primitive-admin 1.1.0-alpha.2 → 1.1.0-alpha.21

package/README.md

@@ -150,12 +150,13 @@ Manage users within an app.
 
 ```bash
 primitive users list [app-id]                           # List users
+primitive users create <email> [--role admin|member]    # Create/add user by email
 primitive users invite [app-id] <email> [--role admin]  # Invite user
 primitive users remove [app-id] <user-id>               # Remove user
 primitive users set-role [app-id] <user-id> <role>      # Change role
 primitive users transfer-owner [app-id] <new-owner-id>  # Transfer ownership
-primitive users invitations list [app-id]               # List pending invitations
-primitive users invitations delete [app-id] <inv-id>    # Delete invitation
+primitive users mint-jwt <user-id> [--role <role>]      # Mint test JWT (dev/test only)
+primitive users invitations [app-id]                    # List pending invitations
 ```
 
 ### Waitlist
@@ -248,6 +249,120 @@ primitive workflows runs list <workflow-id>
 primitive workflows runs status <workflow-id> <run-id>
 ```
 
+### Tokens
+
+Manage long-lived API access tokens for headless/server authentication.
+
+```bash
+primitive tokens create <app-id> --name "My Token" --user <user-id>  # Create token
+primitive tokens create <app-id> --name "CI/CD" --ttl 90d --user <uid>  # With expiry
+primitive tokens list [app-id]                                        # List tokens
+primitive tokens show <token-id> [app-id]                             # Show details
+primitive tokens revoke <token-id> [app-id]                           # Revoke token
+```
+
+**Create options:**
+- `--name <name>` - Token name (required)
+- `--user <user-id>` - App user ID to associate the token with (required)
+- `--ttl <duration>` - Token lifetime (e.g., 7d, 30d, 4w, 3m, 1y). Omit for never-expiring
+
+### Databases
+
+Manage online databases and permissions. `list` returns databases the user has direct access to; group-shared databases are listed via `primitive groups databases`.
+
+```bash
+primitive databases list [app-id]                     # List databases (direct access)
+primitive databases create <title> [app-id]           # Create database
+primitive databases get <database-id> [app-id]        # Get details
+primitive databases update <database-id> [options]    # Update title or type
+primitive databases delete <database-id> [app-id]     # Delete database
+```
+
+**Permissions:**
+```bash
+primitive databases permissions list <database-id> [app-id]
+primitive databases permissions grant <database-id> --user-id <uid> --permission <perm> [app-id]
+primitive databases permissions revoke <database-id> <user-id> [app-id]
+```
+
+Permission values: `owner` (set at creation), `manager`
+
+**Metadata:**
+```bash
+primitive databases metadata update <database-id> --data '{"key":"value"}'  # Merge-update metadata
+```
+
+**Operations:**
+```bash
+primitive databases operations list <database-id> [app-id]                     # List registered operations
+primitive databases operations execute <database-id> <op-name> --params '{}'   # Execute operation
+primitive databases operations execute <database-id> <op-name> --token <jwt>   # Execute as specific user
+```
+
+The `--token` flag lets you execute an operation as a specific user using a test JWT from `users mint-jwt`. Useful for testing access rules.
+
+**Records (schema introspection):**
+```bash
+primitive databases records models <database-id> [app-id]            # List model names
+primitive databases records describe <database-id> <model> [app-id]  # Show inferred schema
+```
+
+**Indexes:**
+```bash
+primitive databases indexes list <database-id> [--model <name>]       # List indexes
+primitive databases indexes create <database-id> <model> <field> [options]  # Create index
+primitive databases indexes drop <database-id> <model> <field>        # Drop index
+```
+
+### Documents
+
+Manage document ownership and group permissions.
+
+```bash
+primitive documents transfer-owner [app-id] <document-id> <new-owner-id>  # Transfer ownership
+```
+
+**Group permissions on documents:**
+```bash
+primitive documents group-permissions list <document-id>
+primitive documents group-permissions grant <document-id> --group-type <type> --group-id <id> --permission <perm>
+primitive documents group-permissions revoke <document-id> <group-type> <group-id>
+```
+
+Permission values: `read-write`, `reader`
+
+### Groups
+
+Manage groups, members, and memberships.
