npm - windmill-cli - Versions diffs - 1.654.0 → 1.657.0 - Mend

windmill-cli 1.654.0 → 1.657.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/esm/main.js +1723 -1321
package/package.json +1 -1

package/esm/main.js CHANGED Viewed

@@ -11785,7 +11785,7 @@ var init_OpenAPI = __esm(() => {
     PASSWORD: undefined,
     TOKEN: getEnv2("WM_TOKEN"),
     USERNAME: undefined,
-    VERSION: "1.654.0",
+    VERSION: "1.657.0",
     WITH_CREDENTIALS: true,
     interceptors: {
       request: new Interceptors,
@@ -12347,6 +12347,7 @@ __export(exports_services_gen, {
   globalUserRename: () => globalUserRename,
   globalUserDelete: () => globalUserDelete,
   gitRepoViewerFileUpload: () => gitRepoViewerFileUpload,
+  ghesInstallationCallback: () => ghesInstallationCallback,
   getWorkspaceUsage: () => getWorkspaceUsage,
   getWorkspaceSlackOauthConfig: () => getWorkspaceSlackOauthConfig,
   getWorkspaceName: () => getWorkspaceName,
@@ -12451,6 +12452,7 @@ __export(exports_services_gen, {
   getGlobal: () => getGlobal,
   getGithubAppToken: () => getGithubAppToken,
   getGitCommitHash: () => getGitCommitHash,
+  getGhesConfig: () => getGhesConfig,
   getGcpTrigger: () => getGcpTrigger,
   getFolderUsage: () => getFolderUsage,
   getFolderPermissionHistory: () => getFolderPermissionHistory,
@@ -12660,6 +12662,7 @@ __export(exports_services_gen, {
   connectClientCredentials: () => connectClientCredentials,
   connectCallback: () => connectCallback,
   compareWorkspaces: () => compareWorkspaces,
+  commitKafkaOffsets: () => commitKafkaOffsets,
   clearIndex: () => clearIndex,
   checkS3FolderExists: () => checkS3FolderExists,
   checkInstanceSharingAvailable: () => checkInstanceSharingAvailable,
@@ -13310,6 +13313,21 @@ var backendVersion = () => {
     body: data2.requestBody,
     mediaType: "application/json"
   });
+}, ghesInstallationCallback = (data2) => {
+  return request(OpenAPI, {
+    method: "POST",
+    url: "/w/{workspace}/github_app/ghes_installation_callback",
+    path: {
+      workspace: data2.workspace
+    },
+    body: data2.requestBody,
+    mediaType: "application/json"
+  });
+}, getGhesConfig = () => {
+  return request(OpenAPI, {
+    method: "GET",
+    url: "/github_app/ghes_config"
+  });
 }, acceptInvite = (data2) => {
   return request(OpenAPI, {
     method: "POST",
@@ -17229,6 +17247,17 @@ var backendVersion = () => {
       path: data2.path
     }
   });
+}, commitKafkaOffsets = (data2) => {
+  return request(OpenAPI, {
+    method: "POST",
+    url: "/w/{workspace}/kafka_triggers/commit_offsets/{path}",
+    path: {
+      workspace: data2.workspace,
+      path: data2.path
+    },
+    body: data2.requestBody,
+    mediaType: "application/json"
+  });
 }, createNatsTrigger = (data2) => {
   return request(OpenAPI, {
     method: "POST",
@@ -59333,6 +59362,7 @@ async function bootstrap(opts, scriptPath, language) {
   });
 }
 async function generateMetadata(opts, scriptPath) {
+  warn(colors.yellow('This command is deprecated. Use "wmill generate-metadata" instead.'));
   info("This command only works for workspace scripts, for flows inline scripts use `wmill flow generate-locks`");
   if (scriptPath == "") {
     scriptPath = undefined;
@@ -59350,7 +59380,7 @@ async function generateMetadata(opts, scriptPath) {
   } else {
     const ignore = await ignoreF(opts);
     const elems = await elementsToMap(await FSFSElement(process.cwd(), codebases, false), (p, isD) => {
-      return !isD && !exts.some((ext2) => p.endsWith(ext2)) || ignore(p, isD) || isFlowPath(p) || isAppPath(p);
+      return !isD && !exts.some((ext2) => p.endsWith(ext2)) || ignore(p, isD) || isFlowPath(p) || isAppPath(p) || isRawAppPath(p);
     }, false, {});
     let hasAny = false;
     info("Generating metadata for all stale scripts:");
@@ -60551,11 +60581,11 @@ async function generateFlowLockInternal(folder, dryRun, workspace, opts, justUpd
   } else if (dryRun) {
     return remote_path;
   }
-  if (Object.keys(filteredDeps).length > 0) {
+  if (Object.keys(filteredDeps).length > 0 && !noStaleMessage) {
     info((await blueColor())(`Found workspace dependencies (${workspaceDependenciesLanguages.map((l) => l.filename).join("/")}) for ${folder}, using them`));
   }
+  let changedScripts = [];
   if (!justUpdateMetadataLock) {
-    const changedScripts = [];
     for (const [path7, hash2] of Object.entries(hashes)) {
       if (path7 == TOP_HASH) {
         continue;
@@ -60564,10 +60594,26 @@ async function generateFlowLockInternal(folder, dryRun, workspace, opts, justUpd
         changedScripts.push(path7);
       }
     }
-    info(`Recomputing locks of ${changedScripts.join(", ")} in ${folder}`);
-    await replaceInlineScripts(flowValue.value.modules, async (path7) => await readFile7(folder + SEP7 + path7, "utf-8"), exports_log, folder + SEP7, SEP7, changedScripts);
+    if (!noStaleMessage) {
+      info(`Recomputing locks of ${changedScripts.join(", ")} in ${folder}`);
+    }
+    const fileReader = async (path7) => await readFile7(folder + SEP7 + path7, "utf-8");
+    await replaceInlineScripts(flowValue.value.modules, fileReader, exports_log, folder + SEP7, SEP7, changedScripts);
+    if (flowValue.value.failure_module) {
+      await replaceInlineScripts([flowValue.value.failure_module], fileReader, exports_log, folder + SEP7, SEP7, changedScripts);
+    }
+    if (flowValue.value.preprocessor_module) {
+      await replaceInlineScripts([flowValue.value.preprocessor_module], fileReader, exports_log, folder + SEP7, SEP7, changedScripts);
+    }
     flowValue.value = await updateFlow2(workspace, flowValue.value, remote_path, filteredDeps);
-    const inlineScripts = extractInlineScripts(flowValue.value.modules, {}, SEP7, opts.defaultTs);
+    const lockAssigner = newPathAssigner(opts.defaultTs ?? "bun");
+    const inlineScripts = extractInlineScripts(flowValue.value.modules, {}, SEP7, opts.defaultTs, lockAssigner);
+    if (flowValue.value.failure_module) {
+      inlineScripts.push(...extractInlineScripts([flowValue.value.failure_module], {}, SEP7, opts.defaultTs, lockAssigner));
+    }
+    if (flowValue.value.preprocessor_module) {
+      inlineScripts.push(...extractInlineScripts([flowValue.value.preprocessor_module], {}, SEP7, opts.defaultTs, lockAssigner));
+    }
     inlineScripts.forEach((s) => {
       writeIfChanged(process.cwd() + SEP7 + folder + SEP7 + s.path, s.content);
     });
@@ -60578,10 +60624,25 @@ async function generateFlowLockInternal(folder, dryRun, workspace, opts, justUpd
   for (const [path7, hash2] of Object.entries(hashes)) {
     await updateMetadataGlobalLock(folder, hash2, path7);
   }
-  info(colors.green(`Flow ${remote_path} lockfiles updated`));
+  if (!noStaleMessage) {
+    info(colors.green(`Flow ${remote_path} lockfiles updated`));
+  }
+  const updatedScripts = changedScripts.map((p) => {
+    const parts = p.split(SEP7);
+    return parts[parts.length - 1].replace(/\.[^.]+$/, "");
+  });
+  return { path: remote_path, updatedScripts };
 }
 async function filterWorkspaceDependenciesForFlow(flowValue, rawWorkspaceDependencies, folder) {
-  const inlineScripts = extractInlineScripts(structuredClone(flowValue.modules), {}, SEP7, undefined);
+  const clonedValue = structuredClone(flowValue);
+  const depAssigner = newPathAssigner("bun");
+  const inlineScripts = extractInlineScripts(clonedValue.modules, {}, SEP7, undefined, depAssigner);
+  if (clonedValue.failure_module) {
+    inlineScripts.push(...extractInlineScripts([clonedValue.failure_module], {}, SEP7, undefined, depAssigner));
+  }
+  if (clonedValue.preprocessor_module) {
+    inlineScripts.push(...extractInlineScripts([clonedValue.preprocessor_module], {}, SEP7, undefined, depAssigner));
+  }
   const scripts = inlineScripts.filter((s) => !s.is_lock).map((s) => ({ content: s.content, language: s.language }));
   return await filterWorkspaceDependenciesForScripts(scripts, rawWorkspaceDependencies, folder, SEP7);
 }
@@ -60645,6 +60706,7 @@ var init_flow_metadata = __esm(async () => {
   init_log();
   init_yaml();
   init_extractor();
+  init_path_assigner();
   init_script_common();
   init_resource_folders();
   await __promiseAll([
@@ -61038,7 +61100,14 @@ function ZipFSElement(zip, useYaml, defaultTs, resourceTypeToFormatExtension, re
             }
             let inlineScripts;
             try {
-              inlineScripts = extractInlineScripts(flow.value.modules, {}, SEP8, defaultTs, undefined, { skipInlineScriptSuffix: getNonDottedPaths() });
+              const assigner = newPathAssigner(defaultTs, { skipInlineScriptSuffix: getNonDottedPaths() });
+              inlineScripts = extractInlineScripts(flow.value.modules, {}, SEP8, defaultTs, assigner, { skipInlineScriptSuffix: getNonDottedPaths() });
+              if (flow.value.failure_module) {
+                inlineScripts.push(...extractInlineScripts([flow.value.failure_module], {}, SEP8, defaultTs, assigner, { skipInlineScriptSuffix: getNonDottedPaths() }));
+              }
+              if (flow.value.preprocessor_module) {
+                inlineScripts.push(...extractInlineScripts([flow.value.preprocessor_module], {}, SEP8, defaultTs, assigner, { skipInlineScriptSuffix: getNonDottedPaths() }));
+              }
             } catch (error2) {
               error(`Failed to extract inline scripts for flow at path: ${p}`);
               throw error2;
@@ -62920,7 +62989,6 @@ __export(exports_metadata, {
   getRawWorkspaceDependencies: () => getRawWorkspaceDependencies,
   generateScriptMetadataInternal: () => generateScriptMetadataInternal,
   generateScriptHash: () => generateScriptHash,
-  generateAllMetadata: () => generateAllMetadata,
   filterWorkspaceDependenciesForScripts: () => filterWorkspaceDependenciesForScripts,
   filterWorkspaceDependencies: () => filterWorkspaceDependencies,
   extractWorkspaceDepsAnnotation: () => extractWorkspaceDepsAnnotation,
@@ -62941,14 +63009,13 @@ function loadParser(pkgName) {
     p = (async () => {
       const mod = await import(pkgName);
       const wasmPath = _require.resolve(`${pkgName}/windmill_parser_wasm_bg.wasm`);
-      await mod.default(readFileSync3(wasmPath));
+      await mod.default({ module_or_path: readFileSync3(wasmPath) });
       return mod;
     })();
     _parserCache.set(pkgName, p);
   }
   return p;
 }
-async function generateAllMetadata() {}
 async function getRawWorkspaceDependencies() {
   const rawWorkspaceDeps = {};
   try {
@@ -63035,7 +63102,7 @@ async function generateScriptMetadataInternal(scriptPath, workspace, opts, dryRu
   } else if (dryRun) {
     return `${remotePath} (${language})`;
   }
-  if (!justUpdateMetadataLock) {
+  if (!justUpdateMetadataLock && !noStaleMessage) {
     info(colors.gray(`Generating metadata for ${scriptPath}`));
   }
   const metadataParsedContent = metadataWithType?.payload;
@@ -63343,6 +63410,9 @@ async function inferSchema(language, content, currentSchema, path8) {
     }
     currentSchema.properties[arg.name] = sortObject(currentSchema.properties[arg.name]);
     argSigToJsonSchemaType(arg.typ, currentSchema.properties[arg.name]);
+    if (arg.otyp && arg.otyp.includes("[") && arg.otyp.includes("|")) {
+      currentSchema.properties[arg.name].originalType = arg.otyp;
+    }
     currentSchema.properties[arg.name].default = arg.default;
     if (!arg.has_default && !currentSchema.required.includes(arg.name)) {
       currentSchema.required.push(arg.name);
@@ -63828,6 +63898,7 @@ var init_raw_apps = __esm(async () => {
 var exports_app_metadata = {};
 __export(exports_app_metadata, {
   inferRunnableSchemaFromFile: () => inferRunnableSchemaFromFile,
+  getAppFolders: () => getAppFolders,
   generateLocksCommand: () => generateLocksCommand,
   generateAppLocksInternal: () => generateAppLocksInternal,
   filterWorkspaceDependenciesForApp: () => filterWorkspaceDependenciesForApp,
@@ -63883,9 +63954,10 @@ async function generateAppLocksInternal(appFolder, rawApp, dryRun, workspace, op
   } else if (dryRun) {
     return remote_path;
   }
-  if (Object.keys(filteredDeps).length > 0) {
+  if (Object.keys(filteredDeps).length > 0 && !noStaleMessage) {
     info((await blueColor())(`Found workspace dependencies (${workspaceDependenciesLanguages.map((l) => l.filename).join("/")}) for ${appFolder}, using them`));
   }
+  let updatedScripts = [];
   if (!justUpdateMetadataLock) {
     const changedScripts = [];
     for (const [scriptPath, hash2] of Object.entries(hashes)) {
@@ -63897,7 +63969,9 @@ async function generateAppLocksInternal(appFolder, rawApp, dryRun, workspace, op
       }
     }
     if (changedScripts.length > 0) {
-      info(`Recomputing locks of ${changedScripts.join(", ")} in ${appFolder}`);
+      if (!noStaleMessage) {
+        info(`Recomputing locks of ${changedScripts.join(", ")} in ${appFolder}`);
+      }
       if (rawApp) {
         const runnablesPath = path9.join(appFolder, APP_BACKEND_FOLDER);
         const rawAppFile = appFile;
@@ -63906,14 +63980,16 @@ async function generateAppLocksInternal(appFolder, rawApp, dryRun, workspace, op
           runnables = rawAppFile.runnables;
         }
         replaceInlineScripts2(runnables, runnablesPath + SEP11, false);
-        await updateRawAppRunnables(workspace, runnables, remote_path, appFolder, filteredDeps, opts.defaultTs);
+        updatedScripts = await updateRawAppRunnables(workspace, runnables, remote_path, appFolder, filteredDeps, opts.defaultTs, noStaleMessage);
       } else {
         const normalAppFile = appFile;
         replaceInlineScripts2(normalAppFile.value, appFolder + SEP11, false);
-        normalAppFile.value = await updateAppInlineScripts(workspace, normalAppFile.value, remote_path, appFolder, filteredDeps, opts.defaultTs);
+        const result = await updateAppInlineScripts(workspace, normalAppFile.value, remote_path, appFolder, filteredDeps, opts.defaultTs, noStaleMessage);
+        normalAppFile.value = result.value;
+        updatedScripts = result.updatedScripts;
         writeIfChanged(appFilePath, import_yaml17.stringify(appFile, yamlOptions));
       }
-    } else {
+    } else if (!noStaleMessage) {
       info(colors.gray(`No scripts changed in ${appFolder}`));
     }
   }
@@ -63922,7 +63998,10 @@ async function generateAppLocksInternal(appFolder, rawApp, dryRun, workspace, op
   for (const [scriptPath, hash2] of Object.entries(hashes)) {
     await updateMetadataGlobalLock(appFolder, hash2, scriptPath);
   }
-  info(colors.green(`App ${remote_path} lockfiles updated`));
+  if (!noStaleMessage) {
+    info(colors.green(`App ${remote_path} lockfiles updated`));
+  }
+  return { path: remote_path, updatedScripts };
 }
 async function filterWorkspaceDependenciesForApp(appValue, rawWorkspaceDependencies, folder) {
   const scripts = [];
@@ -63964,7 +64043,8 @@ async function traverseAndProcessInlineScripts(obj, processor, currentPath = [])
   }
   return result;
 }
-async function updateRawAppRunnables(workspace, runnables, remotePath, appFolder, rawDeps, defaultTs = "bun") {
+async function updateRawAppRunnables(workspace, runnables, remotePath, appFolder, rawDeps, defaultTs = "bun", noStaleMessage) {
+  const updatedRunnables = [];
   const runnablesFolder = path9.join(appFolder, APP_BACKEND_FOLDER);
   try {
     await mkdir4(runnablesFolder, { recursive: true });
@@ -64001,8 +64081,9 @@ async function updateRawAppRunnables(workspace, runnables, remotePath, appFolder
       writeRunnableToBackend(runnablesFolder, runnableId, simplifiedRunnable);
       continue;
     }
-    info(colors.gray(`Generating lock for runnable ${runnableId} (${language})
-        }`));
+    if (!noStaleMessage) {
+      info(colors.gray(`Generating lock for runnable ${runnableId} (${language})`));
+    }
     try {
       const lock = await generateInlineScriptLock(workspace, content, language, `${remotePath}/${runnableId}`, rawDeps);
       const [basePathO, ext2] = pathAssigner.assignPath(runnable.name ?? runnableId, language);
@@ -64020,15 +64101,20 @@ async function updateRawAppRunnables(workspace, runnables, remotePath, appFolder
         }
       }
       writeRunnableToBackend(runnablesFolder, runnableId, simplifiedRunnable);
-      info(colors.gray(`  Written ${runnableId}.yaml, ${basePath}${ext2}${lock ? ` and ${basePath}lock` : ""}`));
