npm - @tailor-platform/sdk - Versions diffs - 0.22.0 → 0.22.3 - Mend

@tailor-platform/sdk 0.22.0 → 0.22.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/CHANGELOG.md +27 -0
package/dist/cli/index.mjs +3 -3
package/dist/cli/index.mjs.map +1 -1
package/dist/cli/lib.d.mts +1 -44
package/dist/cli/lib.mjs +2 -2
package/dist/{config-BGY8v5d7.mjs → config-CtRi0Lgg.mjs} +9 -142
package/dist/config-CtRi0Lgg.mjs.map +1 -0
package/dist/configure/index.d.mts +2 -2
package/dist/configure/index.mjs +1 -1
package/dist/{index--_tMHIHD.d.mts → index-Bz_i9lgm.d.mts} +8 -3
package/dist/{list-B11wQhss.mjs → list-BHj1dQPk.mjs} +367 -213
package/dist/list-BHj1dQPk.mjs.map +1 -0
package/dist/{types-DhLfUYWN.d.mts → types-BaiXm10C.d.mts} +249 -225
package/dist/utils/test/index.d.mts +2 -2
package/package.json +10 -8
package/dist/config-BGY8v5d7.mjs.map +0 -1
package/dist/list-B11wQhss.mjs.map +0 -1

package/dist/{list-B11wQhss.mjs → list-BHj1dQPk.mjs} RENAMED Viewed

@@ -1,5 +1,5 @@
 import { a as __toCommonJS, i as __require, n as __esmMin, o as __toESM, r as __export, t as __commonJSMin } from "./chunk-DhYkiPYI.mjs";
-import { i as WORKFLOW_JOB_BRAND, r as getDistDir, u as tailorUserMap } from "./config-BGY8v5d7.mjs";
+import { i as WORKFLOW_JOB_BRAND, r as getDistDir } from "./config-CtRi0Lgg.mjs";
 import Module, { createRequire } from "node:module";
 import { defineCommand } from "citty";
 import * as path$20 from "node:path";
@@ -23,9 +23,9 @@ import fsPromises, { glob } from "node:fs/promises";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import ml from "multiline-ts";
 import { xdgConfig } from "xdg-basedir";
-import * as inflection from "inflection";
 import util from "node:util";
 import assert from "node:assert";
+import * as inflection from "inflection";
 import * as rolldown from "rolldown";
 import { parseSync } from "oxc-parser";
 import { create, fromJson } from "@bufbuild/protobuf";
@@ -1453,92 +1453,6 @@ const apiCommand = defineCommand({
 	})
 });
-//#endregion
-//#region src/cli/application/auth/service.ts
-var AuthService = class {
-	_userProfile;
-	_tenantProvider;
-	constructor(config, tailorDBServices) {
-		this.config = config;
-		this.tailorDBServices = tailorDBServices;
-	}
-	get userProfile() {
-		return this._userProfile;
-	}
-	get tenantProvider() {
-		return this._tenantProvider;
-	}
-	async resolveNamespaces() {
-		await Promise.all(this.tailorDBServices.map((service) => service.loadTypes()));
-		if (this.tailorDBServices.length === 1) {
-			const singleNamespace = this.tailorDBServices[0].namespace;
-			this._userProfile = this.config.userProfile ? {
-				...this.config.userProfile,
-				namespace: singleNamespace
-			} : void 0;
-			this._tenantProvider = this.config.tenantProvider ? {
-				...this.config.tenantProvider,
-				namespace: singleNamespace
-			} : void 0;
-			return;
-		}
-		const userProfileTypeName = this.config.userProfile?.type && typeof this.config.userProfile.type === "object" && "name" in this.config.userProfile.type ? this.config.userProfile.type.name : void 0;
-		const tenantProviderTypeName = typeof this.config.tenantProvider?.type === "string" ? this.config.tenantProvider.type : void 0;
-		let userProfileNamespace;
-		let tenantProviderNamespace;
-		for (const service of this.tailorDBServices) {
-			const types$2 = service.getTypes();
-			if (userProfileTypeName && !userProfileNamespace && Object.prototype.hasOwnProperty.call(types$2, userProfileTypeName)) userProfileNamespace = service.namespace;
-			if (tenantProviderTypeName && !tenantProviderNamespace && Object.prototype.hasOwnProperty.call(types$2, tenantProviderTypeName)) tenantProviderNamespace = service.namespace;
-			if (userProfileNamespace && tenantProviderNamespace) break;
-		}
-		if (this.config.userProfile && !userProfileNamespace) throw new Error(`userProfile type "${this.config.userProfile.type.name}" not found in any TailorDB namespace`);
-		if (this.config.tenantProvider && !tenantProviderNamespace) throw new Error(`tenantProvider type "${this.config.tenantProvider.type}" not found in any TailorDB namespace`);
-		this._userProfile = this.config.userProfile ? {
-			...this.config.userProfile,
-			namespace: userProfileNamespace
-		} : void 0;
-		this._tenantProvider = this.config.tenantProvider ? {
-			...this.config.tenantProvider,
-			namespace: tenantProviderNamespace
-		} : void 0;
-	}
-};
-//#endregion
-//#region src/cli/application/file-loader.ts
-const DEFAULT_IGNORE_PATTERNS = ["**/*.test.ts", "**/*.spec.ts"];
-/**
-* Load files matching the given patterns, excluding files that match ignore patterns.
