@tailor-platform/sdk 0.16.3 → 0.18.0

package/dist/{types-Da_WnvA0.d.mts → types-DgaCdTug.d.mts}

@@ -1,11 +1,11 @@
 /// <reference path="./user-defined.d.ts" />
 
-import * as zod34 from "zod";
+import * as zod0 from "zod";
 import { z } from "zod";
 import { StandardSchemaV1 } from "@standard-schema/spec";
 import * as type_fest0 from "type-fest";
 import { IsAny, NonEmptyObject } from "type-fest";
-import * as zod_v4_core50 from "zod/v4/core";
+import * as zod_v4_core0 from "zod/v4/core";
 
 //#region src/configure/types/helpers.d.ts
 type Prettify<T> = { [K in keyof T as string extends K ? never : K]: T[K] } & {};
@@ -439,6 +439,14 @@ declare const OAuth2ClientSchema: z.ZodObject<{
   grantTypes: z.ZodDefault<z.ZodArray<z.ZodUnion<readonly [z.ZodLiteral<"authorization_code">, z.ZodLiteral<"refresh_token">]>>>;
   redirectURIs: z.ZodArray<z.ZodUnion<readonly [z.ZodTemplateLiteral<`https://${string}`>, z.ZodTemplateLiteral<`http://${string}`>, z.ZodTemplateLiteral<`${string}:url`>, z.ZodTemplateLiteral<`${string}:url/${string}`>]>>;
   clientType: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"confidential">, z.ZodLiteral<"public">, z.ZodLiteral<"browser">]>>;
+  accessTokenLifetimeSeconds: z.ZodPipe<z.ZodOptional<z.ZodNumber>, z.ZodTransform<{
+    seconds: bigint;
+    nanos: number;
+  } | undefined, number | undefined>>;
+  refreshTokenLifetimeSeconds: z.ZodPipe<z.ZodOptional<z.ZodNumber>, z.ZodTransform<{
+    seconds: bigint;
+    nanos: number;
+  } | undefined, number | undefined>>;
 }, z.core.$strip>;
 declare const SCIMAuthorizationSchema: z.ZodObject<{
   type: z.ZodUnion<readonly [z.ZodLiteral<"oauth2">, z.ZodLiteral<"bearer">]>;
@@ -533,7 +541,7 @@ type IDToken = z.output<typeof IDTokenSchema>;
 type BuiltinIdP = z.output<typeof BuiltinIdPSchema>;
 type IdProviderConfig = z.output<typeof IdProviderSchema>;
 type OAuth2ClientGrantType = z.output<typeof OAuth2ClientGrantTypeSchema>;
-type OAuth2Client = z.output<typeof OAuth2ClientSchema>;
+type OAuth2ClientInput = z.input<typeof OAuth2ClientSchema>;
 type SCIMAuthorization = z.output<typeof SCIMAuthorizationSchema>;
 type SCIMAttributeType = z.output<typeof SCIMAttributeTypeSchema>;
 type SCIMAttribute = z.output<typeof SCIMAttributeSchema>;
@@ -588,7 +596,7 @@ type MachineUser<User extends TailorDBInstance, AttributeMap extends UserAttribu
 type AuthServiceInput<User extends TailorDBInstance, AttributeMap extends UserAttributeMap<User>, AttributeList extends UserAttributeListKey<User>[], MachineUserNames extends string> = {
   userProfile?: UserProfile<User, AttributeMap, AttributeList>;
   machineUsers?: Record<MachineUserNames, MachineUser<User, AttributeMap, AttributeList>>;
-  oauth2Clients?: Record<string, OAuth2Client>;
+  oauth2Clients?: Record<string, OAuth2ClientInput>;
   idProvider?: IdProviderConfig;
   scim?: SCIMConfig;
   tenantProvider?: TenantProviderConfig;
@@ -631,7 +639,7 @@ declare function defineAuth<const Name extends string, const User extends Tailor
   } : {
     attributeList: { [Index in keyof AttributeList]: AttributeList[Index] extends UserAttributeListKey<User> ? AttributeList[Index] extends infer T ? T extends AttributeList[Index] ? T extends keyof output<User> ? output<User>[T] : never : never : never : never };
   })> | undefined;
-  readonly oauth2Clients?: Record<string, OAuth2Client>;
+  readonly oauth2Clients?: Record<string, OAuth2ClientInput>;
   readonly idProvider?: IdProviderConfig;
   readonly scim?: SCIMConfig;
   readonly tenantProvider?: TenantProviderConfig;
@@ -1349,12 +1357,12 @@ declare function defineGenerators(...configs: GeneratorConfig[]): (["@tailor-pla
 }] | {
   id: string;
   description: string;
-  processType: zod_v4_core50.$InferInnerFunctionType<zod_v4_core50.$ZodFunctionArgs, zod_v4_core50.$ZodFunctionOut>;
-  processResolver: zod_v4_core50.$InferInnerFunctionType<zod_v4_core50.$ZodFunctionArgs, zod_v4_core50.$ZodFunctionOut>;
-  processExecutor: zod_v4_core50.$InferInnerFunctionType<zod_v4_core50.$ZodFunctionArgs, zod_v4_core50.$ZodFunctionOut>;
-  aggregate: zod_v4_core50.$InferInnerFunctionType<zod_v4_core50.$ZodFunctionArgs, zod34.ZodAny>;
-  processTailorDBNamespace?: zod_v4_core50.$InferInnerFunctionType<zod_v4_core50.$ZodFunctionArgs, zod_v4_core50.$ZodFunctionOut> | undefined;
