@tailor-platform/sdk 1.65.0 → 1.66.1

package/dist/utils/test/index.d.mts

@@ -1,6 +1,6 @@
 import { M as TailorInvoker } from "../../tailordb-C-ar4XCX.mjs";
-import { J as TailorDBType } from "../../workflow.generated-CCDsY0ce.mjs";
-import { At as TailorField, Ct as WORKFLOW_TEST_ENV_KEY, n as output } from "../../index-DcXIjt9F.mjs";
+import { Z as TailorDBType } from "../../workflow.generated--1Qc15Et.mjs";
+import { jt as TailorField, n as output, wt as WORKFLOW_TEST_ENV_KEY } from "../../index-BdLqzJDu.mjs";
 import { StandardSchemaV1 } from "@standard-schema/spec";
 
 //#region src/utils/test/mock.d.ts

package/dist/{workflow.generated-CCDsY0ce.d.mts → workflow.generated--1Qc15Et.d.mts}

@@ -784,6 +784,22 @@ type AuthServiceInputLoose = AuthServiceInput<any, any, any, string, any>;
 type AuthOwnConfig = DefinedAuth<string, AuthServiceInputLoose, string>;
 type AuthConfig = AuthOwnConfig | AuthExternalConfig;
 //#endregion
+//#region src/types/aigateway.generated.d.ts
+type AIGateway = {
+  /** AI Gateway name */name: string; /** Auth namespace used to resolve request tokens against the workspace's auth */
+  authNamespace: string; /** Allowed CORS origins for browser-based clients. Each entry is `*`, `http(s)://*`, `http(s)://*.example.com`, or `http(s)://app.example.com`, optionally with `:port`. Empty list disables cross-origin access. */
+  cors?: string[] | undefined;
+};
+type AIGatewayInput = AIGateway;
+//#endregion
+//#region src/types/aigateway-config.d.ts
+declare const aiGatewayDefinitionBrand: unique symbol;
+type AIGatewayDefinitionBrand = {
+  readonly [aiGatewayDefinitionBrand]: true;
+};
+/** Type accepted by `AppConfig.aiGateways`. Only values returned by `defineAIGateway()` satisfy this. */
+type AIGatewayConfig = AIGatewayInput & AIGatewayDefinitionBrand;
+//#endregion
 //#region src/types/app-config.generated.d.ts
 type LogLevelEnum = "DEBUG" | "INFO" | "WARN" | "ERROR" | "SILENT";
 //#endregion
@@ -1368,9 +1384,10 @@ type WorkflowServiceInput = WorkflowServiceConfig;
  * - `auth`: Single auth config object (not an array)
  * - `idp`: Array of IdP configs, e.g. `[myIdp]`
  * - `staticWebsites`: Array of static website configs, e.g. `[website]`
+ * - `aiGateways`: Array of AI Gateway configs, e.g. `[gateway]`
  * - `db`, `resolver`, `executor`, `workflow`: Service configs with file globs
  */
-interface AppConfig<Auth extends AuthConfig = AuthConfig, Idp extends IdPConfig[] = IdPConfig[], StaticWebsites extends StaticWebsiteConfig[] = StaticWebsiteConfig[], Env extends Record<string, string | number | boolean> = Record<string, string | number | boolean>> {
+interface AppConfig<Auth extends AuthConfig = AuthConfig, Idp extends IdPConfig[] = IdPConfig[], StaticWebsites extends StaticWebsiteConfig[] = StaticWebsiteConfig[], AIGateways extends AIGatewayConfig[] = AIGatewayConfig[], Env extends Record<string, string | number | boolean> = Record<string, string | number | boolean>> {
   /** Application name (required). */
   name: string;
   /**
@@ -1407,6 +1424,8 @@ interface AppConfig<Auth extends AuthConfig = AuthConfig, Idp extends IdPConfig[
   httpAdapter?: HttpAdapterServiceInput;
   /** Static website configurations. Must be an array, e.g. `[website]`. */
   staticWebsites?: StaticWebsites;
+  /** AI Gateway configurations. Must be an array, e.g. `[gateway]`. */
