@tailor-platform/sdk 1.21.0 → 1.22.0

package/dist/cli/index.mjs

@@ -1,14 +1,13 @@
 #!/usr/bin/env node
-import "../chunk-CqAI0b6X.mjs";
-import "../schema-D5Cpd8fQ.mjs";
-import "../brand-BZJCv6UY.mjs";
-import { A as generateCommand$1, At as getMigrationFiles, C as resumeCommand, Et as formatMigrationNumber, F as removeCommand$1, Gt as deploymentArgs, H as listCommand$6, Ht as apiCommand, I as listCommand$7, Jt as workspaceArgs, K as webhookCommand, Kt as jsonArgs, Mt as isValidMigrationNumber, N as showCommand, Nt as loadDiff, O as truncateCommand, Q as jobsCommand, R as getCommand$2, Rt as getNamespacesWithMigrations, S as healthCommand, T as listCommand$8, Ut as commonArgs, V as tokenCommand, W as generate, Wt as confirmationArgs, Y as listCommand$5, _ as createCommand$3, a as listCommand$10, at as executionsCommand, b as listCommand$9, ct as functionExecutionStatusToString, d as listCommand$11, ft as apply, gt as parseMigrationLabelNumber, h as deleteCommand$3, j as logBetaWarning, kt as getMigrationFilePath, l as restoreCommand, lt as formatKeyValueTable, p as getCommand$4, q as triggerCommand, qt as withCommonArgs, r as removeCommand, rt as getCommand$3, s as inviteCommand, t as updateCommand$2, tt as startCommand, ut as getCommand$1, zt as trnPrefix } from "../update-9MTRN1UA.mjs";
-import { B as FunctionExecution_Type, C as initOAuth2Client, Q as PATScope, S as fetchUserInfo, _ as loadWorkspaceId, b as fetchAll, ct as logger, i as loadConfig, lt as styles, m as loadAccessToken, p as fetchLatestToken, v as readPlatformConfig, w as initOperatorClient, y as writePlatformConfig } from "../application-CEv5c7TU.mjs";
-import { t as readPackageJson } from "../package-json-3H5gfhA4.mjs";
-import "../file-utils-GX_tGWl4.mjs";
-import "../kysely-type-Cpq5TNGY.mjs";
-import "../seed-D-rYCN5F.mjs";
-import "../telemetry-DuBhnd0X.mjs";
+import "../schema-Cjm-OvPF.mjs";
+import "../brand-DyPrAzpM.mjs";
+import { A as truncateCommand, B as getCommand$2, Bt as getNamespacesWithMigrations, D as listCommand$8, F as showCommand, Ft as loadDiff, Gt as commonArgs, J as webhookCommand, Jt as jsonArgs, K as generate, Kt as confirmationArgs, L as removeCommand$1, M as generateCommand$1, Mt as getMigrationFiles, N as logBetaWarning, Ot as formatMigrationNumber, Pt as isValidMigrationNumber, R as listCommand$7, S as listCommand$9, T as resumeCommand, U as tokenCommand, Vt as trnPrefix, W as listCommand$6, Wt as apiCommand, Xt as workspaceArgs, Y as triggerCommand, Yt as withCommonArgs, Z as listCommand$5, _ as deleteCommand$3, a as removeCommand, at as getCommand$3, d as restoreCommand, dt as formatKeyValueTable, et as jobsCommand, ft as getCommand$1, h as getCommand$4, ht as executeScript, jt as getMigrationFilePath, l as inviteCommand, mt as apply, n as queryCommand, p as listCommand$11, qt as deploymentArgs, r as updateCommand$2, rt as startCommand, s as listCommand$10, st as executionsCommand, ut as functionExecutionStatusToString, vt as parseMigrationLabelNumber, w as healthCommand, y as createCommand$3 } from "../query-Bz2oDGhw.mjs";
+import { C as readPlatformConfig, D as fetchUserInfo, G as FunctionExecution_Type, O as initOAuth2Client, S as loadWorkspaceId, T as fetchAll, X as AuthInvokerSchema, a as loadConfig, c as ExecutorSchema, g as getDistDir, i as resolveInlineSourcemap, k as initOperatorClient, mt as styles, o as WorkflowJobSchema, pt as logger, rt as PATScope, u as ResolverSchema, v as fetchLatestToken, w as writePlatformConfig, y as loadAccessToken } from "../application-CTQe2HSB.mjs";
+import { t as readPackageJson } from "../package-json-iVBhE5Ef.mjs";
+import "../file-utils-sEOwAdJ4.mjs";
+import "../kysely-type-CSlcwNFH.mjs";
+import "../seed-CXvCW3Xc.mjs";
+import "../telemetry-C46fds1l.mjs";
