@tailor-platform/sdk 1.2.3 → 1.2.5

package/dist/{types-Dg_zk_OZ.d.mts → types-DCb7NVBk.d.mts}

@@ -1,10 +1,10 @@
 /// <reference path="./user-defined.d.ts" />
-import * as zod38 from "zod";
+import * as zod0 from "zod";
 import { z } from "zod";
 import * as type_fest0 from "type-fest";
 import { IsAny, NonEmptyObject } from "type-fest";
 import { StandardSchemaV1 } from "@standard-schema/spec";
-import * as zod_v4_core33 from "zod/v4/core";
+import * as zod_v4_core0 from "zod/v4/core";
 
 //#region src/parser/service/tailordb/relation.d.ts
 declare const relationTypes: {
@@ -263,6 +263,11 @@ declare class TailorField<const Defined extends DefinedFieldMetadata = DefinedFi
   /**
    * Parse and validate a value against this field's validation rules
    * Returns StandardSchema Result type with success or failure
+   * @param {{ value: unknown; data: unknown; user: TailorUser }} args - Value, context data, and user
+   * @param {unknown} args.value - Value to validate
+   * @param {unknown} args.data - Context data
+   * @param {TailorUser} args.user - Tailor user information
+   * @returns {StandardSchemaV1.Result<Output>} Validation result
    */
   parse(args: {
     value: unknown;
@@ -273,11 +278,23 @@ declare class TailorField<const Defined extends DefinedFieldMetadata = DefinedFi
    * Validate a single value (not an array element)
    * Used internally for array element validation
    * @private
+   * @param {{ value: TailorToTs[T]; data: unknown; user: TailorUser; pathArray: string[] }} args - Validation arguments
+   * @param {TailorToTs[T]} args.value - Value to validate
+   * @param {unknown} args.data - Context data
+   * @param {TailorUser} args.user - Tailor user information
+   * @param {string[]} args.pathArray - Field path array for nested validation
+   * @returns {StandardSchemaV1.Issue[]} Validation issues
    */
   private _validateValue;
   /**
    * Internal parse method that tracks field path for nested validation
    * @private
+   * @param {{ value: unknown; data: unknown; user: TailorUser; pathArray: string[] }} args - Parse arguments
+   * @param {unknown} args.value - Value to parse
+   * @param {unknown} args.data - Context data
+   * @param {TailorUser} args.user - Tailor user information
+   * @param {string[]} args.pathArray - Field path array for nested validation
+   * @returns {StandardSchemaV1.Result<Output>} Validation result
    */
   private _parseInternal;
 }
@@ -317,6 +334,167 @@ type TailorUser = {
 /** Represents an unauthenticated user in the Tailor platform. */
 declare const unauthenticatedTailorUser: TailorUser;
 //#endregion
+//#region src/configure/services/tailordb/permission.d.ts
+type TailorTypePermission<User extends object = InferredAttributeMap, Type extends object = object> = {
+  create: readonly ActionPermission<"record", User, Type, false>[];
+  read: readonly ActionPermission<"record", User, Type, false>[];
+  update: readonly ActionPermission<"record", User, Type, true>[];
+  delete: readonly ActionPermission<"record", User, Type, false>[];
+};
+type ActionPermission<Level extends "record" | "gql" = "record" | "gql", User extends object = InferredAttributeMap, Type extends object = object, Update extends boolean = boolean> = {
+  conditions: PermissionCondition<Level, User, Update, Type> | readonly PermissionCondition<Level, User, Update, Type>[];
+  description?: string | undefined;
+  permit?: boolean;
+} | readonly [...PermissionCondition<Level, User, Update, Type>, ...([] | [boolean])] | readonly [...PermissionCondition<Level, User, Update, Type>[], ...([] | [boolean])];
+type TailorTypeGqlPermission<User extends object = InferredAttributeMap, Type extends object = object> = readonly GqlPermissionPolicy<User, Type>[];
+type GqlPermissionPolicy<User extends object = InferredAttributeMap, Type extends object = object> = {
+  conditions: readonly PermissionCondition<"gql", User, boolean, Type>[];
+  actions: "all" | readonly GqlPermissionAction$1[];
+  permit?: boolean;
+  description?: string;
+};
+type GqlPermissionAction$1 = "read" | "create" | "update" | "delete" | "aggregate" | "bulkUpsert";
+type EqualityOperator = "=" | "!=";
+type ContainsOperator = "in" | "not in";
+type StringFieldKeys<User extends object> = { [K in keyof User]: User[K] extends string ? K : never }[keyof User];
+type StringArrayFieldKeys<User extends object> = { [K in keyof User]: User[K] extends string[] ? K : never }[keyof User];
+type BooleanFieldKeys<User extends object> = { [K in keyof User]: User[K] extends boolean ? K : never }[keyof User];