-* By default, test files (*.test.ts, *.spec.ts) are excluded unless ignores is explicitly specified.
-*
-* @param config - Configuration with files patterns and optional ignores patterns
-* @returns Array of absolute file paths
-*/
-function loadFilesWithIgnores(config) {
-	const ignorePatterns = config.ignores ?? DEFAULT_IGNORE_PATTERNS;
-	const ignoreFiles = /* @__PURE__ */ new Set();
-	for (const ignorePattern of ignorePatterns) {
-		const absoluteIgnorePattern = path$20.resolve(process.cwd(), ignorePattern);
-		try {
-			fs$15.globSync(absoluteIgnorePattern).forEach((file) => ignoreFiles.add(file));
-		} catch (error) {
-			logger.warn(`Failed to glob ignore pattern "${ignorePattern}": ${String(error)}`);
-		}
-	}
-	const files = [];
-	for (const pattern of config.files) {
-		const absolutePattern = path$20.resolve(process.cwd(), pattern);
-		try {
-			const filteredFiles = fs$15.globSync(absolutePattern).filter((file) => !ignoreFiles.has(file));
-			files.push(...filteredFiles);
-		} catch (error) {
-			logger.warn(`Failed to glob pattern "${pattern}": ${String(error)}`);
-		}
-	}
-	return files;
-}
 //#endregion
 //#region src/parser/service/auth/schema.ts
 const AuthInvokerSchema = z.object({
@@ -1549,12 +1463,6 @@ const secretValueSchema = z.object({
 	vaultName: z.string(),
 	secretKey: z.string()
 });
-const samlBaseSchema = z.object({
-	name: z.string(),
-	kind: z.literal("SAML"),
-	spCertBase64: secretValueSchema.optional(),
-	spKeyBase64: secretValueSchema.optional()
-});
 const OIDCSchema = z.object({
 	name: z.string(),
 	kind: z.literal("OIDC"),
@@ -1564,7 +1472,10 @@ const OIDCSchema = z.object({
 	issuerURL: z.string().optional(),
 	usernameClaim: z.string().optional()
 });
-const SAMLSchema = samlBaseSchema.extend({
+const SAMLSchema = z.object({
+	name: z.string(),
+	kind: z.literal("SAML"),
+	enableSignRequest: z.boolean().default(false),
 	metadataURL: z.string().optional(),
 	rawMetadata: z.string().optional()
 }).refine((value) => {
@@ -1713,6 +1624,100 @@ const AuthConfigSchema = z.object({
 	tenantProvider: TenantProviderSchema.optional()
 }).brand("AuthConfig");
+//#endregion
+//#region src/cli/application/auth/service.ts
+var AuthService = class {
+	_userProfile;
+	_tenantProvider;
+	_parsedConfig;
+	constructor(config, tailorDBServices) {
+		this.config = config;
+		this.tailorDBServices = tailorDBServices;
+		this._parsedConfig = {
+			...config,
+			idProvider: IdProviderSchema.optional().parse(config.idProvider)
+		};
+	}
+	get userProfile() {
+		return this._userProfile;
+	}
+	get tenantProvider() {
+		return this._tenantProvider;
+	}
+	get parsedConfig() {
+		return this._parsedConfig;
+	}
+	async resolveNamespaces() {
+		await Promise.all(this.tailorDBServices.map((service) => service.loadTypes()));
+		if (this.tailorDBServices.length === 1) {
+			const singleNamespace = this.tailorDBServices[0].namespace;
+			this._userProfile = this.config.userProfile ? {
+				...this.config.userProfile,
+				namespace: singleNamespace
+			} : void 0;
+			this._tenantProvider = this.config.tenantProvider ? {
+				...this.config.tenantProvider,
+				namespace: singleNamespace
+			} : void 0;
+			return;
+		}
+		const userProfileTypeName = this.config.userProfile?.type && typeof this.config.userProfile.type === "object" && "name" in this.config.userProfile.type ? this.config.userProfile.type.name : void 0;
+		const tenantProviderTypeName = typeof this.config.tenantProvider?.type === "string" ? this.config.tenantProvider.type : void 0;
+		let userProfileNamespace;
+		let tenantProviderNamespace;
+		for (const service of this.tailorDBServices) {