 import { createRequire, register } from "node:module";
 import { arg, defineCommand, runCommand, runMain } from "politty";
 import { withCompletionCommand } from "politty/completion";
@@ -18,14 +17,18 @@ import * as path from "pathe";
 import { generateCodeVerifier } from "@badgateway/oauth2-client";
 import { timestampDate } from "@bufbuild/protobuf/wkt";
 import { Code, ConnectError } from "@connectrpc/connect";
+import { resolveTSConfig } from "pkg-types";
 import ml from "multiline-ts";
 import * as crypto from "node:crypto";
-import * as fs$2 from "fs";
-import pLimit from "p-limit";
+import { pathToFileURL } from "node:url";
+import * as rolldown from "rolldown";
+import { create } from "@bufbuild/protobuf";
 import { spawn, spawnSync } from "node:child_process";
 import * as http from "node:http";
 import open from "open";
+import * as fs from "fs";
 import { lookup } from "mime-types";
+import pLimit from "p-limit";
 import { setTimeout as setTimeout$1 } from "node:timers/promises";
 
 //#region src/cli/commands/apply/index.ts
@@ -43,7 +46,7 @@ const applyCommand = defineCommand({
 		"no-schema-check": arg(z.boolean().optional(), { description: "Skip schema diff check against migration snapshots" }),
 		"no-cache": arg(z.boolean().optional(), { description: "Disable bundle caching for this run" }),
 		"clean-cache": arg(z.boolean().optional(), { description: "Clean the bundle cache before building" })
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		await apply({
 			workspaceId: args["workspace-id"],
@@ -161,7 +164,7 @@ const logsCommand = defineCommand({
 			positional: true,
 			description: "Execution ID (if provided, shows details with logs)"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const client = await initOperatorClient(await loadAccessToken({
 			useProfile: true,
@@ -198,12 +201,493 @@ const logsCommand = defineCommand({
 	})
 });
 
+//#endregion
+//#region src/cli/commands/function/bundle.ts
+/**
+* Bundler for function test-run command
+*
+* Bundles a single function file for execution via the TestExecScript API.
+* Generates an entry file based on the detected function type and bundles
+* with rolldown, following the same patterns as the existing bundlers.
+*/
+/**
+* Bundle a function file for test-run execution via TestExecScript API.
+* @param options - Bundle options
+* @returns Bundled code and script name
+*/
+async function bundleForTestRun(options) {
+	const { detected, sourceFile, env = {}, machineUser, workspaceId } = options;
+	const inlineSourcemap = resolveInlineSourcemap(options.inlineSourcemap);
+	const outputDir = path.resolve(getDistDir(), "test-run");
+	fs$1.mkdirSync(outputDir, { recursive: true });
+	const baseName = `test-run--${detected.name}`;
+	const scriptName = `${baseName}.js`;
+	const entryPath = path.join(outputDir, `${baseName}.entry.js`);
+	const outputPath = path.join(outputDir, scriptName);
+	const entryContent = generateEntry(detected, sourceFile, env, machineUser, workspaceId);
+	fs$1.writeFileSync(entryPath, entryContent);
+	let tsconfig;
+	try {
+		tsconfig = await resolveTSConfig();
+	} catch {
+		tsconfig = void 0;
+	}
+	await rolldown.build(rolldown.defineConfig({
+		input: entryPath,
+		output: {
+			file: outputPath,
+			format: "esm",
+			sourcemap: inlineSourcemap ? "inline" : true,
+			minify: inlineSourcemap ? { mangle: { keepNames: true } } : true,
+			inlineDynamicImports: true
+		},
+		tsconfig,
+		treeshake: {
+			moduleSideEffects: false,
+			annotations: true,
+			unknownGlobalSideEffects: false
+		},
+		logLevel: "silent"
+	}));
+	return {
+		bundledCode: fs$1.readFileSync(outputPath, "utf-8"),
+		scriptName
+	};
+}
+/**
+* Generate entry file content based on the detected function type.
