@cloudflare/workers-auth 0.1.0

package/dist/index.mjs

@@ -0,0 +1,2154 @@
+import { __name } from './chunk-PAWJFY3S.mjs';
+import { mkdirSync, writeFileSync, rmSync } from 'node:fs';
+import path from 'node:path';
+import { getEnvironmentVariableFactory, getCloudflareApiEnvironmentFromEnv, UserError, getGlobalWranglerConfigPath, parseTOML, readFileSync, getCloudflareComplianceRegion } from '@cloudflare/workers-utils';
+import { spawnSync } from 'node:child_process';
+import { fetch } from 'undici';
+import assert2 from 'node:assert';
+import http from 'node:http';
+import url from 'node:url';
+import { webcrypto } from 'node:crypto';
+import { TextEncoder } from 'node:util';
+
+// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js
+function getLineColFromPtr(string, ptr) {
+  let lines = string.slice(0, ptr).split(/\r\n|\n|\r/g);
+  return [lines.length, lines.pop().length + 1];
+}
+__name(getLineColFromPtr, "getLineColFromPtr");
+function makeCodeBlock(string, line, column) {
+  let lines = string.split(/\r\n|\n|\r/g);
+  let codeblock = "";
+  let numberLen = (Math.log10(line + 1) | 0) + 1;
+  for (let i = line - 1; i <= line + 1; i++) {
+    let l = lines[i - 1];
+    if (!l)
+      continue;
+    codeblock += i.toString().padEnd(numberLen, " ");
+    codeblock += ":  ";
+    codeblock += l;
+    codeblock += "\n";
+    if (i === line) {
+      codeblock += " ".repeat(numberLen + column + 2);
+      codeblock += "^\n";
+    }
+  }
+  return codeblock;
+}
+__name(makeCodeBlock, "makeCodeBlock");
+var TomlError = class extends Error {
+  static {
+    __name(this, "TomlError");
+  }
+  line;
+  column;
+  codeblock;
+  constructor(message, options) {
+    const [line, column] = getLineColFromPtr(options.toml, options.ptr);
+    const codeblock = makeCodeBlock(options.toml, line, column);
+    super(`Invalid TOML document: ${message}
+
+${codeblock}`, options);
+    this.line = line;
+    this.column = column;
+    this.codeblock = codeblock;
+  }
+};
+
+// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js
+function isEscaped(str, ptr) {
+  let i = 0;
+  while (str[ptr - ++i] === "\\")
+    ;
+  return --i && i % 2;
+}
+__name(isEscaped, "isEscaped");
+function indexOfNewline(str, start = 0, end = str.length) {
+  let idx = str.indexOf("\n", start);
+  if (str[idx - 1] === "\r")
+    idx--;
+  return idx <= end ? idx : -1;
+}
+__name(indexOfNewline, "indexOfNewline");
+function skipComment(str, ptr) {
+  for (let i = ptr; i < str.length; i++) {
+    let c = str[i];
+    if (c === "\n")
+      return i;
+    if (c === "\r" && str[i + 1] === "\n")
+      return i + 1;
+    if (c < " " && c !== "	" || c === "\x7F") {
+      throw new TomlError("control characters are not allowed in comments", {
+        toml: str,
+        ptr
+      });
+    }
+  }
+  return str.length;
+}
+__name(skipComment, "skipComment");
+function skipVoid(str, ptr, banNewLines, banComments) {
+  let c;
+  while ((c = str[ptr]) === " " || c === "	" || !banNewLines && (c === "\n" || c === "\r" && str[ptr + 1] === "\n"))
+    ptr++;
+  return banComments || c !== "#" ? ptr : skipVoid(str, skipComment(str, ptr), banNewLines);
+}
+__name(skipVoid, "skipVoid");
+function skipUntil(str, ptr, sep, end, banNewLines = false) {
+  if (!end) {
+    ptr = indexOfNewline(str, ptr);
+    return ptr < 0 ? str.length : ptr;
+  }
+  for (let i = ptr; i < str.length; i++) {
+    let c = str[i];
+    if (c === "#") {
+      i = indexOfNewline(str, i);
+    } else if (c === sep) {
+      return i + 1;
+    } else if (c === end || banNewLines && (c === "\n" || c === "\r" && str[i + 1] === "\n")) {
+      return i;
+    }
+  }
+  throw new TomlError("cannot find end of structure", {
+    toml: str,
+    ptr
+  });
+}
+__name(skipUntil, "skipUntil");
+function getStringEnd(str, seek) {
+  let first = str[seek];
+  let target = first === str[seek + 1] && str[seek + 1] === str[seek + 2] ? str.slice(seek, seek + 3) : first;
+  seek += target.length - 1;
+  do
+    seek = str.indexOf(target, ++seek);
+  while (seek > -1 && first !== "'" && isEscaped(str, seek));
+  if (seek > -1) {
+    seek += target.length;
+    if (target.length > 1) {
+      if (str[seek] === first)
+        seek++;
+      if (str[seek] === first)
+        seek++;
+    }
+  }
+  return seek;
+}
+__name(getStringEnd, "getStringEnd");
+
+// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/date.js
+var DATE_TIME_RE = /^(\d{4}-\d{2}-\d{2})?[T ]?(?:(\d{2}):\d{2}:\d{2}(?:\.\d+)?)?(Z|[-+]\d{2}:\d{2})?$/i;
+var TomlDate = class _TomlDate extends Date {
+  static {
+    __name(this, "TomlDate");
+  }
+  #hasDate = false;
+  #hasTime = false;
+  #offset = null;
+  constructor(date) {
+    let hasDate = true;
+    let hasTime = true;
+    let offset = "Z";
+    if (typeof date === "string") {
+      let match = date.match(DATE_TIME_RE);
+      if (match) {
+        if (!match[1]) {
+          hasDate = false;
+          date = `0000-01-01T${date}`;
+        }
+        hasTime = !!match[2];
+        hasTime && date[10] === " " && (date = date.replace(" ", "T"));
+        if (match[2] && +match[2] > 23) {
+          date = "";
+        } else {
+          offset = match[3] || null;
+          date = date.toUpperCase();
+          if (!offset && hasTime)
+            date += "Z";
+        }
+      } else {
+        date = "";
+      }
+    }
+    super(date);
+    if (!isNaN(this.getTime())) {
+      this.#hasDate = hasDate;
+      this.#hasTime = hasTime;
+      this.#offset = offset;
+    }
+  }
+  isDateTime() {
+    return this.#hasDate && this.#hasTime;
+  }
+  isLocal() {
+    return !this.#hasDate || !this.#hasTime || !this.#offset;
+  }
+  isDate() {
+    return this.#hasDate && !this.#hasTime;
+  }
+  isTime() {
+    return this.#hasTime && !this.#hasDate;
+  }
+  isValid() {
+    return this.#hasDate || this.#hasTime;
+  }
+  toISOString() {
+    let iso = super.toISOString();
+    if (this.isDate())
+      return iso.slice(0, 10);
+    if (this.isTime())
+      return iso.slice(11, 23);
+    if (this.#offset === null)
+      return iso.slice(0, -1);
+    if (this.#offset === "Z")
+      return iso;
+    let offset = +this.#offset.slice(1, 3) * 60 + +this.#offset.slice(4, 6);
+    offset = this.#offset[0] === "-" ? offset : -offset;
+    let offsetDate = new Date(this.getTime() - offset * 6e4);
+    return offsetDate.toISOString().slice(0, -1) + this.#offset;
+  }
+  static wrapAsOffsetDateTime(jsDate, offset = "Z") {
+    let date = new _TomlDate(jsDate);
+    date.#offset = offset;
+    return date;
+  }
+  static wrapAsLocalDateTime(jsDate) {
+    let date = new _TomlDate(jsDate);
+    date.#offset = null;
+    return date;
+  }
+  static wrapAsLocalDate(jsDate) {
+    let date = new _TomlDate(jsDate);
+    date.#hasTime = false;
+    date.#offset = null;
+    return date;
+  }
+  static wrapAsLocalTime(jsDate) {
+    let date = new _TomlDate(jsDate);
+    date.#hasDate = false;
+    date.#offset = null;
+    return date;
+  }
+};
+
+// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/primitive.js
+var INT_REGEX = /^((0x[0-9a-fA-F](_?[0-9a-fA-F])*)|(([+-]|0[ob])?\d(_?\d)*))$/;
+var FLOAT_REGEX = /^[+-]?\d(_?\d)*(\.\d(_?\d)*)?([eE][+-]?\d(_?\d)*)?$/;
+var LEADING_ZERO = /^[+-]?0[0-9_]/;
+var ESCAPE_REGEX = /^[0-9a-f]{4,8}$/i;
+var ESC_MAP = {
+  b: "\b",
+  t: "	",
+  n: "\n",
+  f: "\f",
+  r: "\r",
+  '"': '"',
+  "\\": "\\"
+};
+function parseString(str, ptr = 0, endPtr = str.length) {
+  let isLiteral = str[ptr] === "'";
+  let isMultiline = str[ptr++] === str[ptr] && str[ptr] === str[ptr + 1];
+  if (isMultiline) {
+    endPtr -= 2;
+    if (str[ptr += 2] === "\r")
+      ptr++;
+    if (str[ptr] === "\n")
+      ptr++;
+  }
+  let tmp = 0;
+  let isEscape;
+  let parsed = "";
+  let sliceStart = ptr;
+  while (ptr < endPtr - 1) {
+    let c = str[ptr++];
+    if (c === "\n" || c === "\r" && str[ptr] === "\n") {
+      if (!isMultiline) {
+        throw new TomlError("newlines are not allowed in strings", {
+          toml: str,
+          ptr: ptr - 1