+			const types$2 = service.getTypes();
+			if (userProfileTypeName && !userProfileNamespace && Object.prototype.hasOwnProperty.call(types$2, userProfileTypeName)) userProfileNamespace = service.namespace;
+			if (tenantProviderTypeName && !tenantProviderNamespace && Object.prototype.hasOwnProperty.call(types$2, tenantProviderTypeName)) tenantProviderNamespace = service.namespace;
+			if (userProfileNamespace && tenantProviderNamespace) break;
+		}
+		if (this.config.userProfile && !userProfileNamespace) throw new Error(`userProfile type "${this.config.userProfile.type.name}" not found in any TailorDB namespace`);
+		if (this.config.tenantProvider && !tenantProviderNamespace) throw new Error(`tenantProvider type "${this.config.tenantProvider.type}" not found in any TailorDB namespace`);
+		this._userProfile = this.config.userProfile ? {
+			...this.config.userProfile,
+			namespace: userProfileNamespace
+		} : void 0;
+		this._tenantProvider = this.config.tenantProvider ? {
+			...this.config.tenantProvider,
+			namespace: tenantProviderNamespace
+		} : void 0;
+	}
+};
+//#endregion
+//#region src/cli/application/file-loader.ts
+const DEFAULT_IGNORE_PATTERNS = ["**/*.test.ts", "**/*.spec.ts"];
+/**
+* Load files matching the given patterns, excluding files that match ignore patterns.
+* By default, test files (*.test.ts, *.spec.ts) are excluded unless ignores is explicitly specified.
+*
+* @param config - Configuration with files patterns and optional ignores patterns
+* @returns Array of absolute file paths
+*/
+function loadFilesWithIgnores(config) {
+	const ignorePatterns = config.ignores ?? DEFAULT_IGNORE_PATTERNS;
+	const ignoreFiles = /* @__PURE__ */ new Set();
+	for (const ignorePattern of ignorePatterns) {
+		const absoluteIgnorePattern = path$20.resolve(process.cwd(), ignorePattern);
+		try {
+			fs$15.globSync(absoluteIgnorePattern).forEach((file) => ignoreFiles.add(file));
+		} catch (error) {
+			logger.warn(`Failed to glob ignore pattern "${ignorePattern}": ${String(error)}`);
+		}
+	}
+	const files = [];
+	for (const pattern of config.files) {
+		const absolutePattern = path$20.resolve(process.cwd(), pattern);
+		try {
+			const filteredFiles = fs$15.globSync(absolutePattern).filter((file) => !ignoreFiles.has(file));
+			files.push(...filteredFiles);
+		} catch (error) {
+			logger.warn(`Failed to glob pattern "${pattern}": ${String(error)}`);
+		}
+	}
+	return files;
+}
 //#endregion
 //#region src/parser/service/common.ts
 const functionSchema = z.custom((val) => typeof val === "function");
@@ -1915,6 +1920,65 @@ var ResolverService = class {
 	}
 };
+//#endregion
+//#region src/parser/service/tailordb/field.ts
+const tailorUserMap = `{ id: user.id, type: user.type, workspaceId: user.workspace_id, attributes: user.attribute_map, attributeList: user.attributes }`;
+/**
+* Convert a function to a string representation.
+* Handles method shorthand syntax (e.g., `create() { ... }`) by converting it to
+* a function expression (e.g., `function create() { ... }`).
+*/
+const stringifyFunction = (fn) => {
+	const src = fn.toString().trim();
+	if (/^[a-zA-Z_$][a-zA-Z0-9_$]*\s*\(/.test(src) && !src.startsWith("function") && !src.startsWith("(") && !src.includes("=>")) return `function ${src}`;
+	return src;
+};
+/**
+* Convert a hook function to a script expression.
+*/
+const convertHookToExpr = (fn) => {
+	return `(${stringifyFunction(fn)})({ value: _value, data: _data, user: ${tailorUserMap} })`;
+};
+/**
+* Parse TailorDBField into OperatorFieldConfig.
+* This transforms user-defined functions into script expressions.
