@tailor-platform/sdk 1.69.0 → 1.70.0

package/CHANGELOG.md

@@ -1,5 +1,35 @@
 # @tailor-platform/sdk
 
+## 1.70.0
+### Minor Changes
+
+
+
+- [#1547](https://github.com/tailor-platform/sdk/pull/1547) [`7bb4dd6`](https://github.com/tailor-platform/sdk/commit/7bb4dd68a2492e5b8d5051730cdf35ba4f442134) Thanks [@toiroakr](https://github.com/toiroakr)! - Route `deploy --dry-run` plan diff output to stdout so CI pipelines can capture it cleanly without `2>&1`. Add `--json` / `-j` support to `deploy`: dry-run outputs `{ summary, changes, warnings, conflicts }` and apply outputs `{ summary, status: "applied" }` to stdout for machine-readable consumption. The `warnings` array includes unmanaged resources and skipped secrets; the `conflicts` array lists owner conflicts.
+
+
+
+- [#1579](https://github.com/tailor-platform/sdk/pull/1579) [`7522a06`](https://github.com/tailor-platform/sdk/commit/7522a06abd4b5cabbc5b7ef2e00464db65fb894d) Thanks [@dqn](https://github.com/dqn)! - Add `tailor-sdk setup --erd-preview` and `tailordb erd diff` for PR ERD viewer artifacts with current/diff previews.
+
+
+
+- [#1575](https://github.com/tailor-platform/sdk/pull/1575) [`9857f3a`](https://github.com/tailor-platform/sdk/commit/9857f3a00dd9d8c1cd12c95a0517da1fe4c864a9) Thanks [@dqn](https://github.com/dqn)! - Add profile-level Platform connection settings so CLI profiles can switch the Platform API URL, OAuth2 login client, and Console URL together.
+
+
+
+- [#1566](https://github.com/tailor-platform/sdk/pull/1566) [`acd85bf`](https://github.com/tailor-platform/sdk/commit/acd85bfa9e5f2b3f752f09351572a465d8624f43) Thanks [@dqn](https://github.com/dqn)! - Support `TypedDocumentNode` queries in HTTP adapters and infer `output` response data from them.
+
+
+### Patch Changes
+
+
+
+- [#1560](https://github.com/tailor-platform/sdk/pull/1560) [`1899633`](https://github.com/tailor-platform/sdk/commit/1899633a726955d6e13443545bd8bfa6b16fb5ed) Thanks [@dragon3](https://github.com/dragon3)! - Update AI Gateway documentation to present supported models without naming backend providers
+
+
+
+- [#1574](https://github.com/tailor-platform/sdk/pull/1574) [`0e2759d`](https://github.com/tailor-platform/sdk/commit/0e2759d41f89c6bc670149932f860f208b6b7d0b) Thanks [@dqn](https://github.com/dqn)! - Improve builder API type errors so invalid field modifier calls show actionable messages.
+
 ## 1.69.0
 ### Minor Changes
 

package/dist/application-BakHtldG.mjs

@@ -0,0 +1,4 @@
+
+import { n as generatePluginFilesIfNeeded, r as loadApplication, t as defineApplication } from "./application-Df5_I83n.mjs";
+
+export { defineApplication, generatePluginFilesIfNeeded };

package/dist/{application-Cr-limKC.mjs → application-Df5_I83n.mjs}

@@ -213,35 +213,98 @@ function byName(a, b) {
 
 //#endregion
 //#region src/cli/shared/client.ts
-const platformBaseUrl = process.env.PLATFORM_URL ?? "https://api.tailor.tech";
-const oauth2ClientId = process.env.PLATFORM_OAUTH2_CLIENT_ID ?? "cpoc_0Iudir72fqSpqC6GQ58ri1cLAqcq5vJl";
+const defaultPlatformBaseUrl = "https://api.tailor.tech";
+const defaultConsoleBaseUrl = "https://console.tailor.tech";
+const defaultOAuth2ClientId = "cpoc_0Iudir72fqSpqC6GQ58ri1cLAqcq5vJl";
 const oauth2DiscoveryEndpoint = "/.well-known/oauth-authorization-server/oauth2/platform";
+const tokenPlatformConfigs = /* @__PURE__ */ new Map();
+function getEnvPlatformUrl() {
+	return process.env.TAILOR_PLATFORM_URL ?? process.env.PLATFORM_URL;
+}
+function getEnvOAuth2ClientId() {
+	return process.env.TAILOR_PLATFORM_OAUTH2_CLIENT_ID ?? process.env.PLATFORM_OAUTH2_CLIENT_ID;
+}
+function normalizeBaseUrl(value) {
+	const url = new URL(value);
+	url.hash = "";
+	url.search = "";
