@tailor-platform/sdk 1.55.2 → 1.56.1

package/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @tailor-platform/sdk
 
+## 1.56.1
+
+### Patch Changes
+
+- [#1347](https://github.com/tailor-platform/sdk/pull/1347) [`6888110`](https://github.com/tailor-platform/sdk/commit/6888110fa61f9f3fd991e0fb44e86fd37f9536f3) Thanks [@dqn](https://github.com/dqn)! - Fix resolver field builders (`t.*`) leaking metadata between fields. `description()`, `typeName()`, and `validate()` now return a new field instead of mutating the original, so a field instance reused across places (for example shared between a resolver's `input` and `output`, or a record passed to `t.object`) no longer leaks its metadata into the other usages. This matches the existing `db.*` behavior.
+
+- [#1346](https://github.com/tailor-platform/sdk/pull/1346) [`0254e3c`](https://github.com/tailor-platform/sdk/commit/0254e3caff0d1eeb7407d8932385bf5bdbaf4356) Thanks [@dqn](https://github.com/dqn)! - Warn when a permission rule is written in object form without an explicit `permit`. Object-format rules (e.g. `read: [{ conditions: [...] }]`) default to `deny`, unlike the array shorthand which defaults to `allow`, so omitting `permit` can silently lock out access you meant to grant. The CLI now flags these rules during generate/deploy so you can set `permit: true` (allow) or `permit: false` (deny) explicitly. Runtime behavior is unchanged. This covers TailorDB record permissions, TailorDB GraphQL permissions, and IdP permissions.
+
+## 1.56.0
+
+### Minor Changes
+
+- [#1341](https://github.com/tailor-platform/sdk/pull/1341) [`64b07b4`](https://github.com/tailor-platform/sdk/commit/64b07b4c6f1db868abf2e1ebb9097e0e2f2f3cc6) Thanks [@dqn](https://github.com/dqn)! - Add a `logLevel` config option to remove lower-level `console.*` calls from bundled deployment functions.
+
+### Patch Changes
+
+- [#1345](https://github.com/tailor-platform/sdk/pull/1345) [`ec863f1`](https://github.com/tailor-platform/sdk/commit/ec863f13e7a3ca43e40ad413c1bbe47cd5567c95) Thanks [@dqn](https://github.com/dqn)! - Fix `seed --truncate` deleting only the first page of Built-In IdP `_User` records. The generated truncation script used incorrect pagination keys, so projects with more than one page of users were left with the remaining pages while the command still reported success. All pages are now deleted.
+
+- [#1344](https://github.com/tailor-platform/sdk/pull/1344) [`d3f22da`](https://github.com/tailor-platform/sdk/commit/d3f22da5a9bcd44ca9659ac35a68a20a2cbc1c2a) Thanks [@dqn](https://github.com/dqn)! - Fix CLI auth config losing keyring-stored logins. Running any command without `TAILOR_USE_KEYRING` no longer downgrades `config.yaml` in a way that drops `storage: keyring` users (and dangles their `current_user` reference), which previously logged keyring users out. Configs containing keyring users now stay in V2 format; file-only configs still downgrade to V1 for backward compatibility.
