@ant.sh/colony 0.1.0

package/dist/esm/providers/vault.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/providers/vault.js"],
+  "sourcesContent": ["/**\n * HashiCorp Vault provider for colony\n */\n\nimport { VaultCompatibleProvider } from \"./vault-base.js\";\n\n/**\n * @class VaultProvider\n * @property {string} prefix - Provider prefix (\"VAULT\")\n */\nexport class VaultProvider extends VaultCompatibleProvider {\n  /**\n   * @param {object} options\n   * @param {string=} options.addr - Vault address (default: process.env.VAULT_ADDR or \"http://127.0.0.1:8200\")\n   * @param {string=} options.token - Vault token (default: process.env.VAULT_TOKEN)\n   * @param {string=} options.namespace - Vault namespace (default: process.env.VAULT_NAMESPACE)\n   * @param {number=} options.timeout - Request timeout in ms (default: 30000)\n   */\n  constructor(options = {}) {\n    super(\n      {\n        prefix: \"VAULT\",\n        addrEnvVar: \"VAULT_ADDR\",\n        tokenEnvVar: \"VAULT_TOKEN\",\n        namespaceEnvVar: \"VAULT_NAMESPACE\",\n        errorPrefix: \"Vault\",\n      },\n      options\n    );\n  }\n}\n"],
+  "mappings": "AAIA,SAAS,+BAA+B;AAMjC,MAAM,sBAAsB,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQzD,YAAY,UAAU,CAAC,GAAG;AACxB;AAAA,MACE;AAAA,QACE,QAAQ;AAAA,QACR,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,iBAAiB;AAAA,QACjB,aAAa;AAAA,MACf;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;",
+  "names": []
+}

package/dist/esm/resolver.js

@@ -0,0 +1,224 @@
+import { applyInterpolationDeep } from "./strings.js";
+import { getDeep, setDeep, deepMerge, isPlainObject } from "./util.js";
+function resolveRules({ rules, dims, ctx, vars, allowedEnvVars = null, allowedVars = null, warnings = [] }) {
+  const indexed = [];
+  for (const r of rules) {
+    const scope = r.keySegments.slice(0, dims.length);
+    const keyPath = r.keySegments.slice(dims.length);
+    if (scope.length !== dims.length || keyPath.length === 0) {
+      throw new Error(
+        `${r.filePath}:${r.line}: Key must have ${dims.length} scope segments + at least one key segment: ${r.keyRaw}`
+      );
+    }
+    indexed.push({
+      ...r,
+      scope,
+      keyPath,
+      keyPathStr: keyPath.join(".")
+    });
+  }
+  const ctxScope = dims.map((d) => String(ctx[d] ?? ""));
+  const candidatesByKey = /* @__PURE__ */ new Map();
+  const postOps = [];
+  for (const r of indexed) {
+    if (!matches(r.scope, ctxScope)) continue;
+    if (r.op === "+=" || r.op === "-=") postOps.push(r);
+    else {
+      if (!candidatesByKey.has(r.keyPathStr)) candidatesByKey.set(r.keyPathStr, []);
+      candidatesByKey.get(r.keyPathStr).push(r);
+    }
+  }
+  const out = {};
+  const trace = /* @__PURE__ */ new Map();
+  for (const [key, cand] of candidatesByKey.entries()) {
+    let winner = cand[0];
+    let best = specificity(winner.scope);
+    for (let i = 1; i < cand.length; i++) {
+      const s = specificity(cand[i].scope);
+      if (s > best) {
+        best = s;
+        winner = cand[i];
+      } else if (s === best) {
+        winner = cand[i];
+      }
+    }
+    const existing = getDeep(out, winner.keyPath);
+    if (winner.op === ":=") {
+      if (existing === void 0) {
+        setDeep(out, winner.keyPath, clone(winner.value));
+        trace.set(key, packTrace(winner, best));
+      }
+      continue;
+    }
+    if (winner.op === "|=") {
+      if (existing === void 0) {
+        setDeep(out, winner.keyPath, clone(winner.value));
+      } else if (isPlainObject(existing) && isPlainObject(winner.value)) {
+        setDeep(out, winner.keyPath, deepMerge(existing, winner.value));
+      } else {
+        setDeep(out, winner.keyPath, clone(winner.value));
+      }
+      trace.set(key, packTrace(winner, best));
+      continue;
+    }
+    setDeep(out, winner.keyPath, clone(winner.value));
+    trace.set(key, packTrace(winner, best));
+  }
+  postOps.sort((a, b) => specificity(a.scope) - specificity(b.scope));
+  for (const r of postOps) {
+    const key = r.keyPathStr;
+    const best = specificity(r.scope);
+    const existing = getDeep(out, r.keyPath);
+    const val = clone(r.value);
+    if (r.op === "+=") {
+      const add = Array.isArray(val) ? val : [val];
+      if (existing === void 0) setDeep(out, r.keyPath, add);
+      else if (Array.isArray(existing)) setDeep(out, r.keyPath, existing.concat(add));
+      else setDeep(out, r.keyPath, [existing].concat(add));
+      trace.set(key, packTrace(r, best));
+      continue;
+    }
+    if (r.op === "-=") {
+      const remove = new Set(Array.isArray(val) ? val : [val]);
+      if (Array.isArray(existing)) {
+        setDeep(out, r.keyPath, existing.filter((x) => !remove.has(x)));
+        trace.set(key, packTrace(r, best));
+      }
+      continue;
+    }
+  }
+  const finalCfg = applyInterpolationDeep(out, { ctx, vars, allowedEnvVars, allowedVars, warnings });
+  Object.defineProperties(finalCfg, {
+    // Core methods
+    get: { enumerable: false, value: (p) => getByPath(finalCfg, p) },
+    explain: { enumerable: false, value: (p) => explainByPath(trace, p) },
+    // Serialization - returns a plain object copy without non-enumerable methods
+    toJSON: {
+      enumerable: false,
+      value: () => {
+        const plain = {};
+        for (const [k, v] of Object.entries(finalCfg)) {
+          plain[k] = clone(v);
+        }
+        return plain;
+      }
+    },
+    // List all keys (dot-notation paths)
+    keys: {
+      enumerable: false,
+      value: () => collectKeys(finalCfg)
+    },
+    // Diff against another config
+    diff: {
+      enumerable: false,
+      value: (other) => diffConfigs(finalCfg, other)
+    },
+    // Internal trace data
+    _trace: { enumerable: false, value: trace }
+  });
+  return finalCfg;
+}
+function collectKeys(obj, prefix = "") {
+  const keys = [];
+  for (const [k, v] of Object.entries(obj)) {
+    const path = prefix ? `${prefix}.${k}` : k;
+    if (isPlainObject(v)) {
+      keys.push(...collectKeys(v, path));
+    } else {
+      keys.push(path);
+    }
+  }
+  return keys.sort();
+}
+function diffConfigs(a, b) {
+  const aKeys = new Set(collectKeys(a));
+  const bKeys = new Set(collectKeys(b));
+  const added = [];
+  const removed = [];
+  const changed = [];
+  for (const key of bKeys) {
+    if (!aKeys.has(key)) {
+      added.push(key);
+    }
+  }
+  for (const key of aKeys) {
+    if (!bKeys.has(key)) {
+      removed.push(key);
+    }
+  }
+  for (const key of aKeys) {
+    if (bKeys.has(key)) {
+      const aVal = getByPath(a, key);
+      const bVal = getByPath(b, key);
+      if (!deepEqual(aVal, bVal)) {
+        changed.push({ key, from: aVal, to: bVal });
+      }