+
+```bash
+primitive groups list [app-id]                           # List groups
+primitive groups create [app-id] --type <type> --id <id> --name <name>  # Create group
+primitive groups get <group-type> <group-id> [app-id]    # Get details
+primitive groups update <group-type> <group-id> [app-id] # Update group
+primitive groups delete <group-type> <group-id> [app-id] # Delete group
+```
+
+**Members:**
+```bash
+primitive groups members list <group-type> <group-id> [app-id]
+primitive groups members add <group-type> <group-id> <user-id> [app-id]
+primitive groups members remove <group-type> <group-id> <user-id> [app-id]
+primitive groups members set-role <group-type> <group-id> <user-id> <role> [app-id]
+```
+
+**Memberships:**
+```bash
+primitive groups memberships <user-id> [app-id]          # List user's group memberships
+```
+
+**Group resource access:**
+```bash
+primitive groups documents <group-type> <group-id>       # List documents a group can access
+```
+
+Group permissions on documents are managed via `primitive documents group-permissions` (see [Documents](#documents) above).
+
 ### Analytics
 
 View usage analytics for an app.
@@ -476,8 +591,13 @@ cli/tests/
     config.test.ts    # Credentials and config management
     output.test.ts    # Output formatting functions
   integration/
-    api-client.test.ts # API client HTTP tests
-    commands.test.ts   # CLI command tests
+    api-client.test.ts      # API client HTTP tests
+    commands.test.ts        # CLI command tests
+    tokens.test.ts          # Token lifecycle tests
+    databases.test.ts       # Database CRUD, permissions, group permissions tests
+    documents.test.ts       # Document group permissions, group resource listing tests
+    groups.test.ts          # Group CRUD, members, memberships tests
+    classroom-e2e.test.ts   # End-to-end classroom app workflow (types, rules, operations, access)
 ```
 
 ## Troubleshooting

package/dist/bin/primitive.js

@@ -18,6 +18,11 @@ import { registerSyncCommands } from "../src/commands/sync.js";
 import { registerLlmCommands } from "../src/commands/llm.js";
 import { registerComparisonsCommands } from "../src/commands/comparisons.js";
 import { registerTokensCommands } from "../src/commands/tokens.js";
+import { registerDatabasesCommands } from "../src/commands/databases.js";
+import { registerGroupsCommands } from "../src/commands/groups.js";
+import { registerRuleSetsCommands } from "../src/commands/rule-sets.js";
+import { registerGroupTypeConfigsCommands } from "../src/commands/group-type-configs.js";
+import { registerDatabaseTypesCommands } from "../src/commands/database-types.js";
 import { registerGuidesCommands } from "../src/commands/guides.js";
 import { registerDocumentsCommands } from "../src/commands/documents.js";
 import { error } from "../src/lib/output.js";
@@ -67,6 +72,11 @@ registerSyncCommands(program);
 registerLlmCommands(program);
 registerComparisonsCommands(program);
 registerTokensCommands(program);
+registerDatabasesCommands(program);
+registerGroupsCommands(program);
+registerRuleSetsCommands(program);
+registerGroupTypeConfigsCommands(program);
+registerDatabaseTypesCommands(program);
 registerGuidesCommands(program);
 registerDocumentsCommands(program);
 // Global error handler

package/dist/bin/primitive.js.map

@@ -1 +1 @@
-{"version":3,"file":"primitive.js","sourceRoot":"","sources":["../../bin/primitive.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxC,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAC;AAC/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEpD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AACtC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;AAExF,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CAAC;;;4EAG6D,CAAC;KAC1E,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;KACpB,WAAW,CAAC,OAAO,EAAE;;;;;;;;;;;;;;;;;CAiBvB,CAAC,CAAC;AAEH,mEAAmE;AACnE,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,wBAAwB,CAAC,OAAO,CAAC,CAAC;AAClC,4BAA4B,CAAC,OAAO,CAAC,CAAC;AACtC,uBAAuB,CAAC,OAAO,CAAC,CAAC;AACjC,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,uBAAuB,CAAC,OAAO,CAAC,CAAC;AACjC,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,2BAA2B,CAAC,OAAO,CAAC,CAAC;AACrC,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAEnC,uBAAuB;AACvB,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;IAC7B,6CAA6C;AAC/C,CAAC,CAAC,CAAC;AAEH,oBAAoB;AACpB,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IAC7C,IAAI,GAAG,YAAY,QAAQ,EAAE,CAAC;QAC5B,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACnB,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;YAC3B,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,GAAG,CAAC,OAAO,IAAI,8BAA8B,CAAC,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC"}