+      updatedRunnables.push(runnableId);
+      if (!noStaleMessage) {
+        info(colors.gray(`  Written ${runnableId}.yaml, ${basePath}${ext2}${lock ? ` and ${basePath}lock` : ""}`));
+      }
     } catch (error2) {
       error(colors.red(`Failed to generate lock for runnable ${runnableId}: ${error2.message}`));
       writeRunnableToBackend(runnablesFolder, runnableId, runnable);
     }
   }
+  return updatedRunnables;
 }
-async function updateAppInlineScripts(workspace, appValue, remotePath, appFolder, rawDeps, defaultTs = "bun") {
+async function updateAppInlineScripts(workspace, appValue, remotePath, appFolder, rawDeps, defaultTs = "bun", noStaleMessage) {
   const pathAssigner = newPathAssigner(defaultTs, { skipInlineScriptSuffix: getNonDottedPaths() });
+  const updatedScripts = [];
   const processor = async (inlineScript, context) => {
     const language = inlineScript.language;
     const content = inlineScript.content;
@@ -64044,7 +64130,9 @@ async function updateAppInlineScripts(workspace, appValue, remotePath, appFolder
     try {
       let lock;
       if (language !== "frontend") {
-        info(colors.gray(`Generating lock for inline script "${scriptName}" at ${context.path.join(".")} (${language})`));
+        if (!noStaleMessage) {
+          info(colors.gray(`Generating lock for inline script "${scriptName}" at ${context.path.join(".")} (${language})`));
+        }
         lock = await generateInlineScriptLock(workspace, content, language, scriptPath, rawDeps);
       }
       const [basePathO, ext2] = pathAssigner.assignPath(scriptName, language);
@@ -64057,7 +64145,12 @@ async function updateAppInlineScripts(workspace, appValue, remotePath, appFolder
       }
       const inlineContentRef = `!inline ${basePath}${ext2}`;
       const inlineLockRef = lock && lock !== "" ? `!inline ${basePath}lock` : "";
-      info(colors.gray(`  Written ${basePath}${ext2}${lock ? ` and ${basePath}lock` : ""}`));
+      if (!noStaleMessage) {
+        info(colors.gray(`  Written ${basePath}${ext2}${lock ? ` and ${basePath}lock` : ""}`));
+      }
+      if (language !== "frontend") {
+        updatedScripts.push(scriptName);
+      }
       return {
         ...inlineScript,
         content: inlineContentRef,
@@ -64068,7 +64161,8 @@ async function updateAppInlineScripts(workspace, appValue, remotePath, appFolder
       return inlineScript;
     }
   };
-  return await traverseAndProcessInlineScripts(appValue, processor);
+  const updatedValue = await traverseAndProcessInlineScripts(appValue, processor);
+  return { value: updatedValue, updatedScripts };
 }
 async function generateInlineScriptLock(workspace, content, language, scriptPath, rawWorkspaceDependencies) {
   const filteredDeps = rawWorkspaceDependencies ? filterWorkspaceDependencies(rawWorkspaceDependencies, content, language) : undefined;
@@ -66377,6 +66471,7 @@ var init_app = __esm(async () => {
   ]);
   alreadySynced2 = [];
   command11 = new Command().description("app related commands").option("--json", "Output as JSON (for piping to jq)").action(list4).command("list", "list all apps").option("--json", "Output as JSON (for piping to jq)").action(list4).command("get", "get an app's details").arguments("<path:string>").option("--json", "Output as JSON (for piping to jq)").action(get3).command("push", "push a local app ").arguments("<file_path:string> <remote_path:string>").action(push4).command("dev", dev_default).command("lint", lint_default2).command("new", new_default).command("generate-agents", generate_agents_default).command("generate-locks", "re-generate the lockfiles for app runnables inline scripts that have changed").arguments("[app_folder:string]").option("--yes", "Skip confirmation prompt").option("--dry-run", "Perform a dry run without making changes").option("--default-ts <runtime:string>", "Default TypeScript runtime (bun or deno)").action(async (opts, appFolder) => {
+    warn(colors.yellow('This command is deprecated. Use "wmill generate-metadata" instead.'));
     const { generateLocksCommand: generateLocksCommand2 } = await init_app_metadata().then(() => exports_app_metadata);
     await generateLocksCommand2(opts, appFolder);
   });
@@ -67195,6 +67290,8 @@ function migrateToGroupedFormat(settings) {
     result.color = settings.color;
   if (settings.operator_settings !== undefined)
     result.operator_settings = settings.operator_settings;
+  if (settings.datatable !== undefined)
+    result.datatable = settings.datatable;
   if (settings.slack_team_id !== undefined)
     result.slack_team_id = settings.slack_team_id;
   if (settings.slack_name !== undefined)
@@ -67263,6 +67360,7 @@ async function pushWorkspaceSettings(workspace, _path, settings, localSettings)
       mute_critical_alerts: remoteSettings.mute_critical_alerts,
       color: remoteSettings.color,
       operator_settings: remoteSettings.operator_settings,
+      datatable: remoteSettings.datatable,
       slack_team_id: remoteSettings.slack_team_id,
       slack_name: remoteSettings.slack_name,
       slack_command_script: remoteSettings.slack_command_script
@@ -67421,6 +67519,13 @@ async function pushWorkspaceSettings(workspace, _path, settings, localSettings)
       requestBody: localSettings.operator_settings
     });
   }
+  if (!deepEqual(localSettings.datatable, settings.datatable)) {
+    debug(`Updating datatable config...`);
+    await editDataTableConfig({
+      workspace,
+      requestBody: { settings: localSettings.datatable ?? { datatables: {} } }
+    });
+  }
   if (localSettings.slack_command_script != settings.slack_command_script) {
     debug(`Updating slack command script...`);
     await editSlackCommand({
@@ -69294,7 +69399,14 @@ async function pushFlow(workspace, remotePath, localPath, message) {
     localPath += SEP19;
   }
   const localFlow = await yamlParseFile(localPath + "flow.yaml");
-  await replaceInlineScripts(localFlow.value.modules, async (path17) => await readFile14(localPath + path17, "utf-8"), exports_log, localPath, SEP19);
+  const fileReader = async (path17) => await readFile14(localPath + path17, "utf-8");
+  await replaceInlineScripts(localFlow.value.modules, fileReader, exports_log, localPath, SEP19);
+  if (localFlow.value.failure_module) {
+    await replaceInlineScripts([localFlow.value.failure_module], fileReader, exports_log, localPath, SEP19);
+  }
+  if (localFlow.value.preprocessor_module) {
+    await replaceInlineScripts([localFlow.value.preprocessor_module], fileReader, exports_log, localPath, SEP19);
+  }
   if (flow) {
     if (isSuperset(localFlow, flow)) {
       info(colors.green(`Flow ${remotePath} is up to date`));
@@ -69436,7 +69548,14 @@ async function preview2(opts, flowPath) {
     flowPath += SEP19;
   }
   const localFlow = await yamlParseFile(flowPath + "flow.yaml");
-  await replaceInlineScripts(localFlow.value.modules, async (path17) => await readFile14(flowPath + path17, "utf-8"), exports_log, flowPath, SEP19);
+  const fileReader = async (path17) => await readFile14(flowPath + path17, "utf-8");
+  await replaceInlineScripts(localFlow.value.modules, fileReader, exports_log, flowPath, SEP19);
+  if (localFlow.value.failure_module) {
+    await replaceInlineScripts([localFlow.value.failure_module], fileReader, exports_log, flowPath, SEP19);
+  }
+  if (localFlow.value.preprocessor_module) {
+    await replaceInlineScripts([localFlow.value.preprocessor_module], fileReader, exports_log, flowPath, SEP19);
+  }
   const input = opts.data ? await resolve6(opts.data) : {};
   if (!opts.silent) {
     info(colors.yellow(`Running flow preview for ${flowPath}...`));
@@ -69466,6 +69585,7 @@ async function preview2(opts, flowPath) {
   }
 }
 async function generateLocks(opts, folder) {
+  warn(colors.yellow('This command is deprecated. Use "wmill generate-metadata" instead.'));
   const workspace = await resolveWorkspace(opts);
   await requireLogin(opts);
   opts = await mergeConfigWithConfigFile(opts);
@@ -72174,25 +72294,25 @@ import { stat as stat15, writeFile as writeFile19, rm as rm4, mkdir as mkdir8 }
 // src/guidance/skills.ts
 var SKILLS = [
-  { name: "write-script-go", description: "MUST use when writing Go scripts.", languageKey: "go" },
-  { name: "write-script-java", description: "MUST use when writing Java scripts.", languageKey: "java" },
-  { name: "write-script-graphql", description: "MUST use when writing GraphQL queries.", languageKey: "graphql" },
-  { name: "write-script-rust", description: "MUST use when writing Rust scripts.", languageKey: "rust" },
-  { name: "write-script-bunnative", description: "MUST use when writing Bun Native scripts.", languageKey: "bunnative" },
-  { name: "write-script-postgresql", description: "MUST use when writing PostgreSQL queries.", languageKey: "postgresql" },
-  { name: "write-script-php", description: "MUST use when writing PHP scripts.", languageKey: "php" },
+  { name: "write-script-bash", description: "MUST use when writing Bash scripts.", languageKey: "bash" },
   { name: "write-script-bigquery", description: "MUST use when writing BigQuery queries.", languageKey: "bigquery" },
   { name: "write-script-bun", description: "MUST use when writing Bun/TypeScript scripts.", languageKey: "bun" },
+  { name: "write-script-bunnative", description: "MUST use when writing Bun Native scripts.", languageKey: "bunnative" },
   { name: "write-script-csharp", description: "MUST use when writing C# scripts.", languageKey: "csharp" },
-  { name: "write-script-mssql", description: "MUST use when writing MS SQL Server queries.", languageKey: "mssql" },
   { name: "write-script-deno", description: "MUST use when writing Deno/TypeScript scripts.", languageKey: "deno" },
+  { name: "write-script-duckdb", description: "MUST use when writing DuckDB queries.", languageKey: "duckdb" },
+  { name: "write-script-go", description: "MUST use when writing Go scripts.", languageKey: "go" },
+  { name: "write-script-graphql", description: "MUST use when writing GraphQL queries.", languageKey: "graphql" },
+  { name: "write-script-java", description: "MUST use when writing Java scripts.", languageKey: "java" },
+  { name: "write-script-mssql", description: "MUST use when writing MS SQL Server queries.", languageKey: "mssql" },
   { name: "write-script-mysql", description: "MUST use when writing MySQL queries.", languageKey: "mysql" },
+  { name: "write-script-nativets", description: "MUST use when writing Native TypeScript scripts.", languageKey: "nativets" },
+  { name: "write-script-php", description: "MUST use when writing PHP scripts.", languageKey: "php" },
+  { name: "write-script-postgresql", description: "MUST use when writing PostgreSQL queries.", languageKey: "postgresql" },
   { name: "write-script-powershell", description: "MUST use when writing PowerShell scripts.", languageKey: "powershell" },
-  { name: "write-script-snowflake", description: "MUST use when writing Snowflake queries.", languageKey: "snowflake" },
   { name: "write-script-python3", description: "MUST use when writing Python scripts.", languageKey: "python3" },
-  { name: "write-script-duckdb", description: "MUST use when writing DuckDB queries.", languageKey: "duckdb" },
-  { name: "write-script-bash", description: "MUST use when writing Bash scripts.", languageKey: "bash" },
-  { name: "write-script-nativets", description: "MUST use when writing Native TypeScript scripts.", languageKey: "nativets" },
+  { name: "write-script-rust", description: "MUST use when writing Rust scripts.", languageKey: "rust" },
+  { name: "write-script-snowflake", description: "MUST use when writing Snowflake queries.", languageKey: "snowflake" },
   { name: "write-flow", description: "MUST use when creating flows." },
   { name: "raw-app", description: "MUST use when creating raw apps." },
   { name: "triggers", description: "MUST use when configuring triggers." },
@@ -72201,294 +72321,116 @@ var SKILLS = [
   { name: "cli-commands", description: "MUST use when using the CLI." }
 ];
 var SKILL_CONTENT = {
-  "write-script-go": `---
-name: write-script-go
-description: MUST use when writing Go scripts.
+  "write-script-bash": `---
+name: write-script-bash
+description: MUST use when writing Bash scripts.
 ---
 ## CLI Commands
-Place scripts in a folder. After writing, run:
+Place scripts in a folder. After writing, tell the user they can run:
 - \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
 - \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
 Use \`wmill resource-type list --schema\` to discover available resource types.
-# Go
+# Bash
 ## Structure
-The file package must be \`inner\` and export a function called \`main\`:
+Do not include \`#!/bin/bash\`. Arguments are obtained as positional parameters:
-\`\`\`go
-package inner
+\`\`\`bash
+# Get arguments
+var1="$1"
+var2="$2"
-func main(param1 string, param2 int) (map[string]interface{}, error) {
-    return map[string]interface{}{
-        "result": param1,
-        "count":  param2,
-    }, nil
-}
+echo "Processing $var1 and $var2"
+# Return JSON by echoing to stdout
+echo "{\\"result\\": \\"$var1\\", \\"count\\": $var2}"
 \`\`\`
 **Important:**
-- Package must be \`inner\`
-- Return type must be \`({return_type}, error)\`
-- Function name is \`main\` (lowercase)
-## Return Types
+- Do not include shebang (\`#!/bin/bash\`)
+- Arguments are always strings
+- Access with \`$1\`, \`$2\`, etc.
-The return type can be any Go type that can be serialized to JSON:
+## Output
-\`\`\`go
-package inner
+The script output is captured as the result. For structured data, output valid JSON:
-type Result struct {
-    Name  string \`json:"name"\`
-    Count int    \`json:"count"\`
-}
+\`\`\`bash
+name="$1"
+count="$2"
-func main(name string, count int) (Result, error) {
-    return Result{
-        Name:  name,
-        Count: count,
-    }, nil
+# Output JSON result
+cat << EOF
+{
+  "name": "$name",
+  "count": $count,
+  "timestamp": "$(date -Iseconds)"
 }
+EOF
 \`\`\`
-## Error Handling
-Return errors as the second return value:
-\`\`\`go
-package inner
+## Environment Variables
-import "errors"
+Environment variables set in Windmill are available:
-func main(value int) (string, error) {
-    if value < 0 {
-        return "", errors.New("value must be positive")
-    }
-    return "success", nil
-}
+\`\`\`bash
+# Access environment variable
+echo "Workspace: $WM_WORKSPACE"
+echo "Job ID: $WM_JOB_ID"
 \`\`\`
 `,
-  "write-script-java": `---
-name: write-script-java
-description: MUST use when writing Java scripts.
+  "write-script-bigquery": `---
+name: write-script-bigquery
+description: MUST use when writing BigQuery queries.
 ---
 ## CLI Commands
-Place scripts in a folder. After writing, run:
+Place scripts in a folder. After writing, tell the user they can run:
 - \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
 - \`wmill sync push\` - Deploy to Windmill
-Use \`wmill resource-type list --schema\` to discover available resource types.
-# Java
-The script must contain a Main public class with a \`public static main()\` method:
-\`\`\`java
-public class Main {
-    public static Object main(String name, int count) {
-        java.util.Map<String, Object> result = new java.util.HashMap<>();
-        result.put("name", name);
-        result.put("count", count);
-        return result;
-    }
-}
-\`\`\`
-**Important:**
-- Class must be named \`Main\`
-- Method must be \`public static Object main(...)\`
-- Return type is \`Object\` or \`void\`
-## Maven Dependencies
-Add dependencies using comments at the top:
-\`\`\`java
-//requirements:
-//com.google.code.gson:gson:2.10.1
-//org.apache.httpcomponents:httpclient:4.5.14
-import com.google.gson.Gson;
-public class Main {
-    public static Object main(String input) {
-        Gson gson = new Gson();
-        return gson.fromJson(input, Object.class);
-    }
-}
-\`\`\`
-`,
-  "write-script-graphql": `---
-name: write-script-graphql
-description: MUST use when writing GraphQL queries.
----
-## CLI Commands
-Place scripts in a folder. After writing, run:
-- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
-- \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
 Use \`wmill resource-type list --schema\` to discover available resource types.