+    }
+  }
+  return {
+    added: added.sort(),
+    removed: removed.sort(),
+    changed: changed.sort((x, y) => x.key.localeCompare(y.key))
+  };
+}
+function deepEqual(a, b) {
+  if (a === b) return true;
+  if (typeof a !== typeof b) return false;
+  if (a === null || b === null) return a === b;
+  if (Array.isArray(a) && Array.isArray(b)) {
+    if (a.length !== b.length) return false;
+    return a.every((v, i) => deepEqual(v, b[i]));
+  }
+  if (typeof a === "object" && typeof b === "object") {
+    const aKeys = Object.keys(a);
+    const bKeys = Object.keys(b);
+    if (aKeys.length !== bKeys.length) return false;
+    return aKeys.every((k) => deepEqual(a[k], b[k]));
+  }
+  return false;
+}
+function getByPath(obj, p) {
+  const segs = String(p).split(".").filter(Boolean);
+  return getDeep(obj, segs);
+}
+function explainByPath(trace, p) {
+  const key = String(p);
+  return trace.get(key) ?? null;
+}
+function matches(ruleScope, ctxScope) {
+  for (let i = 0; i < ruleScope.length; i++) {
+    const r = String(ruleScope[i]);
+    const c = String(ctxScope[i]);
+    if (r === "*") continue;
+    if (r !== c) return false;
+  }
+  return true;
+}
+function specificity(ruleScope) {
+  let s = 0;
+  for (const seg of ruleScope) if (seg !== "*") s++;
+  return s;
+}
+function packTrace(rule, spec) {
+  return {
+    op: rule.op,
+    scope: rule.scope.map(String),
+    specificity: spec,
+    filePath: rule.filePath,
+    line: rule.line,
+    col: rule.col ?? 0,
+    keyRaw: rule.keyRaw,
+    // Source map style location
+    source: `${rule.filePath}:${rule.line}:${rule.col ?? 0}`
+  };
+}
+function clone(v) {
+  if (v === null || v === void 0) return v;
+  if (Array.isArray(v)) return v.map(clone);
+  if (typeof v === "object") return structuredClone(v);
+  return v;
+}
+export {
+  resolveRules
+};
+//# sourceMappingURL=resolver.js.map

package/dist/esm/resolver.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/resolver.js"],
+  "sourcesContent": ["import { applyInterpolationDeep } from \"./strings.js\";\nimport { getDeep, setDeep, deepMerge, isPlainObject } from \"./util.js\";\n\nexport function resolveRules({ rules, dims, ctx, vars, allowedEnvVars = null, allowedVars = null, warnings = [] }) {\n  const indexed = [];\n  for (const r of rules) {\n    const scope = r.keySegments.slice(0, dims.length);\n    const keyPath = r.keySegments.slice(dims.length);\n\n    if (scope.length !== dims.length || keyPath.length === 0) {\n      throw new Error(\n        `${r.filePath}:${r.line}: Key must have ${dims.length} scope segments + at least one key segment: ${r.keyRaw}`\n      );\n    }\n\n    indexed.push({\n      ...r,\n      scope,\n      keyPath,\n      keyPathStr: keyPath.join(\".\"),\n    });\n  }\n\n  const ctxScope = dims.map((d) => String(ctx[d] ?? \"\"));\n\n  const candidatesByKey = new Map();\n  const postOps = [];\n\n  for (const r of indexed) {\n    if (!matches(r.scope, ctxScope)) continue;\n\n    if (r.op === \"+=\" || r.op === \"-=\") postOps.push(r);\n    else {\n      if (!candidatesByKey.has(r.keyPathStr)) candidatesByKey.set(r.keyPathStr, []);\n      candidatesByKey.get(r.keyPathStr).push(r);\n    }\n  }\n\n  const out = {};\n  const trace = new Map();\n\n  for (const [key, cand] of candidatesByKey.entries()) {\n    let winner = cand[0];\n    let best = specificity(winner.scope);\n    for (let i = 1; i < cand.length; i++) {\n      const s = specificity(cand[i].scope);\n      if (s > best) {\n        best = s;\n        winner = cand[i];\n      } else if (s === best) {\n        winner = cand[i];\n      }\n    }\n\n    const existing = getDeep(out, winner.keyPath);\n\n    if (winner.op === \":=\") {\n      if (existing === undefined) {\n        setDeep(out, winner.keyPath, clone(winner.value));\n        trace.set(key, packTrace(winner, best));\n      }\n      continue;\n    }\n\n    if (winner.op === \"|=\") {\n      if (existing === undefined) {\n        setDeep(out, winner.keyPath, clone(winner.value));\n      } else if (isPlainObject(existing) && isPlainObject(winner.value)) {\n        setDeep(out, winner.keyPath, deepMerge(existing, winner.value));\n      } else {\n        setDeep(out, winner.keyPath, clone(winner.value));\n      }\n      trace.set(key, packTrace(winner, best));\n      continue;\n    }\n\n    setDeep(out, winner.keyPath, clone(winner.value));\n    trace.set(key, packTrace(winner, best));\n  }\n\n  postOps.sort((a, b) => specificity(a.scope) - specificity(b.scope));\n\n  for (const r of postOps) {\n    const key = r.keyPathStr;\n    const best = specificity(r.scope);\n\n    const existing = getDeep(out, r.keyPath);\n    const val = clone(r.value);\n\n    if (r.op === \"+=\") {\n      const add = Array.isArray(val) ? val : [val];\n      if (existing === undefined) setDeep(out, r.keyPath, add);\n      else if (Array.isArray(existing)) setDeep(out, r.keyPath, existing.concat(add));\n      else setDeep(out, r.keyPath, [existing].concat(add));\n      trace.set(key, packTrace(r, best));\n      continue;\n    }\n\n    if (r.op === \"-=\") {\n      const remove = new Set(Array.isArray(val) ? val : [val]);\n      if (Array.isArray(existing)) {\n        setDeep(out, r.keyPath, existing.filter((x) => !remove.has(x)));\n        trace.set(key, packTrace(r, best));\n      }\n      continue;\n    }\n  }\n\n  const finalCfg = applyInterpolationDeep(out, { ctx, vars, allowedEnvVars, allowedVars, warnings });\n\n  Object.defineProperties(finalCfg, {\n    // Core methods\n    get: { enumerable: false, value: (p) => getByPath(finalCfg, p) },\n    explain: { enumerable: false, value: (p) => explainByPath(trace, p) },\n\n    // Serialization - returns a plain object copy without non-enumerable methods\n    toJSON: {\n      enumerable: false,\n      value: () => {\n        const plain = {};\n        for (const [k, v] of Object.entries(finalCfg)) {\n          plain[k] = clone(v);\n        }\n        return plain;\n      },\n    },\n\n    // List all keys (dot-notation paths)\n    keys: {\n      enumerable: false,\n      value: () => collectKeys(finalCfg),\n    },\n\n    // Diff against another config\n    diff: {\n      enumerable: false,\n      value: (other) => diffConfigs(finalCfg, other),\n    },\n\n    // Internal trace data\n    _trace: { enumerable: false, value: trace },\n  });\n\n  return finalCfg;\n}\n\n/**\n * Collect all leaf keys in dot notation\n * @param {object} obj\n * @param {string} prefix\n * @returns {string[]}\n */\nfunction collectKeys(obj, prefix = \"\") {\n  const keys = [];\n\n  for (const [k, v] of Object.entries(obj)) {\n    const path = prefix ? `${prefix}.