+type BooleanArrayFieldKeys<User extends object> = { [K in keyof User]: User[K] extends boolean[] ? K : never }[keyof User];
+type UserStringOperand<User extends object = InferredAttributeMap> = {
+  user: StringFieldKeys<User> | "id";
+};
+type UserStringArrayOperand<User extends object = InferredAttributeMap> = {
+  user: StringArrayFieldKeys<User>;
+};
+type UserBooleanOperand<User extends object = InferredAttributeMap> = {
+  user: BooleanFieldKeys<User> | "_loggedIn";
+};
+type UserBooleanArrayOperand<User extends object = InferredAttributeMap> = {
+  user: BooleanArrayFieldKeys<User>;
+};
+type RecordOperand$1<Type extends object, Update extends boolean = false> = Update extends true ? {
+  oldRecord: (keyof Type & string) | "id";
+} | {
+  newRecord: (keyof Type & string) | "id";
+} : {
+  record: (keyof Type & string) | "id";
+};
+type StringEqualityCondition<Level extends "record" | "gql", User extends object, Update extends boolean, Type extends object> = (Level extends "gql" ? readonly [string, EqualityOperator, boolean] : never) | readonly [string, EqualityOperator, string] | readonly [UserStringOperand<User>, EqualityOperator, string] | readonly [string, EqualityOperator, UserStringOperand<User>] | (Level extends "record" ? readonly [RecordOperand$1<Type, Update>, EqualityOperator, string | UserStringOperand<User>] | readonly [string | UserStringOperand<User>, EqualityOperator, RecordOperand$1<Type, Update>] : never);
+type BooleanEqualityCondition<Level extends "record" | "gql", User extends object, Update extends boolean, Type extends object> = readonly [boolean, EqualityOperator, boolean] | readonly [UserBooleanOperand<User>, EqualityOperator, boolean] | readonly [boolean, EqualityOperator, UserBooleanOperand<User>] | (Level extends "record" ? readonly [RecordOperand$1<Type, Update>, EqualityOperator, boolean | UserBooleanOperand<User>] | readonly [boolean | UserBooleanOperand<User>, EqualityOperator, RecordOperand$1<Type, Update>] : never);
+type EqualityCondition<Level extends "record" | "gql" = "record", User extends object = InferredAttributeMap, Update extends boolean = boolean, Type extends object = object> = StringEqualityCondition<Level, User, Update, Type> | BooleanEqualityCondition<Level, User, Update, Type>;
+type StringContainsCondition<Level extends "record" | "gql", User extends object, Update extends boolean, Type extends object> = readonly [string, ContainsOperator, string[]] | readonly [UserStringOperand<User>, ContainsOperator, string[]] | readonly [string, ContainsOperator, UserStringArrayOperand<User>] | (Level extends "record" ? readonly [RecordOperand$1<Type, Update>, ContainsOperator, string[] | UserStringArrayOperand<User>] | readonly [string | UserStringOperand<User>, ContainsOperator, RecordOperand$1<Type, Update>] : never);
+type BooleanContainsCondition<Level extends "record" | "gql", User extends object, Update extends boolean, Type extends object> = (Level extends "gql" ? readonly [string, ContainsOperator, boolean[]] : never) | readonly [boolean, ContainsOperator, boolean[]] | readonly [UserBooleanOperand<User>, ContainsOperator, boolean[]] | readonly [boolean, ContainsOperator, UserBooleanArrayOperand<User>] | (Level extends "record" ? readonly [RecordOperand$1<Type, Update>, ContainsOperator, boolean[] | UserBooleanArrayOperand<User>] | readonly [boolean | UserBooleanOperand<User>, ContainsOperator, RecordOperand$1<Type, Update>] : never);
+type ContainsCondition<Level extends "record" | "gql" = "record", User extends object = InferredAttributeMap, Update extends boolean = boolean, Type extends object = object> = StringContainsCondition<Level, User, Update, Type> | BooleanContainsCondition<Level, User, Update, Type>;
+/**
+ * Type representing a permission condition that combines user attributes, record fields, and literal values using comparison operators.
+ *
+ * The User type is extended by `user-defined.d.ts`, which is automatically generated when running `tailor-sdk generate`.
+ * Attributes enabled in the config file's `auth.userProfile.attributes` become available as types.
+ * @example
+ * ```ts
+ * // tailor.config.ts
+ * export const auth = defineAuth("my-auth", {
+ *   userProfile: {
+ *     type: user,
+ *     attributes: {
+ *       isAdmin: true,
+ *       roles: true,
+ *     }
+ *   }
+ * });
+ * ```
+ */
+type PermissionCondition<Level extends "record" | "gql" = "record", User extends object = InferredAttributeMap, Update extends boolean = boolean, Type extends object = object> = EqualityCondition<Level, User, Update, Type> | ContainsCondition<Level, User, Update, Type>;