+*/
+function parseFieldConfig(field) {
+	const metadata = field.metadata;
+	const fieldType = field.type;
+	const nestedFields = field.fields;
+	return {
+		type: fieldType,
+		...metadata,
+		...fieldType === "nested" && nestedFields && Object.keys(nestedFields).length > 0 ? { fields: Object.entries(nestedFields).reduce((acc, [key, nestedField]) => {
+			acc[key] = parseFieldConfig(nestedField);
+			return acc;
+		}, {}) } : {},
+		validate: metadata.validate?.map((v$1) => {
+			const { fn, message } = typeof v$1 === "function" ? {
+				fn: v$1,
+				message: `failed by \`${v$1.toString().trim()}\``
+			} : {
+				fn: v$1[0],
+				message: v$1[1]
+			};
+			return {
+				script: { expr: `(${fn.toString().trim()})({ value: _value, data: _data, user: ${tailorUserMap} })` },
+				errorMessage: message
+			};
+		}),
+		hooks: metadata.hooks ? {
+			create: metadata.hooks.create ? { expr: convertHookToExpr(metadata.hooks.create) } : void 0,
+			update: metadata.hooks.update ? { expr: convertHookToExpr(metadata.hooks.update) } : void 0
+		} : void 0,
+		serial: metadata.serial ? {
+			start: metadata.serial.start,
+			maxValue: metadata.serial.maxValue,
+			format: "format" in metadata.serial ? metadata.serial.format : void 0
+		} : void 0
+	};
+}
 //#endregion
 //#region ../../node_modules/eslint/package.json
 var require_package$3 = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -98049,6 +98113,176 @@ function ensureNoExternalVariablesInFieldScripts(typeName, fieldName, fieldConfi
 	});
 }
+//#endregion
+//#region src/parser/service/tailordb/permission.ts
+const operatorMap = {
+	"=": "eq",
+	"!=": "ne",
+	in: "in",
+	"not in": "nin"
+};
+function normalizeOperand(operand) {
+	if (typeof operand === "object" && "user" in operand) return { user: operand.user === "id" ? "_id" : operand.user };
+	return operand;
+}
+function normalizeConditions(conditions) {
+	return conditions.map((cond) => {
+		const [left, operator, right] = cond;
+		return [
+			normalizeOperand(left),
+			operatorMap[operator],
+			normalizeOperand(right)
+		];
+	});
+}
+function isObjectFormat(p$1) {
+	return typeof p$1 === "object" && p$1 !== null && "conditions" in p$1;
+}
+function isSingleArrayConditionFormat(cond) {
+	return cond.length >= 2 && typeof cond[1] === "string";
+}
+function normalizePermission(permission) {
+	return Object.keys(permission).reduce((acc, action) => {
+		acc[action] = permission[action].map((p$1) => normalizeActionPermission(p$1));
+		return acc;
+	}, {});
+}
+function normalizeGqlPermission(permission) {
+	return permission.map((policy) => normalizeGqlPolicy(policy));
+}
+function normalizeGqlPolicy(policy) {
+	return {
+		conditions: policy.conditions ? normalizeConditions(policy.conditions) : [],
+		actions: policy.actions === "all" ? ["all"] : policy.actions,
+		permit: policy.permit ? "allow" : "deny",
+		description: policy.description
+	};
+}
+/**
+* Parse raw permissions into normalized permissions.
+* This is the main entry point for permission parsing in the parser layer.
+*/
+function parsePermissions(rawPermissions) {
+	return {
+		...rawPermissions.record && { record: normalizePermission(rawPermissions.record) },
+		...rawPermissions.gql && { gql: normalizeGqlPermission(rawPermissions.gql) }
+	};
+}
+function normalizeActionPermission(permission) {
+	if (isObjectFormat(permission)) {
+		const conditions$1 = permission.conditions;
+		return {
+			conditions: normalizeConditions(isSingleArrayConditionFormat(conditions$1) ? [conditions$1] : conditions$1),
+			permit: permission.permit ? "allow" : "deny",
+			description: permission.description
+		};
+	}
+	if (!Array.isArray(permission)) throw new Error("Invalid permission format");
+	if (isSingleArrayConditionFormat(permission)) {
+		const [op1, operator, op2, permit] = [...permission, true];
+		return {
+			conditions: normalizeConditions([[
+				op1,
+				operator,
+				op2
+			]]),
+			permit: permit ? "allow" : "deny"
+		};
+	}
+	const conditions = [];
+	const conditionArray = permission;
+	let conditionArrayPermit = true;
+	for (const item of conditionArray) {
+		if (typeof item === "boolean") {
+			conditionArrayPermit = item;
+			continue;
+		}
+		conditions.push(item);
+	}
+	return {
+		conditions: normalizeConditions(conditions),
+		permit: conditionArrayPermit ? "allow" : "deny"
+	};
+}
+//#endregion
+//#region src/parser/service/tailordb/type-parser.ts
+/**
+* Parse a TailorDBType into a ParsedTailorDBType.