+
 ## 1.55.2
 
 ### Patch Changes

package/dist/application-CC3oaSay.mjs

@@ -0,0 +1,4 @@
+
+import { n as generatePluginFilesIfNeeded, r as loadApplication, t as defineApplication } from "./application-DuT_ae02.mjs";
+
+export { defineApplication };

package/dist/{application-MY7YJJ-C.mjs → application-DuT_ae02.mjs}

@@ -6,7 +6,7 @@ import { n as enumConstantsPlugin, t as EnumConstantsGeneratorID } from "./enum-
 import { t as multiline } from "./multiline-Cf9ODpr1.mjs";
 import { n as fileUtilsPlugin, t as FileUtilsGeneratorID } from "./file-utils-BHPxPXmn.mjs";
 import { n as kyselyTypePlugin, t as KyselyGeneratorID } from "./kysely-type-D1e0Vwkd.mjs";
-import { n as seedPlugin, r as isPluginGeneratedType, t as SeedGeneratorID } from "./seed-DfLyRh63.mjs";
+import { n as seedPlugin, r as isPluginGeneratedType, t as SeedGeneratorID } from "./seed-C0fE2sJB.mjs";
 import { t as readPackageJson } from "./package-json-DcQApfPQ.mjs";
 import { n as tightenSecretFilePermissions, r as writeSecretFile } from "./secret-file-CWzF8rry.mjs";
 import { builtinModules, createRequire } from "node:module";
@@ -30,12 +30,27 @@ import * as inflection from "inflection";
 import * as globals from "globals";
 import pLimit from "p-limit";
 
+//#region src/parser/app-config/log-level.ts
+const LOG_LEVELS = [
+	"DEBUG",
+	"INFO",
+	"WARN",
+	"ERROR",
+	"SILENT"
+];
+function isLogLevel(value) {
+	return LOG_LEVELS.includes(value);
+}
+
+//#endregion
 //#region src/parser/app-config/schema.ts
 const envValueSchema = z.union([
 	z.string(),
 	z.number(),
 	z.boolean()
 ]);
+const LogLevelSchema = z.enum(LOG_LEVELS);
+const logLevelSchema = z.string().refine((value) => LogLevelSchema.safeParse(value.trim().toUpperCase()).success, { message: `'logLevel' must be one of: ${LOG_LEVELS.join(", ")}.` });
 /**
 * Structural validation schema for `defineConfig({...})`. Validates only
 * top-level fields with platform-side constraints (notably `id`); fields
@@ -55,6 +70,7 @@ const AppConfigSchema = z.object({
 	allowedIpAddresses: z.array(z.string()).optional(),
 	disableIntrospection: z.boolean().optional(),
 	inlineSourcemap: z.boolean().optional(),
+	logLevel: logLevelSchema.optional(),
 	db: z.unknown().optional(),
 	resolver: z.unknown().optional(),
 	idp: z.unknown().optional(),
@@ -329,17 +345,23 @@ function toV1ForDisk(config) {
 			token_expires_at: entry.token_expires_at
 		};
 	}
+	const currentUser = config.current_user && users[config.current_user] ? config.current_user : null;
 	return {
 		version: 1,
 		users,
 		profiles: config.profiles,
-		current_user: config.current_user
+		current_user: currentUser
 	};
 }
 /**
 * Write Tailor Platform CLI configuration to disk.
-* By default, V2 configs are converted to V1 for backward compatibility.
-* Set TAILOR_USE_KEYRING to write V2 format (required for keyring storage).
+* By default, V2 configs are converted to V1 for backward compatibility, so an
+* older SDK can still read the file. Configs containing a keyring user are kept
+* as V2 regardless, because the keyring storage variant is not representable in
+* V1 and downgrading it would silently drop the user's login. Such configs are
+* already V2 on disk (a keyring entry is only ever persisted with
+* TAILOR_USE_KEYRING set), so keeping V2 does not regress backward compatibility.
+* Set TAILOR_USE_KEYRING to write V2 format unconditionally.
 *
 * The config file may contain access/refresh tokens when the OS keyring is
 * unavailable, so it is written via {@link writeSecretFile} so other users
@@ -347,7 +369,9 @@ function toV1ForDisk(config) {
 * @param config - Platform configuration to write
 */
 function writePlatformConfig(config) {
-	writeSecretFile(platformConfigPath(), stringifyYAML(config.version === 2 && !process.env.TAILOR_USE_KEYRING ? toV1ForDisk(config) : config));
+	const configPath = platformConfigPath();
+	const hasKeyringUser = config.version === 2 && Object.values(config.users).some((u) => u?.storage === "keyring");
+	writeSecretFile(configPath, stringifyYAML(config.version === 2 && !process.env.TAILOR_USE_KEYRING && !hasKeyringUser ? toV1ForDisk(config) : config));
 }
 const tcContextConfigSchema = z.object({
 	username: z.string().optional(),
@@ -733,14 +757,14 @@ function combineHash(fileHash, contextHash) {
 * Compute a context hash for cache invalidation across bundlers.
 *
 * Combines the source file path, serialized trigger context, tsconfig hash,
-* sourcemap mode, and an optional prefix (e.g., serialized env variables)
-* into a single SHA-256 hash.
