@tailor-platform/sdk 1.27.0 → 1.29.0

package/dist/{application-WyZetOky.mjs → application-Dl1d7w-b.mjs}

@@ -1,9 +1,9 @@
-import "./chunk-Cz-A8uMR.mjs";
+import "./chunk-DEt8GZDa.mjs";
 import "./brand-GZnI4eYb.mjs";
 import "./logger-CqezTedh.mjs";
-import "./client-bTbnbQbB.mjs";
+import "./client-CZmQBXAY.mjs";
 import "./package-json-D3x2nBPB.mjs";
-import { n as generatePluginFilesIfNeeded, r as loadApplication, t as defineApplication } from "./application-CBJFUKrU.mjs";
+import { n as generatePluginFilesIfNeeded, r as loadApplication, t as defineApplication } from "./application-Clwpv84E.mjs";
 import "./seed-CWkIDWMb.mjs";
 import "./file-utils-Bctuzn3x.mjs";
 import "./kysely-type-B_IecdK9.mjs";

package/dist/chunk-DEt8GZDa.mjs

@@ -0,0 +1,8 @@
+import { createRequire } from "node:module";
+
+//#region \0rolldown/runtime.js
+var __commonJSMin = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+//#endregion
+export { __require as n, __commonJSMin as t };

package/dist/cli/index.mjs

@@ -1,17 +1,17 @@
 #!/usr/bin/env node
-import "../chunk-Cz-A8uMR.mjs";
+import "../chunk-DEt8GZDa.mjs";
 import "../schema-BePzTFBV.mjs";
 import "../brand-GZnI4eYb.mjs";
 import { n as logger, r as styles } from "../logger-CqezTedh.mjs";
-import { C as listCommand$10, E as resumeCommand, F as showCommand, Ft as isValidMigrationNumber, G as listCommand$7, Ht as prompt, I as logBetaWarning, It as loadDiff, Jt as commonArgs, Kt as apiCommand, Mt as getMigrationFilePath, N as generateCommand$1, Nt as getMigrationFiles, O as listCommand$9, Q as listCommand$6, Qt as workspaceArgs, R as removeCommand$1, T as healthCommand, Ut as trnPrefix, V as getCommand$2, Vt as getNamespacesWithMigrations, W as tokenCommand, X as triggerCommand, Xt as deploymentArgs, Y as webhookCommand, Yt as confirmationArgs, Zt as isVerbose, b as createCommand$3, c as listCommand$11, ct as executionsCommand, dt as functionExecutionStatusToString, f as restoreCommand, ft as formatKeyValueTable, g as getCommand$4, gt as executeScript, ht as apply, i as updateCommand$2, it as startCommand, j as truncateCommand, kt as formatMigrationNumber, m as listCommand$12, n as queryCommand, o as removeCommand, ot as getCommand$3, pt as getCommand$1, q as generate, qt as defineAppCommand, r as isCLIError, tt as jobsCommand, u as inviteCommand, v as deleteCommand$3, yt as parseMigrationLabelNumber, z as listCommand$8 } from "../query-CgGbAmUg.mjs";
-import { A as AuthInvokerSchema, L as PATScope, d as userAgent, i as fetchUserInfo, n as fetchAll, o as initOAuth2Client, s as initOperatorClient, w as FunctionExecution_Type } from "../client-bTbnbQbB.mjs";
+import { $t as workspaceArgs, C as listCommand$10, E as resumeCommand, F as showCommand, Ft as isValidMigrationNumber, G as listCommand$7, Ht as prompt, I as logBetaWarning, It as loadDiff, Jt as defineAppCommand, Mt as getMigrationFilePath, N as generateCommand$1, Nt as getMigrationFiles, O as listCommand$9, Q as listCommand$6, Qt as isVerbose, R as removeCommand$1, T as healthCommand, Ut as sdkNameLabelKey, V as getCommand$2, Vt as getNamespacesWithMigrations, W as tokenCommand, Wt as trnPrefix, X as triggerCommand, Xt as confirmationArgs, Y as webhookCommand, Yt as commonArgs, Zt as deploymentArgs, b as createCommand$3, c as listCommand$11, ct as executionsCommand, dt as functionExecutionStatusToString, f as restoreCommand, ft as formatKeyValueTable, g as getCommand$4, gt as executeScript, ht as apply, i as updateCommand$2, it as startCommand, j as truncateCommand, kt as formatMigrationNumber, m as listCommand$12, n as queryCommand, o as removeCommand, ot as getCommand$3, pt as getCommand$1, q as generate, qt as apiCommand, r as isCLIError, tt as jobsCommand, u as inviteCommand, v as deleteCommand$3, yt as parseMigrationLabelNumber, z as listCommand$8 } from "../query-B1-hq2Hm.mjs";
+import { E as FunctionExecution_Type, M as AuthInvokerSchema, a as fetchPlatformMachineUserToken, c as initOAuth2Client, l as initOperatorClient, n as closeConnectionPool, o as fetchUserInfo, p as userAgent, r as fetchAll, z as PATScope } from "../client-CZmQBXAY.mjs";
 import { t as readPackageJson } from "../package-json-D3x2nBPB.mjs";
