(BROKER_ACCOUNT_FILE, "utf8");
       const session = JSON.parse(raw);
@@ -7370,9 +7673,9 @@ function deleteBrokerAccount() {
   }
 }
 async function brokerLogin(scopes, tenant) {
-  const authorityOverride = tenant ? `${new URL(apiEnv2.aadEndpoint).origin}/${tenant}` : void 0;
-  const authority = authorityOverride ?? apiEnv2.aadEndpoint;
-  const msalInstance = await getMsalInstance(apiEnv2, authorityOverride);
+  const authorityOverride = tenant ? `${new URL(apiEnv.aadEndpoint).origin}/${tenant}` : void 0;
+  const authority = authorityOverride ?? apiEnv.aadEndpoint;
+  const msalInstance = await getMsalInstance(apiEnv, authorityOverride);
   const savedSession = loadBrokerAccount();
   const accounts = await msalInstance.getTokenCache().getAllAccounts();
   if (savedSession) {
@@ -7407,6 +7710,7 @@ async function brokerLogin(scopes, tenant) {
   }
   const result = await msalInstance.acquireTokenInteractive({
     scopes,
+    prompt: "select_account",
     windowHandle: Buffer.alloc(0),
     // headless / console window handle
     openBrowser: async (_url) => {
@@ -7422,47 +7726,16 @@ async function brokerLogin(scopes, tenant) {
   return result.accessToken;
 }
-// src/actions/deviceCodeLogin.ts
-init_cjs_shims();
 // src/services/msalAuth.ts
-init_cjs_shims();
-var import_common5 = __toESM(require_src());
-// src/actions/defaultLogin.ts
-init_cjs_shims();
-var import_identity = require("@azure/identity");
-var DefaultCredentialProvider = class _DefaultCredentialProvider {
-  static instance;
-  constructor() {
-  }
-  static getInstance() {
-    if (!_DefaultCredentialProvider.instance) {
-      _DefaultCredentialProvider.instance = new _DefaultCredentialProvider();
-    }
-    return _DefaultCredentialProvider.instance;
-  }
-  async getToken(scopes) {
-    const credential = new import_identity.DefaultAzureCredential();
-    const token = await credential.getToken(scopes);
-    if (!token) {
-      throw new Error("Failed to acquire token using DefaultAzureCredential.");
-    }
-    return token;
-  }
-};
-// src/services/msalAuth.ts
-var import_os3 = __toESM(require("os"));
-var apiEnv3 = (0, import_common5.getApiEnv)(import_common5.SecurityPlatformEnvironment.Production);
-async function loginAndGetDeviceCodeToken(scopes = [apiEnv3.gatewayAuthResourceUri]) {
+var apiEnv2 = (0, import_common6.getApiEnv)(import_common6.SecurityPlatformEnvironment.Production);
+async function loginAndGetDeviceCodeToken(scopes = [apiEnv2.gatewayAuthResourceUri]) {
   const deviceCodeRequest = {
     scopes,
     deviceCodeCallback: (response) => {
       console.log(response.message);
     }
   };
-  const msalInstance = await getMsalInstance(apiEnv3);
+  const msalInstance = await getMsalInstance(apiEnv2);
   const result = await msalInstance.acquireTokenByDeviceCode(deviceCodeRequest);
   if (!result || !result.accessToken) {
     throw new Error("Failed to acquire access token.");
@@ -7472,7 +7745,7 @@ async function loginAndGetDeviceCodeToken(scopes = [apiEnv3.gatewayAuthResourceU
 }
 async function logout() {
   try {
-    const msalInstance = await getMsalInstance(apiEnv3);
+    const msalInstance = await getMsalInstance(apiEnv2);
     const accounts = await msalInstance.getTokenCache().getAllAccounts();
     if (accounts.length === 0) {
       console.log("\u2139 No cached accounts.");
@@ -7487,15 +7760,35 @@ async function logout() {
     deleteBrokerAccount();
   }
 }
-async function getAccessTokenFromCache(scopes = [apiEnv3.gatewayAuthResourceUri]) {
+async function getAccessTokenFromCache(scopes = [apiEnv2.gatewayAuthResourceUri]) {
   if (process.env.CI) {
     const defaultCredentialProvider = DefaultCredentialProvider.getInstance();
     const token = await defaultCredentialProvider.getToken(scopes);
     return token.token;
   }
-  const msalInstance = await getMsalInstance(apiEnv3);
-  const accounts = await msalInstance.getTokenCache().getAllAccounts();
   console.log("\u{1F510} Checking MSAL cache for tokens...");
+  const savedSession = loadBrokerAccount();
+  if (savedSession) {
+    try {
+      const sessionMsal = await getMsalInstance(apiEnv2, savedSession.authority);
+      const response = await sessionMsal.acquireTokenSilent({
+        account: savedSession.account,
+        scopes,
+        authority: savedSession.authority
+      });
