@tailor-platform/sdk 1.65.0 → 1.66.1

package/dist/{runtime-C7qTBDD2.mjs → runtime-2nzOZCUb.mjs}

@@ -1,9 +1,9 @@
 
 import { t as db } from "./schema-1msIhXwA.mjs";
-import { $ as CreateExecutorExecutorRequestSchema, A as TailorDBGQLPermission_Permit, At as AuthSCIMAttribute_Type, B as UpdateSecretManagerSecretRequestSchema, Bt as Subgraph_ServiceType, C as WorkflowExecution_Status, Ct as AuthConnection_Type, D as UpdateTailorDBTypeRequestSchema, Dt as AuthOAuth2Client_ClientType, E as CreateTailorDBTypeRequestSchema, Et as AuthInvokerSchema, F as CreateStaticWebsiteRequestSchema, Ft as UserProfileProviderConfig_UserProfileProviderType, G as PipelineResolver_OperationType, H as CreatePipelineServiceRequestSchema, Ht as Condition_Operator, I as UpdateStaticWebsiteRequestSchema, It as CreateApplicationRequestSchema, J as IdPLang, K as CreateIdPServiceRequestSchema, Lt as GetApplicationSchemaHealthResponse_ApplicationSchemaHealthStatus, M as TailorDBType_Permission_Permit, Mt as AuthSCIMConfig_AuthorizationType, N as TailorDBType_PermitAction, O as TailorDBGQLPermission_Action, Ot as AuthOAuth2Client_GrantType, P as AddCustomDomainRequestSchema, Pt as TenantProviderConfig_TenantProviderType, R as CreateSecretManagerSecretRequestSchema, Rt as UpdateApplicationRequestSchema, S as UpdateWorkflowRequestSchema, St as UpdateUserProfileConfigRequestSchema, T as CreateTailorDBServiceRequestSchema, Tt as AuthIDPConfig_AuthType, U as UpdatePipelineResolverRequestSchema, Ut as FilterSchema, V as CreatePipelineResolverRequestSchema, Vt as ConditionSchema, W as UpdatePipelineServiceRequestSchema, Wt as PageDirection, X as IdPPermissionPermit, Y as IdPPermissionOperator, Z as FunctionExecution_Status, _ as userAgent, _t as UpdateAuthOAuth2ClientRequestSchema, a as fetchAll, at as CreateAuthHookRequestSchema, b as CreateWorkflowJobFunctionRequestSchema, bt as UpdateAuthServiceRequestSchema, ct as CreateAuthOAuth2ClientRequestSchema, dt as CreateAuthServiceRequestSchema, et as UpdateExecutorExecutorRequestSchema, f as initOperatorClient, ft as CreateTenantConfigRequestSchema, gt as UpdateAuthMachineUserRequestSchema, h as resolveStaticWebsiteUrls, ht as UpdateAuthIDPConfigRequestSchema, it as CreateAuthConnectionRequestSchema, j as TailorDBType_Permission_Operator, jt as AuthSCIMAttribute_Uniqueness, k as TailorDBGQLPermission_Operator, kt as AuthSCIMAttribute_Mutability, lt as CreateAuthSCIMConfigRequestSchema, m as platformBaseUrl, mt as UpdateAuthHookRequestSchema, nt as ExecutorTargetType, o as fetchMachineUserToken, ot as CreateAuthIDPConfigRequestSchema, pt as CreateUserProfileConfigRequestSchema, q as UpdateIdPServiceRequestSchema, rt as ExecutorTriggerType, s as fetchPaged, st as CreateAuthMachineUserRequestSchema, tt as ExecutorJobStatus, ut as CreateAuthSCIMResourceRequestSchema, v as OperatorService, vt as UpdateAuthSCIMConfigRequestSchema, w as WorkflowJobExecution_Status, wt as AuthHookPoint, x as CreateWorkflowRequestSchema, xt as UpdateTenantConfigRequestSchema, y as WorkspacePlatformUserRole, yt as UpdateAuthSCIMResourceRequestSchema, z as CreateSecretManagerVaultRequestSchema, zt as ApplicationSchemaUpdateAttemptStatus } from "./client-CobIRHl-.mjs";
+import { $ as CreateExecutorExecutorRequestSchema, A as TailorDBGQLPermission_Permit, At as AuthSCIMAttribute_Type, B as UpdateSecretManagerSecretRequestSchema, Bt as Subgraph_ServiceType, C as WorkflowExecution_Status, Ct as AuthConnection_Type, D as UpdateTailorDBTypeRequestSchema, Dt as AuthOAuth2Client_ClientType, E as CreateTailorDBTypeRequestSchema, Et as AuthInvokerSchema, F as CreateStaticWebsiteRequestSchema, Ft as UserProfileProviderConfig_UserProfileProviderType, G as PipelineResolver_OperationType, H as CreatePipelineServiceRequestSchema, Ht as Condition_Operator, I as UpdateStaticWebsiteRequestSchema, It as CreateApplicationRequestSchema, J as IdPLang, K as CreateIdPServiceRequestSchema, Lt as GetApplicationSchemaHealthResponse_ApplicationSchemaHealthStatus, M as TailorDBType_Permission_Permit, Mt as