@tailor-platform/sdk 1.39.1 → 1.40.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +38 -0
- package/README.md +7 -10
- package/dist/{actor-Bb4OVq1j.d.mts → actor-B2oEmlTc.d.mts} +2 -2
- package/dist/application-CE2s_a6w.mjs +4 -0
- package/dist/{application-BHu8YE-g.mjs → application-EvhIIVg0.mjs} +2 -2
- package/dist/{application-BHu8YE-g.mjs.map → application-EvhIIVg0.mjs.map} +1 -1
- package/dist/cli/index.mjs +153 -32
- package/dist/cli/index.mjs.map +1 -1
- package/dist/cli/lib.d.mts +40 -6
- package/dist/cli/lib.mjs +3 -3
- package/dist/cli/skills.mjs +13 -43
- package/dist/cli/skills.mjs.map +1 -1
- package/dist/{client-B2K45RvK.mjs → client-CcV6Jjds.mjs} +38 -7
- package/dist/{client-B2K45RvK.mjs.map → client-CcV6Jjds.mjs.map} +1 -1
- package/dist/client-Cn9SqhZT.mjs +4 -0
- package/dist/configure/index.d.mts +4 -4
- package/dist/{crash-report-CPUF3T5d.mjs → crash-report-CSYupJ0T.mjs} +1 -1
- package/dist/{crash-report-CACiemAr.mjs → crash-report-CUbm1ErM.mjs} +2 -2
- package/dist/{crash-report-CACiemAr.mjs.map → crash-report-CUbm1ErM.mjs.map} +1 -1
- package/dist/{index-Cx1RYDbu.d.mts → index-BtXZdz-F.d.mts} +2 -2
- package/dist/{index-CeFwhUkX.d.mts → index-Chvw1Eod.d.mts} +2 -2
- package/dist/{index-Ch8Em3nz.d.mts → index-CiNNNpuH.d.mts} +2 -2
- package/dist/{index-BYmdVno1.d.mts → index-D_ezppY7.d.mts} +4 -4
- package/dist/{index-DLO_XvLi.d.mts → index-reFAYSX7.d.mts} +2 -2
- package/dist/{interceptor-B5bKVwgq.mjs → interceptor-4UC-KTno.mjs} +1 -1
- package/dist/{interceptor-B5bKVwgq.mjs.map → interceptor-4UC-KTno.mjs.map} +1 -1
- package/dist/plugin/builtin/enum-constants/index.d.mts +1 -1
- package/dist/plugin/builtin/file-utils/index.d.mts +1 -1
- package/dist/plugin/builtin/kysely-type/index.d.mts +1 -1
- package/dist/plugin/builtin/seed/index.d.mts +1 -1
- package/dist/plugin/index.d.mts +2 -2
- package/dist/repl-editor-DjycioU-.mjs +255 -0
- package/dist/repl-editor-DjycioU-.mjs.map +1 -0
- package/dist/{runtime-2xqzvkQv.mjs → runtime-B9R1TzLD.mjs} +234 -172
- package/dist/runtime-B9R1TzLD.mjs.map +1 -0
- package/dist/{tailor-db-field-B99RnR2N.d.mts → tailor-db-field-CoFKRCYW.d.mts} +1 -1
- package/dist/utils/test/index.d.mts +2 -2
- package/dist/{workflow.generated-DSwr-k57.d.mts → workflow.generated-Btz6srLR.d.mts} +2 -2
- package/docs/cli/auth.md +20 -14
- package/docs/cli/executor.md +17 -14
- package/docs/cli/function.md +6 -4
- package/docs/cli/query.md +45 -0
- package/docs/cli/secret.md +13 -9
- package/docs/cli/skills.md +75 -0
- package/docs/cli/staticwebsite.md +6 -4
- package/docs/cli/user.md +9 -1
- package/docs/cli/workflow.md +17 -13
- package/docs/cli-reference.md +16 -0
- package/docs/services/idp.md +85 -64
- package/docs/services/workflow.md +1 -1
- package/package.json +17 -14
- package/dist/application-C8Lr37AM.mjs +0 -4
- package/dist/client-CEVmv94H.mjs +0 -4
- package/dist/runtime-2xqzvkQv.mjs.map +0 -1
package/docs/services/idp.md
CHANGED
|
@@ -26,14 +26,26 @@ Configure the Built-in IdP using `defineIdp()`:
|
|
|
26
26
|
import { defineIdp, defineConfig } from "@tailor-platform/sdk";
|
|
27
27
|
|
|
28
28
|
const idp = defineIdp("my-idp", {
|
|
29
|
-
authorization: "loggedIn",
|
|
30
29
|
clients: ["my-client"],
|
|
30
|
+
permission: {
|
|
31
|
+
create: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
32
|
+
read: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
33
|
+
update: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
