@tailor-platform/sdk 1.35.2 → 1.37.0

package/CHANGELOG.md

@@ -1,5 +1,59 @@
 # @tailor-platform/sdk
 
+## 1.37.0
+
+### Minor Changes
+
+- [#971](https://github.com/tailor-platform/sdk/pull/971) [`be1a354`](https://github.com/tailor-platform/sdk/commit/be1a354c44f4c406d674fb03fc6695d07662dfac) Thanks [@toiroakr](https://github.com/toiroakr)! - Accept plain string for `authInvoker` in resolvers, executors, and `workflow.trigger()` (e.g. `authInvoker: "kiosk"`). Machine user names are type-narrowed via the generated `tailor.d.ts` (`MachineUserNameRegistry` interface). `auth.invoker(...)` is now deprecated in favor of the string form, which avoids pulling config-layer (Node-only) dependencies into runtime bundles.
+
+- [#858](https://github.com/tailor-platform/sdk/pull/858) [`28872e5`](https://github.com/tailor-platform/sdk/commit/28872e538fec564cdbd675a6fa102820fe6ccf49) Thanks [@r253hmdryou](https://github.com/r253hmdryou)! - Group related resource changes in apply dry-run output
+
+  Consolidate function registry changes with their parent resources (workflow, resolver, executor, auth hook) in dry-run display. Group TailorDB type and gqlPermission changes by type name. Nest resources under their namespace for clearer hierarchy.
+
+  Plan summary counts now reflect grouped display units to match the displayed rows.
+
+### Patch Changes
+
+- [#972](https://github.com/tailor-platform/sdk/pull/972) [`0a70288`](https://github.com/tailor-platform/sdk/commit/0a7028873f6e9d0c13fc8df3e203f9f8c3ff45d3) Thanks [@toiroakr](https://github.com/toiroakr)! - Fix `UNRESOLVED_IMPORT` warning during SDK builds by replacing the self-referential `@tailor-platform/sdk` dynamic import in `function test-run` detection with an alias-based dynamic import
+
+- [#961](https://github.com/tailor-platform/sdk/pull/961) [`6638782`](https://github.com/tailor-platform/sdk/commit/663878239f573537965071e61c92c70be1c4bdda) Thanks [@renovate](https://github.com/apps/renovate)! - chore(deps): update dependency typescript-eslint to v8.58.1
+
+- [#964](https://github.com/tailor-platform/sdk/pull/964) [`3472427`](https://github.com/tailor-platform/sdk/commit/34724277f12e463d6e60b1613b035aa27d3161e5) Thanks [@renovate](https://github.com/apps/renovate)! - fix(deps): update dependency @inquirer/prompts to v8.4.1
+
+- [#967](https://github.com/tailor-platform/sdk/pull/967) [`bed9050`](https://github.com/tailor-platform/sdk/commit/bed9050172b74ad5a2200de55b80fbc397b6ef7a) Thanks [@renovate](https://github.com/apps/renovate)! - fix(deps): update dependency rolldown to v1.0.0-rc.15
+
+- [#968](https://github.com/tailor-platform/sdk/pull/968) [`da649c6`](https://github.com/tailor-platform/sdk/commit/da649c69285c4b7b53c28b2ad2b3531b2a0686be) Thanks [@renovate](https://github.com/apps/renovate)! - chore(deps): update actions/create-github-app-token action to v3.1.1
+
+- [#969](https://github.com/tailor-platform/sdk/pull/969) [`133bc14`](https://github.com/tailor-platform/sdk/commit/133bc143b542fc82a462b844c0eca3888332ae24) Thanks [@renovate](https://github.com/apps/renovate)! - chore(deps): update pnpm/action-setup action to v6
+
+## 1.36.0
+
+### Minor Changes
+