+        });
+      }
+    } else if (c < " " && c !== "	" || c === "\x7F") {
+      throw new TomlError("control characters are not allowed in strings", {
+        toml: str,
+        ptr: ptr - 1
+      });
+    }
+    if (isEscape) {
+      isEscape = false;
+      if (c === "u" || c === "U") {
+        let code = str.slice(ptr, ptr += c === "u" ? 4 : 8);
+        if (!ESCAPE_REGEX.test(code)) {
+          throw new TomlError("invalid unicode escape", {
+            toml: str,
+            ptr: tmp
+          });
+        }
+        try {
+          parsed += String.fromCodePoint(parseInt(code, 16));
+        } catch {
+          throw new TomlError("invalid unicode escape", {
+            toml: str,
+            ptr: tmp
+          });
+        }
+      } else if (isMultiline && (c === "\n" || c === " " || c === "	" || c === "\r")) {
+        ptr = skipVoid(str, ptr - 1, true);
+        if (str[ptr] !== "\n" && str[ptr] !== "\r") {
+          throw new TomlError("invalid escape: only line-ending whitespace may be escaped", {
+            toml: str,
+            ptr: tmp
+          });
+        }
+        ptr = skipVoid(str, ptr);
+      } else if (c in ESC_MAP) {
+        parsed += ESC_MAP[c];
+      } else {
+        throw new TomlError("unrecognized escape sequence", {
+          toml: str,
+          ptr: tmp
+        });
+      }
+      sliceStart = ptr;
+    } else if (!isLiteral && c === "\\") {
+      tmp = ptr - 1;
+      isEscape = true;
+      parsed += str.slice(sliceStart, tmp);
+    }
+  }
+  return parsed + str.slice(sliceStart, endPtr - 1);
+}
+__name(parseString, "parseString");
+function parseValue(value, toml, ptr, integersAsBigInt) {
+  if (value === "true")
+    return true;
+  if (value === "false")
+    return false;
+  if (value === "-inf")
+    return -Infinity;
+  if (value === "inf" || value === "+inf")
+    return Infinity;
+  if (value === "nan" || value === "+nan" || value === "-nan")
+    return NaN;
+  if (value === "-0")
+    return integersAsBigInt ? 0n : 0;
+  let isInt = INT_REGEX.test(value);
+  if (isInt || FLOAT_REGEX.test(value)) {
+    if (LEADING_ZERO.test(value)) {
+      throw new TomlError("leading zeroes are not allowed", {
+        toml,
+        ptr
+      });
+    }
+    value = value.replace(/_/g, "");
+    let numeric = +value;
+    if (isNaN(numeric)) {
+      throw new TomlError("invalid number", {
+        toml,
+        ptr
+      });
+    }
+    if (isInt) {
+      if ((isInt = !Number.isSafeInteger(numeric)) && !integersAsBigInt) {
+        throw new TomlError("integer value cannot be represented losslessly", {
+          toml,
+          ptr
+        });
+      }
+      if (isInt || integersAsBigInt === true)
+        numeric = BigInt(value);
+    }
+    return numeric;
+  }
+  const date = new TomlDate(value);
+  if (!date.isValid()) {
+    throw new TomlError("invalid value", {
+      toml,
+      ptr
+    });
+  }
+  return date;
+}
+__name(parseValue, "parseValue");
+
+// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/extract.js
+function sliceAndTrimEndOf(str, startPtr, endPtr, allowNewLines) {
+  let value = str.slice(startPtr, endPtr);
+  let commentIdx = value.indexOf("#");
+  if (commentIdx > -1) {
+    skipComment(str, commentIdx);
+    value = value.slice(0, commentIdx);
+  }
+  let trimmed = value.trimEnd();
+  if (!allowNewLines) {
+    let newlineIdx = value.indexOf("\n", trimmed.length);
+    if (newlineIdx > -1) {
+      throw new TomlError("newlines are not allowed in inline tables", {
+        toml: str,
+        ptr: startPtr + newlineIdx
+      });
+    }
+  }
+  return [trimmed, commentIdx];
+}
+__name(sliceAndTrimEndOf, "sliceAndTrimEndOf");
+function extractValue(str, ptr, end, depth, integersAsBigInt) {
+  if (depth === 0) {
+    throw new TomlError("document contains excessively nested structures. aborting.", {
+      toml: str,
+      ptr
+    });
+  }
+  let c = str[ptr];
+  if (c === "[" || c === "{") {
+    let [value, endPtr2] = c === "[" ? parseArray(str, ptr, depth, integersAsBigInt) : parseInlineTable(str, ptr, depth, integersAsBigInt);
+    let newPtr = end ? skipUntil(str, endPtr2, ",", end) : endPtr2;
+    if (endPtr2 - newPtr && end === "}") {
+      let nextNewLine = indexOfNewline(str, endPtr2, newPtr);
+      if (nextNewLine > -1) {
+        throw new TomlError("newlines are not allowed in inline tables", {
+          toml: str,
+          ptr: nextNewLine
+        });
+      }
+    }
+    return [value, newPtr];
+  }
+  let endPtr;
+  if (c === '"' || c === "'") {
+    endPtr = getStringEnd(str, ptr);
+    let parsed = parseString(str, ptr, endPtr);
+    if (end) {
+      endPtr = skipVoid(str, endPtr, end !== "]");
+      if (str[endPtr] && str[endPtr] !== "," && str[endPtr] !== end && str[endPtr] !== "\n" && str[endPtr] !== "\r") {
+        throw new TomlError("unexpected character encountered", {
+          toml: str,
+          ptr: endPtr
+        });
+      }
+      endPtr += +(str[endPtr] === ",");
+    }
+    return [parsed, endPtr];
+  }
+  endPtr = skipUntil(str, ptr, ",", end);
+  let slice = sliceAndTrimEndOf(str, ptr, endPtr - +(str[endPtr - 1] === ","), end === "]");
+  if (!slice[0]) {
+    throw new TomlError("incomplete key-value declaration: no value specified", {
+      toml: str,
+      ptr
+    });
+  }
+  if (end && slice[1] > -1) {
+    endPtr = skipVoid(str, ptr + slice[1]);
+    endPtr += +(str[endPtr] === ",");
+  }
+  return [
+    parseValue(slice[0], str, ptr, integersAsBigInt),
+    endPtr
+  ];
+}
+__name(extractValue, "extractValue");
+
+// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/struct.js
+var KEY_PART_RE = /^[a-zA-Z0-9-_]+[ \t]*$/;
+function parseKey(str, ptr, end = "=") {
+  let dot = ptr - 1;
+  let parsed = [];
+  let endPtr = str.indexOf(end, ptr);
+  if (endPtr < 0) {
+    throw new TomlError("incomplete key-value: cannot find end of key", {
+      toml: str,
+      ptr
+    });
+  }
+  do {
+    let c = str[ptr = ++dot];
+    if (c !== " " && c !== "	") {
+      if (c === '"' || c === "'") {
+        if (c === str[ptr + 1] && c === str[ptr + 2]) {
+          throw new TomlError("multiline strings are not allowed in keys", {
+            toml: str,
+            ptr
+          });
+        }
+        let eos = getStringEnd(str, ptr);
+        if (eos < 0) {
+          throw new TomlError("unfinished string encountered", {
+            toml: str,
+            ptr
+          });
+        }
+        dot = str.indexOf(".", eos);
+        let strEnd = str.slice(eos, dot < 0 || dot > endPtr ? endPtr : dot);
+        let newLine = indexOfNewline(strEnd);
+        if (newLine > -1) {
+          throw new TomlError("newlines are not allowed in keys", {
+            toml: str,
+            ptr: ptr + dot + newLine
+          });
+        }
+        if (strEnd.trimStart()) {
+          throw new TomlError("found extra tokens after the string part", {
+            toml: str,
+            ptr: eos
+          });
+        }
+        if (endPtr < eos) {
+          endPtr = str.indexOf(end, eos);
+          if (endPtr < 0) {
+            throw new TomlError("incomplete key-value: cannot find end of key", {
+              toml: str,
+              ptr
+            });
+          }
+        }
+        parsed.push(parseString(str, ptr, eos));
+      } else {
+        dot = str.indexOf(".", ptr);
+        let part = str.slice(ptr, dot < 0 || dot > endPtr ? endPtr : dot);
+        if (!KEY_PART_RE.test(part)) {
+          throw new TomlError("only letter, numbers, dashes and underscores are allowed in keys", {
+            toml: str,
+            ptr
+          });
+        }
+        parsed.push(part.trimEnd());
+      }
+    }
+  } while (dot + 1 && dot < endPtr);
+  return [parsed, skipVoid(str, endPtr + 1, true, true)];
+}
+__name(parseKey, "parseKey");
+function parseInlineTable(str, ptr, depth, integersAsBigInt) {
+  let res = {};
+  let seen = /* @__PURE__ */ new Set();
+  let c;
+  let comma = 0;
+  ptr++;
+  while ((c = str[ptr++]) !== "}" && c) {