34
|
+
delete: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
35
|
+
sendPasswordResetEmail: [{ conditions: [], permit: false }],
|
|
36
|
+
},
|
|
31
37
|
});
|
|
32
38
|
|
|
33
39
|
// You can define multiple IdPs
|
|
34
40
|
const anotherIdp = defineIdp("another-idp", {
|
|
35
|
-
authorization: "loggedIn",
|
|
36
41
|
clients: ["another-client"],
|
|
42
|
+
permission: {
|
|
43
|
+
create: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
44
|
+
read: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
45
|
+
update: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
46
|
+
delete: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
47
|
+
sendPasswordResetEmail: [{ conditions: [], permit: false }],
|
|
48
|
+
},
|
|
37
49
|
});
|
|
38
50
|
|
|
39
51
|
export default defineConfig({
|
|
@@ -43,30 +55,60 @@ export default defineConfig({
|
|
|
43
55
|
|
|
44
56
|
## Options
|
|
45
57
|
|
|
46
|
-
###
|
|
58
|
+
### permission
|
|
47
59
|
|
|
48
|
-
|
|
60
|
+
Per-operation permission policies for IdP user management. Controls who can create, read, update, delete users, and send password reset emails.
|
|
49
61
|
|
|
50
62
|
```typescript
|
|
51
63
|
defineIdp("my-idp", {
|
|
52
|
-
|
|
64
|
+
clients: ["my-client"],
|
|
65
|
+
permission: {
|
|
66
|
+
create: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
67
|
+
read: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
68
|
+
update: [
|
|
69
|
+
{
|
|
70
|
+
conditions: [
|
|
71
|
+
[{ user: "role" }, "=", "ADMIN"],
|
|
72
|
+
[{ newIdpUser: "name" }, "!=", { oldIdpUser: "name" }],
|
|
73
|
+
],
|
|
74
|
+
permit: true,
|
|
75
|
+
},
|
|
76
|
+
],
|
|
77
|
+
delete: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
78
|
+
sendPasswordResetEmail: [{ conditions: [], permit: false }],
|
|
79
|
+
},
|
|
53
80
|
});
|
|
81
|
+
```
|
|
54
82
|
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
83
|
+
**Operations:**
|
|
84
|
+
|
|
85
|
+
- `create` - Controls who can create IdP users
|
|
86
|
+
- `read` - Controls who can read IdP users
|
|
87
|
+
- `update` - Controls who can update IdP users
|
|
88
|
+
- `delete` - Controls who can delete IdP users
|
|
89
|
+
- `sendPasswordResetEmail` - Controls who can send password reset emails. The examples above disable this operation; to enable it, use a permission such as `[{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }]`.
|
|
90
|
+
|
|
91
|
+
**Operands:**
|
|
92
|
+
|
|
93
|
+
- `{ user: "field" }` - Authenticated user's attribute. Built-in fields: `"id"` (user ID), `"_loggedIn"` (boolean, whether the user is authenticated). User-defined attributes (e.g., `"role"`) are also available when configured via `userProfile.attributes` or `machineUserAttributes` in `defineAuth()`
|
|
94
|
+
- `{ idpUser: "field" }` - IdP user field (for create/read/delete). Allowed values: `"id"`, `"name"`, `"disabled"`
|
|
95
|
+
- `{ oldIdpUser: "field" }` - Previous IdP user field value (for update only). Allowed values: `"id"`, `"name"`, `"disabled"`
|
|
96
|
+
- `{ newIdpUser: "field" }` - New IdP user field value (for update only). Allowed values: `"id"`, `"name"`, `"disabled"`
|
|
97
|
+
- Literal values: `string`, `boolean`, `string[]`, `boolean[]`
|
|
98
|
+
|
|
99
|
+
**Operators:** `"="`, `"!="`, `"in"`, `"not in"`
|
|
100
|
+
|
|
101
|
+
**Helper:** `unsafeAllowAllIdPPermission` grants full access without conditions. Intended only for development and testing.
