@tailor-platform/sdk 0.23.0 → 0.23.2

package/CHANGELOG.md

@@ -1,5 +1,27 @@
 # @tailor-platform/sdk
 
+## 0.23.2
+
+### Patch Changes
+
+- [#296](https://github.com/tailor-platform/sdk/pull/296) [`adb9a9d`](https://github.com/tailor-platform/sdk/commit/adb9a9d5d6dad4b961fb8dd448ea2b08d610fc5b) Thanks [@toiroakr](https://github.com/toiroakr)! - Fix service deletion order to prevent "used by gateway(s)" error
+
+  When deleting subgraph services (TailorDB, Pipeline, Auth, IdP), the deletion would fail with an error like "Failed to delete AuthService: auth xxx is used by gateway(s)" because the Application was still referencing them.
+
+  This fix separates the deletion phases:
+  - `delete-resources`: Deletes resources (types, resolvers, clients, etc.) before Application update
+  - `delete-services`: Deletes services after Application is deleted
+
+  This ensures services are deleted only after the Application no longer references them.
+
+## 0.23.1
+
+### Patch Changes
+
+- [#294](https://github.com/tailor-platform/sdk/pull/294) [`91bafb7`](https://github.com/tailor-platform/sdk/commit/91bafb7d5b8d0c4b2c9fb9f8b9260e33c6213df0) Thanks [@remiposo](https://github.com/remiposo)! - feat: Support optional namespace for userProfile in auth config
+  - Auto-resolve namespace when only one TailorDB exists (including external)
+  - Allow explicit namespace specification when multiple TailorDBs exist
+
 ## 0.23.0
 
 ### Minor Changes

package/dist/cli/index.mjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import "../chunk-DhYkiPYI.mjs";
 import "../config-CtRi0Lgg.mjs";
-import { $ as jsonArgs, A as printData, B as loadAccessToken, D as tokenCommand, G as fetchUserInfo, H as readPlatformConfig, I as loadConfig, J as readPackageJson, K as initOAuth2Client, M as generateCommand, O as listCommand$5, P as applyCommand, Q as deploymentArgs, R as apiCommand, S as listCommand$6, U as writePlatformConfig, V as loadWorkspaceId, W as fetchAll, X as commonArgs, Y as PATScope, Z as confirmationArgs, a as createCommand$3, d as listCommand$7, et as withCommonArgs, h as executionsCommand, l as startCommand, nt as logger, p as getCommand$2, q as initOperatorClient, r as deleteCommand$3, s as resumeCommand, t as listCommand$8, tt as workspaceArgs, w as getCommand$1, x as removeCommand, y as showCommand, z as fetchLatestToken } from "../list-DLqfJ2jD.mjs";
+import { $ as jsonArgs, A as printData, B as loadAccessToken, D as tokenCommand, G as fetchUserInfo, H as readPlatformConfig, I as loadConfig, J as readPackageJson, K as initOAuth2Client, M as generateCommand, O as listCommand$5, P as applyCommand, Q as deploymentArgs, R as apiCommand, S as listCommand$6, U as writePlatformConfig, V as loadWorkspaceId, W as fetchAll, X as commonArgs, Y as PATScope, Z as confirmationArgs, a as createCommand$3, d as listCommand$7, et as withCommonArgs, h as executionsCommand, l as startCommand, nt as logger, p as getCommand$2, q as initOperatorClient, r as deleteCommand$3, s as resumeCommand, t as listCommand$8, tt as workspaceArgs, w as getCommand$1, x as removeCommand, y as showCommand, z as fetchLatestToken } from "../list-BvYJeydE.mjs";
 import { register } from "node:module";
 import { defineCommand, runCommand, runMain } from "citty";
 import { generateCodeVerifier } from "@badgateway/oauth2-client";

package/dist/cli/lib.d.mts

@@ -1,5 +1,6 @@
 /// <reference path="./../user-defined.d.ts" />
-import { J as IdProviderConfig, P as ParsedTailorDBType, X as OAuth2ClientInput, _t as Resolver, d as AppConfig, h as Generator, m as CodeGeneratorBase, t as Executor } from "../types-ClG0gN3S.mjs";
+import { J as IdProviderConfig, P as ParsedTailorDBType, X as OAuth2ClientInput, _t as Resolver, d as AppConfig, h as Generator, m as CodeGeneratorBase, t as Executor } from "../types-CgO-wV9v.mjs";
+import "citty";
 import { z } from "zod";
 import { OAuth2Client } from "@badgateway/oauth2-client";
 import "@bufbuild/protobuf/wkt";