+      if (response?.accessToken) {
+        console.log("\u2705 Authenticated using MSAL cache");
+        return response.accessToken;
+      }
+      console.warn("\u26A0\uFE0F Saved-session silent acquisition returned no token");
+      deleteBrokerAccount();
+    } catch {
+      console.warn("\u26A0\uFE0F Saved-session silent acquisition failed, falling back to account enumeration");
+      deleteBrokerAccount();
+    }
+  }
+  const msalInstance = await getMsalInstance(apiEnv2);
+  const accounts = await msalInstance.getTokenCache().getAllAccounts();
   if (accounts.length > 0) {
     try {
       const response = await msalInstance.acquireTokenSilent({
@@ -7511,51 +7804,437 @@ async function getAccessTokenFromCache(scopes = [apiEnv3.gatewayAuthResourceUri]
       console.warn("\u26A0\uFE0F Silent token acquisition failed");
     }
   }
-  if (import_os3.default.platform() === "win32" /* Windows */) {
-    const session = loadBrokerAccount();
-    if (session) {
-      try {
-        const brokerInstance = await getMsalInstance(apiEnv3, session.authority);
-        const response = await brokerInstance.acquireTokenSilent({
-          account: session.account,
-          scopes
-        });
-        if (response?.accessToken) {
-          console.log("\u2705 Authenticated using Windows Native Broker (WAM) cache");
-          return response.accessToken;
+  return "";
+}
+// src/auth/provider/DeviceCodeTokenProvider.ts
+var DeviceCodeTokenProvider = class {
+  options;
+  env;
+  constructor(env, options) {
+    if (!env) {
+      throw new Error("Environment cannot be null or undefined");
+    }
+    this.env = env;
+    this.options = {
+      ...options,
+      // overrides defaults if user provided values
+      scopes: options?.scopes ?? [this.env.gatewayAuthResourceUri]
+    };
+  }
+  async getAccessToken() {
+    let token = await getAccessTokenFromCache(this.options?.scopes);
+    if (token) {
+      return token;
+    }
+    token = await loginAndGetDeviceCodeToken(this.options?.scopes);
+    return token;
+  }
+};
+// src/auth/provider/ManagedIdentityTokenProvider.ts
+init_cjs_shims();
+var import_identity2 = require("@azure/identity");
+var ManagedIdentityTokenProvider = class {
+  options;
+  env;
+  constructor(env, options) {
+    if (!env) {
+      throw new Error("Environment cannot be null or undefined");
+    }
+    if (!options?.uamiClientId) {
+      throw new Error("UAMI clientId required for user-assigned managed identity");
+    }
+    this.env = env;
+    this.options = {
+      ...options,
+      // overrides defaults if user provided values
+      scopes: options?.scopes ?? [env.gatewayAuthResourceUri]
+    };
+  }
+  async getAccessToken() {
+    const scopes = this.options?.scopes && this.options.scopes.length > 0 ? this.options.scopes : [this.env.gatewayAuthResourceUri];
+    const credential = new import_identity2.ManagedIdentityCredential({
+      clientId: this.options?.uamiClientId
+    });
+    const token = await credential.getToken(scopes);
+    if (!token) {
+      throw new Error("Failed to get token from Managed Identity");
+    }
+    return token.token;
+  }
+};
+// src/auth/provider/MsalCacheTokenProvider.ts
+init_cjs_shims();
+var MsalCacheTokenProvider = class {
+  options;
+  env;
+  constructor(env, options) {
+    if (!env) {
+      throw new Error("Environment cannot be null or undefined");
+    }
+    this.env = env;
+    this.options = {
+      ...options,
+      scopes: options?.scopes?.length ? options.scopes : [this.env.gatewayAuthResourceUri]
+    };
+  }
+  async getAccessToken() {
+    const token = await getAccessTokenFromCache(this.options.scopes);
+    if (!token) {
+      throw new Error("No cached authentication token found. Please run `sentinel login` first.");
+    }
+    return token;
+  }
+};
+// src/auth/provider/TokenProviderFactory.ts
+var TokenProviderFactory = class {
+  static createProvider(env, method, options) {
+    switch (method) {
+      case "device_code":
+        return new DeviceCodeTokenProvider(env, options);
+      case "managed_identity":
+        if (!options) {
+          throw new Error("UAMI clientId required for user-assigned managed identity");
         }
-      } catch {
-        console.warn("\u26A0\uFE0F Silent WAM token acquisition failed");
-      }