+- [#920](https://github.com/tailor-platform/sdk/pull/920) [`1b64d8e`](https://github.com/tailor-platform/sdk/commit/1b64d8e07c4b8b2c8bcfaded5210b8774d4556ff) Thanks [@dqn](https://github.com/dqn)! - Show original source locations and code snippets in `function test-run` errors using inline sourcemaps
+
+- [#931](https://github.com/tailor-platform/sdk/pull/931) [`a1dab54`](https://github.com/tailor-platform/sdk/commit/a1dab54dfec4c7eb69348ab94a82de9d22231c45) Thanks [@toiroakr](https://github.com/toiroakr)! - Add `ignoreNullishValues` option to `defineSecretManager` to skip secrets with nullish values during deploy
+
+- [#965](https://github.com/tailor-platform/sdk/pull/965) [`c273be3`](https://github.com/tailor-platform/sdk/commit/c273be330071a9e3d2d2ebc65ef9b17e9c995ddc) Thanks [@haru0017](https://github.com/haru0017)! - Add `defaultRedirectURL` to SAML IdP config for handling SAML ACS responses with empty RelayState
+
+### Patch Changes
+
+- [#911](https://github.com/tailor-platform/sdk/pull/911) [`3cf9975`](https://github.com/tailor-platform/sdk/commit/3cf997591ac06c18a973cd16b3c6bc70b05f6793) Thanks [@k1LoW](https://github.com/k1LoW)! - Add `permission` option to `defineIdp()` for per-operation permission policies on IdP users (create, read, update, delete, sendPasswordResetEmail)
+
+- [#947](https://github.com/tailor-platform/sdk/pull/947) [`19f95c2`](https://github.com/tailor-platform/sdk/commit/19f95c27e22027037457fcfcd9adca360f62553d) Thanks [@renovate](https://github.com/apps/renovate)! - chore(deps): update dependency oxlint to v1.59.0
+
+- [#956](https://github.com/tailor-platform/sdk/pull/956) [`391c53d`](https://github.com/tailor-platform/sdk/commit/391c53d32dd7108aead8917abb12a2b928df792a) Thanks [@renovate](https://github.com/apps/renovate)! - chore(deps): lock file maintenance
+
+- [#957](https://github.com/tailor-platform/sdk/pull/957) [`cc14d77`](https://github.com/tailor-platform/sdk/commit/cc14d773c1f62b9e14c935cf4541983ed514fe90) Thanks [@renovate](https://github.com/apps/renovate)! - chore(deps): update actions/upload-artifact action to v7.0.1
+
+- [#958](https://github.com/tailor-platform/sdk/pull/958) [`32e6b1f`](https://github.com/tailor-platform/sdk/commit/32e6b1fa67a582db685f8268dbbb38c0ac45b101) Thanks [@renovate](https://github.com/apps/renovate)! - chore(deps): update anthropics/claude-code-action action to v1.0.93
+
+- [#959](https://github.com/tailor-platform/sdk/pull/959) [`61b60c9`](https://github.com/tailor-platform/sdk/commit/61b60c9b0e8af467a50bc4ee06ada89fba76a653) Thanks [@renovate](https://github.com/apps/renovate)! - chore(deps): update dependency knip to v6.3.1
+
+- [#960](https://github.com/tailor-platform/sdk/pull/960) [`9e0ce60`](https://github.com/tailor-platform/sdk/commit/9e0ce60b2d5c662c6983c60a377f5ce7c3dea7df) Thanks [@renovate](https://github.com/apps/renovate)! - chore(deps): update dependency turbo to v2.9.5
+
+- [#962](https://github.com/tailor-platform/sdk/pull/962) [`dd74185`](https://github.com/tailor-platform/sdk/commit/dd74185d593be00122a173ca427c238292a627bf) Thanks [@renovate](https://github.com/apps/renovate)! - chore(deps): update marocchino/sticky-pull-request-comment action to v3.0.4
+
 ## 1.35.2
 