+    let err = { toml: str, ptr: ptr - 1 };
+    if (c === "\n") {
+      throw new TomlError("newlines are not allowed in inline tables", err);
+    } else if (c === "#") {
+      throw new TomlError("inline tables cannot contain comments", err);
+    } else if (c === ",") {
+      throw new TomlError("expected key-value, found comma", err);
+    } else if (c !== " " && c !== "	") {
+      let k;
+      let t = res;
+      let hasOwn = false;
+      let [key, keyEndPtr] = parseKey(str, ptr - 1);
+      for (let i = 0; i < key.length; i++) {
+        if (i)
+          t = hasOwn ? t[k] : t[k] = {};
+        k = key[i];
+        if ((hasOwn = Object.hasOwn(t, k)) && (typeof t[k] !== "object" || seen.has(t[k]))) {
+          throw new TomlError("trying to redefine an already defined value", {
+            toml: str,
+            ptr
+          });
+        }
+        if (!hasOwn && k === "__proto__") {
+          Object.defineProperty(t, k, { enumerable: true, configurable: true, writable: true });
+        }
+      }
+      if (hasOwn) {
+        throw new TomlError("trying to redefine an already defined value", {
+          toml: str,
+          ptr
+        });
+      }
+      let [value, valueEndPtr] = extractValue(str, keyEndPtr, "}", depth - 1, integersAsBigInt);
+      seen.add(value);
+      t[k] = value;
+      ptr = valueEndPtr;
+      comma = str[ptr - 1] === "," ? ptr - 1 : 0;
+    }
+  }
+  if (comma) {
+    throw new TomlError("trailing commas are not allowed in inline tables", {
+      toml: str,
+      ptr: comma
+    });
+  }
+  if (!c) {
+    throw new TomlError("unfinished table encountered", {
+      toml: str,
+      ptr
+    });
+  }
+  return [res, ptr];
+}
+__name(parseInlineTable, "parseInlineTable");
+function parseArray(str, ptr, depth, integersAsBigInt) {
+  let res = [];
+  let c;
+  ptr++;
+  while ((c = str[ptr++]) !== "]" && c) {
+    if (c === ",") {
+      throw new TomlError("expected value, found comma", {
+        toml: str,
+        ptr: ptr - 1
+      });
+    } else if (c === "#")
+      ptr = skipComment(str, ptr);
+    else if (c !== " " && c !== "	" && c !== "\n" && c !== "\r") {
+      let e = extractValue(str, ptr - 1, "]", depth - 1, integersAsBigInt);
+      res.push(e[0]);
+      ptr = e[1];
+    }
+  }
+  if (!c) {
+    throw new TomlError("unfinished array encountered", {
+      toml: str,
+      ptr
+    });
+  }
+  return [res, ptr];
+}
+__name(parseArray, "parseArray");
+
+// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/parse.js
+function peekTable(key, table, meta, type) {
+  let t = table;
+  let m = meta;
+  let k;
+  let hasOwn = false;
+  let state;
+  for (let i = 0; i < key.length; i++) {
+    if (i) {
+      t = hasOwn ? t[k] : t[k] = {};
+      m = (state = m[k]).c;
+      if (type === 0 && (state.t === 1 || state.t === 2)) {
+        return null;
+      }
+      if (state.t === 2) {
+        let l = t.length - 1;
+        t = t[l];
+        m = m[l].c;
+      }
+    }
+    k = key[i];
+    if ((hasOwn = Object.hasOwn(t, k)) && m[k]?.t === 0 && m[k]?.d) {
+      return null;
+    }
+    if (!hasOwn) {
+      if (k === "__proto__") {
+        Object.defineProperty(t, k, { enumerable: true, configurable: true, writable: true });
+        Object.defineProperty(m, k, { enumerable: true, configurable: true, writable: true });
+      }
+      m[k] = {
+        t: i < key.length - 1 && type === 2 ? 3 : type,
+        d: false,
+        i: 0,
+        c: {}
+      };
+    }
+  }
+  state = m[k];
+  if (state.t !== type && !(type === 1 && state.t === 3)) {
+    return null;
+  }
+  if (type === 2) {
+    if (!state.d) {
+      state.d = true;
+      t[k] = [];
+    }
+    t[k].push(t = {});
+    state.c[state.i++] = state = { t: 1, d: false, i: 0, c: {} };
+  }
+  if (state.d) {
+    return null;
+  }
+  state.d = true;
+  if (type === 1) {
+    t = hasOwn ? t[k] : t[k] = {};
+  } else if (type === 0 && hasOwn) {
+    return null;
+  }
+  return [k, t, state.c];
+}
+__name(peekTable, "peekTable");
+function parse(toml, { maxDepth = 1e3, integersAsBigInt } = {}) {
+  let res = {};
+  let meta = {};
+  let tbl = res;
+  let m = meta;
+  for (let ptr = skipVoid(toml, 0); ptr < toml.length; ) {
+    if (toml[ptr] === "[") {
+      let isTableArray = toml[++ptr] === "[";
+      let k = parseKey(toml, ptr += +isTableArray, "]");
+      if (isTableArray) {
+        if (toml[k[1] - 1] !== "]") {
+          throw new TomlError("expected end of table declaration", {
+            toml,
+            ptr: k[1] - 1
+          });
+        }
+        k[1]++;
+      }
+      let p = peekTable(
+        k[0],
+        res,
+        meta,
+        isTableArray ? 2 : 1
+        /* Type.EXPLICIT */
+      );
+      if (!p) {
+        throw new TomlError("trying to redefine an already defined table or value", {
+          toml,
+          ptr
+        });
+      }
+      m = p[2];
+      tbl = p[1];
+      ptr = k[1];
+    } else {
+      let k = parseKey(toml, ptr);
+      let p = peekTable(
+        k[0],
+        tbl,
+        m,
+        0
+        /* Type.DOTTED */
+      );
+      if (!p) {
+        throw new TomlError("trying to redefine an already defined table or value", {
+          toml,
+          ptr
+        });
+      }
+      let v = extractValue(toml, k[1], void 0, maxDepth, integersAsBigInt);
+      p[1][p[0]] = v[0];
+      ptr = v[1];
+    }
+    ptr = skipVoid(toml, ptr, true);
+    if (toml[ptr] && toml[ptr] !== "\n" && toml[ptr] !== "\r") {
+      throw new TomlError("each key-value declaration must be followed by an end-of-line", {
+        toml,
+        ptr
+      });
+    }
+    ptr = skipVoid(toml, ptr);
+  }
+  return res;
+}
+__name(parse, "parse");
+
+// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/stringify.js
+var BARE_KEY = /^[a-z0-9-_]+$/i;
+function extendedTypeOf(obj) {
+  let type = typeof obj;
+  if (type === "object") {
+    if (Array.isArray(obj))
+      return "array";
+    if (obj instanceof Date)
+      return "date";
+  }
+  return type;
+}
+__name(extendedTypeOf, "extendedTypeOf");
+function isArrayOfTables(obj) {
+  for (let i = 0; i < obj.length; i++) {
+    if (extendedTypeOf(obj[i]) !== "object")
+      return false;
+  }
+  return obj.length != 0;
+}
+__name(isArrayOfTables, "isArrayOfTables");
+function formatString(s) {
+  return JSON.stringify(s).replace(/\x7f/g, "\\u007f");
+}
+__name(formatString, "formatString");
+function stringifyValue(val, type, depth, numberAsFloat) {
+  if (depth === 0) {
+    throw new Error("Could not stringify the object: maximum object depth exceeded");
+  }
+  if (type === "number") {
+    if (isNaN(val))
+      return "nan";
+    if (val === Infinity)
+      return "inf";
+    if (val === -Infinity)
+      return "-inf";
+    if (numberAsFloat && Number.isInteger(val))
+      return val.toFixed(1);
+    return val.toString();
+  }
+  if (type === "bigint" || type === "boolean") {
+    return val.toString();
+  }
+  if (type === "string") {
+    return formatString(val);
+  }
+  if (type === "date") {
+    if (isNaN(val.getTime())) {
+      throw new TypeError("cannot serialize invalid date");
+    }
+    return val.toISOString();
+  }
+  if (type === "object") {
+    return stringifyInlineTable(val, depth, numberAsFloat);
+  }
+  if (type === "array") {
+    return stringifyArray(val, depth, numberAsFloat);
+  }
+}
+__name(stringifyValue, "stringifyValue");
+function stringifyInlineTable(obj, depth, numberAsFloat) {
+  let keys = Object.keys(obj);
+  if (keys.length === 0)
+    return "{}";
+  let res = "{ ";
+  for (let i = 0; i < keys.length; i++) {
+    let k = keys[i];
+    if (i)
+      res += ", ";
+    res += BARE_KEY.test(k) ? k : formatString(k);
+    res += " = ";
+    res += stringifyValue(obj[k], extendedTypeOf(obj[k]), depth - 1, numberAsFloat);
+  }
+  return res + " }";
+}
+__name(stringifyInlineTable, "stringifyInlineTable");
+function stringifyArray(array, depth, numberAsFloat) {
+  if (array.length === 0)
+    return "[]";
+  let res = "[ ";
