@anvil-cloud/sdk 0.0.14 → 0.0.15

package/bin/aws/oauthAuthorizer.js

@@ -0,0 +1,53 @@
+"use strict";
+// *** WARNING: this file was generated by pulumi-language-nodejs. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthAuthorizer = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("../utilities");
+/**
+ * An Anvil-managed JWT authorizer for HTTP API Gateway. Works with any OIDC-compliant identity provider — Auth0, Clerk, Google, Okta, Cognito. API Gateway verifies the JWT signature, issuer, audience, and expiry on every request natively — no Lambda or custom code required. Pass authorizerId to HttpApi defaultAuthorizerId to protect your routes.
+ */
+class OAuthAuthorizer extends pulumi.ComponentResource {
+    /**
+     * Returns true if the given object is an instance of OAuthAuthorizer.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === OAuthAuthorizer.__pulumiType;
+    }
+    /**
+     * Create a OAuthAuthorizer resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name, args, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (!opts.id) {
+            if (args?.audience === undefined && !opts.urn) {
+                throw new Error("Missing required property 'audience'");
+            }
+            if (args?.issuer === undefined && !opts.urn) {
+                throw new Error("Missing required property 'issuer'");
+            }
+            resourceInputs["audience"] = args?.audience;
+            resourceInputs["issuer"] = args?.issuer;
+            resourceInputs["authorizerId"] = undefined /*out*/;
+        }
+        else {
+            resourceInputs["authorizerId"] = undefined /*out*/;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(OAuthAuthorizer.__pulumiType, name, resourceInputs, opts, true /*remote*/);
+    }
+}
+exports.OAuthAuthorizer = OAuthAuthorizer;
+/** @internal */
+OAuthAuthorizer.__pulumiType = 'anvil:aws:OAuthAuthorizer';
+//# sourceMappingURL=oauthAuthorizer.js.map

package/bin/aws/oauthAuthorizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauthAuthorizer.js","sourceRoot":"","sources":["../../aws/oauthAuthorizer.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;GAEG;AACH,MAAa,eAAgB,SAAQ,MAAM,CAAC,iBAAiB;IAIzD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,eAAe,CAAC,YAAY,CAAC;IAChE,CAAC;IAOD;;;;;;OAMG;IACH,YAAY,IAAY,EAAE,IAAyB,EAAE,IAAsC;QACvF,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;YACV,IAAI,IAAI,EAAE,QAAQ,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC3C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,IAAI,EAAE,MAAM,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACzC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC;YACxC,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACtD;aAAM;YACH,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACtD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,eAAe,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACrF,CAAC;;AA7CL,0CA8CC;AA7CG,gBAAgB;AACO,4BAAY,GAAG,2BAA2B,CAAC"}

