@tailor-platform/sdk 1.36.0 → 1.38.0

package/docs/cli/upgrade.md

@@ -0,0 +1,51 @@
+<!-- politty:command:upgrade:heading:start -->
+
+## upgrade
+
+<!-- politty:command:upgrade:heading:end -->
+
+<!-- politty:command:upgrade:description:start -->
+
+Run codemods to upgrade your project to a newer SDK version.
+
+<!-- politty:command:upgrade:description:end -->
+
+<!-- politty:command:upgrade:usage:start -->
+
+**Usage**
+
+```
+tailor-sdk upgrade [options]
+```
+
+<!-- politty:command:upgrade:usage:end -->
+
+<!-- politty:command:upgrade:options:start -->
+
+**Options**
+
+| Option          | Alias | Description                                   | Required | Default |
+| --------------- | ----- | --------------------------------------------- | -------- | ------- |
+| `--from <FROM>` | -     | SDK version before the upgrade (e.g., 1.33.0) | Yes      | -       |
+| `--dry-run`     | `-d`  | Preview changes without modifying files       | No       | `false` |
+| `--path <PATH>` | -     | Project directory to upgrade                  | No       | `"."`   |
+
+<!-- politty:command:upgrade:options:end -->
+
+<!-- politty:command:upgrade:global-options-link:start -->
+
+See [Global Options](../cli-reference.md#global-options) for options available to all commands.
+
+<!-- politty:command:upgrade:global-options-link:end -->
+
+### How It Works
+
+The `upgrade` command runs codemods that automatically transform your project code for breaking changes between SDK versions. The target version (`--to`) is auto-detected from the installed `@tailor-platform/sdk` in `node_modules`.
+
+**Typical workflow:**
+
+1. Update your SDK packages to the new version (e.g., `pnpm update @tailor-platform/sdk`)
+2. Run `tailor-sdk upgrade --from <old-version>` to apply codemods
+3. Review changes and commit
+
+Use `--dry-run` to preview what changes will be made before applying them.

package/docs/cli/user.md

@@ -38,7 +38,7 @@ _no options_
 
 | Option                            | Alias | Description                       | Required | Default | Env                                          |
 | --------------------------------- | ----- | --------------------------------- | -------- | ------- | -------------------------------------------- |
-| `--machineuser <MACHINEUSER>`     | -     | Login as a platform machine user. | Yes      | -       | -                                            |
+| `--machine-user <MACHINE_USER>`   | -     | Login as a platform machine user. | Yes      | -       | -                                            |
 | `--client-id <CLIENT_ID>`         | -     | Client ID                         | Yes      | -       | `TAILOR_PLATFORM_MACHINE_USER_CLIENT_ID`     |
 | `--client-secret <CLIENT_SECRET>` | -     | Client secret                     | No       | -       | `TAILOR_PLATFORM_MACHINE_USER_CLIENT_SECRET` |
 

package/docs/cli/workflow.md

@@ -165,16 +165,16 @@ tailor-sdk workflow start [options] <name>
 
 **Options**
 
-| Option                          | Alias | Description                                                    | Required | Default              | Env                               |
-| ------------------------------- | ----- | -------------------------------------------------------------- | -------- | -------------------- | --------------------------------- |
-| `--workspace-id <WORKSPACE_ID>` | `-w`  | Workspace ID                                                   | No       | -                    | `TAILOR_PLATFORM_WORKSPACE_ID`    |
-| `--profile <PROFILE>`           | `-p`  | Workspace profile                                              | No       | -                    | `TAILOR_PLATFORM_PROFILE`         |
-| `--config <CONFIG>`             | `-c`  | Path to SDK config file                                        | No       | `"tailor.config.ts"` | `TAILOR_PLATFORM_SDK_CONFIG_PATH` |
-| `--machineuser <MACHINEUSER>`   | `-m`  | Machine user name                                              | Yes      | -                    | -                                 |
-| `--arg <ARG>`                   | `-a`  | Workflow argument (JSON string)                                | No       | -                    | -                                 |
-| `--wait`                        | `-W`  | Wait for execution to complete                                 | No       | `false`              | -                                 |
-| `--interval <INTERVAL>`         | `-i`  | Polling interval when using --wait (e.g., '3s', '500ms', '1m') | No       | `"3s"`               | -                                 |
-| `--logs`                        | `-l`  | Display job execution logs after completion (requires --wait)  | No       | `false`              | -                                 |
+| Option                          | Alias | Description                                                    | Required | Default              | Env                                 |
+| ------------------------------- | ----- | -------------------------------------------------------------- | -------- | -------------------- | ----------------------------------- |
+| `--workspace-id <WORKSPACE_ID>` | `-w`  | Workspace ID                                                   | No       | -                    | `TAILOR_PLATFORM_WORKSPACE_ID`      |
+| `--profile <PROFILE>`           | `-p`  | Workspace profile                                              | No       | -                    | `TAILOR_PLATFORM_PROFILE`           |
+| `--config <CONFIG>`             | `-c`  | Path to SDK config file                                        | No       | `"tailor.config.ts"` | `TAILOR_PLATFORM_SDK_CONFIG_PATH`   |
+| `--machine-user <MACHINE_USER>` | `-m`  | Machine user name                                              | Yes      | -                    | `TAILOR_PLATFORM_MACHINE_USER_NAME` |
+| `--arg <ARG>`                   | `-a`  | Workflow argument (JSON string)                                | No       | -                    | -                                   |
+| `--wait`                        | `-W`  | Wait for execution to complete                                 | No       | `false`              | -                                   |
+| `--interval <INTERVAL>`         | `-i`  | Polling interval when using --wait (e.g., '3s', '500ms', '1m') | No       | `"3s"`               | -                                   |
+| `--logs`                        | `-l`  | Display job execution logs after completion (requires --wait)  | No       | `false`              | -                                   |
 