-import { S as writePlatformConfig, a as loadConfig, b as loadWorkspaceId, c as ExecutorSchema, g as getDistDir, i as resolveInlineSourcemap, o as WorkflowJobSchema, u as ResolverSchema, v as fetchLatestToken, x as readPlatformConfig, y as loadAccessToken } from "../application-CBJFUKrU.mjs";
+import { S as writePlatformConfig, a as loadConfig, b as loadWorkspaceId, c as ExecutorSchema, g as getDistDir, i as resolveInlineSourcemap, o as WorkflowJobSchema, u as ResolverSchema, v as fetchLatestToken, x as readPlatformConfig, y as loadAccessToken } from "../application-Clwpv84E.mjs";
 import "../seed-CWkIDWMb.mjs";
 import "../file-utils-Bctuzn3x.mjs";
 import "../kysely-type-B_IecdK9.mjs";
-import "../telemetry-VvNfsyEE.mjs";
-import { a as JSON_FOOTER_MARKER, i as CRASH_LOG_EXTENSION, o as parseCrashReportConfig, r as sendCrashReport, t as initCrashReporting } from "../crash-report-Ju8cQF-l.mjs";
+import "../telemetry-BSUlYTs-.mjs";
+import { a as JSON_FOOTER_MARKER, i as CRASH_LOG_EXTENSION, o as parseCrashReportConfig, r as sendCrashReport, t as initCrashReporting } from "../crash-report-DizNMVnm.mjs";
 import { createRequire, register } from "node:module";
 import { arg, defineCommand, runCommand, runMain } from "politty";
 import { withCompletionCommand } from "politty/completion";
@@ -21,14 +21,14 @@ import * as path from "pathe";
 import { generateCodeVerifier } from "@badgateway/oauth2-client";
 import { timestampDate } from "@bufbuild/protobuf/wkt";
 import { Code, ConnectError } from "@connectrpc/connect";
+import * as http from "node:http";
+import * as crypto from "node:crypto";
+import { pathToFileURL } from "node:url";
 import { resolveTSConfig } from "pkg-types";
 import ml from "multiline-ts";
-import * as crypto from "node:crypto";
 import * as rolldown from "rolldown";
-import { pathToFileURL } from "node:url";
 import { create } from "@bufbuild/protobuf";
 import { spawn, spawnSync } from "node:child_process";
-import * as http from "node:http";
 import open from "open";
 import * as fs from "fs";
 import { lookup } from "mime-types";
@@ -51,7 +51,7 @@ const applyCommand = defineAppCommand({
 		"clean-cache": arg(z.boolean().optional(), { description: "Clean the bundle cache before building" })
 	}).strict(),
 	run: async (args) => {
-		const { initTelemetry } = await import("../telemetry-BevrwWwF.mjs");
+		const { initTelemetry } = await import("../telemetry-BtN2l0f1.mjs");
 		await initTelemetry();
 		await apply({
 			workspaceId: args["workspace-id"],
@@ -808,7 +808,7 @@ const generateCommand = defineAppCommand({
 		})
 	}).strict(),
 	run: async (args) => {
-		const { initTelemetry } = await import("../telemetry-BevrwWwF.mjs");
+		const { initTelemetry } = await import("../telemetry-BtN2l0f1.mjs");
 		await initTelemetry();
 		await generate({
 			configPath: args.config,
@@ -935,13 +935,46 @@ const startAuthServer = async () => {
 		});
 	});
 };
+async function loginAsMachineUser(args) {
+	const clientSecret = args.clientSecret ?? await prompt.password({ message: "Client secret" });
+	const tokens = await fetchPlatformMachineUserToken(args.clientId, clientSecret);
+	const pfConfig = readPlatformConfig();
+	pfConfig.users = {
+		...pfConfig.users,
+		[args.clientId]: {
+			access_token: tokens.accessToken,
+			token_expires_at: new Date(tokens.expiresAt).toISOString()
+		}
+	};
+	pfConfig.current_user = args.clientId;
+	writePlatformConfig(pfConfig);
+}
 const loginCommand = defineAppCommand({
 	name: "login",
 	description: "Login to Tailor Platform.",
-	args: z.object({}).strict(),
-	run: async () => {
-		await startAuthServer();
+	args: z.xor([z.object({}).strict().describe("User Login"), z.object({
+		machineuser: arg(z.literal(true), {
+			description: "Login as a platform machine user.",
+			required: true
+		}),
+		"client-id": arg(z.string(), {
+			description: "Client ID",
+			env: "TAILOR_PLATFORM_MACHINE_USER_CLIENT_ID",
+			required: true
+		}),
+		"client-secret": arg(z.string().optional(), {
+			description: "Client secret",
+			env: "TAILOR_PLATFORM_MACHINE_USER_CLIENT_SECRET"
+		})
+	}).strict().describe("Machine User Login")]),
+	run: async (args) => {
+		if ("machineuser" in args && args.machineuser) await loginAsMachineUser({
+			clientId: args.clientId,
+			clientSecret: args.clientSecret
+		});
+		else await startAuthServer();
 		logger.success("Successfully logged in to Tailor Platform.");
+		await closeConnectionPool();
 	}
 });
 