${k}` : k;\n\n    if (isPlainObject(v)) {\n      keys.push(...collectKeys(v, path));\n    } else {\n      keys.push(path);\n    }\n  }\n\n  return keys.sort();\n}\n\n/**\n * Diff two configs, returning added, removed, and changed keys\n * @param {object} a - First config\n * @param {object} b - Second config\n * @returns {{ added: string[], removed: string[], changed: Array<{key: string, from: any, to: any}> }}\n */\nfunction diffConfigs(a, b) {\n  const aKeys = new Set(collectKeys(a));\n  const bKeys = new Set(collectKeys(b));\n\n  const added = [];\n  const removed = [];\n  const changed = [];\n\n  // Keys in b but not in a\n  for (const key of bKeys) {\n    if (!aKeys.has(key)) {\n      added.push(key);\n    }\n  }\n\n  // Keys in a but not in b\n  for (const key of aKeys) {\n    if (!bKeys.has(key)) {\n      removed.push(key);\n    }\n  }\n\n  // Keys in both - check for changes\n  for (const key of aKeys) {\n    if (bKeys.has(key)) {\n      const aVal = getByPath(a, key);\n      const bVal = getByPath(b, key);\n\n      if (!deepEqual(aVal, bVal)) {\n        changed.push({ key, from: aVal, to: bVal });\n      }\n    }\n  }\n\n  return {\n    added: added.sort(),\n    removed: removed.sort(),\n    changed: changed.sort((x, y) => x.key.localeCompare(y.key)),\n  };\n}\n\n/**\n * Deep equality check for config values.\n * Note: Does not handle circular references (will stack overflow).\n * Config values should never be circular in practice.\n */\nfunction deepEqual(a, b) {\n  if (a === b) return true;\n  if (typeof a !== typeof b) return false;\n  if (a === null || b === null) return a === b;\n\n  if (Array.isArray(a) && Array.isArray(b)) {\n    if (a.length !== b.length) return false;\n    return a.every((v, i) => deepEqual(v, b[i]));\n  }\n\n  if (typeof a === \"object\" && typeof b === \"object\") {\n    const aKeys = Object.keys(a);\n    const bKeys = Object.keys(b);\n    if (aKeys.length !== bKeys.length) return false;\n    return aKeys.every((k) => deepEqual(a[k], b[k]));\n  }\n\n  return false;\n}\n\nfunction getByPath(obj, p) {\n  const segs = String(p).split(\".\").filter(Boolean);\n  return getDeep(obj, segs);\n}\n\nfunction explainByPath(trace, p) {\n  const key = String(p);\n  return trace.get(key) ?? null;\n}\n\nfunction matches(ruleScope, ctxScope) {\n  for (let i = 0; i < ruleScope.length; i++) {\n    const r = String(ruleScope[i]);\n    const c = String(ctxScope[i]);\n    if (r === \"*\") continue;\n    if (r !== c) return false;\n  }\n  return true;\n}\n\nfunction specificity(ruleScope) {\n  let s = 0;\n  for (const seg of ruleScope) if (seg !== \"*\") s++;\n  return s;\n}\n\nfunction packTrace(rule, spec) {\n  return {\n    op: rule.op,\n    scope: rule.scope.map(String),\n    specificity: spec,\n    filePath: rule.filePath,\n    line: rule.line,\n    col: rule.col ?? 0,\n    keyRaw: rule.keyRaw,\n    // Source map style location\n    source: `${rule.filePath}:${rule.line}:${rule.col ?? 0}`,\n  };\n}\n\nfunction clone(v) {\n  if (v === null || v === undefined) return v;\n  if (Array.isArray(v)) return v.map(clone);\n  if (typeof v === \"object\") return structuredClone(v);\n  return v;\n}\n"],
+  "mappings": "AAAA,SAAS,8BAA8B;AACvC,SAAS,SAAS,SAAS,WAAW,qBAAqB;AAEpD,SAAS,aAAa,EAAE,OAAO,MAAM,KAAK,MAAM,iBAAiB,MAAM,cAAc,MAAM,WAAW,CAAC,EAAE,GAAG;AACjH,QAAM,UAAU,CAAC;AACjB,aAAW,KAAK,OAAO;AACrB,UAAM,QAAQ,EAAE,YAAY,MAAM,GAAG,KAAK,MAAM;AAChD,UAAM,UAAU,EAAE,YAAY,MAAM,KAAK,MAAM;AAE/C,QAAI,MAAM,WAAW,KAAK,UAAU,QAAQ,WAAW,GAAG;AACxD,YAAM,IAAI;AAAA,QACR,GAAG,EAAE,QAAQ,IAAI,EAAE,IAAI,mBAAmB,KAAK,MAAM,+CAA+C,EAAE,MAAM;AAAA,MAC9G;AAAA,IACF;AAEA,YAAQ,KAAK;AAAA,MACX,GAAG;AAAA,MACH;AAAA,MACA;AAAA,MACA,YAAY,QAAQ,KAAK,GAAG;AAAA,IAC9B,CAAC;AAAA,EACH;AAEA,QAAM,WAAW,KAAK,IAAI,CAAC,MAAM,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;AAErD,QAAM,kBAAkB,oBAAI,IAAI;AAChC,QAAM,UAAU,CAAC;AAEjB,aAAW,KAAK,SAAS;AACvB,QAAI,CAAC,QAAQ,EAAE,OAAO,QAAQ,EAAG;AAEjC,QAAI,EAAE,OAAO,QAAQ,EAAE,OAAO,KAAM,SAAQ,KAAK,CAAC;AAAA,SAC7C;AACH,UAAI,CAAC,gBAAgB,IAAI,EAAE,UAAU,EAAG,iBAAgB,IAAI,EAAE,YAAY,CAAC,CAAC;AAC5E,sBAAgB,IAAI,EAAE,UAAU,EAAE,KAAK,CAAC;AAAA,IAC1C;AAAA,EACF;AAEA,QAAM,MAAM,CAAC;AACb,QAAM,QAAQ,oBAAI,IAAI;AAEtB,aAAW,CAAC,KAAK,IAAI,KAAK,gBAAgB,QAAQ,GAAG;AACnD,QAAI,SAAS,KAAK,CAAC;AACnB,QAAI,OAAO,YAAY,OAAO,KAAK;AACnC,aAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK;AACpC,YAAM,IAAI,YAAY,KAAK,CAAC,EAAE,KAAK;AACnC,UAAI,IAAI,MAAM;AACZ,eAAO;AACP,iBAAS,KAAK,CAAC;AAAA,MACjB,WAAW,MAAM,MAAM;AACrB,iBAAS,KAAK,CAAC;AAAA,MACjB;AAAA,IACF;AAEA,UAAM,WAAW,QAAQ,KAAK,OAAO,OAAO;AAE5C,QAAI,OAAO,OAAO,MAAM;AACtB,UAAI,aAAa,QAAW;AAC1B,gBAAQ,KAAK,OAAO,SAAS,MAAM,OAAO,KAAK,CAAC;AAChD,cAAM,IAAI,KAAK,UAAU,QAAQ,IAAI,CAAC;AAAA,MACxC;AACA;AAAA,IACF;AAEA,QAAI,OAAO,OAAO,MAAM;AACtB,UAAI,aAAa,QAAW;AAC1B,gBAAQ,KAAK,OAAO,SAAS,MAAM,OAAO,KAAK,CAAC;AAAA,MAClD,WAAW,cAAc,QAAQ,KAAK,cAAc,OAAO,KAAK,GAAG;AACjE,gBAAQ,KAAK,OAAO,SAAS,UAAU,UAAU,OAAO,KAAK,CAAC;AAAA,MAChE,OAAO;AACL,gBAAQ,KAAK,OAAO,SAAS,MAAM,OAAO,KAAK,CAAC;AAAA,MAClD;AACA,YAAM,IAAI,KAAK,UAAU,QAAQ,IAAI,CAAC;AACtC;AAAA,IACF;AAEA,YAAQ,KAAK,OAAO,SAAS,MAAM,OAAO,KAAK,CAAC;AAChD,UAAM,IAAI,KAAK,UAAU,QAAQ,IAAI,CAAC;AAAA,EACxC;AAEA,UAAQ,KAAK,CAAC,GAAG,MAAM,YAAY,EAAE,KAAK,IAAI,YAAY,EAAE,KAAK,CAAC;AAElE,aAAW,KAAK,SAAS;AACvB,UAAM,MAAM,EAAE;AACd,UAAM,OAAO,YAAY,EAAE,KAAK;AAEhC,UAAM,WAAW,QAAQ,KAAK,EAAE,OAAO;AACvC,UAAM,MAAM,MAAM,EAAE,KAAK;AAEzB,QAAI,EAAE,OAAO,MAAM;AACjB,YAAM,MAAM,MAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,GAAG;AAC3C,UAAI,aAAa,OAAW,SAAQ,KAAK,EAAE,SAAS,GAAG;AAAA,eAC9C,MAAM,QAAQ,QAAQ,EAAG,SAAQ,KAAK,EAAE,SAAS,SAAS,OAAO,GAAG,CAAC;AAAA,UACzE,SAAQ,KAAK,EAAE,SAAS,CAAC,QAAQ,EAAE,OAAO,GAAG,CAAC;AACnD,YAAM,IAAI,KAAK,UAAU,GAAG,IAAI,CAAC;AACjC;AAAA,IACF;AAEA,QAAI,EAAE,OAAO,MAAM;AACjB,YAAM,SAAS,IAAI,IAAI,MAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC;AACvD,UAAI,MAAM,QAAQ,QAAQ,GAAG;AAC3B,gBAAQ,KAAK,EAAE,SAAS,SAAS,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC;AAC9D,cAAM,IAAI,KAAK,UAAU,GAAG,IAAI,CAAC;AAAA,MACnC;AACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,WAAW,uBAAuB,KAAK,EAAE,KAAK,MAAM,gBAAgB,aAAa,SAAS,CAAC;AAEjG,SAAO,iBAAiB,UAAU;AAAA;AAAA,IAEhC,KAAK,EAAE,YAAY,OAAO,OAAO,CAAC,MAAM,UAAU,UAAU,CAAC,EAAE;AAAA,IAC/D,SAAS,EAAE,YAAY,OAAO,OAAO,CAAC,MAAM,cAAc,OAAO,CAAC,EAAE;AAAA;AAAA,IAGpE,QAAQ;AAAA,MACN,YAAY;AAAA,MACZ,OAAO,MAAM;AACX,cAAM,QAAQ,CAAC;AACf,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,GAAG;AAC7C,gBAAM,CAAC,IAAI,MAAM,CAAC;AAAA,QACpB;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAAA;AAAA,IAGA,MAAM;AAAA,MACJ,YAAY;AAAA,MACZ,OAAO,MAAM,YAAY,QAAQ;AAAA,IACnC;AAAA;AAAA,IAGA,MAAM;AAAA,MACJ,YAAY;AAAA,MACZ,OAAO,CAAC,UAAU,YAAY,UAAU,KAAK;AAAA,IAC/C;AAAA;AAAA,IAGA,QAAQ,EAAE,YAAY,OAAO,OAAO,MAAM;AAAA,EAC5C,CAAC;AAED,SAAO;AACT;AAQA,SAAS,YAAY,KAAK,SAAS,IAAI;AACrC,QAAM,OAAO,CAAC;AAEd,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,GAAG,GAAG;AACxC,UAAM,OAAO,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK;AAEzC,QAAI,cAAc,CAAC,GAAG;AACpB,WAAK,KAAK,GAAG,YAAY,GAAG,IAAI,CAAC;AAAA,IACnC,OAAO;AACL,WAAK,KAAK,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,SAAO,KAAK,KAAK;AACnB;AAQA,SAAS,YAAY,GAAG,GAAG;AACzB,QAAM,QAAQ,IAAI,IAAI,YAAY,CAAC,CAAC;AACpC,QAAM,QAAQ,IAAI,IAAI,YAAY,CAAC,CAAC;AAEpC,QAAM,QAAQ,CAAC;AACf,QAAM,UAAU,CAAC;AACjB,QAAM,UAAU,CAAC;AAGjB,aAAW,OAAO,OAAO;AACvB,QAAI,CAAC,MAAM,IAAI,GAAG,GAAG;AACnB,YAAM,KAAK,GAAG;AAAA,IAChB;AAAA,EACF;AAGA,aAAW,OAAO,OAAO;AACvB,QAAI,CAAC,MAAM,IAAI,GAAG,GAAG;AACnB,cAAQ,KAAK,GAAG;AAAA,IAClB;AAAA,EACF;AAGA,aAAW,OAAO,OAAO;AACvB,QAAI,MAAM,IAAI,GAAG,GAAG;AAClB,YAAM,OAAO,UAAU,GAAG,GAAG;AAC7B,YAAM,OAAO,UAAU,GAAG,GAAG;AAE7B,UAAI,CAAC,UAAU,MAAM,IAAI,GAAG;AAC1B,gBAAQ,KAAK,EAAE,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO,MAAM,KAAK;AAAA,IAClB,SAAS,QAAQ,KAAK;AAAA,IACtB,SAAS,QAAQ,KAAK,CAAC,GAAG,MAAM,EAAE,IAAI,cAAc,EAAE,GAAG,CAAC;AAAA,EAC5D;AACF;AAOA,SAAS,UAAU,GAAG,GAAG;AACvB,MAAI,MAAM,EAAG,QAAO;AACpB,MAAI,OAAO,MAAM,OAAO,EAAG,QAAO;AAClC,MAAI,MAAM,QAAQ,MAAM,KAAM,QAAO,MAAM;AAE3C,MAAI,MAAM,QAAQ,CAAC,KAAK,MAAM,QAAQ,CAAC,GAAG;AACxC,QAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,WAAO,EAAE,MAAM,CAAC,GAAG,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC;AAAA,EAC7C;AAEA,MAAI,OAAO,MAAM,YAAY,OAAO,MAAM,UAAU;AAClD,UAAM,QAAQ,OAAO,KAAK,CAAC;AAC3B,UAAM,QAAQ,OAAO,KAAK,CAAC;AAC3B,QAAI,MAAM,WAAW,MAAM,OAAQ,QAAO;AAC1C,WAAO,MAAM,MAAM,CAAC,MAAM,UAAU,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;AAAA,EACjD;AAEA,SAAO;AACT;AAEA,SAAS,UAAU,KAAK,GAAG;AACzB,QAAM,OAAO,OAAO,CAAC,EAAE,MAAM,GAAG,EAAE,OAAO,OAAO;AAChD,SAAO,QAAQ,KAAK,IAAI;AAC1B;AAEA,SAAS,cAAc,OAAO,GAAG;AAC/B,QAAM,MAAM,OAAO,CAAC;AACpB,SAAO,MAAM,IAAI,GAAG,KAAK;AAC3B;AAEA,SAAS,QAAQ,WAAW,UAAU;AACpC,WAAS,IAAI,GAAG,IAAI,UAAU,QAAQ,KAAK;AACzC,UAAM,IAAI,OAAO,UAAU,CAAC,CAAC;AAC7B,UAAM,IAAI,OAAO,SAAS,CAAC,CAAC;AAC5B,QAAI,MAAM,IAAK;AACf,QAAI,MAAM,EAAG,QAAO;AAAA,EACtB;AACA,SAAO;AACT;AAEA,SAAS,YAAY,WAAW;AAC9B,MAAI,IAAI;AACR,aAAW,OAAO,UAAW,KAAI,QAAQ,IAAK;AAC9C,SAAO;AACT;AAEA,SAAS,UAAU,MAAM,MAAM;AAC7B,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,OAAO,KAAK,MAAM,IAAI,MAAM;AAAA,IAC5B,aAAa;AAAA,IACb,UAAU,KAAK;AAAA,IACf,MAAM,KAAK;AAAA,IACX,KAAK,KAAK,OAAO;AAAA,IACjB,QAAQ,KAAK;AAAA;AAAA,IAEb,QAAQ,GAAG,KAAK,QAAQ,IAAI,KAAK,IAAI,IAAI,KAAK,OAAO,CAAC;AAAA,EACxD;AACF;AAEA,SAAS,MAAM,GAAG;AAChB,MAAI,MAAM,QAAQ,MAAM,OAAW,QAAO;AAC1C,MAAI,MAAM,QAAQ,CAAC,EAAG,QAAO,EAAE,IAAI,KAAK;AACxC,MAAI,OAAO,MAAM,SAAU,QAAO,gBAAgB,CAAC;AACnD,SAAO;AACT;",
+  "names": []
+}

package/dist/esm/secrets.js

@@ -0,0 +1,209 @@
+import { isPlainObject } from "./util.js";
+const globalRegistry = /* @__PURE__ */ new Map();
+function registerSecretProvider(provider) {
+  if (!provider.prefix || typeof provider.fetch !== "function") {
+    throw new Error("Invalid provider: must have prefix and fetch()");
+  }
+  globalRegistry.set(provider.prefix.toUpperCase(), provider);
+}
+function unregisterSecretProvider(prefix) {
+  return globalRegistry.delete(prefix.toUpperCase());
+}
+function clearSecretProviders() {
+  globalRegistry.clear();
+}
+function hasGlobalProviders() {
+  return globalRegistry.size > 0;
+}
+class SecretCache {
+  constructor(maxSize = 100) {
+    this.maxSize = maxSize;
+    this.cache = /* @__PURE__ */ new Map();
+  }
+  get(key) {
+    const entry = this.cache.get(key);
+    if (!entry) return void 0;
+    if (Date.now() > entry.expires) {
+      this.cache.delete(key);
+      return void 0;
+    }
+    this.cache.delete(key);
+    this.cache.set(key, entry);
+    return entry.value;
+  }
+  set(key, value, ttl) {
+    if (this.cache.size >= this.maxSize) {
+      const firstKey = this.cache.keys().next().value;
+      this.cache.delete(firstKey);
+    }
+    this.cache.set(key, { value, expires: Date.now() + ttl });
+  }
+  invalidate(pattern) {
+    if (!pattern) {
+      this.cache.clear();
+      return;
+    }
+    const regex = new RegExp("^" + globToRegex(pattern) + "$");
+    for (const key of this.cache.keys()) {
+      if (regex.test(key)) this.cache.delete(key);
+    }
+  }
+}
+function globToRegex(pattern) {
+  return pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+}
+const RX_SECRET = /\$\{([A-Z][A-Z0-9_]*):([^}]+)\}/g;
+const RESERVED = /* @__PURE__ */ new Set(["ENV", "VAR"]);
+function collectSecretRefs(value, refs = /* @__PURE__ */ new Map()) {
+  if (typeof value === "string") {
+    let match;
+    RX_SECRET.lastIndex = 0;
+    while ((match = RX_SECRET.exec(value)) !== null) {
+      const [, provider, key] = match;
+      if (RESERVED.has(provider)) continue;
+      const fullKey = `${provider}:${key.trim()}`;
+      if (!refs.has(fullKey)) {
+        refs.set(fullKey, { provider, key: key.trim() });
+      }
+    }
+    return refs;
+  }
+  if (Array.isArray(value)) {
+    for (const item of value) {
+      collectSecretRefs(item, refs);
+    }
+    return refs;
+  }
+  if (isPlainObject(value)) {
+    for (const v of Object.values(value)) {
+      collectSecretRefs(v, refs);
+    }
+  }
+  return refs;
+}
+function isAllowed(fullKey, allowedSecrets) {
+  if (allowedSecrets === null || allowedSecrets === void 0) return true;
+  for (const pattern of allowedSecrets) {
+    if (pattern === fullKey) return true;
+    const regex = new RegExp("^" + globToRegex(pattern) + "$");
+    if (regex.test(fullKey)) return true;
+    if (!pattern.includes(":")) {
+      const keyOnly = fullKey.split(":")[1];
+      const keyRegex = new RegExp("^" + globToRegex(pattern) + "$");
+      if (keyRegex.test(keyOnly)) return true;
+    }
+  }
+  return false;
+}
+async function applySecretsDeep(value, options = {}) {
+  const {
+    providers = [],
+    allowedSecrets = null,
+    cache = null,
+    cacheTtl = 3e5,
+    onNotFound = "warn",
+    warnings = []
+  } = options;
+  const registry = new Map(globalRegistry);
+  for (const p of providers) {
+    registry.set(p.prefix.toUpperCase(), p);
+  }
+  const refs = collectSecretRefs(value);
+  if (refs.size === 0) return value;
+  const resolved = /* @__PURE__ */ new Map();
+  const fetchPromises = [];
+  for (const [fullKey, { provider, key }] of refs) {
+    if (!isAllowed(fullKey, allowedSecrets)) {
+      warnings.push({
+        type: "blocked_secret",
+        provider,
+        key,
+        message: `Access to secret "${fullKey}" blocked by allowedSecrets`
+      });
+      resolved.set(fullKey, "");
+      continue;
+    }
+    if (cache) {
+      const cached = cache.get(fullKey);
+      if (cached !== void 0) {
+        resolved.set(fullKey, cached);
+        continue;
+      }
+    }
+    const providerInstance = registry.get(provider);
+    if (!providerInstance) {
+      warnings.push({