+  aiGateways?: AIGateways;
   /** Secret Manager vault configurations. Keys are vault names, values are records of secret names to values. */
   secrets?: SecretsConfig;
   /**
@@ -1448,5 +1467,5 @@ type ConcurrencyPolicy = {
   /** Maximum number of concurrent executions (1-1000) */maxConcurrentExecutions: number;
 };
 //#endregion
-export { unsafeAllowAllGqlPermission as $, BeforeLoginClaims as A, UserAttributeMap as B, IdPGqlOperationsInput as C, AuthExternalConfig as D, AuthConnectionTokenResult as E, FederatedIdentityProvider as F, TailorAnyDBType as G, AuthConnectionConfig as H, OAuth2ClientGrantType as I, TailorDBType as J, TailorDBField as K, SCIMAttributeType as L, DefinedAuth as M, FederatedIdentity as N, AuthOwnConfig as O, FederatedIdentityClaims as P, TailorTypePermission as Q, UserAttributeKey as R, IdPGqlOperations as S, AuthConfig as T, AuthConnectionOAuth2Config as U, UsernameFieldKey as V, TailorAnyDBField as W, PermissionCondition as X, db as Y, TailorTypeGqlPermission as Z, IdPConfig as _, ExecutorServiceConfig as a, IdpDefinitionBrand as b, ResolverServiceConfig as c, WorkflowServiceInput as d, unsafeAllowAllTypePermission as et, StaticWebsiteConfig as f, SecretsDefinitionBrand as g, SecretsConfig as h, AppConfig as i, BeforeLoginHookArgs as j, AuthServiceInput as k, ResolverServiceInput as l, StaticWebsiteInput as m, RetryPolicy as n, AllowedValuesOutput as nt, ExecutorServiceInput as o, StaticWebsiteDefinitionBrand as p, TailorDBInstance as q, HttpAdapterConfigInput as r, ResolverExternalConfig as s, ConcurrencyPolicy as t, AllowedValues as tt, WorkflowServiceConfig as u, IdPExternalConfig as v, IdPInput as w, IdPEmailConfig as x, IdPUserField as y, UserAttributeListKey as z };
-//# sourceMappingURL=workflow.generated-CCDsY0ce.d.mts.map
+export { PermissionCondition as $, AuthExternalConfig as A, SCIMAttributeType as B, IdPGqlOperationsInput as C, AIGatewayInput as D, AIGatewayDefinitionBrand as E, DefinedAuth as F, AuthConnectionConfig as G, UserAttributeListKey as H, FederatedIdentity as I, TailorAnyDBType as J, AuthConnectionOAuth2Config as K, FederatedIdentityClaims as L, AuthServiceInput as M, BeforeLoginClaims as N, AuthConfig as O, BeforeLoginHookArgs as P, db as Q, FederatedIdentityProvider as R, IdPGqlOperations as S, AIGatewayConfig as T, UserAttributeMap as U, UserAttributeKey as V, UsernameFieldKey as W, TailorDBInstance as X, TailorDBField as Y, TailorDBType as Z, IdPConfig as _, ExecutorServiceConfig as a, AllowedValuesOutput as at, IdpDefinitionBrand as b, ResolverServiceConfig as c, WorkflowServiceInput as d, TailorTypeGqlPermission as et, StaticWebsiteConfig as f, SecretsDefinitionBrand as g, SecretsConfig as h, AppConfig as i, AllowedValues as it, AuthOwnConfig as j, AuthConnectionTokenResult as k, ResolverServiceInput as l, StaticWebsiteInput as m, RetryPolicy as n, unsafeAllowAllGqlPermission as nt, ExecutorServiceInput as o, StaticWebsiteDefinitionBrand as p, TailorAnyDBField as q, HttpAdapterConfigInput as r, unsafeAllowAllTypePermission as rt, ResolverExternalConfig as s, ConcurrencyPolicy as t, TailorTypePermission as tt, WorkflowServiceConfig as u, IdPExternalConfig as v, IdPInput as w, IdPEmailConfig as x, IdPUserField as y, OAuth2ClientGrantType as z };
+//# sourceMappingURL=workflow.generated--1Qc15Et.d.mts.map