+{"version":3,"file":"primitive.js","sourceRoot":"","sources":["../../bin/primitive.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxC,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAC;AAC/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACzF,OAAO,EAAE,6BAA6B,EAAE,MAAM,mCAAmC,CAAC;AAClF,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEpD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AACtC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;AAExF,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CAAC;;;4EAG6D,CAAC;KAC1E,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;KACpB,WAAW,CAAC,OAAO,EAAE;;;;;;;;;;;;;;;;;CAiBvB,CAAC,CAAC;AAEH,mEAAmE;AACnE,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,wBAAwB,CAAC,OAAO,CAAC,CAAC;AAClC,4BAA4B,CAAC,OAAO,CAAC,CAAC;AACtC,uBAAuB,CAAC,OAAO,CAAC,CAAC;AACjC,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,uBAAuB,CAAC,OAAO,CAAC,CAAC;AACjC,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,2BAA2B,CAAC,OAAO,CAAC,CAAC;AACrC,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,wBAAwB,CAAC,OAAO,CAAC,CAAC;AAClC,gCAAgC,CAAC,OAAO,CAAC,CAAC;AAC1C,6BAA6B,CAAC,OAAO,CAAC,CAAC;AACvC,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAEnC,uBAAuB;AACvB,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;IAC7B,6CAA6C;AAC/C,CAAC,CAAC,CAAC;AAEH,oBAAoB;AACpB,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IAC7C,IAAI,GAAG,YAAY,QAAQ,EAAE,CAAC;QAC5B,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACnB,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;YAC3B,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,GAAG,CAAC,OAAO,IAAI,8BAA8B,CAAC,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC"}

package/dist/src/commands/database-types.js

@@ -0,0 +1,453 @@
+import { ApiClient } from "../lib/api-client.js";
+import { getCurrentAppId } from "../lib/config.js";
+import { success, error, info, keyValue, formatTable, formatId, formatDate, json, } from "../lib/output.js";
+function resolveAppId(appId, options) {
+    const resolved = appId || options.app || getCurrentAppId();
+    if (!resolved) {
+        error("No app specified. Use <app-id>, --app, or 'primitive use <app-id>' to set context.");
+        process.exit(1);
+    }
+    return resolved;
+}
+export function registerDatabaseTypesCommands(program) {
+    const dbTypes = program
+        .command("database-types")
+        .description("Manage database type configurations and operations")
+        .addHelpText("after", `
+Examples:
+  $ primitive database-types list
+  $ primitive database-types get <database-type>
+  $ primitive database-types create <database-type>
+  $ primitive database-types update <database-type> --rule-set-id <id>
+  $ primitive database-types delete <database-type>
+  $ primitive database-types operations list <database-type>
+  $ primitive database-types operations create <database-type> <name> --type query --model Task --access true --definition '{"filter":{}}'
+`);
+    // List type configs
+    dbTypes
+        .command("list")
+        .description("List database type configurations")
+        .argument("[app-id]", "App ID (uses current app if not specified)")
+        .option("--app <app-id>", "App ID")
+        .option("--json", "Output as JSON")
+        .action(async (appId, options) => {
+        const resolvedAppId = resolveAppId(appId, options);
+        const client = new ApiClient();
+        try {
+            const result = await client.listDatabaseTypeConfigs(resolvedAppId);
+            const list = Array.isArray(result) ? result : [];
+            if (options.json) {
+                json(list);
+                return;
+            }
+            if (list.length === 0) {
+                info("No database type configurations found.");
+                return;
+            }
+            console.log(formatTable(list, [
+                { header: "TYPE", key: "databaseType" },
+                { header: "RULE SET ID", key: "ruleSetId", format: (v) => v ? formatId(v) : "—" },
+                { header: "TRIGGERS", key: "triggers", format: (v) => v ? "Yes" : "—" },
+                { header: "MODIFIED", key: "modifiedAt", format: formatDate },
+            ]));
+        }
+        catch (err) {
+            error(err.message);
+            process.exit(1);
+        }
+    });
+    // Get type config
+    dbTypes
+        .command("get")
+        .description("Get database type configuration details")
+        .argument("<database-type>", "Database type name")
+        .option("--app <app-id>", "App ID")
+        .option("--json", "Output as JSON")
+        .action(async (databaseType, options) => {
+        const resolvedAppId = resolveAppId(undefined, options);
+        const client = new ApiClient();
+        try {
+            const result = await client.getDatabaseTypeConfig(resolvedAppId, databaseType);
+            if (options.json) {
+                json(result);
+                return;
+            }
+            keyValue("Database Type", result.databaseType);