+        return new ManagedIdentityTokenProvider(env, options);
+      case "msal_cache":
+        return new MsalCacheTokenProvider(env, options);
+      default:
+        throw new Error(`Unsupported token method: ${method}`);
+    }
+  }
+};
+// src/services/getToken.ts
+async function getToken(env, scopes, clientId) {
+  let provider = null;
+  const options = {
+    uamiClientId: clientId,
+    scopes
+  };
+  if (clientId) {
+    provider = TokenProviderFactory.createProvider(env, "managed_identity" /* ManagedIdentity */, options);
+  } else {
+    provider = TokenProviderFactory.createProvider(env, "msal_cache" /* MsalCache */, options);
+  }
+  const token = await provider.getAccessToken();
+  return token;
+}
+// src/client/lake/index.ts
+init_cjs_shims();
+var import_common8 = __toESM(require_src());
+// src/utils/headerBuilder.ts
+init_cjs_shims();
+var import_common7 = __toESM(require_src());
+function buildApiHeaders(token, requestId, extra) {
+  const base = {};
+  if (requestId) {
+    base[import_common7.HTTP_HEADER.REQUEST_ID] = requestId;
+  }
+  if (!extra || !(import_common7.HTTP_HEADER.CONTENT_TYPE in extra)) {
+    base[import_common7.HTTP_HEADER.CONTENT_TYPE] = import_common7.HTTP_HEADER.APPLICATION_JSON;
+  }
+  if (token) {
+    base[import_common7.HTTP_HEADER.AUTHORIZATION] = `${import_common7.HTTP_HEADER.BEARER_PREFIX}${token}`;
+  }
+  const merged = { ...base, ...extra || {} };
+  return Object.fromEntries(
+    Object.entries(merged).filter((entry) => entry[1] !== void 0)
+  );
+}
+// src/utils/noopTelemetry.ts
+init_cjs_shims();
+var noopSpan = {
+  addAttributes: () => {
+  },
+  end: () => {
+  },
+  error: () => {
+  }
+};
+var noopTelemetry = {
+  span: () => noopSpan
+};
+// src/client/lake/index.ts
+function createLakeApiClient(env) {
+  const requestService = new import_common8.RequestService(noopTelemetry, buildApiHeaders);
+  return new import_common8.LakeApiClient({
+    requestService,
+    telemetry: noopTelemetry,
+    baseUrl: env.gatewayEndpoint
+  });
+}
+// src/utils/formatter/outputFormatter.ts
+init_cjs_shims();
+var COLUMN_SEPARATOR = "  ";
+var HEADER_RULE_CHAR = "\u2500";
+var OutputFormatter = class {
+  format;
+  constructor(options = {}) {
+    this.format = options.output ?? "table";
+  }
+  /**
+   * Renders `rows` to stdout using the configured output format.
+   *
+   * @param rows    - The data array to render.
+   * @param columns - Column descriptors that define headers and value extractors.
+   */
+  print(rows, columns) {
+    if (this.format === "json") {
+      this.printJson(rows, columns);
+    } else {
+      this.printTable(rows, columns);
+    }
+  }
+  // ---------------------------------------------------------------------------
+  // Table rendering
+  // ---------------------------------------------------------------------------
+  printTable(rows, columns) {
+    if (rows.length === 0) {
+      console.log("(no results)");
+      return;
+    }
+    const widths = columns.map((col) => {
+      const cellWidths = rows.map((row) => String(col.key(row) ?? "").length);
+      return Math.max(col.header.length, ...cellWidths);
+    });
+    const header = columns.map((col, i) => col.header.padEnd(widths[i])).join(COLUMN_SEPARATOR);
+    console.log(header);
+    const rule = widths.map((w) => HEADER_RULE_CHAR.repeat(w)).join(COLUMN_SEPARATOR);
+    console.log(rule);
+    for (const row of rows) {
+      const line = columns.map((col, i) => String(col.key(row) ?? "").padEnd(widths[i])).join(COLUMN_SEPARATOR);
+      console.log(line);
     }
   }
+  // ---------------------------------------------------------------------------
+  // JSON rendering
+  // ---------------------------------------------------------------------------
+  printJson(rows, columns) {
+    const records = rows.map((row) => {
+      const record = {};
+      for (const col of columns) {
+        const key = col.jsonKey ?? col.header.toLowerCase();
+        const value = col.key(row);
+        record[key] = value ?? null;
+      }
+      return record;
+    });
+    console.log(JSON.stringify(records, null, 2));
+  }
+};
+// src/utils/error/handleApiError.ts
+init_cjs_shims();
+function hasStatusCode(e) {
+  return e instanceof Error && "statusCode" in e && typeof e.statusCode === "number";
+}
+function hasResponseStatus(e) {