|
|
102
|
+
|
|
103
|
+
```typescript
|
|
104
|
+
import { unsafeAllowAllIdPPermission } from "@tailor-platform/sdk";
|
|
58
105
|
|
|
59
106
|
defineIdp("my-idp", {
|
|
60
|
-
|
|
107
|
+
clients: ["my-client"],
|
|
108
|
+
permission: unsafeAllowAllIdPPermission,
|
|
61
109
|
});
|
|
62
110
|
```
|
|
63
111
|
|
|
64
|
-
**Values:**
|
|
65
|
-
|
|
66
|
-
- `"insecure"` - No authentication required (use only for development)
|
|
67
|
-
- `"loggedIn"` - Requires authenticated user
|
|
68
|
-
- `{ cel: "<expression>" }` - Custom authorization logic using CEL
|
|
69
|
-
|
|
70
112
|
### clients
|
|
71
113
|
|
|
72
114
|
OAuth client names that can use this IdP:
|
|
@@ -77,77 +119,50 @@ defineIdp("my-idp", {
|
|
|
77
119
|
});
|
|
78
120
|
```
|
|
79
121
|
|
|
80
|
-
###
|
|
122
|
+
### authorization (optional, legacy)
|
|
81
123
|
|
|
82
|
-
|
|
124
|
+
Legacy access control field. Use `permission` instead for fine-grained per-operation control. This field is kept for backward compatibility.
|
|
83
125
|
|
|
84
126
|
```typescript
|
|
85
127
|
defineIdp("my-idp", {
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
emailConfig: {
|
|
89
|
-
fromName: "My App",
|
|
90
|
-
passwordResetSubject: "Reset your password",
|
|
91
|
-
},
|
|
128
|
+
clients: ["default-client"],
|
|
129
|
+
authorization: "loggedIn", // Only logged-in users can manage
|
|
92
130
|
});
|
|
93
131
|
```
|
|
94
132
|
|
|
95
|
-
**
|
|
96
|
-
|
|
97
|
-
- `fromName` - Default sender display name for emails. Empty means use mailer default.
|
|
98
|
-
- `passwordResetSubject` - Default subject for password reset emails. Empty means use localized default.
|
|
133
|
+
**Values:**
|
|
99
134
|
|
|
100
|
-
|
|
135
|
+
- `"insecure"` - No authentication required (use only for development)
|
|
136
|
+
- `"loggedIn"` - Requires authenticated user
|
|
137
|
+
- `{ cel: "<expression>" }` - Custom authorization logic using CEL
|
|
101
138
|
|
|
102
|
-
###
|
|
139
|
+
### emailConfig
|
|
103
140
|
|
|
104
|
-
|
|
141
|
+
Namespace-level email configuration defaults. Per-request values take priority over these defaults.
|
|
105
142
|
|
|
106
143
|
```typescript
|
|
107
144
|
defineIdp("my-idp", {
|
|
108
|
-
authorization: "loggedIn",
|
|
109
145
|
clients: ["my-client"],
|
|
110
146
|
permission: {
|
|
111
147
|
create: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
112
|
-
read: [{ conditions: [[{ user: "
|
|
113
|
-
update: [
|
|
114
|
-
{ conditions: [[{ newIdpUser: "name" }, "!=", { oldIdpUser: "name" }]], permit: true },
|
|
115
|
-
],
|
|
148
|
+
read: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
149
|
+
update: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
116
150
|
delete: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
117
|
-
sendPasswordResetEmail: [{ conditions: [], permit:
|
|
151
|
+
sendPasswordResetEmail: [{ conditions: [], permit: false }],
|
|
152
|
+
},
|
|
153
|
+
emailConfig: {
|
|
154
|
+
fromName: "My App",
|
|
155
|
+
passwordResetSubject: "Reset your password",
|
|
118
156
|
},
|
|
119
157
|
});
|
|
120
158
|
```
|
|
121
159
|
|
|
122
|
-
**
|
|
123
|
-
|
|
124
|
-
- `create` - Controls who can create IdP users
|
|
125
|
-
- `read` - Controls who can read IdP users
|
|
126
|
-
- `update` - Controls who can update IdP users
|
|
127
|
-
- `delete` - Controls who can delete IdP users
|
|
128
|
-
- `sendPasswordResetEmail` - Controls who can send password reset emails
|
|
129
|
-
|
|
130
|
-
**Operands:**
|
|
131
|
-
|
|
132
|
-
- `{ user: "field" }` - Authenticated user's attribute
|
|
133
|
-
- `{ idpUser: "field" }` - IdP user field (for create/read/delete). Allowed values: `"id"`, `"name"`, `"disabled"`
|
|
134
|
-
- `{ oldIdpUser: "field" }` - Previous IdP user field value (for update only). Allowed values: `"id"`, `"name"`, `"disabled"`
|
|
135
|
-
- `{ newIdpUser: "field" }` - New IdP user field value (for update only). Allowed values: `"id"`, `"name"`, `"disabled"`
|
|
136
|
-
- Literal values: `string`, `boolean`, `string[]`, `boolean[]`
|
|
137
|
-
|
|
138
|
-
**Operators:** `"="`, `"!="`, `"in"`, `"not in"`
|
|
139
|
-
|
|
140
|
-
**Helper:** `unsafeAllowAllIdPPermission` grants full access without conditions. Intended only for development and testing.