+            keyValue("Rule Set ID", result.ruleSetId || "—");
+            keyValue("Triggers", result.triggers ? "Yes" : "—");
+            keyValue("Metadata Access", result.metadataAccess || "—");
+            keyValue("Created", formatDate(result.createdAt));
+            keyValue("Modified", formatDate(result.modifiedAt));
+        }
+        catch (err) {
+            error(err.message);
+            process.exit(1);
+        }
+    });
+    // Create type config
+    dbTypes
+        .command("create")
+        .description("Create a database type configuration")
+        .argument("<database-type>", "Database type name")
+        .option("--rule-set-id <id>", "Access rule set ID")
+        .option("--triggers <json>", "Trigger definitions as JSON string")
+        .option("--metadata-access <cel>", "Metadata access CEL expression")
+        .option("--app <app-id>", "App ID")
+        .option("--json", "Output as JSON")
+        .action(async (databaseType, options) => {
+        const resolvedAppId = resolveAppId(undefined, options);
+        const client = new ApiClient();
+        try {
+            const data = { databaseType };
+            if (options.ruleSetId)
+                data.ruleSetId = options.ruleSetId;
+            if (options.triggers) {
+                try {
+                    data.triggers = JSON.parse(options.triggers);
+                }
+                catch {
+                    error("Invalid JSON in --triggers.");
+                    process.exit(1);
+                }
+            }
+            if (options.metadataAccess)
+                data.metadataAccess = options.metadataAccess;
+            const result = await client.createDatabaseTypeConfig(resolvedAppId, data);
+            if (options.json) {
+                json(result);
+                return;
+            }
+            success("Database type configuration created.");
+            keyValue("Database Type", result.databaseType);
+            if (result.ruleSetId)
+                keyValue("Rule Set ID", result.ruleSetId);
+            if (result.triggers)
+                keyValue("Triggers", "Yes");
+        }
+        catch (err) {
+            error(err.message);
+            process.exit(1);
+        }
+    });
+    // Update type config
+    dbTypes
+        .command("update")
+        .description("Update a database type configuration")
+        .argument("<database-type>", "Database type name")
+        .option("--rule-set-id <id>", "Access rule set ID (use 'none' to clear)")
+        .option("--triggers <json>", "Trigger definitions as JSON string (use 'none' to clear)")
+        .option("--metadata-access <cel>", "Metadata access CEL expression (use 'none' to clear)")
+        .option("--app <app-id>", "App ID")
+        .option("--json", "Output as JSON")
+        .action(async (databaseType, options) => {
+        const resolvedAppId = resolveAppId(undefined, options);
+        const client = new ApiClient();
+        const data = {};
+        if (options.ruleSetId !== undefined) {
+            data.ruleSetId = options.ruleSetId === "none" ? null : options.ruleSetId;
+        }
+        if (options.triggers !== undefined) {
+            if (options.triggers === "none") {
+                data.triggers = null;
+            }
+            else {
+                try {
+                    data.triggers = JSON.parse(options.triggers);
+                }
+                catch {
+                    error("Invalid JSON in --triggers.");
+                    process.exit(1);
+                }
+            }
+        }
+        if (options.metadataAccess !== undefined) {
+            data.metadataAccess = options.metadataAccess === "none" ? null : options.metadataAccess;
+        }
+        if (Object.keys(data).length === 0) {
+            error("Provide at least one of --rule-set-id, --triggers, or --metadata-access.");
+            process.exit(1);
+        }
+        try {
+            const result = await client.updateDatabaseTypeConfig(resolvedAppId, databaseType, data);
+            if (options.json) {
+                json(result);
+                return;
+            }
+            success("Database type configuration updated.");
+            keyValue("Database Type", result.databaseType);
+            keyValue("Rule Set ID", result.ruleSetId || "—");
+            keyValue("Triggers", result.triggers ? "Yes" : "—");
+        }
+        catch (err) {
+            error(err.message);
+            process.exit(1);
+        }
+    });
+    // Delete type config
+    dbTypes
+        .command("delete")
+        .description("Delete a database type configuration")
+        .argument("<database-type>", "Database type name")
+        .option("--app <app-id>", "App ID")
+        .option("-y, --yes", "Skip confirmation prompt")
+        .action(async (databaseType, options) => {