+	return url.toString().replace(/\/$/, "");
+}
+function getEffectivePlatformConfig(config = {}) {
+	const platformUrl = config.platformUrl ?? getEnvPlatformUrl();
+	const oauth2ClientId = config.oauth2ClientId ?? getEnvOAuth2ClientId();
+	const consoleUrl = config.consoleUrl ?? process.env.TAILOR_PLATFORM_CONSOLE_URL;
+	const effective = {
+		...platformUrl ? { platformUrl } : {},
+		...oauth2ClientId ? { oauth2ClientId } : {},
+		...consoleUrl ? { consoleUrl } : {}
+	};
+	return Object.keys(effective).length > 0 ? effective : void 0;
+}
+function rememberPlatformConfigForToken(accessToken, config) {
+	const effectiveConfig = getEffectivePlatformConfig(config);
+	if (effectiveConfig) tokenPlatformConfigs.set(accessToken, effectiveConfig);
+	else tokenPlatformConfigs.delete(accessToken);
+}
+function getPlatformConfigForToken(accessToken) {
+	return tokenPlatformConfigs.get(accessToken);
+}
+function getPlatformBaseUrl(config = {}) {
+	return normalizeBaseUrl(config.platformUrl ?? getEnvPlatformUrl() ?? "https://api.tailor.tech");
+}
+function isDefaultPlatform(config) {
+	return getPlatformBaseUrl(config) === normalizeBaseUrl(defaultPlatformBaseUrl);
+}
+function getOAuth2ClientId(config = {}) {
+	return config.oauth2ClientId ?? getEnvOAuth2ClientId() ?? defaultOAuth2ClientId;
+}
+function inferConsoleBaseUrl(platformBaseUrl) {
+	const platformUrl = new URL(platformBaseUrl);
+	if (platformUrl.hostname.startsWith("api.")) {
+		platformUrl.hostname = platformUrl.hostname.replace(/^api\./, "console.");
+		return normalizeBaseUrl(platformUrl.toString());
+	}
+	return defaultConsoleBaseUrl;
+}
+function getConsoleBaseUrl(config = {}) {
+	if (config.consoleUrl) return normalizeBaseUrl(config.consoleUrl);
+	if (config.platformUrl) {
+		const inferredUrl = inferConsoleBaseUrl(config.platformUrl);
+		if (inferredUrl !== "https://console.tailor.tech") return inferredUrl;
+	}
+	if (process.env.TAILOR_PLATFORM_CONSOLE_URL) return normalizeBaseUrl(process.env.TAILOR_PLATFORM_CONSOLE_URL);
+	return inferConsoleBaseUrl(getPlatformBaseUrl(config));
+}
 /**
 * Initialize an OAuth2 client for Tailor Platform.
+* @param config - Optional platform connection settings
 * @returns Configured OAuth2 client
 */
-function initOAuth2Client() {
+function initOAuth2Client(config) {
 	return new OAuth2Client({
-		clientId: oauth2ClientId,
-		server: platformBaseUrl,
+		clientId: getOAuth2ClientId(config),
+		server: getPlatformBaseUrl(config),
 		discoveryEndpoint: oauth2DiscoveryEndpoint
 	});
 }
 /**
 * Initialize an Operator client with the given access token.
 * @param accessToken - Access token for authentication
+* @param config - Optional platform connection settings
 * @returns Configured Operator client
 */
-async function initOperatorClient(accessToken) {
+async function initOperatorClient(accessToken, config) {
+	const platformConfig = config ?? getPlatformConfigForToken(accessToken);
 	const [{ createTracingInterceptor }, { OperatorService }] = await Promise.all([import("./interceptor-DOqRkCya.mjs"), import("./service_pb-DGSmn-aF.mjs")]);
-	return createClient(OperatorService, await createTransport(platformBaseUrl, [
+	const interceptors = [
 		await userAgentInterceptor(),
 		await bearerTokenInterceptor(accessToken),
 		retryInterceptor(),
 		errorHandlingInterceptor(),
 		createTracingInterceptor(),
 		concurrencyLimitInterceptor()
-	]));
+	];
+	return createClient(OperatorService, await createTransport(getPlatformBaseUrl(platformConfig), interceptors));
 }
 /**
 * Create a Connect transport using connect-node (HTTP/2).
@@ -574,10 +637,11 @@ async function fetchPaged(fn, options) {
 /**
 * Fetch user info from the Tailor Platform userinfo endpoint.