|
|
160
|
+
**Fields:**
|
|
141
161
|
|
|
142
|
-
|
|
143
|
-
|
|
162
|
+
- `fromName` - Default sender display name for emails. Empty means use mailer default.
|
|
163
|
+
- `passwordResetSubject` - Default subject for password reset emails. Empty means use localized default.
|
|
144
164
|
|
|
145
|
-
|
|
146
|
-
authorization: "loggedIn",
|
|
147
|
-
clients: ["my-client"],
|
|
148
|
-
permission: unsafeAllowAllIdPPermission,
|
|
149
|
-
});
|
|
150
|
-
```
|
|
165
|
+
**Validation:** Each field must be 200 characters or less and must not contain newline characters.
|
|
151
166
|
|
|
152
167
|
## Using idp.provider()
|
|
153
168
|
|
|
@@ -158,8 +173,14 @@ import { defineIdp, defineAuth, defineConfig } from "@tailor-platform/sdk";
|
|
|
158
173
|
import { user } from "./tailordb/user";
|
|
159
174
|
|
|
160
175
|
const idp = defineIdp("my-idp", {
|
|
161
|
-
authorization: "loggedIn",
|
|
162
176
|
clients: ["default-client", "mobile-client"],
|
|
177
|
+
permission: {
|
|
178
|
+
create: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
179
|
+
read: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
180
|
+
update: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
181
|
+
delete: [{ conditions: [[{ user: "role" }, "=", "ADMIN"]], permit: true }],
|
|
182
|
+
sendPasswordResetEmail: [{ conditions: [], permit: false }],
|
|
183
|
+
},
|
|
163
184
|
});
|
|
164
185
|
|
|
165
186
|
const auth = defineAuth("my-auth", {
|
|
@@ -256,7 +256,7 @@ export default createResolver({
|
|
|
256
256
|
|
|
257
257
|
> **Deprecated:** `auth.invoker("manager-machine-user")` still works but is deprecated. Using the string form avoids importing `auth` into runtime code.
|
|
258
258
|
|
|
259
|
-
See the full working example in the repository: [example/resolvers/triggerWorkflow.ts](
|
|
259
|
+
See the full working example in the repository: [example/resolvers/triggerWorkflow.ts](https://github.com/tailor-platform/sdk/blob/main/example/resolvers/triggerWorkflow.ts).
|
|
260
260
|
|
|
261
261
|
## File Organization
|
|
262
262
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@tailor-platform/sdk",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.40.1",
|
|
4
4
|
"description": "Tailor Platform SDK - The SDK to work with Tailor Platform",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"repository": {
|
|
@@ -87,15 +87,16 @@
|
|
|
87
87
|
"@liam-hq/cli": "0.7.24",
|
|
88
88
|
"@napi-rs/keyring": "1.2.0",
|
|
89
89
|
"@opentelemetry/api": "1.9.1",
|
|
90
|
-
"@opentelemetry/exporter-trace-otlp-proto": "0.
|
|
91
|
-
"@opentelemetry/resources": "2.
|
|
92
|
-
"@opentelemetry/sdk-trace-node": "2.
|
|
90
|
+
"@opentelemetry/exporter-trace-otlp-proto": "0.215.0",
|
|
91
|
+
"@opentelemetry/resources": "2.7.0",
|
|
92
|
+
"@opentelemetry/sdk-trace-node": "2.7.0",
|
|
93
93
|
"@opentelemetry/semantic-conventions": "1.40.0",
|
|
94
|
-
"@oxc-project/types": "0.