+/**
+ * Grants full record-level access without any conditions.
+ *
+ * Unsafe and intended only for local development, prototyping, or tests.
+ * Do not use this in production environments, as it effectively disables
+ * authorization checks.
+ */
+declare const unsafeAllowAllTypePermission: TailorTypePermission;
+/**
+ * Grants full GraphQL access (all actions) without any conditions.
+ *
+ * Unsafe and intended only for local development, prototyping, or tests.
+ * Do not use this in production environments, as it effectively disables
+ * authorization checks.
+ */
+declare const unsafeAllowAllGqlPermission: TailorTypeGqlPermission;
+//#endregion
+//#region src/configure/services/tailordb/types.d.ts
+type SerialConfig<T$1 extends "string" | "integer" = "string" | "integer"> = Prettify<{
+  start: number;
+  maxValue?: number;
+} & (T$1 extends "string" ? {
+  format?: string;
+} : object)>;
+interface DBFieldMetadata extends FieldMetadata {
+  index?: boolean;
+  unique?: boolean;
+  vector?: boolean;
+  foreignKey?: boolean;
+  foreignKeyType?: string;
+  foreignKeyField?: string;
+  hooks?: Hook<any, any>;
+  serial?: SerialConfig;
+  relation?: boolean;
+}
+interface DefinedDBFieldMetadata extends DefinedFieldMetadata {
+  index?: boolean;
+  unique?: boolean;
+  vector?: boolean;
+  foreignKey?: boolean;
+  foreignKeyType?: boolean;
+  validate?: boolean;
+  hooks?: {
+    create: boolean;
+    update: boolean;
+  };
+  serial?: boolean;
+  relation?: boolean;
+}
+type ExcludeNestedDBFields<T$1 extends Record<string, TailorAnyDBField>> = { [K in keyof T$1]: T$1[K] extends TailorDBField<{
+  type: "nested";
+  array: boolean;
+}, any> ? never : T$1[K] };
+type HookFn<TValue, TData, TReturn> = (args: {
+  value: TValue;
+  data: TData extends Record<string, unknown> ? { readonly [K in keyof TData]?: TData[K] | null | undefined } : unknown;
+  user: TailorUser;
+}) => TReturn;
+type Hook<TData, TReturn> = {
+  create?: HookFn<TReturn | null, TData, TReturn>;
+  update?: HookFn<TReturn | null, TData, TReturn>;
+};
+type Hooks<F extends Record<string, TailorAnyDBField>, TData = { [K in keyof F]: output<F[K]> }> = NonEmptyObject<{ [K in Exclude<keyof F, "id"> as F[K]["_defined"] extends {
+  hooks: unknown;
+} ? never : F[K]["_defined"] extends {
+  type: "nested";
+} ? never : K]?: Hook<TData, output<F[K]>> }>;
+type TailorDBServiceConfig = {
+  files: string[];
+  ignores?: string[];
+};
+type TailorDBExternalConfig = {
+  external: true;
+};
+type TailorDBServiceInput = {
+  [namespace: string]: TailorDBServiceConfig | TailorDBExternalConfig;
+};
+type IndexDef<T$1 extends {
+  fields: Record<PropertyKey, unknown>;
+}> = {
+  fields: [keyof T$1["fields"], keyof T$1["fields"], ...(keyof T$1["fields"])[]];
+  unique?: boolean;
+  name?: string;
+};
+interface TypeFeatures {
+  pluralForm?: string;
+  aggregation?: true;
+  bulkUpsert?: true;
+}
+//#endregion
 //#region src/parser/service/auth/schema.d.ts
 declare const AuthInvokerSchema: z.ZodObject<{
   namespace: z.ZodString;
@@ -561,191 +739,6 @@ type AuthServiceInput<User extends TailorDBInstance, AttributeMap$1 extends User
   tenantProvider?: TenantProviderConfig;
 };
 //#endregion
-//#region src/configure/services/auth/index.d.ts
-declare const authDefinitionBrand: unique symbol;
-type AuthDefinitionBrand = {
-  readonly [authDefinitionBrand]: true;
-};
-/**
- * Invoker type compatible with tailor.v1.AuthInvoker
- * - namespace: auth service name
- * - machineUserName: machine user name
- */
-type AuthInvoker<M extends string> = Omit<AuthInvoker$1, "machineUserName"> & {
-  machineUserName: M;
-};
-/**
- * Define an auth service for the Tailor SDK.
- * @template Name
- * @template User
- * @template AttributeMap
- * @template AttributeList
- * @template MachineUserNames
- * @template M
- * @param {Name} name - Auth service name
- * @param {AuthServiceInput<User, AttributeMap, AttributeList, MachineUserNames>} config - Auth service configuration
- * @returns {AuthDefinitionBrand & AuthServiceInput<User, AttributeMap, AttributeList, MachineUserNames> & { name: string; invoker<M extends MachineUserNames>(machineUser: M): AuthInvoker<M> }} Defined auth service
- */
-declare function defineAuth<const Name extends string, const User extends TailorDBInstance, const AttributeMap$1 extends UserAttributeMap<User>, const AttributeList$1 extends UserAttributeListKey<User>[], const MachineUserNames extends string>(name: Name, config: AuthServiceInput<User, AttributeMap$1, AttributeList$1, MachineUserNames>): {