-  processResolverNamespace?: zod_v4_core50.$InferInnerFunctionType<zod_v4_core50.$ZodFunctionArgs, zod_v4_core50.$ZodFunctionOut> | undefined;
+  processType: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod_v4_core0.$ZodFunctionOut>;
+  processResolver: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod_v4_core0.$ZodFunctionOut>;
+  processExecutor: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod_v4_core0.$ZodFunctionOut>;
+  aggregate: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod0.ZodAny>;
+  processTailorDBNamespace?: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod_v4_core0.$ZodFunctionOut> | undefined;
+  processResolverNamespace?: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod_v4_core0.$ZodFunctionOut> | undefined;
 })[];
 //#endregion
 //#region src/parser/service/executor/schema.d.ts
@@ -1492,5 +1500,5 @@ type WorkflowOperation = z.infer<typeof WorkflowOperationSchema>;
 type Executor = z.infer<typeof ExecutorSchema>;
 type ExecutorInput = z.input<typeof ExecutorSchema>;
 //#endregion
-export { AllowedValues, AllowedValuesOutput, AppConfig, ArrayFieldOutput, AttributeList$1 as AttributeList, AttributeMap$1 as AttributeMap, AuthConfig, AuthExternalConfig, AuthInvoker$1 as AuthInvoker, AuthOwnConfig, type AuthServiceInput, type BuiltinIdP, CodeGeneratorBase, Executor, ExecutorInput, ExecutorServiceConfig, ExecutorServiceInput, FieldMetadata, FieldOptions, FieldOutput, FunctionOperation, Generator, GqlOperation, type IDToken, IdPConfig, IdPExternalConfig, type IdProviderConfig, IncomingWebhookTrigger, InferFieldsOutput, JsonCompatible, type OAuth2Client, type OAuth2ClientGrantType, type OIDC, PermissionCondition, QueryType, RecordTrigger, Resolver, ResolverExecutedTrigger, ResolverExternalConfig, ResolverInput, ResolverServiceConfig, ResolverServiceInput, type SAML, type SCIMAttribute, type SCIMAttributeMapping, type SCIMAttributeType, type SCIMAuthorization, type SCIMConfig, type SCIMResource, ScheduleTriggerInput, StaticWebsiteConfig, TailorDBField, TailorDBInstance, TailorDBType, TailorDBTypeConfig, TailorField, TailorTypeGqlPermission, TailorTypePermission, TailorUser, type TenantProviderConfig, type UserAttributeKey, type UserAttributeListKey, type UserAttributeMap, type UsernameFieldKey, type ValueOperand, WebhookOperation, WorkflowOperation, WorkflowServiceConfig, WorkflowServiceInput, db, defineAuth, defineConfig, defineGenerators, defineIdp, defineStaticWebSite, output, unauthenticatedTailorUser, unsafeAllowAllGqlPermission, unsafeAllowAllTypePermission };
-//# sourceMappingURL=types-Da_WnvA0.d.mts.map
+export { AllowedValues, AllowedValuesOutput, AppConfig, ArrayFieldOutput, AttributeList$1 as AttributeList, AttributeMap$1 as AttributeMap, AuthConfig, AuthExternalConfig, AuthInvoker$1 as AuthInvoker, AuthOwnConfig, type AuthServiceInput, type BuiltinIdP, CodeGeneratorBase, Executor, ExecutorInput, ExecutorServiceConfig, ExecutorServiceInput, FieldMetadata, FieldOptions, FieldOutput, FunctionOperation, Generator, GqlOperation, type IDToken, IdPConfig, IdPExternalConfig, type IdProviderConfig, IncomingWebhookTrigger, InferFieldsOutput, JsonCompatible, type OAuth2ClientGrantType, OAuth2ClientInput, type OIDC, PermissionCondition, QueryType, RecordTrigger, Resolver, ResolverExecutedTrigger, ResolverExternalConfig, ResolverInput, ResolverServiceConfig, ResolverServiceInput, type SAML, type SCIMAttribute, type SCIMAttributeMapping, type SCIMAttributeType, type SCIMAuthorization, type SCIMConfig, type SCIMResource, ScheduleTriggerInput, StaticWebsiteConfig, TailorDBField, TailorDBInstance, TailorDBType, TailorDBTypeConfig, TailorField, TailorTypeGqlPermission, TailorTypePermission, TailorUser, type TenantProviderConfig, type UserAttributeKey, type UserAttributeListKey, type UserAttributeMap, type UsernameFieldKey, type ValueOperand, WebhookOperation, WorkflowOperation, WorkflowServiceConfig, WorkflowServiceInput, db, defineAuth, defineConfig, defineGenerators, defineIdp, defineStaticWebSite, output, unauthenticatedTailorUser, unsafeAllowAllGqlPermission, unsafeAllowAllTypePermission };
+//# sourceMappingURL=types-DgaCdTug.d.mts.map