 * @param accessToken - Access token for the current user
+* @param config - Optional platform connection settings
 * @returns Parsed user info
 */
-async function fetchUserInfo(accessToken) {
-	const userInfoUrl = new URL("/auth/platform/userinfo", platformBaseUrl).href;
+async function fetchUserInfo(accessToken, config) {
+	const userInfoUrl = new URL("/auth/platform/userinfo", getPlatformBaseUrl(config)).href;
 	const resp = await fetch(userInfoUrl, { headers: {
 		Authorization: `Bearer ${accessToken}`,
 		"User-Agent": await userAgent()
@@ -654,13 +718,14 @@ async function fetchMachineUserToken(url, clientId, clientSecret) {
 * Fetch an OAuth2 token for a platform machine user via client_credentials grant.
 * @param clientId - Client ID for the platform machine user
 * @param clientSecret - Client secret for the platform machine user
+* @param config - Optional platform connection settings
 * @returns OAuth2 token
 */
-async function fetchPlatformMachineUserToken(clientId, clientSecret) {
+async function fetchPlatformMachineUserToken(clientId, clientSecret, config) {
 	return await new OAuth2Client({
 		clientId,
 		clientSecret,
-		server: platformBaseUrl,
+		server: getPlatformBaseUrl(config),
 		discoveryEndpoint: oauth2DiscoveryEndpoint
 	}).clientCredentials();
 }
@@ -743,7 +808,10 @@ const pfProfileSchema = z.object({
 	workspace_id: z.string(),
 	readonly: z.boolean().optional(),
 	machine_user: z.string().optional(),
-	machine_user_override: z.enum(["allow", "deny"]).optional()
+	machine_user_override: z.enum(["allow", "deny"]).optional(),
+	platform_url: z.url().optional(),
+	oauth2_client_id: z.string().optional(),
+	console_url: z.url().optional()
 });
 const pfUserSchemaV1 = z.object({
 	access_token: z.string(),
@@ -767,8 +835,10 @@ const pfConfigSchemaV1 = z.object({
 	profiles: z.partialRecord(z.string(), pfProfileSchema),
 	current_user: z.string().nullable()
 });
-const LATEST_CONFIG_VERSION = 2;
+const V2_CONFIG_VERSION = 2;
+const LATEST_CONFIG_VERSION = 3;
 const V2_MIN_SDK_VERSION = "1.29.0";
+const V3_MIN_SDK_VERSION = "1.70.0";
 const semverSchema = z.templateLiteral([
 	z.number().int(),
 	".",
@@ -776,8 +846,8 @@ const semverSchema = z.templateLiteral([
 	".",
 	z.number().int()
 ]);
-const pfConfigSchemaV2 = z.object({
-	version: z.literal(LATEST_CONFIG_VERSION),
+const pfConfigSchema = z.object({
+	version: z.union([z.literal(V2_CONFIG_VERSION), z.literal(LATEST_CONFIG_VERSION)]),
 	min_sdk_version: semverSchema,
 	latest_version: z.number().int().optional(),
 	latest_min_sdk_version: semverSchema.optional(),
@@ -790,6 +860,89 @@ function platformConfigPath() {
 	return path.join(xdgConfig, "tailor-platform", "config.yaml");
 }
 /**
+* Convert stored profile platform fields to platform client settings.
+* @param profile - Profile platform settings
+* @returns Platform client settings
+*/
+function platformConfigFromProfile(profile) {
+	const config = {
+		...profile?.platform_url ? { platformUrl: profile.platform_url } : {},
+		...profile?.oauth2_client_id ? { oauth2ClientId: profile.oauth2_client_id } : {},
+		...profile?.console_url ? { consoleUrl: profile.console_url } : {}
+	};
+	return Object.keys(config).length > 0 ? config : void 0;
+}
+function platformUserKey(user, config) {
+	const platformUrl = getPlatformBaseUrl(config);
+	if (platformUrl === normalizeBaseUrl("https://api.tailor.tech")) return user;
+	return `${platformUrl}|${user}`;
+}
+function canUseLegacyUserKey(platformUrl) {
+	try {
+		return getPlatformBaseUrl() === platformUrl;
+	} catch {
+		return false;
+	}
+}
+function findUserEntry(config, user, platformConfig, opts = {}) {
+	const userKey = platformUserKey(user, platformConfig);
+	const userEntry = config.users[userKey];
+	if (userEntry) return {
+		userKey,
+		userEntry
+	};
+	const platformUrl = getPlatformBaseUrl(platformConfig);
+	if (userKey !== user && (opts.allowLegacyUserKey === false || !canUseLegacyUserKey(platformUrl))) return {
+		userKey,
+		userEntry
+	};
+	const legacyEntry = config.users[user];
+	return legacyEntry ? {
+		userKey: user,
+		userEntry: legacyEntry
+	} : {
+		userKey,
+		userEntry
+	};
+}
+/**
+* Resolve the config user key that would be used for a user on the selected platform.