+* sourcemap mode, bundle log level, and an optional prefix (e.g., serialized
+* env variables) into a single SHA-256 hash.
 * @param params - Context hash computation parameters
 * @returns SHA-256 hex digest of the combined context
 */
 function computeBundlerContextHash(params) {
-	const { sourceFile, serializedTriggerContext, tsconfig, inlineSourcemap, prefix } = params;
-	return hashContent((prefix ?? "") + path.resolve(sourceFile) + serializedTriggerContext + (tsconfig ? hashFile(tsconfig) : "") + String(inlineSourcemap ?? false));
+	const { sourceFile, serializedTriggerContext, tsconfig, inlineSourcemap, bundleLogLevel, prefix } = params;
+	return hashContent((prefix ?? "") + path.resolve(sourceFile) + serializedTriggerContext + (tsconfig ? hashFile(tsconfig) : "") + String(inlineSourcemap ?? false) + (bundleLogLevel ?? ""));
 }
 /**
 * Run a build with optional cache restore/save around it.
@@ -1359,6 +1383,83 @@ async function removeStaleEntryFiles(outputDir) {
 	await Promise.all(files.filter((file) => file.endsWith(".entry.js")).map((file) => fs.rm(path.join(outputDir, file), { force: true })));
 }
 
+//#endregion
+//#region src/cli/shared/bundle-log-level.ts
+const INFO_LEVEL_CONSOLE_METHODS = [
+	"console.log",
+	"console.info",
+	"console.table",
+	"console.dir",
+	"console.dirxml",
+	"console.count",
+	"console.countReset",
+	"console.time",
+	"console.timeLog",
+	"console.timeEnd",
+	"console.group",
+	"console.groupCollapsed",
+	"console.groupEnd",
+	"console.clear"
+];
+const DEBUG_LEVEL_CONSOLE_METHODS = ["console.debug", "console.trace"];
+const WARN_LEVEL_CONSOLE_METHODS = ["console.warn"];
+const ERROR_LEVEL_CONSOLE_METHODS = ["console.error"];
+const MANUAL_PURE_FUNCTIONS_BY_LOG_LEVEL = {
+	DEBUG: [],
+	INFO: DEBUG_LEVEL_CONSOLE_METHODS,
+	WARN: [...DEBUG_LEVEL_CONSOLE_METHODS, ...INFO_LEVEL_CONSOLE_METHODS],
+	ERROR: [
+		...DEBUG_LEVEL_CONSOLE_METHODS,
+		...INFO_LEVEL_CONSOLE_METHODS,
+		...WARN_LEVEL_CONSOLE_METHODS
+	],
+	SILENT: [
+		...DEBUG_LEVEL_CONSOLE_METHODS,
+		...INFO_LEVEL_CONSOLE_METHODS,
+		...WARN_LEVEL_CONSOLE_METHODS,
+		...ERROR_LEVEL_CONSOLE_METHODS
+	]
+};
+function normalizeBundleLogLevel(value) {
+	const normalized = value.trim().toUpperCase();
+	return isLogLevel(normalized) ? normalized : void 0;
+}
+function resolveBundleLogLevel(configValue) {
+	if (configValue === void 0) return "DEBUG";
+	const resolved = normalizeBundleLogLevel(configValue);
+	if (resolved) return resolved;
+	throw new Error(`Invalid logLevel "${configValue}". Expected one of: ${LOG_LEVELS.join(", ")}`);
+}
+function manualPureFunctionsForLogLevel(logLevel) {
+	return MANUAL_PURE_FUNCTIONS_BY_LOG_LEVEL[logLevel];
+}
+function createLogLevelTreeshakeOptions(logLevel) {
+	const manualPureFunctions = manualPureFunctionsForLogLevel(logLevel);
+	return manualPureFunctions.length > 0 ? { manualPureFunctions } : {};
+}
+
+//#endregion
+//#region src/cli/shared/function-treeshake.ts
+const BASE_FUNCTION_TREESHAKE_OPTIONS = {
+	moduleSideEffects: false,
+	annotations: true,
+	unknownGlobalSideEffects: false
+};
+function mergeFunctionTreeshakeOptions(fragments) {
+	const merged = {};
+	const manualPureFunctions = /* @__PURE__ */ new Set();
+	for (const fragment of fragments) {
+		Object.assign(merged, fragment);