package/dist/utils/test/index.d.mts

@@ -1,12 +1,18 @@
 /// <reference path="./../../user-defined.d.ts" />
 
-import { TailorDBType, TailorField, TailorUser } from "../../types-Da_WnvA0.mjs";
-import { output } from "../../index-Bin7-j3v.mjs";
+import { TailorDBType, TailorField } from "../../types-DgaCdTug.mjs";
+import { output } from "../../index-BWqIQ4iC.mjs";
 import { StandardSchemaV1 } from "@standard-schema/spec";
 
 //#region src/utils/test/index.d.ts
 /** Represents an unauthenticated user in the Tailor platform. */
-declare const unauthenticatedTailorUser: TailorUser;
+declare const unauthenticatedTailorUser: {
+  readonly id: "00000000-0000-0000-0000-000000000000";
+  readonly type: "";
+  readonly workspaceId: "00000000-0000-0000-0000-000000000000";
+  readonly attributes: null;
+  readonly attributeList: [];
+};
 /**
  * Creates a hook function that processes TailorDB type fields
  * - Uses existing id from data if provided, otherwise generates UUID for id fields

package/dist/utils/test/index.mjs

@@ -23,12 +23,14 @@ function createTailorDBHook(type) {
 			const field = value;
 			if (key === "id") hooked[key] = (data && typeof data === "object" ? data[key] : void 0) ?? crypto.randomUUID();
 			else if (field.type === "nested") hooked[key] = createTailorDBHook({ fields: field.fields })(data[key]);
-			else if (field.metadata.hooks?.create) hooked[key] = field.metadata.hooks.create({
-				value: data[key],
-				data,
-				user: unauthenticatedTailorUser
-			});
-			else if (data && typeof data === "object") hooked[key] = data[key];
+			else if (field.metadata.hooks?.create) {
+				hooked[key] = field.metadata.hooks.create({
+					value: data[key],
+					data,
+					user: unauthenticatedTailorUser
+				});
+				if (hooked[key] instanceof Date) hooked[key] = hooked[key].toISOString();
+			} else if (data && typeof data === "object") hooked[key] = data[key];
 			return hooked;
 		}, {});
 	};