-# GraphQL
-## Structure
-Write GraphQL queries or mutations. Arguments can be added as query parameters:
-\`\`\`graphql
-query GetUser($id: ID!) {
-  user(id: $id) {
-    id
-    name
-    email
-  }
-}
-\`\`\`
-## Variables
-Variables are passed as script arguments and automatically bound to the query:
+# BigQuery
-\`\`\`graphql
-query SearchProducts($query: String!, $limit: Int = 10) {
-  products(search: $query, first: $limit) {
-    edges {
-      node {
-        id
-        name
-        price
-      }
-    }
-  }
-}
-\`\`\`
+Arguments use \`@name\` syntax.
-## Mutations
+Name the parameters by adding comments before the statement:
-\`\`\`graphql
-mutation CreateUser($input: CreateUserInput!) {
-  createUser(input: $input) {
-    id
-    name
-    createdAt
-  }
-}
+\`\`\`sql
+-- @name1 (string)
+-- @name2 (int64) = 0
+SELECT * FROM users WHERE name = @name1 AND age > @name2;
 \`\`\`
 `,
-  "write-script-rust": `---
-name: write-script-rust
-description: MUST use when writing Rust scripts.
+  "write-script-bun": `---
+name: write-script-bun
+description: MUST use when writing Bun/TypeScript scripts.
 ---
 ## CLI Commands
-Place scripts in a folder. After writing, run:
+Place scripts in a folder. After writing, tell the user they can run:
 - \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
 - \`wmill sync push\` - Deploy to Windmill
-Use \`wmill resource-type list --schema\` to discover available resource types.
-# Rust
-## Structure
-The script must contain a function called \`main\` with proper return type:
-\`\`\`rust
-use anyhow::anyhow;
-use serde::Serialize;
-#[derive(Serialize, Debug)]
-struct ReturnType {
-    result: String,
-    count: i32,
-}
-fn main(param1: String, param2: i32) -> anyhow::Result<ReturnType> {
-    Ok(ReturnType {
-        result: param1,
-        count: param2,
-    })
-}
-\`\`\`
-**Important:**
-- Arguments should be owned types
-- Return type must be serializable (\`#[derive(Serialize)]\`)
-- Return type is \`anyhow::Result<T>\`
-## Dependencies
-Packages must be specified with a partial cargo.toml at the beginning of the script:
-\`\`\`rust
-//! \`\`\`cargo
-//! [dependencies]
-//! anyhow = "1.0.86"
-//! reqwest = { version = "0.11", features = ["json"] }
-//! tokio = { version = "1", features = ["full"] }
-//! \`\`\`
-use anyhow::anyhow;
-// ... rest of the code
-\`\`\`
-**Note:** Serde is already included, no need to add it again.
-## Async Functions
-If you need to handle async functions (e.g., using tokio), keep the main function sync and create the runtime inside:
-\`\`\`rust
-//! \`\`\`cargo
-//! [dependencies]
-//! anyhow = "1.0.86"
-//! tokio = { version = "1", features = ["full"] }
-//! reqwest = { version = "0.11", features = ["json"] }
-//! \`\`\`
-use anyhow::anyhow;
-use serde::Serialize;
-#[derive(Serialize, Debug)]
-struct Response {
-    data: String,
-}
-fn main(url: String) -> anyhow::Result<Response> {
-    let rt = tokio::runtime::Runtime::new()?;
-    rt.block_on(async {
-        let resp = reqwest::get(&url).await?.text().await?;
-        Ok(Response { data: resp })
-    })
-}
-\`\`\`
-`,
-  "write-script-bunnative": `---
-name: write-script-bunnative
-description: MUST use when writing Bun Native scripts.
----
-## CLI Commands
-Place scripts in a folder. After writing, run:
-- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
-- \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
 Use \`wmill resource-type list --schema\` to discover available resource types.
-# TypeScript (Bun Native)
+# TypeScript (Bun)
-Native TypeScript execution with fetch only - no external imports allowed.
+Bun runtime with full npm ecosystem and fastest execution.
 ## Structure
@@ -72501,7 +72443,7 @@ export async function main(param1: string, param2: number) {
 }
 \`\`\`
-Do not call the main function.
+Do not call the main function. Libraries are installed automatically.
 ## Resource Types
@@ -72521,18 +72463,20 @@ Before using a resource type, check the \`rt.d.ts\` file in the project root to
 ## Imports
-**No imports allowed.** Use the globally available \`fetch\` function:
 \`\`\`typescript
-export async function main(url: string) {
-  const response = await fetch(url);
-  return await response.json();
-}
+import Stripe from "stripe";
+import { someFunction } from "some-package";
 \`\`\`
 ## Windmill Client
-The windmill client is not available in native TypeScript mode. Use fetch to call APIs directly.
+Import the windmill client for platform interactions:
+\`\`\`typescript
+import * as wmill from "windmill-client";
+\`\`\`
+See the SDK documentation for available methods.
 ## Preprocessor Scripts
@@ -72602,36 +72546,6 @@ const result: S3Object = await wmill.writeS3File(
 Import: import * as wmill from 'windmill-client'
-/**
- * Create a SQL template function for PostgreSQL/datatable queries
- * @param name - Database/datatable name (default: "main")
- * @returns SQL template function for building parameterized queries
- * @example
- * let sql = wmill.datatable()
- * let name = 'Robin'
- * let age = 21
- * await sql\`
- *   SELECT * FROM friends
- *     WHERE name = \${name} AND age = \${age}::int
- * \`.fetch()
- */
-datatable(name: string = "main"): DatatableSqlTemplateFunction
-/**
- * Create a SQL template function for DuckDB/ducklake queries
- * @param name - DuckDB database name (default: "main")
- * @returns SQL template function for building parameterized queries
- * @example
- * let sql = wmill.ducklake()
- * let name = 'Robin'
- * let age = 21
- * await sql\`
- *   SELECT * FROM friends
- *     WHERE name = \${name} AND age = \${age}
- * \`.fetch()
- */
-ducklake(name: string = "main"): SqlTemplateFunction
 /**
  * Initialize the Windmill client with authentication token and base URL
  * @param token - Authentication token (defaults to WM_TOKEN env variable)
@@ -73124,144 +73038,64 @@ waitForApproval(options?: { timeout?: number; form?: object; }): PromiseLike<{ v
  * const results = await parallel(items, process, { concurrency: 5 });
  */
 async parallel<T, R>(items: T[], fn: (item: T) => PromiseLike<R> | R, options?: { concurrency?: number },): Promise<R[]>
-`,
-  "write-script-postgresql": `---
-name: write-script-postgresql
-description: MUST use when writing PostgreSQL queries.
----
-## CLI Commands
-Place scripts in a folder. After writing, run:
-- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
-- \`wmill sync push\` - Deploy to Windmill
-Use \`wmill resource-type list --schema\` to discover available resource types.
-# PostgreSQL
-Arguments are obtained directly in the statement with \`$1::{type}\`, \`$2::{type}\`, etc.
-Name the parameters by adding comments at the beginning of the script (without specifying the type):
-\`\`\`sql
--- $1 name1
--- $2 name2 = default_value
-SELECT * FROM users WHERE name = $1::TEXT AND age > $2::INT;
-\`\`\`
-`,
-  "write-script-php": `---
-name: write-script-php
-description: MUST use when writing PHP scripts.
----
-## CLI Commands
-Place scripts in a folder. After writing, run:
-- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
-- \`wmill sync push\` - Deploy to Windmill
-Use \`wmill resource-type list --schema\` to discover available resource types.
-# PHP
-## Structure
-The script must start with \`<?php\` and contain at least one function called \`main\`:
-\`\`\`php
-<?php
-function main(string $param1, int $param2) {
-    return ["result" => $param1, "count" => $param2];
-}
-\`\`\`
-## Resource Types
-On Windmill, credentials and configuration are stored in resources and passed as parameters to main.
-You need to **redefine** the type of the resources that are needed before the main function. Always check if the class already exists using \`class_exists\`:
-\`\`\`php
-<?php
-if (!class_exists('Postgresql')) {
-    class Postgresql {
-        public string $host;
-        public int $port;
-        public string $user;
-        public string $password;
-        public string $dbname;
-    }
-}
-function main(Postgresql $db) {
-    // $db contains the database connection details
-}
-\`\`\`
-The resource type name has to be exactly as specified.
-## Library Dependencies
-Specify library dependencies as comments before the main function:
-\`\`\`php
-<?php
-// require:
-// guzzlehttp/guzzle
-// stripe/stripe-php@^10.0
+/**
+ * Commit Kafka offsets for a trigger with auto_commit disabled.
+ * @param triggerPath - Path to the Kafka trigger (from event.wm_trigger.trigger_path)
+ * @param topic - Kafka topic name (from event.topic)
+ * @param partition - Partition number (from event.partition)
+ * @param offset - Message offset to commit (from event.offset)
+ */
+async commitKafkaOffsets(triggerPath: string, topic: string, partition: number, offset: number,): Promise<void>
-function main() {
-    // Libraries are available
-}
-\`\`\`
+/**
+ * Create a SQL template function for PostgreSQL/datatable queries
+ * @param name - Database/datatable name (default: "main")
+ * @returns SQL template function for building parameterized queries
+ * @example
+ * let sql = wmill.datatable()
+ * let name = 'Robin'
+ * let age = 21
+ * await sql\`
+ *   SELECT * FROM friends
+ *     WHERE name = \${name} AND age = \${age}::int
+ * \`.fetch()
+ */
+datatable(name: string = "main"): DatatableSqlTemplateFunction
-One dependency per line. No need to require autoload, it is already done.
+/**
+ * Create a SQL template function for DuckDB/ducklake queries
+ * @param name - DuckDB database name (default: "main")
+ * @returns SQL template function for building parameterized queries
+ * @example
+ * let sql = wmill.ducklake()
+ * let name = 'Robin'
+ * let age = 21
+ * await sql\`
+ *   SELECT * FROM friends
+ *     WHERE name = \${name} AND age = \${age}
+ * \`.fetch()
+ */
+ducklake(name: string = "main"): SqlTemplateFunction
 `,
-  "write-script-bigquery": `---
-name: write-script-bigquery
-description: MUST use when writing BigQuery queries.
+  "write-script-bunnative": `---
+name: write-script-bunnative
+description: MUST use when writing Bun Native scripts.
 ---
 ## CLI Commands
-Place scripts in a folder. After writing, run:
+Place scripts in a folder. After writing, tell the user they can run:
 - \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
 - \`wmill sync push\` - Deploy to Windmill
-Use \`wmill resource-type list --schema\` to discover available resource types.
-# BigQuery
-Arguments use \`@name\` syntax.
-Name the parameters by adding comments before the statement:
-\`\`\`sql
--- @name1 (string)
--- @name2 (int64) = 0
-SELECT * FROM users WHERE name = @name1 AND age > @name2;
-\`\`\`
-`,
-  "write-script-bun": `---
-name: write-script-bun
-description: MUST use when writing Bun/TypeScript scripts.
----
-## CLI Commands
-Place scripts in a folder. After writing, run:
-- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
-- \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
 Use \`wmill resource-type list --schema\` to discover available resource types.
-# TypeScript (Bun)
+# TypeScript (Bun Native)
-Bun runtime with full npm ecosystem and fastest execution.
+Native TypeScript execution with fetch only - no external imports allowed.
 ## Structure
@@ -73274,7 +73108,7 @@ export async function main(param1: string, param2: number) {
 }
 \`\`\`
-Do not call the main function. Libraries are installed automatically.
+Do not call the main function.
 ## Resource Types
@@ -73294,20 +73128,18 @@ Before using a resource type, check the \`rt.d.ts\` file in the project root to
 ## Imports
+**No imports allowed.** Use the globally available \`fetch\` function:
 \`\`\`typescript
-import Stripe from "stripe";
-import { someFunction } from "some-package";
+export async function main(url: string) {
+  const response = await fetch(url);
+  return await response.json();
+}
 \`\`\`
 ## Windmill Client
-Import the windmill client for platform interactions:
-\`\`\`typescript
-import * as wmill from "windmill-client";
-\`\`\`
-See the SDK documentation for available methods.
+The windmill client is not available in native TypeScript mode. Use fetch to call APIs directly.
 ## Preprocessor Scripts
@@ -73377,36 +73209,6 @@ const result: S3Object = await wmill.writeS3File(
 Import: import * as wmill from 'windmill-client'
-/**
- * Create a SQL template function for PostgreSQL/datatable queries
- * @param name - Database/datatable name (default: "main")
- * @returns SQL template function for building parameterized queries
- * @example
- * let sql = wmill.datatable()
- * let name = 'Robin'
- * let age = 21
- * await sql\`
- *   SELECT * FROM friends
- *     WHERE name = \${name} AND age = \${age}::int
- * \`.fetch()
- */
-datatable(name: string = "main"): DatatableSqlTemplateFunction
-/**
- * Create a SQL template function for DuckDB/ducklake queries
- * @param name - DuckDB database name (default: "main")
- * @returns SQL template function for building parameterized queries
- * @example
- * let sql = wmill.ducklake()
- * let name = 'Robin'
- * let age = 21
- * await sql\`
- *   SELECT * FROM friends
- *     WHERE name = \${name} AND age = \${age}
- * \`.fetch()
- */
-ducklake(name: string = "main"): SqlTemplateFunction
 /**
  * Initialize the Windmill client with authentication token and base URL
  * @param token - Authentication token (defaults to WM_TOKEN env variable)
@@ -73899,6 +73701,45 @@ waitForApproval(options?: { timeout?: number; form?: object; }): PromiseLike<{ v
  * const results = await parallel(items, process, { concurrency: 5 });
  */
 async parallel<T, R>(items: T[], fn: (item: T) => PromiseLike<R> | R, options?: { concurrency?: number },): Promise<R[]>
+/**
+ * Commit Kafka offsets for a trigger with auto_commit disabled.
+ * @param triggerPath - Path to the Kafka trigger (from event.wm_trigger.trigger_path)
+ * @param topic - Kafka topic name (from event.topic)
+ * @param partition - Partition number (from event.partition)
+ * @param offset - Message offset to commit (from event.offset)
+ */
+async commitKafkaOffsets(triggerPath: string, topic: string, partition: number, offset: number,): Promise<void>
+/**
+ * Create a SQL template function for PostgreSQL/datatable queries
+ * @param name - Database/datatable name (default: "main")
+ * @returns SQL template function for building parameterized queries
+ * @example
+ * let sql = wmill.datatable()
+ * let name = 'Robin'
+ * let age = 21
+ * await sql\`
+ *   SELECT * FROM friends
+ *     WHERE name = \${name} AND age = \${age}::int
+ * \`.fetch()
+ */
+datatable(name: string = "main"): DatatableSqlTemplateFunction
+/**
+ * Create a SQL template function for DuckDB/ducklake queries
+ * @param name - DuckDB database name (default: "main")
+ * @returns SQL template function for building parameterized queries
+ * @example
+ * let sql = wmill.ducklake()
+ * let name = 'Robin'
+ * let age = 21
+ * await sql\`
+ *   SELECT * FROM friends
+ *     WHERE name = \${name} AND age = \${age}
+ * \`.fetch()
+ */
+ducklake(name: string = "main"): SqlTemplateFunction
 `,
   "write-script-csharp": `---
 name: write-script-csharp
@@ -73907,10 +73748,12 @@ description: MUST use when writing C# scripts.
 ## CLI Commands
-Place scripts in a folder. After writing, run:
+Place scripts in a folder. After writing, tell the user they can run:
 - \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
 - \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
 Use \`wmill resource-type list --schema\` to discover available resource types.
 # C#
@@ -73954,31 +73797,6 @@ public class Script
     }
 }
 \`\`\`
-`,
-  "write-script-mssql": `---
-name: write-script-mssql
-description: MUST use when writing MS SQL Server queries.
----
-## CLI Commands
-Place scripts in a folder. After writing, run:
-- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
-- \`wmill sync push\` - Deploy to Windmill
-Use \`wmill resource-type list --schema\` to discover available resource types.
-# Microsoft SQL Server (MSSQL)
-Arguments use \`@P1\`, \`@P2\`, etc.
-Name the parameters by adding comments before the statement:
-\`\`\`sql
--- @P1 name1 (varchar)
--- @P2 name2 (int) = 0
-SELECT * FROM users WHERE name = @P1 AND age > @P2;
-\`\`\`
 `,
   "write-script-deno": `---
 name: write-script-deno
@@ -73987,10 +73805,12 @@ description: MUST use when writing Deno/TypeScript scripts.
 ## CLI Commands
-Place scripts in a folder. After writing, run:
+Place scripts in a folder. After writing, tell the user they can run:
 - \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
 - \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
 Use \`wmill resource-type list --schema\` to discover available resource types.