 ### Patch Changes

package/dist/application-ILhZq_oW.mjs

@@ -0,0 +1,4 @@
+
+import { n as generatePluginFilesIfNeeded, r as loadApplication, t as defineApplication } from "./application-qRGMV8Tr.mjs";
+
+export { defineApplication };

package/dist/{application-BnJRroGX.mjs → application-qRGMV8Tr.mjs}

@@ -1,12 +1,12 @@
 
-import { l as initOAuth2Client } from "./client-CA2NM_4R.mjs";
-import { n as isSdkBranded } from "./brand-0SscafcY.mjs";
-import { n as logger, r as styles } from "./logger-qz-Y4sBV.mjs";
-import { t as readPackageJson } from "./package-json-CfUqjJaQ.mjs";
-import { n as seedPlugin, r as isPluginGeneratedType, t as SeedGeneratorID } from "./seed-BZIFDG27.mjs";
-import { n as enumConstantsPlugin, t as EnumConstantsGeneratorID } from "./enum-constants-DI85-fPE.mjs";
-import { n as fileUtilsPlugin, t as FileUtilsGeneratorID } from "./file-utils-C4rXlOVt.mjs";
-import { n as kyselyTypePlugin, t as KyselyGeneratorID } from "./kysely-type-DtnNdHn3.mjs";
+import { l as initOAuth2Client } from "./client-DllDLYmZ.mjs";
+import { n as isSdkBranded } from "./brand-D-d15jx3.mjs";
+import { n as logger, r as styles } from "./logger-C8qBDCKO.mjs";
+import { t as readPackageJson } from "./package-json-BHViVisJ.mjs";
+import { n as seedPlugin, r as isPluginGeneratedType, t as SeedGeneratorID } from "./seed-DrbB1VXd.mjs";
+import { n as enumConstantsPlugin, t as EnumConstantsGeneratorID } from "./enum-constants-Dx82rSjf.mjs";
+import { n as fileUtilsPlugin, t as FileUtilsGeneratorID } from "./file-utils-DeWpvq3T.mjs";
+import { n as kyselyTypePlugin, t as KyselyGeneratorID } from "./kysely-type-CwtvQuxh.mjs";
 import { createRequire } from "node:module";
 import { z } from "zod";
 import * as fs$1 from "node:fs";
@@ -1599,6 +1599,23 @@ function detectDefaultImports(program) {
 //#endregion
 //#region src/cli/services/workflow/trigger-transformer.ts
 /**
+* Name of the injected runtime normalizer helper. Chosen to be unique enough
+* to avoid collisions with user code.
+*/
+const NORMALIZER_IDENTIFIER = "__tailor_normalizeAuthInvoker";
+/**
+* Build the source text of the injected normalizer helper.
+*
+* Accepts either a plain string (machine user name) or the object form
+* `{ namespace, machineUserName }`, and always returns the object form.
+* The auth namespace is baked in at bundle time.
+* @param authNamespace - Auth service namespace to embed
+* @returns Source line defining the helper
+*/
+function buildNormalizerHelperSource(authNamespace) {
+	return `const ${NORMALIZER_IDENTIFIER} = (v) => typeof v === "string" ? { namespace: ${JSON.stringify(authNamespace)}, machineUserName: v } : v;\n`;
+}
+/**
 * Extract authInvoker info from a config object expression
 * Returns the authInvoker value text and whether it's a shorthand property
 * @param configArg - Config argument node
@@ -1703,9 +1720,10 @@ function detectExtendedTriggerCalls(program, sourceText, workflowNames, jobNames
 * @param jobNameMap - Map from variable name to job name
 * @param workflowFileMap - Map from file path (without extension) to workflow name for default exports
 * @param currentFilePath - Path of the current file being transformed (for resolving relative imports)
+* @param authNamespace - Auth service namespace used to expand string-literal `authInvoker` to object form
 * @returns Transformed source code with trigger calls rewritten
 */
-function transformFunctionTriggers(source, workflowNameMap, jobNameMap, workflowFileMap, currentFilePath) {
+function transformFunctionTriggers(source, workflowNameMap, jobNameMap, workflowFileMap, currentFilePath, authNamespace) {
 	const { program } = parseSync("input.ts", source);
 	const localWorkflowNameMap = new Map(workflowNameMap);
 	if (workflowFileMap && currentFilePath) {
@@ -1720,10 +1738,16 @@ function transformFunctionTriggers(source, workflowNameMap, jobNameMap, workflow
 	}
 	const triggerCalls = detectExtendedTriggerCalls(program, source, new Set(localWorkflowNameMap.keys()), new Set(jobNameMap.keys()));
 	const replacements = [];
+	let needsNormalizerHelper = false;
 	for (const call of triggerCalls) if (call.kind === "workflow" && call.authInvoker) {
 		const workflowName = localWorkflowNameMap.get(call.identifierName);
 		if (workflowName) {
-			const authInvokerExpr = call.authInvoker.isShorthand ? "authInvoker" : call.authInvoker.valueText;
+			const rawExpr = call.authInvoker.isShorthand ? "authInvoker" : call.authInvoker.valueText;
+			let authInvokerExpr;
+			if (authNamespace) {
+				authInvokerExpr = `${NORMALIZER_IDENTIFIER}(${rawExpr})`;
+				needsNormalizerHelper = true;
+			} else authInvokerExpr = rawExpr;
 			const transformedCall = `tailor.workflow.triggerWorkflow("${workflowName}", ${call.argsText || "undefined"}, { authInvoker: ${authInvokerExpr} })`;
 			replacements.push({
 				start: call.callRange.start,
@@ -1743,7 +1767,9 @@ function transformFunctionTriggers(source, workflowNameMap, jobNameMap, workflow
 			});
 		}
 	}
-	return applyReplacements(source, replacements);
+	const transformed = applyReplacements(source, replacements);
+	if (needsNormalizerHelper && authNamespace) return buildNormalizerHelperSource(authNamespace) + transformed;
+	return transformed;
 }
 