+		for (const name of fragment.manualPureFunctions ?? []) manualPureFunctions.add(name);
+	}
+	if (manualPureFunctions.size > 0) merged.manualPureFunctions = [...manualPureFunctions];
+	else delete merged.manualPureFunctions;
+	return merged;
+}
+function composeFunctionTreeshakeOptions(fragments = []) {
+	return mergeFunctionTreeshakeOptions([BASE_FUNCTION_TREESHAKE_OPTIONS, ...fragments]);
+}
+
 //#endregion
 //#region src/cli/services/file-loader.ts
 const DEFAULT_IGNORE_PATTERNS = ["**/*.test.ts", "**/*.spec.ts"];
@@ -2193,7 +2294,7 @@ function createTriggerTransformPlugin(triggerContext) {
 * @returns Map of function name to bundled code
 */
 async function bundleAuthHooks(options) {
-	const { configPath, authName, handlerAccessPath, env = {}, triggerContext, cache, inlineSourcemap } = options;
+	const { configPath, authName, handlerAccessPath, env = {}, triggerContext, cache, inlineSourcemap, bundleLogLevel = "DEBUG" } = options;
 	logger.newline();
 	logger.log(`Bundling auth hook for ${styles.info(`"${authName}"`)}`);
 	const outputDir = path.resolve(getDistDir(), "auth-hooks");
@@ -2219,6 +2320,7 @@ async function bundleAuthHooks(options) {
 			serializedTriggerContext,
 			tsconfig,
 			inlineSourcemap,
+			bundleLogLevel,
 			prefix: sortedEnvPrefix
 		}),
 		async build(cachePlugins) {
@@ -2246,11 +2348,8 @@ async function bundleAuthHooks(options) {
 				},
 				tsconfig,
 				plugins,
-				treeshake: {
-					moduleSideEffects: false,
-					annotations: true,
-					unknownGlobalSideEffects: false
-				},
+				transform: { define: { "process.env.LOG_LEVEL": JSON.stringify(bundleLogLevel) } },
+				treeshake: composeFunctionTreeshakeOptions([createLogLevelTreeshakeOptions(bundleLogLevel)]),
 				logLevel: "silent"
 			})).output[0].code;
 		}
@@ -2461,6 +2560,29 @@ function normalizeActionPermission(permission) {
 		permit: conditionArrayPermit ? "allow" : "deny"
 	};
 }
+/**
+* Find object-format permission rules that omit `permit`.
+*
+* Object-format rules default to `deny` when `permit` is omitted, whereas the
+* array shorthand defaults to `allow`. Omitting `permit` on an object rule is
+* therefore an easy way to accidentally deny access you meant to grant, so the
+* CLI warns about these locations to nudge authors toward setting `permit`
+* explicitly.
+* @param rawPermissions - Raw permissions definition
+* @returns Dotted locations of offending rules, e.g. `record.read[0]`, `gql[1]`
+*/
+function findOmittedPermitRules(rawPermissions) {
+	const locations = [];
+	const record = rawPermissions.record;
+	if (record) for (const action of Object.keys(record)) record[action]?.forEach((rule, index) => {
+		if (isObjectFormat(rule) && rule.permit === void 0) locations.push(`record.${String(action)}[${index}]`);
+	});
+	const gql = rawPermissions.gql;
+	if (gql) gql.forEach((policy, index) => {
+		if (policy.permit === void 0) locations.push(`gql[${index}]`);
+	});
+	return locations;
+}
 
 //#endregion
 //#region src/parser/service/tailordb/relation.ts
@@ -3332,6 +3454,12 @@ function createTailorDBService(params) {
 		for (const fileTypes of Object.values(rawTypes)) for (const [typeName, type] of Object.entries(fileTypes)) allTypes[typeName] = type;
 		types = parseTypes(allTypes, namespace, typeSourceInfo);
 	};