+* @param detected - Detected function info
+* @param sourceFile - Absolute path to the source file
+* @param env - Environment variables for workflow job bundles
+* @param machineUser - Resolved machine user info
+* @param workspaceId - Workspace ID
+* @returns Entry file content string
+*/
+function generateEntry(detected, sourceFile, env, machineUser, workspaceId) {
+	const absoluteSourcePath = path.resolve(sourceFile);
+	switch (detected.type) {
+		case "plain":
+			if (detected.namedMain) return ml`
+          export { main } from "${absoluteSourcePath}";
+        `;
+			return ml`
+        import _fn from "${absoluteSourcePath}";
+        export { _fn as main };
+      `;
+		case "resolver": {
+			const userExpr = buildMachineUserExpr(machineUser, workspaceId);
+			return ml`
+        import _internalResolver from "${absoluteSourcePath}";
+        import { t } from "@tailor-platform/sdk";
+
+        const _env = ${JSON.stringify(env)};
+        const _user = ${userExpr};
+
+        const $tailor_resolver_body = async (context) => {
+          const enrichedContext = { ...context, env: _env, user: _user };
+
+          if (_internalResolver.input) {
+            const result = t.object(_internalResolver.input).parse({
+              value: enrichedContext.input,
+              data: enrichedContext.input,
+              user: enrichedContext.user,
+            });
+
+            if (result.issues) {
+              const errorMessages = result.issues
+                .map(issue => {
+                  const path = issue.path ? issue.path.join('.') : '';
+                  return path ? \`  \${path}: \${issue.message}\` : issue.message;
+                })
+                .join('\\n');
+              throw new Error(\`Failed to input validation:\\n\${errorMessages}\`);
+            }
+          }
+
+          return _internalResolver.body(enrichedContext);
+        };
+
+        export { $tailor_resolver_body as main };
+      `;
+		}
+		case "executor": {
+			const actorExpr = buildMachineActorExpr(machineUser, workspaceId);
+			return ml`
+        import _internalExecutor from "${absoluteSourcePath}";
+
+        const _env = ${JSON.stringify(env)};
+        const _actor = ${actorExpr};
+
+        const __executor_function = async (args) => {
+          return _internalExecutor.operation.body({ ...args, env: _env, actor: _actor });
+        };
+
+        export { __executor_function as main };
+      `;
+		}
+		case "workflow-job": {
+			const exportName = detected.exportName;
+			return ml`
+        import { ${exportName} } from "${absoluteSourcePath}";
+
+        const env = ${JSON.stringify(env)};
+
+        export async function main(input) {
+          return await ${exportName}.body(input, { env });
+        }
+      `;
+		}
+	}
+}
+/**
+* Build a JSON expression for a machine user TailorUser object.
+* @param machineUser - Resolved machine user info
+* @param workspaceId - Workspace ID
+* @returns JSON string for the user expression
+*/
+function buildMachineUserExpr(machineUser, workspaceId) {
+	return JSON.stringify({
+		id: machineUser.id,
+		type: "machine_user",
+		workspaceId,
+		attributes: machineUser.attributes,
+		attributeList: machineUser.attributeList
+	});
+}
+/**
+* Build a JSON expression for a machine user TailorActor object.
+* @param machineUser - Resolved machine user info
+* @param workspaceId - Workspace ID
+* @returns JSON string for the actor expression
+*/
+function buildMachineActorExpr(machineUser, workspaceId) {
+	return JSON.stringify({
+		workspaceId,
+		userId: machineUser.id,
+		attributes: machineUser.attributes,
+		attributeList: machineUser.attributeList,
+		userType: "USER_TYPE_MACHINE_USER"
+	});
+}
+
+//#endregion
+//#region src/cli/commands/function/detect.ts
+/**
+* Function type detection for test-run command
+*
+* Detects the function type (resolver, executor, workflow job, or plain function)
+* by dynamically importing the module and checking against known schemas.
+*/
+/**
+* Detect the function type from a file by importing it and checking against schemas.
+* @param options - Detection options
+* @returns Detected function information
+*/
+async function detectFunctionType(options) {
+	const { filePath, jobName } = options;
+	const module = await import(pathToFileURL(filePath).href);
+	const resolverResult = ResolverSchema.safeParse(module.default);
+	if (resolverResult.success) return {
+		type: "resolver",
+		name: resolverResult.data.name
+	};
+	const executorResult = ExecutorSchema.safeParse(module.default);
+	if (executorResult.success) {
+		const { operation } = executorResult.data;
+		if (operation.kind === "function" || operation.kind === "jobFunction") return {
+			type: "executor",
+			name: executorResult.data.name
+		};
+	}
+	const workflowJobResult = detectWorkflowJob(module, jobName);
+	if (workflowJobResult) return workflowJobResult;
+	if (typeof module.default === "function") return {
+		type: "plain",
+		name: deriveNameFromPath(filePath)
+	};
+	if (typeof module.main === "function") return {
+		type: "plain",
+		name: deriveNameFromPath(filePath),
+		namedMain: true
+	};
+	throw new Error(`Could not detect function type from ${filePath}.\nThe file must have one of:
+  - A default-exported resolver (createResolver)
+  - A default-exported executor (createExecutor) with function/jobFunction operation
+  - A named-exported workflow job (createWorkflowJob)
+  - A default-exported function
+  - A named-exported "main" function`);
+}
+/**
+* Scan all named exports for workflow jobs.