+  for (let i = 0; i < array.length; i++) {
+    if (i)
+      res += ", ";
+    if (array[i] === null || array[i] === void 0) {
+      throw new TypeError("arrays cannot contain null or undefined values");
+    }
+    res += stringifyValue(array[i], extendedTypeOf(array[i]), depth - 1, numberAsFloat);
+  }
+  return res + " ]";
+}
+__name(stringifyArray, "stringifyArray");
+function stringifyArrayTable(array, key, depth, numberAsFloat) {
+  if (depth === 0) {
+    throw new Error("Could not stringify the object: maximum object depth exceeded");
+  }
+  let res = "";
+  for (let i = 0; i < array.length; i++) {
+    res += `${res && "\n"}[[${key}]]
+`;
+    res += stringifyTable(0, array[i], key, depth, numberAsFloat);
+  }
+  return res;
+}
+__name(stringifyArrayTable, "stringifyArrayTable");
+function stringifyTable(tableKey, obj, prefix, depth, numberAsFloat) {
+  if (depth === 0) {
+    throw new Error("Could not stringify the object: maximum object depth exceeded");
+  }
+  let preamble = "";
+  let tables = "";
+  let keys = Object.keys(obj);
+  for (let i = 0; i < keys.length; i++) {
+    let k = keys[i];
+    if (obj[k] !== null && obj[k] !== void 0) {
+      let type = extendedTypeOf(obj[k]);
+      if (type === "symbol" || type === "function") {
+        throw new TypeError(`cannot serialize values of type '${type}'`);
+      }
+      let key = BARE_KEY.test(k) ? k : formatString(k);
+      if (type === "array" && isArrayOfTables(obj[k])) {
+        tables += (tables && "\n") + stringifyArrayTable(obj[k], prefix ? `${prefix}.${key}` : key, depth - 1, numberAsFloat);
+      } else if (type === "object") {
+        let tblKey = prefix ? `${prefix}.${key}` : key;
+        tables += (tables && "\n") + stringifyTable(tblKey, obj[k], tblKey, depth - 1, numberAsFloat);
+      } else {
+        preamble += key;
+        preamble += " = ";
+        preamble += stringifyValue(obj[k], type, depth, numberAsFloat);
+        preamble += "\n";
+      }
+    }
+  }
+  if (tableKey && (preamble || !tables))
+    preamble = preamble ? `[${tableKey}]
+${preamble}` : `[${tableKey}]`;
+  return preamble && tables ? `${preamble}
+${tables}` : preamble || tables;
+}
+__name(stringifyTable, "stringifyTable");
+function stringify(obj, { maxDepth = 1e3, numbersAsFloat = false } = {}) {
+  if (extendedTypeOf(obj) !== "object") {
+    throw new TypeError("stringify can only be called with an object");
+  }
+  let str = stringifyTable(0, obj, "", maxDepth, numbersAsFloat);
+  if (str[str.length - 1] !== "\n")
+    return str + "\n";
+  return str;
+}
+__name(stringify, "stringify");
+
+// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/index.js
+var dist_default = { parse, stringify, TomlDate, TomlError };
+
+// src/auth-config-file.ts
+var USER_AUTH_CONFIG_PATH = "config";
+function getAuthConfigFilePath() {
+  const environment = getCloudflareApiEnvironmentFromEnv();
+  const filePath = `${USER_AUTH_CONFIG_PATH}/${environment === "production" ? "default.toml" : `${environment}.toml`}`;
+  return path.join(getGlobalWranglerConfigPath(), filePath);
+}
+__name(getAuthConfigFilePath, "getAuthConfigFilePath");
+function writeAuthConfigFile(config) {
+  const configPath = getAuthConfigFilePath();
+  mkdirSync(path.dirname(configPath), {
+    recursive: true
+  });
+  writeFileSync(configPath, dist_default.stringify(config), {
+    encoding: "utf-8"
+  });
+}
+__name(writeAuthConfigFile, "writeAuthConfigFile");
+function readAuthConfigFile() {
+  return parseTOML(readFileSync(getAuthConfigFilePath()));
+}
+__name(readAuthConfigFile, "readAuthConfigFile");
+var getClientIdFromEnv = getEnvironmentVariableFactory({
+  variableName: "WRANGLER_CLIENT_ID",
+  defaultValue: /* @__PURE__ */ __name(() => getCloudflareApiEnvironmentFromEnv() === "staging" ? "4b2ea6cc-9421-4761-874b-ce550e0e3def" : "54d11594-84e4-41aa-b438-e81b8fa78ee7", "defaultValue")
+});
+var getAuthDomainFromEnv = getEnvironmentVariableFactory({
+  variableName: "WRANGLER_AUTH_DOMAIN",
+  defaultValue: /* @__PURE__ */ __name(() => getCloudflareApiEnvironmentFromEnv() === "staging" ? "dash.staging.cloudflare.com" : "dash.cloudflare.com", "defaultValue")
+});
+var getAuthUrlFromEnv = getEnvironmentVariableFactory({
+  variableName: "WRANGLER_AUTH_URL",
+  defaultValue: /* @__PURE__ */ __name(() => `https://${getAuthDomainFromEnv()}/oauth2/auth`, "defaultValue")
+});
+var getTokenUrlFromEnv = getEnvironmentVariableFactory({
+  variableName: "WRANGLER_TOKEN_URL",
+  defaultValue: /* @__PURE__ */ __name(() => `https://${getAuthDomainFromEnv()}/oauth2/token`, "defaultValue")
+});
+var getRevokeUrlFromEnv = getEnvironmentVariableFactory({
+  variableName: "WRANGLER_REVOKE_URL",
+  defaultValue: /* @__PURE__ */ __name(() => `https://${getAuthDomainFromEnv()}/oauth2/revoke`, "defaultValue")
+});
+var getAccessClientIdFromEnv = getEnvironmentVariableFactory({
+  variableName: "CLOUDFLARE_ACCESS_CLIENT_ID"
+});
+var getAccessClientSecretFromEnv = getEnvironmentVariableFactory({
+  variableName: "CLOUDFLARE_ACCESS_CLIENT_SECRET"
+});
+var getCfAuthorizationTokenFromEnv = getEnvironmentVariableFactory({
+  variableName: "WRANGLER_CF_AUTHORIZATION_TOKEN"
+});
+
+// src/access.ts
+var headersCache = {};
+var usesAccessCache = /* @__PURE__ */ new Map();
+function clearAccessCaches() {
+  for (const key of Object.keys(headersCache)) {
+    delete headersCache[key];
+  }
+  usesAccessCache.clear();
+}
+__name(clearAccessCaches, "clearAccessCaches");
+async function domainUsesAccess(domain, logger) {
+  logger.debug("Checking if domain has Access enabled:", domain);
+  if (usesAccessCache.has(domain)) {
+    logger.debug(
+      "Using cached Access switch for:",
+      domain,
+      usesAccessCache.get(domain)
+    );
+    return usesAccessCache.get(domain) ?? false;
+  }
+  logger.debug("Access switch not cached for:", domain);
+  try {
+    const controller = new AbortController();
+    const cancel = setTimeout(() => {
+      controller.abort();
+    }, 1e3);
+    const output = await fetch(`https://${domain}`, {
+      redirect: "manual",
+      signal: controller.signal
+    });
+    clearTimeout(cancel);
+    const usesAccess = !!(output.status === 302 && output.headers.get("location")?.includes("cloudflareaccess.com"));
+    logger.debug("Caching access switch for:", domain);
+    usesAccessCache.set(domain, usesAccess);
+    return usesAccess;
+  } catch {
+    usesAccessCache.set(domain, false);
+    return false;
+  }
+}
+__name(domainUsesAccess, "domainUsesAccess");
+async function getAccessHeaders(domain, options) {
+  const logger = options.logger;
+  const isNonInteractiveOrCI = options.isNonInteractiveOrCI;
+  const clientId = getAccessClientIdFromEnv();
+  const clientSecret = getAccessClientSecretFromEnv();
+  if (clientId && clientSecret) {
+    logger.debug("Using Access Service Token headers for domain:", domain);
+    const headers = {
+      "CF-Access-Client-Id": clientId,
+      "CF-Access-Client-Secret": clientSecret
+    };
+    headersCache[domain] = headers;
+    return headers;
+  }
+  if (clientId !== void 0 || clientSecret !== void 0) {
+    logger.warn(
+      `Both CLOUDFLARE_ACCESS_CLIENT_ID and CLOUDFLARE_ACCESS_CLIENT_SECRET must be set to use Access Service Token authentication. Only ${clientId !== void 0 ? "CLOUDFLARE_ACCESS_CLIENT_ID" : "CLOUDFLARE_ACCESS_CLIENT_SECRET"} was found.`
+    );
+  }
+  if (!await domainUsesAccess(domain, logger)) {
+    return {};
+  }
+  logger.debug("Getting Access headers for domain:", domain);
+  if (headersCache[domain]) {
+    logger.debug("Using cached Access headers for domain:", domain);
+    return headersCache[domain];
+  }
+  if (isNonInteractiveOrCI()) {
+    throw new UserError(
+      `The domain "${domain}" is behind Cloudflare Access, but no Access Service Token credentials were found and the current environment is non-interactive.
+Set the CLOUDFLARE_ACCESS_CLIENT_ID and CLOUDFLARE_ACCESS_CLIENT_SECRET environment variables to authenticate with an Access Service Token.