package/dist/cli/lib.mjs

@@ -1,6 +1,6 @@
 import "../chunk-DhYkiPYI.mjs";
 import "../config-CtRi0Lgg.mjs";
-import { B as loadAccessToken, C as listOAuth2Clients, E as getMachineUserToken, F as generateUserTypes, I as loadConfig, L as apiCall, N as apply, T as getOAuth2Client, V as loadWorkspaceId, _ as listWorkflowExecutions, b as remove, c as resumeWorkflow, f as listWorkflows, g as getWorkflowExecution, i as deleteWorkspace, j as generate, k as listMachineUsers, m as getWorkflow, n as listWorkspaces, o as createWorkspace, u as startWorkflow, v as show } from "../list-DLqfJ2jD.mjs";
+import { B as loadAccessToken, C as listOAuth2Clients, E as getMachineUserToken, F as generateUserTypes, I as loadConfig, L as apiCall, N as apply, T as getOAuth2Client, V as loadWorkspaceId, _ as listWorkflowExecutions, b as remove, c as resumeWorkflow, f as listWorkflows, g as getWorkflowExecution, i as deleteWorkspace, j as generate, k as listMachineUsers, m as getWorkflow, n as listWorkspaces, o as createWorkspace, u as startWorkflow, v as show } from "../list-BvYJeydE.mjs";
 import { register } from "node:module";
 