+* If jobName is specified, find the job whose `.name` matches.
+* If not specified and exactly one job exists, use it.
+* If multiple jobs exist, throw an error with the list.
+* @param module - The imported module
+* @param jobName - Workflow job name to select
+* @returns Detected function or null if no workflow jobs found
+*/
+function detectWorkflowJob(module, jobName) {
+	const jobs = [];
+	for (const [exportName, exportValue] of Object.entries(module)) {
+		if (exportName === "default") continue;
+		const result = WorkflowJobSchema.safeParse(exportValue);
+		if (result.success) jobs.push({
+			name: result.data.name,
+			exportName
+		});
+	}
+	if (jobs.length === 0) return null;
+	if (jobName) {
+		const match = jobs.find((j) => j.name === jobName);
+		if (!match) {
+			const available$1 = jobs.map((j) => `  - "${j.name}" (export: ${j.exportName})`).join("\n");
+			throw new Error(`Workflow job "${jobName}" not found. Available jobs:\n${available$1}`);
+		}
+		return {
+			type: "workflow-job",
+			name: match.name,
+			exportName: match.exportName
+		};
+	}
+	if (jobs.length === 1) return {
+		type: "workflow-job",
+		name: jobs[0].name,
+		exportName: jobs[0].exportName
+	};
+	const available = jobs.map((j) => `  - "${j.name}" (export: ${j.exportName})`).join("\n");
+	throw new Error(`Multiple workflow jobs found. Specify one with --name:\n${available}`);
+}
+/**
+* Derive a script name from a file path (filename without extension).
+* @param filePath - Absolute path to the function file
+* @returns Filename without extension
+*/
+function deriveNameFromPath(filePath) {
+	return path.basename(filePath, path.extname(filePath));
+}
+
+//#endregion
+//#region src/cli/commands/function/test-run.ts
+/**
+* `tailor-sdk function test-run` command
+*
+* Bundles and executes a function on the Tailor Platform server
+* without deploying (applying) the application.
+*/
+const testRunCommand = defineCommand({
+	name: "test-run",
+	description: "Run a function on the Tailor Platform server without deploying.",
+	args: z.object({
+		...commonArgs,
+		...jsonArgs,
+		...workspaceArgs,
+		file: arg(z.string(), {
+			positional: true,
+			description: "Path to the function file"
+		}),
+		name: arg(z.string().optional(), {
+			alias: "n",
+			description: "Workflow job name to run (matches the `name` field of createWorkflowJob)"
+		}),
+		arg: arg(z.string().optional(), {
+			alias: "a",
+			description: "JSON argument to pass to the function"
+		}),
+		"machine-user": arg(z.string().optional(), {
+			alias: "m",
+			description: "Machine user name for authentication"
+		}),
+		config: arg(z.string().default("tailor.config.ts"), {
+			alias: "c",
+			description: "Path to SDK config file"
+		})
+	}),
+	notes: `You can pass either a source file (\`.ts\`) or a pre-bundled file (\`.js\`).
+When a \`.js\` file is provided, detection and bundling are skipped and the file is executed as-is.
+
+> [!WARNING]
+> Workflow job \`.trigger()\` calls do not work in test-run mode.
+> Triggered jobs are not executed; only the target job's \`body\` function runs in isolation.`,
+	examples: [
+		{
+			cmd: "resolvers/add.ts --arg '{\"input\":{\"a\":1,\"b\":2}}'",
+			desc: "Run a resolver with input arguments"
+		},
+		{
+			cmd: "workflows/sample.ts --name validate-order",
+			desc: "Run a specific workflow job by name"
+		},
+		{
+			cmd: ".tailor-sdk/resolvers/add.js --arg '{\"input\":{\"a\":1,\"b\":2}}'",
+			desc: "Run a pre-bundled .js file directly"
+		}
+	],
+	run: withCommonArgs(async (args) => {
+		const filePath = path.resolve(args.file);
+		if (!fs$1.existsSync(filePath)) throw new Error(`File not found: ${filePath}`);
+		const { config } = await loadConfig(args.config);
+		const authNamespace = resolveAuthNamespace(config.auth);
+		const machineUserName = resolveMachineUserName(args["machine-user"], config.auth);
+		const client = await initOperatorClient(await loadAccessToken({