package/bin/aws/queue.d.ts

@@ -0,0 +1,83 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "../types/input";
+import * as grants from "../grants";
+/**
+ * An Anvil-managed SQS queue. A dead letter queue is always provisioned to prevent silent message loss. SSE-SQS encryption is enabled by default at no cost.
+ */
+export declare class Queue extends pulumi.ComponentResource {
+    /**
+     * Returns true if the given object is an instance of Queue.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is Queue;
+    /**
+     * The ARN of the SQS queue.
+     */
+    readonly arn: pulumi.Output<string>;
+    /**
+     * The ARN of the dead letter queue.
+     */
+    readonly dlqArn: pulumi.Output<string>;
+    /**
+     * The URL of the dead letter queue.
+     */
+    readonly dlqUrl: pulumi.Output<string>;
+    /**
+     * The physical name of the SQS queue.
+     */
+    readonly name: pulumi.Output<string>;
+    /**
+     * The URL of the SQS queue. Use this to send and receive messages.
+     */
+    readonly url: pulumi.Output<string>;
+    /**
+     * Create a Queue resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args?: QueueArgs, opts?: pulumi.ComponentResourceOptions);
+    /**
+     * Grants sendmessage access (sqs:SendMessage) on this queue
+     * to the target compute resource's execution role.
+     *
+     * @param target - The compute resource to grant access to.
+     * @param opts - Optional grant options (justification for audit trail).
+     */
+    grantSendMessage(target: grants.GrantTarget, opts?: grants.GrantOptions): void;
+    /**
+     * Grants consumemessages access (sqs:ReceiveMessage, sqs:DeleteMessage, sqs:GetQueueAttributes) on this queue
+     * to the target compute resource's execution role.
+     *
+     * @param target - The compute resource to grant access to.
+     * @param opts - Optional grant options (justification for audit trail).
+     */
+    grantConsumeMessages(target: grants.GrantTarget, opts?: grants.GrantOptions): void;
+    /**
+     * Grants full access (sqs:SendMessage, sqs:ReceiveMessage, sqs:DeleteMessage, sqs:GetQueueAttributes, sqs:ChangeMessageVisibility, sqs:PurgeQueue) on this queue
+     * to the target compute resource's execution role.
+     *
+     * This is an escape hatch — prefer scoped grants (grantRead, grantWrite, etc.).
+     * A warning is logged if no justification is provided.
+     */
+    grantFullAccess(target: grants.GrantTarget, opts?: grants.GrantOptions): void;
+}
+/**
+ * The set of arguments for constructing a Queue resource.
+ */
+export interface QueueArgs {
+    /**
+     * Wires a compute resource to consume messages from this queue. Creates the event source mapping (trigger) and grants the necessary IAM permissions automatically.
+     */
+    consumer?: pulumi.Input<inputs.aws.QueueConsumerArgsArgs>;
+    /**
+     * Dead letter queue configuration. Always provisioned — messages that fail processing are moved here instead of being silently dropped. Omit to use defaults (managed DLQ, maxReceiveCount: 3). Set arn to reuse an existing queue.
+     */
+    dlq?: pulumi.Input<inputs.aws.QueueDlqArgsArgs>;
+    /**
+     * Creates a FIFO queue when true. FIFO queues guarantee message ordering and exactly-once processing but have lower throughput (~3,000 msg/s vs unlimited for standard). Use for financial transactions, inventory updates, or any workflow where ordering or deduplication matters. Default: false.
+     */
+    fifo?: pulumi.Input<boolean>;
+    transform?: pulumi.Input<inputs.aws.QueueTransformArgsArgs>;
+}

package/bin/aws/queue.js

@@ -0,0 +1,103 @@
+"use strict";
+// *** WARNING: this file was generated by pulumi-language-nodejs. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Queue = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("../utilities");
+const grants = require("../grants");
+/**
+ * An Anvil-managed SQS queue. A dead letter queue is always provisioned to prevent silent message loss. SSE-SQS encryption is enabled by default at no cost.
+ */
+class Queue extends pulumi.ComponentResource {
+    /**
+     * Returns true if the given object is an instance of Queue.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === Queue.__pulumiType;
+    }
+    /**
+     * Create a Queue resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name, args, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (!opts.id) {
+            resourceInputs["consumer"] = args?.consumer;
+            resourceInputs["dlq"] = args?.dlq;
+            resourceInputs["fifo"] = args?.fifo;
+            resourceInputs["transform"] = args?.transform;
+            resourceInputs["arn"] = undefined /*out*/;
+            resourceInputs["dlqArn"] = undefined /*out*/;
+            resourceInputs["dlqUrl"] = undefined /*out*/;
+            resourceInputs["name"] = undefined /*out*/;
+            resourceInputs["url"] = undefined /*out*/;
+        }
+        else {
+            resourceInputs["arn"] = undefined /*out*/;
+            resourceInputs["dlqArn"] = undefined /*out*/;
+            resourceInputs["dlqUrl"] = undefined /*out*/;
+            resourceInputs["name"] = undefined /*out*/;
+            resourceInputs["url"] = undefined /*out*/;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(Queue.__pulumiType, name, resourceInputs, opts, true /*remote*/);
+        this.__name = name;
+    }
+    /**
+     * Grants sendmessage access (sqs:SendMessage) on this queue
+     * to the target compute resource's execution role.
+     *
+     * @param target - The compute resource to grant access to.
+     * @param opts - Optional grant options (justification for audit trail).
+     */
+    grantSendMessage(target, opts) {
+        const name = `${this.__name}-${target.grantName()}-sendmessage`;
+        const arns = grants.buildResourceArns(this.arn, undefined);
+        grants.createGrant(this, name, target, ["sqs:SendMessage"], arns, opts);
+    }
+    /**
+     * Grants consumemessages access (sqs:ReceiveMessage, sqs:DeleteMessage, sqs:GetQueueAttributes) on this queue
+     * to the target compute resource's execution role.
+     *
+     * @param target - The compute resource to grant access to.
+     * @param opts - Optional grant options (justification for audit trail).
+     */
+    grantConsumeMessages(target, opts) {
+        const name = `${this.__name}-${target.grantName()}-consumemessages`;
+        const arns = grants.buildResourceArns(this.arn, undefined);
+        grants.createGrant(this, name, target, ["sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes"], arns, opts);
+    }
+    /**
+     * Grants full access (sqs:SendMessage, sqs:ReceiveMessage, sqs:DeleteMessage, sqs:GetQueueAttributes, sqs:ChangeMessageVisibility, sqs:PurgeQueue) on this queue
+     * to the target compute resource's execution role.
+     *
+     * This is an escape hatch — prefer scoped grants (grantRead, grantWrite, etc.).
+     * A warning is logged if no justification is provided.
+     */
+    grantFullAccess(target, opts) {
+        if (!opts?.justification) {
+            pulumi.log.warn(`⚠ ${this.__name} → ${target.grantName()}: full access granted with no justification. ` +
+                `Consider scoping with grantRead, grantWrite, or grantDelete, ` +
+                `or add a justification.`, this);
+        }
+        else {
+            pulumi.log.info(`ℹ ${this.__name} → ${target.grantName()}: full access granted. Justification: "${opts.justification}"`, this);
+        }
+        const name = `${this.__name}-${target.grantName()}-fullaccess`;
+        const arns = grants.buildResourceArns(this.arn, undefined);
+        grants.createGrant(this, name, target, ["sqs:SendMessage", "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:ChangeMessageVisibility", "sqs:PurgeQueue"], arns, opts);
+    }
+}
+exports.Queue = Queue;
+/** @internal */
+Queue.__pulumiType = 'anvil:aws:Queue';
+//# sourceMappingURL=queue.js.map