+* @param config - Platform config
+* @param user - User name
+* @param platformConfig - Optional platform connection settings
+* @param opts - Token lookup options
+* @returns Resolved config user key
+*/
+function resolveUserTokenKey(config, user, platformConfig, opts) {
+	return findUserEntry(config, user, platformConfig, opts).userKey;
+}
+/**
+* Check whether tokens are registered for a user on the selected platform.
+* @param config - Platform config
+* @param user - User name
+* @param platformConfig - Optional platform connection settings
+* @param opts - Token lookup options
+* @returns True when the user has a registered token entry
+*/
+function hasUserTokenEntry(config, user, platformConfig, opts) {
+	return findUserEntry(config, user, platformConfig, opts).userEntry !== void 0;
+}
+function hasUserKeyForName(users, user) {
+	return users[user] !== void 0 || Object.keys(users).some((key) => key.endsWith(`|${user}`));
+}
+/**
+* Check whether any platform has tokens registered for a user.
+* @param config - Platform config
+* @param user - User name
+* @returns True when the user has a token entry for any platform
+*/
+function hasAnyUserTokenEntry(config, user) {
+	return hasUserKeyForName(config.users, user);
+}
+function hasCurrentUserEntry(users, currentUser) {
+	return hasUserKeyForName(users, currentUser);
+}
+/**
 * Migrate a v1 config to v2.
 * Tokens are kept in the config file (storage: "file") during migration.
 * They will be moved to the OS keyring on next login or token refresh.
@@ -808,13 +961,20 @@ function migrateV1ToV2(v1Config) {
 		};
 	}
 	return {
-		version: LATEST_CONFIG_VERSION,
+		version: V2_CONFIG_VERSION,
 		min_sdk_version: V2_MIN_SDK_VERSION,
 		users,
 		profiles: v1Config.profiles,
 		current_user: v1Config.current_user
 	};
 }
+async function warnIfNewerConfigAvailable(config) {
+	if (!config.latest_min_sdk_version) return;
+	if (lt((await readPackageJson()).version ?? "0.0.0", config.latest_min_sdk_version)) logger.warn(multiline`
+      A newer config version (${String(config.latest_version)}) is available.
+      Please update your SDK to >= ${config.latest_min_sdk_version}: pnpm update @tailor-platform/sdk
+    `);
+}
 /**
 * Read Tailor Platform CLI configuration, migrating from tailorctl or v1 if necessary.
 * @returns Parsed platform configuration
@@ -844,15 +1004,10 @@ async function readPlatformConfig() {
       ${updateHint}
     `);
 	}
-	const v2Result = pfConfigSchemaV2.safeParse(rawConfig);
-	if (v2Result.success) {
-		if (v2Result.data.latest_min_sdk_version) {
-			if (lt((await readPackageJson()).version ?? "0.0.0", v2Result.data.latest_min_sdk_version)) logger.warn(multiline`
-          A newer config version (${String(v2Result.data.latest_version)}) is available.
-          Please update your SDK to >= ${v2Result.data.latest_min_sdk_version}: pnpm update @tailor-platform/sdk
-        `);
-		}
-		return v2Result.data;
+	const configResult = pfConfigSchema.safeParse(rawConfig);
+	if (configResult.success) {
+		await warnIfNewerConfigAvailable(configResult.data);
+		return configResult.data;
 	}
 	const v1Result = pfConfigSchemaV1.safeParse(rawConfig);
 	if (v1Result.success) return migrateV1ToV2(v1Result.data);
@@ -871,7 +1026,7 @@ function toV1ForDisk(config) {
 			token_expires_at: entry.token_expires_at
 		};
 	}
-	const currentUser = config.current_user && users[config.current_user] ? config.current_user : null;
+	const currentUser = config.current_user && hasCurrentUserEntry(users, config.current_user) ? config.current_user : null;
 	return {
 		version: 1,
 		users,
@@ -879,15 +1034,29 @@ function toV1ForDisk(config) {
 		current_user: currentUser
 	};
 }
+function hasProfilePlatformSettings(config) {
+	return Object.values(config.profiles).some((profile) => profile?.platform_url !== void 0 || profile?.oauth2_client_id !== void 0 || profile?.console_url !== void 0);
+}
+function hasScopedUserKeys(config) {
+	return Object.keys(config.users).some((userKey) => userKey.includes("|"));
+}
+function toLatestForDisk(config) {
+	return {
+		...config.version === 1 ? migrateV1ToV2(config) : config,
+		version: LATEST_CONFIG_VERSION,
+		min_sdk_version: V3_MIN_SDK_VERSION
+	};
+}
 /**
 * Write Tailor Platform CLI configuration to disk.
