@tailor-platform/sdk 1.56.0 → 1.56.1

package/dist/{index-BW3v5XYC.d.mts → index-B61gFI9a.d.mts}

@@ -1,5 +1,5 @@
 import { C as FieldOutput, E as FieldValidateInput, F as InferFieldsOutput, I as JsonCompatible, L as JsonValue, M as TailorInvoker, N as TailorUser, R as Prettify, S as FieldOptions, g as TailorField$1, j as InferredAttributeMap, v as ArrayFieldOutput, w as TailorFieldType, x as FieldMetadata, y as DefinedFieldMetadata, z as output$1 } from "./tailordb-BlBGmQK-.mjs";
-import { F as UserAttributeListKey, I as UserAttributeMap, Q as AllowedValuesOutput, U as TailorDBInstance, W as TailorDBType, Z as AllowedValues, b as IdpDefinitionBrand, g as SecretsDefinitionBrand, i as AppConfig, j as DefinedAuth, k as AuthServiceInput, m as StaticWebsiteInput, n as RetryPolicy, p as StaticWebsiteDefinitionBrand, r as HttpAdapterConfigInput, t as ConcurrencyPolicy, w as IdPInput, y as IdPUserField } from "./workflow.generated-BHdBzgx6.mjs";
+import { F as UserAttributeListKey, I as UserAttributeMap, Q as AllowedValuesOutput, U as TailorDBInstance, W as TailorDBType, Z as AllowedValues, b as IdpDefinitionBrand, g as SecretsDefinitionBrand, i as AppConfig, j as DefinedAuth, k as AuthServiceInput, m as StaticWebsiteInput, n as RetryPolicy, p as StaticWebsiteDefinitionBrand, r as HttpAdapterConfigInput, t as ConcurrencyPolicy, w as IdPInput, y as IdPUserField } from "./workflow.generated-Kz-nQrTf.mjs";
 import { A as IdpUserTrigger$1, C as GeneratorConfig, D as ExecutorInput, F as WebhookOperation$1, I as WorkflowOperation$1, L as AuthInvoker$1, M as ResolverExecutedTrigger$1, N as ScheduleTriggerInput, O as FunctionOperation$1, P as TailorDBTrigger$1, S as ResolverInput, T as AuthAccessTokenTrigger$1, j as IncomingWebhookTrigger$1, k as GqlOperation$1, n as Plugin, w as BaseGeneratorConfig, x as Resolver } from "./plugin-C_FyVSdl.mjs";
 import { n as TailorEnv } from "./env-B-g-qgE4.mjs";
 import { t as TailorActor } from "./actor-J2gJ0eK5.mjs";
@@ -900,6 +900,11 @@ type IdPPermissionCondition<User extends object = InferredAttributeMap, Update e
 type IdPActionPermission<User extends object = InferredAttributeMap, Update extends boolean = boolean> = {
   conditions: IdPPermissionCondition<User, Update> | readonly IdPPermissionCondition<User, Update>[];
   description?: string | undefined;
+  /**
+   * Whether matching users are granted (`true`) or denied (`false`).
+   * Omitting `permit` in this object form defaults to `deny` and emits a
+   * warning; set it explicitly. (The array shorthand defaults to `allow`.)