+* This is the main entry point for parsing TailorDB types in the parser layer.
+*/
+function parseTailorDBType(type) {
+	const metadata = type.metadata;
+	const pluralForm = metadata.settings?.pluralForm || inflection.pluralize(type.name);
+	const fields = {};
+	const forwardRelationships = {};
+	for (const [fieldName, fieldDef] of Object.entries(type.fields)) {
+		const fieldConfig = parseFieldConfig(fieldDef);
+		ensureNoExternalVariablesInFieldScripts(type.name, fieldName, fieldConfig);
+		const parsedField = {
+			name: fieldName,
+			config: fieldConfig
+		};
+		const ref$1 = fieldDef.reference;
+		if (ref$1) {
+			const targetType = ref$1.type?.name;
+			if (targetType) {
+				const forwardName = ref$1.nameMap?.[0] || inflection.camelize(targetType, true);
+				const backwardName = ref$1.nameMap?.[1] || "";
+				const key = ref$1.key || "id";
+				parsedField.relation = {
+					targetType,
+					forwardName,
+					backwardName,
+					key,
+					unique: fieldDef.metadata?.unique ?? false
+				};
+				forwardRelationships[forwardName] = {
+					name: forwardName,
+					targetType,
+					targetField: fieldName,
+					sourceField: key,
+					isArray: false,
+					description: ref$1.type?.metadata?.description || ""
+				};
+			}
+		}
+		fields[fieldName] = parsedField;
+	}
+	return {
+		name: type.name,
+		pluralForm,
+		description: metadata.description,
+		fields,
+		forwardRelationships,
+		backwardRelationships: {},
+		settings: metadata.settings || {},
+		permissions: parsePermissions(metadata.permissions || {}),
+		indexes: metadata.indexes,
+		files: metadata.files
+	};
+}
+/**
+* Build backward relationships between parsed types.
+*/
+function buildBackwardRelationships(types$2) {
+	for (const [typeName, type] of Object.entries(types$2)) for (const [otherTypeName, otherType] of Object.entries(types$2)) for (const [fieldName, field] of Object.entries(otherType.fields)) if (field.relation && field.relation.targetType === typeName) {
+		let backwardName = field.relation.backwardName;
+		if (!backwardName) {
+			const lowerName = inflection.camelize(otherTypeName, true);
+			backwardName = field.relation.unique ? inflection.singularize(lowerName) : inflection.pluralize(lowerName);
+		}
+		type.backwardRelationships[backwardName] = {
+			name: backwardName,
+			targetType: otherTypeName,
+			targetField: fieldName,
+			sourceField: field.relation.key,
+			isArray: !field.relation.unique,
+			description: otherType.description || ""
+		};
+	}
+}
 //#endregion
 //#region src/cli/application/tailordb/service.ts
 var TailorDBService = class {
@@ -98110,77 +98344,8 @@ var TailorDBService = class {
 		const allTypes = {};
 		for (const fileTypes of Object.values(this.rawTypes)) for (const [typeName, type] of Object.entries(fileTypes)) allTypes[typeName] = type;
 		this.types = {};
-		for (const [typeName, type] of Object.entries(allTypes)) this.types[typeName] = this.parseTailorDBType(type);
-		this.buildBackwardRelationships(this.types);
-	}
-	parseTailorDBType(type) {
-		const schema = type.metadata.schema;
-		const pluralForm = schema?.settings?.pluralForm || inflection.pluralize(type.name);
-		const fields = {};
-		const forwardRelationships = {};
-		for (const [fieldName, fieldDef] of Object.entries(type.fields)) {
-			const fieldConfig = schema.fields?.[fieldName];
-			if (!fieldConfig) continue;
-			ensureNoExternalVariablesInFieldScripts(type.name, fieldName, fieldConfig);
-			const parsedField = {
-				name: fieldName,
-				config: fieldConfig
-			};
-			const ref$1 = fieldDef.reference;
-			if (ref$1) {
-				const targetType = ref$1.type?.name;
-				if (targetType) {
-					const forwardName = ref$1.nameMap?.[0] || inflection.camelize(targetType, true);
-					const backwardName = ref$1.nameMap?.[1] || "";
-					const key = ref$1.key || "id";
-					parsedField.relation = {
-						targetType,
-						forwardName,
-						backwardName,
-						key,
-						unique: fieldDef.metadata?.unique ?? false
-					};
-					forwardRelationships[forwardName] = {
-						name: forwardName,
-						targetType,
-						targetField: fieldName,
-						sourceField: key,
-						isArray: false,
-						description: ref$1.type?.metadata?.description || ""
-					};
-				}
-			}
-			fields[fieldName] = parsedField;
-		}
-		return {
-			name: type.name,
-			pluralForm,
-			description: schema?.description,
-			fields,
-			forwardRelationships,
-			backwardRelationships: {},
-			settings: schema?.settings || {},
-			permissions: schema?.permissions || {},
-			indexes: schema?.indexes,
-			files: schema?.files
-		};
-	}