 //#endregion
@@ -1762,16 +1788,18 @@ function normalizeFilePath(filePath) {
 * Build trigger context from workflow configuration
 * Scans workflow files to collect workflow and job mappings
 * @param workflowConfig - Workflow file loading configuration
+* @param authNamespace - Auth service namespace (optional, used for string-literal authInvoker expansion)
 * @returns Trigger context built from workflow sources
 */
-async function buildTriggerContext(workflowConfig) {
+async function buildTriggerContext(workflowConfig, authNamespace) {
 	const workflowNameMap = /* @__PURE__ */ new Map();
 	const jobNameMap = /* @__PURE__ */ new Map();
 	const workflowFileMap = /* @__PURE__ */ new Map();
 	if (!workflowConfig) return {
 		workflowNameMap,
 		jobNameMap,
-		workflowFileMap
+		workflowFileMap,
+		authNamespace
 	};
 	const workflowFiles = loadFilesWithIgnores(workflowConfig);
 	for (const file of workflowFiles) try {
@@ -1794,7 +1822,8 @@ async function buildTriggerContext(workflowConfig) {
 	return {
 		workflowNameMap,
 		jobNameMap,
-		workflowFileMap
+		workflowFileMap,
+		authNamespace
 	};
 }
 function sortedMapToJson(m) {
@@ -1808,7 +1837,7 @@ function sortedMapToJson(m) {
 */
 function serializeTriggerContext(ctx) {
 	if (!ctx) return "";
-	return sortedMapToJson(ctx.workflowNameMap) + sortedMapToJson(ctx.jobNameMap) + sortedMapToJson(ctx.workflowFileMap);
+	return sortedMapToJson(ctx.workflowNameMap) + sortedMapToJson(ctx.jobNameMap) + sortedMapToJson(ctx.workflowFileMap) + (ctx.authNamespace ?? "");
 }
 /**
 * Create a rolldown plugin for transforming trigger calls
@@ -1824,7 +1853,7 @@ function createTriggerTransformPlugin(triggerContext) {
 			filter: { id: { include: [/\.ts$/, /\.js$/] } },
 			handler(code, id) {
 				if (!code.includes(".trigger(")) return null;
-				return { code: transformFunctionTriggers(code, triggerContext.workflowNameMap, triggerContext.jobNameMap, triggerContext.workflowFileMap, id) };
+				return { code: transformFunctionTriggers(code, triggerContext.workflowNameMap, triggerContext.jobNameMap, triggerContext.workflowFileMap, id, triggerContext.authNamespace) };
 			}
 		}
 	};
@@ -3179,10 +3208,11 @@ const TailorFieldSchema = z.object({
 