+        type: "unknown_provider",
+        provider,
+        key,
+        message: `No provider registered for "${provider}"`
+      });
+      resolved.set(fullKey, "");
+      continue;
+    }
+    fetchPromises.push(
+      providerInstance.fetch(key).then((val) => {
+        const strVal = val ?? "";
+        if (cache) cache.set(fullKey, strVal, cacheTtl);
+        resolved.set(fullKey, strVal);
+      }).catch((err) => {
+        const isNotFound = err.code === "NOT_FOUND" || err.name === "ResourceNotFoundException" || err.message?.includes("not found");
+        if (isNotFound) {
+          if (onNotFound === "error") {
+            throw new Error(`COLONY: Secret not found: ${fullKey}`);
+          }
+          warnings.push({
+            type: "secret_not_found",
+            provider,
+            key,
+            message: `Secret "${fullKey}" not found`
+          });
+          resolved.set(fullKey, "");
+        } else {
+          if (onNotFound === "error") {
+            throw err;
+          }
+          warnings.push({
+            type: "secret_fetch_error",
+            provider,
+            key,
+            message: `Failed to fetch "${fullKey}": ${err.message}`
+          });
+          resolved.set(fullKey, "");
+        }
+      })
+    );
+  }
+  await Promise.all(fetchPromises);
+  return replaceSecrets(value, resolved);
+}
+function replaceSecrets(value, resolved) {
+  if (typeof value === "string") {
+    return value.replace(RX_SECRET, (match, provider, key) => {
+      if (RESERVED.has(provider)) return match;
+      const fullKey = `${provider}:${key.trim()}`;
+      return resolved.get(fullKey) ?? "";
+    });
+  }
+  if (Array.isArray(value)) {
+    return value.map((v) => replaceSecrets(v, resolved));
+  }
+  if (isPlainObject(value)) {
+    const out = {};
+    for (const [k, v] of Object.entries(value)) {
+      out[k] = replaceSecrets(v, resolved);
+    }
+    return out;
+  }
+  return value;
+}
+export {
+  SecretCache,
+  applySecretsDeep,
+  clearSecretProviders,
+  collectSecretRefs,
+  hasGlobalProviders,
+  registerSecretProvider,
+  unregisterSecretProvider
+};
+//# sourceMappingURL=secrets.js.map

package/dist/esm/secrets.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/secrets.js"],
+  "sourcesContent": ["/**\n * Secrets provider system for colony\n */\n\nimport { isPlainObject } from \"./util.js\";\n\n// Global provider registry\nconst globalRegistry = new Map();\n\n/**\n * Register a secret provider globally\n * @param {object} provider - Provider with prefix and fetch()\n */\nexport function registerSecretProvider(provider) {\n  if (!provider.prefix || typeof provider.fetch !== \"function\") {\n    throw new Error(\"Invalid provider: must have prefix and fetch()\");\n  }\n  globalRegistry.set(provider.prefix.toUpperCase(), provider);\n}\n\n/**\n * Unregister a provider by prefix\n * @param {string} prefix - Provider prefix to remove\n * @returns {boolean} True if provider was removed\n */\nexport function unregisterSecretProvider(prefix) {\n  return globalRegistry.delete(prefix.toUpperCase());\n}\n\n/**\n * Clear all registered providers\n */\nexport function clearSecretProviders() {\n  globalRegistry.clear();\n}\n\n/**\n * Check if any global providers are registered\n * @returns {boolean}\n */\nexport function hasGlobalProviders() {\n  return globalRegistry.size > 0;\n}\n\n/**\n * Simple LRU cache for secrets\n */\nexport class SecretCache {\n  constructor(maxSize = 100) {\n    this.maxSize = maxSize;\n    this.cache = new Map();\n  }\n\n  get(key) {\n    const entry = this.cache.get(key);\n    if (!entry) return undefined;\n    if (Date.now() > entry.expires) {\n      this.cache.delete(key);\n      return undefined;\n    }\n    // Move to end for LRU behavior\n    this.cache.delete(key);\n    this.cache.set(key, entry);\n    return entry.value;\n  }\n\n  set(key, value, ttl) {\n    if (this.cache.size >= this.maxSize) {\n      // Remove oldest (first) entry\n      const firstKey = this.cache.keys().next().value;\n      this.cache.delete(firstKey);\n    }\n    this.cache.set(key, { value, expires: Date.now() + ttl });\n  }\n\n  invalidate(pattern) {\n    if (!pattern) {\n      this.cache.clear();\n      return;\n    }\n    const regex = new RegExp(\"^\" + globToRegex(pattern) + \"$\");\n    for (const key of this.cache.keys()) {\n      if (regex.test(key)) this.cache.delete(key);\n    }\n  }\n}\n\n/**\n * Convert a glob pattern to regex, escaping special chars except *\n * @param {string} pattern - Glob pattern (e.g., \"myapp/*\")\n * @returns {string} Regex pattern string\n */\nfunction globToRegex(pattern) {\n  return pattern\n    .replace(/[.+?^${}()|[\\]\\\\]/g, \"\\\\$&\") // escape regex special chars\n    .replace(/\\*/g, \".*\"); // convert glob * to regex .*\n}\n\n// Regex to match secret interpolations: ${PROVIDER:key}\n// Provider must start with uppercase letter, followed by uppercase letters, digits, or underscores\nconst RX_SECRET = /\\$\\{([A-Z][A-Z0-9_]*):([^}]+)\\}/g;\n\n// Reserved prefixes that are not secrets\nconst RESERVED = new Set([\"ENV\", \"VAR\"]);\n\n/**\n * Collect all secret references from a value tree\n * @param {any} value - Value to scan\n * @param {Map} refs - Map to collect refs into\n * @returns {Map} Map of fullKey -> { provider, key }\n */\nexport function collectSecretRefs(value, refs = new Map()) {\n  if (typeof value === \"string\") {\n    let match;\n    RX_SECRET.lastIndex = 0;\n    while ((match = RX_SECRET.exec(value)) !== null) {\n      const [, provider, key] = match;\n      if (RESERVED.has(provider)) continue;\n\n      const fullKey = `${provider}:${key.trim()}`;\n      if (!refs.has(fullKey)) {\n        refs.set(fullKey, { provider, key: key.trim() });\n      }\n    }\n    return refs;\n  }\n\n  if (Array.isArray(value)) {\n    for (const item of value) {\n      collectSecretRefs(item, refs);\n    }\n    return refs;\n  }\n\n  if (isPlainObject(value)) {\n    for (const v of Object.values(value)) {\n      collectSecretRefs(v, refs);\n    }\n  }\n\n  return refs;\n}\n\n/**\n * Check if a secret key matches any allowed pattern\n * @param {string} fullKey - Full key like \"AWS:myapp/db\"\n * @param {string[]|null} allowedSecrets - Allowed patterns\n * @returns {boolean}\n */\nfunction isAllowed(fullKey, allowedSecrets) {\n  if (allowedSecrets === null || allowedSecrets === undefined) return true;\n\n  for (const pattern of allowedSecrets) {\n    // Exact match\n    if (pattern === fullKey) return true;\n\n    // Glob pattern match on full key\n    const regex = new RegExp(\"^\" + globToRegex(pattern) + \"$\");\n    if (regex.test(fullKey)) return true;\n\n    // Pattern without