 //#region src/cli/lib.ts

package/dist/configure/index.d.mts

@@ -1,4 +1,4 @@
 /// <reference path="./../user-defined.d.ts" />
-import { $ as SCIMAttribute, A as TailorDBType, B as AuthConfig, C as ResolverExternalConfig, D as ExecutorServiceInput, E as ExecutorServiceConfig, F as PermissionCondition, G as AuthServiceInput, H as AuthInvoker, I as TailorTypeGqlPermission, J as IdProviderConfig, K as BuiltinIdP, L as TailorTypePermission, O as TailorDBField, Q as SAML, R as unsafeAllowAllGqlPermission, S as defineIdp, T as ResolverServiceInput, U as AuthOwnConfig, V as AuthExternalConfig, W as defineAuth, X as OAuth2ClientInput, Y as OAuth2ClientGrantType, Z as OIDC, _ as WorkflowServiceInput, _t as Resolver, at as TenantProviderConfig, b as IdPConfig, ct as UserAttributeMap, dt as AttributeList, et as SCIMAttributeMapping, f as defineConfig, ft as AttributeMap, g as WorkflowServiceConfig, gt as QueryType, ht as TailorField, it as SCIMResource, j as db, k as TailorDBInstance, lt as UsernameFieldKey, mt as unauthenticatedTailorUser, nt as SCIMAuthorization, ot as UserAttributeKey, p as defineGenerators, pt as TailorUser, q as IDToken, rt as SCIMConfig, st as UserAttributeListKey, tt as SCIMAttributeType, ut as ValueOperand, v as StaticWebsiteConfig, w as ResolverServiceConfig, x as IdPExternalConfig, y as defineStaticWebSite, z as unsafeAllowAllTypePermission } from "../types-ClG0gN3S.mjs";
-import { A as WORKFLOW_JOB_BRAND, C as GqlOperation, D as Workflow, E as WorkflowOperation, F as createWorkflowJob, I as createResolver, L as Env, M as WorkflowJobContext, N as WorkflowJobInput, O as WorkflowConfig, P as WorkflowJobOutput, S as FunctionOperation, T as WebhookOperation, _ as ResolverExecutedTrigger, a as Trigger, b as recordUpdatedTrigger, c as IncomingWebhookTrigger, d as scheduleTrigger, f as RecordCreatedArgs, g as ResolverExecutedArgs, h as RecordUpdatedArgs, i as createExecutor, j as WorkflowJob, k as createWorkflow, l as incomingWebhookTrigger, m as RecordTrigger, n as output, o as IncomingWebhookArgs, p as RecordDeletedArgs, r as t, s as IncomingWebhookRequest, t as infer, u as ScheduleTrigger, v as recordCreatedTrigger, w as Operation, x as resolverExecutedTrigger, y as recordDeletedTrigger } from "../index-QGMXFOXH.mjs";
+import { $ as SCIMAttribute, A as TailorDBType, B as AuthConfig, C as ResolverExternalConfig, D as ExecutorServiceInput, E as ExecutorServiceConfig, F as PermissionCondition, G as AuthServiceInput, H as AuthInvoker, I as TailorTypeGqlPermission, J as IdProviderConfig, K as BuiltinIdP, L as TailorTypePermission, O as TailorDBField, Q as SAML, R as unsafeAllowAllGqlPermission, S as defineIdp, T as ResolverServiceInput, U as AuthOwnConfig, V as AuthExternalConfig, W as defineAuth, X as OAuth2ClientInput, Y as OAuth2ClientGrantType, Z as OIDC, _ as WorkflowServiceInput, _t as Resolver, at as TenantProviderConfig, b as IdPConfig, ct as UserAttributeMap, dt as AttributeList, et as SCIMAttributeMapping, f as defineConfig, ft as AttributeMap, g as WorkflowServiceConfig, gt as QueryType, ht as TailorField, it as SCIMResource, j as db, k as TailorDBInstance, lt as UsernameFieldKey, mt as unauthenticatedTailorUser, nt as SCIMAuthorization, ot as UserAttributeKey, p as defineGenerators, pt as TailorUser, q as IDToken, rt as SCIMConfig, st as UserAttributeListKey, tt as SCIMAttributeType, ut as ValueOperand, v as StaticWebsiteConfig, w as ResolverServiceConfig, x as IdPExternalConfig, y as defineStaticWebSite, z as unsafeAllowAllTypePermission } from "../types-CgO-wV9v.mjs";
+import { A as WORKFLOW_JOB_BRAND, C as GqlOperation, D as Workflow, E as WorkflowOperation, F as createWorkflowJob, I as createResolver, L as Env, M as WorkflowJobContext, N as WorkflowJobInput, O as WorkflowConfig, P as WorkflowJobOutput, S as FunctionOperation, T as WebhookOperation, _ as ResolverExecutedTrigger, a as Trigger, b as recordUpdatedTrigger, c as IncomingWebhookTrigger, d as scheduleTrigger, f as RecordCreatedArgs, g as ResolverExecutedArgs, h as RecordUpdatedArgs, i as createExecutor, j as WorkflowJob, k as createWorkflow, l as incomingWebhookTrigger, m as RecordTrigger, n as output, o as IncomingWebhookArgs, p as RecordDeletedArgs, r as t, s as IncomingWebhookRequest, t as infer, u as ScheduleTrigger, v as recordCreatedTrigger, w as Operation, x as resolverExecutedTrigger, y as recordDeletedTrigger } from "../index-CANeLBB6.mjs";
 export { AttributeList, AttributeMap, AuthConfig, AuthExternalConfig, AuthInvoker, AuthOwnConfig, AuthServiceInput, BuiltinIdP, Env, ExecutorServiceConfig, ExecutorServiceInput, FunctionOperation, GqlOperation, IDToken, IdPConfig, IdPExternalConfig, IdProviderConfig, IncomingWebhookArgs, IncomingWebhookRequest, IncomingWebhookTrigger, OAuth2ClientInput as OAuth2Client, OAuth2ClientGrantType, OIDC, Operation, PermissionCondition, QueryType, RecordCreatedArgs, RecordDeletedArgs, RecordTrigger, RecordUpdatedArgs, Resolver, ResolverExecutedArgs, ResolverExecutedTrigger, ResolverExternalConfig, ResolverServiceConfig, ResolverServiceInput, SAML, SCIMAttribute, SCIMAttributeMapping, SCIMAttributeType, SCIMAuthorization, SCIMConfig, SCIMResource, ScheduleTrigger, StaticWebsiteConfig, TailorDBField, TailorDBInstance, TailorDBType, TailorField, TailorTypeGqlPermission, TailorTypePermission, TailorUser, TenantProviderConfig, Trigger, UserAttributeKey, UserAttributeListKey, UserAttributeMap, UsernameFieldKey, ValueOperand, WORKFLOW_JOB_BRAND, WebhookOperation, Workflow, WorkflowConfig, WorkflowJob, WorkflowJobContext, WorkflowJobInput, WorkflowJobOutput, WorkflowOperation, WorkflowServiceConfig, WorkflowServiceInput, createExecutor, createResolver, createWorkflow, createWorkflowJob, db, defineAuth, defineConfig, defineGenerators, defineIdp, defineStaticWebSite, incomingWebhookTrigger, infer, output, recordCreatedTrigger, recordDeletedTrigger, recordUpdatedTrigger, resolverExecutedTrigger, scheduleTrigger, t, unauthenticatedTailorUser, unsafeAllowAllGqlPermission, unsafeAllowAllTypePermission };