 # TypeScript (Deno)
@@ -74115,6 +73935,508 @@ const result: S3Object = await wmill.writeS3File(
 Import: import * as wmill from 'windmill-client'
+/**
+ * Initialize the Windmill client with authentication token and base URL
+ * @param token - Authentication token (defaults to WM_TOKEN env variable)
+ * @param baseUrl - API base URL (defaults to BASE_INTERNAL_URL or BASE_URL env variable)
+ */
+setClient(token?: string, baseUrl?: string): void
+/**
+ * Create a client configuration from env variables
+ * @returns client configuration
+ */
+getWorkspace(): string
+/**
+ * Get a resource value by path
+ * @param path path of the resource,  default to internal state path
+ * @param undefinedIfEmpty if the resource does not exist, return undefined instead of throwing an error
+ * @returns resource value
+ */
+async getResource(path?: string, undefinedIfEmpty?: boolean): Promise<any>
+/**
+ * Get the true root job id
+ * @param jobId job id to get the root job id from (default to current job)
+ * @returns root job id
+ */
+async getRootJobId(jobId?: string): Promise<string>
+/**
+ * @deprecated Use runScriptByPath or runScriptByHash instead
+ */
+async runScript(path: string | null = null, hash_: string | null = null, args: Record<string, any> | null = null, verbose: boolean = false): Promise<any>
+/**
+ * Run a script synchronously by its path and wait for the result
+ * @param path - Script path in Windmill
+ * @param args - Arguments to pass to the script
+ * @param verbose - Enable verbose logging
+ * @returns Script execution result
+ */
+async runScriptByPath(path: string, args: Record<string, any> | null = null, verbose: boolean = false): Promise<any>
+/**
+ * Run a script synchronously by its hash and wait for the result
+ * @param hash_ - Script hash in Windmill
+ * @param args - Arguments to pass to the script
+ * @param verbose - Enable verbose logging
+ * @returns Script execution result
+ */
+async runScriptByHash(hash_: string, args: Record<string, any> | null = null, verbose: boolean = false): Promise<any>
+/**
+ * Append a text to the result stream
+ * @param text text to append to the result stream
+ */
+appendToResultStream(text: string): void
+/**
+ * Stream to the result stream
+ * @param stream stream to stream to the result stream
+ */
+async streamResult(stream: AsyncIterable<string>): Promise<void>
+/**
+ * Run a flow synchronously by its path and wait for the result
+ * @param path - Flow path in Windmill
+ * @param args - Arguments to pass to the flow
+ * @param verbose - Enable verbose logging
+ * @returns Flow execution result
+ */
+async runFlow(path: string | null = null, args: Record<string, any> | null = null, verbose: boolean = false): Promise<any>
+/**
+ * Wait for a job to complete and return its result
+ * @param jobId - ID of the job to wait for
+ * @param verbose - Enable verbose logging
+ * @returns Job result when completed
+ */
+async waitJob(jobId: string, verbose: boolean = false): Promise<any>
+/**
+ * Get the result of a completed job
+ * @param jobId - ID of the completed job
+ * @returns Job result
+ */
+async getResult(jobId: string): Promise<any>
+/**
+ * Get the result of a job if completed, or its current status
+ * @param jobId - ID of the job
+ * @returns Object with started, completed, success, and result properties
+ */
+async getResultMaybe(jobId: string): Promise<any>
+/**
+ * @deprecated Use runScriptByPathAsync or runScriptByHashAsync instead
+ */
+async runScriptAsync(path: string | null, hash_: string | null, args: Record<string, any> | null, scheduledInSeconds: number | null = null): Promise<string>
+/**
+ * Run a script asynchronously by its path
+ * @param path - Script path in Windmill
+ * @param args - Arguments to pass to the script
+ * @param scheduledInSeconds - Schedule execution for a future time (in seconds)
+ * @returns Job ID of the created job
+ */
+async runScriptByPathAsync(path: string, args: Record<string, any> | null = null, scheduledInSeconds: number | null = null): Promise<string>
+/**
+ * Run a script asynchronously by its hash
+ * @param hash_ - Script hash in Windmill
+ * @param args - Arguments to pass to the script
+ * @param scheduledInSeconds - Schedule execution for a future time (in seconds)
+ * @returns Job ID of the created job
+ */
+async runScriptByHashAsync(hash_: string, args: Record<string, any> | null = null, scheduledInSeconds: number | null = null): Promise<string>
+/**
+ * Run a flow asynchronously by its path
+ * @param path - Flow path in Windmill
+ * @param args - Arguments to pass to the flow
+ * @param scheduledInSeconds - Schedule execution for a future time (in seconds)
+ * @param doNotTrackInParent - If false, tracks state in parent job (only use when fully awaiting the job)
+ * @returns Job ID of the created job
+ */
+async runFlowAsync(path: string | null, args: Record<string, any> | null, scheduledInSeconds: number | null = null, // can only be set to false if this the job will be fully await and not concurrent with any other job // as otherwise the child flow and its own child will store their state in the parent job which will // lead to incorrectness and failures doNotTrackInParent: boolean = true): Promise<string>
+/**
+ * Resolve a resource value in case the default value was picked because the input payload was undefined
+ * @param obj resource value or path of the resource under the format \`$res:path\`
+ * @returns resource value
+ */
+async resolveDefaultResource(obj: any): Promise<any>
+/**
+ * Get the state file path from environment variables
+ * @returns State path string
+ */
+getStatePath(): string
+/**
+ * Set a resource value by path
+ * @param path path of the resource to set, default to state path
+ * @param value new value of the resource to set
+ * @param initializeToTypeIfNotExist if the resource does not exist, initialize it with this type
+ */
+async setResource(value: any, path?: string, initializeToTypeIfNotExist?: string): Promise<void>
+/**
+ * Set the state
+ * @param state state to set
+ * @deprecated use setState instead
+ */
+async setInternalState(state: any): Promise<void>
+/**
+ * Set the state
+ * @param state state to set
+ * @param path Optional state resource path override. Defaults to \`getStatePath()\`.
+ */
+async setState(state: any, path?: string): Promise<void>
+/**
+ * Set the progress
+ * Progress cannot go back and limited to 0% to 99% range
+ * @param percent Progress to set in %
+ * @param jobId? Job to set progress for
+ */
+async setProgress(percent: number, jobId?: any): Promise<void>
+/**
+ * Get the progress
+ * @param jobId? Job to get progress from
+ * @returns Optional clamped between 0 and 100 progress value
+ */
+async getProgress(jobId?: any): Promise<number | null>
+/**
+ * Set a flow user state
+ * @param key key of the state
+ * @param value value of the state
+ */
+async setFlowUserState(key: string, value: any, errorIfNotPossible?: boolean): Promise<void>
+/**
+ * Get a flow user state
+ * @param path path of the variable
+ */
+async getFlowUserState(key: string, errorIfNotPossible?: boolean): Promise<any>
+/**
+ * Get the internal state
+ * @deprecated use getState instead
+ */
+async getInternalState(): Promise<any>
+/**
+ * Get the state shared across executions
+ * @param path Optional state resource path override. Defaults to \`getStatePath()\`.
+ */
+async getState(path?: string): Promise<any>
+/**
+ * Get a variable by path
+ * @param path path of the variable
+ * @returns variable value
+ */
+async getVariable(path: string): Promise<string>
+/**
+ * Set a variable by path, create if not exist
+ * @param path path of the variable
+ * @param value value of the variable
+ * @param isSecretIfNotExist if the variable does not exist, create it as secret or not (default: false)
+ * @param descriptionIfNotExist if the variable does not exist, create it with this description (default: "")
+ */
+async setVariable(path: string, value: string, isSecretIfNotExist?: boolean, descriptionIfNotExist?: string): Promise<void>
+/**
+ * Build a PostgreSQL connection URL from a database resource
+ * @param path - Path to the database resource
+ * @returns PostgreSQL connection URL string
+ */
+async databaseUrlFromResource(path: string): Promise<string>
+async polarsConnectionSettings(s3_resource_path: string | undefined): Promise<any>
+async duckdbConnectionSettings(s3_resource_path: string | undefined): Promise<any>
+/**
+ * Get S3 client settings from a resource or workspace default
+ * @param s3_resource_path - Path to S3 resource (uses workspace default if undefined)
+ * @returns S3 client configuration settings
+ */
+async denoS3LightClientSettings(s3_resource_path: string | undefined): Promise<DenoS3LightClientSettings>
+/**
+ * Load the content of a file stored in S3. If the s3ResourcePath is undefined, it will default to the workspace S3 resource.
+ *
+ * \`\`\`typescript
+ * let fileContent = await wmill.loadS3FileContent(inputFile)
+ * // if the file is a raw text file, it can be decoded and printed directly:
+ * const text = new TextDecoder().decode(fileContentStream)
+ * console.log(text);
+ * \`\`\`
+ */
+async loadS3File(s3object: S3Object, s3ResourcePath: string | undefined = undefined): Promise<Uint8Array | undefined>
+/**
+ * Load the content of a file stored in S3 as a stream. If the s3ResourcePath is undefined, it will default to the workspace S3 resource.
+ *
+ * \`\`\`typescript
+ * let fileContentBlob = await wmill.loadS3FileStream(inputFile)
+ * // if the content is plain text, the blob can be read directly:
+ * console.log(await fileContentBlob.text());
+ * \`\`\`
+ */
+async loadS3FileStream(s3object: S3Object, s3ResourcePath: string | undefined = undefined): Promise<Blob | undefined>
+/**
+ * Persist a file to the S3 bucket. If the s3ResourcePath is undefined, it will default to the workspace S3 resource.
+ *
+ * \`\`\`typescript
+ * const s3object = await writeS3File(s3Object, "Hello Windmill!")
+ * const fileContentAsUtf8Str = (await s3object.toArray()).toString('utf-8')
+ * console.log(fileContentAsUtf8Str)
+ * \`\`\`
+ */
+async writeS3File(s3object: S3Object | undefined, fileContent: string | Blob, s3ResourcePath: string | undefined = undefined, contentType: string | undefined = undefined, contentDisposition: string | undefined = undefined): Promise<S3Object>
+/**
+ * Sign S3 objects to be used by anonymous users in public apps
+ * @param s3objects s3 objects to sign
+ * @returns signed s3 objects
+ */
+async signS3Objects(s3objects: S3Object[]): Promise<S3Object[]>
+/**
+ * Sign S3 object to be used by anonymous users in public apps
+ * @param s3object s3 object to sign
+ * @returns signed s3 object
+ */
+async signS3Object(s3object: S3Object): Promise<S3Object>
+/**
+ * Generate a presigned public URL for an array of S3 objects.
+ * If an S3 object is not signed yet, it will be signed first.
+ * @param s3Objects s3 objects to sign
+ * @returns list of signed public URLs
+ */
+async getPresignedS3PublicUrls(s3Objects: S3Object[], { baseUrl }: { baseUrl?: string } = {}): Promise<string[]>
+/**
+ * Generate a presigned public URL for an S3 object. If the S3 object is not signed yet, it will be signed first.
+ * @param s3Object s3 object to sign
+ * @returns signed public URL
+ */
+async getPresignedS3PublicUrl(s3Objects: S3Object, { baseUrl }: { baseUrl?: string } = {}): Promise<string>
+/**
+ * Get URLs needed for resuming a flow after this step
+ * @param approver approver name
+ * @param flowLevel if true, generate resume URLs for the parent flow instead of the specific step.
+ *                  This allows pre-approvals that can be consumed by any later suspend step in the same flow.
+ * @returns approval page UI URL, resume and cancel API URLs for resuming the flow
+ */
+async getResumeUrls(approver?: string, flowLevel?: boolean): Promise<{
+  approvalPage: string;
+  resume: string;
+  cancel: string;
+}>
+/**
+ * @deprecated use getResumeUrls instead
+ */
+getResumeEndpoints(approver?: string): Promise<{
+  approvalPage: string;
+  resume: string;
+  cancel: string;
+}>
+/**
+ * Get an OIDC jwt token for auth to external services (e.g: Vault, AWS) (ee only)
+ * @param audience audience of the token
+ * @param expiresIn Optional number of seconds until the token expires
+ * @returns jwt token
+ */
+async getIdToken(audience: string, expiresIn?: number): Promise<string>
+/**
+ * Convert a base64-encoded string to Uint8Array
+ * @param data - Base64-encoded string
+ * @returns Decoded Uint8Array
+ */
+base64ToUint8Array(data: string): Uint8Array
+/**
+ * Convert a Uint8Array to base64-encoded string
+ * @param arrayBuffer - Uint8Array to encode
+ * @returns Base64-encoded string
+ */
+uint8ArrayToBase64(arrayBuffer: Uint8Array): string
+/**
+ * Get email from workspace username
+ * This method is particularly useful for apps that require the email address of the viewer.
+ * Indeed, in the viewer context, WM_USERNAME is set to the username of the viewer but WM_EMAIL is set to the email of the creator of the app.
+ * @param username
+ * @returns email address
+ */
+async usernameToEmail(username: string): Promise<string>
+/**
+ * Sends an interactive approval request via Slack, allowing optional customization of the message, approver, and form fields.
+ *
+ * **[Enterprise Edition Only]** To include form fields in the Slack approval request, go to **Advanced -> Suspend -> Form**
+ * and define a form. Learn more at [Windmill Documentation](https://www.windmill.dev/docs/flows/flow_approval#form).
+ *
+ * @param {Object} options - The configuration options for the Slack approval request.
+ * @param {string} options.slackResourcePath - The path to the Slack resource in Windmill.
+ * @param {string} options.channelId - The Slack channel ID where the approval request will be sent.
+ * @param {string} [options.message] - Optional custom message to include in the Slack approval request.
+ * @param {string} [options.approver] - Optional user ID or name of the approver for the request.
+ * @param {DefaultArgs} [options.defaultArgsJson] - Optional object defining or overriding the default arguments to a form field.
+ * @param {Enums} [options.dynamicEnumsJson] - Optional object overriding the enum default values of an enum form field.
+ * @param {string} [options.resumeButtonText] - Optional text for the resume button.
+ * @param {string} [options.cancelButtonText] - Optional text for the cancel button.
+ *
+ * @returns {Promise<void>} Resolves when the Slack approval request is successfully sent.
+ *
+ * @throws {Error} If the function is not called within a flow or flow preview.
+ * @throws {Error} If the \`JobService.getSlackApprovalPayload\` call fails.
+ *
+ * **Usage Example:**
+ * \`\`\`typescript
+ * await requestInteractiveSlackApproval({
+ *   slackResourcePath: "/u/alex/my_slack_resource",
+ *   channelId: "admins-slack-channel",
+ *   message: "Please approve this request",
+ *   approver: "approver123",
+ *   defaultArgsJson: { key1: "value1", key2: 42 },
+ *   dynamicEnumsJson: { foo: ["choice1", "choice2"], bar: ["optionA", "optionB"] },
+ *   resumeButtonText: "Resume",
+ *   cancelButtonText: "Cancel",
+ * });
+ * \`\`\`
+ *
+ * **Note:** This function requires execution within a Windmill flow or flow preview.
+ */
+async requestInteractiveSlackApproval({ slackResourcePath, channelId, message, approver, defaultArgsJson, dynamicEnumsJson, resumeButtonText, cancelButtonText, }: SlackApprovalOptions): Promise<void>
+/**
+ * Sends an interactive approval request via Teams, allowing optional customization of the message, approver, and form fields.
+ *
+ * **[Enterprise Edition Only]** To include form fields in the Teams approval request, go to **Advanced -> Suspend -> Form**
+ * and define a form. Learn more at [Windmill Documentation](https://www.windmill.dev/docs/flows/flow_approval#form).
+ *
+ * @param {Object} options - The configuration options for the Teams approval request.
+ * @param {string} options.teamName - The Teams team name where the approval request will be sent.
+ * @param {string} options.channelName - The Teams channel name where the approval request will be sent.
+ * @param {string} [options.message] - Optional custom message to include in the Teams approval request.
+ * @param {string} [options.approver] - Optional user ID or name of the approver for the request.
+ * @param {DefaultArgs} [options.defaultArgsJson] - Optional object defining or overriding the default arguments to a form field.
+ * @param {Enums} [options.dynamicEnumsJson] - Optional object overriding the enum default values of an enum form field.
+ *
+ * @returns {Promise<void>} Resolves when the Teams approval request is successfully sent.
+ *
+ * @throws {Error} If the function is not called within a flow or flow preview.
+ * @throws {Error} If the \`JobService.getTeamsApprovalPayload\` call fails.
+ *
+ * **Usage Example:**
+ * \`\`\`typescript
+ * await requestInteractiveTeamsApproval({
+ *   teamName: "admins-teams",
+ *   channelName: "admins-teams-channel",
+ *   message: "Please approve this request",
+ *   approver: "approver123",
+ *   defaultArgsJson: { key1: "value1", key2: 42 },
+ *   dynamicEnumsJson: { foo: ["choice1", "choice2"], bar: ["optionA", "optionB"] },
+ * });
+ * \`\`\`
+ *
+ * **Note:** This function requires execution within a Windmill flow or flow preview.
+ */
+async requestInteractiveTeamsApproval({ teamName, channelName, message, approver, defaultArgsJson, dynamicEnumsJson, }: TeamsApprovalOptions): Promise<void>
+/**
+ * Parse an S3 object from URI string or record format
+ * @param s3Object - S3 object as URI string (s3://storage/key) or record
+ * @returns S3 object record with storage and s3 key
+ */
+parseS3Object(s3Object: S3Object): S3ObjectRecord
+setWorkflowCtx(ctx: WorkflowCtx | null): void
+async sleep(seconds: number): Promise<void>
+async step<T>(name: string, fn: () => T | Promise<T>): Promise<T>
+/**
+ * Create a task that dispatches to a separate Windmill script.