 <!-- politty:command:workflow start:options:end -->
 

package/docs/cli-reference.md

@@ -53,20 +53,21 @@ tailor-sdk apply --env-file .env --env-file .env.production
 
 You can use environment variables to configure workspace and authentication:
 
-| Variable                                     | Description                                                                 |
-| -------------------------------------------- | --------------------------------------------------------------------------- |
-| `TAILOR_PLATFORM_WORKSPACE_ID`               | Workspace ID for deployment commands                                        |
-| `TAILOR_PLATFORM_ORGANIZATION_ID`            | Organization ID for organization commands                                   |
-| `TAILOR_PLATFORM_FOLDER_ID`                  | Folder ID for folder commands                                               |
-| `TAILOR_PLATFORM_TOKEN`                      | Authentication token (alternative to `login`)                               |
-| `TAILOR_TOKEN`                               | **Deprecated.** Use `TAILOR_PLATFORM_TOKEN` instead                         |
-| `TAILOR_PLATFORM_PROFILE`                    | Workspace profile name                                                      |
-| `TAILOR_PLATFORM_SDK_CONFIG_PATH`            | Path to SDK config file                                                     |
-| `TAILOR_PLATFORM_MACHINE_USER_CLIENT_ID`     | Client ID for `login --machineuser`                                         |
-| `TAILOR_PLATFORM_MACHINE_USER_CLIENT_SECRET` | Client secret for `login --machineuser`                                     |
-| `VISUAL` / `EDITOR`                          | Preferred editor for commands that open files (e.g., `vim`, `code`, `nano`) |
-| `TAILOR_CRASH_REPORTS_LOCAL`                 | Local crash log writing: `on` (default) or `off`                            |
-| `TAILOR_CRASH_REPORTS_REMOTE`                | Automatic crash report submission: `off` (default) or `on`                  |
+| Variable                                     | Description                                                                  |
+| -------------------------------------------- | ---------------------------------------------------------------------------- |
+| `TAILOR_PLATFORM_WORKSPACE_ID`               | Workspace ID for deployment commands                                         |
+| `TAILOR_PLATFORM_ORGANIZATION_ID`            | Organization ID for organization commands                                    |
+| `TAILOR_PLATFORM_FOLDER_ID`                  | Folder ID for folder commands                                                |
+| `TAILOR_PLATFORM_TOKEN`                      | Authentication token (alternative to `login`)                                |
+| `TAILOR_TOKEN`                               | **Deprecated.** Use `TAILOR_PLATFORM_TOKEN` instead                          |
+| `TAILOR_PLATFORM_PROFILE`                    | Workspace profile name                                                       |
+| `TAILOR_PLATFORM_SDK_CONFIG_PATH`            | Path to SDK config file                                                      |
+| `TAILOR_PLATFORM_MACHINE_USER_CLIENT_ID`     | Client ID for `login --machine-user`                                         |
+| `TAILOR_PLATFORM_MACHINE_USER_CLIENT_SECRET` | Client secret for `login --machine-user`                                     |
+| `TAILOR_PLATFORM_MACHINE_USER_NAME`          | Default machine user name for `query`, `workflow start`, `function test-run` |
+| `VISUAL` / `EDITOR`                          | Preferred editor for commands that open files (e.g., `vim`, `code`, `nano`)  |
+| `TAILOR_CRASH_REPORTS_LOCAL`                 | Local crash log writing: `on` (default) or `off`                             |
+| `TAILOR_CRASH_REPORTS_REMOTE`                | Automatic crash report submission: `off` (default) or `on`                   |
 