+See https://developers.cloudflare.com/cloudflare-one/access-controls/service-credentials/service-tokens/`,
+      {
+        telemetryMessage: "user access missing service token non interactive"
+      }
+    );
+  }
+  logger.debug("Spawning cloudflared to get Access token for domain:");
+  const output = spawnSync("cloudflared", ["access", "login", domain]);
+  if (output.error) {
+    throw new UserError(
+      "To use Wrangler with Cloudflare Access, please install `cloudflared` from https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation",
+      { telemetryMessage: "user access missing cloudflared" }
+    );
+  }
+  const stringOutput = output.stdout.toString();
+  logger.debug("cloudflared output:", stringOutput);
+  const matches = stringOutput.match(/fetched your token:\n\n(.*)/m);
+  if (matches && matches.length >= 2) {
+    const headers = { Cookie: `CF_Authorization=${matches[1]}` };
+    headersCache[domain] = headers;
+    logger.debug("Caching Access headers for domain:", domain);
+    return headers;
+  }
+  throw new Error("Failed to authenticate with Cloudflare Access");
+}
+__name(getAccessHeaders, "getAccessHeaders");
+async function getCloudflareAccessHeaders(options) {
+  const cfAuthToken = getCfAuthorizationTokenFromEnv();
+  if (cfAuthToken !== void 0) {
+    options.logger.debug(
+      "Using WRANGLER_CF_AUTHORIZATION_TOKEN from environment"
+    );
+    return { Cookie: `CF_Authorization=${cfAuthToken}` };
+  }
+  return getAccessHeaders(getAuthDomainFromEnv(), options);
+}
+__name(getCloudflareAccessHeaders, "getCloudflareAccessHeaders");
+var ErrorOAuth2 = class extends UserError {
+  static {
+    __name(this, "ErrorOAuth2");
+  }
+  toString() {
+    return "ErrorOAuth2";
+  }
+};
+var ErrorUnknown = class extends UserError {
+  static {
+    __name(this, "ErrorUnknown");
+  }
+  toString() {
+    return "ErrorUnknown";
+  }
+};
+var ErrorNoAuthCode = class extends ErrorOAuth2 {
+  static {
+    __name(this, "ErrorNoAuthCode");
+  }
+  toString() {
+    return "ErrorNoAuthCode";
+  }
+};
+var ErrorInvalidReturnedStateParam = class extends ErrorOAuth2 {
+  static {
+    __name(this, "ErrorInvalidReturnedStateParam");
+  }
+  toString() {
+    return "ErrorInvalidReturnedStateParam";
+  }
+};
+var ErrorInvalidJson = class extends ErrorOAuth2 {
+  static {
+    __name(this, "ErrorInvalidJson");
+  }
+  toString() {
+    return "ErrorInvalidJson";
+  }
+};
+var ErrorInvalidScope = class extends ErrorOAuth2 {
+  static {
+    __name(this, "ErrorInvalidScope");
+  }
+  toString() {
+    return "ErrorInvalidScope";
+  }
+};
+var ErrorInvalidRequest = class extends ErrorOAuth2 {
+  static {
+    __name(this, "ErrorInvalidRequest");
+  }
+  toString() {
+    return "ErrorInvalidRequest";
+  }
+};
+var ErrorInvalidToken = class extends ErrorOAuth2 {
+  static {
+    __name(this, "ErrorInvalidToken");
+  }
+  toString() {
+    return "ErrorInvalidToken";
+  }
+};
+var ErrorAuthenticationGrant = class extends ErrorOAuth2 {
+  static {
+    __name(this, "ErrorAuthenticationGrant");
+  }
+  toString() {
+    return "ErrorAuthenticationGrant";
+  }
+};
+var ErrorUnauthorizedClient = class extends ErrorAuthenticationGrant {
+  static {
+    __name(this, "ErrorUnauthorizedClient");
+  }
+  toString() {
+    return "ErrorUnauthorizedClient";
+  }
+};
+var ErrorAccessDenied = class extends ErrorAuthenticationGrant {
+  static {
+    __name(this, "ErrorAccessDenied");
+  }
+  toString() {
+    return "ErrorAccessDenied";
+  }
+};
+var ErrorUnsupportedResponseType = class extends ErrorAuthenticationGrant {
+  static {
+    __name(this, "ErrorUnsupportedResponseType");
+  }
+  toString() {
+    return "ErrorUnsupportedResponseType";
+  }
+};
+var ErrorServerError = class extends ErrorAuthenticationGrant {
+  static {
+    __name(this, "ErrorServerError");
+  }
+  toString() {
+    return "ErrorServerError";
+  }
+};
+var ErrorTemporarilyUnavailable = class extends ErrorAuthenticationGrant {
+  static {
+    __name(this, "ErrorTemporarilyUnavailable");
+  }
+  toString() {
+    return "ErrorTemporarilyUnavailable";
+  }
+};
+var ErrorAccessTokenResponse = class extends ErrorOAuth2 {
+  static {
+    __name(this, "ErrorAccessTokenResponse");
+  }
+  toString() {
+    return "ErrorAccessTokenResponse";
+  }
+};
+var ErrorInvalidClient = class extends ErrorAccessTokenResponse {
+  static {
+    __name(this, "ErrorInvalidClient");
+  }
+  toString() {
+    return "ErrorInvalidClient";
+  }
+};
+var ErrorInvalidGrant = class extends ErrorAccessTokenResponse {
+  static {
+    __name(this, "ErrorInvalidGrant");
+  }
+  toString() {
+    return "ErrorInvalidGrant";
+  }
+};
+var ErrorUnsupportedGrantType = class extends ErrorAccessTokenResponse {
+  static {
+    __name(this, "ErrorUnsupportedGrantType");
+  }
+  toString() {
+    return "ErrorUnsupportedGrantType";
+  }
+};
+function toErrorClass(rawError) {
+  switch (rawError) {
+    case "invalid_request":
+      return new ErrorInvalidRequest(rawError, {
+        telemetryMessage: "user oauth invalid request"
+      });
+    case "invalid_grant":
+      return new ErrorInvalidGrant(rawError, {
+        telemetryMessage: "user oauth invalid grant"
+      });
+    case "unauthorized_client":
+      return new ErrorUnauthorizedClient(rawError, {
+        telemetryMessage: "user oauth unauthorized client"
+      });
+    case "access_denied":
+      return new ErrorAccessDenied(rawError, {
+        telemetryMessage: "user oauth access denied"
+      });
+    case "unsupported_response_type":
+      return new ErrorUnsupportedResponseType(rawError, {
+        telemetryMessage: "user oauth unsupported response type"
+      });
+    case "invalid_scope":
+      return new ErrorInvalidScope(rawError, {
+        telemetryMessage: "user oauth invalid scope"
+      });
+    case "server_error":
+      return new ErrorServerError(rawError, {
+        telemetryMessage: "user oauth server error"
+      });
+    case "temporarily_unavailable":
+      return new ErrorTemporarilyUnavailable(rawError, {
+        telemetryMessage: "user oauth temporarily unavailable"
+      });
+    case "invalid_client":
+      return new ErrorInvalidClient(rawError, {
+        telemetryMessage: "user oauth invalid client"
+      });
+    case "unsupported_grant_type":
+      return new ErrorUnsupportedGrantType(rawError, {
+        telemetryMessage: "user oauth unsupported grant type"
+      });
+    case "invalid_json":
+      return new ErrorInvalidJson(rawError, {
+        telemetryMessage: "user oauth invalid json"
+      });
+    case "invalid_token":
+      return new ErrorInvalidToken(rawError, {
+        telemetryMessage: "user oauth invalid token"
+      });
+    default:
+      return new ErrorUnknown(rawError, {
+        telemetryMessage: "user oauth unknown error"
+      });
+  }
+}
+__name(toErrorClass, "toErrorClass");
+
+// ../../node_modules/.pnpm/ts-dedent@2.2.0/node_modules/ts-dedent/esm/index.js
+function dedent(templ) {
+  var values = [];
+  for (var _i = 1; _i < arguments.length; _i++) {
+    values[_i - 1] = arguments[_i];
+  }
+  var strings = Array.from(typeof templ === "string" ? [templ] : templ);
+  strings[strings.length - 1] = strings[strings.length - 1].replace(/\r?\n([\t ]*)$/, "");
+  var indentLengths = strings.reduce(function(arr, str) {
+    var matches = str.match(/\n([\t ]+|(?!\s).)/g);
+    if (matches) {
+      return arr.concat(matches.map(function(match) {
+        var _a, _b;
+        return (_b = (_a = match.match(/[\t ]/g)) === null || _a === void 0 ? void 0 : _a.length) !== null && _b !== void 0 ? _b : 0;
+      }));
+    }
+    return arr;
+  }, []);
+  if (indentLengths.length) {
+    var pattern_1 = new RegExp("\n[	 ]{" + Math.min.apply(Math, indentLengths) + "}", "g");
+    strings = strings.map(function(str) {
+      return str.replace(pattern_1, "\n");
+    });
+  }
+  strings[0] = strings[0].replace(/^\r?\n/, "");
+  var string = strings[0];
+  values.forEach(function(value, i) {
+    var endentations = string.match(/(?:^|\n)( *)$/);
+    var endentation = endentations ? endentations[1] : "";
+    var indentedValue = value;
+    if (typeof value === "string" && value.includes("\n")) {
+      indentedValue = String(value).split("\n").map(function(str, i2) {
+        return i2 === 0 ? str : "" + endentation + str;
+      }).join("\n");
+    }
+    string += indentedValue + strings[i + 1];
+  });
+  return string;
+}
+__name(dedent, "dedent");
+var esm_default = dedent;
+
+// src/generate-auth-url.ts
+var OAUTH_CALLBACK_URL = "http://localhost:8976/oauth/callback";
+var generateAuthUrl = /* @__PURE__ */ __name(({
+  authUrl,
+  clientId,
+  scopes,
+  stateQueryParam,
+  codeChallenge
+}) => {
+  return authUrl + `?response_type=code&client_id=${encodeURIComponent(clientId)}&redirect_uri=${encodeURIComponent(OAUTH_CALLBACK_URL)}&scope=${encodeURIComponent([...scopes, "offline_access"].join(" "))}&state=${stateQueryParam}&code_challenge=${encodeURIComponent(codeChallenge)}&code_challenge_method=S256`;
+}, "generateAuthUrl");
+var RECOMMENDED_CODE_VERIFIER_LENGTH = 96;
+var RECOMMENDED_STATE_LENGTH = 32;
+var PKCE_CHARSET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+function base64urlEncode(value) {
+  let base64 = btoa(value);
+  base64 = base64.replace(/\+/g, "-");
+  base64 = base64.replace(/\//g, "_");
+  base64 = base64.replace(/=/g, "");
+  return base64;
+}
+__name(base64urlEncode, "base64urlEncode");
+async function generatePKCECodes() {
+  const output = new Uint32Array(RECOMMENDED_CODE_VERIFIER_LENGTH);
+  webcrypto.getRandomValues(output);
+  const codeVerifier = base64urlEncode(
+    Array.from(output).map((num) => PKCE_CHARSET[num % PKCE_CHARSET.length]).join("")
+  );
+  const buffer = await webcrypto.subtle.digest(
+    "SHA-256",
+    new TextEncoder().encode(codeVerifier)
+  );
+  const hash = new Uint8Array(buffer);
+  let binary = "";
+  const hashLength = hash.byteLength;
+  for (let i = 0; i < hashLength; i++) {
+    binary += String.fromCharCode(hash[i]);
+  }
+  const codeChallenge = base64urlEncode(binary);
+  return { codeChallenge, codeVerifier };
+}
+__name(generatePKCECodes, "generatePKCECodes");
+
+// src/state.ts
+var hasWarnedAboutDeprecatedV1ApiToken = false;
+function readStoredAuthState(options) {
+  const { configOverride, warningLogger } = options ?? {};
+  let parsed;
+  try {
+    parsed = configOverride ?? readAuthConfigFile();
+  } catch {
+    return {};
+  }
+  const { oauth_token, refresh_token, expiration_time, scopes, api_token } = parsed;
+  if (oauth_token) {
+    return {
+      accessToken: {
+        value: oauth_token,
+        // If there is no `expiration_time` field then set it to an old date, to cause it to expire immediately.