+ *
+ * @example
+ * const extract = taskScript("f/data/extract");
+ * // inside workflow: await extract({ url: "https://..." })
+ */
+taskScript(path: string, options?: TaskOptions): (...args: any[]) => PromiseLike<any>
+/**
+ * Create a task that dispatches to a separate Windmill flow.
+ *
+ * @example
+ * const pipeline = taskFlow("f/etl/pipeline");
+ * // inside workflow: await pipeline({ input: data })
+ */
+taskFlow(path: string, options?: TaskOptions): (...args: any[]) => PromiseLike<any>
+/**
+ * Mark an async function as a workflow-as-code entry point.
+ *
+ * The function must be **deterministic**: given the same inputs it must call
+ * tasks in the same order on every replay. Branching on task results is fine
+ * (results are replayed from checkpoint), but branching on external state
+ * (current time, random values, external API calls) must use \`step()\` to
+ * checkpoint the value so replays see the same result.
+ */
+workflow<T>(fn: (...args: any[]) => Promise<T>): void
+/**
+ * Suspend the workflow and wait for an external approval.
+ *
+ * Use \`getResumeUrls()\` (wrapped in \`step()\`) to obtain resume/cancel/approvalPage
+ * URLs before calling this function.
+ *
+ * @example
+ * const urls = await step("urls", () => getResumeUrls());
+ * await step("notify", () => sendEmail(urls.approvalPage));
+ * const { value, approver } = await waitForApproval({ timeout: 3600 });
+ */
+waitForApproval(options?: { timeout?: number; form?: object; }): PromiseLike<{ value: any; approver: string; approved: boolean }>
+/**
+ * Process items in parallel with optional concurrency control.
+ *
+ * Each item is processed by calling \`fn(item)\`, which should be a task().
+ * Items are dispatched in batches of \`concurrency\` (default: all at once).
+ *
+ * @example
+ * const process = task(async (item: string) => { ... });
+ * const results = await parallel(items, process, { concurrency: 5 });
+ */
+async parallel<T, R>(items: T[], fn: (item: T) => PromiseLike<R> | R, options?: { concurrency?: number },): Promise<R[]>
+/**
+ * Commit Kafka offsets for a trigger with auto_commit disabled.
+ * @param triggerPath - Path to the Kafka trigger (from event.wm_trigger.trigger_path)
+ * @param topic - Kafka topic name (from event.topic)
+ * @param partition - Partition number (from event.partition)
+ * @param offset - Message offset to commit (from event.offset)
+ */
+async commitKafkaOffsets(triggerPath: string, topic: string, partition: number, offset: number,): Promise<void>
 /**
  * Create a SQL template function for PostgreSQL/datatable queries
  * @param name - Database/datatable name (default: "main")
@@ -74144,6 +74466,414 @@ datatable(name: string = "main"): DatatableSqlTemplateFunction
  * \`.fetch()
  */
 ducklake(name: string = "main"): SqlTemplateFunction
+`,
+  "write-script-duckdb": `---
+name: write-script-duckdb
+description: MUST use when writing DuckDB queries.
+---
+## CLI Commands
+Place scripts in a folder. After writing, tell the user they can run:
+- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
+- \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
+Use \`wmill resource-type list --schema\` to discover available resource types.
+# DuckDB
+Arguments are defined with comments and used with \`$name\` syntax:
+\`\`\`sql
+-- $name (text) = default
+-- $age (integer)
+SELECT * FROM users WHERE name = $name AND age > $age;
+\`\`\`
+## Ducklake Integration
+Attach Ducklake for data lake operations:
+\`\`\`sql
+-- Main ducklake
+ATTACH 'ducklake' AS dl;
+-- Named ducklake
+ATTACH 'ducklake://my_lake' AS dl;
+-- Then query
+SELECT * FROM dl.schema.table;
+\`\`\`
+## External Database Connections
+Connect to external databases using resources:
+\`\`\`sql
+ATTACH '$res:path/to/resource' AS db (TYPE postgres);
+SELECT * FROM db.schema.table;
+\`\`\`
+## S3 File Operations
+Read files from S3 storage:
+\`\`\`sql
+-- Default storage
+SELECT * FROM read_csv('s3:///path/to/file.csv');
+-- Named storage
+SELECT * FROM read_csv('s3://storage_name/path/to/file.csv');
+-- Parquet files
+SELECT * FROM read_parquet('s3:///path/to/file.parquet');
+-- JSON files
+SELECT * FROM read_json('s3:///path/to/file.json');
+\`\`\`
+`,
+  "write-script-go": `---
+name: write-script-go
+description: MUST use when writing Go scripts.
+---
+## CLI Commands
+Place scripts in a folder. After writing, tell the user they can run:
+- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
+- \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
+Use \`wmill resource-type list --schema\` to discover available resource types.
+# Go
+## Structure
+The file package must be \`inner\` and export a function called \`main\`:
+\`\`\`go
+package inner
+func main(param1 string, param2 int) (map[string]interface{}, error) {
+    return map[string]interface{}{
+        "result": param1,
+        "count":  param2,
+    }, nil
+}
+\`\`\`
+**Important:**
+- Package must be \`inner\`
+- Return type must be \`({return_type}, error)\`
+- Function name is \`main\` (lowercase)
+## Return Types
+The return type can be any Go type that can be serialized to JSON:
+\`\`\`go
+package inner
+type Result struct {
+    Name  string \`json:"name"\`
+    Count int    \`json:"count"\`
+}
+func main(name string, count int) (Result, error) {
+    return Result{
+        Name:  name,
+        Count: count,
+    }, nil
+}
+\`\`\`
+## Error Handling
+Return errors as the second return value:
+\`\`\`go
+package inner
+import "errors"
+func main(value int) (string, error) {
+    if value < 0 {
+        return "", errors.New("value must be positive")
+    }
+    return "success", nil
+}
+\`\`\`
+`,
+  "write-script-graphql": `---
+name: write-script-graphql
+description: MUST use when writing GraphQL queries.
+---
+## CLI Commands
+Place scripts in a folder. After writing, tell the user they can run:
+- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
+- \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
+Use \`wmill resource-type list --schema\` to discover available resource types.
+# GraphQL
+## Structure
+Write GraphQL queries or mutations. Arguments can be added as query parameters:
+\`\`\`graphql
+query GetUser($id: ID!) {
+  user(id: $id) {
+    id
+    name
+    email
+  }
+}
+\`\`\`
+## Variables
+Variables are passed as script arguments and automatically bound to the query:
+\`\`\`graphql
+query SearchProducts($query: String!, $limit: Int = 10) {
+  products(search: $query, first: $limit) {
+    edges {
+      node {
+        id
+        name
+        price
+      }
+    }
+  }
+}
+\`\`\`
+## Mutations
+\`\`\`graphql
+mutation CreateUser($input: CreateUserInput!) {
+  createUser(input: $input) {
+    id
+    name
+    createdAt
+  }
+}
+\`\`\`
+`,
+  "write-script-java": `---
+name: write-script-java
+description: MUST use when writing Java scripts.
+---
+## CLI Commands
+Place scripts in a folder. After writing, tell the user they can run:
+- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
+- \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
+Use \`wmill resource-type list --schema\` to discover available resource types.
+# Java
+The script must contain a Main public class with a \`public static main()\` method:
+\`\`\`java
+public class Main {
+    public static Object main(String name, int count) {
+        java.util.Map<String, Object> result = new java.util.HashMap<>();
+        result.put("name", name);
+        result.put("count", count);
+        return result;
+    }
+}
+\`\`\`
+**Important:**
+- Class must be named \`Main\`
+- Method must be \`public static Object main(...)\`
+- Return type is \`Object\` or \`void\`
+## Maven Dependencies
+Add dependencies using comments at the top:
+\`\`\`java
+//requirements:
+//com.google.code.gson:gson:2.10.1
+//org.apache.httpcomponents:httpclient:4.5.14
+import com.google.gson.Gson;
+public class Main {
+    public static Object main(String input) {
+        Gson gson = new Gson();
+        return gson.fromJson(input, Object.class);
+    }
+}
+\`\`\`
+`,
+  "write-script-mssql": `---
+name: write-script-mssql
+description: MUST use when writing MS SQL Server queries.
+---
+## CLI Commands
+Place scripts in a folder. After writing, tell the user they can run:
+- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
+- \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
+Use \`wmill resource-type list --schema\` to discover available resource types.
+# Microsoft SQL Server (MSSQL)
+Arguments use \`@P1\`, \`@P2\`, etc.
+Name the parameters by adding comments before the statement:
+\`\`\`sql
+-- @P1 name1 (varchar)
+-- @P2 name2 (int) = 0
+SELECT * FROM users WHERE name = @P1 AND age > @P2;
+\`\`\`
+`,
+  "write-script-mysql": `---
+name: write-script-mysql
+description: MUST use when writing MySQL queries.
+---
+## CLI Commands
+Place scripts in a folder. After writing, tell the user they can run:
+- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
+- \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
+Use \`wmill resource-type list --schema\` to discover available resource types.
+# MySQL
+Arguments use \`?\` placeholders.
+Name the parameters by adding comments before the statement:
+\`\`\`sql
+-- ? name1 (text)
+-- ? name2 (int) = 0
+SELECT * FROM users WHERE name = ? AND age > ?;
+\`\`\`
+`,
+  "write-script-nativets": `---
+name: write-script-nativets
+description: MUST use when writing Native TypeScript scripts.
+---
+## CLI Commands
+Place scripts in a folder. After writing, tell the user they can run:
+- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
+- \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
+Use \`wmill resource-type list --schema\` to discover available resource types.
+# TypeScript (Native)
+Native TypeScript execution with fetch only - no external imports allowed.
+## Structure
+Export a single **async** function called \`main\`:
+\`\`\`typescript
+export async function main(param1: string, param2: number) {
+  // Your code here
+  return { result: param1, count: param2 };
+}
+\`\`\`
+Do not call the main function.
+## Resource Types
+On Windmill, credentials and configuration are stored in resources and passed as parameters to main.
+Use the \`RT\` namespace for resource types:
+\`\`\`typescript
+export async function main(stripe: RT.Stripe) {
+  // stripe contains API key and config from the resource
+}
+\`\`\`
+Only use resource types if you need them to satisfy the instructions. Always use the RT namespace.
+Before using a resource type, check the \`rt.d.ts\` file in the project root to see all available resource types and their fields. This file is generated by \`wmill resource-type generate-namespace\`.
+## Imports
+**No imports allowed.** Use the globally available \`fetch\` function:
+\`\`\`typescript
+export async function main(url: string) {
+  const response = await fetch(url);
+  return await response.json();
+}
+\`\`\`
+## Windmill Client
+The windmill client is not available in native TypeScript mode. Use fetch to call APIs directly.
+## Preprocessor Scripts
+For preprocessor scripts, the function should be named \`preprocessor\` and receives an \`event\` parameter:
+\`\`\`typescript
+type Event = {
+  kind:
+    | "webhook"
+    | "http"
+    | "websocket"
+    | "kafka"
+    | "email"
+    | "nats"
+    | "postgres"
+    | "sqs"
+    | "mqtt"
+    | "gcp";
+  body: any;
+  headers: Record<string, string>;
+  query: Record<string, string>;
+};
+export async function preprocessor(event: Event) {
+  return {
+    param1: event.body.field1,
+    param2: event.query.id
+  };
+}
+\`\`\`
+# TypeScript SDK (windmill-client)
+Import: import * as wmill from 'windmill-client'
 /**
  * Initialize the Windmill client with authentication token and base URL
@@ -74637,30 +75367,144 @@ waitForApproval(options?: { timeout?: number; form?: object; }): PromiseLike<{ v
  * const results = await parallel(items, process, { concurrency: 5 });
  */
 async parallel<T, R>(items: T[], fn: (item: T) => PromiseLike<R> | R, options?: { concurrency?: number },): Promise<R[]>
+/**
+ * Commit Kafka offsets for a trigger with auto_commit disabled.
+ * @param triggerPath - Path to the Kafka trigger (from event.wm_trigger.trigger_path)
+ * @param topic - Kafka topic name (from event.topic)
+ * @param partition - Partition number (from event.partition)
+ * @param offset - Message offset to commit (from event.offset)
+ */
+async commitKafkaOffsets(triggerPath: string, topic: string, partition: number, offset: number,): Promise<void>
+/**
+ * Create a SQL template function for PostgreSQL/datatable queries
+ * @param name - Database/datatable name (default: "main")
+ * @returns SQL template function for building parameterized queries
+ * @example
+ * let sql = wmill.datatable()
+ * let name = 'Robin'
+ * let age = 21
+ * await sql\`
+ *   SELECT * FROM friends
+ *     WHERE name = \${name} AND age = \${age}::int
+ * \`.fetch()
+ */
+datatable(name: string = "main"): DatatableSqlTemplateFunction
+/**
+ * Create a SQL template function for DuckDB/ducklake queries
+ * @param name - DuckDB database name (default: "main")
+ * @returns SQL template function for building parameterized queries
+ * @example
+ * let sql = wmill.ducklake()
+ * let name = 'Robin'
+ * let age = 21
+ * await sql\`
+ *   SELECT * FROM friends
+ *     WHERE name = \${name} AND age = \${age}
+ * \`.fetch()
+ */
+ducklake(name: string = "main"): SqlTemplateFunction
+`,
+  "write-script-php": `---
+name: write-script-php
+description: MUST use when writing PHP scripts.
+---
+## CLI Commands
+Place scripts in a folder. After writing, tell the user they can run:
+- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
+- \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
+Use \`wmill resource-type list --schema\` to discover available resource types.
+# PHP
+## Structure
+The script must start with \`<?php\` and contain at least one function called \`main\`:
+\`\`\`php
+<?php
+function main(string $param1, int $param2) {
+    return ["result" => $param1, "count" => $param2];
+}
+\`\`\`
+## Resource Types
+On Windmill, credentials and configuration are stored in resources and passed as parameters to main.
+You need to **redefine** the type of the resources that are needed before the main function. Always check if the class already exists using \`class_exists\`:
+\`\`\`php
+<?php
+if (!class_exists('Postgresql')) {
+    class Postgresql {
+        public string $host;
+        public int $port;
+        public string $user;
+        public string $password;
+        public string $dbname;
+    }
+}
+function main(Postgresql $db) {
+    // $db contains the database connection details
+}
+\`\`\`
+The resource type name has to be exactly as specified.
+## Library Dependencies
+Specify library dependencies as comments before the main function:
+\`\`\`php
+<?php
+// require:
+// guzzlehttp/guzzle
+// stripe/stripe-php@^10.0
+function main() {
+    // Libraries are available
+}
+\`\`\`
+One dependency per line. No need to require autoload, it is already done.
 `,
-  "write-script-mysql": `---
-name: write-script-mysql
-description: MUST use when writing MySQL queries.
+  "write-script-postgresql": `---
+name: write-script-postgresql
+description: MUST use when writing PostgreSQL queries.
 ---
 ## CLI Commands
-Place scripts in a folder. After writing, run:
+Place scripts in a folder. After writing, tell the user they can run:
 - \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
 - \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
 Use \`wmill resource-type list --schema\` to discover available resource types.
-# MySQL
+# PostgreSQL
-Arguments use \`?\` placeholders.
+Arguments are obtained directly in the statement with \`$1::{type}\`, \`$2::{type}\`, etc.
-Name the parameters by adding comments before the statement:
+Name the parameters by adding comments at the beginning of the script (without specifying the type):
 \`\`\`sql
--- ? name1 (text)
--- ? name2 (int) = 0
-SELECT * FROM users WHERE name = ? AND age > ?;
+-- $1 name1
+-- $2 name2 = default_value
+SELECT * FROM users WHERE name = $1::TEXT AND age > $2::INT;
 \`\`\`
 `,
   "write-script-powershell": `---
@@ -74670,10 +75514,12 @@ description: MUST use when writing PowerShell scripts.
 ## CLI Commands
-Place scripts in a folder. After writing, run:
+Place scripts in a folder. After writing, tell the user they can run:
 - \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
 - \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
 Use \`wmill resource-type list --schema\` to discover available resource types.
 # PowerShell
@@ -74731,31 +75577,6 @@ $result = @{
 $result
 \`\`\`
-`,
-  "write-script-snowflake": `---
-name: write-script-snowflake
-description: MUST use when writing Snowflake queries.
----
-## CLI Commands
-Place scripts in a folder. After writing, run:
-- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
-- \`wmill sync push\` - Deploy to Windmill
-Use \`wmill resource-type list --schema\` to discover available resource types.
-# Snowflake
-Arguments use \`?\` placeholders.
-Name the parameters by adding comments before the statement:
-\`\`\`sql
--- ? name1 (text)
--- ? name2 (number) = 0
-SELECT * FROM users WHERE name = ? AND age > ?;
-\`\`\`
 `,
   "write-script-python3": `---
 name: write-script-python3
@@ -74764,10 +75585,12 @@ description: MUST use when writing Python scripts.
 ## CLI Commands
-Place scripts in a folder. After writing, run:
+Place scripts in a folder. After writing, tell the user they can run:
 - \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
 - \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
 Use \`wmill resource-type list --schema\` to discover available resource types.