-  readonly name: Name;
-  readonly invoker: <M extends MachineUserNames>(machineUser: M) => {
-    readonly namespace: Name;
-    readonly machineUserName: M;
-  };
-  readonly userProfile?: {
-    namespace?: string;
-    type: User;
-    usernameField: UsernameFieldKey<User>;
-    attributes?: (AttributeMap$1 & { [K in Exclude<keyof AttributeMap$1, UserAttributeKey<User>>]: never }) | undefined;
-    attributeList?: AttributeList$1 | undefined;
-  } | undefined;
-  readonly machineUsers?: Record<MachineUserNames, type_fest0.IsAny<User> extends true ? {
-    attributes: Record<string, AuthAttributeValue>;
-    attributeList?: string[];
-  } : (Extract<{ [K_1 in keyof AttributeMap$1]-?: undefined extends AttributeMap$1[K_1] ? never : K_1 }[keyof AttributeMap$1], UserAttributeKey<User>> extends never ? {
-    attributes?: never;
-  } : {
-    attributes: { [K_2 in Extract<{ [K_1 in keyof AttributeMap$1]-?: undefined extends AttributeMap$1[K_1] ? never : K_1 }[keyof AttributeMap$1], UserAttributeKey<User>>]: K_2 extends keyof output<User> ? output<User>[K_2] : never } & { [K_3 in Exclude<keyof output<User>, Extract<{ [K_1 in keyof AttributeMap$1]-?: undefined extends AttributeMap$1[K_1] ? never : K_1 }[keyof AttributeMap$1], UserAttributeKey<User>>>]?: undefined };
-  }) & ([] extends AttributeList$1 ? {
-    attributeList?: never;
-  } : {
-    attributeList: { [Index in keyof AttributeList$1]: AttributeList$1[Index] extends UserAttributeListKey<User> ? AttributeList$1[Index] extends infer T ? T extends AttributeList$1[Index] ? T extends keyof output<User> ? output<User>[T] : never : never : never : never };
-  })> | undefined;
-  readonly oauth2Clients?: Record<string, OAuth2ClientInput>;
-  readonly idProvider?: IdProviderConfig;
-  readonly scim?: SCIMConfig;
-  readonly tenantProvider?: TenantProviderConfig;
-} & AuthDefinitionBrand;
-type AuthExternalConfig = {
-  name: string;
-  external: true;
-};
-type AuthOwnConfig = ReturnType<typeof defineAuth<string, any, any, any, string>>;
-type AuthConfig = AuthOwnConfig | AuthExternalConfig;
-//#endregion
-//#region src/configure/services/tailordb/permission.d.ts
-type TailorTypePermission<User extends object = InferredAttributeMap, Type extends object = object> = {
-  create: readonly ActionPermission<"record", User, Type, false>[];
-  read: readonly ActionPermission<"record", User, Type, false>[];
-  update: readonly ActionPermission<"record", User, Type, true>[];
-  delete: readonly ActionPermission<"record", User, Type, false>[];
-};
-type ActionPermission<Level extends "record" | "gql" = "record" | "gql", User extends object = InferredAttributeMap, Type extends object = object, Update extends boolean = boolean> = {
-  conditions: PermissionCondition<Level, User, Update, Type> | readonly PermissionCondition<Level, User, Update, Type>[];
-  description?: string | undefined;
-  permit?: boolean;
-} | readonly [...PermissionCondition<Level, User, Update, Type>, ...([] | [boolean])] | readonly [...PermissionCondition<Level, User, Update, Type>[], ...([] | [boolean])];
-type TailorTypeGqlPermission<User extends object = InferredAttributeMap, Type extends object = object> = readonly GqlPermissionPolicy<User, Type>[];
-type GqlPermissionPolicy<User extends object = InferredAttributeMap, Type extends object = object> = {
-  conditions: readonly PermissionCondition<"gql", User, boolean, Type>[];
-  actions: "all" | readonly GqlPermissionAction$1[];
-  permit?: boolean;
-  description?: string;
-};
-type GqlPermissionAction$1 = "read" | "create" | "update" | "delete" | "aggregate" | "bulkUpsert";
-type PermissionCondition<Level extends "record" | "gql" = "record" | "gql", User extends object = InferredAttributeMap, Update extends boolean = boolean, Type extends object = object> = readonly [PermissionOperand$1<Level, User, Type, Update>, PermissionOperator, PermissionOperand$1<Level, User, Type, Update>];
-type UserOperand$1<User extends object = InferredAttributeMap> = {
-  user: { [K in keyof User]: User[K] extends string | string[] | boolean | boolean[] ? K : never }[keyof User] | "id" | "_loggedIn";
-};
-type RecordOperand$1<Type extends object, Update extends boolean = false> = Update extends true ? {
-  oldRecord: (keyof Type & string) | "id";
-} | {
-  newRecord: (keyof Type & string) | "id";
-} : {
-  record: (keyof Type & string) | "id";
-};