package/dist/utils/test/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","names":["unauthenticatedTailorUser: TailorUser"],"sources":["../../../src/utils/test/index.ts"],"sourcesContent":["import type { output, TailorUser } from \"@/configure\";\nimport type { TailorDBType } from \"@/configure/services/tailordb/schema\";\nimport type { TailorField } from \"@/configure/types/type\";\nimport type { StandardSchemaV1 } from \"@standard-schema/spec\";\n\n/** Represents an unauthenticated user in the Tailor platform. */\nexport const unauthenticatedTailorUser: TailorUser = {\n  id: \"00000000-0000-0000-0000-000000000000\",\n  type: \"\",\n  workspaceId: \"00000000-0000-0000-0000-000000000000\",\n  attributes: null,\n  attributeList: [],\n} as const;\n\n/**\n * Creates a hook function that processes TailorDB type fields\n * - Uses existing id from data if provided, otherwise generates UUID for id fields\n * - Recursively processes nested types\n * - Executes hooks.create for fields with create hooks\n *\n * @template T - The output type of the hook function\n * @param type - TailorDB type definition\n * @returns A function that transforms input data according to field hooks\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function createTailorDBHook<T extends TailorDBType<any, any>>(type: T) {\n  return (data: unknown) => {\n    return Object.entries(type.fields).reduce(\n      (hooked, [key, value]) => {\n        // eslint-disable-next-line @typescript-eslint/no-explicit-any\n        const field = value as TailorField<any, any, any>;\n        if (key === \"id\") {\n          // Use existing id from data if provided, otherwise generate new UUID\n          const existingId =\n            data && typeof data === \"object\"\n              ? (data as Record<string, unknown>)[key]\n              : undefined;\n          hooked[key] = existingId ?? crypto.randomUUID();\n        } else if (field.type === \"nested\") {\n          // eslint-disable-next-line @typescript-eslint/no-explicit-any\n          hooked[key] = createTailorDBHook({ fields: field.fields } as any)(\n            (data as Record<string, unknown>)[key],\n          );\n        } else if (field.metadata.hooks?.create) {\n          hooked[key] = field.metadata.hooks.create({\n            value: (data as Record<string, unknown>)[key],\n            data: data,\n            user: unauthenticatedTailorUser,\n          });\n        } else if (data && typeof data === \"object\") {\n          hooked[key] = (data as Record<string, unknown>)[key];\n        }\n        return hooked;\n      },\n      {} as Record<string, unknown>,\n    ) as Partial<output<T>>;\n  };\n}\n\n/**\n * Creates the standard schema definition for lines-db\n * This returns the first argument for defineSchema with the ~standard section\n *\n * @template T - The output type after validation\n * @param schemaType - TailorDB field schema for validation\n * @param hook - Hook function to transform data before validation\n * @returns Schema object with ~standard section for defineSchema\n */\nexport