 # Python
@@ -75508,806 +76331,186 @@ def task_script(path: str, timeout: Optional[int] = None, tag: Optional[str] = N
 #
 #     @workflow
 #     async def main():
-#         result = await pipeline(input=data)
-def task_flow(path: str, timeout: Optional[int] = None, tag: Optional[str] = None, cache_ttl: Optional[int] = None, priority: Optional[int] = None, concurrency_limit: Optional[int] = None, concurrency_key: Optional[str] = None, concurrency_time_window_s: Optional[int] = None)
-# Decorator marking an async function as a workflow-as-code entry point.
-#
-# The function must be **deterministic**: given the same inputs it must call
-# tasks in the same order on every replay. Branching on task results is fine
-# (results are replayed from checkpoint), but branching on external state
-# (current time, random values, external API calls) must use \`\`step()\`\` to
-# checkpoint the value so replays see the same result.
-def workflow(func)
-# Execute \`\`fn\`\` inline and checkpoint the result.
-#
-# On replay the cached value is returned without re-executing \`\`fn\`\`.
-# Use for lightweight deterministic operations (timestamps, random IDs,
-# config reads) that should not incur the overhead of a child job.
-async def step(name: str, fn)
-# Server-side sleep — suspend the workflow for the given duration without holding a worker.
-#
-# Inside a @workflow, the parent job suspends and auto-resumes after \`\`seconds\`\`.
-# Outside a workflow, falls back to \`\`asyncio.sleep\`\`.
-async def sleep(seconds: int)
-# Suspend the workflow and wait for an external approval.
-#
-# Use \`\`get_resume_urls()\`\` (wrapped in \`\`step()\`\`) to obtain
-# resume/cancel/approval URLs before calling this function.
-#
-# Returns a dict with \`\`value\`\` (form data), \`\`approver\`\`, and \`\`approved\`\`.
-#
-# Example::
-#
-#     urls = await step("urls", lambda: get_resume_urls())
-#     await step("notify", lambda: send_email(urls["approvalPage"]))
-#     result = await wait_for_approval(timeout=3600)
-async def wait_for_approval(timeout: int = 1800, form: dict | None = None) -> dict
-# Process items in parallel with optional concurrency control.
-#
-# Each item is processed by calling \`\`fn(item)\`\`, which should be a @task.
-# Items are dispatched in batches of \`\`concurrency\`\` (default: all at once).
-#
-# Example::
-#
-#     @task
-#     async def process(item: str):
-#         ...
-#
-#     results = await parallel(items, process, concurrency=5)
-async def parallel(items, fn, concurrency: Optional[int] = None)
-`,
-  "write-script-duckdb": `---
-name: write-script-duckdb
-description: MUST use when writing DuckDB queries.
----
-## CLI Commands
-Place scripts in a folder. After writing, run:
-- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
-- \`wmill sync push\` - Deploy to Windmill
-Use \`wmill resource-type list --schema\` to discover available resource types.
-# DuckDB
-Arguments are defined with comments and used with \`$name\` syntax:
-\`\`\`sql
--- $name (text) = default
--- $age (integer)
-SELECT * FROM users WHERE name = $name AND age > $age;
-\`\`\`
-## Ducklake Integration
-Attach Ducklake for data lake operations:
-\`\`\`sql
--- Main ducklake
-ATTACH 'ducklake' AS dl;
--- Named ducklake
-ATTACH 'ducklake://my_lake' AS dl;
--- Then query
-SELECT * FROM dl.schema.table;
-\`\`\`
-## External Database Connections
-Connect to external databases using resources:
-\`\`\`sql
-ATTACH '$res:path/to/resource' AS db (TYPE postgres);
-SELECT * FROM db.schema.table;
-\`\`\`
-## S3 File Operations
-Read files from S3 storage:
-\`\`\`sql
--- Default storage
-SELECT * FROM read_csv('s3:///path/to/file.csv');
--- Named storage
-SELECT * FROM read_csv('s3://storage_name/path/to/file.csv');
--- Parquet files
-SELECT * FROM read_parquet('s3:///path/to/file.parquet');
--- JSON files
-SELECT * FROM read_json('s3:///path/to/file.json');
-\`\`\`
-`,
-  "write-script-bash": `---
-name: write-script-bash
-description: MUST use when writing Bash scripts.
----
-## CLI Commands
-Place scripts in a folder. After writing, run:
-- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
-- \`wmill sync push\` - Deploy to Windmill
-Use \`wmill resource-type list --schema\` to discover available resource types.
-# Bash
-## Structure
-Do not include \`#!/bin/bash\`. Arguments are obtained as positional parameters:
-\`\`\`bash
-# Get arguments
-var1="$1"
-var2="$2"
-echo "Processing $var1 and $var2"
-# Return JSON by echoing to stdout
-echo "{\\"result\\": \\"$var1\\", \\"count\\": $var2}"
-\`\`\`
-**Important:**
-- Do not include shebang (\`#!/bin/bash\`)
-- Arguments are always strings
-- Access with \`$1\`, \`$2\`, etc.
-## Output
-The script output is captured as the result. For structured data, output valid JSON:
-\`\`\`bash
-name="$1"
-count="$2"
-# Output JSON result
-cat << EOF
-{
-  "name": "$name",
-  "count": $count,
-  "timestamp": "$(date -Iseconds)"
-}
-EOF
-\`\`\`
-## Environment Variables
-Environment variables set in Windmill are available:
-\`\`\`bash
-# Access environment variable
-echo "Workspace: $WM_WORKSPACE"
-echo "Job ID: $WM_JOB_ID"
-\`\`\`
-`,
-  "write-script-nativets": `---
-name: write-script-nativets
-description: MUST use when writing Native TypeScript scripts.
----
-## CLI Commands
-Place scripts in a folder. After writing, run:
-- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
-- \`wmill sync push\` - Deploy to Windmill
-Use \`wmill resource-type list --schema\` to discover available resource types.
-# TypeScript (Native)
-Native TypeScript execution with fetch only - no external imports allowed.
-## Structure
-Export a single **async** function called \`main\`:
-\`\`\`typescript
-export async function main(param1: string, param2: number) {
-  // Your code here
-  return { result: param1, count: param2 };
-}
-\`\`\`
-Do not call the main function.
-## Resource Types
-On Windmill, credentials and configuration are stored in resources and passed as parameters to main.
-Use the \`RT\` namespace for resource types:
-\`\`\`typescript
-export async function main(stripe: RT.Stripe) {
-  // stripe contains API key and config from the resource
-}
-\`\`\`
-Only use resource types if you need them to satisfy the instructions. Always use the RT namespace.
-Before using a resource type, check the \`rt.d.ts\` file in the project root to see all available resource types and their fields. This file is generated by \`wmill resource-type generate-namespace\`.
-## Imports
-**No imports allowed.** Use the globally available \`fetch\` function:
-\`\`\`typescript
-export async function main(url: string) {
-  const response = await fetch(url);
-  return await response.json();
-}
-\`\`\`
-## Windmill Client
-The windmill client is not available in native TypeScript mode. Use fetch to call APIs directly.
-## Preprocessor Scripts
-For preprocessor scripts, the function should be named \`preprocessor\` and receives an \`event\` parameter:
-\`\`\`typescript
-type Event = {
-  kind:
-    | "webhook"
-    | "http"
-    | "websocket"
-    | "kafka"
-    | "email"
-    | "nats"
-    | "postgres"
-    | "sqs"
-    | "mqtt"
-    | "gcp";
-  body: any;
-  headers: Record<string, string>;
-  query: Record<string, string>;
-};
-export async function preprocessor(event: Event) {
-  return {
-    param1: event.body.field1,
-    param2: event.query.id
-  };
-}
-\`\`\`
-# TypeScript SDK (windmill-client)
-Import: import * as wmill from 'windmill-client'
-/**
- * Create a SQL template function for PostgreSQL/datatable queries
- * @param name - Database/datatable name (default: "main")
- * @returns SQL template function for building parameterized queries
- * @example
- * let sql = wmill.datatable()
- * let name = 'Robin'
- * let age = 21
- * await sql\`
- *   SELECT * FROM friends
- *     WHERE name = \${name} AND age = \${age}::int
- * \`.fetch()
- */
-datatable(name: string = "main"): DatatableSqlTemplateFunction
-/**
- * Create a SQL template function for DuckDB/ducklake queries
- * @param name - DuckDB database name (default: "main")
- * @returns SQL template function for building parameterized queries
- * @example
- * let sql = wmill.ducklake()
- * let name = 'Robin'
- * let age = 21
- * await sql\`
- *   SELECT * FROM friends
- *     WHERE name = \${name} AND age = \${age}
- * \`.fetch()
- */
-ducklake(name: string = "main"): SqlTemplateFunction
-/**
- * Initialize the Windmill client with authentication token and base URL
- * @param token - Authentication token (defaults to WM_TOKEN env variable)
- * @param baseUrl - API base URL (defaults to BASE_INTERNAL_URL or BASE_URL env variable)
- */
-setClient(token?: string, baseUrl?: string): void
-/**
- * Create a client configuration from env variables
- * @returns client configuration
- */
-getWorkspace(): string
-/**
- * Get a resource value by path
- * @param path path of the resource,  default to internal state path
- * @param undefinedIfEmpty if the resource does not exist, return undefined instead of throwing an error
- * @returns resource value
- */
-async getResource(path?: string, undefinedIfEmpty?: boolean): Promise<any>
-/**
- * Get the true root job id
- * @param jobId job id to get the root job id from (default to current job)
- * @returns root job id
- */
-async getRootJobId(jobId?: string): Promise<string>
-/**
- * @deprecated Use runScriptByPath or runScriptByHash instead
- */
-async runScript(path: string | null = null, hash_: string | null = null, args: Record<string, any> | null = null, verbose: boolean = false): Promise<any>
-/**
- * Run a script synchronously by its path and wait for the result
- * @param path - Script path in Windmill
- * @param args - Arguments to pass to the script
- * @param verbose - Enable verbose logging
- * @returns Script execution result
- */
-async runScriptByPath(path: string, args: Record<string, any> | null = null, verbose: boolean = false): Promise<any>
-/**
- * Run a script synchronously by its hash and wait for the result
- * @param hash_ - Script hash in Windmill
- * @param args - Arguments to pass to the script
- * @param verbose - Enable verbose logging
- * @returns Script execution result
- */
-async runScriptByHash(hash_: string, args: Record<string, any> | null = null, verbose: boolean = false): Promise<any>
-/**
- * Append a text to the result stream
- * @param text text to append to the result stream
- */
-appendToResultStream(text: string): void
-/**
- * Stream to the result stream
- * @param stream stream to stream to the result stream
- */
-async streamResult(stream: AsyncIterable<string>): Promise<void>
-/**
- * Run a flow synchronously by its path and wait for the result
- * @param path - Flow path in Windmill
- * @param args - Arguments to pass to the flow
- * @param verbose - Enable verbose logging
- * @returns Flow execution result
- */
-async runFlow(path: string | null = null, args: Record<string, any> | null = null, verbose: boolean = false): Promise<any>
-/**
- * Wait for a job to complete and return its result
- * @param jobId - ID of the job to wait for
- * @param verbose - Enable verbose logging
- * @returns Job result when completed
- */
-async waitJob(jobId: string, verbose: boolean = false): Promise<any>
-/**
- * Get the result of a completed job
- * @param jobId - ID of the completed job
- * @returns Job result
- */
-async getResult(jobId: string): Promise<any>
-/**
- * Get the result of a job if completed, or its current status
- * @param jobId - ID of the job
- * @returns Object with started, completed, success, and result properties
- */
-async getResultMaybe(jobId: string): Promise<any>
-/**
- * @deprecated Use runScriptByPathAsync or runScriptByHashAsync instead
- */
-async runScriptAsync(path: string | null, hash_: string | null, args: Record<string, any> | null, scheduledInSeconds: number | null = null): Promise<string>
-/**
- * Run a script asynchronously by its path
- * @param path - Script path in Windmill
- * @param args - Arguments to pass to the script
- * @param scheduledInSeconds - Schedule execution for a future time (in seconds)
- * @returns Job ID of the created job
- */
-async runScriptByPathAsync(path: string, args: Record<string, any> | null = null, scheduledInSeconds: number | null = null): Promise<string>
-/**
- * Run a script asynchronously by its hash
- * @param hash_ - Script hash in Windmill
- * @param args - Arguments to pass to the script
- * @param scheduledInSeconds - Schedule execution for a future time (in seconds)
- * @returns Job ID of the created job
- */
-async runScriptByHashAsync(hash_: string, args: Record<string, any> | null = null, scheduledInSeconds: number | null = null): Promise<string>
-/**
- * Run a flow asynchronously by its path
- * @param path - Flow path in Windmill
- * @param args - Arguments to pass to the flow
- * @param scheduledInSeconds - Schedule execution for a future time (in seconds)
- * @param doNotTrackInParent - If false, tracks state in parent job (only use when fully awaiting the job)
- * @returns Job ID of the created job
- */
-async runFlowAsync(path: string | null, args: Record<string, any> | null, scheduledInSeconds: number | null = null, // can only be set to false if this the job will be fully await and not concurrent with any other job // as otherwise the child flow and its own child will store their state in the parent job which will // lead to incorrectness and failures doNotTrackInParent: boolean = true): Promise<string>
-/**
- * Resolve a resource value in case the default value was picked because the input payload was undefined
- * @param obj resource value or path of the resource under the format \`$res:path\`
- * @returns resource value
- */
-async resolveDefaultResource(obj: any): Promise<any>
-/**
- * Get the state file path from environment variables
- * @returns State path string
- */
-getStatePath(): string
-/**
- * Set a resource value by path
- * @param path path of the resource to set, default to state path
- * @param value new value of the resource to set
- * @param initializeToTypeIfNotExist if the resource does not exist, initialize it with this type
- */
-async setResource(value: any, path?: string, initializeToTypeIfNotExist?: string): Promise<void>
-/**
- * Set the state
- * @param state state to set
- * @deprecated use setState instead
- */
-async setInternalState(state: any): Promise<void>
-/**
- * Set the state
- * @param state state to set
- * @param path Optional state resource path override. Defaults to \`getStatePath()\`.
- */
-async setState(state: any, path?: string): Promise<void>
+#         result = await pipeline(input=data)
+def task_flow(path: str, timeout: Optional[int] = None, tag: Optional[str] = None, cache_ttl: Optional[int] = None, priority: Optional[int] = None, concurrency_limit: Optional[int] = None, concurrency_key: Optional[str] = None, concurrency_time_window_s: Optional[int] = None)
-/**
- * Set the progress
- * Progress cannot go back and limited to 0% to 99% range
- * @param percent Progress to set in %
- * @param jobId? Job to set progress for
- */
-async setProgress(percent: number, jobId?: any): Promise<void>
+# Decorator marking an async function as a workflow-as-code entry point.
+#
+# The function must be **deterministic**: given the same inputs it must call
+# tasks in the same order on every replay. Branching on task results is fine
+# (results are replayed from checkpoint), but branching on external state
+# (current time, random values, external API calls) must use \`\`step()\`\` to
+# checkpoint the value so replays see the same result.
+def workflow(func)
-/**
- * Get the progress
- * @param jobId? Job to get progress from
- * @returns Optional clamped between 0 and 100 progress value
- */
-async getProgress(jobId?: any): Promise<number | null>
+# Execute \`\`fn\`\` inline and checkpoint the result.
+#
+# On replay the cached value is returned without re-executing \`\`fn\`\`.
+# Use for lightweight deterministic operations (timestamps, random IDs,
+# config reads) that should not incur the overhead of a child job.
+async def step(name: str, fn)
-/**
- * Set a flow user state
- * @param key key of the state
- * @param value value of the state
- */
-async setFlowUserState(key: string, value: any, errorIfNotPossible?: boolean): Promise<void>
+# Server-side sleep — suspend the workflow for the given duration without holding a worker.
+#
+# Inside a @workflow, the parent job suspends and auto-resumes after \`\`seconds\`\`.
+# Outside a workflow, falls back to \`\`asyncio.sleep\`\`.
+async def sleep(seconds: int)
-/**
- * Get a flow user state
- * @param path path of the variable
- */
-async getFlowUserState(key: string, errorIfNotPossible?: boolean): Promise<any>
+# Suspend the workflow and wait for an external approval.
+#
+# Use \`\`get_resume_urls()\`\` (wrapped in \`\`step()\`\`) to obtain
+# resume/cancel/approval URLs before calling this function.
+#
+# Returns a dict with \`\`value\`\` (form data), \`\`approver\`\`, and \`\`approved\`\`.
+#
+# Example::
+#
+#     urls = await step("urls", lambda: get_resume_urls())
+#     await step("notify", lambda: send_email(urls["approvalPage"]))
+#     result = await wait_for_approval(timeout=3600)
+async def wait_for_approval(timeout: int = 1800, form: dict | None = None) -> dict
-/**
- * Get the internal state
- * @deprecated use getState instead
- */
-async getInternalState(): Promise<any>
+# Process items in parallel with optional concurrency control.
+#
+# Each item is processed by calling \`\`fn(item)\`\`, which should be a @task.
+# Items are dispatched in batches of \`\`concurrency\`\` (default: all at once).
+#
+# Example::
+#
+#     @task
+#     async def process(item: str):
+#         ...
