@tailor-platform/sdk 1.57.0 → 1.59.0

package/dist/{runtime-1YuaoNr8.mjs → runtime-CrUa8Z2k.mjs}

@@ -1,8 +1,8 @@
 
 import { t as db } from "./schema-DKsNhbav.mjs";
-import { $ as FilterSchema, A as FunctionExecution_Status, B as AuthOAuth2Client_GrantType, C as TailorDBType_Permission_Operator, D as IdPLang, E as PipelineResolver_OperationType, F as AuthConnection_Type, H as AuthSCIMAttribute_Type, I as AuthHookPoint, J as GetApplicationSchemaHealthResponse_ApplicationSchemaHealthStatus, K as TenantProviderConfig_TenantProviderType, L as AuthIDPConfig_AuthType, M as ExecutorJobStatus, N as ExecutorTargetType, O as IdPPermissionOperator, P as ExecutorTriggerType, Q as Condition_Operator, R as AuthInvokerSchema, S as TailorDBGQLPermission_Permit, T as TailorDBType_PermitAction, U as AuthSCIMAttribute_Uniqueness, V as AuthSCIMAttribute_Mutability, W as AuthSCIMConfig_AuthorizationType, X as Subgraph_ServiceType, Y as ApplicationSchemaUpdateAttemptStatus, Z as ConditionSchema, _ as WorkspacePlatformUserRole, a as fetchMachineUserToken, b as TailorDBGQLPermission_Action, d as initOperatorClient, et as PageDirection, g as OperatorService, h as userAgent, i as fetchAll, k as IdPPermissionPermit, m as resolveStaticWebsiteUrls, o as fetchPaged, p as platformBaseUrl, q as UserProfileProviderConfig_UserProfileProviderType, v as WorkflowExecution_Status, w as TailorDBType_Permission_Permit, x as TailorDBGQLPermission_Operator, y as WorkflowJobExecution_Status, z as AuthOAuth2Client_ClientType } from "./client-DLPEPJ_s.mjs";
+import { $ as Subgraph_ServiceType, A as IdPLang, B as AuthIDPConfig_AuthType, C as TailorDBGQLPermission_Operator, D as TailorDBType_PermitAction, E as TailorDBType_Permission_Permit, F as ExecutorJobStatus, G as AuthSCIMAttribute_Type, H as AuthOAuth2Client_ClientType, I as ExecutorTargetType, K as AuthSCIMAttribute_Uniqueness, L as ExecutorTriggerType, M as IdPPermissionPermit, N as FunctionExecution_Status, Q as ApplicationSchemaUpdateAttemptStatus, R as AuthConnection_Type, S as TailorDBGQLPermission_Action, T as TailorDBType_Permission_Operator, U as AuthOAuth2Client_GrantType, V as AuthInvokerSchema, W as AuthSCIMAttribute_Mutability, X as UserProfileProviderConfig_UserProfileProviderType, Y as TenantProviderConfig_TenantProviderType, Z as GetApplicationSchemaHealthResponse_ApplicationSchemaHealthStatus, _ as userAgent, a as fetchAll, b as WorkflowExecution_Status, et as ConditionSchema, f as initOperatorClient, h as resolveStaticWebsiteUrls, j as IdPPermissionOperator, k as PipelineResolver_OperationType, m as platformBaseUrl, nt as FilterSchema, o as fetchMachineUserToken, q as AuthSCIMConfig_AuthorizationType, rt as PageDirection, s as fetchPaged, tt as Condition_Operator, v as OperatorService, w as TailorDBGQLPermission_Permit, x as WorkflowJobExecution_Status, y as WorkspacePlatformUserRole, z as AuthHookPoint } from "./client-W5P4NYYX.mjs";
 import { a as parseBoolean, i as symbols, n as logger, r as styles, t as CIPromptError } from "./logger-DpJyJvNz.mjs";
-import { C as loadConfig, D as loadConfigPath, E as loadAccessToken, M as writePlatformConfig, O as loadWorkspaceId, S as hashFile, b as getDistDir, c as createExecutorService, d as buildExecutorArgsExpr, f as buildResolverOperationHookExpr, h as loadFilesWithIgnores, k as readPlatformConfig, m as stringifyFunction, n as generatePluginFilesIfNeeded, p as TailorDBTypeSchema, r as loadApplication, s as HTTP_METHODS, t as defineApplication, y as createBundleCache } from "./application-CdkoGX27.mjs";
+import { A as readPlatformConfig, C as hashFile, D as loadAccessToken, N as writePlatformConfig, O as loadConfigPath, b as createBundleCache, c as createExecutorService, d as buildExecutorArgsExpr, f as buildResolverOperationHookExpr, g as platformBundleDefinePlugin, h as loadFilesWithIgnores, k as loadWorkspaceId, m as stringifyFunction, n as generatePluginFilesIfNeeded, p as TailorDBTypeSchema, r as loadApplication, s as HTTP_METHODS, t as defineApplication, w as loadConfig, x as getDistDir } from "./application-FnWOxBk7.mjs";
 import { t as multiline } from "./multiline-Cf9ODpr1.mjs";
 import { t as readPackageJson } from "./package-json-DcQApfPQ.mjs";
 import { n as isCLIError, t as createCLIError } from "./errors-EsY4XO6O.mjs";
@@ -337,7 +337,7 @@ async function apiCall(options) {
 //#region src/cli/commands/api/proto-reflect.ts
 const UNARY_METHODS = OperatorService.methods.filter((m) => m.methodKind === "unary");
 function listMethodNames() {
-	return UNARY_METHODS.map((m) => m.name).sort();
+	return UNARY_METHODS.map((m) => m.name).toSorted();
 }
 /**
 * Returns every accepted form of the `endpoint` positional — bare method name
@@ -348,7 +348,7 @@ function listMethodNames() {
 * @returns Sorted list of accepted endpoint values
 */
 function listMethodChoices() {
-	return UNARY_METHODS.flatMap((m) => [m.name, `${OperatorService.typeName}/${m.name}`]).sort();
+	return UNARY_METHODS.flatMap((m) => [m.name, `${OperatorService.typeName}/${m.name}`]).toSorted();
 }
 function getMethodDescriptor(methodName) {
 	return UNARY_METHODS.find((m) => m.name === methodName);
@@ -636,7 +636,7 @@ const inspectCommand = defineAppCommand({
 const listCommand$10 = defineAppCommand({
 	name: "list",
 	description: "List all invocable OperatorService methods.",
-	notes: "Only unary RPCs are listed; streaming methods are excluded because `tailor-sdk api run` issues a single JSON POST and reads one JSON response.",
+	notes: "Only single-request (non-streaming) methods are listed, because the CLI issues a single JSON request and reads one JSON response.",
 	args: z.object({}).strict(),
 	run: () => {
 		const names = listMethodNames();
@@ -793,7 +793,7 @@ const apiCommand = defineAppCommand({
 	description: "Call Tailor Platform API endpoints directly.",
 	notes: `Use \`tailor-sdk api list\` to enumerate invocable methods and \`tailor-sdk api inspect <endpoint>\` to print an endpoint's input message tree (combine with \`--json\` for machine-readable output).
 
-The request body is inferred from the proto definition of the target endpoint, and commonly required fields are auto-injected so they can be omitted from \`--body\`:
+The request body is inferred from the target endpoint's request schema, and commonly required fields are auto-injected so they can be omitted from \`--body\`:
 
 - \`workspaceId\` — resolved from \`-w\` / \`TAILOR_PLATFORM_WORKSPACE_ID\` / the selected profile.
 - \`namespaceName\` — resolved from \`tailor.config.ts\` based on the endpoint's service:
@@ -802,7 +802,7 @@ The request body is inferred from the proto definition of the target endpoint, a
 
 Values already present in \`--body\` are never overridden. If a value cannot be resolved (e.g. no config found), injection is silently skipped and the server-side validation error takes precedence.
 
-Use \`--field key=value\` (repeatable) to set request body fields without writing JSON. Dotted keys (e.g. \`application.name=foo\`) build nested objects. \`--field\` overrides matching fields in \`--body\` and tab-completes from the endpoint's proto schema.`,
+Use \`--field key=value\` (repeatable) to set request body fields without writing JSON. Dotted keys (e.g. \`application.name=foo\`) build nested objects. \`--field\` overrides matching fields in \`--body\` and tab-completes from the endpoint's request schema.`,
 	examples: [
 		{
 			cmd: "GetApplication -b '{\"applicationName\":\"app-1\"}'",
@@ -1694,7 +1694,7 @@ function formatPlanSummary(summary) {
 */
 function stableStringify(value) {
 	if (Array.isArray(value)) return `[${value.map((item) => item === void 0 ? "null" : stableStringify(item)).join(",")}]`;
-	if (value && typeof value === "object") return `{${Object.entries(value).filter(([key, entryValue]) => key !== "$typeName" && entryValue !== void 0).sort(([left], [right]) => left.localeCompare(right)).map(([key, entryValue]) => `${JSON.stringify(key)}:${stableStringify(entryValue)}`).join(",")}}`;
+	if (value && typeof value === "object") return `{${Object.entries(value).filter(([key, entryValue]) => key !== "$typeName" && entryValue !== void 0).toSorted(([left], [right]) => left.localeCompare(right)).map(([key, entryValue]) => `${JSON.stringify(key)}:${stableStringify(entryValue)}`).join(",")}}`;
 	if (typeof value === "bigint") return JSON.stringify(value.toString());
 	return JSON.stringify(value);
 }
@@ -1713,7 +1713,7 @@ function normalizeProtoConfig(value) {
 * @returns Sorted values
 */
 function normalizeStringArray(values) {
-	return [...values ?? []].sort();
+	return (values ?? []).toSorted();
 }
 /**
 * Compare two values after proto normalization.