function createStandardSchema<T = Record<string, unknown>>(\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  schemaType: TailorField<any, T>,\n  hook: (data: unknown) => Partial<T>,\n) {\n  return {\n    \"~standard\": {\n      version: 1,\n      vendor: \"@tailor-platform/sdk\",\n      validate: (value: unknown) => {\n        const hooked = hook(value);\n        const result = schemaType.parse({\n          value: hooked,\n          data: hooked,\n          user: unauthenticatedTailorUser,\n        });\n        if (result.issues) {\n          return result;\n        }\n        return { value: hooked as T };\n      },\n    },\n  } as const satisfies StandardSchemaV1<T>;\n}\n"],"mappings":";;AAMA,MAAaA,4BAAwC;CACnD,IAAI;CACJ,MAAM;CACN,aAAa;CACb,YAAY;CACZ,eAAe,EAAE;CAClB;;;;;;;;;;;AAaD,SAAgB,mBAAqD,MAAS;AAC5E,SAAQ,SAAkB;AACxB,SAAO,OAAO,QAAQ,KAAK,OAAO,CAAC,QAChC,QAAQ,CAAC,KAAK,WAAW;GAExB,MAAM,QAAQ;AACd,OAAI,QAAQ,KAMV,QAAO,QAHL,QAAQ,OAAO,SAAS,WACnB,KAAiC,OAClC,WACsB,OAAO,YAAY;YACtC,MAAM,SAAS,SAExB,QAAO,OAAO,mBAAmB,EAAE,QAAQ,MAAM,QAAQ,CAAQ,CAC9D,KAAiC,KACnC;YACQ,MAAM,SAAS,OAAO,OAC/B,QAAO,OAAO,MAAM,SAAS,MAAM,OAAO;IACxC,OAAQ,KAAiC;IACnC;IACN,MAAM;IACP,CAAC;YACO,QAAQ,OAAO,SAAS,SACjC,QAAO,OAAQ,KAAiC;AAElD,UAAO;KAET,EAAE,CACH;;;;;;;;;;;;AAaL,SAAgB,qBAEd,YACA,MACA;AACA,QAAO,EACL,aAAa;EACX,SAAS;EACT,QAAQ;EACR,WAAW,UAAmB;GAC5B,MAAM,SAAS,KAAK,MAAM;GAC1B,MAAM,SAAS,WAAW,MAAM;IAC9B,OAAO;IACP,MAAM;IACN,MAAM;IACP,CAAC;AACF,OAAI,OAAO,OACT,QAAO;AAET,UAAO,EAAE,OAAO,QAAa;;EAEhC,EACF"}
+{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/utils/test/index.ts"],"sourcesContent":["import type { output, TailorUser } from \"@/configure\";\nimport type { TailorDBType } from \"@/configure/services/tailordb/schema\";\nimport type { TailorField } from \"@/configure/types/type\";\nimport type { StandardSchemaV1 } from \"@standard-schema/spec\";\n\n/** Represents an unauthenticated user in the Tailor platform. */\nexport const unauthenticatedTailorUser = {\n  id: \"00000000-0000-0000-0000-000000000000\",\n  type: \"\",\n  workspaceId: \"00000000-0000-0000-0000-000000000000\",\n  attributes: null,\n  attributeList: [],\n} as const satisfies TailorUser;\n\n/**\n * Creates a hook function that processes TailorDB type fields\n * - Uses existing id from data if provided, otherwise generates UUID for id fields\n * - Recursively processes nested types\n * - Executes hooks.create for fields with create hooks\n *\n * @template T - The output type of the hook function\n * @param type - TailorDB type definition\n * @returns A function that transforms input data according to field hooks\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function createTailorDBHook<T extends TailorDBType<any, any>>(type: T) {\n  return (data: unknown) => {\n    return Object.entries(type.fields).reduce(\n      (hooked, [key, value]) => {\n        // eslint-disable-next-line @typescript-eslint/no-explicit-any\n        const field = value as TailorField<any, any, any>;\n        if (key === \"id\") {\n          // Use existing id from data if provided, otherwise generate