-type PermissionOperand$1<Level extends "record" | "gql" = "record" | "gql", User extends object = InferredAttributeMap, Type extends object = object, Update extends boolean = boolean> = UserOperand$1<User> | ValueOperand | (Level extends "record" ? RecordOperand$1<Type, Update> : never);
-type PermissionOperator = "=" | "!=" | "in" | "not in";
-/**
- * Grants full record-level access without any conditions.
- *
- * Unsafe and intended only for local development, prototyping, or tests.
- * Do not use this in production environments, as it effectively disables
- * authorization checks.
- */
-declare const unsafeAllowAllTypePermission: TailorTypePermission;
-/**
- * Grants full GraphQL access (all actions) without any conditions.
- *
- * Unsafe and intended only for local development, prototyping, or tests.
- * Do not use this in production environments, as it effectively disables
- * authorization checks.
- */
-declare const unsafeAllowAllGqlPermission: TailorTypeGqlPermission;
-//#endregion
-//#region src/configure/services/tailordb/types.d.ts
-type SerialConfig<T$1 extends "string" | "integer" = "string" | "integer"> = Prettify<{
-  start: number;
-  maxValue?: number;
-} & (T$1 extends "string" ? {
-  format?: string;
-} : object)>;
-interface DBFieldMetadata extends FieldMetadata {
-  index?: boolean;
-  unique?: boolean;
-  vector?: boolean;
-  foreignKey?: boolean;
-  foreignKeyType?: string;
-  foreignKeyField?: string;
-  hooks?: Hook<any, any>;
-  serial?: SerialConfig;
-  relation?: boolean;
-}
-interface DefinedDBFieldMetadata extends DefinedFieldMetadata {
-  index?: boolean;
-  unique?: boolean;
-  vector?: boolean;
-  foreignKey?: boolean;
-  foreignKeyType?: boolean;
-  validate?: boolean;
-  hooks?: {
-    create: boolean;
-    update: boolean;
-  };
-  serial?: boolean;
-  relation?: boolean;
-}
-type ExcludeNestedDBFields<T$1 extends Record<string, TailorAnyDBField>> = { [K in keyof T$1]: T$1[K] extends TailorDBField<{
-  type: "nested";
-  array: boolean;
-}, any> ? never : T$1[K] };
-type HookFn<TValue, TData, TReturn> = (args: {
-  value: TValue;
-  data: TData extends Record<string, unknown> ? { readonly [K in keyof TData]?: TData[K] | null | undefined } : unknown;
-  user: TailorUser;
-}) => TReturn;
-type Hook<TData, TReturn> = {
-  create?: HookFn<TReturn | null, TData, TReturn>;
-  update?: HookFn<TReturn | null, TData, TReturn>;
-};
-type Hooks<F extends Record<string, TailorAnyDBField>, TData = { [K in keyof F]: output<F[K]> }> = NonEmptyObject<{ [K in Exclude<keyof F, "id"> as F[K]["_defined"] extends {
-  hooks: unknown;
-} ? never : F[K]["_defined"] extends {
-  type: "nested";
-} ? never : K]?: Hook<TData, output<F[K]>> }>;
-type TailorDBServiceConfig = {
-  files: string[];
-  ignores?: string[];
-};
-type TailorDBExternalConfig = {
-  external: true;
-};
-type TailorDBServiceInput = {
-  [namespace: string]: TailorDBServiceConfig | TailorDBExternalConfig;
-};
-type IndexDef<T$1 extends {
-  fields: Record<PropertyKey, unknown>;
-}> = {
-  fields: [keyof T$1["fields"], keyof T$1["fields"], ...(keyof T$1["fields"])[]];
-  unique?: boolean;
-  name?: string;
-};
-interface TypeFeatures {
-  pluralForm?: string;
-  aggregation?: true;
-  bulkUpsert?: true;
-}
-//#endregion
 //#region src/parser/service/tailordb/types.d.ts
 interface Script {
   expr: string;
@@ -1209,6 +1202,68 @@ declare const db: {
   };
 };
 //#endregion
+//#region src/configure/services/auth/index.d.ts
+declare const authDefinitionBrand: unique symbol;
+type AuthDefinitionBrand = {
+  readonly [authDefinitionBrand]: true;
+};
+/**
+ * Invoker type compatible with tailor.v1.AuthInvoker
+ * - namespace: auth service name
+ * - machineUserName: machine user name
+ */
+type AuthInvoker<M extends string> = Omit<AuthInvoker$1, "machineUserName"> & {
+  machineUserName: M;
+};
+/**
+ * Define an auth service for the Tailor SDK.
+ * @template Name
+ * @template User
+ * @template AttributeMap
+ * @template AttributeList
+ * @template MachineUserNames
+ * @template M
+ * @param {Name} name - Auth service name
+ * @param {AuthServiceInput<User, AttributeMap, AttributeList, MachineUserNames>} config - Auth service configuration
+ * @returns {AuthDefinitionBrand & AuthServiceInput<User, AttributeMap, AttributeList, MachineUserNames> & { name: string; invoker<M extends MachineUserNames>(machineUser: M): AuthInvoker<M> }} Defined auth service
+ */