AuthSCIMConfig_AuthorizationType, N as TailorDBType_PermitAction, O as TailorDBGQLPermission_Action, Ot as AuthOAuth2Client_GrantType, P as AddCustomDomainRequestSchema, Pt as TenantProviderConfig_TenantProviderType, R as CreateSecretManagerSecretRequestSchema, Rt as UpdateApplicationRequestSchema, S as UpdateWorkflowRequestSchema, St as UpdateUserProfileConfigRequestSchema, T as CreateTailorDBServiceRequestSchema, Tt as AuthIDPConfig_AuthType, U as UpdatePipelineResolverRequestSchema, Ut as FilterSchema, V as CreatePipelineResolverRequestSchema, Vt as ConditionSchema, W as UpdatePipelineServiceRequestSchema, Wt as PageDirection, X as IdPPermissionPermit, Y as IdPPermissionOperator, Z as FunctionExecution_Status, _ as userAgent, _t as UpdateAuthOAuth2ClientRequestSchema, a as fetchAll, at as CreateAuthHookRequestSchema, b as CreateWorkflowJobFunctionRequestSchema, bt as UpdateAuthServiceRequestSchema, ct as CreateAuthOAuth2ClientRequestSchema, dt as CreateAuthServiceRequestSchema, et as UpdateExecutorExecutorRequestSchema, f as initOperatorClient, ft as CreateTenantConfigRequestSchema, gt as UpdateAuthMachineUserRequestSchema, h as resolveStaticWebsiteUrls, ht as UpdateAuthIDPConfigRequestSchema, it as CreateAuthConnectionRequestSchema, j as TailorDBType_Permission_Operator, jt as AuthSCIMAttribute_Uniqueness, k as TailorDBGQLPermission_Operator, kt as AuthSCIMAttribute_Mutability, lt as CreateAuthSCIMConfigRequestSchema, m as platformBaseUrl, mt as UpdateAuthHookRequestSchema, nt as ExecutorTargetType, o as fetchMachineUserToken, ot as CreateAuthIDPConfigRequestSchema, pt as CreateUserProfileConfigRequestSchema, q as UpdateIdPServiceRequestSchema, rt as ExecutorTriggerType, s as fetchPaged, st as CreateAuthMachineUserRequestSchema, tt as ExecutorJobStatus, ut as CreateAuthSCIMResourceRequestSchema, v as OperatorService, vt as UpdateAuthSCIMConfigRequestSchema, w as WorkflowJobExecution_Status, wt as AuthHookPoint, x as CreateWorkflowRequestSchema, xt as UpdateTenantConfigRequestSchema, y as WorkspacePlatformUserRole, yt as UpdateAuthSCIMResourceRequestSchema, z as CreateSecretManagerVaultRequestSchema, zt as ApplicationSchemaUpdateAttemptStatus } from "./client-F0a4cWUM.mjs";
 import { t as assertDefined } from "./assert-CKfwrmCV.mjs";
 import { a as parseBoolean, i as symbols, n as logger, r as styles, t as CIPromptError } from "./logger-DpJyJvNz.mjs";
-import { A as readPlatformConfig, C as loadConfig, D as loadConfigPath, E as loadAccessToken, N as writePlatformConfig, O as loadMachineUserName, S as hashFile, b as getDistDir, d as assertUniqueLocalTailorDBTypeNames, f as assertUniqueTailorDBTypeNamesWithExternal, h as platformBundleDefinePlugin, k as loadWorkspaceId, l as buildExecutorArgsExpr, m as stringifyFunction, n as generatePluginFilesIfNeeded, p as TailorDBTypeSchema, r as loadApplication, s as HTTP_METHODS, t as defineApplication, u as buildResolverOperationHookExpr, y as createBundleCache } from "./application-76hhIhnJ.mjs";
+import { A as readPlatformConfig, C as loadConfig, D as loadConfigPath, E as loadAccessToken, N as writePlatformConfig, O as loadMachineUserName, S as hashFile, b as getDistDir, d as assertUniqueLocalTailorDBTypeNames, f as assertUniqueTailorDBTypeNamesWithExternal, h as platformBundleDefinePlugin, k as loadWorkspaceId, l as buildExecutorArgsExpr, m as stringifyFunction, n as generatePluginFilesIfNeeded, p as TailorDBTypeSchema, r as loadApplication, s as HTTP_METHODS, t as defineApplication, u as buildResolverOperationHookExpr, y as createBundleCache } from "./application-DGDmL8i_.mjs";
 import { o as loadFilesWithIgnores, t as createExecutorService } from "./service-wI3Hvrgx.mjs";
 import { t as multiline } from "./multiline-Cf9ODpr1.mjs";
 import { t as readPackageJson } from "./package-json-DcQApfPQ.mjs";
@@ -1806,6 +1806,219 @@ async function buildMetaRequest(params) {
 	};
 }
 
+//#endregion
+//#region src/cli/commands/deploy/owned-resource.ts
+/**
+* Fetch a workspace-scoped resource list and attach SDK ownership metadata.