-	buildBackwardRelationships(types$2) {
-		for (const [typeName, type] of Object.entries(types$2)) for (const [otherTypeName, otherType] of Object.entries(types$2)) for (const [fieldName, field] of Object.entries(otherType.fields)) if (field.relation && field.relation.targetType === typeName) {
-			let backwardName = field.relation.backwardName;
-			if (!backwardName) {
-				const lowerName = inflection.camelize(otherTypeName, true);
-				backwardName = field.relation.unique ? inflection.singularize(lowerName) : inflection.pluralize(lowerName);
-			}
-			type.backwardRelationships[backwardName] = {
-				name: backwardName,
-				targetType: otherTypeName,
-				targetField: fieldName,
-				sourceField: field.relation.key,
-				isArray: !field.relation.unique,
-				description: otherType.description || ""
-			};
-		}
+		for (const [typeName, type] of Object.entries(allTypes)) this.types[typeName] = parseTailorDBType(type);
+		buildBackwardRelationships(this.types);
 	}
 };
@@ -99943,9 +100108,9 @@ var TypeProcessor = class {
 				Serial: false
 			}
 		};
-		const fieldResults = Object.entries(fields).map(([fieldName, nestedFieldConfig]) => ({
+		const fieldResults = Object.entries(fields).map(([fieldName, nestedOperatorFieldConfig]) => ({
 			fieldName,
-			...this.generateFieldType(nestedFieldConfig)
+			...this.generateFieldType(nestedOperatorFieldConfig)
 		}));
 		const fieldTypes = fieldResults.map((result) => `${result.fieldName}: ${result.type}`);
 		const aggregatedUtilityTypes = fieldResults.reduce((acc, result) => ({
@@ -101051,7 +101216,8 @@ async function planServices$2(client, workspaceId, appName, auths) {
 			label: metadata?.labels[sdkNameLabelKey]
 		};
 	}));
-	for (const { config } of auths) {
+	for (const auth of auths) {
+		const { parsedConfig: config } = auth;
 		const existing = existingServices[config.name];
 		const metaRequest = await buildMetaRequest(trn$5(workspaceId, config.name), appName);
 		if (existing) {
@@ -101113,7 +101279,8 @@ async function planIdPConfigs(client, workspaceId, auths, deletedServices) {
 			}
 		});
 	};
-	for (const { config } of auths) {
+	for (const authService of auths) {
+		const { parsedConfig: config } = authService;
 		const existingIdPConfigs = await fetchIdPConfigs(config.name);
 		const existingNameSet = /* @__PURE__ */ new Set();
 		existingIdPConfigs.forEach((idpConfig$1) => {
@@ -101185,14 +101352,7 @@ function protoIdPConfig(idpConfig) {
 				case: "saml",
 				value: {
 					...idpConfig.metadataURL !== void 0 ? { metadataUrl: idpConfig.metadataURL } : { rawMetadata: idpConfig.rawMetadata },
-					...idpConfig.spCertBase64 && { spCertBase64: {
-						vaultName: idpConfig.spCertBase64.vaultName,
-						secretKey: idpConfig.spCertBase64.secretKey
-					} },
-					...idpConfig.spKeyBase64 && { spKeyBase64: {
-						vaultName: idpConfig.spKeyBase64.vaultName,
-						secretKey: idpConfig.spKeyBase64.secretKey
-					} }
+					enableSignRequest: idpConfig.enableSignRequest
 				}
 			} }
 		};
@@ -101255,11 +101415,12 @@ async function protoBuiltinIdPConfig(client, workspaceId, builtinIdPConfig) {
 async function planUserProfileConfigs(client, workspaceId, auths, deletedServices) {
 	const changeSet = new ChangeSet("Auth userProfileConfigs");
 	for (const auth of auths) {
-		const name$1 = `${auth.config.name}-user-profile-config`;
+		const { parsedConfig: config } = auth;
+		const name$1 = `${config.name}-user-profile-config`;
 		try {
 			await client.getUserProfileConfig({
 				workspaceId,
-				namespaceName: auth.config.name
+				namespaceName: config.name
 			});
 		} catch (error) {
 			if (error instanceof ConnectError && error.code === Code.NotFound) {
@@ -101267,7 +101428,7 @@ async function planUserProfileConfigs(client, workspaceId, auths, deletedService
 					name: name$1,
 					request: {
 						workspaceId,
-						namespaceName: auth.config.name,
+						namespaceName: config.name,
 						userProfileProviderConfig: protoUserProfileConfig(auth.userProfile)
 					}
 				});
@@ -101279,7 +101440,7 @@ async function planUserProfileConfigs(client, workspaceId, auths, deletedService
 			name: name$1,
 			request: {
 				workspaceId,
-				namespaceName: auth.config.name,
+				namespaceName: config.name,
 				userProfileProviderConfig: protoUserProfileConfig(auth.userProfile)
 			}
 		});
@@ -101287,7 +101448,7 @@ async function planUserProfileConfigs(client, workspaceId, auths, deletedService
 			name: name$1,
 			request: {
 				workspaceId,
-				namespaceName: auth.config.name
+				namespaceName: config.name
 			}
 		});
 	}