+declare function defineAuth<const Name extends string, const User extends TailorDBInstance, const AttributeMap$1 extends UserAttributeMap<User>, const AttributeList$1 extends UserAttributeListKey<User>[], const MachineUserNames extends string>(name: Name, config: AuthServiceInput<User, AttributeMap$1, AttributeList$1, MachineUserNames>): {
+  readonly name: Name;
+  readonly invoker: <M extends MachineUserNames>(machineUser: M) => {
+    readonly namespace: Name;
+    readonly machineUserName: M;
+  };
+  readonly userProfile?: {
+    namespace?: string;
+    type: User;
+    usernameField: UsernameFieldKey<User>;
+    attributes?: (AttributeMap$1 & { [K in Exclude<keyof AttributeMap$1, UserAttributeKey<User>>]: never }) | undefined;
+    attributeList?: AttributeList$1 | undefined;
+  } | undefined;
+  readonly machineUsers?: Record<MachineUserNames, type_fest0.IsAny<User> extends true ? {
+    attributes: Record<string, AuthAttributeValue>;
+    attributeList?: string[];
+  } : (Extract<{ [K_1 in keyof AttributeMap$1]-?: undefined extends AttributeMap$1[K_1] ? never : K_1 }[keyof AttributeMap$1], UserAttributeKey<User>> extends never ? {
+    attributes?: never;
+  } : {
+    attributes: { [K_2 in Extract<{ [K_1 in keyof AttributeMap$1]-?: undefined extends AttributeMap$1[K_1] ? never : K_1 }[keyof AttributeMap$1], UserAttributeKey<User>>]: K_2 extends keyof output<User> ? output<User>[K_2] : never } & { [K_3 in Exclude<keyof output<User>, Extract<{ [K_1 in keyof AttributeMap$1]-?: undefined extends AttributeMap$1[K_1] ? never : K_1 }[keyof AttributeMap$1], UserAttributeKey<User>>>]?: undefined };
+  }) & ([] extends AttributeList$1 ? {
+    attributeList?: never;
+  } : {
+    attributeList: { [Index in keyof AttributeList$1]: AttributeList$1[Index] extends UserAttributeListKey<User> ? AttributeList$1[Index] extends infer T ? T extends AttributeList$1[Index] ? T extends keyof output<User> ? output<User>[T] : never : never : never : never };
+  })> | undefined;
+  readonly oauth2Clients?: Record<string, OAuth2ClientInput>;
+  readonly idProvider?: IdProviderConfig;
+  readonly scim?: SCIMConfig;
+  readonly tenantProvider?: TenantProviderConfig;
+} & AuthDefinitionBrand;
+type AuthExternalConfig = {
+  name: string;
+  external: true;
+};
+type AuthOwnConfig = ReturnType<typeof defineAuth<string, any, any, any, string>>;
+type AuthConfig = AuthOwnConfig | AuthExternalConfig;
+//#endregion
 //#region src/configure/services/executor/types.d.ts
 type ExecutorServiceConfig = {
   files: string[];
@@ -1403,6 +1458,7 @@ declare const BaseGeneratorConfigSchema: z.ZodUnion<readonly [z.ZodTuple<[z.ZodL
 /**
  * Creates a GeneratorConfigSchema with built-in generator support
  * @param {Map<string, (options: unknown) => CodeGeneratorBase>} builtinGenerators - Map of generator IDs to their constructor functions
+ * @returns {z.ZodEffects<z.ZodUnion<[typeof KyselyTypeConfigSchema, typeof SeedConfigSchema, typeof EnumConstantsConfigSchema, typeof FileUtilsConfigSchema, typeof CodeGeneratorSchema]>, CodeGeneratorBase, unknown> | z.ZodUnion<[typeof KyselyTypeConfigSchema, typeof SeedConfigSchema, typeof EnumConstantsConfigSchema, typeof FileUtilsConfigSchema, typeof CodeGeneratorSchema]>} Generator config schema
  */
 declare function createGeneratorConfigSchema(builtinGenerators: Map<string, (options: any) => CodeGeneratorBase>): z.core.$ZodBranded<z.ZodPipe<z.ZodUnion<readonly [z.ZodTuple<[z.ZodLiteral<"@tailor-platform/kysely-type">, z.ZodObject<{
   distPath: z.ZodString;
@@ -1496,12 +1552,12 @@ declare function defineGenerators(...configs: GeneratorConfig[]): (["@tailor-pla
   id: string;
   description: string;
   dependencies: ("tailordb" | "resolver" | "executor")[];
-  aggregate: zod_v4_core33.$InferInnerFunctionType<zod_v4_core33.$ZodFunctionArgs, zod38.ZodAny>;
-  processType?: zod_v4_core33.$InferInnerFunctionType<zod_v4_core33.$ZodFunctionArgs, zod_v4_core33.$ZodFunctionOut> | undefined;
-  processResolver?: zod_v4_core33.$InferInnerFunctionType<zod_v4_core33.$ZodFunctionArgs, zod_v4_core33.$ZodFunctionOut> | undefined;
-  processExecutor?: zod_v4_core33.$InferInnerFunctionType<zod_v4_core33.$ZodFunctionArgs, zod_v4_core33.$ZodFunctionOut> | undefined;
-  processTailorDBNamespace?: zod_v4_core33.$InferInnerFunctionType<zod_v4_core33.$ZodFunctionArgs, zod_v4_core33.$ZodFunctionOut> | undefined;
-  processResolverNamespace?: zod_v4_core33.$InferInnerFunctionType<zod_v4_core33.$ZodFunctionArgs, zod_v4_core33.$ZodFunctionOut> | undefined;
+  aggregate: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod0.ZodAny>;