+#
+#     results = await parallel(items, process, concurrency=5)
+async def parallel(items, fn, concurrency: Optional[int] = None)
-/**
- * Get the state shared across executions
- * @param path Optional state resource path override. Defaults to \`getStatePath()\`.
- */
-async getState(path?: string): Promise<any>
+# Commit Kafka offsets for a trigger with auto_commit disabled.
+#
+# Args:
+#     trigger_path: Path to the Kafka trigger (from event['wm_trigger']['trigger_path'])
+#     topic: Kafka topic name (from event['topic'])
+#     partition: Partition number (from event['partition'])
+#     offset: Message offset to commit (from event['offset'])
+def commit_kafka_offsets(trigger_path: str, topic: str, partition: int, offset: int) -> None
-/**
- * Get a variable by path
- * @param path path of the variable
- * @returns variable value
- */
-async getVariable(path: string): Promise<string>
+`,
+  "write-script-rust": `---
+name: write-script-rust
+description: MUST use when writing Rust scripts.
+---
-/**
- * Set a variable by path, create if not exist
- * @param path path of the variable
- * @param value value of the variable
- * @param isSecretIfNotExist if the variable does not exist, create it as secret or not (default: false)
- * @param descriptionIfNotExist if the variable does not exist, create it with this description (default: "")
- */
-async setVariable(path: string, value: string, isSecretIfNotExist?: boolean, descriptionIfNotExist?: string): Promise<void>
+## CLI Commands
-/**
- * Build a PostgreSQL connection URL from a database resource
- * @param path - Path to the database resource
- * @returns PostgreSQL connection URL string
- */
-async databaseUrlFromResource(path: string): Promise<string>
+Place scripts in a folder. After writing, tell the user they can run:
+- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
+- \`wmill sync push\` - Deploy to Windmill
-async polarsConnectionSettings(s3_resource_path: string | undefined): Promise<any>
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
-async duckdbConnectionSettings(s3_resource_path: string | undefined): Promise<any>
+Use \`wmill resource-type list --schema\` to discover available resource types.
-/**
- * Get S3 client settings from a resource or workspace default
- * @param s3_resource_path - Path to S3 resource (uses workspace default if undefined)
- * @returns S3 client configuration settings
- */
-async denoS3LightClientSettings(s3_resource_path: string | undefined): Promise<DenoS3LightClientSettings>
+# Rust
-/**
- * Load the content of a file stored in S3. If the s3ResourcePath is undefined, it will default to the workspace S3 resource.
- *
- * \`\`\`typescript
- * let fileContent = await wmill.loadS3FileContent(inputFile)
- * // if the file is a raw text file, it can be decoded and printed directly:
- * const text = new TextDecoder().decode(fileContentStream)
- * console.log(text);
- * \`\`\`
- */
-async loadS3File(s3object: S3Object, s3ResourcePath: string | undefined = undefined): Promise<Uint8Array | undefined>
+## Structure
-/**
- * Load the content of a file stored in S3 as a stream. If the s3ResourcePath is undefined, it will default to the workspace S3 resource.
- *
- * \`\`\`typescript
- * let fileContentBlob = await wmill.loadS3FileStream(inputFile)
- * // if the content is plain text, the blob can be read directly:
- * console.log(await fileContentBlob.text());
- * \`\`\`
- */
-async loadS3FileStream(s3object: S3Object, s3ResourcePath: string | undefined = undefined): Promise<Blob | undefined>
+The script must contain a function called \`main\` with proper return type:
-/**
- * Persist a file to the S3 bucket. If the s3ResourcePath is undefined, it will default to the workspace S3 resource.
- *
- * \`\`\`typescript
- * const s3object = await writeS3File(s3Object, "Hello Windmill!")
- * const fileContentAsUtf8Str = (await s3object.toArray()).toString('utf-8')
- * console.log(fileContentAsUtf8Str)
- * \`\`\`
- */
-async writeS3File(s3object: S3Object | undefined, fileContent: string | Blob, s3ResourcePath: string | undefined = undefined, contentType: string | undefined = undefined, contentDisposition: string | undefined = undefined): Promise<S3Object>
+\`\`\`rust
+use anyhow::anyhow;
+use serde::Serialize;
-/**
- * Sign S3 objects to be used by anonymous users in public apps
- * @param s3objects s3 objects to sign
- * @returns signed s3 objects
- */
-async signS3Objects(s3objects: S3Object[]): Promise<S3Object[]>
+#[derive(Serialize, Debug)]
+struct ReturnType {
+    result: String,
+    count: i32,
+}
-/**
- * Sign S3 object to be used by anonymous users in public apps
- * @param s3object s3 object to sign
- * @returns signed s3 object
- */
-async signS3Object(s3object: S3Object): Promise<S3Object>
+fn main(param1: String, param2: i32) -> anyhow::Result<ReturnType> {
+    Ok(ReturnType {
+        result: param1,
+        count: param2,
+    })
+}
+\`\`\`
-/**
- * Generate a presigned public URL for an array of S3 objects.
- * If an S3 object is not signed yet, it will be signed first.
- * @param s3Objects s3 objects to sign
- * @returns list of signed public URLs
- */
-async getPresignedS3PublicUrls(s3Objects: S3Object[], { baseUrl }: { baseUrl?: string } = {}): Promise<string[]>
+**Important:**
+- Arguments should be owned types
+- Return type must be serializable (\`#[derive(Serialize)]\`)
+- Return type is \`anyhow::Result<T>\`
-/**
- * Generate a presigned public URL for an S3 object. If the S3 object is not signed yet, it will be signed first.
- * @param s3Object s3 object to sign
- * @returns signed public URL
- */
-async getPresignedS3PublicUrl(s3Objects: S3Object, { baseUrl }: { baseUrl?: string } = {}): Promise<string>
+## Dependencies
-/**
- * Get URLs needed for resuming a flow after this step
- * @param approver approver name
- * @param flowLevel if true, generate resume URLs for the parent flow instead of the specific step.
- *                  This allows pre-approvals that can be consumed by any later suspend step in the same flow.
- * @returns approval page UI URL, resume and cancel API URLs for resuming the flow
- */
-async getResumeUrls(approver?: string, flowLevel?: boolean): Promise<{
-  approvalPage: string;
-  resume: string;
-  cancel: string;
-}>
+Packages must be specified with a partial cargo.toml at the beginning of the script:
-/**
- * @deprecated use getResumeUrls instead
- */
-getResumeEndpoints(approver?: string): Promise<{
-  approvalPage: string;
-  resume: string;
-  cancel: string;
-}>
+\`\`\`rust
+//! \`\`\`cargo
+//! [dependencies]
+//! anyhow = "1.0.86"
+//! reqwest = { version = "0.11", features = ["json"] }
+//! tokio = { version = "1", features = ["full"] }
+//! \`\`\`
-/**
- * Get an OIDC jwt token for auth to external services (e.g: Vault, AWS) (ee only)
- * @param audience audience of the token
- * @param expiresIn Optional number of seconds until the token expires
- * @returns jwt token
- */
-async getIdToken(audience: string, expiresIn?: number): Promise<string>
+use anyhow::anyhow;
+// ... rest of the code
+\`\`\`
-/**
- * Convert a base64-encoded string to Uint8Array
- * @param data - Base64-encoded string
- * @returns Decoded Uint8Array
- */
-base64ToUint8Array(data: string): Uint8Array
+**Note:** Serde is already included, no need to add it again.
-/**
- * Convert a Uint8Array to base64-encoded string
- * @param arrayBuffer - Uint8Array to encode
- * @returns Base64-encoded string
- */
-uint8ArrayToBase64(arrayBuffer: Uint8Array): string
+## Async Functions
-/**
- * Get email from workspace username
- * This method is particularly useful for apps that require the email address of the viewer.
- * Indeed, in the viewer context, WM_USERNAME is set to the username of the viewer but WM_EMAIL is set to the email of the creator of the app.
- * @param username
- * @returns email address
- */
-async usernameToEmail(username: string): Promise<string>
+If you need to handle async functions (e.g., using tokio), keep the main function sync and create the runtime inside:
-/**
- * Sends an interactive approval request via Slack, allowing optional customization of the message, approver, and form fields.
- *
- * **[Enterprise Edition Only]** To include form fields in the Slack approval request, go to **Advanced -> Suspend -> Form**
- * and define a form. Learn more at [Windmill Documentation](https://www.windmill.dev/docs/flows/flow_approval#form).
- *
- * @param {Object} options - The configuration options for the Slack approval request.
- * @param {string} options.slackResourcePath - The path to the Slack resource in Windmill.
- * @param {string} options.channelId - The Slack channel ID where the approval request will be sent.
- * @param {string} [options.message] - Optional custom message to include in the Slack approval request.
- * @param {string} [options.approver] - Optional user ID or name of the approver for the request.
- * @param {DefaultArgs} [options.defaultArgsJson] - Optional object defining or overriding the default arguments to a form field.
- * @param {Enums} [options.dynamicEnumsJson] - Optional object overriding the enum default values of an enum form field.
- * @param {string} [options.resumeButtonText] - Optional text for the resume button.
- * @param {string} [options.cancelButtonText] - Optional text for the cancel button.
- *
- * @returns {Promise<void>} Resolves when the Slack approval request is successfully sent.
- *
- * @throws {Error} If the function is not called within a flow or flow preview.
- * @throws {Error} If the \`JobService.getSlackApprovalPayload\` call fails.
- *
- * **Usage Example:**
- * \`\`\`typescript
- * await requestInteractiveSlackApproval({
- *   slackResourcePath: "/u/alex/my_slack_resource",
- *   channelId: "admins-slack-channel",
- *   message: "Please approve this request",
- *   approver: "approver123",
- *   defaultArgsJson: { key1: "value1", key2: 42 },
- *   dynamicEnumsJson: { foo: ["choice1", "choice2"], bar: ["optionA", "optionB"] },
- *   resumeButtonText: "Resume",
- *   cancelButtonText: "Cancel",
- * });
- * \`\`\`
- *
- * **Note:** This function requires execution within a Windmill flow or flow preview.
- */
-async requestInteractiveSlackApproval({ slackResourcePath, channelId, message, approver, defaultArgsJson, dynamicEnumsJson, resumeButtonText, cancelButtonText, }: SlackApprovalOptions): Promise<void>
+\`\`\`rust
+//! \`\`\`cargo
+//! [dependencies]
+//! anyhow = "1.0.86"
+//! tokio = { version = "1", features = ["full"] }
+//! reqwest = { version = "0.11", features = ["json"] }
+//! \`\`\`
-/**
- * Sends an interactive approval request via Teams, allowing optional customization of the message, approver, and form fields.
- *
- * **[Enterprise Edition Only]** To include form fields in the Teams approval request, go to **Advanced -> Suspend -> Form**
- * and define a form. Learn more at [Windmill Documentation](https://www.windmill.dev/docs/flows/flow_approval#form).
- *
- * @param {Object} options - The configuration options for the Teams approval request.
- * @param {string} options.teamName - The Teams team name where the approval request will be sent.
- * @param {string} options.channelName - The Teams channel name where the approval request will be sent.
- * @param {string} [options.message] - Optional custom message to include in the Teams approval request.
- * @param {string} [options.approver] - Optional user ID or name of the approver for the request.
- * @param {DefaultArgs} [options.defaultArgsJson] - Optional object defining or overriding the default arguments to a form field.
- * @param {Enums} [options.dynamicEnumsJson] - Optional object overriding the enum default values of an enum form field.
- *
- * @returns {Promise<void>} Resolves when the Teams approval request is successfully sent.
- *
- * @throws {Error} If the function is not called within a flow or flow preview.
- * @throws {Error} If the \`JobService.getTeamsApprovalPayload\` call fails.
- *
- * **Usage Example:**
- * \`\`\`typescript
- * await requestInteractiveTeamsApproval({
- *   teamName: "admins-teams",
- *   channelName: "admins-teams-channel",
- *   message: "Please approve this request",
- *   approver: "approver123",
- *   defaultArgsJson: { key1: "value1", key2: 42 },
- *   dynamicEnumsJson: { foo: ["choice1", "choice2"], bar: ["optionA", "optionB"] },
- * });
- * \`\`\`
- *
- * **Note:** This function requires execution within a Windmill flow or flow preview.
- */
-async requestInteractiveTeamsApproval({ teamName, channelName, message, approver, defaultArgsJson, dynamicEnumsJson, }: TeamsApprovalOptions): Promise<void>
+use anyhow::anyhow;
+use serde::Serialize;
-/**
- * Parse an S3 object from URI string or record format
- * @param s3Object - S3 object as URI string (s3://storage/key) or record
- * @returns S3 object record with storage and s3 key
- */
-parseS3Object(s3Object: S3Object): S3ObjectRecord
+#[derive(Serialize, Debug)]
+struct Response {
+    data: String,
+}
-setWorkflowCtx(ctx: WorkflowCtx | null): void
+fn main(url: String) -> anyhow::Result<Response> {
+    let rt = tokio::runtime::Runtime::new()?;
+    rt.block_on(async {
+        let resp = reqwest::get(&url).await?.text().await?;
+        Ok(Response { data: resp })
+    })
+}
+\`\`\`
+`,
+  "write-script-snowflake": `---
+name: write-script-snowflake
+description: MUST use when writing Snowflake queries.
+---
-async sleep(seconds: number): Promise<void>
+## CLI Commands
-async step<T>(name: string, fn: () => T | Promise<T>): Promise<T>
+Place scripts in a folder. After writing, tell the user they can run:
+- \`wmill script generate-metadata\` - Generate .script.yaml and .lock files
+- \`wmill sync push\` - Deploy to Windmill
-/**
- * Create a task that dispatches to a separate Windmill script.
- *
- * @example
- * const extract = taskScript("f/data/extract");
- * // inside workflow: await extract({ url: "https://..." })
- */
-taskScript(path: string, options?: TaskOptions): (...args: any[]) => PromiseLike<any>
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
-/**
- * Create a task that dispatches to a separate Windmill flow.
- *
- * @example
- * const pipeline = taskFlow("f/etl/pipeline");
- * // inside workflow: await pipeline({ input: data })
- */
-taskFlow(path: string, options?: TaskOptions): (...args: any[]) => PromiseLike<any>
+Use \`wmill resource-type list --schema\` to discover available resource types.
-/**
- * Mark an async function as a workflow-as-code entry point.
- *
- * The function must be **deterministic**: given the same inputs it must call
- * tasks in the same order on every replay. Branching on task results is fine
- * (results are replayed from checkpoint), but branching on external state
- * (current time, random values, external API calls) must use \`step()\` to
- * checkpoint the value so replays see the same result.
- */
-workflow<T>(fn: (...args: any[]) => Promise<T>): void
+# Snowflake
-/**
- * Suspend the workflow and wait for an external approval.
- *
- * Use \`getResumeUrls()\` (wrapped in \`step()\`) to obtain resume/cancel/approvalPage
- * URLs before calling this function.
- *
- * @example
- * const urls = await step("urls", () => getResumeUrls());
- * await step("notify", () => sendEmail(urls.approvalPage));
- * const { value, approver } = await waitForApproval({ timeout: 3600 });
- */
-waitForApproval(options?: { timeout?: number; form?: object; }): PromiseLike<{ value: any; approver: string; approved: boolean }>
+Arguments use \`?\` placeholders.
-/**
- * Process items in parallel with optional concurrency control.
- *
- * Each item is processed by calling \`fn(item)\`, which should be a task().
- * Items are dispatched in batches of \`concurrency\` (default: all at once).
- *
- * @example
- * const process = task(async (item: string) => { ... });
- * const results = await parallel(items, process, { concurrency: 5 });
- */
-async parallel<T, R>(items: T[], fn: (item: T) => PromiseLike<R> | R, options?: { concurrency?: number },): Promise<R[]>
+Name the parameters by adding comments before the statement:
+\`\`\`sql
+-- ? name1 (text)
+-- ? name2 (number) = 0
+SELECT * FROM users WHERE name = ? AND age > ?;
+\`\`\`
 `,
   "write-flow": `---
 name: write-flow
@@ -76320,10 +76523,12 @@ description: MUST use when creating flows.
 Create a folder ending with \`.flow\` and add a YAML file with the flow definition.
 For rawscript modules, use \`!inline path/to/script.ts\` for the content key.
-After writing:
+After writing, tell the user they can run:
 - \`wmill flow generate-locks <path_to_flow_folder> --yes\` - Generate lock files for the specific flow you modified (e.g. \`wmill flow generate-locks f/my_folder/my_flow.flow --yes\`)
 - \`wmill sync push\` - Deploy to Windmill
+Do NOT run these commands yourself. Instead, inform the user that they should run them.
 ## OpenFlow Schema
 The OpenFlow schema (openflow.openapi.yaml) is the source of truth for flow structure. Refer to OPENFLOW_SCHEMA for the complete type definitions.