+  return e instanceof Error && "response" in e && e.response != null && typeof e.response?.status === "number";
+}
+function getStatusInfo(error) {
+  if (hasStatusCode(error)) {
+    return ` (HTTP ${error.statusCode})`;
+  }
+  if (hasResponseStatus(error)) {
+    return ` (HTTP ${error.response.status})`;
+  }
   return "";
 }
+function handleApiError(context, error) {
+  if (error instanceof Error) {
+    console.error(`Error ${context}${getStatusInfo(error)}:`, error.message);
+    if (process.env.DEBUG && error.stack) {
+      console.error(error.stack);
+    }
+  } else {
+    console.error(`Unknown error ${context}:`, error);
+  }
+  process.exit(1);
+}
+// src/commands/lake/database.ts
+function addDatabaseCommand(databaseCommand) {
+  databaseCommand.command("list").description("List all available databases").action(async () => {
+    try {
+      const apiEnv4 = (0, import_common9.getApiEnv)(import_common9.SecurityPlatformEnvironment.Production);
+      const accessToken = await getToken(apiEnv4);
+      const lakeApiClient = createLakeApiClient(apiEnv4);
+      const databaseService = new DatabaseService(lakeApiClient);
+      const databases = await listDatabases(databaseService, accessToken);
+      const fmt = new OutputFormatter();
+      fmt.print(databases, [
+        { header: "ID", key: (db) => db.databaseName === "default" ? "System tables" : db.databaseName },
+        {
+          header: "NAME",
+          key: (db) => db.databaseName === "default" ? "System tables" : db.sentinelWorkspace?.name ?? ""
+        }
+      ]);
+    } catch (error) {
+      handleApiError("listing databases", error);
+    }
+  });
+}
+// src/commands/lake/lakeTables.ts
+init_cjs_shims();
+var import_common10 = __toESM(require_src());
+var TABLE_COLUMNS = [
+  { header: "TABLE", key: (t) => t.name ?? "" },
+  {
+    header: "DATABASE NAME",
+    key: (t) => t.sgWorkspaceName === "default" ? SYSTEM_TABLES_DISPLAY_NAME : t.sgWorkspaceName ?? ""
+  },
+  { header: "CATEGORY", key: (t) => t.category ?? "" }
+];
+function addLakeTableListCommand(tableCommand) {
+  tableCommand.command("list").description("List lake tables").option("--database-id <databaseId>", "Database ID to fetch tables").option("--database-name <databaseName>", "Database name to fetch tables").action(async (options) => {
+    validateOptions(options);
+    try {
+      const apiEnv4 = (0, import_common10.getApiEnv)(import_common10.SecurityPlatformEnvironment.Production);
+      const accessToken = await getToken(apiEnv4);
+      const lakeApiClient = createLakeApiClient(apiEnv4);
+      const database = await lookupDatabase(options, lakeApiClient, accessToken);
+      const tableService = new TableService(lakeApiClient);
+      const tables = await listTables(tableService, accessToken, database);
+      printTables(tables);
+    } catch (error) {
+      handleApiError("listing lake tables", error);
+    }
+  });
+}
+function validateOptions(options) {
+  if (options.databaseId && options.databaseName) {
+    console.error("Error: --database-id and --database-name are mutually exclusive. Provide only one.");
+    process.exit(1);
+  }
+}
+function printTables(tables) {
+  const fmt = new OutputFormatter();
+  fmt.print(tables, TABLE_COLUMNS);
+}
+// src/commands/lake/lakeTableSchema.ts
+init_cjs_shims();
+var import_common11 = __toESM(require_src());
+var SCHEMA_COLUMNS = [
+  { header: "COLUMN", key: (col) => col.name },
+  { header: "TYPE", key: (col) => col.type }
+];
+function addLakeTableShowCommand(tableCommand) {
+  tableCommand.command("show <tableName>").description("Show the schema of a lake table").option("--database-id <databaseId>", "Database ID to look up the table in").option("--database-name <databaseName>", "Database name to look up the table in").action(async (tableName, options) => {
+    validateOptions2(options);
+    try {
+      const apiEnv4 = (0, import_common11.getApiEnv)(import_common11.SecurityPlatformEnvironment.Production);
+      const accessToken = await getToken(apiEnv4);
+      const lakeApiClient = createLakeApiClient(apiEnv4);
+      const database = await lookupDatabase(options, lakeApiClient, accessToken) ?? DEFAULT_DATABASE;
+      const tableService = new TableService(lakeApiClient);
+      const tables = await listTables(tableService, accessToken, database);