package/dist/{index-QGMXFOXH.d.mts → index-CANeLBB6.d.mts}

@@ -1,5 +1,5 @@
 /// <reference path="./user-defined.d.ts" />
-import { A as TailorDBType, Ct as InferFieldsOutput, H as AuthInvoker, M as AllowedValues, N as AllowedValuesOutput, St as FieldOutput, Tt as output$1, a as IncomingWebhookTrigger$1, bt as FieldMetadata, c as ScheduleTriggerInput, ht as TailorField, i as GqlOperation$1, l as WebhookOperation$1, n as ExecutorInput, o as RecordTrigger$1, pt as TailorUser, r as FunctionOperation$1, s as ResolverExecutedTrigger$1, u as WorkflowOperation$1, vt as ResolverInput, wt as JsonCompatible, xt as FieldOptions, yt as ArrayFieldOutput } from "./types-ClG0gN3S.mjs";
+import { A as TailorDBType, Ct as InferFieldsOutput, H as AuthInvoker, M as AllowedValues, N as AllowedValuesOutput, St as FieldOutput, Tt as output$1, a as IncomingWebhookTrigger$1, bt as FieldMetadata, c as ScheduleTriggerInput, ht as TailorField, i as GqlOperation$1, l as WebhookOperation$1, n as ExecutorInput, o as RecordTrigger$1, pt as TailorUser, r as FunctionOperation$1, s as ResolverExecutedTrigger$1, u as WorkflowOperation$1, vt as ResolverInput, wt as JsonCompatible, xt as FieldOptions, yt as ArrayFieldOutput } from "./types-CgO-wV9v.mjs";
 import { EmptyObject, JsonPrimitive, Jsonifiable, Jsonify } from "type-fest";
 import { Client } from "@urql/core";
 import { StandardCRON } from "ts-cron-validator";
@@ -355,4 +355,4 @@ declare namespace t {
 }
 //#endregion
 export { WORKFLOW_JOB_BRAND as A, GqlOperation as C, Workflow as D, WorkflowOperation as E, createWorkflowJob as F, createResolver as I, Env as L, WorkflowJobContext as M, WorkflowJobInput as N, WorkflowConfig as O, WorkflowJobOutput as P, FunctionOperation as S, WebhookOperation as T, ResolverExecutedTrigger as _, Trigger as a, recordUpdatedTrigger as b, IncomingWebhookTrigger as c, scheduleTrigger as d, RecordCreatedArgs as f, ResolverExecutedArgs as g, RecordUpdatedArgs as h, createExecutor as i, WorkflowJob as j, createWorkflow as k, incomingWebhookTrigger as l, RecordTrigger as m, output as n, IncomingWebhookArgs as o, RecordDeletedArgs as p, t as r, IncomingWebhookRequest as s, infer as t, ScheduleTrigger as u, recordCreatedTrigger as v, Operation as w, resolverExecutedTrigger as x, recordDeletedTrigger as y };
-//# sourceMappingURL=index-QGMXFOXH.d.mts.map
+//# sourceMappingURL=index-CANeLBB6.d.mts.map