@@ -1735,6 +1735,16 @@ function areNormalizedEqual(left, right) {
 function trnPrefix(workspaceId) {
 	return `trn:v1:workspace:${workspaceId}`;
 }
+/**
+* Build the TRN for a workspace resource.
+* @param workspaceId - Workspace ID
+* @param kind - Resource kind segment
+* @param name - Resource name
+* @returns Fully-qualified TRN string
+*/
+function resourceTrn(workspaceId, kind, name) {
+	return `${trnPrefix(workspaceId)}:${kind}:${name}`;
+}
 const sdkNameLabelKey = "sdk-name";
 const sdkVersionLabelKey = "sdk-version";
 const sdkAppIdLabelKey = "sdk-app-id";
@@ -1784,7 +1794,7 @@ async function buildMetaRequest(params) {
 	return {
 		trn,
 		labels: {
-			...existingLabels ?? {},
+			...existingLabels,
 			[sdkNameLabelKey]: appName,
 			[sdkVersionLabelKey]: sdkVersion,
 			...appId ? { [sdkAppIdLabelKey]: toAppIdLabelValue(appId) } : {}
@@ -1817,17 +1827,14 @@ async function applyApplication(client, changeSet, phase = "create-update") {
 		await client.deleteApplication(del.request);
 	}));
 }
-function trn$6(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:application:${name}`;
-}
 function sortStrings(values) {
-	return [...values ?? []].sort();
+	return (values ?? []).toSorted();
 }
 function normalizeSubgraphs(subgraphs) {
 	return [...subgraphs ?? []].map((subgraph) => ({
 		serviceType: subgraph.serviceType,
 		serviceNamespace: subgraph.serviceNamespace ?? ""
-	})).sort((left, right) => {
+	})).toSorted((left, right) => {
 		if (left.serviceType !== right.serviceType) return left.serviceType - right.serviceType;
 		return left.serviceNamespace.localeCompare(right.serviceNamespace);
 	});
@@ -1841,7 +1848,7 @@ function normalizeHttpAdapters(httpAdapters) {
 		outputScript: adapter.outputScript ?? "",
 		enabled: adapter.enabled ?? true,
 		priority: adapter.priority ?? 0
-	})).sort((left, right) => left.name.localeCompare(right.name));
+	})).toSorted((left, right) => left.name.localeCompare(right.name));
 }
 function toComparableApplication(input) {
 	return {
@@ -1944,7 +1951,7 @@ async function planApplication(context, httpAdapterBuildResult) {
 		if (idpConfigs.length > 0) authIdpConfigName = idpConfigs[0].name;
 	}
 	const metaRequest = await buildMetaRequest({
-		trn: trn$6(workspaceId, application.name),
+		trn: resourceTrn(workspaceId, "application", application.name),
 		appName: application.name,
 		appId: application.id
 	});
@@ -2003,7 +2010,7 @@ async function planApplication(context, httpAdapterBuildResult) {
 }
 async function fetchAppLabels(client, workspaceId, appName) {
 	try {
-		const { metadata } = await client.getMetadata({ trn: trn$6(workspaceId, appName) });
+		const { metadata } = await client.getMetadata({ trn: resourceTrn(workspaceId, "application", appName) });
 		return metadata?.labels;
 	} catch (error) {
 		if (error instanceof ConnectError && error.code === Code.NotFound) return;
@@ -2038,7 +2045,7 @@ function diffHttpAdapterDisplay(existingAdapters, desiredAdapters) {
 		name,
 		symbol: symbols.delete
 	});
-	return entries.sort((left, right) => left.name.localeCompare(right.name)).map((entry) => `${entry.symbol} ${entry.name} (httpAdapter)`);
+	return entries.toSorted((left, right) => left.name.localeCompare(right.name)).map((entry) => `${entry.symbol} ${entry.name} (httpAdapter)`);
 }
 function buildHttpAdapters(application, httpAdapterBuildResult) {
 	const adapters = application.httpAdapterService?.adapters ?? [];
@@ -2133,9 +2140,6 @@ function hashValue(value) {
 
 //#endregion
 //#region src/cli/commands/deploy/auth-connection.ts
-function connectionTrn(workspaceId, name) {
-	return `${trnPrefix(workspaceId)}:auth_connection:${name}`;
-}
 function buildConnectionRequest(workspaceId, name, config) {
 	return {
 		workspaceId,
@@ -2203,7 +2207,7 @@ async function planAuthConnections(client, workspaceId, appName, appId, auths) {
 	});
 	const existingConnections = {};
 	await Promise.all(existingList.map(async (resource) => {
-		const { metadata } = await client.getMetadata({ trn: connectionTrn(workspaceId, resource.name) });
+		const { metadata } = await client.getMetadata({ trn: resourceTrn(workspaceId, "auth_connection", resource.name) });
 		existingConnections[resource.name] = {
 			resource,
 			label: metadata?.labels[sdkNameLabelKey],
@@ -2214,7 +2218,7 @@ async function planAuthConnections(client, workspaceId, appName, appId, auths) {
 	for (const [name, config] of Object.entries(desiredConnections)) {
 		const existing = existingConnections[name];
 		const metaRequest = await buildMetaRequest({
-			trn: connectionTrn(workspaceId, name),
+			trn: resourceTrn(workspaceId, "auth_connection", name),
 			appName,
 			appId
 		});
@@ -2232,7 +2236,7 @@ async function planAuthConnections(client, workspaceId, appName, appId, auths) {
 			const storedHash = state.connections?.[name];
 			if (hasNonSecretFieldChanged(existing.resource, config) || currentHash !== storedHash) changeSet.replaces.push({
 				name,
-				revokeRequest: {
+				deleteRequest: {
 					workspaceId,
 					connectionName: name
 				},
@@ -2302,7 +2306,7 @@ async function applyAuthConnections(client, result, phase) {
 			await client.setMetadata(create.metaRequest);
 		}));
 		for (const replace of changeSet.replaces) {
-			await client.revokeAuthConnection(replace.revokeRequest);
+			await client.deleteAuthConnection(replace.deleteRequest);
 			await client.createAuthConnection(replace.createRequest);
 			await client.setMetadata(replace.metaRequest);
 		}
@@ -2322,7 +2326,7 @@ async function applyAuthConnections(client, result, phase) {
 		saveSecretsState(state);
 	} else if (phase === "delete-resources" || phase === "delete") {
 		await Promise.all(changeSet.deletes.map(async (del) => {
-			await client.revokeAuthConnection(del.request);
+			await client.deleteAuthConnection(del.request);
 		}));
 		if (changeSet.deletes.length > 0) {
 			const state = loadSecretsState();
@@ -2345,9 +2349,6 @@ const CHUNK_SIZE = 64 * 1024;
 function computeContentHash(content) {
 	return crypto$1.createHash("sha256").update(content, "utf-8").digest("hex");
 }
-function functionRegistryTrn$1(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:function_registry:${name}`;
-}
 const RESOLVER_PREFIX = "resolver--";
 const EXECUTOR_PREFIX = "executor--";
 const WORKFLOW_PREFIX = "workflow--";
@@ -2539,7 +2540,7 @@ async function planFunctionRegistry(client, workspaceId, appName, appId, entries
 	});
 	const existingMap = {};
 	await Promise.all(existingFunctions.map(async (func) => {
-		const { metadata } = await client.getMetadata({ trn: functionRegistryTrn$1(workspaceId, func.name) });
+		const { metadata } = await client.getMetadata({ trn: resourceTrn(workspaceId, "function_registry", func.name) });
 		existingMap[func.name] = {
 			resource: func,
 			label: metadata?.labels[sdkNameLabelKey],
@@ -2549,7 +2550,7 @@ async function planFunctionRegistry(client, workspaceId, appName, appId, entries
 	for (const entry of entries) {
 		const existing = existingMap[entry.name];
 		const metaRequest = await buildMetaRequest({
-			trn: functionRegistryTrn$1(workspaceId, entry.name),
+			trn: resourceTrn(workspaceId, "function_registry", entry.name),
 			appName,
 			appId
 		});
@@ -3104,9 +3105,6 @@ async function planIdP(context) {
 		resourceOwners
 	};
 }
-function trn$5(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:idp:${name}`;
-}
 function normalizeComparableUserAuthPolicy(policy) {
 	return {
 		useNonEmailIdentifier: policy?.useNonEmailIdentifier ?? false,
@@ -3117,7 +3115,7 @@ function normalizeComparableUserAuthPolicy(policy) {
 		passwordRequireNumeric: policy?.passwordRequireNumeric ?? false,
 		passwordMinLength: policy?.passwordMinLength ?? 0,
 		passwordMaxLength: policy?.passwordMaxLength ?? 0,
-		allowedEmailDomains: [...policy?.allowedEmailDomains ?? []].sort(),
+		allowedEmailDomains: (policy?.allowedEmailDomains ?? []).toSorted(),
 		allowGoogleOauth: policy?.allowGoogleOauth ?? false,
 		disablePasswordAuth: policy?.disablePasswordAuth ?? false,
 		allowMicrosoftOauth: policy?.allowMicrosoftOauth ?? false
@@ -3201,7 +3199,7 @@ async function planServices$3(client, workspaceId, appName, appId, idps, idpUser
 	const existingServices = {};
 	await Promise.all(withoutLabel.map(async (resource) => {
 		if (!resource.namespace?.name) return;
-		const { metadata } = await client.getMetadata({ trn: trn$5(workspaceId, resource.namespace.name) });
+		const { metadata } = await client.getMetadata({ trn: resourceTrn(workspaceId, "idp", resource.namespace.name) });
 		existingServices[resource.namespace.name] = {
 			resource,
 			label: metadata?.labels[sdkNameLabelKey],
@@ -3212,7 +3210,7 @@ async function planServices$3(client, workspaceId, appName, appId, idps, idpUser
 		const namespaceName = idp.name;
 		const existing = existingServices[namespaceName];
 		const metaRequest = await buildMetaRequest({
-			trn: trn$5(workspaceId, namespaceName),
+			trn: resourceTrn(workspaceId, "idp", namespaceName),
 			appName,
 			appId
 		});
@@ -3571,9 +3569,6 @@ async function planAuth(context) {
 		resourceOwners: new Set([...resourceOwners, ...connectionResult.resourceOwners])
 	};
 }
-function trn$4(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:auth:${name}`;
-}
 async function planServices$2(client, workspaceId, appName, appId, auths, forceApplyAll = false) {
 	const changeSet = createChangeSet("Auth services");
 	const conflicts = [];
@@ -3595,7 +3590,7 @@ async function planServices$2(client, workspaceId, appName, appId, auths, forceA
 	const existingServices = {};
 	await Promise.all(withoutLabel.map(async (resource) => {
 		if (!resource.namespace?.name) return;
-		const { metadata } = await client.getMetadata({ trn: trn$4(workspaceId, resource.namespace.name) });
+		const { metadata } = await client.getMetadata({ trn: resourceTrn(workspaceId, "auth", resource.namespace.name) });
 		existingServices[resource.namespace.name] = {
 			resource,
 			label: metadata?.labels[sdkNameLabelKey],
@@ -3606,7 +3601,7 @@ async function planServices$2(client, workspaceId, appName, appId, auths, forceA
 		const { config } = auth;
 		const existing = existingServices[config.name];
 		const metaRequest = await buildMetaRequest({
-			trn: trn$4(workspaceId, config.name),
+			trn: resourceTrn(workspaceId, "auth", config.name),
 			appName,
 			appId
 		});
@@ -3764,7 +3759,7 @@ function normalizeComparableAuthIdPConfig(idpConfig) {
 		config: configCase === "oidc" ? { config: {
 			case: "oidc",
 			value: {
-				...oidcValue ?? {},
+				...oidcValue,
 				issuerUrl: oidcValue && "issuerUrl" in oidcValue ? oidcValue.issuerUrl || void 0 : void 0
 			}
 		} } : idpConfig.config
@@ -4152,7 +4147,7 @@ function normalizeComparableOAuth2Client(client) {
 		...client,
 		description: client.description || void 0,
 		redirectUris: normalizeStringArray(client.redirectUris),
-		grantTypes: [...client.grantTypes ?? []].sort((left, right) => left - right),
+		grantTypes: (client.grantTypes ?? []).toSorted((left, right) => left - right),
 		accessTokenLifetime: accessTokenLifetime ?? 86400,
 		refreshTokenLifetime: refreshTokenLifetime ?? 604800,
 		requireDpop: client.requireDpop ?? false
@@ -4934,9 +4929,6 @@ async function applyExecutor(client, result, phase = "create-update") {
 	})]);
 	else if (phase === "delete") await Promise.all(changeSet.deletes.map((del) => client.deleteExecutorExecutor(del.request)));
 }
-function trn$3(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:executor:${name}`;
-}
 /**
 * Plan executor-related changes based on current and desired state.