new UUID\n          const existingId =\n            data && typeof data === \"object\"\n              ? (data as Record<string, unknown>)[key]\n              : undefined;\n          hooked[key] = existingId ?? crypto.randomUUID();\n        } else if (field.type === \"nested\") {\n          // eslint-disable-next-line @typescript-eslint/no-explicit-any\n          hooked[key] = createTailorDBHook({ fields: field.fields } as any)(\n            (data as Record<string, unknown>)[key],\n          );\n        } else if (field.metadata.hooks?.create) {\n          hooked[key] = field.metadata.hooks.create({\n            value: (data as Record<string, unknown>)[key],\n            data: data,\n            user: unauthenticatedTailorUser,\n          });\n          if (hooked[key] instanceof Date) {\n            hooked[key] = hooked[key].toISOString();\n          }\n        } else if (data && typeof data === \"object\") {\n          hooked[key] = (data as Record<string, unknown>)[key];\n        }\n        return hooked;\n      },\n      {} as Record<string, unknown>,\n    ) as Partial<output<T>>;\n  };\n}\n\n/**\n * Creates the standard schema definition for lines-db\n * This returns the first argument for defineSchema with the ~standard section\n *\n * @template T - The output type after validation\n * @param schemaType - TailorDB field schema for validation\n * @param hook - Hook function to transform data before validation\n * @returns Schema object with ~standard section for defineSchema\n */\nexport function createStandardSchema<T = Record<string, unknown>>(\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  schemaType: TailorField<any, T>,\n  hook: (data: unknown) => Partial<T>,\n) {\n  return {\n    \"~standard\": {\n      version: 1,\n      vendor: \"@tailor-platform/sdk\",\n      validate: (value: unknown) => {\n        const hooked = hook(value);\n        const result = schemaType.parse({\n          value: hooked,\n          data: hooked,\n          user: unauthenticatedTailorUser,\n        });\n        if (result.issues) {\n          return result;\n        }\n        return { value: hooked as T };\n      },\n    },\n  } as const satisfies StandardSchemaV1<T>;\n}\n"],"mappings":";;AAMA,MAAa,4BAA4B;CACvC,IAAI;CACJ,MAAM;CACN,aAAa;CACb,YAAY;CACZ,eAAe,EAAE;CAClB;;;;;;;;;;;AAaD,SAAgB,mBAAqD,MAAS;AAC5E,SAAQ,SAAkB;AACxB,SAAO,OAAO,QAAQ,KAAK,OAAO,CAAC,QAChC,QAAQ,CAAC,KAAK,WAAW;GAExB,MAAM,QAAQ;AACd,OAAI,QAAQ,KAMV,QAAO,QAHL,QAAQ,OAAO,SAAS,WACnB,KAAiC,OAClC,WACsB,OAAO,YAAY;YACtC,MAAM,SAAS,SAExB,QAAO,OAAO,mBAAmB,EAAE,QAAQ,MAAM,QAAQ,CAAQ,CAC9D,KAAiC,KACnC;YACQ,MAAM,SAAS,OAAO,QAAQ;AACvC,WAAO,OAAO,MAAM,SAAS,MAAM,OAAO;KACxC,OAAQ,KAAiC;KACnC;KACN,MAAM;KACP,CAAC;AACF,QAAI,OAAO,gBAAgB,KACzB,QAAO,OAAO,OAAO,KAAK,aAAa;cAEhC,QAAQ,OAAO,SAAS,SACjC,QAAO,OAAQ,KAAiC;AAElD,UAAO;KAET,EAAE,CACH;;;;;;;;;;;;AAaL,SAAgB,qBAEd,YACA,MACA;AACA,QAAO,EACL,aAAa;EACX,SAAS;EACT,QAAQ;EACR,WAAW,UAAmB;GAC5B,MAAM,SAAS,KAAK,MAAM;GAC1B,MAAM,SAAS,WAAW,MAAM;IAC9B,OAAO;IACP,MAAM;IACN,MAAM;IACP,CAAC;AACF,OAAI,OAAO,OACT,QAAO;AAET,UAAO,EAAE,OAAO,QAAa;;EAEhC,EACF"}