+	const warnOmittedPermit = () => {
+		for (const fileTypes of Object.values(rawTypes)) for (const [typeName, type] of Object.entries(fileTypes)) {
+			const locations = findOmittedPermitRules(type.metadata.permissions ?? {});
+			if (locations.length > 0) logger.warn(`TailorDB type "${typeName}" has permission rule(s) ${locations.join(", ")} in object form without an explicit "permit"; they default to "deny". Set permit: true (allow) or permit: false (deny) to silence this warning.`);
+		}
+	};
 	/**
 	* Process plugins for a type and add generated types to rawTypes
 	* @param rawType - The raw TailorDB type being processed
@@ -3424,6 +3552,7 @@ function createTailorDBService(params) {
 				if (pluginManager) for (const typeFile of typeFiles) await loadTypeFile(typeFile, tsconfig);
 				else await Promise.all(typeFiles.map((typeFile) => loadTypeFile(typeFile, tsconfig)));
 				doParseTypes();
+				warnOmittedPermit();
 				return types;
 			})();
 			return loadPromise;
@@ -3996,7 +4125,7 @@ async function loadExecutor(executorFilePath) {
 */
 async function bundleExecutors(options) {
 	const bundledCode = /* @__PURE__ */ new Map();
-	const { config, triggerContext, additionalFiles = [], cache, inlineSourcemap } = options;
+	const { config, triggerContext, additionalFiles = [], cache, inlineSourcemap, bundleLogLevel = "DEBUG" } = options;
 	const files = [...loadFilesWithIgnores(config), ...additionalFiles];
 	if (files.length === 0) {
 		logger.warn(`No executor files found for patterns: ${config.files?.join(", ") ?? "(none)"}`);
@@ -4033,18 +4162,19 @@ async function bundleExecutors(options) {
 	} catch {
 		tsconfig = void 0;
 	}
-	const results = await withBundleConcurrency(executors, (executor) => bundleSingleExecutor(executor, outputDir, tsconfig, triggerContext, cache, inlineSourcemap));
+	const results = await withBundleConcurrency(executors, (executor) => bundleSingleExecutor(executor, outputDir, tsconfig, triggerContext, cache, inlineSourcemap, bundleLogLevel));
 	for (const [name, code] of results) bundledCode.set(name, code);
 	logger.log(`${styles.success("Bundled")} ${styles.info("\"executor\"")}`);
 	return bundledCode;
 }
-async function bundleSingleExecutor(executor, outputDir, tsconfig, triggerContext, cache, inlineSourcemap) {
+async function bundleSingleExecutor(executor, outputDir, tsconfig, triggerContext, cache, inlineSourcemap, bundleLogLevel = "DEBUG") {
 	const serializedTriggerContext = serializeTriggerContext(triggerContext);
 	const contextHash = computeBundlerContextHash({
 		sourceFile: executor.sourceFile,
 		serializedTriggerContext,
 		tsconfig,
-		inlineSourcemap
+		inlineSourcemap,
+		bundleLogLevel
 	});
 	const code = await withCache({
 		cache,
@@ -4079,11 +4209,7 @@ async function bundleSingleExecutor(executor, outputDir, tsconfig, triggerContex
 				},
 				tsconfig,
 				plugins,
-				treeshake: {
-					moduleSideEffects: false,
-					annotations: true,
-					unknownGlobalSideEffects: false
-				},
+				treeshake: composeFunctionTreeshakeOptions([createLogLevelTreeshakeOptions(bundleLogLevel)]),
 				logLevel: "silent"
 			})).output[0].code;
 		}
@@ -4210,9 +4336,10 @@ const ADAPTER_BUNDLE_ERROR_BYTES = 256 * 1024;
 * generated dispatcher that routes by `req.method`; `output` is used as is.