 * @param context - Planning context
@@ -4960,13 +4952,13 @@ async function planExecutor(context) {
 			return [executors, nextPageToken];
 		},
 		getName: (resource) => resource.name,
-		getTrn: trn$3
+		getTrn: (workspaceId, name) => resourceTrn(workspaceId, "executor", name)
 	});
 	const executors = forRemoval ? {} : await application.executorService?.loadExecutors() ?? {};
 	for (const executor of Object.values(executors)) {
 		const existing = existingExecutors[executor.name];
 		const metaRequest = await buildMetaRequest({
-			trn: trn$3(workspaceId, executor.name),
+			trn: resourceTrn(workspaceId, "executor", executor.name),
 			appName: application.name,
 			appId: application.id
 		});
@@ -5051,7 +5043,7 @@ function formatExecutorChangeEntries(changeSet, executors, functionRegistryExecu
 }
 function normalizeComparableExecutor(executor) {
 	const normalized = normalizeProtoConfig(executor) ?? {};
-	const webhookHeaders = normalized.targetConfig?.config?.case === "webhook" ? [...normalized.targetConfig.config.value.headers ?? []].sort((left, right) => (left.key ?? "").localeCompare(right.key ?? "")) : void 0;
+	const webhookHeaders = normalized.targetConfig?.config?.case === "webhook" ? (normalized.targetConfig.config.value.headers ?? []).toSorted((left, right) => (left.key ?? "").localeCompare(right.key ?? "")) : void 0;
 	const triggerConfig = normalized.triggerConfig?.config?.case === "incomingWebhook" ? {
 		...normalized.triggerConfig,
 		config: {
@@ -5182,10 +5174,10 @@ function protoExecutor(application, executor) {
 			triggerType = ExecutorTriggerType.INCOMING_WEBHOOK;
 			triggerConfig = { config: {
 				case: "incomingWebhook",
-				value: { ...trigger.response ? { response: {
+				value: trigger.response ? { response: {
 					...trigger.response.body ? { body: { expr: `(${stringifyFunction(trigger.response.body)})(${argsExpr})` } } : {},
 					...trigger.response.statusCode != null ? { statusCode: trigger.response.statusCode } : {}
-				} } : {} }
+				} } : {}
 			} };
 			break;
 		case "idpUser":
@@ -5380,9 +5372,6 @@ async function planPipeline(context) {
 		resourceOwners
 	};
 }
-function trn$2(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:pipeline:${name}`;
-}
 async function planServices$1(client, workspaceId, appName, appId, pipelines) {
 	const changeSet = createChangeSet("Pipeline services");
 	const conflicts = [];
@@ -5404,7 +5393,7 @@ async function planServices$1(client, workspaceId, appName, appId, pipelines) {
 	const existingServices = {};
 	await Promise.all(withoutLabel.map(async (resource) => {
 		if (!resource.namespace?.name) return;
-		const { metadata } = await client.getMetadata({ trn: trn$2(workspaceId, resource.namespace.name) });
+		const { metadata } = await client.getMetadata({ trn: resourceTrn(workspaceId, "pipeline", resource.namespace.name) });
 		existingServices[resource.namespace.name] = {
 			resource,
 			label: metadata?.labels[sdkNameLabelKey],
@@ -5414,7 +5403,7 @@ async function planServices$1(client, workspaceId, appName, appId, pipelines) {
 	for (const pipeline of pipelines) {
 		const existing = existingServices[pipeline.namespace];
 		const metaRequest = await buildMetaRequest({
-			trn: trn$2(workspaceId, pipeline.namespace),
+			trn: resourceTrn(workspaceId, "pipeline", pipeline.namespace),
 			appName,
 			appId
 		});
@@ -5702,7 +5691,7 @@ async function planSecretManager(context) {
 	});
 	const existingVaults = {};
 	await Promise.all(existingVaultList.map(async (resource) => {
-		const { metadata } = await client.getMetadata({ trn: vaultTrn$1(workspaceId, resource.name) });
+		const { metadata } = await client.getMetadata({ trn: resourceTrn(workspaceId, "vault", resource.name) });
 		existingVaults[resource.name] = {
 			resource,
 			label: metadata?.labels[sdkNameLabelKey],
@@ -5716,7 +5705,7 @@ async function planSecretManager(context) {
 		const existing = existingVaults[vaultName];
 		if (existing) {
 			const metaRequest = await buildMetaRequest({
-				trn: vaultTrn$1(workspaceId, vaultName),
+				trn: resourceTrn(workspaceId, "vault", vaultName),
 				appName: application.name,
 				appId: application.id
 			});
@@ -5829,9 +5818,6 @@ async function planSecretManager(context) {
 		resourceOwners
 	};
 }
-function vaultTrn$1(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:vault:${name}`;
-}
 /**
 * Apply secret manager changes for the given phase.