 //#endregion
 //#region src/parser/service/auth/schema.ts
-const AuthInvokerSchema = z.object({
+const AuthInvokerObjectSchema = z.object({
 	namespace: z.string().describe("Auth namespace"),
 	machineUserName: z.string().describe("Machine user name for authentication")
 });
+const AuthInvokerSchema = z.union([z.string().describe("Machine user name (namespace auto-resolved from auth service)"), AuthInvokerObjectSchema]);
 const secretValueSchema = z.object({
 	vaultName: z.string().describe("Vault name containing the secret"),
 	secretKey: z.string().describe("Key of the secret in the vault")
@@ -3201,7 +3231,8 @@ const SAMLSchema = z.object({
 	kind: z.literal("SAML"),
 	enableSignRequest: z.boolean().default(false).describe("Enable signing of SAML requests"),
 	metadataURL: z.string().optional().describe("URL to fetch SAML metadata (mutually exclusive with rawMetadata)"),
-	rawMetadata: z.string().optional().describe("Raw SAML metadata XML (mutually exclusive with metadataURL)")
+	rawMetadata: z.string().optional().describe("Raw SAML metadata XML (mutually exclusive with metadataURL)"),
+	defaultRedirectURL: z.string().optional().describe("URL to redirect to when SAML ACS receives a response with an empty RelayState.")
 }).refine((value) => {
 	return value.metadataURL !== void 0 !== (value.rawMetadata !== void 0);
 }, "Provide either metadataURL or rawMetadata");
@@ -4211,7 +4242,7 @@ async function bundleSingleJob(job, allJobs, outputDir, tsconfig, env, triggerCo
 					handler(code, id) {
 						if (!code.includes("createWorkflowJob") && !code.includes("createWorkflow") && !code.includes(".trigger(")) return null;
 						let transformed = transformWorkflowSource(code, job.name, job.exportName, otherJobExportNames, allJobsMap);
-						if (triggerContext && transformed.includes(".trigger(")) transformed = transformFunctionTriggers(transformed, triggerContext.workflowNameMap, triggerContext.jobNameMap, triggerContext.workflowFileMap, id);
+						if (triggerContext && transformed.includes(".trigger(")) transformed = transformFunctionTriggers(transformed, triggerContext.workflowNameMap, triggerContext.jobNameMap, triggerContext.workflowFileMap, id, triggerContext.authNamespace);
 						return { code: transformed };
 					}
 				}
@@ -4644,6 +4675,68 @@ const IdPEmailConfigSchema = z.object({
 	fromName: emailFieldSchema.optional().describe("Default sender display name for emails"),
 	passwordResetSubject: emailFieldSchema.optional().describe("Default subject for password reset emails")
 }).describe("Namespace-level email configuration defaults");
+const IdPPermissionOperandSchema = z.union([
+	z.string(),
+	z.boolean(),