+        expiry: expiration_time ?? "2000-01-01:00:00:00+00:00"
+      },
+      refreshToken: { value: refresh_token ?? "" },
+      scopes
+    };
+  }
+  if (api_token) {
+    if (!hasWarnedAboutDeprecatedV1ApiToken && warningLogger) {
+      hasWarnedAboutDeprecatedV1ApiToken = true;
+      warningLogger.warn(
+        `It looks like you have used Wrangler v1's \`config\` command to login with an API token
+from ${configOverride === void 0 ? getAuthConfigFilePath() : "in-memory config"}.
+This is no longer supported in the current version of Wrangler.
+If you wish to authenticate via an API token then please set the \`CLOUDFLARE_API_TOKEN\` environment variable.`
+      );
+    }
+    return { deprecatedApiToken: api_token };
+  }
+  return {};
+}
+__name(readStoredAuthState, "readStoredAuthState");
+
+// src/token-exchange.ts
+function isReturningFromAuthServer(query, state, logger) {
+  if (query.error) {
+    if (Array.isArray(query.error)) {
+      throw toErrorClass(query.error[0]);
+    }
+    throw toErrorClass(query.error);
+  }
+  const code = query.code;
+  if (!code) {
+    return false;
+  }
+  const stateQueryParam = query.state;
+  if (stateQueryParam !== state.stateQueryParam) {
+    logger.warn(
+      "Received query string parameter doesn't match the one sent! Possible malicious activity somewhere."
+    );
+    throw new ErrorInvalidReturnedStateParam("", {
+      telemetryMessage: "user oauth invalid returned state"
+    });
+  }
+  assert2(!Array.isArray(code));
+  state.authorizationCode = code;
+  state.hasAuthCodeBeenExchangedForAccessToken = false;
+  return true;
+}
+__name(isReturningFromAuthServer, "isReturningFromAuthServer");
+async function getAuthURL(scopes, clientId, state, generators) {
+  const { codeChallenge, codeVerifier } = await generatePKCECodes();
+  const stateQueryParam = generators.generateRandomState(
+    RECOMMENDED_STATE_LENGTH
+  );
+  Object.assign(state, {
+    codeChallenge,
+    codeVerifier,
+    stateQueryParam
+  });
+  return generators.generateAuthUrl({
+    authUrl: getAuthUrlFromEnv(),
+    clientId,
+    scopes,
+    stateQueryParam,
+    codeChallenge
+  });
+}
+__name(getAuthURL, "getAuthURL");
+async function exchangeRefreshTokenForAccessToken(logger, isNonInteractiveOrCI) {
+  const storedRefreshToken = readStoredAuthState({
+    warningLogger: logger
+  }).refreshToken;
+  if (!storedRefreshToken) {
+    logger.warn("No refresh token is present.");
+  }
+  const params = new URLSearchParams({
+    grant_type: "refresh_token",
+    refresh_token: storedRefreshToken?.value ?? "",
+    client_id: getClientIdFromEnv()
+  });
+  const response = await fetchAuthToken(params, logger, isNonInteractiveOrCI);
+  if (response.status >= 400) {
+    let tokenExchangeResErr = void 0;
+    try {
+      tokenExchangeResErr = await getJSONFromResponse(response, logger);
+    } catch (e) {
+      logger.error(e);
+    }
+    if (tokenExchangeResErr !== void 0) {
+      throw typeof tokenExchangeResErr === "string" ? new Error(tokenExchangeResErr) : tokenExchangeResErr;
+    } else {
+      throw new ErrorUnknown(
+        "Failed to parse Error from exchangeRefreshTokenForAccessToken",
+        { telemetryMessage: "user oauth refresh token exchange parse error" }
+      );
+    }
+  } else {
+    try {
+      const json = await getJSONFromResponse(
+        response,
+        logger
+      );
+      if ("error" in json) {
+        throw json.error;
+      }
+      const { access_token, expires_in, refresh_token, scope } = json;
+      const accessToken = {
+        value: access_token,
+        expiry: new Date(Date.now() + expires_in * 1e3).toISOString()
+      };
+      const scopes = scope ? scope.split(" ") : [];
+      const accessContext = {
+        token: accessToken,
+        scopes,
+        refreshToken: refresh_token ? { value: refresh_token } : storedRefreshToken
+      };
+      return accessContext;
+    } catch (error) {
+      if (typeof error === "string") {
+        throw toErrorClass(error);
+      } else {
+        throw error;
+      }
+    }
+  }
+}
+__name(exchangeRefreshTokenForAccessToken, "exchangeRefreshTokenForAccessToken");
+async function exchangeAuthCodeForAccessToken(state, logger, isNonInteractiveOrCI) {
+  const { authorizationCode, codeVerifier = "" } = state;
+  if (!codeVerifier) {
+    logger.warn("No code verifier is being sent.");
+  } else if (!authorizationCode) {
+    logger.warn("No authorization grant code is being passed.");
+  }
+  const params = new URLSearchParams({
+    grant_type: `authorization_code`,
+    code: authorizationCode ?? "",
+    redirect_uri: OAUTH_CALLBACK_URL,
+    client_id: getClientIdFromEnv(),
+    code_verifier: codeVerifier
+  });
+  const response = await fetchAuthToken(params, logger, isNonInteractiveOrCI);
+  if (!response.ok) {
+    const { error } = await getJSONFromResponse(response, logger);
+    if (error === "invalid_grant") {
+      logger.log("Expired! Auth code or refresh token needs to be renewed.");
+    }
+    throw toErrorClass(error);
+  }
+  const json = await getJSONFromResponse(response, logger);
+  if ("error" in json) {
+    throw new Error(json.error);
+  }
+  const { access_token, expires_in, refresh_token, scope } = json;
+  state.hasAuthCodeBeenExchangedForAccessToken = true;
+  const expiryDate = new Date(Date.now() + expires_in * 1e3);
+  const accessToken = {
+    value: access_token,
+    expiry: expiryDate.toISOString()
+  };
+  const scopes = scope ? scope.split(" ") : [];
+  const accessContext = {
+    token: accessToken,
+    scopes,
+    refreshToken: refresh_token ? { value: refresh_token } : void 0
+  };
+  return accessContext;
+}
+__name(exchangeAuthCodeForAccessToken, "exchangeAuthCodeForAccessToken");
+async function fetchAuthToken(body, logger, isNonInteractiveOrCI) {
+  const headers = {
+    "Content-Type": "application/x-www-form-urlencoded"
+  };
+  logger.debug(
+    "fetching auth token",
+    `grant_type=${body.get("grant_type") ?? "<unknown>"}`
+  );
+  if (await domainUsesAccess(getAuthDomainFromEnv(), logger)) {
+    logger.debug(
+      "Using Cloudflare Access to get an access token for the auth request"
+    );
+    const accessHeaders = await getCloudflareAccessHeaders({
+      logger,
+      isNonInteractiveOrCI
+    });
+    Object.assign(headers, accessHeaders);
+  }
+  logger.debug("Fetching auth token from", getTokenUrlFromEnv());
+  try {
+    const response = await fetch(getTokenUrlFromEnv(), {
+      method: "POST",
+      body: body.toString(),
+      headers
+    });
+    if (!response.ok) {
+      logger.error(
+        "Failed to fetch auth token:",
+        response.status,
+        response.statusText
+      );
+    }
+    return response;
+  } catch (e) {
+    logger.error("Failed to fetch auth token:", e);
+    throw e;
+  }
+}
+__name(fetchAuthToken, "fetchAuthToken");
+async function getJSONFromResponse(response, logger) {
+  const text = await response.text();
+  try {
+    return JSON.parse(text);
+  } catch (e) {
+    if (text.match(/<!DOCTYPE html>/)) {
+      logger.error(
+        "The body of the response was HTML rather than JSON. Check the debug logs to see the full body of the response."