-* By default, V2 configs are converted to V1 for backward compatibility, so an
-* older SDK can still read the file. Configs containing a keyring user are kept
-* as V2 regardless, because the keyring storage variant is not representable in
-* V1 and downgrading it would silently drop the user's login. Such configs are
-* already V2 on disk (a keyring entry is only ever persisted with
-* TAILOR_USE_KEYRING set), so keeping V2 does not regress backward compatibility.
-* Set TAILOR_USE_KEYRING to write V2 format unconditionally.
+* By default, file-backed configs without newer fields are converted to V1 for
+* backward compatibility, so an older SDK can still read the file. Configs
+* containing a keyring user are kept in V2 or later because the keyring storage
+* variant is not representable in V1. Configs containing profile-level Platform
+* settings or platform-scoped user tokens are written in the latest
+* min-SDK-gated format because older SDKs would silently drop or misread those
+* settings.
+* Set TAILOR_USE_KEYRING to write the current in-memory format unconditionally.
 *
 * The config file may contain access/refresh tokens when the OS keyring is
 * unavailable, so it is written via {@link writeSecretFile} so other users
@@ -896,8 +1065,8 @@ function toV1ForDisk(config) {
 */
 function writePlatformConfig(config) {
 	const configPath = platformConfigPath();
-	const hasKeyringUser = config.version === 2 && Object.values(config.users).some((u) => u?.storage === "keyring");
-	writeSecretFile(configPath, stringifyYAML(config.version === 2 && !process.env.TAILOR_USE_KEYRING && !hasKeyringUser ? toV1ForDisk(config) : config));
+	const hasKeyringUser = config.version !== 1 && Object.values(config.users).some((u) => u?.storage === "keyring");
+	writeSecretFile(configPath, stringifyYAML(hasProfilePlatformSettings(config) || hasScopedUserKeys(config) ? toLatestForDisk(config) : config.version !== 1 && !process.env.TAILOR_USE_KEYRING && !hasKeyringUser ? toV1ForDisk(config) : config));
 }
 const tcContextConfigSchema = z.object({
 	username: z.string().optional(),
@@ -954,9 +1123,9 @@ function validateUUID(value, source) {
 * @returns Resolved workspace ID
 */
 async function loadWorkspaceId(opts) {
+	const profile = opts?.profile || process.env.TAILOR_PLATFORM_PROFILE;
 	if (opts?.workspaceId) return validateUUID(opts.workspaceId, "--workspace-id option");
 	if (process.env.TAILOR_PLATFORM_WORKSPACE_ID) return validateUUID(process.env.TAILOR_PLATFORM_WORKSPACE_ID, "TAILOR_PLATFORM_WORKSPACE_ID environment variable");
-	const profile = opts?.profile || process.env.TAILOR_PLATFORM_PROFILE;
 	if (profile) {
 		const wsId = (await readPlatformConfig()).profiles[profile]?.workspace_id;
 		if (!wsId) throw new Error(`Profile "${profile}" not found`);
@@ -1009,39 +1178,68 @@ async function loadMachineUserName(opts) {
 * @returns Resolved access token
 */
 async function loadAccessToken(opts) {
-	if (process.env.TAILOR_PLATFORM_TOKEN) return process.env.TAILOR_PLATFORM_TOKEN;
-	if (process.env.TAILOR_TOKEN) {
-		logger.warn("TAILOR_TOKEN is deprecated. Please use TAILOR_PLATFORM_TOKEN instead.");
-		return process.env.TAILOR_TOKEN;
+	const profile = opts?.profile || process.env.TAILOR_PLATFORM_PROFILE;
+	const envToken = process.env.TAILOR_PLATFORM_TOKEN ?? process.env.TAILOR_TOKEN;
+	if (envToken && !process.env.TAILOR_PLATFORM_TOKEN) logger.warn("TAILOR_TOKEN is deprecated. Please use TAILOR_PLATFORM_TOKEN instead.");
+	if (envToken) {
+		rememberPlatformConfigForToken(envToken, await loadPlatformClientConfig({
+			profile,
+			allowMissingProfile: true
+		}));
+		return envToken;
 	}
 	const pfConfig = await readPlatformConfig();
-	let user;
+	const profileEntry = profile ? pfConfig.profiles[profile] : void 0;
+	if (profile && !profileEntry) throw new Error(`Profile "${profile}" not found`);
+	const user = profileEntry?.user ?? pfConfig.current_user;
+	if (!user) throw new Error(multiline`
+      Tailor Platform token not found.
+      Please specify token via TAILOR_PLATFORM_TOKEN environment variable or login using 'tailor-sdk login' command.