@@ -958,11 +991,13 @@ const logoutCommand = defineAppCommand({
 			logger.info("You are not logged in.");
 			return;
 		}
-		initOAuth2Client().revoke({
+		const client = initOAuth2Client();
+		const tokenTypeHint = tokens.refresh_token ? "refresh_token" : "access_token";
+		client.revoke({
 			accessToken: tokens.access_token,
-			refreshToken: tokens.refresh_token,
+			refreshToken: tokens.refresh_token ?? null,
 			expiresAt: Date.parse(tokens.token_expires_at)
-		}, "refresh_token");
+		}, tokenTypeHint);
 		delete pfConfig.users[pfConfig.current_user];
 		pfConfig.current_user = null;
 		writePlatformConfig(pfConfig);
@@ -1209,6 +1244,57 @@ const secretValueArgs = {
 	})
 };
 
+//#endregion
+//#region src/cli/commands/secret/check-vault-managed.ts
+/**
+* Check if a vault is managed by defineSecretManager() and warn the user.
+* Returns management status and metadata needed for releasing ownership.
+* @param params - Check parameters
+* @returns Management status, TRN, and existing labels
+*/
+async function checkVaultManaged(params) {
+	const { client, workspaceId, vaultName } = params;
+	const trn = `${trnPrefix(workspaceId)}:vault:${vaultName}`;
+	const notManaged = {
+		isManaged: false,
+		trn,
+		existingLabels: {}
+	};
+	let owner;
+	let allLabels = {};
+	try {
+		const { metadata } = await client.getMetadata({ trn });
+		allLabels = metadata?.labels ?? {};
+		owner = allLabels[sdkNameLabelKey];
+	} catch {
+		return notManaged;
+	}
+	if (!owner) return notManaged;
+	logger.warn(`Vault "${vaultName}" is managed by defineSecretManager() in tailor.config.ts (owner: "${owner}"). Changes made via CLI may conflict with the config on the next apply.`);
+	return {
+		isManaged: true,
+		trn,
+		existingLabels: allLabels
+	};
+}
+/**
+* Release ownership of a managed vault by removing SDK labels from metadata.
+* Call this after the user has confirmed they want to proceed with a CLI operation on a managed vault.
+* @param params - Client, TRN, and existing labels from checkVaultManaged result
+* @param params.client
+* @param params.trn
+* @param params.existingLabels
+*/
+async function releaseVaultOwnership(params) {
+	const { client, trn, existingLabels } = params;
+	const { [sdkNameLabelKey]: _, "sdk-version": __, ...remainingLabels } = existingLabels;
+	await client.setMetadata({
+		trn,
+		labels: remainingLabels
+	});
+	logger.info("Config ownership has been removed from this vault. Remove it from defineSecretManager() in your config to prevent the next apply from re-claiming it.");
+}
+
 //#endregion
 //#region src/cli/commands/secret/create.ts
 const createSecretCommand = defineAppCommand({
@@ -1216,7 +1302,8 @@ const createSecretCommand = defineAppCommand({
 	description: "Create a secret in a vault.",
 	args: z.object({
 		...workspaceArgs,
-		...secretValueArgs
+		...secretValueArgs,
+		...confirmationArgs
 	}).strict(),
 	run: async (args) => {
 		const client = await initOperatorClient(await loadAccessToken({
@@ -1227,6 +1314,17 @@ const createSecretCommand = defineAppCommand({
 			workspaceId: args["workspace-id"],
 			profile: args.profile
 		});
+		const managed = await checkVaultManaged({
+			client,
+			workspaceId,
+			vaultName: args["vault-name"]
+		});
+		if (managed.isManaged && !args.yes) {
+			if (!await prompt.confirm({
+				message: "Do you want to proceed?",
+				default: false
+			})) return;
+		}
 		try {
 			await client.createSecretManagerSecret({
 				workspaceId,
@@ -1241,6 +1339,10 @@ const createSecretCommand = defineAppCommand({
 			}
 			throw error;
 		}
+		if (managed.isManaged) await releaseVaultOwnership({
+			client,
+			...managed
+		});
 		logger.success(`Secret: ${args.name} created in vault: ${args["vault-name"]}`);