+   */
   permit?: boolean;
 } | readonly [...IdPPermissionCondition<User, Update>, ...([] | [boolean])] | readonly [...IdPPermissionCondition<User, Update>[], ...([] | [boolean])];
 /**
@@ -1214,4 +1219,4 @@ declare namespace t {
 }
 //#endregion
 export { authAccessTokenIssuedTrigger as $, IncomingWebhookResponseConfig as A, TailorField as At, AuthAccessTokenRevokedArgs as B, defineWaitPoint as C, createWorkflowJob as Ct, IncomingWebhookArgs as D, defineAuth as Dt, Trigger as E, AuthInvoker as Et, ScheduleTrigger as F, IdpUserTrigger as G, IdpUserArgs as H, scheduleTrigger as I, RecordDeletedArgs as J, IdpUserUpdatedArgs as K, AuthAccessTokenArgs as L, IncomingWebhookTriggerOptions as M, MachineUserNameRegistry as Mt, incomingWebhookTrigger as N, IncomingWebhookRequest as O, IdpName as Ot, ScheduleArgs as P, TailorDBTrigger as Q, AuthAccessTokenIssuedArgs as R, WaitPointInstance as S, WorkflowJobContext as St, createExecutor as T, createResolver as Tt, IdpUserCreatedArgs as U, AuthAccessTokenTrigger as V, IdpUserDeletedArgs as W, ResolverExecutedArgs as X, RecordUpdatedArgs as Y, ResolverExecutedTrigger as Z, defineIdp as _, Workflow as _t, defineGenerators as a, idpUserTrigger as at, unsafeAllowAllIdPPermission as b, WORKFLOW_TEST_ENV_KEY as bt, HttpAdapterGraphQLRequest as c, recordDeletedTrigger as ct, HttpAdapterInputFn as d, resolverExecutedTrigger as dt, authAccessTokenRefreshedTrigger as et, HttpAdapterOutputFn as f, FunctionOperation as ft, defineSecretManager as g, WorkflowOperation as gt, createHttpAdapter as h, WebhookOperation as ht, defineConfig as i, idpUserDeletedTrigger as it, IncomingWebhookTrigger as j, MachineUserName as jt, IncomingWebhookResponse as k, IdpNameRegistry as kt, HttpAdapterGraphQLResponse as l, recordTrigger as lt, HttpAdapterResponse as m, Operation as mt, output as n, authAccessTokenTrigger as nt, definePlugins as o, idpUserUpdatedTrigger as ot, HttpAdapterRequest as p, GqlOperation as pt, RecordCreatedArgs as q, t as r, idpUserCreatedTrigger as rt, HttpAdapter as s, recordCreatedTrigger as st, infer as t, authAccessTokenRevokedTrigger as tt, HttpAdapterInput as u, recordUpdatedTrigger as ut, IdPPermission as v, WorkflowConfig as vt, defineWaitPoints as w, QueryType as wt, defineStaticWebSite as x, WorkflowJob as xt, IdPPermissionCondition as y, createWorkflow as yt, AuthAccessTokenRefreshedArgs as z };
-//# sourceMappingURL=index-BW3v5XYC.d.mts.map
+//# sourceMappingURL=index-B61gFI9a.d.mts.map

package/dist/{runtime-B8F1nklz.mjs → runtime-745lvg7i.mjs}

@@ -2,7 +2,7 @@
 import { t as db } from "./schema-DKsNhbav.mjs";
 import { $ as FilterSchema, A as FunctionExecution_Status, B as AuthOAuth2Client_GrantType, C as TailorDBType_Permission_Operator, D as IdPLang, E as PipelineResolver_OperationType, F as AuthConnection_Type, H as AuthSCIMAttribute_Type, I as AuthHookPoint, J as GetApplicationSchemaHealthResponse_ApplicationSchemaHealthStatus, K as TenantProviderConfig_TenantProviderType, L as AuthIDPConfig_AuthType, M as ExecutorJobStatus, N as ExecutorTargetType, O as IdPPermissionOperator, P as ExecutorTriggerType, Q as Condition_Operator, R as AuthInvokerSchema, S as TailorDBGQLPermission_Permit, T as TailorDBType_PermitAction, U as AuthSCIMAttribute_Uniqueness, V as AuthSCIMAttribute_Mutability, W as AuthSCIMConfig_AuthorizationType, X as Subgraph_ServiceType, Y as ApplicationSchemaUpdateAttemptStatus, Z as ConditionSchema, _ as WorkspacePlatformUserRole, a as fetchMachineUserToken, b as TailorDBGQLPermission_Action, d as initOperatorClient, et as PageDirection, g as OperatorService, h as userAgent, i as fetchAll, k as IdPPermissionPermit, m as resolveStaticWebsiteUrls, o as fetchPaged, p as platformBaseUrl, q as UserProfileProviderConfig_UserProfileProviderType, v as WorkflowExecution_Status, w as TailorDBType_Permission_Permit, x as TailorDBGQLPermission_Operator, y as WorkflowJobExecution_Status, z as AuthOAuth2Client_ClientType } from "./client-DLPEPJ_s.mjs";