package/docs/cli/application.md

@@ -0,0 +1,136 @@
+# Application Commands
+
+Commands for managing Tailor Platform applications. These commands work with `tailor.config.ts`.
+
+## init
+
+Initialize a new project using create-sdk.
+
+```bash
+tailor-sdk init [name] [options]
+```
+
+**Arguments:**
+
+- `name` - Project name
+
+**Options:**
+
+- `-t, --template` - Template name
+
+## generate
+
+Generate files using Tailor configuration.
+
+```bash
+tailor-sdk generate [options]
+```
+
+**Options:**
+
+- `-c, --config` - Path to the SDK config file (default: `tailor.config.ts`)
+- `-w, --watch` - Watch for type/resolver changes and regenerate
+
+## apply
+
+Apply Tailor configuration to deploy your application.
+
+```bash
+tailor-sdk apply [options]
+```
+
+**Options:**
+
+- `-w, --workspace-id` - ID of the workspace to apply the configuration to
+- `-p, --profile` - Workspace profile to use
+- `-c, --config` - Path to the SDK config file (default: `tailor.config.ts`)
+- `-d, --dryRun` - Run the command without making any changes
+- `-y, --yes` - Skip confirmation prompt
+
+## remove
+
+Remove all resources managed by the application from the workspace.
+
+```bash
+tailor-sdk remove [options]
+```
+
+**Options:**
+
+- `-w, --workspace-id` - ID of the workspace to remove resources from
+- `-p, --profile` - Workspace profile to use
+- `-c, --config` - Path to the SDK config file (default: `tailor.config.ts`)
+- `-y, --yes` - Skip confirmation prompt
+
+## show
+
+Show information about the deployed application.
+
+```bash
+tailor-sdk show [options]
+```
+
+**Options:**
+
+- `-w, --workspace-id` - ID of the workspace to show the application from
+- `-p, --profile` - Workspace profile to use
+- `-c, --config` - Path to the SDK config file (default: `tailor.config.ts`)
+- `--json` - Output as JSON
+
+## tailordb
+
+Manage TailorDB tables and data.
+
+```bash
+tailor-sdk tailordb <subcommand> [options]
+```
+
+### tailordb truncate
+
+Truncate (delete all records from) TailorDB tables.
+
+```bash
+tailor-sdk tailordb truncate [types...] [options]
+```
+
+**Arguments:**
+
+- `types...` - Space-separated list of type names to truncate (optional)
+
+**Options:**
+
+- `-a, --all` - Truncate all tables in all namespaces
+- `-n, --namespace` - Truncate all tables in the specified namespace
+- `-y, --yes` - Skip confirmation prompt
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+- `-c, --config` - Path to the SDK config file (default: `tailor.config.ts`)
+
+**Usage Examples:**
+
+```bash
+# Truncate all tables in all namespaces (requires confirmation)
+tailor-sdk tailordb truncate --all
+
+# Truncate all tables in all namespaces (skip confirmation)
+tailor-sdk tailordb truncate --all --yes
+
+# Truncate all tables in a specific namespace
+tailor-sdk tailordb truncate --namespace myNamespace
+
+# Truncate specific types (namespace is auto-detected)
+tailor-sdk tailordb truncate User Post Comment
+
+# Truncate specific types with confirmation skipped
+tailor-sdk tailordb truncate User Post --yes
+```
+
+**Notes:**
+
+- You must specify exactly one of: `--all`, `--namespace`, or type names
+- When truncating specific types, the namespace is automatically detected from your config
+- Confirmation prompts vary based on the operation:
+  - `--all`: requires typing `truncate all`
+  - `--namespace`: requires typing `truncate <namespace-name>`
+  - Specific types: requires typing `yes`
+- Use `--yes` flag to skip confirmation prompts (useful for scripts and CI/CD)