package/dist/{list-DLqfJ2jD.mjs → list-BvYJeydE.mjs}

@@ -1610,11 +1610,11 @@ const AuthConfigSchema = z.object({
 //#region src/cli/application/auth/service.ts
 var AuthService = class {
 	_userProfile;
-	_tenantProvider;
 	_parsedConfig;
-	constructor(config, tailorDBServices) {
+	constructor(config, tailorDBServices, externalTailorDBNamespaces) {
 		this.config = config;
 		this.tailorDBServices = tailorDBServices;
+		this.externalTailorDBNamespaces = externalTailorDBNamespaces;
 		this._parsedConfig = {
 			...config,
 			idProvider: IdProviderSchema.optional().parse(config.idProvider)
@@ -1623,46 +1623,45 @@ var AuthService = class {
 	get userProfile() {
 		return this._userProfile;
 	}
-	get tenantProvider() {
-		return this._tenantProvider;
-	}
 	get parsedConfig() {
 		return this._parsedConfig;
 	}
+	/**
+	* Resolves namespace for userProfile.
+	*
+	* Resolution priority:
+	* 1. Explicit namespace in config
+	* 2. Single TailorDB (regular or external) → use that namespace
+	* 3. Multiple TailorDBs → search by type name (external cannot be searched)
+	*/
 	async resolveNamespaces() {
-		await Promise.all(this.tailorDBServices.map((service) => service.loadTypes()));
-		if (this.tailorDBServices.length === 1) {
-			const singleNamespace = this.tailorDBServices[0].namespace;
-			this._userProfile = this.config.userProfile ? {
+		if (!this.config.userProfile) return;
+		if (this.config.userProfile.namespace) {
+			this._userProfile = {
 				...this.config.userProfile,
-				namespace: singleNamespace
-			} : void 0;
-			this._tenantProvider = this.config.tenantProvider ? {
-				...this.config.tenantProvider,
-				namespace: singleNamespace
-			} : void 0;
+				namespace: this.config.userProfile.namespace
+			};
 			return;
 		}
-		const userProfileTypeName = this.config.userProfile?.type && typeof this.config.userProfile.type === "object" && "name" in this.config.userProfile.type ? this.config.userProfile.type.name : void 0;
-		const tenantProviderTypeName = typeof this.config.tenantProvider?.type === "string" ? this.config.tenantProvider.type : void 0;
+		const totalNamespaceCount = this.tailorDBServices.length + this.externalTailorDBNamespaces.length;
 		let userProfileNamespace;
-		let tenantProviderNamespace;
-		for (const service of this.tailorDBServices) {
-			const types$2 = service.getTypes();
-			if (userProfileTypeName && !userProfileNamespace && Object.prototype.hasOwnProperty.call(types$2, userProfileTypeName)) userProfileNamespace = service.namespace;
-			if (tenantProviderTypeName && !tenantProviderNamespace && Object.prototype.hasOwnProperty.call(types$2, tenantProviderTypeName)) tenantProviderNamespace = service.namespace;
-			if (userProfileNamespace && tenantProviderNamespace) break;
-		}
-		if (this.config.userProfile && !userProfileNamespace) throw new Error(`userProfile type "${this.config.userProfile.type.name}" not found in any TailorDB namespace`);
-		if (this.config.tenantProvider && !tenantProviderNamespace) throw new Error(`tenantProvider type "${this.config.tenantProvider.type}" not found in any TailorDB namespace`);
-		this._userProfile = this.config.userProfile ? {
+		if (totalNamespaceCount === 1) userProfileNamespace = this.tailorDBServices[0]?.namespace ?? this.externalTailorDBNamespaces[0];
+		else {
+			await Promise.all(this.tailorDBServices.map((service) => service.loadTypes()));
+			const userProfileTypeName = typeof this.config.userProfile.type === "object" && "name" in this.config.userProfile.type ? this.config.userProfile.type.name : void 0;
+			if (userProfileTypeName) for (const service of this.tailorDBServices) {
+				const types$2 = service.getTypes();
+				if (Object.prototype.hasOwnProperty.call(types$2, userProfileTypeName)) {
+					userProfileNamespace = service.namespace;
+					break;
+				}
+			}
+			if (!userProfileNamespace) throw new Error(`userProfile type "${this.config.userProfile.type.name}" not found in any TailorDB namespace`);
+		}
+		this._userProfile = {
 			...this.config.userProfile,
 			namespace: userProfileNamespace
-		} : void 0;
-		this._tenantProvider = this.config.tenantProvider ? {
-			...this.config.tenantProvider,
-			namespace: tenantProviderNamespace
-		} : void 0;
+		};
 	}
 };
 