+			useProfile: true,
+			profile: args.profile
+		}));
+		const workspaceId = loadWorkspaceId({
+			workspaceId: args["workspace-id"],
+			profile: args.profile
+		});
+		const machineUser = await resolveMachineUser({
+			client,
+			workspaceId,
+			authNamespace,
+			machineUserName,
+			authConfig: config.auth
+		});
+		const relativePath = path.relative(process.cwd(), filePath);
+		const isPreBundled = filePath.endsWith(".js");
+		let bundledCode;
+		let scriptName;
+		let functionType;
+		let functionName;
+		if (isPreBundled) {
+			scriptName = path.basename(filePath);
+			bundledCode = fs$1.readFileSync(filePath, "utf-8");
+			logger.info(`Using pre-bundled script ${styles.bold(scriptName)}`);
+		} else {
+			logger.info(`Detecting function type from ${styles.path(relativePath)}`);
+			const detected = await detectFunctionType({
+				filePath,
+				jobName: args.name
+			});
+			functionType = detected.type;
+			functionName = detected.name;
+			logger.info(`Detected: ${styles.bold(detected.type)} ${styles.info(`"${detected.name}"`)}`);
+			logger.info("Bundling...");
+			({bundledCode, scriptName} = await bundleForTestRun({
+				detected,
+				sourceFile: filePath,
+				env: config.env ?? {},
+				inlineSourcemap: config.inlineSourcemap,
+				machineUser,
+				workspaceId
+			}));
+			logger.info(`Bundled as ${styles.bold(scriptName)}`);
+		}
+		const authInvoker = create(AuthInvokerSchema, {
+			namespace: authNamespace,
+			machineUserName: machineUser.name
+		});
+		logger.info(`Executing on workspace ${styles.dim(workspaceId)}...`);
+		const result = await executeScript({
+			client,
+			workspaceId,
+			name: scriptName,
+			code: bundledCode,
+			arg: args.arg,
+			invoker: authInvoker
+		});
+		if (args.json) logger.out({
+			success: result.success,
+			scriptName,
+			functionType,
+			functionName,
+			logs: result.logs,
+			result: result.result,
+			error: result.error
+		});
+		else {
+			if (result.success) logger.success("Execution succeeded");
+			else logger.error("Execution failed");
+			if (result.logs?.trim()) {
+				logger.log(styles.bold("\nLogs:"));
+				for (const line of result.logs.split("\n")) logger.log(`  ${line}`);
+			}
+			if (result.result && result.success) {
+				logger.log(styles.bold("\nResult:"));
+				try {
+					const parsed = JSON.parse(result.result);
+					logger.log(`  ${JSON.stringify(parsed, null, 2).split("\n").join("\n  ")}`);
+				} catch {
+					logger.log(`  ${result.result}`);
+				}
+			}
+			if (result.error && !result.success) {
+				logger.log(styles.bold("\nError:"));
+				logger.log(`  ${styles.error(result.error)}`);
+			}
+		}
+		if (!result.success) process.exit(1);
+	})
+});
+/**
+* Resolve auth namespace from config.
+* @param authConfig - Auth configuration from tailor.config.ts
+* @returns Resolved auth namespace
+*/
+function resolveAuthNamespace(authConfig) {
+	if (authConfig?.name) return authConfig.name;
+	throw new Error("Auth namespace is required. Ensure tailor.config.ts has an auth config.");
+}
+/**
+* Resolve machine user name from CLI args or config. Priority: --machine-user > first key of config.auth.machineUsers
+* @param cliMachineUser - CLI --machine-user value
+* @param authConfig - Auth configuration from tailor.config.ts
+* @returns Resolved machine user name
+*/
+function resolveMachineUserName(cliMachineUser, authConfig) {
+	if (cliMachineUser) return cliMachineUser;
+	if (authConfig && !("external" in authConfig && authConfig.external)) {
+		const machineUsers = authConfig.machineUsers;
+		if (machineUsers) {
+			const keys = Object.keys(machineUsers);
+			if (keys.length > 0) return keys[0];
+		}
+	}
+	throw new Error("Machine user is required. Provide --machine-user or ensure tailor.config.ts has machine users configured.");
+}
+/**
+* Resolve full machine user info: name, id (from API), and attributes (from config).