@@ -101332,11 +101493,12 @@ function protoUserProfileConfig(userProfile) {
 async function planTenantConfigs(client, workspaceId, auths, deletedServices) {
 	const changeSet = new ChangeSet("Auth tenantConfigs");
 	for (const auth of auths) {
-		const name$1 = `${auth.config.name}-tenant-config`;
+		const { parsedConfig: config } = auth;
+		const name$1 = `${config.name}-tenant-config`;
 		try {
 			await client.getTenantConfig({
 				workspaceId,
-				namespaceName: auth.config.name
+				namespaceName: config.name
 			});
 		} catch (error) {
 			if (error instanceof ConnectError && error.code === Code.NotFound) {
@@ -101344,7 +101506,7 @@ async function planTenantConfigs(client, workspaceId, auths, deletedServices) {
 					name: name$1,
 					request: {
 						workspaceId,
-						namespaceName: auth.config.name,
+						namespaceName: config.name,
 						tenantProviderConfig: protoTenantConfig(auth.tenantProvider)
 					}
 				});
@@ -101356,7 +101518,7 @@ async function planTenantConfigs(client, workspaceId, auths, deletedServices) {
 			name: name$1,
 			request: {
 				workspaceId,
-				namespaceName: auth.config.name,
+				namespaceName: config.name,
 				tenantProviderConfig: protoTenantConfig(auth.tenantProvider)
 			}
 		});
@@ -101364,7 +101526,7 @@ async function planTenantConfigs(client, workspaceId, auths, deletedServices) {
 			name: name$1,
 			request: {
 				workspaceId,
-				namespaceName: auth.config.name
+				namespaceName: config.name
 			}
 		});
 	}
@@ -101418,7 +101580,8 @@ async function planMachineUsers(client, workspaceId, auths, deletedServices) {
 			}
 		});
 	};
-	for (const { config } of auths) {
+	for (const auth of auths) {
+		const { parsedConfig: config } = auth;
 		const existingMachineUsers = await fetchMachineUsers(config.name);
 		const existingNameSet = /* @__PURE__ */ new Set();
 		existingMachineUsers.forEach((machineUser) => {
@@ -101495,7 +101658,8 @@ async function planOAuth2Clients(client, workspaceId, auths, deletedServices) {
 			}
 		});
 	};
-	for (const { config } of auths) {
+	for (const auth of auths) {
+		const { parsedConfig: config } = auth;
 		const existingOAuth2Clients = await fetchOAuth2Clients(config.name);
 		const existingNameSet = /* @__PURE__ */ new Set();
 		existingOAuth2Clients.forEach((oauth2Client) => {
@@ -101570,7 +101734,8 @@ function protoOAuth2Client(oauth2ClientName, oauth2Client) {
 }
 async function planSCIMConfigs(client, workspaceId, auths, deletedServices) {
 	const changeSet = new ChangeSet("Auth scimConfigs");
-	for (const { config } of auths) {
+	for (const auth of auths) {
+		const { parsedConfig: config } = auth;
 		const name$1 = `${config.name}-scim-config`;
 		try {
 			await client.getAuthSCIMConfig({
@@ -101664,7 +101829,8 @@ async function planSCIMResources(client, workspaceId, auths, deletedServices) {
 			throw error;
 		}
 	};
-	for (const { config } of auths) {
+	for (const auth of auths) {
+		const { parsedConfig: config } = auth;
 		const existingSCIMResources = await fetchSCIMResources(config.name);
 		const existingNameSet = /* @__PURE__ */ new Set();
 		existingSCIMResources.forEach((scimResource) => {
@@ -101811,16 +101977,18 @@ async function confirmOwnerConflict(conflicts, appName, yes) {
 }
 async function confirmUnmanagedResources(resources, appName, yes) {
 	if (resources.length === 0) return;
-	logger.warn("Unmanaged resources detected:");
+	logger.warn("Existing resources not tracked by tailor-sdk were found:");
 	logger.log(`  ${styles.info("Resources")}:`);
 	for (const r$1 of resources) logger.log(`    • ${styles.bold(r$1.resourceType)} ${styles.info(`"${r$1.resourceName}"`)}`);
 	logger.newline();
-	logger.log("  These resources are not managed by any application.");
+	logger.log("  These resources may have been created by older SDK versions, Terraform, or CUE.");
+	logger.log("  To continue, confirm that tailor-sdk should manage them.");
+	logger.log("  If they are managed by another tool (e.g., Terraform), cancel and manage them there instead.");
 	if (yes) {
 		logger.success(`Adding to "${appName}" (--yes flag specified)...`, { mode: "plain" });
 		return;
 	}
-	if (!await logger.prompt(`Add these resources to "${appName}"?`, {
+	if (!await logger.prompt(`Allow tailor-sdk to manage these resources for "${appName}"?`, {
 		type: "confirm",
 		initial: false
 	})) throw new Error(ml`
@@ -101850,20 +102018,6 @@ async function confirmImportantResourceDeletion(resources, yes) {
 //#endregion
 //#region src/cli/apply/services/executor.ts
-/**
-* Convert a function to a string representation.