 ### Authentication Token Priority
 
@@ -259,6 +260,14 @@ Commands for setting up project infrastructure.
 | ------------------------------------------- | ------------------------------------------------------- |
 | [setup github](./cli/setup.md#setup-github) | Generate GitHub Actions workflow for deployment. (beta) |
 
+### [Upgrade Commands](./cli/upgrade.md)
+
+Commands for upgrading SDK versions with automated code migration.
+
+| Command                             | Description                                                  |
+| ----------------------------------- | ------------------------------------------------------------ |
+| [upgrade](./cli/upgrade.md#upgrade) | Run codemods to upgrade your project to a newer SDK version. |
+
 ### [Completion](./cli/completion.md)
 
 Generate shell completion scripts for bash, zsh, and fish.

package/docs/configuration.md

@@ -218,17 +218,19 @@ export default defineConfig({
 
 **ignores**: Glob patterns to exclude files. Optional.
 
-### Generators
+### Plugins
 
-Configure code generators using `defineGenerators()`. Generators must be exported as a named export.
+Configure plugins using `definePlugins()`. Plugins must be exported as a named export.
 
 ```typescript
-import { defineGenerators } from "@tailor-platform/sdk";
+import { definePlugins } from "@tailor-platform/sdk";
+import { kyselyTypePlugin } from "@tailor-platform/sdk/plugin/kysely-type";
+import { enumConstantsPlugin } from "@tailor-platform/sdk/plugin/enum-constants";
 
-export const generators = defineGenerators(
-  ["@tailor-platform/kysely-type", { distPath: "./generated/tailordb.ts" }],
-  ["@tailor-platform/enum-constants", { distPath: "./generated/enums.ts" }],
+export const plugins = definePlugins(
+  kyselyTypePlugin({ distPath: "./generated/tailordb.ts" }),
+  enumConstantsPlugin({ distPath: "./generated/enums.ts" }),
 );
 ```
 
-See [Generators](./generator/index.md) for full documentation.
+See [Generators](./generator/index.md) for legacy `defineGenerators()` documentation.

package/docs/services/auth.md

@@ -256,9 +256,9 @@ Get a machine user token using the CLI:
 tailor-sdk machineuser token <name>
 ```
 
-### Using auth.invoker()
+### Specifying a machine user invoker
 
-The `auth.invoker()` method creates a type-safe reference to a machine user for use in workflow triggers. This specifies which machine user's permissions should be used when executing the workflow.
+Resolvers, executors, and `workflow.trigger()` accept an `authInvoker` option that chooses which machine user runs the operation. Pass the machine user name as a plain string — it is type-narrowed to the names you registered in `machineUsers`.
 
 ```typescript
 // tailor.config.ts
@@ -275,7 +275,6 @@ export const auth = defineAuth("my-auth", {
 ```typescript
 // resolvers/trigger-workflow.ts
 import { createResolver, t } from "@tailor-platform/sdk";
-import { auth } from "../tailor.config";
 import myWorkflow from "../workflows/my-workflow";
 
 export default createResolver({
@@ -288,7 +287,7 @@ export default createResolver({
     // Trigger workflow with machine user permissions
     const workflowRunId = await myWorkflow.trigger(
       { id: input.id },
-      { authInvoker: auth.invoker("admin-machine-user") },
+      { authInvoker: "admin-machine-user" },
     );
     return { workflowRunId };
   },
@@ -298,7 +297,9 @@ export default createResolver({
 });
 ```
 
-The `invoker()` method is type-safe and only accepts machine user names defined in the auth configuration.
+Type narrowing is provided by the generated `tailor.d.ts` (the `MachineUserNameRegistry` interface). Run `tailor-sdk generate` (or `apply`) after defining new machine users to refresh it.
+
+> **Deprecated:** The `auth.invoker("<name>")` helper is still available for backward compatibility. Prefer the string form — it does not require importing `auth` from `tailor.config.ts` into runtime files, avoiding bundling config-layer (Node-only) dependencies.
 