+* @template T
+* @param params - Resource fetch parameters
+* @param params.client - Operator client instance
+* @param params.workspaceId - Workspace ID
+* @param params.fetchPage - Function that fetches one resource page
+* @param params.getName - Function that extracts the resource name
+* @param params.getTrn - Function that builds the resource TRN
+* @returns Existing resources keyed by resource name, with SDK labels attached
+*/
+async function fetchExistingResourcesWithLabels(params) {
+	const { client, workspaceId, fetchPage, getName, getTrn } = params;
+	const withoutLabel = await fetchAll(async (pageToken, maxPageSize) => {
+		try {
+			return await fetchPage(pageToken, maxPageSize);
+		} catch (error) {
+			if (error instanceof ConnectError && error.code === Code.NotFound) return [[], ""];
+			throw error;
+		}
+	});
+	const existingResources = {};
+	await Promise.all(withoutLabel.map(async (resource) => {
+		const name = getName(resource);
+		if (!name) return;
+		const { metadata } = await client.getMetadata({ trn: getTrn(workspaceId, name) });
+		existingResources[name] = {
+			resource,
+			label: metadata?.labels[sdkNameLabelKey],
+			allLabels: metadata?.labels
+		};
+	}));
+	return existingResources;
+}
+/**
+* Determine whether a same-named existing resource is managed by this app.
+* Records the user-facing confirmation data when ownership does not match.
+* @param params - Ownership classification inputs
+* @param params.labels - Existing resource labels
+* @param params.ownerLabel - Existing `sdk-name` label, when present
+* @param params.appName - Current application name
+* @param params.appId - Current application id, when present
+* @param params.resourceType - Resource kind for confirmation messages
+* @param params.resourceName - Resource name for confirmation messages
+* @param params.conflicts - Conflict accumulator
+* @param params.unmanaged - Unmanaged-resource accumulator
+* @returns True when the resource is owned by the current app
+*/
+function trackDesiredResourceOwnership(params) {
+	const { labels, ownerLabel, appName, appId, resourceType, resourceName, conflicts, unmanaged } = params;
+	const owned = isOwnedByApp(labels, appName, appId);
+	if (!owned) if (!ownerLabel) unmanaged.push({
+		resourceType,
+		resourceName
+	});
+	else conflicts.push({
+		resourceType,
+		resourceName,
+		currentOwner: ownerLabel
+	});
+	return owned;
+}
+/**
+* Determine whether a remote-only resource is still owned by this app.
+* Also records other SDK owners so renamed-empty applications can be handled.
+* @param params - Ownership classification inputs
+* @param params.labels - Existing resource labels
+* @param params.ownerLabel - Existing `sdk-name` label, when present
+* @param params.appName - Current application name
+* @param params.appId - Current application id, when present
+* @param params.resourceOwners - Other-owner accumulator
+* @returns True when the resource is owned by the current app
+*/
+function trackRemainingResourceOwner(params) {
+	const { labels, ownerLabel, appName, appId, resourceOwners } = params;
+	const owned = isOwnedByApp(labels, appName, appId);
+	if (ownerLabel && !owned) resourceOwners.add(ownerLabel);
+	return owned;
+}
+
+//#endregion
+//#region src/cli/commands/deploy/aigateway.ts
+/**
+* Apply AI Gateway changes for the given phase.