package/bin/aws/queue.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"queue.js","sourceRoot":"","sources":["../../aws/queue.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAIzC,0CAA0C;AAC1C,oCAAoC;AAEpC;;GAEG;AACH,MAAa,KAAM,SAAQ,MAAM,CAAC,iBAAiB;IAO/C;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,YAAY,CAAC;IACtD,CAAC;IAuBD;;;;;;OAMG;IACH,YAAY,IAAY,EAAE,IAAgB,EAAE,IAAsC;QAC9E,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;YACV,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,GAAG,CAAC;YAClC,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC1C,cAAc,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC7C,cAAc,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC7C,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC3C,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC7C;aAAM;YACH,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC1C,cAAc,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC7C,cAAc,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC7C,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC3C,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC7C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACvB,CAAC;IAED;;;;;;OAMG;IACI,gBAAgB,CAAC,MAA0B,EAAE,IAA0B;QAC1E,MAAM,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,EAAE,cAAc,CAAC;QAChE,MAAM,IAAI,GAAG,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC3D,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5E,CAAC;IAED;;;;;;OAMG;IACI,oBAAoB,CAAC,MAA0B,EAAE,IAA0B;QAC9E,MAAM,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,EAAE,kBAAkB,CAAC;QACpE,MAAM,IAAI,GAAG,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC3D,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,oBAAoB,EAAE,mBAAmB,EAAE,wBAAwB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9H,CAAC;IAED;;;;;;OAMG;IACI,eAAe,CAAC,MAA0B,EAAE,IAA0B;QACzE,IAAI,CAAC,IAAI,EAAE,aAAa,EAAE;YACtB,MAAM,CAAC,GAAG,CAAC,IAAI,CACX,KAAK,IAAI,CAAC,MAAM,MAAM,MAAM,CAAC,SAAS,EAAE,+CAA+C;gBACvF,+DAA+D;gBAC/D,yBAAyB,EACzB,IAAI,CACP,CAAC;SACL;aAAM;YACH,MAAM,CAAC,GAAG,CAAC,IAAI,CACX,KAAK,IAAI,CAAC,MAAM,MAAM,MAAM,CAAC,SAAS,EAAE,0CAA0C,IAAI,CAAC,aAAa,GAAG,EACvG,IAAI,CACP,CAAC;SACL;QACD,MAAM,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,EAAE,aAAa,CAAC;QAC/D,MAAM,IAAI,GAAG,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC3D,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,iBAAiB,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,6BAA6B,EAAE,gBAAgB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAClM,CAAC;;AAzHL,sBA2HC;AA1HG,gBAAgB;AACO,kBAAY,GAAG,iBAAiB,CAAC"}