+      );
+      if (text.match(/challenge-platform/)) {
+        logger.error(
+          `It looks like you might have hit a bot challenge page. This may be transient but if not, please contact Cloudflare to find out what can be done. When you contact Cloudflare, please provide your Ray ID: ${response.headers.get("cf-ray")}`
+        );
+      }
+    }
+    logger.debug("Full body of response\n\n", text);
+    throw new Error(
+      `Invalid JSON in response: status: ${response.status} ${response.statusText}`,
+      { cause: e }
+    );
+  }
+}
+__name(getJSONFromResponse, "getJSONFromResponse");
+
+// src/callback-server.ts
+async function getOauthToken(options, state, ctx, generators) {
+  const urlToOpen = await getAuthURL(
+    options.scopes,
+    options.clientId,
+    state,
+    generators
+  );
+  let server;
+  let loginTimeoutHandle;
+  const timerPromise = new Promise((_, reject) => {
+    loginTimeoutHandle = setTimeout(() => {
+      server.close();
+      clearTimeout(loginTimeoutHandle);
+      reject(
+        new UserError(
+          "Timed out waiting for authorization code, please try again.",
+          { telemetryMessage: "user oauth authorization timeout" }
+        )
+      );
+    }, 12e4);
+  });
+  const loginPromise = new Promise((resolve, reject) => {
+    server = http.createServer(async (req, res) => {
+      function finish(token, error) {
+        clearTimeout(loginTimeoutHandle);
+        server.close((closeErr) => {
+          if (error || closeErr) {
+            reject(error || closeErr);
+          } else {
+            assert2(token);
+            resolve(token);
+          }
+        });
+      }
+      __name(finish, "finish");
+      assert2(req.url, "This request doesn't have a URL");
+      const { pathname, query } = url.parse(req.url, true);
+      if (req.method !== "GET") {
+        return res.end("OK");
+      }
+      switch (pathname) {
+        case "/oauth/callback": {
+          let hasAuthCode = false;
+          try {
+            hasAuthCode = isReturningFromAuthServer(query, state, ctx.logger);
+          } catch (err) {
+            if (err instanceof ErrorAccessDenied) {
+              res.writeHead(307, {
+                Location: options.denied.url
+              });
+              res.end(() => {
+                finish(
+                  null,
+                  new UserError(options.denied.error, {
+                    telemetryMessage: "user oauth consent denied"
+                  })
+                );
+              });
+              return;
+            } else {
+              finish(null, err);
+              return;
+            }
+          }
+          if (!hasAuthCode) {
+            finish(
+              null,
+              new ErrorNoAuthCode("", {
+                telemetryMessage: "user oauth missing auth code"
+              })
+            );
+            return;
+          } else {
+            try {
+              const exchange = await exchangeAuthCodeForAccessToken(
+                state,
+                ctx.logger,
+                ctx.isNonInteractiveOrCI
+              );
+              res.writeHead(307, {
+                Location: options.granted.url
+              });
+              res.end(() => {
+                finish(exchange);
+              });
+            } catch (err) {
+              finish(null, err);
+            }
+            return;
+          }
+        }
+      }
+    });
+    if (options.callbackHost !== "localhost" || options.callbackPort !== 8976) {
+      ctx.logger.log(
+        `Temporary login server listening on ${options.callbackHost}:${options.callbackPort}`
+      );
+      ctx.logger.log(
+        "Note that the OAuth login page will always redirect to `localhost:8976`.\nIf you have changed the callback host or port because you are running in a container, then ensure that you have port forwarding set up correctly."
+      );
+    }
+    server.once("error", (err) => {
+      clearTimeout(loginTimeoutHandle);
+      if (err.code === "EADDRINUSE") {
+        reject(
+          new UserError(
+            `The OAuth callback server could not bind to ${options.callbackHost}:${options.callbackPort} because the port is already in use. Stop the process using that port or pass a different \`--callback-port\`.`,
+            { telemetryMessage: "user oauth callback port in use" }
+          )
+        );
+      } else {
+        reject(err);
+      }
+    });
+    server.listen(options.callbackPort, options.callbackHost);
+  });
+  if (options.browser) {
+    ctx.logger.log(`Opening a link in your default browser: ${urlToOpen}`);
+    await ctx.openInBrowser(urlToOpen);
+  } else {
+    ctx.logger.log(`Visit this link to authenticate: ${urlToOpen}`);
+  }
+  return Promise.race([timerPromise, loginPromise]);
+}
+__name(getOauthToken, "getOauthToken");
+function generateRandomState(lengthOfState) {
+  const output = new Uint32Array(lengthOfState);
+  webcrypto.getRandomValues(output);
+  return Array.from(output).map((num) => PKCE_CHARSET[num % PKCE_CHARSET.length]).join("");
+}
+__name(generateRandomState, "generateRandomState");
+
+// src/flow.ts
+function createOAuthFlow(ctx) {
+  const oauthFlowState = {};
+  const generators = {
+    generateAuthUrl: ctx.generateAuthUrl ?? generateAuthUrl,
+    generateRandomState: ctx.generateRandomState ?? generateRandomState
+  };
+  async function login(props) {
+    if (ctx.hasEnvCredentials()) {
+      ctx.logger.error(
+        "You are logged in with an API Token. Unset the CLOUDFLARE_API_TOKEN in the environment to log in via OAuth."
+      );
+      return false;
+    }
+    const complianceRegion = getCloudflareComplianceRegion(
+      props.complianceConfig
+    );
+    if (complianceRegion === "fedramp_high") {
+      const configurationSource = props.complianceConfig?.compliance_region ? "`compliance_region` configuration property" : "`CLOUDFLARE_API_ENVIRONMENT` environment variable";
+      throw new UserError(
+        esm_default`
+				OAuth login is not supported in the \`${complianceRegion}\` compliance region.
+				Please use a Cloudflare API token (\`CLOUDFLARE_API_TOKEN\` environment variable) or remove the ${configurationSource}.
+			`,
+        {
+          telemetryMessage: "user login unsupported compliance region"
+        }
+      );
+    }
+    ctx.logger.log("Attempting to login via OAuth...");
+    const oauth = await getOauthToken(
+      {
+        browser: props.browser ?? true,
+        scopes: props.scopes,
+        clientId: getClientIdFromEnv(),
+        denied: {
+          url: "https://welcome.developers.workers.dev/wrangler-oauth-consent-denied",
+          error: "Error: Consent denied. You must grant consent to Wrangler in order to login.\nIf you don't want to do this consider passing an API token via the `CLOUDFLARE_API_TOKEN` environment variable"
+        },
+        granted: {
+          url: "https://welcome.developers.workers.dev/wrangler-oauth-consent-granted"
+        },
+        callbackHost: props.callbackHost ?? "localhost",
+        callbackPort: props.callbackPort ?? 8976
+      },
+      oauthFlowState,
+      ctx,
+      generators
+    );
+    writeAuthConfigFile({
+      oauth_token: oauth.token?.value ?? "",
+      expiration_time: oauth.token?.expiry,
+      refresh_token: oauth.refreshToken?.value,
+      scopes: oauth.scopes
+    });
+    ctx.logger.log(`Successfully logged in.`);
+    ctx.purgeOnLoginOrLogout?.();
+    return true;
+  }
+  __name(login, "login");
+  function isRefreshNeeded() {
+    if (ctx.hasEnvCredentials()) {
+      return false;
+    }
+    const { accessToken } = readStoredAuthState({ warningLogger: ctx.logger });
+    return Boolean(accessToken && /* @__PURE__ */ new Date() >= new Date(accessToken.expiry));
+  }
+  __name(isRefreshNeeded, "isRefreshNeeded");
+  async function refreshToken() {
+    try {
+      const {
+        token: { value: oauth_token, expiry: expiration_time } = {
+          value: "",
+          expiry: ""
+        },
+        refreshToken: { value: refresh_token } = {},
+        scopes
+      } = await exchangeRefreshTokenForAccessToken(
+        ctx.logger,
+        ctx.isNonInteractiveOrCI
+      );
+      writeAuthConfigFile({
+        oauth_token,
+        expiration_time,
+        refresh_token,
+        scopes
+      });
+      return true;
+    } catch (e) {
+      ctx.logger.debug(
+        `Token refresh failed: ${e instanceof Error ? e.message : String(e)}`
+      );
+      return false;
+    }
+  }
+  __name(refreshToken, "refreshToken");
+  async function loginOrRefreshIfRequired(props) {
+    if (ctx.hasEnvCredentials()) {
+      return true;
+    }
+    const stored = readStoredAuthState({ warningLogger: ctx.logger });
+    if (!stored.accessToken && !stored.deprecatedApiToken) {
+      return !ctx.isNonInteractiveOrCI() && await login(props);
+    } else if (isRefreshNeeded()) {
+      const didRefresh = await refreshToken();
+      if (didRefresh) {
+        return true;
+      } else {
+        return !ctx.isNonInteractiveOrCI() && await login(props);
+      }
+    } else {
+      return true;
+    }
+  }
+  __name(loginOrRefreshIfRequired, "loginOrRefreshIfRequired");
+  async function logout() {
+    if (ctx.hasEnvCredentials()) {
+      ctx.logger.log(
+        "You are logged in with an API Token. Unset the CLOUDFLARE_API_TOKEN in the environment to log out."