+* @param client - Operator client instance
+* @param result - Planned AI Gateway changes
+* @param phase - Apply phase
+* @returns Promise that resolves when AI Gateways are applied
+*/
+async function applyAIGateway(client, result, phase = "create-update") {
+	const { changeSet } = result;
+	if (phase === "create-update") await Promise.all([...changeSet.creates.map(async (create) => {
+		create.request.cors = await resolveStaticWebsiteUrls(client, assertDefined(create.request.workspaceId, "request missing workspaceId"), create.request.cors, "AIGateway CORS");
+		await client.createAIGateway(create.request);
+		await client.setMetadata(create.metaRequest);
+	}), ...changeSet.updates.map(async (update) => {
+		update.request.cors = await resolveStaticWebsiteUrls(client, assertDefined(update.request.workspaceId, "request missing workspaceId"), update.request.cors, "AIGateway CORS");
+		await client.updateAIGateway(update.request);
+		await client.setMetadata(update.metaRequest);
+	})]);
+	else await Promise.all(changeSet.deletes.map((del) => client.deleteAIGateway(del.request)));
+}
+function normalizeComparableAIGatewayShape(input) {
+	return {
+		authNamespace: input.authNamespace,
+		cors: input.cors.toSorted()
+	};
+}
+function normalizeComparableAIGateway(input) {
+	return normalizeComparableAIGatewayShape({
+		authNamespace: input.authNamespace || "",
+		cors: [...input.cors || []]
+	});
+}
+function areAIGatewaysEqual(existing, desired) {
+	return areNormalizedEqual(normalizeComparableAIGateway(existing), normalizeComparableAIGateway(desired));
+}
+/**
+* Plan AI Gateway changes based on current and desired state.
+* @param context - Planning context
+* @returns Planned changes
+*/
+async function planAIGateway(context) {
+	const { client, workspaceId, application, forRemoval } = context;
+	const changeSet = createChangeSet("AIGateways");
+	const conflicts = [];
+	const unmanaged = [];
+	const resourceOwners = /* @__PURE__ */ new Set();
+	const existingGateways = await fetchExistingResourcesWithLabels({
+		client,
+		workspaceId,
+		fetchPage: async (pageToken, pageSize) => {
+			const { aigateways, nextPageToken } = await client.listAIGateways({
+				workspaceId,
+				pageToken,
+				pageSize
+			});
+			return [aigateways, nextPageToken];
+		},
+		getName: (resource) => resource.name,
+		getTrn: (workspaceId, name) => resourceTrn(workspaceId, "aigateway", name)
+	});
+	const aiGatewayServices = forRemoval ? [] : application.aiGatewayServices;
+	const expectedLocalWebsites = new Set(application.staticWebsiteServices.map((website) => website.name));
+	for (const gatewayService of aiGatewayServices) {
+		const config = gatewayService;
+		const name = gatewayService.name;
+		const existing = existingGateways[name];
+		const metaRequest = await buildMetaRequest({
+			trn: resourceTrn(workspaceId, "aigateway", name),
+			appName: application.name,
+			appId: application.id
+		});
+		const resolvedCors = await resolveStaticWebsiteUrls(client, workspaceId, config.cors ? [...config.cors] : [], "AIGateway CORS", { expectedLocalNames: expectedLocalWebsites });
+		const desired = normalizeComparableAIGateway({
+			...config,
+			cors: resolvedCors
+		});
+		const request = {
+			workspaceId,
+			aigatewayName: name,
+			authNamespace: config.authNamespace,
+			cors: config.cors ? [...config.cors] : []
+		};
+		if (existing) {
+			if (trackDesiredResourceOwnership({
+				labels: existing.allLabels,
+				ownerLabel: existing.label,
+				appName: application.name,
+				appId: application.id,
+				resourceType: "AIGateway",
+				resourceName: name,
+				conflicts,
+				unmanaged
+			}) && hasMatchingSdkVersion(existing.allLabels, metaRequest.labels) && areAIGatewaysEqual(existing.resource, desired)) changeSet.unchanged.push({ name });
+			else changeSet.updates.push({
+				name,
+				request,
+				metaRequest
+			});
+			delete existingGateways[name];
+		} else changeSet.creates.push({
+			name,
+			request,
+			metaRequest
+		});
+	}
+	Object.entries(existingGateways).forEach(([name, entry]) => {
+		const label = entry?.label;
+		if (trackRemainingResourceOwner({
+			labels: entry?.allLabels,
+			ownerLabel: label,
+			appName: application.name,
+			appId: application.id,
+			resourceOwners
+		})) changeSet.deletes.push({
+			name,
+			request: {
+				workspaceId,
+				aigatewayName: name
+			}
+		});
+	});
+	return {
+		changeSet,
+		conflicts,
+		unmanaged,
+		resourceOwners
+	};
+}
+
 //#endregion
 //#region src/cli/commands/deploy/application.ts
 /**
@@ -4900,88 +5113,6 @@ function normalizeAuthInvoker(authInvoker, authNamespace, context) {
 	return authInvoker;
 }
 
-//#endregion
-//#region src/cli/commands/deploy/owned-resource.ts
-/**
-* Fetch a workspace-scoped resource list and attach SDK ownership metadata.