+      const table = findTable(tables, tableName);
+      if (!table) {
+        console.error(
+          `Error: table "${tableName}" not found. Run "sentinel table list" to see available tables.`
+        );
+        process.exit(1);
+      }
+      printSchema(table);
+    } catch (error) {
+      handleApiError("showing lake table schema", error);
+    }
+  });
+}
+function validateOptions2(options) {
+  if (options.databaseId && options.databaseName) {
+    console.error("Error: --database-id and --database-name are mutually exclusive. Provide only one.");
+    process.exit(1);
+  }
+}
+function findTable(tables, tableName) {
+  const lowerName = tableName.toLowerCase();
+  return tables.find((t) => t.name?.toLowerCase() === lowerName);
+}
+function printSchema(table) {
+  const fmt = new OutputFormatter();
+  fmt.print(table.schema, SCHEMA_COLUMNS);
+}
+// src/commands/login.ts
+init_cjs_shims();
+var os4 = __toESM(require("os"));
+// src/actions/authCodeLogin.ts
+init_cjs_shims();
+var import_child_process = require("child_process");
+var import_common12 = __toESM(require_src());
+var apiEnv3 = (0, import_common12.getApiEnv)(import_common12.SecurityPlatformEnvironment.Production);
+function openSystemBrowser(url) {
+  return new Promise((resolve, reject) => {
+    const command = process.platform === "darwin" ? "open" : "xdg-open";
+    (0, import_child_process.execFile)(command, [url], (error) => {
+      if (error) {
+        reject(new Error(`Failed to open browser: ${error.message}`));
+      } else {
+        resolve();
+      }
+    });
+  });
+}
+async function browserAuthLogin(scopes, tenant) {
+  const authorityOverride = tenant ? `${new URL(apiEnv3.aadEndpoint).origin}/${encodeURIComponent(tenant)}` : void 0;
+  const authority = authorityOverride ?? apiEnv3.aadEndpoint;
+  const msalInstance = await getMsalInstance(apiEnv3, authorityOverride);
+  console.log("\u{1F510} Starting browser login. A browser window will open.");
+  const result = await msalInstance.acquireTokenInteractive({
+    scopes,
+    prompt: "select_account",
+    openBrowser: openSystemBrowser,
+    successTemplate: "<h1>Authentication successful</h1><p>You may close this tab and return to the terminal.</p>",
+    errorTemplate: "<h1>Authentication failed</h1><p>{error}</p>"
+  });
+  if (!result?.accessToken) {
+    throw new Error("Token acquisition failed: received null or empty token.");
+  }
+  if (result.account) {
+    saveBrokerAccount(result.account, authority);
+  }
+  console.log("\u{1F511} Token acquired successfully.");
+  return result.accessToken;
+}
 // src/actions/deviceCodeLogin.ts
+init_cjs_shims();
 async function login(scopes) {
   await loginAndGetDeviceCodeToken(scopes);
 }
 // src/actions/managedIdentityLogin.ts
 init_cjs_shims();
-var import_identity2 = require("@azure/identity");
+var import_identity3 = require("@azure/identity");
 async function getTokenManagedIdentity(options) {
   const { scope, clientId, objectId, resourceId, workload } = options;
   let credential;
   try {
     if (workload) {
       console.log("\u{1F510} Using WorkloadIdentityCredential...");
-      credential = new import_identity2.WorkloadIdentityCredential();
+      credential = new import_identity3.WorkloadIdentityCredential();
     } else if (clientId) {
       console.log("\u{1F510} Using ManagedIdentityCredential with Client ID...");
-      credential = new import_identity2.ManagedIdentityCredential(clientId);
+      credential = new import_identity3.ManagedIdentityCredential(clientId);
     } else if (objectId) {
       console.log("\u{1F510} Using ManagedIdentityCredential with Object ID...");
-      credential = new import_identity2.ManagedIdentityCredential({ objectId });
+      credential = new import_identity3.ManagedIdentityCredential({ objectId });
     } else if (resourceId) {
       console.log("\u{1F510} Using ManagedIdentityCredential with Resource ID...");
-      credential = new import_identity2.ManagedIdentityCredential({ resourceId });
+      credential = new import_identity3.ManagedIdentityCredential({ resourceId });
     } else {
       throw new Error("No managed identity parameters provided.");
     }
@@ -7621,13 +8300,13 @@ function loginCommand(program2) {
         } else {
           console.log("\u{1F3E2} No tenant specified, using default authority.");
         }