 	}
 });
@@ -1264,6 +1366,11 @@ const deleteSecretCommand = defineAppCommand({
 			workspaceId: args["workspace-id"],
 			profile: args.profile
 		});
+		const managed = await checkVaultManaged({
+			client,
+			workspaceId,
+			vaultName: args["vault-name"]
+		});
 		if (!args.yes) {
 			if (await prompt.text({ message: `Enter the secret name to confirm deletion ("${args.name}"):` }) !== args.name) {
 				logger.info("Secret deletion cancelled.");
@@ -1280,6 +1387,10 @@ const deleteSecretCommand = defineAppCommand({
 			if (error instanceof ConnectError && error.code === Code.NotFound) throw new Error(`Secret "${args.name}" not found in vault "${args["vault-name"]}".`);
 			throw error;
 		}
+		if (managed.isManaged) await releaseVaultOwnership({
+			client,
+			...managed
+		});
 		logger.success(`Secret: ${args.name} deleted from vault: ${args["vault-name"]}`);
 	}
 });
@@ -1346,7 +1457,8 @@ const updateSecretCommand = defineAppCommand({
 	description: "Update a secret in a vault.",
 	args: z.object({
 		...workspaceArgs,
-		...secretValueArgs
+		...secretValueArgs,
+		...confirmationArgs
 	}).strict(),
 	run: async (args) => {
 		const client = await initOperatorClient(await loadAccessToken({
@@ -1357,6 +1469,17 @@ const updateSecretCommand = defineAppCommand({
 			workspaceId: args["workspace-id"],
 			profile: args.profile
 		});
+		const managed = await checkVaultManaged({
+			client,
+			workspaceId,
+			vaultName: args["vault-name"]
+		});
+		if (managed.isManaged && !args.yes) {
+			if (!await prompt.confirm({
+				message: "Do you want to proceed?",
+				default: false
+			})) return;
+		}
 		try {
 			await client.updateSecretManagerSecret({
 				workspaceId,
@@ -1368,6 +1491,10 @@ const updateSecretCommand = defineAppCommand({
 			if (error instanceof ConnectError && error.code === Code.NotFound) throw new Error(`Secret "${args.name}" not found in vault "${args["vault-name"]}".`);
 			throw error;
 		}
+		if (managed.isManaged) await releaseVaultOwnership({
+			client,
+			...managed
+		});
 		logger.success(`Secret: ${args.name} updated in vault: ${args["vault-name"]}`);
 	}
 });
@@ -1429,6 +1556,11 @@ const deleteCommand$1 = defineAppCommand({
 			workspaceId: args["workspace-id"],
 			profile: args.profile
 		});
+		const managed = await checkVaultManaged({
+			client,
+			workspaceId,
+			vaultName: args.name
+		});
 		if (!args.yes) {
 			if (await prompt.text({ message: `Enter the vault name to confirm deletion ("${args.name}"):` }) !== args.name) {
 				logger.info("Vault deletion cancelled.");
@@ -1444,6 +1576,7 @@ const deleteCommand$1 = defineAppCommand({
 			if (error instanceof ConnectError && error.code === Code.NotFound) throw new Error(`Vault "${args.name}" not found.`);
 			throw error;
 		}
+		if (managed.isManaged) logger.info("Remove this vault from defineSecretManager() in your config to prevent the next apply from re-creating it.");
 		logger.success(`Vault: ${args.name} deleted`);
 	}
 });
@@ -3082,11 +3215,11 @@ runMain(mainCommand, {
 				if (isVerbose() && error.stack) logger.debug(`\nStack trace:\n${error.stack}`);
 			} else logger.error(`Unknown error: ${error}`);
 			if (!isCLIError(error) && (!(error instanceof Error) || error instanceof TypeError || error instanceof RangeError)) {
-				const { reportCrash } = await import("../crash-report-Cot_9Esm.mjs");
+				const { reportCrash } = await import("../crash-report-CYrETw1c.mjs");
 				await reportCrash(error, "handledError");
 			}
 		}
-		const { shutdownTelemetry } = await import("../telemetry-BevrwWwF.mjs");
+		const { shutdownTelemetry } = await import("../telemetry-BtN2l0f1.mjs");
 		await shutdownTelemetry();
 	}
 });