 ## OAuth 2.0 Clients
 

package/docs/services/executor.md

@@ -88,6 +88,25 @@ type WebhookRequest = {
 incomingWebhookTrigger<WebhookRequest>();
 ```
 
+You can customize the HTTP response returned to the webhook caller:
+
+```typescript
+// Response body only (shorthand)
+incomingWebhookTrigger<WebhookRequest>({
+  response: (args) => ({ challenge: args.body.challenge }),
+});
+
+// Response body with custom status code
+incomingWebhookTrigger<WebhookRequest>({
+  response: {
+    body: (args) => ({ challenge: args.body.challenge }),
+    statusCode: 201,
+  },
+});
+```
+
+If `body` is set without `statusCode`, the platform uses 200. If neither is set, the platform returns 204.
+
 ### Resolver Executed Trigger
 
 Fires when a resolver is executed:
@@ -294,19 +313,10 @@ createExecutor({
 
 ### Authentication for Operations
 
-GraphQL and Workflow operations can specify an `authInvoker` to execute with machine user credentials:
+GraphQL and Workflow operations can specify an `authInvoker` to execute with machine user credentials. Pass the machine user name as a plain string — it is type-narrowed to the names defined in your auth config:
 
 ```typescript
-import { defineAuth, createExecutor, scheduleTrigger } from "@tailor-platform/sdk";
-
-const auth = defineAuth("my-auth", {
-  // ... auth configuration
-  machineUsers: {
-    "batch-processor": {
-      attributes: { role: "ADMIN" },
-    },
-  },
-});
+import { createExecutor, scheduleTrigger } from "@tailor-platform/sdk";
 
 export default createExecutor({
   name: "scheduled-cleanup",
@@ -314,11 +324,13 @@ export default createExecutor({
   operation: {
     kind: "graphql",
     query: `mutation { cleanupOldRecords { count } }`,
-    authInvoker: auth.invoker("batch-processor"),
+    authInvoker: "batch-processor",
   },
 });
 ```
 
+> **Deprecated:** `auth.invoker("batch-processor")` still works, but is deprecated. Prefer the string form to avoid importing config-layer modules into runtime files.
+
 ## Event Payloads
 
 Each trigger type provides specific context data in the callback functions.
@@ -440,6 +452,26 @@ export default createExecutor({
 });
 ```
 
+**With custom response:**
+
+```typescript
+export default createExecutor({
+  name: "slack-challenge",
+  trigger: incomingWebhookTrigger<{
+    body: { challenge: string; type: string };
+    headers: Record<string, string>;
+  }>({
+    response: (args) => ({ challenge: args.body.challenge }),
+  }),
+  operation: {
+    kind: "function",
+    body: async ({ body }) => {
+      console.log(`Received ${body.type} event`);
+    },
+  },
+});
+```
+
 ### Resolver Executed Payload
 
 Resolver triggers receive the resolver's result or error:

package/docs/services/resolver.md

@@ -350,19 +350,10 @@ createResolver({
 
 ## Authentication
 
-Specify an `authInvoker` to execute the resolver with machine user credentials:
+Specify an `authInvoker` to execute the resolver with machine user credentials. Pass the machine user name as a plain string — it is type-narrowed to the names you defined in your auth config:
 
 ```typescript
-import { defineAuth, createResolver, t } from "@tailor-platform/sdk";
-
-const auth = defineAuth("my-auth", {
-  // ... auth configuration
-  machineUsers: {
-    "batch-processor": {
-      attributes: { role: "ADMIN" },
-    },
-  },
-});
+import { createResolver, t } from "@tailor-platform/sdk";
 
 export default createResolver({
   name: "adminQuery",
@@ -372,10 +363,12 @@ export default createResolver({
     // Executes as "batch-processor" machine user
     return { result: "ok" };
   },
-  authInvoker: auth.invoker("batch-processor"),
+  authInvoker: "batch-processor",
 });
 ```
 
-The `authInvoker` option accepts the return value of `auth.invoker()`, which specifies the auth namespace and machine user name.
+The machine user name is looked up in the auth service configured on your app (`machineUsers` in `defineAuth`). The namespace is resolved automatically — no need to import `auth` from `tailor.config.ts` in resolver files.
+
+> **Deprecated:** `auth.invoker("batch-processor")` still works, but is deprecated. Importing `auth` into runtime files pulls config-layer (Node-only) dependencies into the bundle.
 
 **Note:** `authInvoker` controls the permissions for database operations and other platform actions, but the `user` object passed to the `body` function still reflects the original caller who invoked the resolver.

package/docs/services/tailordb.md

@@ -96,11 +96,31 @@ db.enum([
 ### Object Fields
 
 ```typescript
+// Object field
 db.object({
   street: db.string(),
   city: db.string(),
   country: db.string(),
 });
+
+// Object array field
+db.object(
+  {
+    id: db.uuid(),
+    name: db.string(),
+    size: db.int(),
+  },
+  { array: true },
+);
+
+// Optional object array field
+db.object(
+  {
+    kind: db.string(),
+    days: db.int(),
+  },
+  { optional: true, array: true },
+);
 ```
 
 ## Field Modifiers

package/docs/services/workflow.md

@@ -227,11 +227,10 @@ export default createWorkflow({
 You can start a workflow execution from a resolver using `workflow.trigger()`.
 