-        if (os5.platform() === "win32" /* Windows */) {
+        if (os4.platform() === "win32" /* Windows */) {
           console.log("\u{1FA9F} Authenticating via Windows Native Broker (WAM)...");
           await (tenant ? brokerLogin(scope, tenant) : brokerLogin(scope));
           console.log("\u2705 Logged in via Windows Native Broker.");
         } else {
           console.log("\u{1F310} Launching Browser Authentication (Auth Code Flow)...");
-          await browserAuthLogin(scope);
+          await browserAuthLogin(scope, tenant);
           console.log("\u2705 Logged in using Browser Authentication.");
         }
       } catch (error) {
@@ -7657,12 +8336,12 @@ function logoutCommand(program2) {
 // src/commands/publishJob.ts
 init_cjs_shims();
-var import_common8 = __toESM(require_src());
+var import_common15 = __toESM(require_src());
 var import_path4 = __toESM(require("path"));
 // src/actions/publishJob.ts
 init_cjs_shims();
-var import_common6 = __toESM(require_src());
+var import_common13 = __toESM(require_src());
 var fs2 = __toESM(require("fs"));
 var import_path3 = __toESM(require("path"));
 var YAML = __toESM(require("yaml"));
@@ -7679,7 +8358,7 @@ function parseJobConfig(jobConfigPath) {
       throw new Error(`Unsupported file extension: ${ext}`);
   }
 }
-async function publish(notebookPath, jobConfigPath, jobService) {
+async function publish(notebookPath, jobConfigPath, jobClient, accessToken) {
   if (!fs2.existsSync(notebookPath)) {
     console.error(`File not found: ${notebookPath}`);
     throw new Error(`File not found: ${notebookPath}`);
@@ -7688,182 +8367,40 @@ async function publish(notebookPath, jobConfigPath, jobService) {
     console.error(`File not found: ${jobConfigPath}`);
     throw new Error(`File not found: ${jobConfigPath}`);
   }
+  const requestId = import_common13.CorrelationService.createCorrelationContext();
   const notebookBase64 = fs2.readFileSync(notebookPath).toString("base64");
   const jobConfig = parseJobConfig(jobConfigPath);
-  const payload = (0, import_common6.buildCompleteJobPayload)(jobConfig, notebookBase64);
+  const payload = (0, import_common13.buildCompleteJobPayload)(jobConfig, notebookBase64);
   const jobName = jobConfig.jobName;
-  await jobService.createJob(jobName, payload);
+  await jobClient.createJob(jobName, payload, accessToken, requestId);
   return jobName;
 }
-// src/utils/httpServiceUtils.ts
-init_cjs_shims();
-var import_common7 = __toESM(require_src());
-var import_axios = __toESM(require("axios"));
-// src/services/getToken.ts
-init_cjs_shims();
-// src/auth/constants.ts
-init_cjs_shims();
-// src/auth/provider/TokenProviderFactory.ts
-init_cjs_shims();
-// src/auth/provider/DeviceCodeTokenProvider.ts
-init_cjs_shims();
-var DeviceCodeTokenProvider = class {
-  options;
-  env;
-  constructor(env, options) {
-    if (!env) {
-      throw new Error("Environment cannot be null or undefined");
-    }
-    this.env = env;
-    this.options = {
-      ...options,
-      // overrides defaults if user provided values
-      scopes: options?.scopes ?? [this.env.gatewayAuthResourceUri]
-    };
-  }
-  async getAccessToken() {
-    let token = await getAccessTokenFromCache(this.options?.scopes);
-    if (token) {
-      return token;
-    }
-    token = await loginAndGetDeviceCodeToken(this.options?.scopes);
-    return token;
-  }
-};
-// src/auth/provider/ManagedIdentityTokenProvider.ts
-init_cjs_shims();
-var import_identity3 = require("@azure/identity");
-var ManagedIdentityTokenProvider = class {
-  options;
-  env;
-  constructor(env, options) {
-    if (!env) {
-      throw new Error("Environment cannot be null or undefined");
-    }
-    if (!options?.uamiClientId) {
-      throw new Error("UAMI clientId required for user-assigned managed identity");
-    }
-    this.env = env;
-    this.options = {
-      ...options,
-      // overrides defaults if user provided values
-      scopes: options?.scopes ?? [env.gatewayAuthResourceUri]
-    };
-  }
-  async getAccessToken() {
-    const scopes = this.options?.scopes && this.options.scopes.length > 0 ? this.options.scopes : [this.env.gatewayAuthResourceUri];
-    const credential = new import_identity3.ManagedIdentityCredential({
-      clientId: this.options?.uamiClientId
-    });
-    const token = await credential.getToken(scopes);