 * @param adapters - Detected adapters to bundle
 * @param cache - Optional bundle cache for skipping unchanged builds
+* @param bundleLogLevel - Controls which console calls are kept in bundled code
 * @returns Bundled scripts keyed by adapter name
 */
-async function bundleHttpAdapters(adapters, cache) {
+async function bundleHttpAdapters(adapters, cache, bundleLogLevel = "DEBUG") {
 	if (adapters.length === 0) return {
 		bundledInputs: /* @__PURE__ */ new Map(),
 		bundledOutputs: /* @__PURE__ */ new Map()
@@ -4232,7 +4359,7 @@ async function bundleHttpAdapters(adapters, cache) {
 			adapter,
 			kind
 		}));
-	}), ({ adapter, kind }) => bundleAdapterScript(adapter, kind, outputDir, tsconfig, cache));
+	}), ({ adapter, kind }) => bundleAdapterScript(adapter, kind, outputDir, tsconfig, cache, bundleLogLevel));
 	const bundledInputs = /* @__PURE__ */ new Map();
 	const bundledOutputs = /* @__PURE__ */ new Map();
 	for (const [name, kind, code] of results) if (kind === "input") bundledInputs.set(name, code);
@@ -4243,12 +4370,13 @@ async function bundleHttpAdapters(adapters, cache) {
 		bundledOutputs
 	};
 }
-async function bundleAdapterScript(adapter, kind, outputDir, tsconfig, cache) {
+async function bundleAdapterScript(adapter, kind, outputDir, tsconfig, cache, bundleLogLevel = "DEBUG") {
 	const contextHash = computeBundlerContextHash({
 		sourceFile: adapter.sourceFile,
 		serializedTriggerContext: kind === "input" ? adapter.methods.join(",") : "",
 		tsconfig,
 		inlineSourcemap: false,
+		bundleLogLevel,
 		prefix: kind
 	});
 	const code = await withCache({
@@ -4300,11 +4428,7 @@ async function bundleAdapterScript(adapter, kind, outputDir, tsconfig, cache) {
 					tsconfig,
 					plugins,
 					transform: { target: "es2017" },
-					treeshake: {
-						moduleSideEffects: false,
-						annotations: true,
-						unknownGlobalSideEffects: false
-					},
+					treeshake: composeFunctionTreeshakeOptions([createLogLevelTreeshakeOptions(bundleLogLevel)]),
 					logLevel: "silent"
 				})).output[0].code;
 			} finally {
@@ -4507,9 +4631,10 @@ async function loadResolver(resolverFilePath) {
 * @param triggerContext - Trigger context for workflow/job transformations
 * @param cache - Optional bundle cache for skipping unchanged builds
 * @param inlineSourcemap - Whether to enable inline sourcemaps
+* @param bundleLogLevel - Controls which console calls are kept in bundled code
 * @returns Map of resolver name to bundled code
 */
-async function bundleResolvers(namespace, config, triggerContext, cache, inlineSourcemap) {
+async function bundleResolvers(namespace, config, triggerContext, cache, inlineSourcemap, bundleLogLevel = "DEBUG") {
 	const bundledCode = /* @__PURE__ */ new Map();
 	const files = loadFilesWithIgnores(config);
 	if (files.length === 0) {
@@ -4539,18 +4664,19 @@ async function bundleResolvers(namespace, config, triggerContext, cache, inlineS
 	} catch {
 		tsconfig = void 0;
 	}
-	const results = await withBundleConcurrency(resolvers, (resolver) => bundleSingleResolver(resolver, outputDir, tsconfig, triggerContext, cache, inlineSourcemap));
+	const results = await withBundleConcurrency(resolvers, (resolver) => bundleSingleResolver(resolver, outputDir, tsconfig, triggerContext, cache, inlineSourcemap, bundleLogLevel));
 	for (const [name, code] of results) bundledCode.set(name, code);
 	logger.log(`${styles.success("Bundled")} ${styles.info(`"${namespace}"`)}`);
 	return bundledCode;
 }
-async function bundleSingleResolver(resolver, outputDir, tsconfig, triggerContext, cache, inlineSourcemap) {
+async function bundleSingleResolver(resolver, outputDir, tsconfig, triggerContext, cache, inlineSourcemap, bundleLogLevel = "DEBUG") {
 	const serializedTriggerContext = serializeTriggerContext(triggerContext);