package/bin/aws/svelteKitSite.d.ts

@@ -1,4 +1,5 @@
 import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "../types/input";
 export declare class SvelteKitSite extends pulumi.ComponentResource {
     /**
      * Returns true if the given object is an instance of SvelteKitSite.  This is designed to work even
@@ -9,6 +10,10 @@ export declare class SvelteKitSite extends pulumi.ComponentResource {
     readonly cloudFrontDistributionId: pulumi.Output<string | undefined>;
     readonly dnsRecords: pulumi.Output<string | undefined>;
     readonly functionName: pulumi.Output<string | undefined>;
+    /**
+     * OriginSecret is the x-origin-secret header value to configure in Cloudflare Transform Rules. Only populated when originProtection is set.
+     */
+    readonly originSecret: pulumi.Output<string | undefined>;
     readonly url: pulumi.Output<string | undefined>;
     /**
      * Create a SvelteKitSite resource with the given unique name, arguments, and options.
@@ -30,6 +35,10 @@ export interface SvelteKitSiteArgs {
     environment?: pulumi.Input<{
         [key: string]: pulumi.Input<string>;
     }>;
+    /**
+     * OriginProtection enables WAF-based origin protection. When set, a WAF WebACL is created that blocks requests missing the x-origin-secret header. The secret value is output as originSecret. Requires domain to be set.
+     */
+    originProtection?: pulumi.Input<inputs.aws.SiteOriginProtectionArgs>;
     path?: pulumi.Input<string>;
     /**
      * Runtime-only environment vars set on the Lambda function. Supports Pulumi Output values (e.g. bucket.name, fn.arn). Only available at request time, NOT during build/prerendering.

package/bin/aws/svelteKitSite.js

@@ -29,6 +29,7 @@ class SvelteKitSite extends pulumi.ComponentResource {
         if (!opts.id) {
             resourceInputs["domain"] = args?.domain;
             resourceInputs["environment"] = args?.environment;
+            resourceInputs["originProtection"] = args?.originProtection;
             resourceInputs["path"] = args?.path;
             resourceInputs["runtimeEnvironment"] = args?.runtimeEnvironment;
             resourceInputs["transform"] = args?.transform;
@@ -36,6 +37,7 @@ class SvelteKitSite extends pulumi.ComponentResource {
             resourceInputs["cloudFrontDistributionId"] = undefined /*out*/;
             resourceInputs["dnsRecords"] = undefined /*out*/;
             resourceInputs["functionName"] = undefined /*out*/;
+            resourceInputs["originSecret"] = undefined /*out*/;
             resourceInputs["url"] = undefined /*out*/;
         }
         else {
@@ -43,6 +45,7 @@ class SvelteKitSite extends pulumi.ComponentResource {
             resourceInputs["cloudFrontDistributionId"] = undefined /*out*/;
             resourceInputs["dnsRecords"] = undefined /*out*/;
             resourceInputs["functionName"] = undefined /*out*/;
+            resourceInputs["originSecret"] = undefined /*out*/;
             resourceInputs["url"] = undefined /*out*/;
         }
         opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);