@@ -98423,6 +98422,7 @@ const StaticWebsiteSchema = z.object({
 //#region src/cli/application/index.ts
 var Application = class {
 	_tailorDBServices = [];
+	_externalTailorDBNamespaces = [];
 	_resolverServices = [];
 	_idpServices = [];
 	_authService = void 0;
@@ -98448,6 +98448,9 @@ var Application = class {
 	get tailorDBServices() {
 		return this._tailorDBServices;
 	}
+	get externalTailorDBNamespaces() {
+		return this._externalTailorDBNamespaces;
+	}
 	get resolverServices() {
 		return this._resolverServices;
 	}
@@ -98475,7 +98478,8 @@ var Application = class {
 	defineTailorDB(config) {
 		if (!config) return;
 		for (const [namespace, serviceConfig] of Object.entries(config)) {
-			if (!("external" in serviceConfig)) {
+			if ("external" in serviceConfig) this._externalTailorDBNamespaces.push(namespace);
+			else {
 				const tailorDB = new TailorDBService(namespace, serviceConfig);
 				this._tailorDBServices.push(tailorDB);
 			}
@@ -98508,7 +98512,7 @@ var Application = class {
 	}
 	defineAuth(config) {
 		if (!config) return;
-		if (!("external" in config)) this._authService = new AuthService(config, this.tailorDBServices);
+		if (!("external" in config)) this._authService = new AuthService(config, this.tailorDBServices, this.externalTailorDBNamespaces);
 		this.addSubgraph("auth", config.name);
 	}
 	defineExecutor(config) {
@@ -100945,17 +100949,15 @@ async function applyIdP(client, result, phase = "create-update") {
 				secretmanagerSecretValue: update.clientSecret
 			});
 		})]);
-	} else if (phase === "delete") {
-		await Promise.all(changeSet.client.deletes.map(async (del) => {
-			await client.deleteIdPClient(del.request);
-			const vaultName = `idp-${del.request.namespaceName}-${del.request.name}`;
-			await client.deleteSecretManagerVault({
-				workspaceId: del.request.workspaceId,
-				secretmanagerVaultName: vaultName
-			});
-		}));
-		await Promise.all(changeSet.service.deletes.map((del) => client.deleteIdPService(del.request)));
-	}
+	} else if (phase === "delete-resources") await Promise.all(changeSet.client.deletes.map(async (del) => {
+		await client.deleteIdPClient(del.request);
+		const vaultName = `idp-${del.request.namespaceName}-${del.request.name}`;
+		await client.deleteSecretManagerVault({
+			workspaceId: del.request.workspaceId,
+			secretmanagerVaultName: vaultName
+		});
+	}));
+	else if (phase === "delete-services") await Promise.all(changeSet.service.deletes.map((del) => client.deleteIdPService(del.request)));
 }
 async function planIdP({ client, workspaceId, application, forRemoval }) {
 	const idps = forRemoval ? [] : application.idpServices;
@@ -101171,7 +101173,7 @@ async function applyAuth(client, result, phase = "create-update") {
 		})]);
 		await Promise.all([...changeSet.scim.creates.map((create$1) => client.createAuthSCIMConfig(create$1.request)), ...changeSet.scim.updates.map((update) => client.updateAuthSCIMConfig(update.request))]);
 		await Promise.all([...changeSet.scimResource.creates.map((create$1) => client.createAuthSCIMResource(create$1.request)), ...changeSet.scimResource.updates.map((update) => client.updateAuthSCIMResource(update.request))]);
-	} else if (phase === "delete") {
+	} else if (phase === "delete-resources") {
 		await Promise.all(changeSet.scimResource.deletes.map((del) => client.deleteAuthSCIMResource(del.request)));
 		await Promise.all(changeSet.scim.deletes.map((del) => client.deleteAuthSCIMConfig(del.request)));
 		await Promise.all(changeSet.oauth2Client.deletes.map((del) => client.deleteAuthOAuth2Client(del.request)));
@@ -101179,8 +101181,7 @@ async function applyAuth(client, result, phase = "create-update") {
 		await Promise.all(changeSet.tenantConfig.deletes.map((del) => client.deleteTenantConfig(del.request)));
 		await Promise.all(changeSet.userProfileConfig.deletes.map((del) => client.deleteUserProfileConfig(del.request)));
 		await Promise.all(changeSet.idpConfig.deletes.map((del) => client.deleteAuthIDPConfig(del.request)));
-		await Promise.all(changeSet.service.deletes.map((del) => client.deleteAuthService(del.request)));
-	}
+	} else if (phase === "delete-services") await Promise.all(changeSet.service.deletes.map((del) => client.deleteAuthService(del.request)));
 }
 async function planAuth({ client, workspaceId, application, forRemoval }) {
 	const auths = [];
@@ -101536,24 +101537,24 @@ async function planTenantConfigs(client, workspaceId, auths, deletedServices) {
 			});
 		} catch (error) {
 			if (error instanceof ConnectError && error.code === Code.NotFound) {
-				if (auth.tenantProvider) changeSet.creates.push({
+				if (config.tenantProvider) changeSet.creates.push({
 					name: name$1,
 					request: {
 						workspaceId,
 						namespaceName: config.name,
-						tenantProviderConfig: protoTenantConfig(auth.tenantProvider)
+						tenantProviderConfig: protoTenantConfig(config.tenantProvider)
 					}
 				});
 				continue;
 			}
 			throw error;
 		}
-		if (auth.tenantProvider) changeSet.updates.push({
+		if (config.tenantProvider) changeSet.updates.push({
 			name: name$1,
 			request: {