provider matches any provider\n    if (!pattern.includes(\":\")) {\n      const keyOnly = fullKey.split(\":\")[1];\n      const keyRegex = new RegExp(\"^\" + globToRegex(pattern) + \"$\");\n      if (keyRegex.test(keyOnly)) return true;\n    }\n  }\n\n  return false;\n}\n\n/**\n * Fetch all secrets and apply to value tree\n * @param {any} value - Config value tree\n * @param {object} options - Options\n * @returns {Promise<any>} Value tree with secrets replaced\n */\nexport async function applySecretsDeep(value, options = {}) {\n  const {\n    providers = [],\n    allowedSecrets = null,\n    cache = null,\n    cacheTtl = 300000,\n    onNotFound = \"warn\",\n    warnings = [],\n  } = options;\n\n  // Merge local providers with global registry\n  const registry = new Map(globalRegistry);\n  for (const p of providers) {\n    registry.set(p.prefix.toUpperCase(), p);\n  }\n\n  // Collect all secret references\n  const refs = collectSecretRefs(value);\n  if (refs.size === 0) return value;\n\n  // Fetch all secrets in parallel\n  const resolved = new Map();\n  const fetchPromises = [];\n\n  for (const [fullKey, { provider, key }] of refs) {\n    // Check allowlist\n    if (!isAllowed(fullKey, allowedSecrets)) {\n      warnings.push({\n        type: \"blocked_secret\",\n        provider,\n        key,\n        message: `Access to secret \"${fullKey}\" blocked by allowedSecrets`,\n      });\n      resolved.set(fullKey, \"\");\n      continue;\n    }\n\n    // Check cache\n    if (cache) {\n      const cached = cache.get(fullKey);\n      if (cached !== undefined) {\n        resolved.set(fullKey, cached);\n        continue;\n      }\n    }\n\n    // Check provider exists\n    const providerInstance = registry.get(provider);\n    if (!providerInstance) {\n      warnings.push({\n        type: \"unknown_provider\",\n        provider,\n        key,\n        message: `No provider registered for \"${provider}\"`,\n      });\n      resolved.set(fullKey, \"\");\n      continue;\n    }\n\n    // Queue fetch\n    fetchPromises.push(\n      providerInstance\n        .fetch(key)\n        .then((val) => {\n          const strVal = val ?? \"\";\n          if (cache) cache.set(fullKey, strVal, cacheTtl);\n          resolved.set(fullKey, strVal);\n        })\n        .catch((err) => {\n          const isNotFound =\n            err.code === \"NOT_FOUND\" ||\n            err.name === \"ResourceNotFoundException\" ||\n            err.message?.includes(\"not found\");\n\n          if (isNotFound) {\n            if (onNotFound === \"error\") {\n              throw new Error(`COLONY: Secret not found: ${fullKey}`);\n            }\n            warnings.push({\n              type: \"secret_not_found\",\n              provider,\n              key,\n              message: `Secret \"${fullKey}\" not found`,\n            });\n            resolved.set(fullKey, \"\");\n          } else {\n            if (onNotFound === \"error\") {\n              throw err;\n            }\n            warnings.push({\n              type: \"secret_fetch_error\",\n              provider,\n              key,\n              message: `Failed to fetch \"${fullKey}\": ${err.message}`,\n            });\n            resolved.set(fullKey, \"\");\n          }\n        })\n    );\n  }\n\n  await Promise.all(fetchPromises);\n\n  // Apply resolved secrets to value tree\n  return replaceSecrets(value, resolved);\n}\n\n/**\n * Replace secret placeholders with resolved values\n * @param {any} value - Value to process\n * @param {Map} resolved - Map of fullKey -> resolved value\n * @returns {any} Value with secrets replaced\n */\nfunction replaceSecrets(value, resolved) {\n  if (typeof value === \"string\") {\n    return value.replace(RX_SECRET, (match, provider, key) => {\n      if (RESERVED.has(provider)) return match;\n      const fullKey = `${provider}:${key.trim()}`;\n      return resolved.get(fullKey) ?? \"\";\n    });\n  }\n\n  if (Array.isArray(value)) {\n    return value.map((v) => replaceSecrets(v, resolved));\n  }\n\n  if (isPlainObject(value)) {\n    const out = {};\n    for (const [k, v] of Object.entries(value)) {\n      out[k] = replaceSecrets(v, resolved);\n    }\n    return out;\n  }\n\n  return value;\n}\n"],
+  "mappings": "AAIA,SAAS,qBAAqB;AAG9B,MAAM,iBAAiB,oBAAI,IAAI;AAMxB,SAAS,uBAAuB,UAAU;AAC/C,MAAI,CAAC,SAAS,UAAU,OAAO,SAAS,UAAU,YAAY;AAC5D,UAAM,IAAI,MAAM,gDAAgD;AAAA,EAClE;AACA,iBAAe,IAAI,SAAS,OAAO,YAAY,GAAG,QAAQ;AAC5D;AAOO,SAAS,yBAAyB,QAAQ;AAC/C,SAAO,eAAe,OAAO,OAAO,YAAY,CAAC;AACnD;AAKO,SAAS,uBAAuB;AACrC,iBAAe,MAAM;AACvB;AAMO,SAAS,qBAAqB;AACnC,SAAO,eAAe,OAAO;AAC/B;AAKO,MAAM,YAAY;AAAA,EACvB,YAAY,UAAU,KAAK;AACzB,SAAK,UAAU;AACf,SAAK,QAAQ,oBAAI,IAAI;AAAA,EACvB;AAAA,EAEA,IAAI,KAAK;AACP,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AACnB,QAAI,KAAK,IAAI,IAAI,MAAM,SAAS;AAC9B,WAAK,MAAM,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAEA,SAAK,MAAM,OAAO,GAAG;AACrB,SAAK,MAAM,IAAI,KAAK,KAAK;AACzB,WAAO,MAAM;AAAA,EACf;AAAA,EAEA,IAAI,KAAK,OAAO,KAAK;AACnB,QAAI,KAAK,MAAM,QAAQ,KAAK,SAAS;AAEnC,YAAM,WAAW,KAAK,MAAM,KAAK,EAAE,KAAK,EAAE;AAC1C,WAAK,MAAM,OAAO,QAAQ;AAAA,IAC5B;AACA,SAAK,MAAM,IAAI,KAAK,EAAE,OAAO,SAAS,KAAK,IAAI,IAAI,IAAI,CAAC;AAAA,EAC1D;AAAA,EAEA,WAAW,SAAS;AAClB,QAAI,CAAC,SAAS;AACZ,WAAK,MAAM,MAAM;AACjB;AAAA,IACF;AACA,UAAM,QAAQ,IAAI,OAAO,MAAM,YAAY,OAAO,IAAI,GAAG;AACzD,eAAW,OAAO,KAAK,MAAM,KAAK,GAAG;AACnC,UAAI,MAAM,KAAK,GAAG,EAAG,MAAK,MAAM,OAAO,GAAG;AAAA,IAC5C;AAAA,EACF;AACF;AAOA,SAAS,YAAY,SAAS;AAC5B,SAAO,QACJ,QAAQ,sBAAsB,MAAM,EACpC,QAAQ,OAAO,IAAI;AACxB;AAIA,MAAM,YAAY;AAGlB,MAAM,WAAW,oBAAI,IAAI,CAAC,OAAO,KAAK,CAAC;AAQhC,SAAS,kBAAkB,OAAO,OAAO,oBAAI,IAAI,GAAG;AACzD,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI;AACJ,cAAU,YAAY;AACtB,YAAQ,QAAQ,UAAU,KAAK,KAAK,OAAO,MAAM;AAC/C,YAAM,CAAC,EAAE,UAAU,GAAG,IAAI;AAC1B,UAAI,SAAS,IAAI,QAAQ,EAAG;AAE5B,YAAM,UAAU,GAAG,QAAQ,IAAI,IAAI,KAAK,CAAC;AACzC,UAAI,CAAC,KAAK,IAAI,OAAO,GAAG;AACtB,aAAK,IAAI,SAAS,EAAE,UAAU,KAAK,IAAI,KAAK,EAAE,CAAC;AAAA,MACjD;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,eAAW,QAAQ,OAAO;AACxB,wBAAkB,MAAM,IAAI;AAAA,IAC9B;AACA,WAAO;AAAA,EACT;AAEA,MAAI,cAAc,KAAK,GAAG;AACxB,eAAW,KAAK,OAAO,OAAO,KAAK,GAAG;AACpC,wBAAkB,GAAG,IAAI;AAAA,IAC3B;AAAA,EACF;AAEA,SAAO;AACT;AAQA,SAAS,UAAU,SAAS,gBAAgB;AAC1C,MAAI,mBAAmB,QAAQ,mBAAmB,OAAW,QAAO;AAEpE,aAAW,WAAW,gBAAgB;AAEpC,QAAI,YAAY,QAAS,QAAO;AAGhC,UAAM,QAAQ,IAAI,OAAO,MAAM,YAAY,OAAO,IAAI,GAAG;AACzD,QAAI,MAAM,KAAK,OAAO,EAAG,QAAO;AAGhC,QAAI,CAAC,QAAQ,SAAS,GAAG,GAAG;AAC1B,YAAM,UAAU,QAAQ,MAAM,GAAG,EAAE,CAAC;AACpC,YAAM,WAAW,IAAI,OAAO,MAAM,YAAY,OAAO,IAAI,GAAG;AAC5D,UAAI,SAAS,KAAK,OAAO,EAAG,QAAO;AAAA,IACrC;AAAA,EACF;AAEA,SAAO;AACT;AAQA,eAAsB,iBAAiB,OAAO,UAAU,CAAC,GAAG;AAC1D,QAAM;AAAA,IACJ,YAAY,CAAC;AAAA,IACb,iBAAiB;AAAA,IACjB,QAAQ;AAAA,IACR,WAAW;AAAA,IACX,aAAa;AAAA,IACb,WAAW,CAAC;AAAA,EACd,IAAI;AAGJ,QAAM,WAAW,IAAI,IAAI,cAAc;AACvC,aAAW,KAAK,WAAW;AACzB,aAAS,IAAI,EAAE,OAAO,YAAY,GAAG,CAAC;AAAA,EACxC;AAGA,QAAM,OAAO,kBAAkB,KAAK;AACpC,MAAI,KAAK,SAAS,EAAG,QAAO;AAG5B,QAAM,WAAW,oBAAI,IAAI;AACzB,QAAM,gBAAgB,CAAC;AAEvB,aAAW,CAAC,SAAS,EAAE,UAAU,IAAI,CAAC,KAAK,MAAM;AAE/C,QAAI,CAAC,UAAU,SAAS,cAAc,GAAG;AACvC,eAAS,KAAK;AAAA,QACZ,MAAM;AAAA,QACN;AAAA,QACA;AAAA,QACA,SAAS,qBAAqB,OAAO;AAAA,MACvC,CAAC;AACD,eAAS,IAAI,SAAS,EAAE;AACxB;AAAA,IACF;AAGA,QAAI,OAAO;AACT,YAAM,SAAS,MAAM,IAAI,OAAO;AAChC,UAAI,WAAW,QAAW;AACxB,iBAAS,IAAI,SAAS,MAAM;AAC5B;AAAA,MACF;AAAA,IACF;AAGA,UAAM,mBAAmB,SAAS,IAAI,QAAQ;AAC9C,QAAI,CAAC,kBAAkB;AACrB,eAAS,KAAK;AAAA,QACZ,MAAM;AAAA,QACN;AAAA,QACA;AAAA,QACA,SAAS,+BAA+B,QAAQ;AAAA,MAClD,CAAC;AACD,eAAS,IAAI,SAAS,EAAE;AACxB;AAAA,IACF;AAGA,kBAAc;AAAA,MACZ,iBACG,MAAM,GAAG,EACT,KAAK,CAAC,QAAQ;AACb,cAAM,SAAS,OAAO;AACtB,YAAI,MAAO,OAAM,IAAI,SAAS,QAAQ,QAAQ;AAC9C,iBAAS,IAAI,SAAS,MAAM;AAAA,MAC9B,CAAC,EACA,MAAM,CAAC,QAAQ;AACd,cAAM,aACJ,IAAI,SAAS,eACb,IAAI,SAAS,+BACb,IAAI,SAAS,SAAS,WAAW;AAEnC,YAAI,YAAY;AACd,cAAI,eAAe,SAAS;AAC1B,kBAAM,IAAI,MAAM,6BAA6B,OAAO,EAAE;AAAA,UACxD;AACA,mBAAS,KAAK;AAAA,YACZ,MAAM;AAAA,YACN;AAAA,YACA;AAAA,YACA,SAAS,WAAW,OAAO;AAAA,UAC7B,CAAC;AACD,mBAAS,IAAI,SAAS,EAAE;AAAA,QAC1B,OAAO;AACL,cAAI,eAAe,SAAS;AAC1B,kBAAM;AAAA,UACR;AACA,mBAAS,KAAK;AAAA,YACZ,MAAM;AAAA,YACN;AAAA,YACA;AAAA,YACA,SAAS,oBAAoB,OAAO,MAAM,IAAI,OAAO;AAAA,UACvD,CAAC;AACD,mBAAS,IAAI,SAAS,EAAE;AAAA,QAC1B;AAAA,MACF,CAAC;AAAA,IACL;AAAA,EACF;AAEA,QAAM,QAAQ,IAAI,aAAa;AAG/B,SAAO,eAAe,OAAO,QAAQ;AACvC;AAQA,SAAS,eAAe,OAAO,UAAU;AACvC,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,MAAM,QAAQ,WAAW,CAAC,OAAO,UAAU,QAAQ;AACxD,UAAI,SAAS,IAAI,QAAQ,EAAG,QAAO;AACnC,YAAM,UAAU,GAAG,QAAQ,IAAI,IAAI,KAAK,CAAC;AACzC,aAAO,SAAS,IAAI,OAAO,KAAK;AAAA,IAClC,CAAC;AAAA,EACH;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,IAAI,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAAA,EACrD;AAEA,MAAI,cAAc,KAAK,GAAG;AACxB,UAAM,MAAM,CAAC;AACb,eAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,GAAG;AAC1C,UAAI,CAAC,IAAI,eAAe,GAAG,QAAQ;AAAA,IACrC;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;",
+  "names": []
+}

package/dist/esm/strings.js

@@ -0,0 +1,75 @@
+import { isPlainObject } from "./util.js";
+const RX_SECRET_PROVIDER = /^[A-Z][A-Z0-9_]*:/;
+function applyInterpolationDeep(value, { ctx, vars, allowedEnvVars = null, allowedVars = null, warnings = [] }) {
+  if (typeof value === "string") return interpolate(value, { ctx, vars, allowedEnvVars, allowedVars, warnings });
+  if (Array.isArray(value)) return value.map((v) => applyInterpolationDeep(v, { ctx, vars, allowedEnvVars, allowedVars, warnings }));
+  if (isPlainObject(value)) {
+    const out = {};
+    for (const [k, v] of Object.entries(value)) {
+      out[k] = applyInterpolationDeep(v, { ctx, vars, allowedEnvVars, allowedVars, warnings });
+    }
+    return out;
+  }
+  return value;
+}
+function interpolate(s, { ctx, vars, allowedEnvVars = null, allowedVars = null, warnings = [] }) {
+  return s.replace(/\$\{([^}]+)\}/g, (match, exprRaw) => {
+    const expr = exprRaw.trim();
+    if (expr.startsWith("ENV:")) {
+      const k = expr.slice(4).trim();
+      if (allowedEnvVars !== null && !allowedEnvVars.includes(k)) {
+        warnings.push({
+          type: "blocked_env_var",
+          var: k,
+          message: `Access to environment variable "${k}" blocked by allowedEnvVars whitelist`
+        });
+        return "";
+      }
+      return process.env[k] ?? "";
+    }
+    if (expr.startsWith("VAR:")) {
+      const k = expr.slice(4).trim();
+      if (allowedVars !== null && !allowedVars.includes(k)) {
+        warnings.push({
+          type: "blocked_var",
+          var: k,
+          message: `Access to custom variable "${k}" blocked by allowedVars whitelist`
+        });
+        return "";
+      }
+      if (vars?.[k] === void 0) {
+        warnings.push({
+          type: "unknown_var",
+          var: k,
+          message: `Unknown VAR "${k}" in interpolation ${match}`
+        });
+      }
+      return String(vars?.[k] ?? "");
+    }
+    if (expr.startsWith("ctx.")) {
+      const k = expr.slice(4).trim();
+      if (ctx?.[k] === void 0) {
+        warnings.push({
+          type: "unknown_ctx",
+          var: k,
+          message: `Unknown ctx dimension "${k}" in interpolation ${match}`
+        });
+      }
+      return String(ctx?.[k] ?? "");
+    }
+    if (RX_SECRET_PROVIDER.test(expr)) {
+      return match;
+    }
+    warnings.push({
+      type: "unknown_interpolation",
+      pattern: match,
+      message: `Unknown interpolation pattern: ${match}`
+    });
+    return "";
+  });
+}
+export {
+  applyInterpolationDeep,
+  interpolate
+};
+//# sourceMappingURL=strings.js.map

package/dist/esm/strings.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/strings.js"],
+  "sourcesContent": ["import { isPlainObject } from \"./util.js\";\n\n// Regex to detect secret provider patterns: ${PROVIDER:key}\n// Provider must start with uppercase letter, followed by uppercase letters, digits, or underscores\nconst RX_SECRET_PROVIDER = /^[A-Z][A-Z0-9_]*:/;\n\nexport function applyInterpolationDeep(value, { ctx, vars, allowedEnvVars = null, allowedVars = null, warnings = [] }) {\n  if (typeof value === \"string\") return interpolate(value, { ctx, vars, allowedEnvVars, allowedVars, warnings });\n  if (Array.isArray(value)) return value.map((v) => applyInterpolationDeep(v, { ctx, vars, allowedEnvVars, allowedVars, warnings }));\n  if (isPlainObject(value)) {\n    const out = {};\n    for (const [k, v] of Object.entries(value)) {\n      out[k] = applyInterpolationDeep(v, { ctx, vars, allowedEnvVars, allowedVars, warnings });\n    }\n    return out;\n  }\n  return value;\n}\n\nexport function interpolate(s, { ctx, vars, allowedEnvVars = null, allowedVars = null, warnings = [] }) {\n  return s.replace(/\\$\\{([^}]+)\\}/g, (match, exprRaw) => {\n    const expr = exprRaw.trim();\n\n    if (expr.startsWith(\"ENV:\")) {\n      const k = expr.slice(4).trim();\n      // Security: check if env var is allowed\n      if (allowedEnvVars !== null && !allowedEnvVars.includes(k)) {\n        warnings.push({\n          type: \"blocked_env_var\",\n          var: k,\n          message: `Access to environment variable \"${k}\" blocked by allowedEnvVars whitelist`,\n        });\n        return \"\";\n      }\n      return process.env[k] ?? \"\";\n    }\n\n    if (expr.startsWith(\"VAR:\")) {\n      const k = expr.slice(4).trim();\n      // Security: check if custom var is allowed\n      if (allowedVars !