feat: SDK update for version 14.0.0

[ChiragAgg5k]

This PR contains updates to the SDK for version 14.0.0.

What's Changed

• Breaking: Removed getDatabaseMetrics, getDatabaseInsights, getDatabaseSchema, and createDatabaseSchemaPreview from Compute service
• Breaking: Removed region and type parameters from createDatabase on Compute service
• Breaking: Replaced highAvailability and highAvailabilityReplicaCount with replicas on createDatabase and updateDatabase
• Breaking: Removed type, region, and highAvailability fields from DedicatedDatabase model
• Breaking: Removed DedicatedDatabaseMetrics, DedicatedDatabaseSchema, DedicatedDatabaseSchemaPreview, and performance insights models
• Breaking: Removed OS, client, and device fields from ActivityEvent model
• Breaking: Removed internal parameter and field from Apps service and App model
• Breaking: getInvoiceDownload and getInvoiceView on Organizations now return a URL string
• Breaking: Geometric attribute and column models now type default as number arrays instead of any[]
• Added: OAuth2 Device Authorization Grant support with deviceFlow on apps and device code settings on updateOAuth2Server
• Added: Consent metadata on Apps service (description, clientUri, logoUri, privacyPolicyUrl, termsUrl, contacts)
• Added: authorizationDetailsTypes parameter on updateOAuth2Server for RFC 9396 support
• Added: dedicatedDatabaseId parameter on create for TablesDB, DocumentsDB, and VectorsDB
• Added: api parameter on createDatabase and DedicatedDatabasesExecute key scope
• Added: userAccessedAt membership privacy setting and field on Membership model
• Added: Email classification fields on User model (emailCanonical, emailIsFree, emailIsDisposable, emailIsCorporate, emailIsCanonical)
• Added: Connection details on Branch model and TCP connection fields on dedicated database connection model
• Added: type field on backup policies for full or incremental backups
• Added: hint field on app secret models for identifying secrets
• Updated: SQL API allowed statements now support DDL and DCL types as opt-in
• Updated: All requests now send an explicit accept header

[greptile-apps]

Greptile Summary

This PR updates the Console SDK from v13.2.0 to v14.0.0, adding OAuth2 Device Authorization Grant support, new App consent metadata fields, membership userAccessedAt privacy controls, dedicated database TCP connection fields, and broad Accept header coverage across all service methods.

• Model changes: Removes DedicatedDatabaseMetrics, DedicatedDatabasePerformanceInsights*, and DedicatedDatabaseSchema/Preview types; adds tcpHost/tcpPort/tcpDatabase and connectionString fields to dedicated database models; adds emailCanonical and related fields to User; adds oAuth2ServerVerificationUrl, userCodeLength, userCodeFormat, deviceCodeDuration fields to Project.
• Service changes: All service methods gain explicit accept headers; avatar/storage/function/site URL-builder endpoints get impersonateuserid appended to the query string; getInvoiceDownload and getInvoiceView now return a plain URL string instead of a Promise; compute.ts removes four endpoints.
• Breaking deprecated overloads: apps.create, apps.update, and project.updateOAuth2Server all insert new optional parameters before existing positional parameters in their deprecated positional overloads, silently misrouting existing callers' arguments.

Confidence Score: 3/5

Safe to merge for new object-style callers, but the deprecated positional overloads for apps.create, apps.update, and project.updateOAuth2Server will silently misroute arguments for any existing callers who pass optional parameters by position.

Three deprecated-but-still-published methods have new optional parameters inserted mid-signature, shifting every subsequent positional argument without any runtime error. A caller passing enabled=true by position to apps.create gets it silently absorbed as description, and type goes to clientUri. Since TypeScript casts are erased at runtime, the SDK sends wrong field values to the server with no warning.

src/services/apps.ts and src/services/project.ts — both contain deprecated positional overloads where new parameters were inserted before existing ones.

Important Files Changed

Filename	Overview
src/models.ts	Large-scale model update for v14: new fields on User, Membership, Project, App, AppSecret, DedicatedDatabase, DedicatedDatabaseBranch; removed DedicatedDatabaseMetrics, DedicatedDatabasePerformanceInsights*, DedicatedDatabaseSchema/Preview types; tightened array default types.
src/services/apps.ts	Adds new OAuth2 consent fields and deviceFlow flag; removes internal flag; breaks positional-arg deprecated overloads by inserting new params before enabled.
src/services/organizations.ts	getInvoiceDownload and getInvoiceView now return string (URL) instead of Promise; apiHeaders variable is defined but never used since no HTTP call is made.
src/services/project.ts	Adds Device Authorization Grant params to updateOAuth2Server; inserts authorizationDetailsTypes between scopes and accessTokenDuration in deprecated positional overload, breaking callers that passed accessTokenDuration by position.
src/services/compute.ts	Removes getDatabaseInsights, getDatabaseMetrics, getDatabaseSchema, createDatabaseSchemaPreview endpoints; removes region and type params from createDatabase; adds accept headers throughout.
src/services/avatars.ts	Adds correct image/png and image/* accept headers to URL-builder methods; adds impersonateuserid to URL query params.
src/services/storage.ts	Adds appropriate accept headers (/ for download/view, image/* for preview); adds impersonateuserid to URL query params for URL-builder endpoints.
src/client.ts	Version bump from 13.2.0 to 14.0.0; X-Appwrite-Response-Format stays at 1.9.5.
src/services/tables-db.ts	Adds dedicatedDatabaseId optional param to create; adds accept headers throughout; all changes look correct.
src/enums/project-key-scopes.ts	Adds DedicatedDatabasesExecute scope for the new dedicated databases execute permission.

Comments Outside Diff (1)

1. src/services/apps.ts, line 54-88 (link)

   Positional overload order breaking for create and update

   Six new optional params (description, clientUri, logoUri, privacyPolicyUrl, termsUrl, contacts) are inserted before enabled and type in both deprecated positional overloads. A caller using create(id, name, uris, true /* enabled */, 'confidential' /* type */) now has true mapped to description and 'confidential' to clientUri, with enabled and type silently left undefined. Because the params are typed in the rest tuple and casts are erased at runtime, no error is thrown; incorrect values are sent to the API. The same pattern affects apps.update.

_{Reviews (1): Last reviewed commit: "chore: update Console SDK to 14.0.0" | Re-trigger Greptile}

[greptile-apps]

Dead apiHeaders in URL-builder methods

getInvoiceDownload (and identically getInvoiceView) now builds and returns a URL string rather than making an HTTP call, so the apiHeaders object (including the 'accept': 'application/json' entry) is assigned but never consumed. The variable can be removed entirely.

[greptile-apps]

Positional overload breaks existing callers of updateOAuth2Server

The new authorizationDetailsTypes: string[] parameter is inserted at position 3 in the deprecated positional overload, shifting every subsequent argument by one slot. A caller who previously passed updateOAuth2Server(true, url, ['scope'], 28800 /* accessTokenDuration */) will now have 28800 received as authorizationDetailsTypes and accessTokenDuration left undefined. The value is silently accepted as a valid string[] cast at runtime since TypeScript casts are erased, so no runtime error occurs and the wrong config is sent to the server.