 - `workflow.trigger(args, options?)` returns a workflow run ID (`Promise<string>`).
-- To run with machine-user permissions, pass `{ authInvoker: auth.invoker("<machine-user>") }`.
+- To run with machine-user permissions, pass `{ authInvoker: "<machine-user>" }`. The name is type-narrowed to the machine users defined in your auth config.
 
 ```typescript
 import { createResolver, t } from "@tailor-platform/sdk";
-import { auth } from "../tailor.config";
 import orderProcessingWorkflow from "../workflows/order-processing";
 
 export default createResolver({
@@ -244,7 +243,7 @@ export default createResolver({
   body: async ({ input }) => {
     const workflowRunId = await orderProcessingWorkflow.trigger(
       { orderId: input.orderId, customerId: input.customerId },
-      { authInvoker: auth.invoker("manager-machine-user") },
+      { authInvoker: "manager-machine-user" },
     );
 
     return { workflowRunId };
@@ -255,6 +254,8 @@ export default createResolver({
 });
 ```
 
+> **Deprecated:** `auth.invoker("manager-machine-user")` still works but is deprecated. Using the string form avoids importing `auth` into runtime code.
+
 See the full working example in the repository: [example/resolvers/triggerWorkflow.ts](../../../../example/resolvers/triggerWorkflow.ts).
 
 ## File Organization

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tailor-platform/sdk",
-  "version": "1.36.0",
+  "version": "1.38.0",
   "description": "Tailor Platform SDK - The SDK to work with Tailor Platform",
   "license": "MIT",
   "repository": {
@@ -82,7 +82,7 @@
     "@connectrpc/connect": "2.1.1",
     "@connectrpc/connect-node": "2.1.1",
     "@inquirer/core": "11.1.8",
-    "@inquirer/prompts": "8.4.0",
+    "@inquirer/prompts": "8.4.1",
     "@jridgewell/trace-mapping": "0.3.31",
     "@liam-hq/cli": "0.7.24",
     "@napi-rs/keyring": "1.2.0",
@@ -103,9 +103,9 @@
     "date-fns": "4.1.0",
     "es-toolkit": "1.45.1",
     "find-up-simple": "1.0.1",
-    "globals": "17.4.0",
+    "globals": "17.5.0",
     "inflection": "3.0.2",
-    "kysely": "0.28.15",
+    "kysely": "0.28.16",
     "madge": "8.0.0",
     "mime-types": "3.0.2",
     "multiline-ts": "4.0.1",
@@ -116,8 +116,8 @@
     "pathe": "2.0.3",
     "pgsql-ast-parser": "12.0.2",
     "pkg-types": "2.3.0",
-    "politty": "0.4.13",
-    "rolldown": "1.0.0-rc.13",
+    "politty": "0.4.14",
+    "rolldown": "1.0.0-rc.15",
     "semver": "7.7.4",
     "serve": "14.2.6",
     "std-env": "4.0.0",
@@ -136,7 +136,7 @@
     "@types/node": "24.12.2",
     "@types/semver": "7.7.1",
     "@typescript/native-preview": "7.0.0-dev.20260406.1",
-    "@vitest/coverage-v8": "4.1.2",
+    "@vitest/coverage-v8": "4.1.4",
     "eslint": "10.2.0",
     "eslint-plugin-jsdoc": "62.9.0",
     "eslint-plugin-oxlint": "1.59.0",
@@ -144,10 +144,10 @@
     "oxlint": "1.59.0",
     "oxlint-tsgolint": "0.20.0",
     "sonda": "0.11.1",
-    "tsdown": "0.21.7",
+    "tsdown": "0.21.8",
     "typescript": "5.9.3",
-    "typescript-eslint": "8.58.0",
-    "vitest": "4.1.2",
+    "typescript-eslint": "8.58.1",
+    "vitest": "4.1.4",
     "zinfer": "0.1.7"
   },
   "scripts": {

package/dist/application-BB5TqXWY.mjs

@@ -1,4 +0,0 @@
-
-import { n as generatePluginFilesIfNeeded, r as loadApplication, t as defineApplication } from "./application-BwboBFcU.mjs";
-
-export { defineApplication };