package/bin/aws/svelteKitSite.js.map

@@ -1 +1 @@
-{"version":3,"file":"svelteKitSite.js","sourceRoot":"","sources":["../../aws/svelteKitSite.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C,MAAa,aAAc,SAAQ,MAAM,CAAC,iBAAiB;IAIvD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,aAAa,CAAC,YAAY,CAAC;IAC9D,CAAC;IAQD;;;;;;OAMG;IACH,YAAY,IAAY,EAAE,IAAwB,EAAE,IAAsC;QACtF,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;YACV,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC;YACxC,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,EAAE,kBAAkB,CAAC;YAChE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,0BAA0B,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC/D,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACnD,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC7C;aAAM;YACH,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,0BAA0B,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC/D,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACnD,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC7C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACnF,CAAC;;AAnDL,sCAoDC;AAnDG,gBAAgB;AACO,0BAAY,GAAG,yBAAyB,CAAC"}
+{"version":3,"file":"svelteKitSite.js","sourceRoot":"","sources":["../../aws/svelteKitSite.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAIzC,0CAA0C;AAE1C,MAAa,aAAc,SAAQ,MAAM,CAAC,iBAAiB;IAIvD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,aAAa,CAAC,YAAY,CAAC;IAC9D,CAAC;IAYD;;;;;;OAMG;IACH,YAAY,IAAY,EAAE,IAAwB,EAAE,IAAsC;QACtF,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;YACV,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC;YACxC,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,EAAE,gBAAgB,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,EAAE,kBAAkB,CAAC;YAChE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,0BAA0B,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC/D,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACnD,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACnD,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC7C;aAAM;YACH,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,0BAA0B,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC/D,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACnD,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACnD,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC7C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACnF,CAAC;;AA1DL,sCA2DC;AA1DG,gBAAgB;AACO,0BAAY,GAAG,yBAAyB,CAAC"}

package/bin/aws/vpcEndpoint.d.ts

@@ -1,7 +1,7 @@
 import * as pulumi from "@pulumi/pulumi";
-import * as enums from "../types/enums";
+import * as inputs from "../types/input";
 /**
- * An Anvil-managed AWS Interface VPC Endpoint. Creates one ENI per private subnet with private DNS enabled — standard AWS service hostnames resolve to ENI IPs inside the VPC automatically. Includes a dedicated security group with zero rules by default. Use grantEndpointAccess on compute resources to open the network path. IAM permissions are managed separately via grantPermissions.
+ * An Anvil-managed AWS Interface VPC Endpoint. Creates one ENI per private subnet with private DNS enabled. The endpoint security group uses a self-referencing ingress rule on port 443 — only compute resources that have been explicitly granted access can reach the endpoint at the network layer. Access is enforced at three layers: network (self-referencing SG), IAM role policy (scoped per compute resource), and endpoint policy (blanket ceiling on allowed actions for all compute principals — Lambda, ECS, EC2).
  */
 export declare class VpcEndpoint extends pulumi.ComponentResource {
     /**
@@ -10,7 +10,7 @@ export declare class VpcEndpoint extends pulumi.ComponentResource {
      */
     static isInstance(obj: any): obj is VpcEndpoint;
     /**
-     * The first DNS name assigned to the endpoint, e.g. vpce-xxx.ssm.ap-southeast-2.vpce.amazonaws.com. With private DNS enabled, normal consumers use the standard AWS SDK hostname — this is exposed for debugging and multi-VPC architectures only.
+     * The first DNS name assigned to the endpoint, e.g. vpce-xxx.sqs.ap-southeast-2.vpce.amazonaws.com. With private DNS enabled, normal consumers use the standard AWS SDK hostname — this is exposed for debugging and multi-VPC architectures only.
      */
     readonly dnsName: pulumi.Output<string>;
     /**
@@ -18,7 +18,7 @@ export declare class VpcEndpoint extends pulumi.ComponentResource {
      */
     readonly endpointId: pulumi.Output<string>;
     /**
-     * The ID of the dedicated security group attached to this endpoint. Zero rules by default. Ingress rules are added when compute resources call grantEndpointAccess.
+     * The ID of the dedicated security group attached to this endpoint. Uses a self-referencing ingress rule on port 443 — only compute resources with this SG explicitly attached can reach the endpoint at the network layer.
      */
     readonly securityGroupId: pulumi.Output<string>;
     /**
@@ -34,6 +34,10 @@ export declare class VpcEndpoint extends pulumi.ComponentResource {
  * The set of arguments for constructing a VpcEndpoint resource.
  */
 export interface VpcEndpointArgs {
+    /**
+     * Explicit Allow and Deny permission statements for the endpoint policy. When omitted, the endpoint policy allows all actions (*) for all Anvil compute principals (Lambda, ECS, EC2). When set, only the declared actions are permitted — the caller is responsible for declaring every action their compute resources need. Supports both Allow and Deny effects. Resource defaults to "*" if omitted on a permission entry.
+     */
+    overridePermissions?: pulumi.Input<pulumi.Input<inputs.aws.VpcEndpointPermissionArgs>[]>;
     /**
      * The IDs of the private subnets to attach the endpoint to. AWS places one ENI per subnet. Pass all private subnet IDs from your VPC — typically one per AZ.
      */
@@ -41,7 +45,7 @@ export interface VpcEndpointArgs {
     /**
      * The AWS service to route privately. The full com.amazonaws.{region}.{service} name is constructed at deploy time from the resolved region — you never write it manually.
      */
-    service: pulumi.Input<enums.aws.AwsVpcEndpointService>;
+    service: pulumi.Input<string>;
     /**
      * The ID of the VPC to create the endpoint in. Accepts both Anvil-managed VPC IDs and imported VPC IDs.
      */