-* Handles method shorthand syntax (e.g., `requestBody() { ... }`) by converting it to
-* a function expression (e.g., `function requestBody() { ... }`).
-*
-* TODO: This function should be moved to the parser module.
-* The same function exists in `src/configure/services/tailordb/schema.ts`.
-* These should be unified into a common utility in the parser layer.
-*/
-const stringifyFunction = (fn) => {
-	const src = fn.toString().trim();
-	if (/^[a-zA-Z_$][a-zA-Z0-9_$]*\s*\(/.test(src) && !src.startsWith("function") && !src.startsWith("(") && !src.includes("=>")) return `function ${src}`;
-	return src;
-};
 async function applyExecutor(client, result, phase = "create-update") {
 	const { changeSet } = result;
 	if (phase === "create-update") await Promise.all([...changeSet.creates.map(async (create$1) => {
@@ -102860,7 +103014,7 @@ function protoOperand(operand) {
 		case: "oldRecordField",
 		value: operand.oldRecord
 	} };
-	else throw new Error(`Unknown operand: ${operand}`);
+	else throw new Error(`Unknown operand: ${JSON.stringify(operand)}`);
 	return { kind: {
 		case: "value",
 		value: fromJson(ValueSchema, operand)
@@ -103014,7 +103168,7 @@ function protoGqlOperand(operand) {
 		case: "userField",
 		value: operand.user
 	} };
-	else throw new Error(`Unknown operand: ${operand}`);
+	else throw new Error(`Unknown operand: ${JSON.stringify(operand)}`);
 	return { kind: {
 		case: "value",
 		value: fromJson(ValueSchema, operand)
@@ -103933,7 +104087,7 @@ var GenerationManager = class {
 	getAuthInput() {
 		const authService = this.application.authService;
 		if (!authService) return void 0;
-		const config = authService.config;
+		const config = authService.parsedConfig;
 		return {
 			name: config.name,
 			userProfile: authService.userProfile ? {
@@ -105408,4 +105562,4 @@ const listCommand = defineCommand({
 //#endregion
 export { jsonArgs as $, printData as A, loadAccessToken as B, listOAuth2Clients as C, tokenCommand as D, getMachineUserToken as E, generateUserTypes as F, fetchUserInfo as G, readPlatformConfig as H, loadConfig as I, readPackageJson as J, initOAuth2Client as K, apiCall as L, generateCommand as M, apply as N, listCommand$3 as O, applyCommand as P, deploymentArgs as Q, apiCommand as R, listCommand$2 as S, getOAuth2Client as T, writePlatformConfig as U, loadWorkspaceId as V, fetchAll as W, commonArgs as X, PATScope as Y, confirmationArgs as Z, listWorkflowExecutions as _, createCommand as a, remove as b, resumeWorkflow as c, listCommand$1 as d, withCommonArgs as et, listWorkflows as f, getWorkflowExecution as g, executionsCommand as h, deleteWorkspace as i, generate as j, listMachineUsers as k, startCommand as l, getWorkflow as m, listWorkspaces as n, logger as nt, createWorkspace as o, getCommand as p, initOperatorClient as q, deleteCommand as r, resumeCommand as s, listCommand as t, workspaceArgs as tt, startWorkflow as u, show as v, getCommand$1 as w, removeCommand as x, showCommand as y, fetchLatestToken as z };
-//# sourceMappingURL=list-B11wQhss.mjs.map
+//# sourceMappingURL=list-BHj1dQPk.mjs.map