 import { a as parseBoolean, i as symbols, n as logger, r as styles, t as CIPromptError } from "./logger-DpJyJvNz.mjs";
-import { D as loadWorkspaceId, E as loadConfigPath, O as readPlatformConfig, S as loadConfig, T as loadAccessToken, b as getDistDir, c as createExecutorService, d as buildExecutorArgsExpr, f as buildResolverOperationHookExpr, h as loadFilesWithIgnores, j as writePlatformConfig, m as stringifyFunction, n as generatePluginFilesIfNeeded, p as TailorDBTypeSchema, r as loadApplication, s as HTTP_METHODS, t as defineApplication, x as hashFile, y as createBundleCache } from "./application-YHZIkjdy.mjs";
+import { D as loadWorkspaceId, E as loadConfigPath, O as readPlatformConfig, S as loadConfig, T as loadAccessToken, b as getDistDir, c as createExecutorService, d as buildExecutorArgsExpr, f as buildResolverOperationHookExpr, h as loadFilesWithIgnores, j as writePlatformConfig, m as stringifyFunction, n as generatePluginFilesIfNeeded, p as TailorDBTypeSchema, r as loadApplication, s as HTTP_METHODS, t as defineApplication, x as hashFile, y as createBundleCache } from "./application-DuT_ae02.mjs";
 import { t as multiline } from "./multiline-Cf9ODpr1.mjs";
 import { t as readPackageJson } from "./package-json-DcQApfPQ.mjs";
 import { n as isCLIError, t as createCLIError } from "./errors-EsY4XO6O.mjs";
@@ -3012,6 +3012,25 @@ function parseIdPPermission(rawPermission) {
 	if (!rawPermission) return;
 	return normalizeIdPPermission(rawPermission);
 }
+/**
+* Find object-format IdP permission rules that omit `permit`.
+*
+* Object-format rules default to `deny` when `permit` is omitted, whereas the
+* array shorthand defaults to `allow`. Omitting `permit` on an object rule is
+* therefore an easy way to accidentally deny access you meant to grant, so the
+* CLI warns about these locations to nudge authors toward setting `permit`
+* explicitly.
+* @param permission - Raw IdP permission from user config
+* @returns Locations of offending rules, e.g. `read[0]`
+*/
+function findOmittedPermitRules(permission) {
+	if (!permission) return [];
+	const locations = [];
+	for (const action of Object.keys(permission)) permission[action]?.forEach((rule, index) => {
+		if (isObjectFormat(rule) && rule.permit === void 0) locations.push(`${String(action)}[${index}]`);
+	});
+	return locations;
+}
 
 //#endregion
 //#region src/cli/commands/deploy/idp.ts
@@ -3250,6 +3269,8 @@ async function planServices$3(client, workspaceId, appName, appId, idps, idpUser
 		const publishUserEvents = idp.publishUserEvents ?? isIdpUserTriggerTarget;
 		const emailConfig = idp.emailConfig;
 		if (!idp.permission) logger.warn(`IdP service "${namespaceName}" has no permission configured.`);
+		const omittedPermitLocations = findOmittedPermitRules(idp.permission);
+		if (omittedPermitLocations.length > 0) logger.warn(`IdP service "${namespaceName}" has permission rule(s) ${omittedPermitLocations.join(", ")} in object form without an explicit "permit"; they default to "deny". Set permit: true (allow) or permit: false (deny) to silence this warning.`);
 		const parsedPermission = parseIdPPermission(idp.permission);
 		const protoPermission = parsedPermission ? protoIdPPermission(parsedPermission) : void 0;
 		const desired = normalizeComparableIdPService({
@@ -14494,7 +14515,7 @@ async function generate(options) {