-* @template T
-* @param params - Resource fetch parameters
-* @param params.client - Operator client instance
-* @param params.workspaceId - Workspace ID
-* @param params.fetchPage - Function that fetches one resource page
-* @param params.getName - Function that extracts the resource name
-* @param params.getTrn - Function that builds the resource TRN
-* @returns Existing resources keyed by resource name, with SDK labels attached
-*/
-async function fetchExistingResourcesWithLabels(params) {
-	const { client, workspaceId, fetchPage, getName, getTrn } = params;
-	const withoutLabel = await fetchAll(async (pageToken, maxPageSize) => {
-		try {
-			return await fetchPage(pageToken, maxPageSize);
-		} catch (error) {
-			if (error instanceof ConnectError && error.code === Code.NotFound) return [[], ""];
-			throw error;
-		}
-	});
-	const existingResources = {};
-	await Promise.all(withoutLabel.map(async (resource) => {
-		const name = getName(resource);
-		if (!name) return;
-		const { metadata } = await client.getMetadata({ trn: getTrn(workspaceId, name) });
-		existingResources[name] = {
-			resource,
-			label: metadata?.labels[sdkNameLabelKey],
-			allLabels: metadata?.labels
-		};
-	}));
-	return existingResources;
-}
-/**
-* Determine whether a same-named existing resource is managed by this app.
-* Records the user-facing confirmation data when ownership does not match.
-* @param params - Ownership classification inputs
-* @param params.labels - Existing resource labels
-* @param params.ownerLabel - Existing `sdk-name` label, when present
-* @param params.appName - Current application name
-* @param params.appId - Current application id, when present
-* @param params.resourceType - Resource kind for confirmation messages
-* @param params.resourceName - Resource name for confirmation messages
-* @param params.conflicts - Conflict accumulator
-* @param params.unmanaged - Unmanaged-resource accumulator
-* @returns True when the resource is owned by the current app
-*/
-function trackDesiredResourceOwnership(params) {
-	const { labels, ownerLabel, appName, appId, resourceType, resourceName, conflicts, unmanaged } = params;
-	const owned = isOwnedByApp(labels, appName, appId);
-	if (!owned) if (!ownerLabel) unmanaged.push({
-		resourceType,
-		resourceName
-	});
-	else conflicts.push({
-		resourceType,
-		resourceName,
-		currentOwner: ownerLabel
-	});
-	return owned;
-}
-/**
-* Determine whether a remote-only resource is still owned by this app.
-* Also records other SDK owners so renamed-empty applications can be handled.