package/bin/aws/vpcEndpoint.js

@@ -6,7 +6,7 @@ exports.VpcEndpoint = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("../utilities");
 /**
- * An Anvil-managed AWS Interface VPC Endpoint. Creates one ENI per private subnet with private DNS enabled — standard AWS service hostnames resolve to ENI IPs inside the VPC automatically. Includes a dedicated security group with zero rules by default. Use grantEndpointAccess on compute resources to open the network path. IAM permissions are managed separately via grantPermissions.
+ * An Anvil-managed AWS Interface VPC Endpoint. Creates one ENI per private subnet with private DNS enabled. The endpoint security group uses a self-referencing ingress rule on port 443 — only compute resources that have been explicitly granted access can reach the endpoint at the network layer. Access is enforced at three layers: network (self-referencing SG), IAM role policy (scoped per compute resource), and endpoint policy (blanket ceiling on allowed actions for all compute principals — Lambda, ECS, EC2).
  */
 class VpcEndpoint extends pulumi.ComponentResource {
     /**
@@ -39,6 +39,7 @@ class VpcEndpoint extends pulumi.ComponentResource {
             if (args?.vpcId === undefined && !opts.urn) {
                 throw new Error("Missing required property 'vpcId'");
             }
+            resourceInputs["overridePermissions"] = args?.overridePermissions;
             resourceInputs["privateSubnetIds"] = args?.privateSubnetIds;
             resourceInputs["service"] = args?.service;
             resourceInputs["vpcId"] = args?.vpcId;

package/bin/aws/vpcEndpoint.js.map

@@ -1 +1 @@
-{"version":3,"file":"vpcEndpoint.js","sourceRoot":"","sources":["../../aws/vpcEndpoint.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAIzC,0CAA0C;AAE1C;;GAEG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,iBAAiB;IAIrD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;IAeD;;;;;;OAMG;IACH,YAAY,IAAY,EAAE,IAAqB,EAAE,IAAsC;QACnF,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;YACV,IAAI,IAAI,EAAE,gBAAgB,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACnE;YACD,IAAI,IAAI,EAAE,OAAO,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC1C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,IAAI,IAAI,EAAE,KAAK,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;aACxD;YACD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,EAAE,gBAAgB,CAAC;YAC5D,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC;YACtC,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9C,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACzD;aAAM;YACH,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9C,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACzD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACjF,CAAC;;AA7DL,kCA8DC;AA7DG,gBAAgB;AACO,wBAAY,GAAG,uBAAuB,CAAC"}
+{"version":3,"file":"vpcEndpoint.js","sourceRoot":"","sources":["../../aws/vpcEndpoint.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAIzC,0CAA0C;AAE1C;;GAEG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,iBAAiB;IAIrD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;IAeD;;;;;;OAMG;IACH,YAAY,IAAY,EAAE,IAAqB,EAAE,IAAsC;QACnF,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;YACV,IAAI,IAAI,EAAE,gBAAgB,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACnE;YACD,IAAI,IAAI,EAAE,OAAO,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC1C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,IAAI,IAAI,EAAE,KAAK,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;aACxD;YACD,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,EAAE,mBAAmB,CAAC;YAClE,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,EAAE,gBAAgB,CAAC;YAC5D,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC;YACtC,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9C,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACzD;aAAM;YACH,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9C,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACzD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACjF,CAAC;;AA9DL,kCA+DC;AA9DG,gBAAgB;AACO,wBAAY,GAAG,uBAAuB,CAAC"}