== null && !allowedVars.includes(k)) {\n        warnings.push({\n          type: \"blocked_var\",\n          var: k,\n          message: `Access to custom variable \"${k}\" blocked by allowedVars whitelist`,\n        });\n        return \"\";\n      }\n      if (vars?.[k] === undefined) {\n        warnings.push({\n          type: \"unknown_var\",\n          var: k,\n          message: `Unknown VAR \"${k}\" in interpolation ${match}`,\n        });\n      }\n      return String(vars?.[k] ?? \"\");\n    }\n\n    if (expr.startsWith(\"ctx.\")) {\n      const k = expr.slice(4).trim();\n      if (ctx?.[k] === undefined) {\n        warnings.push({\n          type: \"unknown_ctx\",\n          var: k,\n          message: `Unknown ctx dimension \"${k}\" in interpolation ${match}`,\n        });\n      }\n      return String(ctx?.[k] ?? \"\");\n    }\n\n    // Secret provider patterns (e.g., ${AWS:...}, ${OPENBAO:...}) - leave for secrets.js\n    if (RX_SECRET_PROVIDER.test(expr)) {\n      return match; // Keep the pattern intact for later secret processing\n    }\n\n    // Unknown interpolation pattern\n    warnings.push({\n      type: \"unknown_interpolation\",\n      pattern: match,\n      message: `Unknown interpolation pattern: ${match}`,\n    });\n    return \"\";\n  });\n}\n"],
+  "mappings": "AAAA,SAAS,qBAAqB;AAI9B,MAAM,qBAAqB;AAEpB,SAAS,uBAAuB,OAAO,EAAE,KAAK,MAAM,iBAAiB,MAAM,cAAc,MAAM,WAAW,CAAC,EAAE,GAAG;AACrH,MAAI,OAAO,UAAU,SAAU,QAAO,YAAY,OAAO,EAAE,KAAK,MAAM,gBAAgB,aAAa,SAAS,CAAC;AAC7G,MAAI,MAAM,QAAQ,KAAK,EAAG,QAAO,MAAM,IAAI,CAAC,MAAM,uBAAuB,GAAG,EAAE,KAAK,MAAM,gBAAgB,aAAa,SAAS,CAAC,CAAC;AACjI,MAAI,cAAc,KAAK,GAAG;AACxB,UAAM,MAAM,CAAC;AACb,eAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,GAAG;AAC1C,UAAI,CAAC,IAAI,uBAAuB,GAAG,EAAE,KAAK,MAAM,gBAAgB,aAAa,SAAS,CAAC;AAAA,IACzF;AACA,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,YAAY,GAAG,EAAE,KAAK,MAAM,iBAAiB,MAAM,cAAc,MAAM,WAAW,CAAC,EAAE,GAAG;AACtG,SAAO,EAAE,QAAQ,kBAAkB,CAAC,OAAO,YAAY;AACrD,UAAM,OAAO,QAAQ,KAAK;AAE1B,QAAI,KAAK,WAAW,MAAM,GAAG;AAC3B,YAAM,IAAI,KAAK,MAAM,CAAC,EAAE,KAAK;AAE7B,UAAI,mBAAmB,QAAQ,CAAC,eAAe,SAAS,CAAC,GAAG;AAC1D,iBAAS,KAAK;AAAA,UACZ,MAAM;AAAA,UACN,KAAK;AAAA,UACL,SAAS,mCAAmC,CAAC;AAAA,QAC/C,CAAC;AACD,eAAO;AAAA,MACT;AACA,aAAO,QAAQ,IAAI,CAAC,KAAK;AAAA,IAC3B;AAEA,QAAI,KAAK,WAAW,MAAM,GAAG;AAC3B,YAAM,IAAI,KAAK,MAAM,CAAC,EAAE,KAAK;AAE7B,UAAI,gBAAgB,QAAQ,CAAC,YAAY,SAAS,CAAC,GAAG;AACpD,iBAAS,KAAK;AAAA,UACZ,MAAM;AAAA,UACN,KAAK;AAAA,UACL,SAAS,8BAA8B,CAAC;AAAA,QAC1C,CAAC;AACD,eAAO;AAAA,MACT;AACA,UAAI,OAAO,CAAC,MAAM,QAAW;AAC3B,iBAAS,KAAK;AAAA,UACZ,MAAM;AAAA,UACN,KAAK;AAAA,UACL,SAAS,gBAAgB,CAAC,sBAAsB,KAAK;AAAA,QACvD,CAAC;AAAA,MACH;AACA,aAAO,OAAO,OAAO,CAAC,KAAK,EAAE;AAAA,IAC/B;AAEA,QAAI,KAAK,WAAW,MAAM,GAAG;AAC3B,YAAM,IAAI,KAAK,MAAM,CAAC,EAAE,KAAK;AAC7B,UAAI,MAAM,CAAC,MAAM,QAAW;AAC1B,iBAAS,KAAK;AAAA,UACZ,MAAM;AAAA,UACN,KAAK;AAAA,UACL,SAAS,0BAA0B,CAAC,sBAAsB,KAAK;AAAA,QACjE,CAAC;AAAA,MACH;AACA,aAAO,OAAO,MAAM,CAAC,KAAK,EAAE;AAAA,IAC9B;AAGA,QAAI,mBAAmB,KAAK,IAAI,GAAG;AACjC,aAAO;AAAA,IACT;AAGA,aAAS,KAAK;AAAA,MACZ,MAAM;AAAA,MACN,SAAS;AAAA,MACT,SAAS,kCAAkC,KAAK;AAAA,IAClD,CAAC;AACD,WAAO;AAAA,EACT,CAAC;AACH;",
+  "names": []
+}

package/dist/esm/util.js

@@ -0,0 +1,47 @@
+function isPlainObject(x) {
+  return x !== null && typeof x === "object" && !Array.isArray(x);
+}
+function getDeep(obj, pathSegs) {
+  let cur = obj;
+  for (const k of pathSegs) {
+    if (!isPlainObject(cur) && !Array.isArray(cur)) return void 0;
+    cur = cur[k];
+    if (cur === void 0) return void 0;
+  }
+  return cur;
+}
+function setDeep(obj, pathSegs, value) {
+  let cur = obj;
+  for (let i = 0; i < pathSegs.length; i++) {
+    const k = pathSegs[i];
+    if (i === pathSegs.length - 1) {
+      cur[k] = value;
+      return;
+    }
+    if (!isPlainObject(cur[k])) cur[k] = {};
+    cur = cur[k];
+  }
+}
+function deepMerge(a, b) {
+  if (Array.isArray(a) && Array.isArray(b)) return b;
+  if (isPlainObject(a) && isPlainObject(b)) {
+    const out = { ...a };
+    for (const [k, v] of Object.entries(b)) {
+      out[k] = k in out ? deepMerge(out[k], v) : v;
+    }
+    return out;
+  }
+  return b;
+}
+function getByPath(obj, path) {
+  const parts = String(path).split(".").filter(Boolean);
+  return getDeep(obj, parts);
+}
+export {
+  deepMerge,
+  getByPath,
+  getDeep,
+  isPlainObject,
+  setDeep
+};
+//# sourceMappingURL=util.js.map

package/dist/esm/util.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/util.js"],
+  "sourcesContent": ["export function isPlainObject(x) {\n  return x !== null && typeof x === \"object\" && !Array.isArray(x);\n}\n\nexport function getDeep(obj, pathSegs) {\n  let cur = obj;\n  for (const k of pathSegs) {\n    if (!isPlainObject(cur) && !Array.isArray(cur)) return undefined;\n    cur = cur[k];\n    if (cur === undefined) return undefined;\n  }\n  return cur;\n}\n\nexport function setDeep(obj, pathSegs, value) {\n  let cur = obj;\n  for (let i = 0; i < pathSegs.length; i++) {\n    const k = pathSegs[i];\n    if (i === pathSegs.length - 1) {\n      cur[k] = value;\n      return;\n    }\n    if (!isPlainObject(cur[k])) cur[k] = {};\n    cur = cur[k];\n  }\n}\n\nexport function deepMerge(a, b) {\n  if (Array.isArray(a) && Array.isArray(b)) return b;\n  if (isPlainObject(a) && isPlainObject(b)) {\n    const out = { ...a };\n    for (const [k, v] of Object.entries(b)) {\n      out[k] = k in out ? deepMerge(out[k], v) : v;\n    }\n    return out;\n  }\n  return b;\n}\n\n/**\n * Get a value from an object using dot-notation path string\n * @param {object} obj - Object to traverse\n * @param {string} path - Dot-separated path (e.g., \"database.password\")\n * @returns {any}\n */\nexport function getByPath(obj, path) {\n  const parts = String(path).split(\".\").filter(Boolean);\n  return getDeep(obj, parts);\n}\n"],
+  "mappings": "AAAO,SAAS,cAAc,GAAG;AAC/B,SAAO,MAAM,QAAQ,OAAO,MAAM,YAAY,CAAC,MAAM,QAAQ,CAAC;AAChE;AAEO,SAAS,QAAQ,KAAK,UAAU;AACrC,MAAI,MAAM;AACV,aAAW,KAAK,UAAU;AACxB,QAAI,CAAC,cAAc,GAAG,KAAK,CAAC,MAAM,QAAQ,GAAG,EAAG,QAAO;AACvD,UAAM,IAAI,CAAC;AACX,QAAI,QAAQ,OAAW,QAAO;AAAA,EAChC;AACA,SAAO;AACT;AAEO,SAAS,QAAQ,KAAK,UAAU,OAAO;AAC5C,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;AACxC,UAAM,IAAI,SAAS,CAAC;AACpB,QAAI,MAAM,SAAS,SAAS,GAAG;AAC7B,UAAI,CAAC,IAAI;AACT;AAAA,IACF;AACA,QAAI,CAAC,cAAc,IAAI,CAAC,CAAC,EAAG,KAAI,CAAC,IAAI,CAAC;AACtC,UAAM,IAAI,CAAC;AAAA,EACb;AACF;AAEO,SAAS,UAAU,GAAG,GAAG;AAC9B,MAAI,MAAM,QAAQ,CAAC,KAAK,MAAM,QAAQ,CAAC,EAAG,QAAO;AACjD,MAAI,cAAc,CAAC,KAAK,cAAc,CAAC,GAAG;AACxC,UAAM,MAAM,EAAE,GAAG,EAAE;AACnB,eAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,CAAC,GAAG;AACtC,UAAI,CAAC,IAAI,KAAK,MAAM,UAAU,IAAI,CAAC,GAAG,CAAC,IAAI;AAAA,IAC7C;AACA,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAQO,SAAS,UAAU,KAAK,MAAM;AACnC,QAAM,QAAQ,OAAO,IAAI,EAAE,MAAM,GAAG,EAAE,OAAO,OAAO;AACpD,SAAO,QAAQ,KAAK,KAAK;AAC3B;",
+  "names": []
+}