+        const resolvedAppId = resolveAppId(undefined, options);
+        if (!options.yes) {
+            const inquirer = await import("inquirer");
+            const { confirm } = await inquirer.default.prompt([
+                {
+                    type: "confirm",
+                    name: "confirm",
+                    message: `Delete database type "${databaseType}"? This cannot be undone.`,
+                    default: false,
+                },
+            ]);
+            if (!confirm) {
+                info("Cancelled.");
+                return;
+            }
+        }
+        const client = new ApiClient();
+        try {
+            await client.deleteDatabaseTypeConfig(resolvedAppId, databaseType);
+            success(`Database type "${databaseType}" deleted.`);
+        }
+        catch (err) {
+            error(err.message);
+            process.exit(1);
+        }
+    });
+    // ---- Operations subcommand group ----
+    const operations = dbTypes
+        .command("operations")
+        .description("Manage operations (queries and mutations) for a database type");
+    // List operations
+    operations
+        .command("list")
+        .description("List operations for a database type")
+        .argument("<database-type>", "Database type name")
+        .option("--app <app-id>", "App ID")
+        .option("--json", "Output as JSON")
+        .action(async (databaseType, options) => {
+        const resolvedAppId = resolveAppId(undefined, options);
+        const client = new ApiClient();
+        try {
+            const result = await client.listDatabaseTypeOperations(resolvedAppId, databaseType);
+            const list = Array.isArray(result) ? result : [];
+            if (options.json) {
+                json(list);
+                return;
+            }
+            if (list.length === 0) {
+                info("No operations found.");
+                return;
+            }
+            console.log(formatTable(list, [
+                { header: "NAME", key: "name" },
+                { header: "TYPE", key: "type" },
+                { header: "MODEL", key: "modelName" },
+                { header: "ACCESS", key: "access", format: (v) => {
+                        const s = String(v || "");
+                        return s.length > 40 ? s.slice(0, 37) + "..." : s;
+                    } },
+                { header: "MODIFIED", key: "modifiedAt", format: formatDate },
+            ]));
+        }
+        catch (err) {
+            error(err.message);
+            process.exit(1);
+        }
+    });
+    // Get operation
+    operations
+        .command("get")
+        .description("Get operation details")
+        .argument("<database-type>", "Database type name")
+        .argument("<name>", "Operation name")
+        .option("--app <app-id>", "App ID")
+        .option("--json", "Output as JSON")
+        .action(async (databaseType, name, options) => {
+        const resolvedAppId = resolveAppId(undefined, options);
+        const client = new ApiClient();
+        try {
+            const result = await client.getDatabaseTypeOperation(resolvedAppId, databaseType, name);
+            if (options.json) {
+                json(result);
+                return;
+            }
+            keyValue("Name", result.name);
+            keyValue("Type", result.type);
+            keyValue("Model Name", result.modelName);
+            keyValue("Access", result.access);
+            keyValue("Created", formatDate(result.createdAt));
+            keyValue("Modified", formatDate(result.modifiedAt));
+            console.log("\nDefinition:");
+            console.log(JSON.stringify(result.definition, null, 2));
+            if (result.params && Object.keys(result.params).length > 0) {
+                console.log("\nParameters:");
+                console.log(JSON.stringify(result.params, null, 2));
+            }
+        }
+        catch (err) {
+            error(err.message);
+            process.exit(1);
+        }
+    });
+    // Create operation
+    operations
+        .command("create")
+        .description("Create a new operation (query or mutation)")
+        .argument("<database-type>", "Database type name")
+        .argument("<name>", "Operation name")
+        .requiredOption("--type <type>", "Operation type: query, mutation, count, aggregate, or pipeline")
+        .requiredOption("--model <model-name>", "Model name")
+        .requiredOption("--access <cel>", "Access CEL expression")
+        .requiredOption("--definition <json>", "Definition as JSON string")
+        .option("--params <json>", "Parameters schema as JSON string")
+        .option("--app <app-id>", "App ID")
+        .option("--json", "Output as JSON")
+        .action(async (databaseType, name, options) => {
+        const resolvedAppId = resolveAppId(undefined, options);