+* @param options - Options for resolving machine user
+* @returns Resolved machine user with id, attributes, and attributeList
+*/
+async function resolveMachineUser(options) {
+	const { client, workspaceId, authNamespace, machineUserName, authConfig } = options;
+	let id = "00000000-0000-0000-0000-000000000000";
+	try {
+		const { machineUser } = await client.getAuthMachineUser({
+			workspaceId,
+			authNamespace,
+			name: machineUserName
+		});
+		if (machineUser?.id) id = machineUser.id;
+	} catch {
+		logger.debug(`Could not fetch machine user "${machineUserName}" from server, using nil UUID`);
+	}
+	const machineUserConfig = authConfig?.machineUsers?.[machineUserName];
+	let attributes = null;
+	let attributeList = [];
+	if (machineUserConfig && typeof machineUserConfig === "object") {
+		const cfg = machineUserConfig;
+		attributes = cfg.attributes ?? null;
+		attributeList = cfg.attributeList ?? [];
+	}
+	return {
+		name: machineUserName,
+		id,
+		attributes,
+		attributeList
+	};
+}
+
 //#endregion
 //#region src/cli/commands/function/index.ts
 const functionCommand = defineCommand({
 	name: "function",
 	description: "Manage functions",
-	subCommands: { logs: logsCommand },
+	subCommands: {
+		logs: logsCommand,
+		"test-run": testRunCommand
+	},
 	async run() {
 		await runCommand(logsCommand, []);
 	}
@@ -224,7 +708,7 @@ const generateCommand = defineCommand({
 			alias: "W",
 			description: "Watch for type/resolver changes and regenerate"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		await generate({
 			configPath: args.config,
@@ -260,7 +744,7 @@ const initCommand = defineCommand({
 			alias: "t",
 			description: "Template name"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const packageJson$1 = await readPackageJson();
 		const version = packageJson$1.version && packageJson$1.version !== "0.0.0" ? packageJson$1.version : "latest";
@@ -292,7 +776,7 @@ const startAuthServer = async () => {
 	const client = initOAuth2Client();
 	const state = randomState();
 	const codeVerifier = await generateCodeVerifier();
-	return new Promise((resolve, reject) => {
+	return new Promise((resolve$1, reject) => {
 		const server = http.createServer(async (req, res) => {
 			try {
 				if (!req.url?.startsWith("/callback")) throw new Error("Invalid callback URL");
@@ -318,7 +802,7 @@ const startAuthServer = async () => {
 					status: "ok",
 					message: "Successfully authenticated. Please close this window."
 				}));
-				resolve();
+				resolve$1();
 			} catch (error) {
 				res.writeHead(401);
 				res.end("Authentication failed");
@@ -355,7 +839,7 @@ const startAuthServer = async () => {
 const loginCommand = defineCommand({
 	name: "login",
 	description: "Login to Tailor Platform.",
-	args: z.object({ ...commonArgs }),
+	args: z.object({ ...commonArgs }).strict(),
 	run: withCommonArgs(async () => {
 		await startAuthServer();
 		logger.success("Successfully logged in to Tailor Platform.");
@@ -367,7 +851,7 @@ const loginCommand = defineCommand({
 const logoutCommand = defineCommand({
 	name: "logout",
 	description: "Logout from Tailor Platform.",
-	args: z.object({ ...commonArgs }),
+	args: z.object({ ...commonArgs }).strict(),
 	run: withCommonArgs(async () => {
 		const pfConfig = readPlatformConfig();
 		const tokens = pfConfig.current_user ? pfConfig.users[pfConfig.current_user] : void 0;
@@ -424,7 +908,7 @@ const openCommand = defineCommand({
 	args: z.object({
 		...commonArgs,
 		...deploymentArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const workspaceId = loadWorkspaceId({
 			workspaceId: args["workspace-id"],
@@ -466,7 +950,7 @@ const createCommand$2 = defineCommand({
 			alias: "w",
 			description: "Workspace ID"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const config = readPlatformConfig();
 		if (config.profiles[args.name]) throw new Error(`Profile "${args.name}" already exists.`);
@@ -504,7 +988,7 @@ const deleteCommand$2 = defineCommand({
 			positional: true,
 			description: "Profile name"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const config = readPlatformConfig();
 		if (!config.profiles[args.name]) throw new Error(`Profile "${args.name}" not found.`);
@@ -522,7 +1006,7 @@ const listCommand$4 = defineCommand({
 	args: z.object({
 		...commonArgs,
 		...jsonArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async () => {
 		const config = readPlatformConfig();
 		const profiles = Object.entries(config.profiles);
@@ -562,7 +1046,7 @@ const updateCommand$1 = defineCommand({
 			alias: "w",
 			description: "New workspace ID"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const config = readPlatformConfig();
 		if (!config.profiles[args.name]) throw new Error(`Profile "${args.name}" not found.`);
@@ -648,7 +1132,7 @@ const createSecretCommand = defineCommand({