+	z.array(z.string()).readonly(),
+	z.array(z.boolean()).readonly(),
+	z.object({ user: z.string() }),
+	z.object({ idpUser: z.enum([
+		"id",
+		"name",
+		"disabled"
+	]) }),
+	z.object({ oldIdpUser: z.enum([
+		"id",
+		"name",
+		"disabled"
+	]) }),
+	z.object({ newIdpUser: z.enum([
+		"id",
+		"name",
+		"disabled"
+	]) })
+]);
+const IdPPermissionOperatorSchema = z.enum([
+	"=",
+	"!=",
+	"in",
+	"not in"
+]);
+const IdPPermissionConditionSchema = z.tuple([
+	IdPPermissionOperandSchema,
+	IdPPermissionOperatorSchema,
+	IdPPermissionOperandSchema
+]).readonly();
+const IdPActionPermissionSchema = z.union([
+	z.object({
+		conditions: z.union([IdPPermissionConditionSchema, z.array(IdPPermissionConditionSchema).readonly()]),
+		description: z.string().optional(),
+		permit: z.boolean().optional()
+	}),
+	z.tuple([
+		IdPPermissionOperandSchema,
+		IdPPermissionOperatorSchema,
+		IdPPermissionOperandSchema
+	]).readonly(),
+	z.tuple([
+		IdPPermissionOperandSchema,
+		IdPPermissionOperatorSchema,
+		IdPPermissionOperandSchema,
+		z.boolean()
+	]).readonly(),
+	z.array(z.union([IdPPermissionConditionSchema, z.boolean()])).refine((arr) => {
+		const boolIndex = arr.findIndex((item) => typeof item === "boolean");
+		return boolIndex === -1 || boolIndex === arr.length - 1;
+	}, { message: "Boolean permit flag must only appear at the end" }).readonly()
+]);
+const IdPPermissionSchema = z.object({
+	create: z.array(IdPActionPermissionSchema).readonly(),
+	read: z.array(IdPActionPermissionSchema).readonly(),
+	update: z.array(IdPActionPermissionSchema).readonly(),
+	delete: z.array(IdPActionPermissionSchema).readonly(),
+	sendPasswordResetEmail: z.array(IdPActionPermissionSchema).readonly()
+}).describe("Per-operation permission policies for IdP users");
 const IdPSchema = z.object({
 	name: z.string().describe("IdP service name"),
 	authorization: z.union([
@@ -4656,14 +4749,18 @@ const IdPSchema = z.object({
 	userAuthPolicy: IdPUserAuthPolicySchema.transform((input) => IdPUserAuthPolicySchema.parse(input ?? {})).optional().describe("User authentication policy configuration"),
 	publishUserEvents: z.boolean().optional().describe("Enable publishing user lifecycle events"),
 	gqlOperations: IdPGqlOperationsSchema.optional().describe("Configure which GraphQL operations are enabled"),
-	emailConfig: IdPEmailConfigSchema.optional().describe("Namespace-level email configuration defaults")
+	emailConfig: IdPEmailConfigSchema.optional().describe("Namespace-level email configuration defaults"),
+	permission: IdPPermissionSchema.optional().describe("Per-operation permission policies for IdP users")
 }).brand("IdPConfig");
 