-* @param params - Ownership classification inputs
-* @param params.labels - Existing resource labels
-* @param params.ownerLabel - Existing `sdk-name` label, when present
-* @param params.appName - Current application name
-* @param params.appId - Current application id, when present
-* @param params.resourceOwners - Other-owner accumulator
-* @returns True when the resource is owned by the current app
-*/
-function trackRemainingResourceOwner(params) {
-	const { labels, ownerLabel, appName, appId, resourceOwners } = params;
-	const owned = isOwnedByApp(labels, appName, appId);
-	if (ownerLabel && !owned) resourceOwners.add(ownerLabel);
-	return owned;
-}
-
 //#endregion
 //#region src/cli/commands/deploy/executor.ts
 /**
@@ -10620,6 +10751,9 @@ async function shouldForceApplyAll(client, workspaceId, application, functionEnt
 	application.staticWebsiteServices.forEach((website) => {
 		candidateTrns.add(resourceTrn(workspaceId, "staticwebsite", website.name));
 	});
+	application.aiGatewayServices.forEach((gateway) => {
+		candidateTrns.add(resourceTrn(workspaceId, "aigateway", gateway.name));
+	});
 	application.resolverServices.forEach((pipeline) => {
 		candidateTrns.add(resourceTrn(workspaceId, "pipeline", pipeline.namespace));
 	});
@@ -10698,6 +10832,7 @@ function printPlanResults(results) {
 	const authServiceActions = extractServiceActions(results.auth.changeSet.service);
 	results.staticWebsite.changeSet.print();
 	results.staticWebsite.customDomainChangeSet.print();
+	results.aiGateway.changeSet.print();
 	results.app.print();
 	printGroupedDisplaySection("TailorDB", tailorDBEntries, tailorDBServiceActions);
 	printGroupedDisplaySection("Resolver", pipelineEntries, pipelineServiceActions);
@@ -10748,6 +10883,7 @@ function summarizePlanResults(results, displayEntries, serviceActions) {
 		otherChanges,
 		results.staticWebsite.changeSet,
 		results.staticWebsite.customDomainChangeSet,
+		results.aiGateway.changeSet,
 		results.app,
 		results.secretManager.vaultChangeSet,
 		results.secretManager.secretChangeSet
@@ -10852,7 +10988,7 @@ async function deploy(options) {
 		const dryRun = options?.dryRun ?? false;
 		const yes = options?.yes ?? false;
 		const forceApplyAll = await withSpan("plan.detectSdkVersionChange", () => shouldForceApplyAll(client, workspaceId, application, functionEntries));
-		const { functionRegistry, tailorDB, staticWebsite, idp, auth, pipeline, app, executor, workflow, secretManager } = await withSpan("plan", async () => {
+		const { functionRegistry, tailorDB, staticWebsite, aiGateway, idp, auth, pipeline, app, executor, workflow, secretManager } = await withSpan("plan", async () => {
 			const idpUserTriggerTargets = collectIdpUserTriggerTargets(application);
 			const ctx = {
 				client,
@@ -10866,9 +11002,10 @@ async function deploy(options) {
 			};
 			const functionRegistry = await withSpan("plan.functionRegistry", () => planFunctionRegistry(client, workspaceId, application.name, application.id, functionEntries));
 			const unchangedWorkflowJobs = new Set(functionRegistry.changeSet.unchanged.filter((entry) => entry.name.startsWith(WORKFLOW_PREFIX)).map((entry) => entry.name.slice(WORKFLOW_PREFIX.length)));
-			const [tailorDB, staticWebsite, idp, auth, pipeline, app, executor, workflow, secretManager] = await Promise.all([
+			const [tailorDB, staticWebsite, aiGateway, idp, auth, pipeline, app, executor, workflow, secretManager] = await Promise.all([
 				withSpan("plan.tailorDB", () => planTailorDB(ctx)),
 				withSpan("plan.staticWebsite", () => planStaticWebsite(ctx)),
+				withSpan("plan.aiGateway", () => planAIGateway(ctx)),
 				withSpan("plan.idp", () => planIdP(ctx)),
 				withSpan("plan.auth", () => planAuth(ctx)),
 				withSpan("plan.pipeline", () => planPipeline(ctx)),
@@ -10881,6 +11018,7 @@ async function deploy(options) {
 				functionRegistry,
 				tailorDB,
 				staticWebsite,
+				aiGateway,
 				idp,
 				auth,
 				pipeline,
@@ -10895,6 +11033,7 @@ async function deploy(options) {
 				...functionRegistry.conflicts,
 				...tailorDB.conflicts,
 				...staticWebsite.conflicts,
+				...aiGateway.conflicts,
 				...idp.conflicts,
 				...auth.conflicts,
 				...pipeline.conflicts,