|
|
94
|
+
"@oxc-project/types": "0.126.0",
|
|
95
95
|
"@standard-schema/spec": "1.1.0",
|
|
96
96
|
"@tailor-platform/function-kysely-tailordb": "0.1.3",
|
|
97
97
|
"@tailor-platform/function-types": "0.8.4",
|
|
98
98
|
"@toiroakr/lines-db": "0.9.1",
|
|
99
|
+
"@toiroakr/read-multiline": "0.3.1",
|
|
99
100
|
"@urql/core": "6.0.1",
|
|
100
101
|
"chalk": "5.6.2",
|
|
101
102
|
"chokidar": "5.0.0",
|
|
@@ -104,6 +105,7 @@
|
|
|
104
105
|
"es-toolkit": "1.45.1",
|
|
105
106
|
"find-up-simple": "1.0.1",
|
|
106
107
|
"globals": "17.5.0",
|
|
108
|
+
"graphql": "16.13.2",
|
|
107
109
|
"inflection": "3.0.2",
|
|
108
110
|
"kysely": "0.28.16",
|
|
109
111
|
"madge": "8.0.0",
|
|
@@ -111,15 +113,16 @@
|
|
|
111
113
|
"multiline-ts": "4.0.1",
|
|
112
114
|
"open": "11.0.0",
|
|
113
115
|
"ora": "9.3.0",
|
|
114
|
-
"oxc-parser": "0.
|
|
116
|
+
"oxc-parser": "0.126.0",
|
|
115
117
|
"p-limit": "7.3.0",
|
|
116
118
|
"pathe": "2.0.3",
|
|
117
119
|
"pgsql-ast-parser": "12.0.2",
|
|
118
120
|
"pkg-types": "2.3.0",
|
|
119
121
|
"politty": "0.4.14",
|
|
120
|
-
"rolldown": "1.0.0-rc.
|
|
122
|
+
"rolldown": "1.0.0-rc.16",
|
|
121
123
|
"semver": "7.7.4",
|
|
122
124
|
"serve": "14.2.6",
|
|
125
|
+
"sql-highlight": "6.1.0",
|
|
123
126
|
"std-env": "4.0.0",
|
|
124
127
|
"table": "6.9.0",
|
|
125
128
|
"ts-cron-validator": "1.1.5",
|
|
@@ -130,23 +133,23 @@
|
|
|
130
133
|
},
|
|
131
134
|
"devDependencies": {
|
|
132
135
|
"@eslint/js": "10.0.1",
|
|
133
|
-
"@opentelemetry/sdk-trace-base": "2.
|
|
136
|
+
"@opentelemetry/sdk-trace-base": "2.7.0",
|
|
134
137
|
"@types/madge": "5.0.3",
|
|
135
138
|
"@types/mime-types": "3.0.1",
|
|
136
139
|
"@types/node": "24.12.2",
|
|
137
140
|
"@types/semver": "7.7.1",
|
|
138
|
-
"@typescript/native-preview": "7.0.0-dev.
|
|
141
|
+
"@typescript/native-preview": "7.0.0-dev.20260417.1",
|
|
139
142
|
"@vitest/coverage-v8": "4.1.4",
|
|
140
143
|
"eslint": "10.2.0",
|
|
141
144
|
"eslint-plugin-jsdoc": "62.9.0",
|
|
142
|
-
"eslint-plugin-oxlint": "1.
|
|
143
|
-
"oxfmt": "0.
|
|
144
|
-
"oxlint": "1.
|
|
145
|
+
"eslint-plugin-oxlint": "1.60.0",
|
|
146
|
+
"oxfmt": "0.45.0",
|
|
147
|
+
"oxlint": "1.60.0",
|
|
145
148
|
"oxlint-tsgolint": "0.20.0",
|
|
146
149
|
"sonda": "0.11.1",
|
|
147
|
-
"tsdown": "0.21.
|
|
150
|
+
"tsdown": "0.21.9",
|
|
148
151
|
"typescript": "5.9.3",
|
|
149
|
-
"typescript-eslint": "8.58.
|
|
152
|
+
"typescript-eslint": "8.58.2",
|
|
150
153
|
"vitest": "4.1.4",
|
|
151
154
|
"zinfer": "0.1.8"
|
|
152
155
|
},
|
package/dist/client-CEVmv94H.mjs
DELETED
|
@@ -1,4 +0,0 @@
|
|
|
1
|
-
|
|
2
|
-
import { a as fetchMachineUserToken, c as formatRequestParams, d as parseMethodName, f as platformBaseUrl, i as fetchAll, l as initOAuth2Client, m as userAgent, n as closeConnectionPool, o as fetchPlatformMachineUserToken, p as resolveStaticWebsiteUrls, r as createTransport, s as fetchUserInfo, t as MAX_PAGE_SIZE, u as initOperatorClient } from "./client-B2K45RvK.mjs";
|
|
3
|
-
|
|
4
|
-
export { userAgent };
|