tailor-um is a dataplane user management tool for operation of Tailor Platform applications.
It starts a local Web UI server that lets you manage users through a browser.
Important
This is an unofficial and experimental tool.
- Web UI for user profile CRUD operations (powered by embedded React SPA)
- Dynamic form generation based on TailorDB Type schema
- Built-in IdP user management (create, update, disable, delete)
- Linked view between UserProfile and IdP User records
- Search by username (exact match)
- Dark / light theme (follows Tailor Console design)
- Token auto-refresh with SDK config integration
- No GraphQL endpoint required: operates via
TestExecScriptRPC, so UserProfile types don't need to be exposed as GraphQL APIs - Single binary with no external dependencies
- Auto-opens browser on start
homebrew tap:
$ brew install k1LoW/tap/tailor-ummanually:
Download binary from releases page
If you have already logged in with npx tailor-sdk login, just run:
$ tailor-um start \
--workspace-id <WORKSPACE_ID> \
--app <APPLICATION_NAME> \
--machine-user <MACHINE_USER_NAME>tailor-um automatically reads tokens from the Tailor SDK config (~/.config/tailor-platform/config.yaml). When the token expires, it refreshes automatically and writes the new tokens back to the config file.
You can also provide tokens explicitly:
$ tailor-um start \
--workspace-id <WORKSPACE_ID> \
--app <APPLICATION_NAME> \
--machine-user <MACHINE_USER_NAME> \
--token <ACCESS_TOKEN> \
--refresh-token <REFRESH_TOKEN>tailor-um start connects to the Tailor Platform Controlplane, discovers the application's Auth UserProfile schema, and starts a local Web UI server on http://localhost:18686.
--tokenflag /TAILOR_TOKENenv var (if provided)- Tailor SDK config (
~/.config/tailor-platform/config.yaml,current_user)
When using the SDK config, token_expires_at is checked. If expired, the token is refreshed before connecting. Refreshed tokens are written back to the SDK config so other tools stay in sync.
All required flags can also be set via environment variables:
| Flag | Environment Variable |
|---|---|
--workspace-id |
TAILOR_WORKSPACE_ID |
--app |
TAILOR_APP_NAME |
--machine-user |
TAILOR_MACHINE_USER |
--token |
TAILOR_TOKEN |
--refresh-token |
TAILOR_REFRESH_TOKEN |
--platform-url |
PLATFORM_URL |
| Flag | Default | Description |
|---|---|---|
--workspace-id |
Tailor Platform workspace ID | |
--app |
Application name | |
--machine-user |
Machine user name | |
--token |
Controlplane access token (optional if SDK config exists) | |
--refresh-token |
Controlplane refresh token for auto-refresh | |
--port |
18686 |
Server port |
--bind |
localhost |
Bind address |
--no-open |
false |
Do not open browser automatically |
--platform-url |
https://api.tailor.tech |
Tailor Platform API URL |
- Resolves access token (flag/env or SDK config, refreshing if expired)
- Connects to the Tailor Platform Controlplane
- Fetches the Application's Auth configuration to find the UserProfile TailorDB Type
- Retrieves the TailorDB Type schema (field names, types, constraints)
- Checks if the Application uses a Built-in IdP
- Starts an HTTP server with an embedded React SPA
- The Web UI calls the local API server, which executes CRUD operations via
TestExecScriptRPC
If a Built-in IdP is configured, the Web UI shows an additional tab for managing IdP users (create, update password, disable, delete). User profiles and IdP users are linked by the username field mapping.
Requires Go and pnpm.
$ make build