+  processType?: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod_v4_core0.$ZodFunctionOut> | undefined;
+  processResolver?: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod_v4_core0.$ZodFunctionOut> | undefined;
+  processExecutor?: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod_v4_core0.$ZodFunctionOut> | undefined;
+  processTailorDBNamespace?: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod_v4_core0.$ZodFunctionOut> | undefined;
+  processResolverNamespace?: zod_v4_core0.$InferInnerFunctionType<zod_v4_core0.$ZodFunctionArgs, zod_v4_core0.$ZodFunctionOut> | undefined;
 })[];
 //#endregion
 //#region src/parser/service/executor/schema.d.ts
@@ -1639,5 +1695,5 @@ type WorkflowOperation = z.infer<typeof WorkflowOperationSchema>;
 type Executor = z.infer<typeof ExecutorSchema>;
 type ExecutorInput = z.input<typeof ExecutorSchema>;
 //#endregion
-export { SCIMAttributeMapping as $, db as A, AuthExternalConfig as B, ResolverServiceConfig as C, TailorFieldType as Ct, TailorDBField as D, ExecutorServiceInput as E, output as Et, TailorTypeGqlPermission as F, BuiltinIdP as G, AuthOwnConfig as H, TailorTypePermission as I, OAuth2ClientGrantType as J, IDToken as K, unsafeAllowAllGqlPermission as L, AllowedValuesOutput as M, ParsedTailorDBType as N, TailorDBInstance as O, PermissionCondition as P, SCIMAttribute as Q, unsafeAllowAllTypePermission as R, ResolverExternalConfig as S, FieldOutput$1 as St, ExecutorServiceConfig as T, JsonCompatible as Tt, defineAuth as U, AuthInvoker as V, AuthServiceInput as W, OIDC as X, OAuth2ClientInput as Y, SAML as Z, StaticWebsiteConfig as _, Resolver as _t, IncomingWebhookTrigger as a, UserAttributeKey as at, IdPExternalConfig as b, FieldMetadata as bt, ScheduleTriggerInput as c, UsernameFieldKey as ct, AppConfig as d, AttributeMap as dt, SCIMAttributeType as et, defineConfig as f, TailorUser as ft, WorkflowServiceInput as g, QueryType as gt, WorkflowServiceConfig as h, TailorField as ht, GqlOperation as i, TenantProviderConfig as it, AllowedValues as j, TailorDBType as k, WebhookOperation as l, ValueOperand as lt, Generator as m, TailorAnyField as mt, ExecutorInput as n, SCIMConfig as nt, RecordTrigger as o, UserAttributeListKey as ot, defineGenerators as p, unauthenticatedTailorUser as pt, IdProviderConfig as q, FunctionOperation as r, SCIMResource as rt, ResolverExecutedTrigger as s, UserAttributeMap as st, Executor as t, SCIMAuthorization as tt, WorkflowOperation as u, AttributeList as ut, defineStaticWebSite as v, ResolverInput as vt, ResolverServiceInput as w, InferFieldsOutput as wt, defineIdp as x, FieldOptions as xt, IdPConfig as y, ArrayFieldOutput as yt, AuthConfig as z };
-//# sourceMappingURL=types-Dg_zk_OZ.d.mts.map
+export { TenantProviderConfig as $, AuthOwnConfig as A, BuiltinIdP as B, ResolverServiceConfig as C, TailorFieldType as Ct, AuthConfig as D, ExecutorServiceInput as E, output as Et, db as F, OIDC as G, IdProviderConfig as H, AllowedValues as I, SCIMAttributeMapping as J, SAML as K, AllowedValuesOutput as L, TailorDBField as M, TailorDBInstance as N, AuthExternalConfig as O, TailorDBType as P, SCIMResource as Q, ParsedTailorDBType as R, ResolverExternalConfig as S, FieldOutput$1 as St, ExecutorServiceConfig as T, JsonCompatible as Tt, OAuth2ClientGrantType as U, IDToken as V, OAuth2ClientInput as W, SCIMAuthorization as X, SCIMAttributeType as Y, SCIMConfig as Z, StaticWebsiteConfig as _, Resolver as _t, IncomingWebhookTrigger as a, PermissionCondition as at, IdPExternalConfig as b, FieldMetadata as bt, ScheduleTriggerInput as c, unsafeAllowAllGqlPermission as ct, AppConfig as d, AttributeMap as dt, UserAttributeKey as et, defineConfig as f, TailorUser as ft, WorkflowServiceInput as g, QueryType as gt, WorkflowServiceConfig as h, TailorField as ht, GqlOperation as i, ValueOperand as it, defineAuth as j, AuthInvoker as k, WebhookOperation as l, unsafeAllowAllTypePermission as lt, Generator as m, TailorAnyField as mt, ExecutorInput as n, UserAttributeMap as nt, RecordTrigger as o, TailorTypeGqlPermission as ot, defineGenerators as p, unauthenticatedTailorUser as pt, SCIMAttribute as q, FunctionOperation as r, UsernameFieldKey as rt, ResolverExecutedTrigger as s, TailorTypePermission as st, Executor as t, UserAttributeListKey as tt, WorkflowOperation as u, AttributeList as ut, defineStaticWebSite as v, ResolverInput as vt, ResolverServiceInput as w, InferFieldsOutput as wt, defineIdp as x, FieldOptions as xt, IdPConfig as y, ArrayFieldOutput as yt, AuthServiceInput as z };
+//# sourceMappingURL=types-DCb7NVBk.d.mts.map