 * @param client - Operator client instance
@@ -5850,7 +5836,7 @@ async function applySecretManager(client, result, phase = "create-update", appli
 			});
 			if (application) {
 				const metaRequest = await buildMetaRequest({
-					trn: vaultTrn$1(create.workspaceId, create.name),
+					trn: resourceTrn(create.workspaceId, "vault", create.name),
 					appName: application.name,
 					appId: application.id
 				});
@@ -5859,7 +5845,7 @@ async function applySecretManager(client, result, phase = "create-update", appli
 		}));
 		if (application) await Promise.all(vaultChangeSet.updates.map(async (update) => {
 			const metaRequest = await buildMetaRequest({
-				trn: vaultTrn$1(update.workspaceId, update.name),
+				trn: resourceTrn(update.workspaceId, "vault", update.name),
 				appName: application.name,
 				appId: application.id
 			});
@@ -5917,23 +5903,28 @@ async function applySecretManager(client, result, phase = "create-update", appli
 * @returns Promise that resolves when static websites are applied
 */
 async function applyStaticWebsite(client, result, phase = "create-update") {
-	const { changeSet } = result;
-	if (phase === "create-update") await Promise.all([...changeSet.creates.map(async (create) => {
-		await client.createStaticWebsite(create.request);
-		await client.setMetadata(create.metaRequest);
-	}), ...changeSet.updates.map(async (update) => {
-		await client.updateStaticWebsite(update.request);
-		await client.setMetadata(update.metaRequest);
-	})]);
-	else if (phase === "delete") await Promise.all(changeSet.deletes.map((del) => client.deleteStaticWebsite(del.request)));
+	const { changeSet, customDomainChangeSet } = result;
+	if (phase === "create-update") {
+		await Promise.all([...changeSet.creates.map(async (create) => {
+			await client.createStaticWebsite(create.request);
+			await client.setMetadata(create.metaRequest);
+		}), ...changeSet.updates.map(async (update) => {
+			await client.updateStaticWebsite(update.request);
+			await client.setMetadata(update.metaRequest);
+		})]);
+		await Promise.all([...customDomainChangeSet.creates.map(async (add) => {
+			await client.addCustomDomain(add.request);
+			await client.setMetadata(add.metaRequest);
+		}), ...customDomainChangeSet.deletes.map((del) => client.removeCustomDomain(del.request))]);
+	} else if (phase === "delete") await Promise.all(changeSet.deletes.map((del) => client.deleteStaticWebsite(del.request)));
 }
-function trn$1(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:staticwebsite:${name}`;
+function customDomainTrn(workspaceId, websiteName, domain) {
+	return `trn:v1:workspace:${workspaceId}:staticwebsite:${websiteName}:custom_domain:${domain}`;
 }
 function normalizeComparableStaticWebsiteShape(input) {
 	return {
 		description: input.description,
-		allowedIpAddresses: [...input.allowedIpAddresses].sort()
+		allowedIpAddresses: input.allowedIpAddresses.toSorted()
 	};
 }
 function normalizeComparableStaticWebsite(input) {
@@ -5953,6 +5944,7 @@ function areStaticWebsitesEqual(existing, desired) {
 async function planStaticWebsite(context) {
 	const { client, workspaceId, application, forRemoval } = context;
 	const changeSet = createChangeSet("StaticWebsites");
+	const customDomainChangeSet = createChangeSet("CustomDomains");
 	const conflicts = [];
 	const unmanaged = [];
 	const resourceOwners = /* @__PURE__ */ new Set();
@@ -5968,15 +5960,16 @@ async function planStaticWebsite(context) {
 			return [staticwebsites, nextPageToken];
 		},
 		getName: (resource) => resource.name,
-		getTrn: trn$1
+		getTrn: (workspaceId, name) => resourceTrn(workspaceId, "staticwebsite", name)
 	});
+	const ownedWebsiteNames = /* @__PURE__ */ new Set();
 	const staticWebsiteServices = forRemoval ? [] : application.staticWebsiteServices;
 	for (const websiteService of staticWebsiteServices) {
 		const config = websiteService;
 		const name = websiteService.name;
 		const existing = existingWebsites[name];
 		const metaRequest = await buildMetaRequest({
-			trn: trn$1(workspaceId, name),
+			trn: resourceTrn(workspaceId, "staticwebsite", name),
 			appName: application.name,
 			appId: application.id
 		});
@@ -5990,7 +5983,7 @@ async function planStaticWebsite(context) {
 			}
 		};
 		if (existing) {
-			if (trackDesiredResourceOwnership({
+			const owned = trackDesiredResourceOwnership({
 				labels: existing.allLabels,
 				ownerLabel: existing.label,
 				appName: application.name,
@@ -5999,18 +5992,23 @@ async function planStaticWebsite(context) {
 				resourceName: name,
 				conflicts,
 				unmanaged
-			}) && hasMatchingSdkVersion(existing.allLabels, metaRequest.labels) && areStaticWebsitesEqual(existing.resource, desired)) changeSet.unchanged.push({ name });
+			});
+			if (owned && hasMatchingSdkVersion(existing.allLabels, metaRequest.labels) && areStaticWebsitesEqual(existing.resource, desired)) changeSet.unchanged.push({ name });
 			else changeSet.updates.push({
 				name,
 				request,
 				metaRequest
 			});
+			if (owned) ownedWebsiteNames.add(name);
 			delete existingWebsites[name];
-		} else changeSet.creates.push({
-			name,
-			request,
-			metaRequest
-		});
+		} else {
+			changeSet.creates.push({
+				name,
+				request,
+				metaRequest
+			});
+			ownedWebsiteNames.add(name);
+		}
 	}
 	Object.entries(existingWebsites).forEach(([name]) => {
 		const entry = existingWebsites[name];
@@ -6029,8 +6027,63 @@ async function planStaticWebsite(context) {
 			}
 		});
 	});
+	const desiredDomainsByWebsite = /* @__PURE__ */ new Map();
+	for (const service of staticWebsiteServices) if (service.customDomains !== void 0 && ownedWebsiteNames.has(service.name)) desiredDomainsByWebsite.set(service.name, service.customDomains);
+	const existingDomainsByWebsite = /* @__PURE__ */ new Map();
+	const websitesToFetchDomains = [...ownedWebsiteNames].filter((name) => !changeSet.creates.some((c) => c.name === name));
+	await Promise.all(websitesToFetchDomains.map(async (name) => {
+		try {
+			const { customDomains } = await client.listCustomDomains({
+				workspaceId,
+				staticWebsiteName: name
+			});
+			const domainsWithLabels = await Promise.all(customDomains.map(async (d) => {
+				const { metadata } = await client.getMetadata({ trn: customDomainTrn(workspaceId, name, d.domain) });
+				return {
+					domain: d.domain,
+					allLabels: metadata?.labels
+				};
+			}));
+			existingDomainsByWebsite.set(name, domainsWithLabels);
+		} catch (error) {
+			if (error instanceof ConnectError && error.code === Code.NotFound) return;
+			throw error;
+		}
+	}));
+	for (const name of ownedWebsiteNames) {
+		const desired = new Set(desiredDomainsByWebsite.get(name) ?? []);
+		const existingDomains = existingDomainsByWebsite.get(name) ?? [];
+		const existingSet = new Set(existingDomains.map((d) => d.domain));
+		const sdkOwnedDomains = new Set(existingDomains.filter((d) => isOwnedByApp(d.allLabels, application.name, application.id)).map((d) => d.domain));
+		for (const domain of desired) if (!existingSet.has(domain)) {
+			const metaRequest = await buildMetaRequest({
+				trn: customDomainTrn(workspaceId, name, domain),
+				appName: application.name,
+				appId: application.id
+			});
+			customDomainChangeSet.creates.push({
+				name: domain,
+				request: {
+					workspaceId,
+					staticWebsiteName: name,
+					domain
+				},
+				metaRequest
+			});
+		} else customDomainChangeSet.unchanged.push({ name: domain });
+		if (desiredDomainsByWebsite.has(name)) {
+			for (const domain of sdkOwnedDomains) if (!desired.has(domain)) customDomainChangeSet.deletes.push({
+				name: domain,
+				request: {
+					workspaceId,
+					domain
+				}
+			});
+		}
+	}
 	return {
 		changeSet,
+		customDomainChangeSet,
 		conflicts,
 		unmanaged,
 		resourceOwners
@@ -6594,8 +6647,7 @@ function getMigrationFiles(migrationsDir) {
 			path: diffPath
 		});
 	}
-	migrations.sort((a, b) => a.number - b.number);
-	return migrations;
+	return migrations.toSorted((a, b) => a.number - b.number);
 }
 /**
 * Get the next migration number for a directory
@@ -7204,7 +7256,7 @@ function validateMigrationFiles(migrationsDir) {
 		message: `Schema file found at migration ${formatMigrationNumber(num)}, but schema should only exist at ${formatMigrationNumber(0)}`,
 		migrationNumber: num
 	});
-	const allNumbers = [...new Set([...schemaFiles, ...diffFiles])].sort((a, b) => a - b);
+	const allNumbers = [...new Set([...schemaFiles, ...diffFiles])].toSorted((a, b) => a - b);
 	if (allNumbers.length === 0) return errors;
 	for (const num of schemaFiles) if (num !== 0 && diffFiles.includes(num)) errors.push({
 		type: "duplicate",
@@ -7413,6 +7465,70 @@ function formatSchemaDrifts(drifts) {
 //#endregion
 //#region src/cli/commands/tailordb/migrate/snapshot-manifest.ts
 /**
+* Snapshot-based Proto manifest generation for TailorDB migrations
+*
+* This module provides utilities for generating TailorDB proto manifests
+* directly from schema snapshots, enabling migration-based deployments
+* without relying on local TypeScript definitions.