+    `);
+	return await fetchLatestToken(pfConfig, user, profileEntry ? platformConfigFromProfile(profileEntry) : void 0);
+}
+/**
+* Load platform connection settings from the active profile.
+* @param opts - Profile options
+* @returns Resolved platform connection settings, or undefined for the default environment
+*/
+async function loadPlatformClientConfig(opts) {
 	const profile = opts?.profile || process.env.TAILOR_PLATFORM_PROFILE;
-	if (profile) {
-		const u = pfConfig.profiles[profile]?.user;
-		if (!u) throw new Error(`Profile "${profile}" not found`);
-		user = u;
-	} else {
-		const u = pfConfig.current_user;
-		if (!u) throw new Error(multiline`
-        Tailor Platform token not found.
-        Please specify token via TAILOR_PLATFORM_TOKEN environment variable or login using 'tailor-sdk login' command.
-      `);
-		user = u;
+	if (!profile) return;
+	let pfConfig;
+	try {
+		pfConfig = await readPlatformConfig();
+	} catch (error) {
+		if (opts?.allowMissingProfile) return;
+		throw error;
+	}
+	const profileEntry = pfConfig.profiles[profile];
+	if (!profileEntry) {
+		if (opts?.allowMissingProfile) return;
+		throw new Error(`Profile "${profile}" not found`);
 	}
-	return await fetchLatestToken(pfConfig, user);
+	return platformConfigFromProfile(profileEntry);
+}
+/**
+* Load the Tailor Platform Console base URL from environment variables or the active profile.
+* @param opts - Profile options
+* @returns Resolved Console base URL
+*/
+async function loadConsoleBaseUrl(opts) {
+	return getConsoleBaseUrl(await loadPlatformClientConfig(opts));
 }
 /**
 * Resolve the actual token values for a user, reading from keyring or config as appropriate.
 * @param userEntry - User entry from the config
 * @param user - User identifier
+* @param label - User-facing identifier used in error messages
 * @returns Access token and optional refresh token
 */
-async function resolveTokens(userEntry, user) {
+async function resolveTokens(userEntry, user, label = user) {
 	if (userEntry.storage === "keyring") {
 		const tokens = await loadKeyringTokens(user);
 		if (!tokens) throw new Error(multiline`
-        Credentials not found in OS keyring for "${user}".
+        Credentials not found in OS keyring for "${label}".
         Please run 'tailor-sdk login' and try again.
       `);
 		return tokens;
@@ -1056,18 +1254,20 @@ async function resolveTokens(userEntry, user) {
 * @param config - Platform config
 * @param user - User identifier
 * @param tokens - Token data to save
-* @param tokens.accessToken
-* @param tokens.refreshToken
+* @param tokens.accessToken - Access token
+* @param tokens.refreshToken - Refresh token
 * @param expiresAt - Token expiration date
+* @param platformConfig - Optional platform connection settings
 */
-async function saveUserTokens(config, user, tokens, expiresAt) {
+async function saveUserTokens(config, user, tokens, expiresAt, platformConfig) {
+	const userKey = platformUserKey(user, platformConfig);
 	if (process.env.TAILOR_USE_KEYRING && await isKeyringAvailable()) {
-		await saveKeyringTokens(user, tokens);
-		config.users[user] = {
+		await saveKeyringTokens(userKey, tokens);
+		config.users[userKey] = {
 			token_expires_at: expiresAt,
 			storage: "keyring"
 		};
-	} else config.users[user] = {
+	} else config.users[userKey] = {
 		access_token: tokens.accessToken,
 		refresh_token: tokens.refreshToken,
 		token_expires_at: expiresAt,
@@ -1078,29 +1278,53 @@ async function saveUserTokens(config, user, tokens, expiresAt) {
 * Delete tokens for a user from keyring if applicable.
 * @param config - Platform config
 * @param user - User identifier
+* @param platformConfig - Optional platform connection settings
+* @param opts - Token lookup options
 */
-async function deleteUserTokens(config, user) {
-	if (config.users[user]?.storage === "keyring") await deleteKeyringTokens(user);
+async function deleteUserTokens(config, user, platformConfig, opts) {
+	const { userKey, userEntry } = findUserEntry(config, user, platformConfig, opts);
+	if (userEntry?.storage === "keyring") await deleteKeyringTokens(userKey);
+	delete config.users[userKey];
+}
+/**
+* Resolve stored tokens for a user on the selected platform.