@@ -10907,6 +11046,7 @@ async function deploy(options) {
 				...functionRegistry.unmanaged,
 				...tailorDB.unmanaged,
 				...staticWebsite.unmanaged,
+				...aiGateway.unmanaged,
 				...idp.unmanaged,
 				...auth.unmanaged,
 				...pipeline.unmanaged,
@@ -10923,6 +11063,10 @@ async function deploy(options) {
 				resourceType: "StaticWebsite",
 				resourceName: del.name
 			});
+			for (const del of aiGateway.changeSet.deletes) importantDeletions.push({
+				resourceType: "AIGateway",
+				resourceName: del.name
+			});
 			for (const del of auth.changeSet.oauth2Client.deletes) importantDeletions.push({
 				resourceType: "OAuth2 client",
 				resourceName: del.name
@@ -10950,6 +11094,7 @@ async function deploy(options) {
 					...functionRegistry.resourceOwners,
 					...tailorDB.resourceOwners,
 					...staticWebsite.resourceOwners,
+					...aiGateway.resourceOwners,
 					...idp.resourceOwners,
 					...auth.resourceOwners,
 					...pipeline.resourceOwners,
@@ -10971,6 +11116,7 @@ async function deploy(options) {
 			functionRegistry,
 			tailorDB,
 			staticWebsite,
+			aiGateway,
 			idp,
 			auth,
 			pipeline,
@@ -11000,6 +11146,7 @@ async function deploy(options) {
 			await applySecretManager(client, secretManager, "create-update", application);
 			await applyFunctionRegistry(client, workspaceId, functionRegistry, "create-update");
 			await applyStaticWebsite(client, staticWebsite, "create-update");
+			await applyAIGateway(client, aiGateway, "create-update");
 			await applyIdP(client, idp, "create-update");
 			await applyAuth(client, auth, "create-update");
 			await applyTailorDB(client, tailorDB, "create-update");
@@ -11019,6 +11166,7 @@ async function deploy(options) {
 			await applyWorkflow(client, workflow, "delete");
 			await applyExecutor(client, executor, "delete");
 			await applyStaticWebsite(client, staticWebsite, "delete");
+			await applyAIGateway(client, aiGateway, "delete");
 			await applySecretManager(client, secretManager, "delete");
 		});
 		await withSpan("apply.deleteApplication", () => applyApplication(client, app, "delete"));
@@ -14561,6 +14709,7 @@ async function execRemove(client, workspaceId, application, config, confirm) {
 	};
 	const tailorDB = await planTailorDB(ctx);
 	const staticWebsite = await planStaticWebsite(ctx);
+	const aiGateway = await planAIGateway(ctx);
 	const idp = await planIdP(ctx);
 	const auth = await planAuth(ctx);
 	const pipeline = await planPipeline(ctx);
@@ -14571,6 +14720,7 @@ async function execRemove(client, workspaceId, application, config, confirm) {
 	const secretManager = await planSecretManager(ctx);
 	functionRegistry.changeSet.print();
 	staticWebsite.changeSet.print();
+	aiGateway.changeSet.print();
 	app.print();
 	tailorDB.changeSet.service.print();
 	tailorDB.changeSet.type.print();
@@ -14593,11 +14743,12 @@ async function execRemove(client, workspaceId, application, config, confirm) {
 	auth.changeSet.connection.print();
 	secretManager.vaultChangeSet.print();
 	secretManager.secretChangeSet.print();
-	if (tailorDB.changeSet.service.deletes.length === 0 && staticWebsite.changeSet.deletes.length === 0 && idp.changeSet.service.deletes.length === 0 && auth.changeSet.service.deletes.length === 0 && pipeline.changeSet.service.deletes.length === 0 && app.deletes.length === 0 && executor.changeSet.deletes.length === 0 && workflow.changeSet.deletes.length === 0 && functionRegistry.changeSet.deletes.length === 0 && secretManager.vaultChangeSet.deletes.length === 0 && secretManager.secretChangeSet.deletes.length === 0) return;
+	if (tailorDB.changeSet.service.deletes.length === 0 && staticWebsite.changeSet.deletes.length === 0 && aiGateway.changeSet.deletes.length === 0 && idp.changeSet.service.deletes.length === 0 && auth.changeSet.service.deletes.length === 0 && pipeline.changeSet.service.deletes.length === 0 && app.deletes.length === 0 && executor.changeSet.deletes.length === 0 && workflow.changeSet.deletes.length === 0 && functionRegistry.changeSet.deletes.length === 0 && secretManager.vaultChangeSet.deletes.length === 0 && secretManager.secretChangeSet.deletes.length === 0) return;
 	if (confirm) await confirm();
 	await applyWorkflow(client, workflow, "delete");
 	await applyExecutor(client, executor, "delete");