+*/
+/**
+* Generate a TailorDB type manifest from a snapshot type
+* @param {TailorDBSnapshotType} snapshotType - Snapshot type to generate manifest from
+* @param {GenerateManifestOptions} options - Generation options
+* @returns {MessageInitShape<typeof TailorDBTypeSchema>} Type manifest
+*/
+function generateTailorDBTypeManifestFromSnapshot(snapshotType, options = {}) {
+	const pluralForm = inflection.camelize(snapshotType.pluralForm, true);
+	const defaultSettings = {
+		aggregation: snapshotType.settings?.aggregation ?? false,
+		bulkUpsert: snapshotType.settings?.bulkUpsert ?? false,
+		draft: false,
+		defaultQueryLimitSize: 100n,
+		maxBulkUpsertSize: 1000n,
+		pluralForm,
+		publishRecordEvents: snapshotType.settings?.publishEvents ?? options.publishRecordEvents ?? false
+	};
+	const ops = snapshotType.settings?.gqlOperations ?? options.namespaceGqlOperations;
+	if (ops) defaultSettings.disableGqlOperations = {
+		create: ops.create === false,
+		update: ops.update === false,
+		delete: ops.delete === false,
+		read: ops.read === false
+	};
+	const fields = {};
+	for (const [fieldName, fieldConfig] of Object.entries(snapshotType.fields)) {
+		if (fieldName === "id") continue;
+		fields[fieldName] = convertFieldConfigToProto(fieldConfig);
+	}
+	const relationships = {};
+	if (snapshotType.forwardRelationships) for (const [relationName, rel] of Object.entries(snapshotType.forwardRelationships)) relationships[relationName] = convertRelationshipToProto(rel, "forward");
+	if (snapshotType.backwardRelationships) for (const [relationName, rel] of Object.entries(snapshotType.backwardRelationships)) relationships[relationName] = convertRelationshipToProto(rel, "backward");
+	const indexes = {};
+	if (snapshotType.indexes) for (const [indexName, indexConfig] of Object.entries(snapshotType.indexes)) indexes[indexName] = convertIndexToProto(indexConfig);
+	const files = {};
+	if (snapshotType.files) for (const [fileName, description] of Object.entries(snapshotType.files)) files[fileName] = { description: description || "" };
+	const permission = snapshotType.permissions?.record ? convertRecordPermissionToProto(snapshotType.permissions.record) : {
+		create: [],
+		read: [],
+		update: [],
+		delete: []
+	};
+	return {
+		name: snapshotType.name,
+		schema: {
+			description: snapshotType.description || "",
+			fields,
+			relationships,
+			settings: defaultSettings,
+			extends: false,
+			directives: [],
+			indexes,
+			files,
+			permission
+		}
+	};
+}
+/**
 * Convert a snapshot field config to proto format
 * @param {SnapshotFieldConfig} config - Snapshot field config
 * @returns {MessageInitShape<typeof TailorDBType_FieldConfigSchema>} Proto field config
@@ -7501,6 +7617,141 @@ function processNestedFieldsFromSnapshot(fields) {
 	};
 	return nestedFields;
 }
+/**
+* Convert a snapshot relationship to proto format
+* @param {SnapshotRelationship} rel - Snapshot relationship
+* @param {"forward" | "backward"} direction - Relationship direction
+* @returns {MessageInitShape<typeof TailorDBType_RelationshipConfigSchema>} Proto relationship config
+*/
+function convertRelationshipToProto(rel, direction) {
+	if (direction === "forward") return {
+		refType: rel.targetType,
+		refField: rel.sourceField,
+		srcField: rel.targetField,
+		array: rel.isArray,
+		description: rel.description
+	};
+	return {
+		refType: rel.targetType,
+		refField: rel.targetField,
+		srcField: rel.sourceField,
+		array: rel.isArray,
+		description: rel.description
+	};
+}
+/**
+* Convert a snapshot index config to proto format
+* @param {SnapshotIndexConfig} indexConfig - Snapshot index config
+* @returns {MessageInitShape<typeof TailorDBType_IndexSchema>} Proto index config
+*/
+function convertIndexToProto(indexConfig) {
+	return {
+		fieldNames: indexConfig.fields,
+		unique: indexConfig.unique ?? false
+	};
+}
+/**
+* Convert a snapshot record permission to proto format
+* @param {SnapshotRecordPermission} permission - Snapshot record permission
+* @returns {MessageInitShape<typeof TailorDBType_PermissionSchema>} Proto permission
+*/
+function convertRecordPermissionToProto(permission) {
+	return {
+		create: permission.create.map(convertActionPermissionToProto),
+		read: permission.read.map(convertActionPermissionToProto),
+		update: permission.update.map(convertActionPermissionToProto),
+		delete: permission.delete.map(convertActionPermissionToProto)
+	};
+}
+/**
+* Convert a snapshot action permission to proto format
+* @param {SnapshotActionPermission} policy - Snapshot action permission
+* @returns {MessageInitShape<typeof TailorDBType_Permission_PolicySchema>} Proto policy
+*/
+function convertActionPermissionToProto(policy) {
+	let permit;
+	switch (policy.permit) {
+		case "allow":
+			permit = TailorDBType_Permission_Permit.ALLOW;
+			break;
+		case "deny":
+			permit = TailorDBType_Permission_Permit.DENY;
+			break;
+		default: throw new Error(`Unknown permission: ${policy.permit}`);
+	}
+	return {
+		conditions: policy.conditions.map(convertConditionToProto),
+		permit,
+		description: policy.description
+	};
+}
+/**
+* Convert a snapshot permission condition to proto format
+* @param {SnapshotPermissionCondition} condition - Snapshot permission condition
+* @returns {MessageInitShape<typeof TailorDBType_Permission_ConditionSchema>} Proto condition
+*/
+function convertConditionToProto(condition) {
+	const [left, operator, right] = condition;
+	const l = convertOperandToProto(left);
+	const r = convertOperandToProto(right);
+	let op;
+	switch (operator) {
+		case "eq":
+			op = TailorDBType_Permission_Operator.EQ;
+			break;
+		case "ne":
+			op = TailorDBType_Permission_Operator.NE;
+			break;
+		case "in":
+			op = TailorDBType_Permission_Operator.IN;
+			break;
+		case "nin":
+			op = TailorDBType_Permission_Operator.NIN;
+			break;
+		case "hasAny":
+			op = TailorDBType_Permission_Operator.HAS_ANY;
+			break;
+		case "nhasAny":
+			op = TailorDBType_Permission_Operator.NHAS_ANY;
+			break;
+		default: throw new Error(`Unknown operator: ${operator}`);
+	}
+	return {
+		left: l,
+		operator: op,
+		right: r
+	};
+}
+/**
+* Convert a snapshot permission operand to proto format
+* @param {SnapshotPermissionOperand} operand - Snapshot permission operand
+* @returns {MessageInitShape<typeof TailorDBType_Permission_OperandSchema>} Proto operand
+*/
+function convertOperandToProto(operand) {
+	if (isSnapshotFieldRefOperand(operand)) {
+		if ("user" in operand) return { kind: {
+			case: "userField",
+			value: operand.user
+		} };
+		if ("record" in operand) return { kind: {
+			case: "recordField",
+			value: operand.record
+		} };
+		if ("newRecord" in operand) return { kind: {
+			case: "newRecordField",
+			value: operand.newRecord
+		} };
+		if ("oldRecord" in operand) return { kind: {
+			case: "oldRecordField",
+			value: operand.oldRecord
+		} };
+		throw new Error(`Unknown field-ref operand shape: ${JSON.stringify(operand)}`);
+	}
+	return { kind: {
+		case: "value",
+		value: fromJson(ValueSchema, operand)
+	} };
+}
 
 //#endregion
 //#region src/cli/commands/tailordb/migrate/pre-migration-schema.ts
@@ -7655,6 +7906,7 @@ async function bundleMigrationScript(sourceFile, namespace, migrationNumber, env
 		namespace,
 		migrationNumber,
 		bundledCode: (await rolldown.build({
+			plugins: [platformBundleDefinePlugin],
 			input: entryPath,
 			write: false,
 			output: {
@@ -7812,7 +8064,7 @@ function installSignalHook() {
 	if (signalHookInstalled) return;
 	signalHookInstalled = true;
 	const handler = () => {
-		for (const s of [...activeSpinners]) s.stop();
+		for (const s of activeSpinners) s.stop();
 	};
 	process.prependListener("SIGINT", handler);
 	process.prependListener("SIGTERM", handler);
@@ -7952,7 +8204,7 @@ function spinner(options) {
 */
 async function getCurrentMigrationNumber(client, workspaceId, namespace) {
 	try {
-		const trn = `${trnPrefix(workspaceId)}:tailordb:${namespace}`;
+		const trn = resourceTrn(workspaceId, "tailordb", namespace);
 		const { metadata } = await client.getMetadata({ trn });
 		const label = metadata?.labels[MIGRATION_LABEL_KEY];
 		if (!label) return 0;
@@ -7995,11 +8247,10 @@ async function detectPendingMigrations(client, workspaceId, namespacesWithMigrat
 			});
 		}
 	}
-	pendingMigrations.sort((a, b) => {
+	return pendingMigrations.toSorted((a, b) => {
 		if (a.namespace !== b.namespace) return a.namespace.localeCompare(b.namespace);
 		return a.number - b.number;
 	});
-	return pendingMigrations;
 }
 /**
 * Execute a single migration script
@@ -8033,7 +8284,7 @@ async function executeSingleMigration(options, migration) {
 * @returns {Promise<void>}
 */
 async function updateMigrationLabel(client, workspaceId, namespace, migrationNumber) {
-	const trn = `${trnPrefix(workspaceId)}:tailordb:${namespace}`;
+	const trn = resourceTrn(workspaceId, "tailordb", namespace);
 	const { metadata } = await client.getMetadata({ trn });
 	const existingLabels = metadata?.labels ?? {};
 	const newLabel = `m${formatMigrationNumber(migrationNumber)}`;
@@ -8148,7 +8399,7 @@ async function fetchRemoteTypes(client, workspaceId, namespace) {
 */
 async function getRemoteMigrationNumber(client, workspaceId, namespace) {
 	try {
-		const trn = `${trnPrefix(workspaceId)}:tailordb:${namespace}`;
+		const trn = resourceTrn(workspaceId, "tailordb", namespace);