 		...commonArgs,
 		...workspaceArgs,
 		...secretValueArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const client = await initOperatorClient(await loadAccessToken({
 			useProfile: true,
@@ -686,7 +1170,7 @@ const deleteSecretCommand = defineCommand({
 		...workspaceArgs,
 		...secretIdentifyArgs,
 		...confirmationArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const client = await initOperatorClient(await loadAccessToken({
 			useProfile: true,
@@ -757,7 +1241,7 @@ const listSecretCommand = defineCommand({
 		...jsonArgs,
 		...workspaceArgs,
 		...vaultArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		try {
 			const secrets = await secretList({
@@ -782,7 +1266,7 @@ const updateSecretCommand = defineCommand({
 		...commonArgs,
 		...workspaceArgs,
 		...secretValueArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const client = await initOperatorClient(await loadAccessToken({
 			useProfile: true,
@@ -823,7 +1307,7 @@ const createCommand$1 = defineCommand({
 		...commonArgs,
 		...workspaceArgs,
 		...nameArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const client = await initOperatorClient(await loadAccessToken({
 			useProfile: true,
@@ -856,7 +1340,7 @@ const deleteCommand$1 = defineCommand({
 		...workspaceArgs,
 		...nameArgs,
 		...confirmationArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const client = await initOperatorClient(await loadAccessToken({
 			useProfile: true,
@@ -924,7 +1408,7 @@ const listCommand$3 = defineCommand({
 		...commonArgs,
 		...jsonArgs,
 		...workspaceArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const vaults = await vaultList({
 			workspaceId: args["workspace-id"],
@@ -1066,7 +1550,7 @@ async function uploadDirectory(client, workspaceId, deploymentId, rootDir, showP
 */
 async function collectFiles(rootDir, currentDir = "") {
 	const dirPath = path.join(rootDir, currentDir);
-	const entries = await fs$2.promises.readdir(dirPath, { withFileTypes: true });
+	const entries = await fs.promises.readdir(dirPath, { withFileTypes: true });
 	const files = [];
 	for (const entry of entries) {
 		const rel = path.join(currentDir, entry.name);
@@ -1085,7 +1569,7 @@ async function uploadSingleFile(client, workspaceId, deploymentId, rootDir, file
 		return;
 	}
 	const contentType = mime;
-	const readStream = fs$2.createReadStream(absPath, { highWaterMark: CHUNK_SIZE });
+	const readStream = fs.createReadStream(absPath, { highWaterMark: CHUNK_SIZE });
 	async function* requestStream() {
 		yield { payload: {
 			case: "initialMetadata",
@@ -1136,9 +1620,10 @@ const deployCommand = defineCommand({
 		}),
 		dir: arg(z.string(), {
 			alias: "d",
-			description: "Path to the static website files"
+			description: "Path to the static website files",
+			completion: { type: "directory" }
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		logger.info(`Deploying static website "${args.name}" from directory: ${args.dir}`);
 		const client = await initOperatorClient(await loadAccessToken({
@@ -1151,7 +1636,7 @@ const deployCommand = defineCommand({
 			workspaceId: args["workspace-id"],
 			profile: args.profile
 		});
-		if (!fs$2.existsSync(dir) || !fs$2.statSync(dir).isDirectory()) throw new Error(`Directory not found or not a directory: ${dir}`);
+		if (!fs.existsSync(dir) || !fs.statSync(dir).isDirectory()) throw new Error(`Directory not found or not a directory: ${dir}`);
 		const { url, skippedFiles } = await withTimeout(deployStaticWebsite(client, workspaceId, name, dir, !args.json), 10 * 6e4, "Deployment timed out after 10 minutes.");
 		if (args.json) logger.out({
 			name,
@@ -1179,7 +1664,7 @@ const getCommand = defineCommand({
 			positional: true,
 			description: "Static website name"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const client = await initOperatorClient(await loadAccessToken({
 			useProfile: true,
@@ -1249,7 +1734,7 @@ const listCommand$2 = defineCommand({
 		...commonArgs,
 		...jsonArgs,
 		...workspaceArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const websites = await listStaticWebsites({
 			workspaceId: args["workspace-id"],
@@ -1523,7 +2008,7 @@ function resolveAllNamespaces(config, options) {
 */
 async function runLiamBuild(schemaPath, cwd) {
 	fs$1.mkdirSync(cwd, { recursive: true });
-	return await new Promise((resolve, reject) => {
+	return await new Promise((resolve$1, reject) => {
 		let liamBinPath;
 		try {
 			liamBinPath = resolveCliBinPath({
@@ -1560,7 +2045,7 @@ async function runLiamBuild(schemaPath, cwd) {
 			reject(error);
 		});
 		child.on("close", (code) => {
-			if (code === 0) resolve();
+			if (code === 0) resolve$1();
 			else {
 				if (stderrOutput) logger.error(stderrOutput);
 				logger.error("liam CLI exited with a non-zero code. Ensure `@liam-hq/cli erd build --format tbls --input schema.json` works in your project.");