package/docs/cli/completion.md

@@ -41,6 +41,9 @@ tailor-sdk completion [options] [shell]
 | `--instructions` | `-i`  | Show installation instructions                                                                                                       | No       | `false` |
 | `--loader`       | -     | Print just the rc loader snippet (bash/zsh). Add it to ~/.bashrc or ~/.zshrc; it auto-regenerates the cache when the binary changes. | No       | `false` |
 | `--install`      | -     | Write the completion script to its on-disk cache (bash/zsh) or autoload location (fish) instead of printing it.                      | No       | `false` |
+| `--static`       | -     | Generate the legacy static completion script with command metadata baked in.                                                         | No       | `false` |
+| `--dispatcher`   | -     | Generate the runtime dispatcher completion script. This is the default.                                                              | No       | `false` |
+| `--worker`       | -     | Generate an internal static worker artifact for dispatcher mode.                                                                     | No       | `false` |
 
 <!-- politty:command:completion:options:end -->
 

package/docs/services/aigateway.md

@@ -0,0 +1,97 @@
+# AI Gateway
+
+AI Gateway provides a unified endpoint for accessing multiple LLM providers (Azure OpenAI, Google Vertex AI Gemini, Anthropic via Vertex AI) through a single OpenAI-compatible API, with platform-managed credentials and workspace-scoped authentication.
+
+## Overview
+
+AI Gateway provides:
+
+- A unified, OpenAI-compatible endpoint for multiple LLM providers
+- Mandatory authentication via your workspace's auth (request tokens are resolved against the configured auth namespace)
+- Per-workspace isolation: each gateway is provisioned with its own platform-assigned URL
+- Optional CORS allow-list for browser-based clients
+- Built-in usage tracking and rate limiting (configured platform-side)
+
+## Configuration
+
+Configure an AI Gateway using `defineAIGateway()`:
+
+**Definition Rules:**
+
+- **Multiple gateways allowed**: You can define multiple AI Gateways in your config file
+- **Configuration location**: Define in `tailor.config.ts` and add to the `aiGateways` array
+- **Uniqueness**: Gateway names must be unique across all AI Gateways
+- **Name pattern**: `name` must match `^[a-z0-9][a-z0-9-]{1,28}[a-z0-9]$` (lowercase alphanumeric and hyphens, 3-30 characters)
+
+```typescript
+import { defineAIGateway, defineConfig } from "@tailor-platform/sdk";
+
+const aiGateway = defineAIGateway("my-aigateway", {
+  authNamespace: "default",
+});
+
+export default defineConfig({
+  aiGateways: [aiGateway],
+});
+```
+
+## Options
+
+### authNamespace
+
+The auth namespace used to resolve request tokens against your workspace's auth configuration. Must match an existing auth namespace.
+
+```typescript
+defineAIGateway("my-aigateway", {
+  authNamespace: "default",
+});
+```
+
+### cors
+
+Optional list of allowed origins for browser-based clients. Each entry is one of:
+
+- `*` — any origin (any scheme, any host)
+- `http(s)://*` — any host on the given scheme
+- `http(s)://*.example.com` — any subdomain of `example.com` on the given scheme
+- `http(s)://app.example.com` — an exact origin
+
+An optional `:port` may be appended in all URL forms. Omitting `cors` (or passing `[]`) disables cross-origin access — browsers will block any cross-origin reads.
+
+```typescript
+defineAIGateway("my-aigateway", {
+  authNamespace: "default",
+  cors: ["https://app.example.com", "https://*.example.com"],
+});
+```
+
+## Complete Example
+
+```typescript
+import {
+  defineAIGateway,
+  defineAuth,
+  defineConfig,
+  defineStaticWebSite,
+} from "@tailor-platform/sdk";
+
+const website = defineStaticWebSite("my-frontend", {
+  description: "Frontend application",
+});
+
+const aiGateway = defineAIGateway("my-aigateway", {
+  authNamespace: "default",
+  cors: [website.url],
+});
+
+const auth = defineAuth("my-auth", {
+  // ...auth configuration...
+});
+
+export default defineConfig({
+  name: "my-app",
+  auth,
+  staticWebsites: [website],
+  aiGateways: [aiGateway],
+});
+```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tailor-platform/sdk",
-  "version": "1.65.0",
+  "version": "1.66.1",
   "description": "Tailor Platform SDK - The SDK to work with Tailor Platform",
   "license": "MIT",
   "repository": {
@@ -174,9 +174,9 @@
     "pathe": "2.0.3",
     "pgsql-ast-parser": "12.0.2",
     "pkg-types": "2.3.1",
-    "politty": "0.5.1",
+    "politty": "0.6.0",
     "rolldown": "1.1.0",
-    "semver": "7.8.3",
+    "semver": "7.8.4",
     "sql-highlight": "6.1.0",
     "std-env": "4.1.0",
     "table": "6.9.0",
@@ -191,7 +191,7 @@
     "@opentelemetry/sdk-trace-base": "2.8.0",
     "@types/madge": "5.0.3",
     "@types/mime-types": "3.0.1",
-    "@types/node": "24.13.1",
+    "@types/node": "24.13.2",
     "@types/semver": "7.7.1",
     "@typescript/native-preview": "7.0.0-dev.20260612.1",
     "@vitest/coverage-v8": "4.1.8",
@@ -227,7 +227,7 @@
     "test:coverage": "vitest --coverage",
     "docs:check": "vitest run --project=unit* src/cli/docs.test.ts",
     "docs:update": "POLITTY_DOCS_UPDATE=true vitest run --project=unit* src/cli/docs.test.ts",
-    "build": "tsdown",
+    "build": "tsdown && politty generate-worker --bin dist/cli/index.mjs --program tailor-sdk --shell zsh --verify",
     "lint": "oxlint --type-aware .",
     "check:public-api-jsdoc": "tsx scripts/check-public-api-jsdoc.ts",
     "lint:fix": "oxlint --type-aware . --fix",