 		const { metadata } = await client.getMetadata({ trn });
 		const label = metadata?.labels?.["sdk-migration"];
 		if (!label) return null;
@@ -8464,7 +8715,11 @@ const migrationSnapshotCache = {
 function buildSnapshotTypeManifest(migration, typeName, tailorDBInputs, executorUsedTypes) {
 	const snapshotType = migrationSnapshotCache.load(migration).types[typeName];
 	if (!snapshotType) return void 0;
-	return generateTailorDBTypeManifest(snapshotType, executorUsedTypes, tailorDBInputs.find((i) => i.namespace === migration.namespace)?.config.gqlOperations);
+	const input = tailorDBInputs.find((i) => i.namespace === migration.namespace);
+	return generateTailorDBTypeManifestFromSnapshot(snapshotType, {
+		publishRecordEvents: executorUsedTypes.has(snapshotType.name),
+		namespaceGqlOperations: input?.config.gqlOperations
+	});
 }
 /**
 * Execute pre-migration phase for a single migration
@@ -8702,9 +8957,6 @@ function formatTailorDBResourceChangeEntries(typeChangeSet, gqlPermissionChangeS
 		...collectTailorDBDisplayEntries("replace", typeChangeSet.replaces, gqlPermissionChangeSet.replaces)
 	];
 }
-function trn(workspaceId, name) {
-	return `${trnPrefix(workspaceId)}:tailordb:${name}`;
-}
 function normalizeComparableTailorDBService(service) {
 	return normalizeProtoConfig({
 		namespace: service.namespace,
@@ -8741,7 +8993,7 @@ async function planServices(client, workspaceId, appName, appId, tailordbs) {
 	const existingServices = {};
 	await Promise.all(withoutLabel.map(async (resource) => {
 		if (!resource.namespace?.name) return;
-		const { metadata } = await client.getMetadata({ trn: trn(workspaceId, resource.namespace.name) });
+		const { metadata } = await client.getMetadata({ trn: resourceTrn(workspaceId, "tailordb", resource.namespace.name) });
 		existingServices[resource.namespace.name] = {
 			resource,
 			label: metadata?.labels[sdkNameLabelKey],
@@ -8751,7 +9003,7 @@ async function planServices(client, workspaceId, appName, appId, tailordbs) {
 	for (const tailordb of tailordbs) {
 		const existing = existingServices[tailordb.namespace];
 		const metaRequest = await buildMetaRequest({
-			trn: trn(workspaceId, tailordb.namespace),
+			trn: resourceTrn(workspaceId, "tailordb", tailordb.namespace),
 			appName,
 			appId,
 			existingLabels: existing?.allLabels
@@ -8833,7 +9085,10 @@ async function planTypes(client, workspaceId, tailordbs, executorUsedTypes, dele
 		const existingTypesMap = new Map(existingTypes.map((type) => [type.name, type]));
 		const types = filteredTypesByNamespace?.get(tailordb.namespace) ?? tailordb.types;
 		for (const typeName of Object.keys(types)) {
-			const tailordbType = generateTailorDBTypeManifest(types[typeName], executorUsedTypes, tailordb.config.gqlOperations);
+			const tailordbType = generateTailorDBTypeManifestFromSnapshot(types[typeName], {
+				publishRecordEvents: executorUsedTypes.has(typeName),
+				namespaceGqlOperations: tailordb.config.gqlOperations
+			});
 			const existingType = existingTypesMap.get(typeName);
 			if (existingType) {
 				if (!forceApplyAll && areNormalizedEqual(normalizeComparableTailorDBType(existingType), normalizeComparableTailorDBType(tailordbType))) changeSet.unchanged.push({ name: typeName });
@@ -8950,247 +9205,6 @@ function matchesNumericStringPath(path) {
 function isNumericLikeValue(value) {
 	return typeof value === "number" || typeof value === "bigint" || /^-?\d+$/.test(value);
 }
-/**
-* Generate a TailorDB type manifest from snapshot-shaped type
-* @param {TailorDBSnapshotType} type - Snapshot-shaped TailorDB type
-* @param {ReadonlySet<string>} executorUsedTypes - Set of types used by executors
-* @param {GqlOperations} [namespaceGqlOperations] - Default gqlOperations for the namespace (already normalized)
-* @returns {MessageInitShape<typeof TailorDBTypeSchema>} Type manifest
-*/
-function generateTailorDBTypeManifest(type, executorUsedTypes, namespaceGqlOperations) {
-	const pluralForm = inflection.camelize(type.pluralForm, true);
-	const defaultSettings = {
-		aggregation: type.settings?.aggregation || false,
-		bulkUpsert: type.settings?.bulkUpsert || false,
-		draft: false,
-		defaultQueryLimitSize: 100n,
-		maxBulkUpsertSize: 1000n,
-		pluralForm,
-		publishRecordEvents: false
-	};
-	if (type.settings?.publishEvents !== void 0) defaultSettings.publishRecordEvents = type.settings.publishEvents;
-	else if (executorUsedTypes.has(type.name)) defaultSettings.publishRecordEvents = true;
-	const ops = type.settings?.gqlOperations ?? namespaceGqlOperations;
-	if (ops) defaultSettings.disableGqlOperations = {
-		create: ops.create === false,
-		update: ops.update === false,
-		delete: ops.delete === false,
-		read: ops.read === false
-	};
-	const fields = {};
-	Object.keys(type.fields).filter((fieldName) => fieldName !== "id").forEach((fieldName) => {
-		const fieldConfig = type.fields[fieldName];
-		const fieldType = fieldConfig.type;
-		const fieldEntry = {
-			type: fieldType,
-			allowedValues: fieldType === "enum" ? fieldConfig.allowedValues || [] : [],
-			description: fieldConfig.description || "",
-			validate: toProtoFieldValidate(fieldConfig),
-			array: fieldConfig.array || false,
-			index: fieldConfig.index || false,
-			unique: fieldConfig.unique || false,
-			foreignKey: fieldConfig.foreignKey || false,
-			foreignKeyType: fieldConfig.foreignKeyType,
-			foreignKeyField: fieldConfig.foreignKeyField,
-			required: fieldConfig.required,
-			vector: fieldConfig.vector || false,
-			...toProtoFieldHooks(fieldConfig),
-			...fieldConfig.serial && { serial: {
-				start: fieldConfig.serial.start,
-				...fieldConfig.serial.maxValue && { maxValue: fieldConfig.serial.maxValue },
-				...fieldConfig.serial.format && { format: fieldConfig.serial.format }
-			} },
-			...fieldConfig.scale !== void 0 && { scale: fieldConfig.scale }
-		};
-		if (fieldConfig.type === "nested" && fieldConfig.fields) fieldEntry.fields = processNestedFields(fieldConfig.fields);
-		fields[fieldName] = fieldEntry;
-	});
-	const relationships = {};
-	for (const [relationName, rel] of Object.entries(type.forwardRelationships ?? {})) relationships[relationName] = {
-		refType: rel.targetType,
-		refField: rel.sourceField,
-		srcField: rel.targetField,
-		array: rel.isArray,
-		description: rel.description
-	};
-	for (const [relationName, rel] of Object.entries(type.backwardRelationships ?? {})) relationships[relationName] = {
-		refType: rel.targetType,
-		refField: rel.targetField,
-		srcField: rel.sourceField,
-		array: rel.isArray,
-		description: rel.description
-	};
-	const indexes = {};
-	if (type.indexes) Object.entries(type.indexes).forEach(([key, index]) => {
-		indexes[key] = {
-			fieldNames: index.fields,
-			unique: index.unique || false
-		};
-	});
-	const files = {};
-	if (type.files) Object.entries(type.files).forEach(([key, description]) => {
-		files[key] = { description: description || "" };
-	});
-	const permission = type.permissions?.record ? protoPermission(type.permissions.record) : {
-		create: [],
-		read: [],
-		update: [],
-		delete: []
-	};
-	return {
-		name: type.name,
-		schema: {
-			description: type.description || "",
-			fields,
-			relationships,
-			settings: defaultSettings,
-			extends: false,
-			directives: [],
-			indexes,
-			files,
-			permission
-		}
-	};
-}
-function toProtoFieldValidate(fieldConfig) {
-	return (fieldConfig.validate || []).map((val) => ({
-		action: TailorDBType_PermitAction.DENY,
-		errorMessage: val.errorMessage || "",
-		...val.script && { script: { expr: val.script.expr ? `!${val.script.expr}` : "" } }
-	}));
-}
-function toProtoFieldHooks(fieldConfig) {
-	if (!fieldConfig.hooks) return {};
-	return { hooks: {
-		create: fieldConfig.hooks.create ? { expr: fieldConfig.hooks.create.expr || "" } : void 0,
-		update: fieldConfig.hooks.update ? { expr: fieldConfig.hooks.update.expr || "" } : void 0
-	} };
-}
-function processNestedFields(fields) {
-	const nestedFields = {};
-	Object.entries(fields).forEach(([nestedFieldName, nestedFieldConfig]) => {
-		const nestedType = nestedFieldConfig.type;
-		if (nestedType === "nested" && nestedFieldConfig.fields) {
-			const deepNestedFields = processNestedFields(nestedFieldConfig.fields);
-			nestedFields[nestedFieldName] = {
-				type: "nested",
-				allowedValues: nestedFieldConfig.allowedValues || [],
-				description: nestedFieldConfig.description || "",
-				validate: toProtoFieldValidate(nestedFieldConfig),
-				required: nestedFieldConfig.required,
-				array: nestedFieldConfig.array ?? false,
-				index: false,
-				unique: false,
-				foreignKey: false,
-				vector: false,
-				...toProtoFieldHooks(nestedFieldConfig),
-				fields: deepNestedFields,
-				...nestedFieldConfig.scale !== void 0 && { scale: nestedFieldConfig.scale }
-			};
-		} else nestedFields[nestedFieldName] = {
-			type: nestedType,
-			allowedValues: nestedType === "enum" ? nestedFieldConfig.allowedValues || [] : [],
-			description: nestedFieldConfig.description || "",
-			validate: toProtoFieldValidate(nestedFieldConfig),
-			required: nestedFieldConfig.required,
-			array: nestedFieldConfig.array ?? false,
-			index: false,
-			unique: false,
-			foreignKey: false,
-			vector: false,
-			...toProtoFieldHooks(nestedFieldConfig),
-			...nestedFieldConfig.serial && { serial: {
-				start: nestedFieldConfig.serial.start,