 	if (options.init) await handleInitOption(namespacesWithMigrations, options.yes);
 	let pluginManager;
 	if (plugins.length > 0) pluginManager = new PluginManager(plugins);
-	const { defineApplication } = await import("./application-C9-t0qQb.mjs");
+	const { defineApplication } = await import("./application-CC3oaSay.mjs");
 	const application = defineApplication({
 		config,
 		pluginManager
@@ -16687,4 +16708,4 @@ function isDeno() {
 
 //#endregion
 export { listCommand$5 as $, compareSnapshots as $t, truncate as A, workspaceArgs as An, startCommand as At, logBetaWarning as B, getExecutor as Bt, listCommand$2 as C, configArg as Cn, triggerExecutor as Ct, resumeWorkflow as D, pagedLogArgs as Dn, jobsCommand as Dt, resumeCommand as E, isVerbose as En, getExecutorJob as Et, writeDbTypesFile as F, getWorkflowExecution as Ft, organizationTree as G, parseMigrationLabelNumber as Gt, removeCommand$1 as H, executeScript as Ht, getConfiguredEditorCommand as I, listWorkflowExecutions as It, listOrganizations as J, DIFF_FILE_NAME as Jt, treeCommand as K, bundleMigrationScript as Kt, openInConfiguredEditor as L, functionExecutionStatusToString as Lt, generate as M, getCommand$5 as Mt, generateCommand as N, getWorkflow as Nt, listCommand$3 as O, paginationArgs as On, listExecutorJobs as Ot, generateMigrationScript as P, executionsCommand as Pt, updateFolder as Q, compareLocalTypesWithSnapshot as Qt, show as R, formatKeyValueTable as Rt, listApps as S, commonArgs as Sn, triggerCommand as St, healthCommand as T, deploymentArgs as Tn, listExecutors as Tt, updateCommand$1 as U, waitForExecution$1 as Ut, remove as V, deploy as Vt, updateOrganization as W, MIGRATION_LABEL_KEY as Wt, getOrganization as X, MIGRATE_FILE_NAME as Xt, getCommand$1 as Y, INITIAL_SCHEMA_NUMBER as Yt, updateCommand$2 as Z, SCHEMA_FILE_NAME as Zt, getWorkspace as _, prompt as _n, listFunctionRegistries as _t, updateUser as a, getNextMigrationNumber as an, createCommand$1 as at, createCommand as b, assertWritable as bn, listWebhookExecutors as bt, listCommand as c, reconstructSnapshotFromMigrations as cn, listOAuth2Clients as ct, inviteUser as d, formatMigrationDiff as dn, getMachineUserToken as dt, createSnapshotFromLocalTypes as en, listFolders as et, restoreCommand as f, hasChanges as fn, tokenCommand as ft, getCommand as g, generateUserTypes as gn, listCommand$8 as gt, listWorkspaces as h, trnPrefix as hn, generate$1 as ht, updateCommand as i, getMigrationFiles as in, deleteFolder as it, truncateCommand as j, startWorkflow as jt, listWorkflows as k, toPageDirection as kn, watchExecutorJob as kt, listUsers as l, formatMigrationNumber as ln, getCommand$3 as lt, listCommand$1 as m, sdkNameLabelKey as mn, listMachineUsers as mt, query as n, getMigrationDirPath as nn, getFolder as nt, removeCommand as o, isValidMigrationNumber as on, createFolder as ot, restoreWorkspace as p, getNamespacesWithMigrations as pn, listCommand$7 as pt, listCommand$4 as q, DB_TYPES_FILE_NAME as qt, queryCommand as r, getMigrationFilePath as rn, deleteCommand$1 as rt, removeUser as s, loadDiff as sn, listCommand$6 as st, isNativeTypeScriptRuntime as t, getLatestMigrationNumber as tn, getCommand$2 as tt, inviteCommand as u, formatDiffSummary as un, getOAuth2Client as ut, deleteCommand as v, apiCommand as vn, getCommand$4 as vt, getAppHealth as w, confirmationArgs as wn, listCommand$9 as wt, createWorkspace as x, defineAppCommand as xn, webhookCommand as xt, deleteWorkspace as y, apiCall as yn, getFunctionRegistry as yt, showCommand as z, getCommand$6 as zt };
-//# sourceMappingURL=runtime-B8F1nklz.mjs.map
+//# sourceMappingURL=runtime-745lvg7i.mjs.map