package/dist/utils/test/index.d.mts

@@ -1,6 +1,6 @@
 /// <reference path="./../../user-defined.d.ts" />
-import { ht as TailorField, k as TailorDBType } from "../../types-Dg_zk_OZ.mjs";
-import { n as output } from "../../index-DXZMT4aO.mjs";
+import { P as TailorDBType, ht as TailorField } from "../../types-DCb7NVBk.mjs";
+import { n as output } from "../../index-LqF60FaW.mjs";
 import { StandardSchemaV1 } from "@standard-schema/spec";
 
 //#region src/utils/test/index.d.ts

package/docs/generator/builtin.md

@@ -51,10 +51,7 @@ body: async (context) => {
 // In executors
 body: async ({ newRecord }) => {
   const db = getDB("tailordb");
-  await db
-    .insertInto("AuditLog")
-    .values({ userId: newRecord.id, action: "created" })
-    .execute();
+  await db.insertInto("AuditLog").values({ userId: newRecord.id, action: "created" }).execute();
 };
 
 // In workflow jobs

package/docs/generator/custom.md

@@ -18,10 +18,7 @@ interface CodeGenerator<T, R, E, Ts, Rs> {
     source: { filePath: string; exportName: string };
   }): T | Promise<T>;
 
-  processResolver(args: {
-    resolver: Resolver;
-    namespace: string;
-  }): R | Promise<R>;
+  processResolver(args: { resolver: Resolver; namespace: string }): R | Promise<R>;
 
   processExecutor(executor: Executor): E | Promise<E>;
 

package/docs/services/executor.md

@@ -297,8 +297,7 @@ export default createExecutor({
   name: "order-status-changed",
   trigger: recordUpdatedTrigger({
     type: order,
-    condition: ({ oldRecord, newRecord }) =>
-      oldRecord.status !== newRecord.status,
+    condition: ({ oldRecord, newRecord }) => oldRecord.status !== newRecord.status,
   }),
   operation: {
     kind: "function",

package/docs/services/resolver.md

@@ -127,10 +127,7 @@ createResolver({
       .string()
       .validate(
         ({ value }) => value.includes("@"),
-        [
-          ({ value }) => value.length <= 255,
-          "Email must be 255 characters or less",
-        ],
+        [({ value }) => value.length <= 255, "Email must be 255 characters or less"],
       ),
     age: t.int().validate(({ value }) => value >= 0 && value <= 150),
   },

package/docs/services/staticwebsite.md

@@ -90,12 +90,7 @@ const auth = defineAuth("my-auth", {
 ## Complete Example
 
 ```typescript
-import {
-  defineConfig,
-  defineAuth,
-  defineIdp,
-  defineStaticWebSite,
-} from "@tailor-platform/sdk";
+import { defineConfig, defineAuth, defineIdp, defineStaticWebSite } from "@tailor-platform/sdk";
 import { user } from "./tailordb/user";
 
 const website = defineStaticWebSite("my-frontend", {

package/docs/services/tailordb.md

@@ -206,10 +206,7 @@ Function arguments include: `value` (field value), `data` (entire record value),
 ```typescript
 db.string().validate(
   ({ value }) => value.length > 5,
-  [
-    ({ value }) => value.length < 10,
-    "Value must be shorter than 10 characters",
-  ],
+  [({ value }) => value.length < 10, "Value must be shorter than 10 characters"],
 );
 ```
 

package/docs/testing.md

@@ -104,10 +104,7 @@ import { getDB } from "generated/tailordb";
 
 export interface DbOperations {
   transaction: (fn: (ops: DbOperations) => Promise<unknown>) => Promise<void>;
-  getUser: (
-    email: string,
-    forUpdate: boolean,
-  ) => Promise<{ email: string; age: number }>;
+  getUser: (email: string, forUpdate: boolean) => Promise<{ email: string; age: number }>;
   updateUser: (user: { email: string; age: number }) => Promise<void>;
 }
 
@@ -144,32 +141,23 @@ export default createResolver({
 Then test by mocking the interface:
 
 ```typescript
-import {
-  DbOperations,
-  decrementUserAge,
-} from "../src/resolver/decrementUserAge";
+import { DbOperations, decrementUserAge } from "../src/resolver/decrementUserAge";
 
 describe("decrementUserAge resolver", () => {
   test("basic functionality", async () => {
     // Mock DbOperations implementation
     const dbOperations = {
       transaction: vi.fn(
-        async (fn: (ops: DbOperations) => Promise<unknown>) =>
-          await fn(dbOperations),
+        async (fn: (ops: DbOperations) => Promise<unknown>) => await fn(dbOperations),
       ),
-      getUser: vi
-        .fn()
-        .mockResolvedValue({ email: "test@example.com", age: 30 }),
+      getUser: vi.fn().mockResolvedValue({ email: "test@example.com", age: 30 }),
       updateUser: vi.fn(),
     } as DbOperations;
 
     const result = await decrementUserAge("test@example.com", dbOperations);
 
     expect(result).toEqual({ oldAge: 30, newAge: 29 });
-    expect(dbOperations.getUser).toHaveBeenCalledExactlyOnceWith(
-      "test@example.com",
-      true,
-    );
+    expect(dbOperations.getUser).toHaveBeenCalledExactlyOnceWith("test@example.com", true);
     expect(dbOperations.updateUser).toHaveBeenCalledExactlyOnceWith(
       expect.objectContaining({ age: 29 }),
     );