+* @param config - Platform config
+* @param user - User name
+* @param platformConfig - Optional platform connection settings
+* @param opts - Token lookup options
+* @returns Stored user entry and token values, or undefined when the user is not logged in
+*/
+async function loadStoredUserTokens(config, user, platformConfig, opts) {
+	const { userKey, userEntry } = findUserEntry(config, user, platformConfig, opts);
+	if (!userEntry) return void 0;
+	return {
+		userEntry,
+		...await resolveTokens(userEntry, userKey, user)
+	};
 }
 /**
 * Fetch the latest access token, refreshing if necessary.
 * @param config - Platform config
 * @param user - User name
+* @param platformConfig - Optional platform connection settings
 * @returns Latest access token
 */
-async function fetchLatestToken(config, user) {
-	const userEntry = config.users[user];
+async function fetchLatestToken(config, user, platformConfig) {
+	const { userKey, userEntry } = findUserEntry(config, user, platformConfig);
 	if (!userEntry) throw new Error(multiline`
       User "${user}" not found.
       Please verify your user name and login using 'tailor-sdk login' command.
     `);
-	const tokens = await resolveTokens(userEntry, user);
-	if (new Date(userEntry.token_expires_at) > /* @__PURE__ */ new Date()) return tokens.accessToken;
+	const tokens = await resolveTokens(userEntry, userKey, user);
+	if (new Date(userEntry.token_expires_at) > /* @__PURE__ */ new Date()) {
+		rememberPlatformConfigForToken(tokens.accessToken, platformConfig);
+		return tokens.accessToken;
+	}
 	if (!tokens.refreshToken) throw new Error(multiline`
       Token expired.
       Please run 'tailor-sdk login' and try again.
     `);
-	const client = initOAuth2Client();
+	const client = initOAuth2Client(platformConfig);
 	let resp;
 	try {
 		resp = await client.refreshToken({
@@ -1118,8 +1342,13 @@ async function fetchLatestToken(config, user) {
 	await saveUserTokens(config, user, {
 		accessToken: resp.accessToken,
 		refreshToken: resp.refreshToken ?? void 0
-	}, newExpiresAt);
+	}, newExpiresAt, platformConfig);
+	if (userKey !== platformUserKey(user, platformConfig)) {
+		if (userEntry.storage === "keyring") await deleteKeyringTokens(userKey);
+		delete config.users[userKey];
+	}
 	writePlatformConfig(config);
+	rememberPlatformConfigForToken(resp.accessToken, platformConfig);
 	return resp.accessToken;
 }
 const DEFAULT_CONFIG_FILENAME = "tailor.config.ts";
@@ -4626,6 +4855,7 @@ const HttpAdapterConfigSchema = z.strictObject({
 //#region src/cli/services/http-adapter/bundler.ts
 const ADAPTER_BUNDLE_WARN_BYTES = 64 * 1024;
 const ADAPTER_BUNDLE_ERROR_BYTES = 256 * 1024;
+const GRAPHQL_WEB_MODULE = createRequire(import.meta.url).resolve("@0no-co/graphql.web");
 /**
 * Bundle each adapter's `input` (and `output`, if present) into a standalone
 * IIFE defining a global `transform(input)` entry point. `input` gets a
@@ -4673,7 +4903,7 @@ async function bundleAdapterScript(adapter, kind, outputDir, tsconfig, cache, bu
 		tsconfig,
 		inlineSourcemap: false,
 		bundleLogLevel,
-		prefix: kind
+		prefix: `${kind}:document-query-normalize-v1`
 	});
 	const code = await withCache({
 		cache,
@@ -4684,8 +4914,6 @@ async function bundleAdapterScript(adapter, kind, outputDir, tsconfig, cache, bu
 		async build(cachePlugins) {
 			const entryPath = path.join(outputDir, `${adapter.name}.${kind}.entry.js`);
 			const absoluteSourcePath = path.resolve(adapter.sourceFile);
-			const entryContent = kind === "input" ? buildInputEntry(absoluteSourcePath, adapter.methods) : buildOutputEntry(absoluteSourcePath);
-			fs$1.writeFileSync(entryPath, entryContent);
 			const plugins = [
 				{
 					name: "http-adapter-reject-node-imports",
@@ -4712,6 +4940,8 @@ async function bundleAdapterScript(adapter, kind, outputDir, tsconfig, cache, bu
 			];
 			let bundled;
 			try {
+				const entryContent = kind === "input" ? buildInputEntry(absoluteSourcePath, adapter.methods, GRAPHQL_WEB_MODULE) : buildOutputEntry(absoluteSourcePath);
+				fs$1.writeFileSync(entryPath, entryContent);
 				bundled = (await rolldown.build({