package/docs/cli/auth.md

@@ -0,0 +1,110 @@
+# Auth Resource Commands
+
+Commands for managing Auth service resources (machine users and OAuth2 clients).
+
+## machineuser
+
+Manage machine users in your Tailor Platform application.
+
+```bash
+tailor-sdk machineuser <subcommand> [options]
+```
+
+### machineuser list
+
+List all machine users in the application.
+
+```bash
+tailor-sdk machineuser list [options]
+```
+
+**Options:**
+
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+- `-c, --config` - Path to the SDK config file (default: `tailor.config.ts`)
+- `--json` - Output as JSON
+
+### machineuser token
+
+Get an access token for a machine user.
+
+```bash
+tailor-sdk machineuser token <name> [options]
+```
+
+**Arguments:**
+
+- `name` - Machine user name (required)
+
+**Options:**
+
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+- `-c, --config` - Path to the SDK config file (default: `tailor.config.ts`)
+- `--json` - Output as JSON
+
+## oauth2client
+
+Manage OAuth2 clients in your Tailor Platform application.
+
+```bash
+tailor-sdk oauth2client <subcommand> [options]
+```
+
+### oauth2client list
+
+List all OAuth2 clients in the application.
+
+```bash
+tailor-sdk oauth2client list [options]
+```
+
+**Options:**
+
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+- `-c, --config` - Path to the SDK config file (default: `tailor.config.ts`)
+- `--json` - Output as JSON
+
+**Output:**
+
+Returns a list of OAuth2 clients with the following fields:
+
+- `name` - Client name
+- `description` - Client description
+- `clientId` - OAuth2 client ID
+- `grantTypes` - Supported grant types (e.g., `authorization_code`, `refresh_token`)
+- `redirectUris` - Registered redirect URIs
+- `createdAt` - Creation timestamp
+
+### oauth2client get
+
+Get OAuth2 client credentials (including client secret).
+
+```bash
+tailor-sdk oauth2client get <name> [options]
+```
+
+**Arguments:**
+
+- `name` - OAuth2 client name (required)
+
+**Options:**
+
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+- `-c, --config` - Path to the SDK config file (default: `tailor.config.ts`)
+- `--json` - Output as JSON
+
+**Output:**
+
+Returns the OAuth2 client credentials with the following fields:
+
+- `name` - Client name
+- `description` - Client description
+- `clientId` - OAuth2 client ID
+- `clientSecret` - OAuth2 client secret
+- `grantTypes` - Supported grant types
+- `redirectUris` - Registered redirect URIs
+- `createdAt` - Creation timestamp

package/docs/cli/secret.md

@@ -0,0 +1,125 @@
+# Secret Commands
+
+Commands for managing Secret Manager vaults and secrets.
+
+## secret
+
+Manage Secret Manager vaults and secrets.
+
+```bash
+tailor-sdk secret <subcommand> [options]
+```
+
+### secret vault
+
+Manage Secret Manager vaults.
+
+```bash
+tailor-sdk secret vault <subcommand> [options]
+```
+
+#### secret vault create
+
+Create a new Secret Manager vault.
+
+```bash
+tailor-sdk secret vault create [options]
+```
+
+**Options:**
+
+- `--name` - Vault name (required)
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+
+#### secret vault delete
+
+Delete a Secret Manager vault.
+
+```bash
+tailor-sdk secret vault delete [options]
+```
+
+**Options:**
+
+- `--name` - Vault name (required)
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+- `-y, --yes` - Skip confirmation prompt
+
+#### secret vault list
+
+List all Secret Manager vaults in the workspace.
+
+```bash
+tailor-sdk secret vault list [options]
+```
+
+**Options:**
+
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+- `--json` - Output as JSON
+
+### secret create
+
+Create a secret in a vault.
+
+```bash
+tailor-sdk secret create [options]
+```
+
+**Options:**
+
+- `--vault-name` - Vault name (required)
+- `--name` - Secret name (required)
+- `--value` - Secret value (required)
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+
+### secret update
+
+Update a secret in a vault.
+
+```bash
+tailor-sdk secret update [options]
+```
+
+**Options:**
+
+- `--vault-name` - Vault name (required)
+- `--name` - Secret name (required)
+- `--value` - New secret value (required)
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+
+### secret list
+
+List all secrets in a vault.
+
+```bash
+tailor-sdk secret list [options]
+```
+
+**Options:**
+
+- `--vault-name` - Vault name (required)
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+- `--json` - Output as JSON
+
+### secret delete
+
+Delete a secret in a vault.
+
+```bash
+tailor-sdk secret delete [options]
+```
+
+**Options:**
+
+- `--vault-name` - Vault name (required)
+- `--name` - Secret name (required)
+- `-w, --workspace-id` - ID of the workspace
+- `-p, --profile` - Workspace profile to use
+- `-y, --yes` - Skip confirmation prompt