-				...nestedFieldConfig.serial.maxValue && { maxValue: nestedFieldConfig.serial.maxValue },
-				...nestedFieldConfig.serial.format && { format: nestedFieldConfig.serial.format }
-			} },
-			...nestedFieldConfig.scale !== void 0 && { scale: nestedFieldConfig.scale }
-		};
-	});
-	return nestedFields;
-}
-function protoPermission(permission) {
-	return {
-		create: permission.create.map((policy) => protoPolicy(policy)),
-		read: permission.read.map((policy) => protoPolicy(policy)),
-		update: permission.update.map((policy) => protoPolicy(policy)),
-		delete: permission.delete.map((policy) => protoPolicy(policy))
-	};
-}
-function protoPolicy(policy) {
-	let permit;
-	switch (policy.permit) {
-		case "allow":
-			permit = TailorDBType_Permission_Permit.ALLOW;
-			break;
-		case "deny":
-			permit = TailorDBType_Permission_Permit.DENY;
-			break;
-		default: throw new Error(`Unknown permission: ${policy.permit}`);
-	}
-	return {
-		conditions: policy.conditions.map((cond) => protoCondition(cond)),
-		permit,
-		description: policy.description
-	};
-}
-function protoCondition(condition) {
-	const [left, operator, right] = condition;
-	const l = protoOperand(left);
-	const r = protoOperand(right);
-	let op;
-	switch (operator) {
-		case "eq":
-			op = TailorDBType_Permission_Operator.EQ;
-			break;
-		case "ne":
-			op = TailorDBType_Permission_Operator.NE;
-			break;
-		case "in":
-			op = TailorDBType_Permission_Operator.IN;
-			break;
-		case "nin":
-			op = TailorDBType_Permission_Operator.NIN;
-			break;
-		case "hasAny":
-			op = TailorDBType_Permission_Operator.HAS_ANY;
-			break;
-		case "nhasAny":
-			op = TailorDBType_Permission_Operator.NHAS_ANY;
-			break;
-		default: throw new Error(`Unknown operator: ${operator}`);
-	}
-	return {
-		left: l,
-		operator: op,
-		right: r
-	};
-}
-function protoOperand(operand) {
-	if (isSnapshotFieldRefOperand(operand)) {
-		if ("user" in operand) return { kind: {
-			case: "userField",
-			value: operand.user
-		} };
-		if ("record" in operand) return { kind: {
-			case: "recordField",
-			value: operand.record
-		} };
-		if ("newRecord" in operand) return { kind: {
-			case: "newRecordField",
-			value: operand.newRecord
-		} };
-		if ("oldRecord" in operand) return { kind: {
-			case: "oldRecordField",
-			value: operand.oldRecord
-		} };
-		throw new Error(`Unknown field-ref operand shape: ${JSON.stringify(operand)}`);
-	}
-	return { kind: {
-		case: "value",
-		value: fromJson(ValueSchema, operand)
-	} };
-}
 async function planGqlPermissions(client, workspaceId, tailordbs, deletedServices, forceApplyAll = false) {
 	const changeSet = createChangeSet("TailorDB gqlPermissions");
 	const fetchGqlPermissions = (namespaceName) => {
@@ -9269,7 +9283,7 @@ async function planGqlPermissions(client, workspaceId, tailordbs, deletedService
 function normalizeComparableGqlPermission(permission) {
 	return { policies: (normalizeProtoConfig(permission)?.policies ?? []).map((policy) => ({
 		...policy,
-		actions: [...policy.actions ?? []].sort((left, right) => left - right)
+		actions: (policy.actions ?? []).toSorted((left, right) => left - right)
 	})) };
 }
 function protoGqlPermission(permission) {
@@ -9518,7 +9532,7 @@ async function registerJobFunctions(client, changeSet, appName, appId, unchanged
 				scriptRef: workflowJobFunctionName(jobName)
 			});
 			await client.setMetadata(await buildMetaRequest({
-				trn: jobFunctionTrn(workspaceId, jobName),
+				trn: resourceTrn(workspaceId, "workflow_job_function", jobName),
 				appName,
 				appId
 			}));
@@ -9531,9 +9545,9 @@ async function registerJobFunctions(client, changeSet, appName, appId, unchanged
 	}
 	const unusedJobFunctions = existingJobFunctions.filter((jobName) => !allUsedJobNames.has(jobName));
 	await Promise.all(unusedJobFunctions.map(async (jobName) => {
-		const { metadata } = await client.getMetadata({ trn: jobFunctionTrn(workspaceId, jobName) });
+		const { metadata } = await client.getMetadata({ trn: resourceTrn(workspaceId, "workflow_job_function", jobName) });
 		if (isOwnedByApp(metadata?.labels, appName, appId)) await client.setMetadata({
-			trn: jobFunctionTrn(workspaceId, jobName),
+			trn: resourceTrn(workspaceId, "workflow_job_function", jobName),
 			labels: { [sdkNameLabelKey]: "" }
 		});
 	}));
@@ -9559,12 +9573,6 @@ function toRetryPolicy(policy) {
 function toConcurrencyPolicy(policy) {
 	return { maxConcurrentExecutions: policy.maxConcurrentExecutions };
 }
-function workflowTrn$1(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:workflow:${name}`;
-}
-function jobFunctionTrn(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:workflow_job_function:${name}`;
-}
 /**
 * Plan workflow changes and job functions based on current and desired state.
 * @param client - Operator client instance
@@ -9594,12 +9602,12 @@ async function planWorkflow(client, workspaceId, appName, appId, workflows, main
 			return [response.workflows, response.nextPageToken];
 		},
 		getName: (resource) => resource.name,
-		getTrn: workflowTrn$1
+		getTrn: (workspaceId, name) => resourceTrn(workspaceId, "workflow", name)
 	});
 	for (const workflow of Object.values(workflows)) {
 		const existing = existingWorkflows[workflow.name];
 		const metaRequest = await buildMetaRequest({
-			trn: workflowTrn$1(workspaceId, workflow.name),
+			trn: resourceTrn(workspaceId, "workflow", workflow.name),
 			appName,
 			appId
 		});
@@ -9704,12 +9712,12 @@ function normalizeComparableConcurrencyPolicy(policy) {
 	return { maxConcurrentExecutions: policy.maxConcurrentExecutions };
 }
 function normalizeComparableWorkflowJobNames(jobFunctions) {
-	return Array.isArray(jobFunctions) ? [...jobFunctions].sort() : Object.keys(jobFunctions ?? {}).sort();
+	return Array.isArray(jobFunctions) ? jobFunctions.toSorted() : Object.keys(jobFunctions ?? {}).toSorted();
 }
 function getExistingWorkflowJobNames(existing) {
 	const jobNames = new Set(Object.keys(existing.jobFunctions ?? {}));
 	if (existing.mainJobFunctionName) jobNames.add(existing.mainJobFunctionName);
-	return [...jobNames].sort();
+	return [...jobNames].toSorted();
 }
 function normalizeRetryPolicyForCompare(policy) {
 	return {
@@ -9728,36 +9736,6 @@ function normalizeRetryPolicyForCompare(policy) {
 
 //#endregion
 //#region src/cli/commands/deploy/deploy.ts
-function applicationTrn(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:application:${name}`;
-}
-function functionRegistryTrn(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:function_registry:${name}`;
-}
-function pipelineTrn(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:pipeline:${name}`;
-}
-function idpTrn(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:idp:${name}`;
-}
-function authTrn(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:auth:${name}`;
-}
-function executorTrn(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:executor:${name}`;
-}
-function workflowTrn(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:workflow:${name}`;
-}
-function staticWebsiteTrn(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:staticwebsite:${name}`;
-}
-function tailorDBTrn(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:tailordb:${name}`;
-}
-function vaultTrn(workspaceId, name) {
-	return `trn:v1:workspace:${workspaceId}:vault:${name}`;
-}
 /**
 * Resolve the set of IdP names that have at least one executor subscribed to
 * their user events. When an executor's idpUser trigger omits the `idp` option
@@ -9779,36 +9757,36 @@ function collectIdpUserTriggerTargets(application) {
 }
 async function shouldForceApplyAll(client, workspaceId, application, functionEntries) {
 	const desiredLabels = (await buildMetaRequest({
-		trn: applicationTrn(workspaceId, application.name),
+		trn: resourceTrn(workspaceId, "application", application.name),
 		appName: application.name,
 		appId: application.id
 	})).labels;
 	const candidateTrns = /* @__PURE__ */ new Set();
-	if (application.subgraphs.length > 0) candidateTrns.add(applicationTrn(workspaceId, application.name));
+	if (application.subgraphs.length > 0) candidateTrns.add(resourceTrn(workspaceId, "application", application.name));
 	application.staticWebsiteServices.forEach((website) => {
-		candidateTrns.add(staticWebsiteTrn(workspaceId, website.name));
+		candidateTrns.add(resourceTrn(workspaceId, "staticwebsite", website.name));
 	});
 	application.resolverServices.forEach((pipeline) => {
-		candidateTrns.add(pipelineTrn(workspaceId, pipeline.namespace));
+		candidateTrns.add(resourceTrn(workspaceId, "pipeline", pipeline.namespace));
 	});
 	application.idpServices.forEach((idp) => {
-		candidateTrns.add(idpTrn(workspaceId, idp.name));
+		candidateTrns.add(resourceTrn(workspaceId, "idp", idp.name));
 	});
-	if (application.authService) candidateTrns.add(authTrn(workspaceId, application.authService.config.name));
+	if (application.authService) candidateTrns.add(resourceTrn(workspaceId, "auth", application.authService.config.name));
 	Object.values(application.executorService?.executors ?? {}).forEach((executor) => {
-		candidateTrns.add(executorTrn(workspaceId, executor.name));
+		candidateTrns.add(resourceTrn(workspaceId, "executor", executor.name));
 	});
 	Object.values(application.workflowService?.workflows ?? {}).forEach((workflow) => {