+        const client = new ApiClient();
+        let definition;
+        try {
+            definition = JSON.parse(options.definition);
+        }
+        catch {
+            error("Invalid JSON in --definition.");
+            process.exit(1);
+            return;
+        }
+        let params;
+        if (options.params) {
+            try {
+                params = JSON.parse(options.params);
+            }
+            catch {
+                error("Invalid JSON in --params.");
+                process.exit(1);
+                return;
+            }
+        }
+        try {
+            const data = {
+                name,
+                type: options.type,
+                modelName: options.model,
+                access: options.access,
+                definition,
+            };
+            if (params)
+                data.params = params;
+            const result = await client.createDatabaseTypeOperation(resolvedAppId, databaseType, data);
+            if (options.json) {
+                json(result);
+                return;
+            }
+            success("Operation created.");
+            keyValue("Name", result.name);
+            keyValue("Type", result.type);
+            keyValue("Model Name", result.modelName);
+        }
+        catch (err) {
+            error(err.message);
+            process.exit(1);
+        }
+    });
+    // Update operation
+    operations
+        .command("update")
+        .description("Update an operation")
+        .argument("<database-type>", "Database type name")
+        .argument("<name>", "Operation name")
+        .option("--model <model-name>", "New model name")
+        .option("--access <cel>", "New access CEL expression")
+        .option("--definition <json>", "New definition as JSON string")
+        .option("--params <json>", "New parameters schema as JSON string")
+        .option("--app <app-id>", "App ID")
+        .option("--json", "Output as JSON")
+        .action(async (databaseType, name, options) => {
+        const resolvedAppId = resolveAppId(undefined, options);
+        const client = new ApiClient();
+        const data = {};
+        if (options.model)
+            data.modelName = options.model;
+        if (options.access)
+            data.access = options.access;
+        if (options.definition) {
+            try {
+                data.definition = JSON.parse(options.definition);
+            }
+            catch {
+                error("Invalid JSON in --definition.");
+                process.exit(1);
+                return;
+            }
+        }
+        if (options.params) {
+            try {
+                data.params = JSON.parse(options.params);
+            }
+            catch {
+                error("Invalid JSON in --params.");
+                process.exit(1);
+                return;
+            }
+        }
+        if (Object.keys(data).length === 0) {
+            error("Provide at least one of --model, --access, --definition, or --params.");
+            process.exit(1);
+        }
+        try {
+            const result = await client.updateDatabaseTypeOperation(resolvedAppId, databaseType, name, data);
+            if (options.json) {
+                json(result);
+                return;
+            }
+            success("Operation updated.");
+            keyValue("Name", result.name);
+            keyValue("Type", result.type);
+            keyValue("Model Name", result.modelName);
+        }
+        catch (err) {
+            error(err.message);
+            process.exit(1);
+        }
+    });
+    // Delete operation
+    operations
+        .command("delete")
+        .description("Delete an operation")
+        .argument("<database-type>", "Database type name")
+        .argument("<name>", "Operation name")
+        .option("--app <app-id>", "App ID")
+        .option("-y, --yes", "Skip confirmation prompt")
+        .action(async (databaseType, name, options) => {
+        const resolvedAppId = resolveAppId(undefined, options);
+        if (!options.yes) {
+            const inquirer = await import("inquirer");
+            const { confirm } = await inquirer.default.prompt([
+                {
+                    type: "confirm",
+                    name: "confirm",
+                    message: `Delete operation "${name}" from type "${databaseType}"?`,
+                    default: false,
+                },
+            ]);
+            if (!confirm) {
+                info("Cancelled.");
+                return;
+            }
+        }
+        const client = new ApiClient();
+        try {
+            await client.deleteDatabaseTypeOperation(resolvedAppId, databaseType, name);
+            success(`Operation "${name}" deleted.`);
+        }
+        catch (err) {
+            error(err.message);
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=database-types.js.map