 				workspaceId,
 				namespaceName: config.name,
-				tenantProviderConfig: protoTenantConfig(auth.tenantProvider)
+				tenantProviderConfig: protoTenantConfig(config.tenantProvider)
 			}
 		});
 		else changeSet.deletes.push({
@@ -102326,10 +102327,8 @@ async function applyPipeline(client, result, phase = "create-update") {
 			await client.setMetadata(update.metaRequest);
 		})]);
 		await Promise.all([...changeSet.resolver.creates.map((create$1) => client.createPipelineResolver(create$1.request)), ...changeSet.resolver.updates.map((update) => client.updatePipelineResolver(update.request))]);
-	} else if (phase === "delete") {
-		await Promise.all(changeSet.resolver.deletes.map((del) => client.deletePipelineResolver(del.request)));
-		await Promise.all(changeSet.service.deletes.map((del) => client.deletePipelineService(del.request)));
-	}
+	} else if (phase === "delete-resources") await Promise.all(changeSet.resolver.deletes.map((del) => client.deletePipelineResolver(del.request)));
+	else if (phase === "delete-services") await Promise.all(changeSet.service.deletes.map((del) => client.deletePipelineService(del.request)));
 }
 async function planPipeline({ client, workspaceId, application, forRemoval }) {
 	const pipelines = [];
@@ -102677,11 +102676,10 @@ async function applyTailorDB(client, result, phase = "create-update") {
 		}), ...changeSet.service.updates.map((update) => client.setMetadata(update.metaRequest))]);
 		await Promise.all([...changeSet.type.creates.map((create$1) => client.createTailorDBType(create$1.request)), ...changeSet.type.updates.map((update) => client.updateTailorDBType(update.request))]);
 		await Promise.all([...changeSet.gqlPermission.creates.map((create$1) => client.createTailorDBGQLPermission(create$1.request)), ...changeSet.gqlPermission.updates.map((update) => client.updateTailorDBGQLPermission(update.request))]);
-	} else if (phase === "delete") {
+	} else if (phase === "delete-resources") {
 		await Promise.all(changeSet.gqlPermission.deletes.map((del) => client.deleteTailorDBGQLPermission(del.request)));
 		await Promise.all(changeSet.type.deletes.map((del) => client.deleteTailorDBType(del.request)));
-		await Promise.all(changeSet.service.deletes.map((del) => client.deleteTailorDBService(del.request)));
-	}
+	} else if (phase === "delete-services") await Promise.all(changeSet.service.deletes.map((del) => client.deleteTailorDBService(del.request)));
 }
 async function planTailorDB({ client, workspaceId, application, forRemoval }) {
 	const tailordbs = [];
@@ -103480,10 +103478,10 @@ async function apply(options) {
 	await applyIdP(client, idp, "create-update");
 	await applyAuth(client, auth, "create-update");
 	await applyPipeline(client, pipeline, "create-update");
-	await applyPipeline(client, pipeline, "delete");
-	await applyAuth(client, auth, "delete");
-	await applyIdP(client, idp, "delete");
-	await applyTailorDB(client, tailorDB, "delete");
+	await applyPipeline(client, pipeline, "delete-resources");
+	await applyAuth(client, auth, "delete-resources");
+	await applyIdP(client, idp, "delete-resources");
+	await applyTailorDB(client, tailorDB, "delete-resources");
 	await applyApplication(client, app, "create-update");
 	await applyExecutor(client, executor, "create-update");
 	await applyWorkflow(client, workflow, "create-update");
@@ -103491,6 +103489,10 @@ async function apply(options) {
 	await applyExecutor(client, executor, "delete");
 	await applyStaticWebsite(client, staticWebsite, "delete");
 	await applyApplication(client, app, "delete");
+	await applyPipeline(client, pipeline, "delete-services");
+	await applyAuth(client, auth, "delete-services");
+	await applyIdP(client, idp, "delete-services");
+	await applyTailorDB(client, tailorDB, "delete-services");
 	logger.success("Successfully applied changes.");
 }
 async function buildPipeline(namespace, config, triggerContext) {
@@ -104587,12 +104589,16 @@ async function execRemove(client, workspaceId, application, confirm) {
 	if (confirm) await confirm();
 	await applyWorkflow(client, workflow, "delete");
 	await applyExecutor(client, executor, "delete");
-	await applyApplication(client, app, "delete");
-	await applyPipeline(client, pipeline, "delete");
-	await applyAuth(client, auth, "delete");
-	await applyIdP(client, idp, "delete");
 	await applyStaticWebsite(client, staticWebsite, "delete");
-	await applyTailorDB(client, tailorDB, "delete");
+	await applyApplication(client, app, "delete");
+	await applyPipeline(client, pipeline, "delete-resources");
+	await applyPipeline(client, pipeline, "delete-services");
+	await applyAuth(client, auth, "delete-resources");
+	await applyAuth(client, auth, "delete-services");
+	await applyIdP(client, idp, "delete-resources");
+	await applyIdP(client, idp, "delete-services");
+	await applyTailorDB(client, tailorDB, "delete-resources");
+	await applyTailorDB(client, tailorDB, "delete-services");
 }
 async function remove(options) {
 	const { client, workspaceId, application } = await loadOptions$1(options);
@@ -105596,4 +105602,4 @@ const listCommand = defineCommand({
 