 //#endregion
 //#region src/parser/service/secrets/schema.ts
 const nameSchema = z.string().regex(/^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$/);
-const secretsVaultSchema = z.record(nameSchema, z.string());
-const SecretsSchema = z.record(nameSchema, secretsVaultSchema);
+const secretsVaultSchema = z.record(nameSchema, z.string().nullish());
+const SecretsSchema = z.object({
+	vaults: z.record(nameSchema, secretsVaultSchema),
+	options: z.object({ ignoreNullishValues: z.boolean() })
+});
 
 //#endregion
 //#region src/parser/service/staticwebsite/schema.ts
@@ -4789,27 +4886,43 @@ function defineStaticWebsites(websites) {
 	});
 	return staticWebsiteServices;
 }
-function defineSecretManager(config) {
-	if (!config) return [];
-	const data = Object.fromEntries(Object.entries(config));
-	const parsed = SecretsSchema.parse(data);
-	return Object.entries(parsed).map(([vaultName, vaultSecrets]) => ({
+function parseSecretManager(config) {
+	if (!config) return {
+		secrets: [],
+		ignoreNullishValues: false
+	};
+	const parsed = SecretsSchema.parse(config);
+	const { ignoreNullishValues } = parsed.options;
+	const secrets = Object.entries(parsed.vaults).map(([vaultName, vaultSecrets]) => ({
 		vaultName,
 		secrets: Object.entries(vaultSecrets).map(([name, value]) => ({
 			name,
 			value
 		}))
 	}));
+	if (!ignoreNullishValues) {
+		for (const vault of secrets) for (const secret of vault.secrets) if (secret.value == null) throw new Error(`Secret "${vault.vaultName}/${secret.name}" has no value. Use { ignoreNullishValues: true } option in defineSecretManager() to skip secrets without values.`);
+	}
+	return {
+		secrets,
+		ignoreNullishValues
+	};
 }
 function defineServices(config, pluginManager) {
 	const tailordbResult = defineTailorDB(config.db, pluginManager);
+	const resolverResult = defineResolver(config.resolver);
+	const idpResult = defineIdp(config.idp);
+	const authResult = defineAuth(config.auth, tailordbResult.tailorDBServices, tailordbResult.externalTailorDBNamespaces);
+	const staticWebsiteServices = defineStaticWebsites(config.staticWebsites);
+	const { secrets, ignoreNullishValues } = parseSecretManager(config.secrets);
 	return {
 		tailordbResult,
-		resolverResult: defineResolver(config.resolver),
-		idpResult: defineIdp(config.idp),
-		authResult: defineAuth(config.auth, tailordbResult.tailorDBServices, tailordbResult.externalTailorDBNamespaces),
-		staticWebsiteServices: defineStaticWebsites(config.staticWebsites),
-		secrets: defineSecretManager(config.secrets)
+		resolverResult,
+		idpResult,
+		authResult,
+		staticWebsiteServices,
+		secrets,
+		ignoreNullishValues
 	};
 }
 function buildApplication(params) {
@@ -4831,6 +4944,7 @@ function buildApplication(params) {
 		workflowService: params.workflowService,
 		staticWebsiteServices: params.staticWebsiteServices,
 		secrets: params.secrets,
+		ignoreNullishValues: params.ignoreNullishValues,
 		env: params.env,
 		get applications() {
 			return [application];
@@ -4893,7 +5007,7 @@ function generatePluginFilesIfNeeded(pluginManager, tailorDBServices, configPath
 */
 async function loadApplication(params) {
 	const { config, pluginManager, bundleCache } = params;
-	const { tailordbResult, resolverResult, idpResult, authResult, staticWebsiteServices, secrets } = defineServices(config, pluginManager);
+	const { tailordbResult, resolverResult, idpResult, authResult, staticWebsiteServices, secrets, ignoreNullishValues } = defineServices(config, pluginManager);
 	for (const tailordb of tailordbResult.tailorDBServices) {
 		await tailordb.loadTypes();
 		await tailordb.processNamespacePlugins();
@@ -4902,7 +5016,7 @@ async function loadApplication(params) {
 	const executorService = defineExecutor(config.executor, pluginExecutorFiles.length > 0);
 	const workflowService = defineWorkflow(config.workflow);
 	if (workflowService) await workflowService.loadWorkflows();
-	const triggerContext = await buildTriggerContext(config.workflow);
+	const triggerContext = await buildTriggerContext(config.workflow, authResult.authService?.config.name);
 	const inlineSourcemap = resolveInlineSourcemap(config.inlineSourcemap);
 	const bundledScripts = {
 		resolvers: /* @__PURE__ */ new Map(),
@@ -4956,6 +5070,7 @@ async function loadApplication(params) {
 			workflowService,
 			staticWebsiteServices,
 			secrets,
+			ignoreNullishValues,
 			env: config.env ?? {}
 		}),
 		workflowBuildResult,
@@ -4965,4 +5080,4 @@ async function loadApplication(params) {
 
 //#endregion
 export { resolveTokens as C, readPlatformConfig as S, writePlatformConfig as T, hashFile as _, loadConfig as a, loadAccessToken as b, createExecutorService as c, TailorDBTypeSchema as d, stringifyFunction as f, getDistDir as g, createBundleCache as h, resolveInlineSourcemap as i, ExecutorSchema as l, loadFilesWithIgnores as m, generatePluginFilesIfNeeded as n, WorkflowJobSchema as o, tailorUserMap as p, loadApplication as r, ResolverSchema as s, defineApplication as t, OAuth2ClientSchema as u, deleteUserTokens as v, saveUserTokens as w, loadWorkspaceId as x, fetchLatestToken as y };
-//# sourceMappingURL=application-BnJRroGX.mjs.map
+//# sourceMappingURL=application-qRGMV8Tr.mjs.map