-    if (!token) {
-      throw new Error("Failed to get token from Managed Identity");
-    }
-    return token.token;
-  }
-};
-// src/auth/provider/MsalCacheTokenProvider.ts
+// src/client/jobs/index.ts
 init_cjs_shims();
-var MsalCacheTokenProvider = class {
-  options;
-  env;
-  constructor(env, options) {
-    if (!env) {
-      throw new Error("Environment cannot be null or undefined");
-    }
-    this.env = env;
-    this.options = {
-      ...options,
-      scopes: options?.scopes?.length ? options.scopes : [this.env.gatewayAuthResourceUri]
-    };
-  }
-  async getAccessToken() {
-    const token = await getAccessTokenFromCache(this.options.scopes);
-    if (!token) {
-      throw new Error("No cached authentication token found. Please run `sentinel login` first.");
-    }
-    return token;
-  }
-};
-// src/auth/provider/TokenProviderFactory.ts
-var TokenProviderFactory = class {
-  static createProvider(env, method, options) {
-    switch (method) {
-      case "device_code":
-        return new DeviceCodeTokenProvider(env, options);
-      case "managed_identity":
-        if (!options) {
-          throw new Error("UAMI clientId required for user-assigned managed identity");
-        }
-        return new ManagedIdentityTokenProvider(env, options);
-      case "msal_cache":
-        return new MsalCacheTokenProvider(env, options);
-      default:
-        throw new Error(`Unsupported token method: ${method}`);
-    }
-  }
-};
-// src/services/getToken.ts
-async function getToken(env, scopes, clientId) {
-  let provider = null;
-  const options = {
-    uamiClientId: clientId,
-    scopes
-  };
-  if (clientId) {
-    provider = TokenProviderFactory.createProvider(env, "managed_identity" /* ManagedIdentity */, options);
-  } else {
-    provider = TokenProviderFactory.createProvider(env, "msal_cache" /* MsalCache */, options);
-  }
-  const token = await provider.getAccessToken();
-  return token;
-}
-// src/utils/httpServiceUtils.ts
-async function getHttpService(env) {
-  try {
-    const accessToken = await getToken(env);
-    return new import_common7.HttpService(
-      import_axios.default.create({
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${accessToken}`
-        }
-      })
-    );
-  } catch {
-    throw new Error("Failed to retrieve access token");
-  }
+var import_common14 = __toESM(require_src());
+function createJobApiClient(env, region) {
+  const requestService = new import_common14.RequestService(noopTelemetry, buildApiHeaders);
+  return new import_common14.JobApiClient({
+    requestService,
+    baseUrl: env.regions[region].gatewayEndpoint
+  });
 }
 // src/commands/publishJob.ts
 function addPublishCommand(jobCommand) {
-  jobCommand.command("publish <notebookPath>").description("Publish a scheduled job.").option("-c, --config <path>", "Path to job YAML config").option("-r, --region <region>", "Target region (e.g. eastus2)", import_common8.Region.Global).action(async (notebookPath, options) => {
+  jobCommand.command("publish <notebookPath>").description("Publish a scheduled job.").option("-c, --config <path>", "Path to job YAML config").option("-r, --region <region>", "Target region (e.g. eastus2)", import_common15.Region.Global).action(async (notebookPath, options) => {
     try {
       const resolvedNotebookPath = import_path4.default.resolve(notebookPath);
       const resolvedConfigPath = import_path4.default.resolve(options.config);
-      const apiEnv4 = (0, import_common8.getApiEnv)(import_common8.SecurityPlatformEnvironment.Production);
+      const apiEnv4 = (0, import_common15.getApiEnv)(import_common15.SecurityPlatformEnvironment.Production);
       const region = options.region;
-      const httpService = await getHttpService(apiEnv4);
-      const jobService = new import_common8.JobService(apiEnv4, region, httpService);
-      const result = await publish(resolvedNotebookPath, resolvedConfigPath, jobService);
+      const accessToken = await getToken(apiEnv4);
+      const jobApiClient = createJobApiClient(apiEnv4, region);
+      const result = await publish(resolvedNotebookPath, resolvedConfigPath, jobApiClient, accessToken);
       console.log("Published job:", result);
     } catch (error) {
-      if (error instanceof Error) {
-        console.error("Publish Error:", error.message);
-      } else {