 					input: entryPath,
 					write: false,
@@ -4745,10 +4975,20 @@ async function bundleAdapterScript(adapter, kind, outputDir, tsconfig, cache, bu
 		code
 	];
 }
-function buildInputEntry(absoluteSourcePath, methods) {
-	const cases = methods.map((method) => `    case "${HTTP_METHODS[method]}": return __adapter.input.${method}(req);`).join("\n");
+function buildInputEntry(absoluteSourcePath, methods, graphqlPrinterModule) {
+	const cases = methods.map((method) => {
+		const expression = `__normalizeHttpAdapterGraphQLRequest(${`__adapter.input.${method}(req)`})`;
+		return `    case "${HTTP_METHODS[method]}": return ${expression};`;
+	}).join("\n");
 	const supported = methods.map((m) => HTTP_METHODS[m]).join(", ");
-	return `import __adapter from ${JSON.stringify(absoluteSourcePath)};
+	return `${`import { print as __printHttpAdapterDocument } from ${JSON.stringify(graphqlPrinterModule)};
+function __normalizeHttpAdapterGraphQLRequest(result) {
+  if (!result || typeof result.query === "string") {
+    return result;
+  }
+  return { ...result, query: __printHttpAdapterDocument(result.query) };
+}
+`}import __adapter from ${JSON.stringify(absoluteSourcePath)};
 globalThis.transform = function(req) {
   switch (req.method) {
 ${cases}
@@ -6188,5 +6428,5 @@ async function loadApplication(params) {
 }
 
 //#endregion
-export { loadMachineUserName as A, fetchPlatformMachineUserToken as B, hashContent as C, fetchLatestToken as D, deleteUserTokens as E, writePlatformConfig as F, resolveStaticWebsiteUrls as G, initOAuth2Client as H, closeConnectionPool as I, byName as K, fetchAll as L, readPlatformConfig as M, resolveTokens as N, loadAccessToken as O, saveUserTokens as P, fetchMachineUserToken as R, getDistDir as S, loadConfig as T, initOperatorClient as U, fetchUserInfo as V, platformBaseUrl as W, createLogLevelTreeshakeOptions as _, WorkflowJobSchema as a, hasGenerationHooks as b, INVOKER_EXPR as c, assertUniqueLocalTailorDBTypeNames as d, assertUniqueTailorDBTypeNamesWithExternal as f, composeFunctionTreeshakeOptions as g, platformBundleDefinePlugin as h, resolveInlineSourcemap as i, loadWorkspaceId as j, loadConfigPath as k, buildExecutorArgsExpr as l, stringifyFunction as m, generatePluginFilesIfNeeded as n, ResolverSchema as o, TailorDBTypeSchema as p, loadApplication as r, HTTP_METHODS as s, defineApplication as t, buildResolverOperationHookExpr as u, resolveBundleLogLevel as v, hashFile as w, createBundleCache as x, getPluginGenerationDependencies as y, fetchPaged as z };
-//# sourceMappingURL=application-Cr-limKC.mjs.map
+export { initOperatorClient as $, loadAccessToken as A, saveUserTokens as B, hashContent as C, fetchLatestToken as D, deleteUserTokens as E, loadStoredUserTokens as F, fetchMachineUserToken as G, closeConnectionPool as H, loadWorkspaceId as I, fetchUserInfo as J, fetchPaged as K, platformConfigFromProfile as L, loadConsoleBaseUrl as M, loadMachineUserName as N, hasAnyUserTokenEntry as O, loadPlatformClientConfig as P, initOAuth2Client as Q, readPlatformConfig as R, getDistDir as S, loadConfig as T, defaultPlatformBaseUrl as U, writePlatformConfig as V, fetchAll as W, getOAuth2ClientId as X, getConsoleBaseUrl as Y, getPlatformBaseUrl as Z, createLogLevelTreeshakeOptions as _, WorkflowJobSchema as a, hasGenerationHooks as b, INVOKER_EXPR as c, assertUniqueLocalTailorDBTypeNames as d, isDefaultPlatform as et, assertUniqueTailorDBTypeNamesWithExternal as f, composeFunctionTreeshakeOptions as g, platformBundleDefinePlugin as h, resolveInlineSourcemap as i, loadConfigPath as j, hasUserTokenEntry as k, buildExecutorArgsExpr as l, stringifyFunction as m, generatePluginFilesIfNeeded as n, byName as nt, ResolverSchema as o, TailorDBTypeSchema as p, fetchPlatformMachineUserToken as q, loadApplication as r, HTTP_METHODS as s, defineApplication as t, resolveStaticWebsiteUrls as tt, buildResolverOperationHookExpr as u, resolveBundleLogLevel as v, hashFile as w, createBundleCache as x, getPluginGenerationDependencies as y, resolveUserTokenKey as z };
+//# sourceMappingURL=application-Df5_I83n.mjs.map