-		candidateTrns.add(workflowTrn(workspaceId, workflow.name));
+		candidateTrns.add(resourceTrn(workspaceId, "workflow", workflow.name));
 	});
 	application.tailorDBServices.forEach((service) => {
-		candidateTrns.add(tailorDBTrn(workspaceId, service.namespace));
+		candidateTrns.add(resourceTrn(workspaceId, "tailordb", service.namespace));
 	});
 	application.secrets.forEach((vault) => {
-		candidateTrns.add(vaultTrn(workspaceId, vault.vaultName));
+		candidateTrns.add(resourceTrn(workspaceId, "vault", vault.vaultName));
 	});
 	functionEntries.forEach((entry) => {
-		candidateTrns.add(functionRegistryTrn(workspaceId, entry.name));
+		candidateTrns.add(resourceTrn(workspaceId, "function_registry", entry.name));
 	});
 	for (const trn of candidateTrns) try {
 		const { metadata } = await client.getMetadata({ trn });
@@ -9865,6 +9843,7 @@ function printPlanResults(results) {
 	const idpServiceActions = extractServiceActions(results.idp.changeSet.service);
 	const authServiceActions = extractServiceActions(results.auth.changeSet.service);
 	results.staticWebsite.changeSet.print();
+	results.staticWebsite.customDomainChangeSet.print();
 	results.app.print();
 	printGroupedDisplaySection("TailorDB", tailorDBEntries, tailorDBServiceActions);
 	printGroupedDisplaySection("Resolver", pipelineEntries, pipelineServiceActions);
@@ -9914,6 +9893,7 @@ function summarizePlanResults(results, displayEntries, serviceActions) {
 	const nonGrouped = summarizeChangeSets([
 		otherChanges,
 		results.staticWebsite.changeSet,
+		results.staticWebsite.customDomainChangeSet,
 		results.app,
 		results.secretManager.vaultChangeSet,
 		results.secretManager.secretChangeSet
@@ -14488,7 +14468,7 @@ async function generate(options) {
 	if (options.init) await handleInitOption(namespacesWithMigrations, options.yes);
 	let pluginManager;
 	if (plugins.length > 0) pluginManager = new PluginManager(plugins);
-	const { defineApplication } = await import("./application-x_mURdR0.mjs");
+	const { defineApplication } = await import("./application-VOdgMtOD.mjs");
 	const application = defineApplication({
 		config,
 		pluginManager
@@ -15821,6 +15801,7 @@ async function bundleQueryScript(engine) {
 		tsconfig = void 0;
 	}
 	return (await rolldown.build({
+		plugins: [platformBundleDefinePlugin],
 		input: entryPath,
 		write: false,
 		output: {
@@ -16347,7 +16328,7 @@ async function runRepl(options) {
 	const execute = await prepareQueryExecutor(options);
 	const historyPath = getReplHistoryPath(options.engine, options.profile, options.workspaceId);
 	const validate = createReplValidator(options.engine);
-	const { highlightSqlLine, highlightGraphqlLine, replTransform } = await import("./repl-editor-ihh8koiR.mjs");
+	const { highlightSqlLine, highlightGraphqlLine, replTransform } = await import("./repl-editor-Y9QJDL0K.mjs");
 	const highlight = options.engine === "sql" ? highlightSqlLine : highlightGraphqlLine;
 	const prompt = createPrompt({
 		prefix: "",
@@ -16680,5 +16661,5 @@ function isDeno() {
 }
 
 //#endregion
-export { listCommand$5 as $, compareSnapshots as $t, truncate as A, toPageDirection as An, startCommand as At, logBetaWarning as B, getExecutor as Bt, listCommand$2 as C, commonArgs as Cn, triggerExecutor as Ct, resumeWorkflow as D, isVerbose as Dn, jobsCommand as Dt, resumeCommand as E, deploymentArgs as En, getExecutorJob as Et, writeDbTypesFile as F, getWorkflowExecution as Ft, organizationTree as G, parseMigrationLabelNumber as Gt, removeCommand$1 as H, executeScript as Ht, getConfiguredEditorCommand as I, listWorkflowExecutions as It, listOrganizations as J, DIFF_FILE_NAME as Jt, treeCommand as K, bundleMigrationScript as Kt, openInConfiguredEditor as L, functionExecutionStatusToString as Lt, generate as M, getCommand$5 as Mt, generateCommand as N, getWorkflow as Nt, listCommand$3 as O, pagedLogArgs as On, listExecutorJobs as Ot, generateMigrationScript as P, executionsCommand as Pt, updateFolder as Q, compareLocalTypesWithSnapshot as Qt, show as R, formatKeyValueTable as Rt, listApps as S, defineAppCommand as Sn, triggerCommand as St, healthCommand as T, confirmationArgs as Tn, listExecutors as Tt, updateCommand$1 as U, waitForExecution$1 as Ut, remove as V, deploy as Vt, updateOrganization as W, MIGRATION_LABEL_KEY as Wt, getOrganization as X, MIGRATE_FILE_NAME as Xt, getCommand$1 as Y, INITIAL_SCHEMA_NUMBER as Yt, updateCommand$2 as Z, SCHEMA_FILE_NAME as Zt, getWorkspace as _, generateUserTypes as _n, listFunctionRegistries as _t, updateUser as a, getNextMigrationNumber as an, createCommand$1 as at, createCommand as b, apiCall as bn, listWebhookExecutors as bt, listCommand as c, reconstructSnapshotFromMigrations as cn, listOAuth2Clients as ct, inviteUser as d, formatMigrationDiff as dn, getMachineUserToken as dt, createSnapshotFromLocalTypes as en, listFolders as et, restoreCommand as f, hasChanges as fn, tokenCommand as ft, getCommand as g, PluginManager as gn, listCommand$8 as gt, listWorkspaces as h, trnPrefix as hn, generate$1 as ht, updateCommand as i, getMigrationFiles as in, deleteFolder as it, truncateCommand as j, workspaceArgs as jn, startWorkflow as jt, listWorkflows as k, paginationArgs as kn, watchExecutorJob as kt, listUsers as l, formatMigrationNumber as ln, getCommand$3 as lt, listCommand$1 as m, sdkNameLabelKey as mn, listMachineUsers as mt, query as n, getMigrationDirPath as nn, getFolder as nt, removeCommand as o, isValidMigrationNumber as on, createFolder as ot, restoreWorkspace as p, getNamespacesWithMigrations as pn, listCommand$7 as pt, listCommand$4 as q, DB_TYPES_FILE_NAME as qt, queryCommand as r, getMigrationFilePath as rn, deleteCommand$1 as rt, removeUser as s, loadDiff as sn, listCommand$6 as st, isNativeTypeScriptRuntime as t, getLatestMigrationNumber as tn, getCommand$2 as tt, inviteCommand as u, formatDiffSummary as un, getOAuth2Client as ut, deleteCommand as v, prompt as vn, getCommand$4 as vt, getAppHealth as w, configArg as wn, listCommand$9 as wt, createWorkspace as x, assertWritable as xn, webhookCommand as xt, deleteWorkspace as y, apiCommand as yn, getFunctionRegistry as yt, showCommand as z, getCommand$6 as zt };
-//# sourceMappingURL=runtime-1YuaoNr8.mjs.map
+export { listCommand$5 as $, compareSnapshots as $t, truncate as A, toPageDirection as An, startCommand as At, logBetaWarning as B, getExecutor as Bt, listCommand$2 as C, commonArgs as Cn, triggerExecutor as Ct, resumeWorkflow as D, isVerbose as Dn, jobsCommand as Dt, resumeCommand as E, deploymentArgs as En, getExecutorJob as Et, writeDbTypesFile as F, getWorkflowExecution as Ft, organizationTree as G, parseMigrationLabelNumber as Gt, removeCommand$1 as H, executeScript as Ht, getConfiguredEditorCommand as I, listWorkflowExecutions as It, listOrganizations as J, DIFF_FILE_NAME as Jt, treeCommand as K, bundleMigrationScript as Kt, openInConfiguredEditor as L, functionExecutionStatusToString as Lt, generate as M, getCommand$5 as Mt, generateCommand as N, getWorkflow as Nt, listCommand$3 as O, pagedLogArgs as On, listExecutorJobs as Ot, generateMigrationScript as P, executionsCommand as Pt, updateFolder as Q, compareLocalTypesWithSnapshot as Qt, show as R, formatKeyValueTable as Rt, listApps as S, defineAppCommand as Sn, triggerCommand as St, healthCommand as T, confirmationArgs as Tn, listExecutors as Tt, updateCommand$1 as U, waitForExecution$1 as Ut, remove as V, deploy as Vt, updateOrganization as W, MIGRATION_LABEL_KEY as Wt, getOrganization as X, MIGRATE_FILE_NAME as Xt, getCommand$1 as Y, INITIAL_SCHEMA_NUMBER as Yt, updateCommand$2 as Z, SCHEMA_FILE_NAME as Zt, getWorkspace as _, generateUserTypes as _n, listFunctionRegistries as _t, updateUser as a, getNextMigrationNumber as an, createCommand$1 as at, createCommand as b, apiCall as bn, listWebhookExecutors as bt, listCommand as c, reconstructSnapshotFromMigrations as cn, listOAuth2Clients as ct, inviteUser as d, formatMigrationDiff as dn, getMachineUserToken as dt, createSnapshotFromLocalTypes as en, listFolders as et, restoreCommand as f, hasChanges as fn, tokenCommand as ft, getCommand as g, PluginManager as gn, listCommand$8 as gt, listWorkspaces as h, sdkNameLabelKey as hn, generate$1 as ht, updateCommand as i, getMigrationFiles as in, deleteFolder as it, truncateCommand as j, workspaceArgs as jn, startWorkflow as jt, listWorkflows as k, paginationArgs as kn, watchExecutorJob as kt, listUsers as l, formatMigrationNumber as ln, getCommand$3 as lt, listCommand$1 as m, resourceTrn as mn, listMachineUsers as mt, query as n, getMigrationDirPath as nn, getFolder as nt, removeCommand as o, isValidMigrationNumber as on, createFolder as ot, restoreWorkspace as p, getNamespacesWithMigrations as pn, listCommand$7 as pt, listCommand$4 as q, DB_TYPES_FILE_NAME as qt, queryCommand as r, getMigrationFilePath as rn, deleteCommand$1 as rt, removeUser as s, loadDiff as sn, listCommand$6 as st, isNativeTypeScriptRuntime as t, getLatestMigrationNumber as tn, getCommand$2 as tt, inviteCommand as u, formatDiffSummary as un, getOAuth2Client as ut, deleteCommand as v, prompt as vn, getCommand$4 as vt, getAppHealth as w, configArg as wn, listCommand$9 as wt, createWorkspace as x, assertWritable as xn, webhookCommand as xt, deleteWorkspace as y, apiCommand as yn, getFunctionRegistry as yt, showCommand as z, getCommand$6 as zt };
+//# sourceMappingURL=runtime-CrUa8Z2k.mjs.map