package/bin/grants.js

@@ -51,6 +51,10 @@ function sanitize(s) {
  */
 function buildResourceArns(baseArn, paths) {
     const arns = [baseArn];
+    if (paths === null) {
+        // Explicit null = base ARN only, no sub-paths (used by DynamoDB index grants)
+        return arns;
+    }
     if (!paths || paths.length === 0) {
         arns.push(pulumi.interpolate `${baseArn}/*`);
     }

package/bin/grants.js.map

@@ -1 +1 @@
-{"version":3,"file":"grants.js","sourceRoot":"","sources":["../grants.ts"],"names":[],"mappings":";AAAA,uBAAuB;AACvB,4EAA4E;AAC5E,EAAE;AACF,uEAAuE;AACvE,+EAA+E;;;AAE/E,yCAAyC;AACzC,mCAAmC;AAkBnC;;;;;GAKG;AACH,SAAgB,WAAW,CACzB,MAAuB,EACvB,IAAY,EACZ,MAAmB,EACnB,OAAiB,EACjB,YAAqC,EACrC,IAAmB;IAEnB,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAC7D,IAAI,CAAC,SAAS,CAAC;QACb,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,IAAI;aACf;SACF;KACF,CAAC,CACH,CAAC;IAEF,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACnD,MAAM,GAAG,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACjC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,IAAI,EAAE,aAAa;QACpC,CAAC,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE;QAC3C,CAAC,CAAC,IAAI,CAAC;IAET,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CACpB,UAAU,EACV;QACE,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,cAAc;KACvB,EACD,EAAE,MAAM,EAAE,CACX,CAAC;AACJ,CAAC;AAtCD,kCAsCC;AAED,gBAAgB;AAChB,SAAS,QAAQ,CAAC,CAAS;IACzB,OAAO,CAAC;SACL,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAC/B,OAA8B,EAC9B,KAAgB;IAEhB,MAAM,IAAI,GAA4B,CAAC,OAAO,CAAC,CAAC;IAEhD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAChC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAA,GAAG,OAAO,IAAI,CAAC,CAAC;KAC7C;SAAM;QACL,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE;YACrB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAA,GAAG,OAAO,IAAI,CAAC,EAAE,CAAC,CAAC;SAChD;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAfD,8CAeC"}
+{"version":3,"file":"grants.js","sourceRoot":"","sources":["../grants.ts"],"names":[],"mappings":";AAAA,uBAAuB;AACvB,4EAA4E;AAC5E,EAAE;AACF,uEAAuE;AACvE,+EAA+E;;;AAE/E,yCAAyC;AACzC,mCAAmC;AAkBnC;;;;;GAKG;AACH,SAAgB,WAAW,CACzB,MAAuB,EACvB,IAAY,EACZ,MAAmB,EACnB,OAAiB,EACjB,YAAqC,EACrC,IAAmB;IAEnB,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAC7D,IAAI,CAAC,SAAS,CAAC;QACb,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,IAAI;aACf;SACF;KACF,CAAC,CACH,CAAC;IAEF,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACnD,MAAM,GAAG,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACjC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,IAAI,EAAE,aAAa;QACpC,CAAC,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE;QAC3C,CAAC,CAAC,IAAI,CAAC;IAET,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CACpB,UAAU,EACV;QACE,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,cAAc;KACvB,EACD,EAAE,MAAM,EAAE,CACX,CAAC;AACJ,CAAC;AAtCD,kCAsCC;AAED,gBAAgB;AAChB,SAAS,QAAQ,CAAC,CAAS;IACzB,OAAO,CAAC;SACL,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAC/B,OAA8B,EAC9B,KAAuB;IAEvB,MAAM,IAAI,GAA4B,CAAC,OAAO,CAAC,CAAC;IAEhD,IAAI,KAAK,KAAK,IAAI,EAAE;QAClB,8EAA8E;QAC9E,OAAO,IAAI,CAAC;KACb;IAED,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAChC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAA,GAAG,OAAO,IAAI,CAAC,CAAC;KAC7C;SAAM;QACL,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE;YACrB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAA,GAAG,OAAO,IAAI,CAAC,EAAE,CAAC,CAAC;SAChD;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AApBD,8CAoBC"}

package/bin/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@anvil-cloud/sdk",
-  "version": "0.0.14",
+  "version": "0.0.15",
   "scripts": {
     "build": "tsc && cp package.json bin/"
   },