 	await applyStaticWebsite(client, staticWebsite, "delete");
+	await applyAIGateway(client, aiGateway, "delete");
 	await applyApplication(client, app, "delete");
 	await applyPipeline(client, pipeline, "delete-resources");
 	await applyPipeline(client, pipeline, "delete-services");
@@ -15384,7 +15535,7 @@ async function generate(options) {
 	if (options.init) await handleInitOption(namespacesWithMigrations, options.yes);
 	let pluginManager;
 	if (plugins.length > 0) pluginManager = new PluginManager(plugins);
-	const { defineApplication } = await import("./application-av2raLs6.mjs");
+	const { defineApplication } = await import("./application-nTydHJm8.mjs");
 	const application = defineApplication({
 		config,
 		pluginManager
@@ -17545,4 +17696,4 @@ function isDeno() {
 
 //#endregion
 export { listCommand$5 as $, INITIAL_SCHEMA_NUMBER as $t, truncate as A, commonArgs as An, startCommand as At, logBetaWarning as B, getExecutor as Bt, listCommand$2 as C, PluginManager as Cn, triggerExecutor as Ct, resumeWorkflow as D, apiCall as Dn, jobsCommand as Dt, resumeCommand as E, apiCommand as En, getExecutorJob as Et, writeDbTypesFile as F, pagedLogArgs as Fn, getWorkflowExecution as Ft, organizationTree as G, MIGRATION_LABEL_KEY as Gt, removeCommand$1 as H, executeScript as Ht, getConfiguredEditorCommand as I, paginationArgs as In, listWorkflowExecutions as It, listOrganizations as J, compareSnapshotWithRemote as Jt, treeCommand as K, handleOptionalToRequiredError as Kt, openInConfiguredEditor as L, toPageDirection as Ln, functionExecutionStatusToString as Lt, generate as M, confirmationArgs as Mn, getCommand$5 as Mt, generateCommand as N, deploymentArgs as Nn, getWorkflow as Nt, listCommand$3 as O, assertWritable as On, listExecutorJobs as Ot, generateMigrationScript as P, isVerbose as Pn, executionsCommand as Pt, updateFolder as Q, DIFF_FILE_NAME as Qt, show as R, workspaceArgs as Rn, formatKeyValueTable as Rt, listApps as S, sdkNameLabelKey as Sn, triggerCommand as St, healthCommand as T, prompt as Tn, listExecutors as Tt, updateCommand$1 as U, waitForExecution$1 as Ut, remove as V, deploy as Vt, updateOrganization as W, bundleMigrationScript as Wt, getOrganization as X, protoGqlPermission as Xt, getCommand$1 as Y, generateAllTypeManifestsFromSnapshot as Yt, updateCommand$2 as Z, DB_TYPES_FILE_NAME as Zt, getWorkspace as _, formatMigrationDiff as _n, listFunctionRegistries as _t, updateUser as a, createSnapshotFromLocalTypes as an, createCommand$1 as at, createCommand as b, ensureConfigId as bn, listWebhookExecutors as bt, listCommand as c, getMigrationFilePath as cn, listOAuth2Clients as ct, inviteUser as d, isValidMigrationNumber as dn, getMachineUserToken as dt, MIGRATE_FILE_NAME as en, listFolders as et, restoreCommand as f, loadDiff as fn, tokenCommand as ft, getCommand as g, formatDiffSummary as gn, listCommand$8 as gt, listWorkspaces as h, parseMigrationNumberArg as hn, generate$1 as ht, updateCommand as i, compareSnapshots as in, deleteFolder as it, truncateCommand as j, configArg as jn, startWorkflow as jt, listWorkflows as k, defineAppCommand as kn, watchExecutorJob as kt, listUsers as l, getMigrationFiles as ln, getCommand$3 as lt, listCommand$1 as m, formatMigrationNumber as mn, listMachineUsers as mt, query as n, assertValidMigrationFiles as nn, getFolder as nt, removeCommand as o, getLatestMigrationNumber as on, createFolder as ot, restoreWorkspace as p, reconstructSnapshotFromMigrations as pn, listCommand$7 as pt, listCommand$4 as q, parseMigrationLabelNumber as qt, queryCommand as r, compareLocalTypesWithSnapshot as rn, deleteCommand$1 as rt, removeUser as s, getMigrationDirPath as sn, listCommand$6 as st, isNativeTypeScriptRuntime as t, SCHEMA_FILE_NAME as tn, getCommand$2 as tt, inviteCommand as u, getNextMigrationNumber as un, getOAuth2Client as ut, deleteCommand as v, hasChanges as vn, getCommand$4 as vt, getAppHealth as w, generateUserTypes as wn, listCommand$9 as wt, createWorkspace as x, resourceTrn as xn, webhookCommand as xt, deleteWorkspace as y, getNamespacesWithMigrations as yn, getFunctionRegistry as yt, showCommand as z, getCommand$6 as zt };
-//# sourceMappingURL=runtime-C7qTBDD2.mjs.map
+//# sourceMappingURL=runtime-2nzOZCUb.mjs.map