@@ -1637,9 +2122,10 @@ const erdExportCommand = defineCommand({
 		}),
 		output: arg(z.string().default(DEFAULT_ERD_BASE_DIR), {
 			alias: "o",
-			description: "Output directory path for tbls-compatible ERD JSON (writes to `<outputDir>/<namespace>/schema.json`)"
+			description: "Output directory path for tbls-compatible ERD JSON (writes to `<outputDir>/<namespace>/schema.json`)",
+			completion: { type: "directory" }
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const { client, workspaceId, config } = await initErdContext(args);
 		const outputDir = path.resolve(process.cwd(), String(args.output));
@@ -1677,7 +2163,7 @@ const erdDeployCommand = defineCommand({
 			alias: "n",
 			description: "TailorDB namespace name (optional - deploys all namespaces with erdSite if omitted)"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const { client, workspaceId, config } = await initErdContext(args);
 		const buildResults = await prepareErdBuilds({
@@ -1723,7 +2209,7 @@ async function runServeDist(results) {
 		logger.warn(`Multiple namespaces found. To serve another namespace, run:\n${commands}`);
 	}
 	fs$1.mkdirSync(primary.erdDir, { recursive: true });
-	return await new Promise((resolve, reject) => {
+	return await new Promise((resolve$1, reject) => {
 		let serveBinPath;
 		try {
 			serveBinPath = resolveCliBinPath({
@@ -1744,7 +2230,7 @@ async function runServeDist(results) {
 			reject(error);
 		});
 		child.on("exit", (code) => {
-			if (code === 0) resolve();
+			if (code === 0) resolve$1();
 			else {
 				logger.error("serve CLI exited with a non-zero code. Ensure `serve dist` works in your project.");
 				reject(/* @__PURE__ */ new Error(`serve CLI exited with code ${code ?? 1}`));
@@ -1762,7 +2248,7 @@ const erdServeCommand = defineCommand({
 			alias: "n",
 			description: "TailorDB namespace name (uses first namespace in config if not specified)"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const { client, workspaceId, config } = await initErdContext(args);
 		await runServeDist(await prepareErdBuilds({
@@ -1875,7 +2361,7 @@ const setCommand = defineCommand({
 			alias: "n",
 			description: "Target TailorDB namespace (required if multiple namespaces exist)"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		await set({
 			configPath: args.config,
@@ -1948,7 +2434,7 @@ const statusCommand = defineCommand({
 			alias: "n",
 			description: "Target TailorDB namespace (shows all namespaces if not specified)"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		await status({
 			configPath: args.config,
@@ -1996,7 +2482,7 @@ const tailordbCommand = defineCommand({
 const currentCommand = defineCommand({
 	name: "current",
 	description: "Show current user.",
-	args: z.object({ ...commonArgs }),
+	args: z.object({ ...commonArgs }).strict(),
 	run: withCommonArgs(async () => {
 		const config = readPlatformConfig();
 		if (!config.current_user) throw new Error(ml`
@@ -2019,7 +2505,7 @@ const listCommand$1 = defineCommand({
 	args: z.object({
 		...commonArgs,
 		...jsonArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const config = readPlatformConfig();
 		const users = Object.keys(config.users);
@@ -2113,7 +2599,7 @@ const createCommand = defineCommand({
 			alias: "W",
 			description: "Grant write permission (default: read-only)"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const config = readPlatformConfig();
 		if (!config.current_user) throw new Error(ml`
@@ -2142,7 +2628,7 @@ const deleteCommand = defineCommand({
 			positional: true,
 			description: "Token name"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const config = readPlatformConfig();
 		if (!config.current_user) throw new Error(ml`
@@ -2162,7 +2648,7 @@ const listCommand = defineCommand({
 	args: z.object({
 		...commonArgs,
 		...jsonArgs
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const config = readPlatformConfig();
 		if (!config.current_user) throw new Error(ml`
@@ -2215,7 +2701,7 @@ const updateCommand = defineCommand({
 			alias: "W",
 			description: "Grant write permission (if not specified, keeps read-only)"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const config = readPlatformConfig();
 		if (!config.current_user) throw new Error(ml`
@@ -2262,7 +2748,7 @@ const switchCommand = defineCommand({
 			positional: true,
 			description: "User email"
 		})
-	}),
+	}).strict(),
 	run: withCommonArgs(async (args) => {
 		const config = readPlatformConfig();
 		if (!config.users[args.user]) throw new Error(ml`
@@ -2378,6 +2864,7 @@ const mainCommand = withCompletionCommand(defineCommand({
 		oauth2client: oauth2clientCommand,
 		open: openCommand,
 		profile: profileCommand,
+		query: queryCommand,
 		remove: removeCommand$1,
 		secret: secretCommand,
 		show: showCommand,