@@ -76521,7 +76726,7 @@ export async function main(user_id: string) {
 }
 \`\`\`
-After creating, generate lock files:
+After creating, tell the user they can generate lock files by running:
 \`\`\`bash
 wmill app generate-locks
 \`\`\`
@@ -76674,6 +76879,8 @@ data:
 ## CLI Commands
+Tell the user they can run these commands (do NOT run them yourself):
 | Command | Description |
 |---------|-------------|
 | \`wmill app new\` | Create a new raw app interactively |
@@ -76690,7 +76897,7 @@ data:
 3. **Keep runnables focused** - one function per file
 4. **Use descriptive IDs** - \`get_user.ts\` not \`a.ts\`
 5. **Always whitelist tables** - add to \`data.tables\` before querying
-6. **Generate locks** - run \`wmill app generate-locks\` after adding/modifying backend runnables
+6. **Generate locks** - tell the user to run \`wmill app generate-locks\` after adding/modifying backend runnables
 `,
   triggers: `---
 name: triggers
@@ -76712,6 +76919,8 @@ Examples:
 ## CLI Commands
+After writing, tell the user they can run these commands (do NOT run them yourself):
 \`\`\`bash
 # Push trigger configuration
 wmill sync push
@@ -76761,6 +76970,8 @@ Windmill uses 6-field cron expressions (includes seconds):
 ## CLI Commands
+After writing, tell the user they can run these commands (do NOT run them yourself):
 \`\`\`bash
 # Push schedules to Windmill
 wmill sync push
@@ -77016,7 +77227,7 @@ wmill resource-type list --schema
 # Get specific resource type schema
 wmill resource-type get postgresql
-# Push resources
+# Push resources (tell the user to run this, do NOT run it yourself)
 wmill sync push
 \`\`\`
 `,
@@ -77029,8 +77240,6 @@ description: MUST use when using the CLI.
 The Windmill CLI (\`wmill\`) provides commands for managing scripts, flows, apps, and other resources.
-Current version: 1.651.1
 ## Global Options
 - \`--workspace <workspace:string>\` - Specify the target workspace. This overrides the default workspace.
@@ -77148,6 +77357,23 @@ folder related commands
 - \`folder add-missing\` - create default folder.meta.yaml for all subdirectories of f/ that are missing one
   - \`-y, --yes\` - skip confirmation prompt
+### generate-metadata
+Generate metadata (locks, schemas) for all scripts, flows, and apps
+**Arguments:** \`[folder:string]\`
+**Options:**
+- \`--yes\` - Skip confirmation prompt
+- \`--dry-run\` - Show what would be updated without making changes
+- \`--lock-only\` - Re-generate only the lock files
+- \`--schema-only\` - Re-generate only script schemas (skips flows and apps)
+- \`--skip-scripts\` - Skip processing scripts
+- \`--skip-flows\` - Skip processing flows
+- \`--skip-apps\` - Skip processing apps
+- \`-i --includes <patterns:file[]>\` - Comma separated patterns to specify which files to include
+- \`-e --excludes <patterns:file[]>\` - Comma separated patterns to specify which files to exclude
 ### gitsync-settings
 Manage git-sync settings between local wmill.yaml and Windmill backend
@@ -77776,6 +78002,18 @@ properties:
         key:
           type: string
         value: {}
+  auto_offset_reset:
+    type: string
+    enum:
+    - latest
+    - earliest
+    description: Initial offset behavior when consumer group has no committed offset.
+      'latest' starts from new messages only, 'earliest' starts from the beginning.
+  auto_commit:
+    type: boolean
+    description: When true (default), offsets are committed automatically after receiving
+      each message. When false, you must manually commit offsets using the commit_offsets
+      endpoint.
   error_handler_path:
     type: string
     description: Path to a script or flow to run when the triggered job fails
@@ -78764,6 +79002,170 @@ var push12 = new Command().description("Push completed and queued jobs to worksp
 var command28 = new Command().description("Manage jobs (import/export)").command("pull", pull3).command("push", push12);
 var jobs_default = command28;
+// src/commands/generate-metadata/generate-metadata.ts
+init_mod3();
+init_colors2();
+init_log();
+init_resource_folders();
+await __promiseAll([
+  init_confirm(),
+  init_conf(),
+  init_context(),
+  init_auth(),
+  init_metadata(),
+  init_flow_metadata(),
+  init_app_metadata(),
+  init_sync(),
+  init_script(),
+  init_codebase()
+]);
+import { sep as SEP21 } from "node:path";
+async function generateMetadata2(opts, folder) {
+  if (folder === "") {
+    folder = undefined;
+  }
+  const workspace = await resolveWorkspace(opts);
+  await requireLogin(opts);
+  opts = await mergeConfigWithConfigFile(opts);
+  const rawWorkspaceDependencies = await getRawWorkspaceDependencies();
+  const codebases = await listSyncCodebases(opts);
+  const ignore = await ignoreF(opts);
+  const staleItems = [];
+  const skipScripts = opts.skipScripts ?? false;
+  const skipFlows = opts.skipFlows ?? opts.schemaOnly ?? false;
+  const skipApps = opts.skipApps ?? opts.schemaOnly ?? false;
+  const checking = [];
+  if (!skipScripts)
+    checking.push("scripts");
+  if (!skipFlows)
+    checking.push("flows");
+  if (!skipApps)
+    checking.push("apps");
+  if (checking.length === 0) {
+    info(colors.yellow("Nothing to check (all types skipped)"));
+    return;
+  }
+  info(colors.gray(`Checking ${checking.join(", ")}...`));
+  if (!skipScripts) {
+    const scriptElems = await elementsToMap(await FSFSElement(process.cwd(), codebases, false), (p, isD) => {
+      return !isD && !exts.some((ext2) => p.endsWith(ext2)) || ignore(p, isD) || isFlowPath(p) || isAppPath(p) || isRawAppPath(p);
+    }, false, {});
+    for (const e of Object.keys(scriptElems)) {
+      const candidate = await generateScriptMetadataInternal(e, workspace, opts, true, true, rawWorkspaceDependencies, codebases, false);
+      if (candidate) {
+        staleItems.push({ type: "script", path: candidate, folder: e });
+      }
+    }
+  }
+  if (!skipFlows) {
+    const flowElems = Object.keys(await elementsToMap(await FSFSElement(process.cwd(), [], true), (p, isD) => {
+      return ignore(p, isD) || !isD && !p.endsWith(SEP21 + "flow.yaml") && !p.endsWith(SEP21 + "flow.json");
+    }, false, {})).map((x) => x.substring(0, x.lastIndexOf(SEP21)));
+    for (const folder2 of flowElems) {
+      const candidate = await generateFlowLockInternal(folder2, true, workspace, opts, false, true);
+      if (candidate) {
+        staleItems.push({ type: "flow", path: candidate, folder: folder2 });
+      }
+    }
+  }
+  if (!skipApps) {
+    const elems = await elementsToMap(await FSFSElement(process.cwd(), [], true), (p, isD) => {
+      return ignore(p, isD) || !isD && !p.endsWith(SEP21 + "raw_app.yaml") && !p.endsWith(SEP21 + "app.yaml");
+    }, false, {});
+    const rawAppFolders = getAppFolders(elems, "raw_app.yaml");
+    const appFolders = getAppFolders(elems, "app.yaml");
+    for (const appFolder of rawAppFolders) {
+      const candidate = await generateAppLocksInternal(appFolder, true, true, workspace, opts, false, true);
+      if (candidate) {
+        staleItems.push({ type: "app", path: candidate, folder: appFolder, isRawApp: true });
+      }
+    }
+    for (const appFolder of appFolders) {
+      const candidate = await generateAppLocksInternal(appFolder, false, true, workspace, opts, false, true);
+      if (candidate) {
+        staleItems.push({ type: "app", path: candidate, folder: appFolder, isRawApp: false });
+      }
+    }
+  }
+  let filteredItems = staleItems;
+  if (folder) {
+    folder = folder.replaceAll("\\", "/");
+    if (folder.endsWith("/")) {
+      folder = folder.substring(0, folder.length - 1);
+    }
+    filteredItems = staleItems.filter((item) => {
+      const normalizedFolder = item.folder.replaceAll("\\", "/");
+      return normalizedFolder === folder || normalizedFolder.startsWith(folder + "/");
+    });
+  }
+  if (filteredItems.length === 0) {
+    info(colors.green("All metadata up-to-date"));
+    return;
+  }
+  const scripts = filteredItems.filter((i) => i.type === "script");
+  const flows = filteredItems.filter((i) => i.type === "flow");
+  const apps2 = filteredItems.filter((i) => i.type === "app");
+  info("");
+  info(`Found ${filteredItems.length} item(s) with stale metadata:`);
+  if (scripts.length > 0) {
+    info(colors.gray(`  Scripts (${scripts.length}):`));
+    for (const item of scripts) {
+      info(colors.yellow(`    ${item.path}`));
+    }
+  }
+  if (flows.length > 0) {
+    info(colors.gray(`  Flows (${flows.length}):`));
+    for (const item of flows) {
+      info(colors.yellow(`    ${item.path}`));
+    }
+  }
+  if (apps2.length > 0) {
+    info(colors.gray(`  Apps (${apps2.length}):`));
+    for (const item of apps2) {
+      info(colors.yellow(`    ${item.path}`));
+    }
+  }
+  if (opts.dryRun) {
+    return;
+  }
+  info("");
+  if (!opts.yes && !await Confirm.prompt({
+    message: "Update metadata?",
+    default: true
+  })) {
+    return;
+  }
+  info("");
+  const total = filteredItems.length;
+  const maxWidth = `[${total}/${total}]`.length;
+  let current = 0;
+  const formatProgress = (n) => {
+    const bracket = `[${n}/${total}]`;
+    return colors.gray(bracket.padEnd(maxWidth, " "));
+  };
+  for (const item of scripts) {
+    current++;
+    info(`${formatProgress(current)} script ${colors.cyan(item.path)}`);
+    await generateScriptMetadataInternal(item.folder, workspace, opts, false, true, rawWorkspaceDependencies, codebases, false);
+  }
+  for (const item of flows) {
+    current++;
+    const result = await generateFlowLockInternal(item.folder, false, workspace, opts, false, true);
+    const scriptsInfo = result?.updatedScripts?.length ? `: ${colors.gray(result.updatedScripts.join(", "))}` : "";
+    info(`${formatProgress(current)} flow   ${colors.cyan(item.path)}${scriptsInfo}`);
+  }
+  for (const item of apps2) {
+    current++;
+    const result = await generateAppLocksInternal(item.folder, item.isRawApp, false, workspace, opts, false, true);
+    const scriptsInfo = result?.updatedScripts?.length ? `: ${colors.gray(result.updatedScripts.join(", "))}` : "";
+    info(`${formatProgress(current)} app    ${colors.cyan(item.path)}${scriptsInfo}`);
+  }
+  info("");
+  info(colors.green(`Done. Updated ${total} item(s).`));
+}
+var command29 = new Command().description("Generate metadata (locks, schemas) for all scripts, flows, and apps").arguments("[folder:string]").option("--yes", "Skip confirmation prompt").option("--dry-run", "Show what would be updated without making changes").option("--lock-only", "Re-generate only the lock files").option("--schema-only", "Re-generate only script schemas (skips flows and apps)").option("--skip-scripts", "Skip processing scripts").option("--skip-flows", "Skip processing flows").option("--skip-apps", "Skip processing apps").option("-i --includes <patterns:file[]>", "Comma separated patterns to specify which files to include").option("-e --excludes <patterns:file[]>", "Comma separated patterns to specify which files to exclude").action(generateMetadata2);
+var generate_metadata_default = command29;
 // src/commands/docs/docs.ts
 init_mod3();
 init_colors2();
@@ -78834,13 +79236,13 @@ ${await res.text()}`);
     console.log();
   }
 }
-var command29 = new Command().name("docs").description("Search Windmill documentation. Requires Enterprise Edition.").arguments("<query:string>").option("--json", "Output results as JSON.").action(docs);
-var docs_default = command29;
+var command30 = new Command().name("docs").description("Search Windmill documentation. Requires Enterprise Edition.").arguments("<query:string>").option("--json", "Output results as JSON.").action(docs);
+var docs_default = command30;
 // src/main.ts
 await init_context();
-var VERSION = "1.654.0";
-var command30 = new Command().name("wmill").action(() => info(`Welcome to Windmill CLI ${VERSION}. Use -h for help.`)).description("Windmill CLI").globalOption("--workspace <workspace:string>", "Specify the target workspace. This overrides the default workspace.").globalOption("--debug --verbose", "Show debug/verbose logs").globalOption("--show-diffs", "Show diff informations when syncing (may show sensitive informations)").globalOption("--token <token:string>", "Specify an API token. This will override any stored token.").globalOption("--base-url <baseUrl:string>", "Specify the base URL of the API. If used, --token and --workspace are required and no local remote/workspace already set will be used.").globalOption("--config-dir <configDir:string>", "Specify a custom config directory. Overrides WMILL_CONFIG_DIR environment variable and default ~/.config location.").env("HEADERS <headers:string>", `Specify headers to use for all requests. e.g: "HEADERS='h1: v1, h2: v2'"`).version(VERSION).versionOption(false).command("init", init_default).command("app", app_default).command("flow", flow_default).command("script", script_default).command("workspace", workspace_default).command("resource", resource_default).command("resource-type", resource_type_default).command("user", user_default).command("variable", variable_default).command("hub", hub_default).command("folder", folder_default).command("schedule", schedule_default).command("trigger", trigger_default).command("dev", dev_default2).command("sync", sync_default).command("lint", lint_default).command("gitsync-settings", gitsync_settings_default).command("instance", instance_default).command("worker-groups", worker_groups_default).command("workers", workers_default).command("queues", queues_default).command("dependencies", dependencies_default).command("jobs", jobs_default).command("docs", docs_default).command("version --version", "Show version information").action(async (opts) => {
+var VERSION = "1.657.0";
+var command31 = new Command().name("wmill").action(() => info(`Welcome to Windmill CLI ${VERSION}. Use -h for help.`)).description("Windmill CLI").globalOption("--workspace <workspace:string>", "Specify the target workspace. This overrides the default workspace.").globalOption("--debug --verbose", "Show debug/verbose logs").globalOption("--show-diffs", "Show diff informations when syncing (may show sensitive informations)").globalOption("--token <token:string>", "Specify an API token. This will override any stored token.").globalOption("--base-url <baseUrl:string>", "Specify the base URL of the API. If used, --token and --workspace are required and no local remote/workspace already set will be used.").globalOption("--config-dir <configDir:string>", "Specify a custom config directory. Overrides WMILL_CONFIG_DIR environment variable and default ~/.config location.").env("HEADERS <headers:string>", `Specify headers to use for all requests. e.g: "HEADERS='h1: v1, h2: v2'"`).version(VERSION).versionOption(false).command("init", init_default).command("app", app_default).command("flow", flow_default).command("script", script_default).command("workspace", workspace_default).command("resource", resource_default).command("resource-type", resource_type_default).command("user", user_default).command("variable", variable_default).command("hub", hub_default).command("folder", folder_default).command("schedule", schedule_default).command("trigger", trigger_default).command("dev", dev_default2).command("sync", sync_default).command("lint", lint_default).command("gitsync-settings", gitsync_settings_default).command("instance", instance_default).command("worker-groups", worker_groups_default).command("workers", workers_default).command("queues", queues_default).command("dependencies", dependencies_default).command("jobs", jobs_default).command("generate-metadata", generate_metadata_default).command("docs", docs_default).command("version --version", "Show version information").action(async (opts) => {
   console.log("CLI version: " + VERSION);
   try {
     const provider = new NpmProvider({ package: "windmill-cli" });
@@ -78870,20 +79272,20 @@ var command30 = new Command().name("wmill").action(() => info(`Welcome to Windmi
   error(e);
   info("Try running with sudo and otherwise check the result of the command: npm uninstall windmill-cli && npm install -g windmill-cli");
 })).command("completions", new Command().description("Generate shell completions.").command("bash", new Command().description("Generate bash completions.").action(() => {
-  process.stdout.write(generateShellCompletions(command30, "bash") + `
+  process.stdout.write(generateShellCompletions(command31, "bash") + `
 `);
 })).command("zsh", new Command().description("Generate zsh completions.").action(() => {
-  process.stdout.write(generateShellCompletions(command30, "zsh") + `
+  process.stdout.write(generateShellCompletions(command31, "zsh") + `
 `);
 })).command("fish", new Command().description("Generate fish completions.").action(() => {
-  process.stdout.write(generateShellCompletions(command30, "fish") + `
+  process.stdout.write(generateShellCompletions(command31, "fish") + `
 `);
 })));
 async function main2() {
   try {
     const args = process.argv.slice(2);
     if (args.length === 0) {
-      command30.showHelp();
+      command31.showHelp();
     }
     const LOG_LEVEL = args.includes("--verbose") || args.includes("--debug") ? "DEBUG" : "INFO";
     setShowDiffs(args.includes("--show-diffs"));
@@ -78893,7 +79295,7 @@ async function main2() {
     if (extraHeaders) {
       OpenAPI.HEADERS = extraHeaders;
     }
-    await command30.parse(args);
+    await command31.parse(args);
   } catch (e) {
     if (e && typeof e === "object" && "name" in e && e.name === "ApiError") {
       console.log("Server failed. " + e.statusText + ": " + e.body);
@@ -78918,7 +79320,7 @@ if (isMain()) {
     process.stdin.destroy();
   });
 }
-var main_default = command30;
+var main_default = command31;
 export {
   add as workspaceAdd,
   workspace_default as workspace,