 	const contextHash = computeBundlerContextHash({
 		sourceFile: resolver.sourceFile,
 		serializedTriggerContext,
 		tsconfig,
-		inlineSourcemap
+		inlineSourcemap,
+		bundleLogLevel
 	});
 	const code = await withCache({
 		cache,
@@ -4601,11 +4727,7 @@ async function bundleSingleResolver(resolver, outputDir, tsconfig, triggerContex
 				},
 				tsconfig,
 				plugins,
-				treeshake: {
-					moduleSideEffects: false,
-					annotations: true,
-					unknownGlobalSideEffects: false
-				},
+				treeshake: composeFunctionTreeshakeOptions([createLogLevelTreeshakeOptions(bundleLogLevel)]),
 				logLevel: "silent"
 			})).output[0].code;
 		}
@@ -4836,9 +4958,10 @@ function safeRealpath(p) {
 * @param triggerContext - Trigger context for transformations
 * @param cache - Optional bundle cache for skipping unchanged builds
 * @param inlineSourcemap - Whether to enable inline sourcemaps
+* @param bundleLogLevel - Controls which console calls are kept in bundled code
 * @returns Workflow job bundling result
 */
-async function bundleWorkflowJobs(allJobs, mainJobNames, env = {}, triggerContext, cache, inlineSourcemap) {
+async function bundleWorkflowJobs(allJobs, mainJobNames, env = {}, triggerContext, cache, inlineSourcemap, bundleLogLevel = "DEBUG") {
 	if (allJobs.length === 0) {
 		logger.warn("No workflow jobs to bundle");
 		return {
@@ -4862,7 +4985,7 @@ async function bundleWorkflowJobs(allJobs, mainJobNames, env = {}, triggerContex
 	} catch {
 		tsconfig = void 0;
 	}
-	const results = await withBundleConcurrency(usedJobs, (job) => bundleSingleJob(job, usedJobs, outputDir, tsconfig, env, triggerContext, cache, inlineSourcemap));
+	const results = await withBundleConcurrency(usedJobs, (job) => bundleSingleJob(job, usedJobs, outputDir, tsconfig, env, triggerContext, cache, inlineSourcemap, bundleLogLevel));
 	const bundledCode = /* @__PURE__ */ new Map();
 	for (const [name, code] of results) bundledCode.set(name, code);
 	logger.log(`${styles.success("Bundled")} ${styles.info("\"workflow-job\"")}`);
@@ -4944,7 +5067,7 @@ async function filterUsedJobs(allJobs, mainJobNames) {
 		mainJobDeps
 	};
 }
-async function bundleSingleJob(job, allJobs, outputDir, tsconfig, env, triggerContext, cache, inlineSourcemap) {
+async function bundleSingleJob(job, allJobs, outputDir, tsconfig, env, triggerContext, cache, inlineSourcemap, bundleLogLevel = "DEBUG") {
 	const serializedTriggerContext = serializeTriggerContext(triggerContext);
 	const sortedEnvPrefix = JSON.stringify(Object.fromEntries(Object.entries(env).sort(([a], [b]) => a.localeCompare(b))));
 	const contextHash = computeBundlerContextHash({
@@ -4952,6 +5075,7 @@ async function bundleSingleJob(job, allJobs, outputDir, tsconfig, env, triggerCo
 		serializedTriggerContext,
 		tsconfig,
 		inlineSourcemap,
+		bundleLogLevel,
 		prefix: sortedEnvPrefix
 	});
 	const code = await withCache({
@@ -5002,11 +5126,7 @@ async function bundleSingleJob(job, allJobs, outputDir, tsconfig, env, triggerCo
 				},
 				tsconfig,
 				plugins,
-				treeshake: {
-					moduleSideEffects: false,
-					annotations: true,
-					unknownGlobalSideEffects: false
-				},
+				treeshake: composeFunctionTreeshakeOptions([createLogLevelTreeshakeOptions(bundleLogLevel)]),
 				logLevel: "silent"
 			})).output[0].code;
 		}
@@ -5640,6 +5760,7 @@ async function loadApplication(params) {
 	if (httpAdapterService) await httpAdapterService.loadAdapters();
 	const triggerContext = await buildTriggerContext(config.workflow, authResult.authService?.config.name);
 	const inlineSourcemap = resolveInlineSourcemap(config.inlineSourcemap);
+	const bundleLogLevel = resolveBundleLogLevel(config.logLevel);
 	const bundledScripts = {
 		resolvers: /* @__PURE__ */ new Map(),