 //#endregion
 export { jsonArgs as $, printData as A, loadAccessToken as B, listOAuth2Clients as C, tokenCommand as D, getMachineUserToken as E, generateUserTypes as F, fetchUserInfo as G, readPlatformConfig as H, loadConfig as I, readPackageJson as J, initOAuth2Client as K, apiCall as L, generateCommand as M, apply as N, listCommand$3 as O, applyCommand as P, deploymentArgs as Q, apiCommand as R, listCommand$2 as S, getOAuth2Client as T, writePlatformConfig as U, loadWorkspaceId as V, fetchAll as W, commonArgs as X, PATScope as Y, confirmationArgs as Z, listWorkflowExecutions as _, createCommand as a, remove as b, resumeWorkflow as c, listCommand$1 as d, withCommonArgs as et, listWorkflows as f, getWorkflowExecution as g, executionsCommand as h, deleteWorkspace as i, generate as j, listMachineUsers as k, startCommand as l, getWorkflow as m, listWorkspaces as n, logger as nt, createWorkspace as o, getCommand as p, initOperatorClient as q, deleteCommand as r, resumeCommand as s, listCommand as t, workspaceArgs as tt, startWorkflow as u, show as v, getCommand$1 as w, removeCommand as x, showCommand as y, fetchLatestToken as z };
-//# sourceMappingURL=list-DLqfJ2jD.mjs.map
+//# sourceMappingURL=list-BvYJeydE.mjs.map