-        console.error("Unknown error in publish:", error);
-      }
-      process.exit(1);
+      handleApiError("publishing job", error);
     }
   });
 }
@@ -7876,17 +8413,76 @@ function addTokenCommand(program2) {
   });
 }
+// src/commands/updateCLI.ts
+init_cjs_shims();
+// src/actions/updateCLI.ts
+init_cjs_shims();
+var import_axios = __toESM(require("axios"));
+var import_child_process2 = require("child_process");
+var os5 = __toESM(require("os"));
+var import_semver = __toESM(require("semver"));
+var PACKAGE_NAME = "@microsoft/sentinel-cli";
+var NPM_REGISTRY_URL = `https://registry.npmjs.org/${PACKAGE_NAME}/latest`;
+async function fetchLatestVersion() {
+  const response = await import_axios.default.get(NPM_REGISTRY_URL, { timeout: 5e3 });
+  return response.data.version;
+}
+function isNewerVersion(current, latest) {
+  const c = import_semver.default.coerce(current);
+  const l = import_semver.default.coerce(latest);
+  if (!c || !l) {
+    return false;
+  }
+  return import_semver.default.gt(l, c);
+}
+function runUpdateCommand(version) {
+  const args = ["install", "-g", `${PACKAGE_NAME}@${version}`];
+  (0, import_child_process2.execFileSync)("npm", args, { stdio: "inherit" });
+}
+async function checkAndUpdate(currentVersion) {
+  console.log(`\u{1F50D} Current version: ${currentVersion}`);
+  console.log("\u{1F310} Checking for latest version on npm...");
+  const latestVersion = await fetchLatestVersion();
+  if (!isNewerVersion(currentVersion, latestVersion)) {
+    console.log(`\u2705 You are already on the latest version (${currentVersion}).`);
+    return;
+  }
+  console.log(`\u{1F4E6} New version available: ${latestVersion}`);
+  console.log(`\u2B06\uFE0F  Updating from ${currentVersion} to ${latestVersion}...`);
+  if (os5.platform() !== "win32") {
+    console.log(
+      "\u2139\uFE0F  On macOS/Linux, you may need administrator privileges. If the update fails, try running with sudo."
+    );
+  }
+  runUpdateCommand(latestVersion);
+  console.log(`\u2705 Successfully updated to version ${latestVersion}.`);
+}
+// src/commands/updateCLI.ts
+function addUpdateCliCommand(program2) {
+  program2.command("update").description("Update the Sentinel CLI to the latest version").action(async () => {
+    try {
+      await checkAndUpdate("0.2.0");
+    } catch (error) {
+      console.error(`\u274C Update failed: ${error instanceof Error ? error.message : error}`);
+      process.exitCode = 1;
+      return;
+    }
+  });
+}
 // src/commands/validate.ts
 init_cjs_shims();
 // src/actions/validate.ts
 init_cjs_shims();
-var import_common9 = __toESM(require_src());
+var import_common16 = __toESM(require_src());
 async function validateFromFile(filePath) {
   if (!filePath || typeof filePath !== "string" || filePath.trim().length === 0) {
     throw new Error("Invalid file path provided.");
   }
-  const manifestProcessorService = new import_common9.ManifestProcessorService();
+  const manifestProcessorService = new import_common16.ManifestProcessorService();
   console.info("Starting validate process...");
   await manifestProcessorService.validateManifest(filePath);
 }
@@ -7916,12 +8512,25 @@ function registerCommands(program2) {
   const packageCommand = program2.command("package").description("Manage packages");
   addCreateZipCommand(packageCommand);
   addValidateCommand(packageCommand);
+  const databaseCommand = program2.command("database").description("Manage sentinel lake databases");
+  addDatabaseCommand(databaseCommand);
+  const tableCommand = program2.command("table").description("Manage sentinel lake tables");
+  addLakeTableListCommand(tableCommand);
+  addLakeTableShowCommand(tableCommand);
   loginCommand(program2);
   logoutCommand(program2);
   addTokenCommand(program2);
+  addUpdateCliCommand(program2);
 }
 // src/index.ts
-import_commander.program.name("sentinel").description("CLI for MSAL login").version("1.0.0");
+import_commander.program.name("sentinel").description("Sentinel CLI \u2014 manage lake tables, databases, scheduled jobs, packages, and authentication").version("0.2.0");
 registerCommands(import_commander.program);
-import_commander.program.parse(process.argv);
+(async () => {
+  try {
+    await import_commander.program.parseAsync(process.argv);
+    process.exit(0);
+  } catch {
+    process.exit(1);
+  }
+})();