 		executors: /* @__PURE__ */ new Map(),
@@ -5647,7 +5768,7 @@ async function loadApplication(params) {
 		authHooks: /* @__PURE__ */ new Map()
 	};
 	for (const pipeline of resolverResult.resolverServices) {
-		const resolverBundles = await bundleResolvers(pipeline.namespace, pipeline.config, triggerContext, bundleCache, inlineSourcemap);
+		const resolverBundles = await bundleResolvers(pipeline.namespace, pipeline.config, triggerContext, bundleCache, inlineSourcemap, bundleLogLevel);
 		for (const [name, code] of resolverBundles) bundledScripts.resolvers.set(name, code);
 	}
 	if (executorService) bundledScripts.executors = await bundleExecutors({
@@ -5655,12 +5776,13 @@ async function loadApplication(params) {
 		triggerContext,
 		additionalFiles: [...pluginExecutorFiles],
 		cache: bundleCache,
-		inlineSourcemap
+		inlineSourcemap,
+		bundleLogLevel
 	});
 	let workflowBuildResult;
 	if (workflowService && workflowService.jobs.length > 0) {
 		const mainJobNames = workflowService.workflowSources.map((ws) => ws.workflow.mainJob.name);
-		workflowBuildResult = await bundleWorkflowJobs(workflowService.jobs, mainJobNames, config.env ?? {}, triggerContext, bundleCache, inlineSourcemap);
+		workflowBuildResult = await bundleWorkflowJobs(workflowService.jobs, mainJobNames, config.env ?? {}, triggerContext, bundleCache, inlineSourcemap, bundleLogLevel);
 		bundledScripts.workflowJobs = workflowBuildResult.bundledCode;
 	}
 	let httpAdapterBuildResult;
@@ -5669,7 +5791,7 @@ async function loadApplication(params) {
 		sourceFile: a.sourceFile,
 		methods: a.methods,
 		hasOutput: a.hasOutput
-	})), bundleCache);
+	})), bundleCache, bundleLogLevel);
 	if (authResult.authService?.config.hooks?.beforeLogin) {
 		const authName = authResult.authService.config.name;
 		bundledScripts.authHooks = await bundleAuthHooks({
@@ -5679,7 +5801,8 @@ async function loadApplication(params) {
 			env: config.env ?? {},
 			triggerContext,
 			cache: bundleCache,
-			inlineSourcemap
+			inlineSourcemap,
+			bundleLogLevel
 		});
 	}
 	for (const pipeline of resolverResult.resolverServices) await pipeline.loadResolvers();
@@ -5712,5 +5835,5 @@ async function loadApplication(params) {
 }
 
 //#endregion
-export { loadConfigPath as C, saveUserTokens as D, resolveTokens as E, writePlatformConfig as O, loadAccessToken as S, readPlatformConfig as T, getDistDir as _, WorkflowJobSchema as a, deleteUserTokens as b, createExecutorService as c, buildExecutorArgsExpr as d, buildResolverOperationHookExpr as f, createBundleCache as g, loadFilesWithIgnores as h, resolveInlineSourcemap as i, ExecutorSchema as l, stringifyFunction as m, generatePluginFilesIfNeeded as n, ResolverSchema as o, TailorDBTypeSchema as p, loadApplication as r, HTTP_METHODS as s, defineApplication as t, INVOKER_EXPR as u, hashFile as v, loadWorkspaceId as w, fetchLatestToken as x, loadConfig as y };
-//# sourceMappingURL=application-MY7YJJ-C.mjs.map
+export { saveUserTokens as A, deleteUserTokens as C, loadWorkspaceId as D, loadConfigPath as E, readPlatformConfig as O, loadConfig as S, loadAccessToken as T, createLogLevelTreeshakeOptions as _, WorkflowJobSchema as a, getDistDir as b, createExecutorService as c, buildExecutorArgsExpr as d, buildResolverOperationHookExpr as f, composeFunctionTreeshakeOptions as g, loadFilesWithIgnores as h, resolveInlineSourcemap as i, writePlatformConfig as j, resolveTokens as k, ExecutorSchema as l, stringifyFunction as m, generatePluginFilesIfNeeded as n, ResolverSchema as o, TailorDBTypeSchema as p, loadApplication as r, HTTP_METHODS as s, defineApplication as t, INVOKER_EXPR as u, resolveBundleLogLevel as v, fetchLatestToken as w, hashFile as x, createBundleCache as y };
+//# sourceMappingURL=application-DuT_ae02.mjs.map