+      );
+      return;
+    }
+    const storedRefreshToken = readStoredAuthState({
+      warningLogger: ctx.logger
+    }).refreshToken;
+    if (!storedRefreshToken) {
+      ctx.logger.log("Not logged in, exiting...");
+      return;
+    }
+    const body = `client_id=${encodeURIComponent(getClientIdFromEnv())}&token_type_hint=refresh_token&token=${encodeURIComponent(storedRefreshToken.value || "")}`;
+    const response = await fetch(getRevokeUrlFromEnv(), {
+      method: "POST",
+      body,
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      }
+    });
+    await response.text();
+    rmSync(getAuthConfigFilePath());
+    ctx.logger.log(`Successfully logged out.`);
+    ctx.purgeOnLoginOrLogout?.();
+  }
+  __name(logout, "logout");
+  async function getOAuthTokenFromLocalState() {
+    let stored = readStoredAuthState({ warningLogger: ctx.logger });
+    if (!stored.accessToken) {
+      return void 0;
+    }
+    const expired = stored.accessToken && /* @__PURE__ */ new Date() >= new Date(stored.accessToken.expiry);
+    if (expired) {
+      const didRefresh = await refreshToken();
+      if (!didRefresh) {
+        return void 0;
+      }
+      stored = readStoredAuthState({ warningLogger: ctx.logger });
+    }
+    return stored.accessToken?.value;
+  }
+  __name(getOAuthTokenFromLocalState, "getOAuthTokenFromLocalState");
+  return {
+    login,
+    logout,
+    loginOrRefreshIfRequired,
+    getOAuthTokenFromLocalState,
+    isRefreshNeeded,
+    refreshToken
+  };
+}
+__name(createOAuthFlow, "createOAuthFlow");
+/*! Bundled license information:
+
+smol-toml/dist/error.js:
+  (*!
+   * Copyright (c) Squirrel Chat et al., All rights reserved.
+   * SPDX-License-Identifier: BSD-3-Clause
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions are met:
+   *
+   * 1. Redistributions of source code must retain the above copyright notice, this
+   *    list of conditions and the following disclaimer.
+   * 2. Redistributions in binary form must reproduce the above copyright notice,
+   *    this list of conditions and the following disclaimer in the
+   *    documentation and/or other materials provided with the distribution.
+   * 3. Neither the name of the copyright holder nor the names of its contributors
+   *    may be used to endorse or promote products derived from this software without
+   *    specific prior written permission.
+   *
+   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+   *)
+
+smol-toml/dist/util.js:
+  (*!
+   * Copyright (c) Squirrel Chat et al., All rights reserved.
+   * SPDX-License-Identifier: BSD-3-Clause
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions are met:
+   *
+   * 1. Redistributions of source code must retain the above copyright notice, this
+   *    list of conditions and the following disclaimer.
+   * 2. Redistributions in binary form must reproduce the above copyright notice,
+   *    this list of conditions and the following disclaimer in the
+   *    documentation and/or other materials provided with the distribution.
+   * 3. Neither the name of the copyright holder nor the names of its contributors
+   *    may be used to endorse or promote products derived from this software without
+   *    specific prior written permission.
+   *
+   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+   *)
+
+smol-toml/dist/date.js:
+  (*!
+   * Copyright (c) Squirrel Chat et al., All rights reserved.
+   * SPDX-License-Identifier: BSD-3-Clause
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions are met:
+   *
+   * 1. Redistributions of source code must retain the above copyright notice, this
+   *    list of conditions and the following disclaimer.
+   * 2. Redistributions in binary form must reproduce the above copyright notice,
+   *    this list of conditions and the following disclaimer in the
+   *    documentation and/or other materials provided with the distribution.
+   * 3. Neither the name of the copyright holder nor the names of its contributors
+   *    may be used to endorse or promote products derived from this software without
+   *    specific prior written permission.
+   *
+   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+   *)
+
+smol-toml/dist/primitive.js:
+  (*!
+   * Copyright (c) Squirrel Chat et al., All rights reserved.
+   * SPDX-License-Identifier: BSD-3-Clause
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions are met:
+   *
+   * 1. Redistributions of source code must retain the above copyright notice, this
+   *    list of conditions and the following disclaimer.
+   * 2. Redistributions in binary form must reproduce the above copyright notice,
+   *    this list of conditions and the following disclaimer in the
+   *    documentation and/or other materials provided with the distribution.
+   * 3. Neither the name of the copyright holder nor the names of its contributors
+   *    may be used to endorse or promote products derived from this software without
+   *    specific prior written permission.
+   *
+   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+   *)
+
+smol-toml/dist/extract.js:
+  (*!
+   * Copyright (c) Squirrel Chat et al., All rights reserved.
+   * SPDX-License-Identifier: BSD-3-Clause
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions are met:
+   *
+   * 1. Redistributions of source code must retain the above copyright notice, this
+   *    list of conditions and the following disclaimer.
+   * 2. Redistributions in binary form must reproduce the above copyright notice,
+   *    this list of conditions and the following disclaimer in the
+   *    documentation and/or other materials provided with the distribution.
+   * 3. Neither the name of the copyright holder nor the names of its contributors
+   *    may be used to endorse or promote products derived from this software without
+   *    specific prior written permission.
+   *
+   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+   *)
+
+smol-toml/dist/struct.js:
+  (*!
+   * Copyright (c) Squirrel Chat et al., All rights reserved.
+   * SPDX-License-Identifier: BSD-3-Clause
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions are met:
+   *
+   * 1. Redistributions of source code must retain the above copyright notice, this
+   *    list of conditions and the following disclaimer.
+   * 2. Redistributions in binary form must reproduce the above copyright notice,
+   *    this list of conditions and the following disclaimer in the
+   *    documentation and/or other materials provided with the distribution.
+   * 3. Neither the name of the copyright holder nor the names of its contributors
+   *    may be used to endorse or promote products derived from this software without
+   *    specific prior written permission.
+   *
+   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+   *)
+
+smol-toml/dist/parse.js:
+  (*!
+   * Copyright (c) Squirrel Chat et al., All rights reserved.
+   * SPDX-License-Identifier: BSD-3-Clause
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions are met:
+   *
+   * 1. Redistributions of source code must retain the above copyright notice, this
+   *    list of conditions and the following disclaimer.
+   * 2. Redistributions in binary form must reproduce the above copyright notice,
+   *    this list of conditions and the following disclaimer in the
+   *    documentation and/or other materials provided with the distribution.
+   * 3. Neither the name of the copyright holder nor the names of its contributors
+   *    may be used to endorse or promote products derived from this software without
+   *    specific prior written permission.
+   *
+   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+   *)
+
+smol-toml/dist/stringify.js:
+  (*!
+   * Copyright (c) Squirrel Chat et al., All rights reserved.
+   * SPDX-License-Identifier: BSD-3-Clause
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions are met:
+   *
+   * 1. Redistributions of source code must retain the above copyright notice, this
+   *    list of conditions and the following disclaimer.
+   * 2. Redistributions in binary form must reproduce the above copyright notice,
+   *    this list of conditions and the following disclaimer in the
+   *    documentation and/or other materials provided with the distribution.
+   * 3. Neither the name of the copyright holder nor the names of its contributors
+   *    may be used to endorse or promote products derived from this software without
+   *    specific prior written permission.
+   *
+   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+   *)
+
+smol-toml/dist/index.js:
+  (*!
+   * Copyright (c) Squirrel Chat et al., All rights reserved.
+   * SPDX-License-Identifier: BSD-3-Clause
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions are met:
+   *
+   * 1. Redistributions of source code must retain the above copyright notice, this
+   *    list of conditions and the following disclaimer.
+   * 2. Redistributions in binary form must reproduce the above copyright notice,
+   *    this list of conditions and the following disclaimer in the
+   *    documentation and/or other materials provided with the distribution.
+   * 3. Neither the name of the copyright holder nor the names of its contributors
+   *    may be used to endorse or promote products derived from this software without
+   *    specific prior written permission.
+   *
+   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+   *)
+*/
+
+export { ErrorAccessDenied, ErrorAccessTokenResponse, ErrorAuthenticationGrant, ErrorInvalidClient, ErrorInvalidGrant, ErrorInvalidJson, ErrorInvalidRequest, ErrorInvalidReturnedStateParam, ErrorInvalidScope, ErrorInvalidToken, ErrorNoAuthCode, ErrorOAuth2, ErrorServerError, ErrorTemporarilyUnavailable, ErrorUnauthorizedClient, ErrorUnknown, ErrorUnsupportedGrantType, ErrorUnsupportedResponseType, OAUTH_CALLBACK_URL, PKCE_CHARSET, RECOMMENDED_CODE_VERIFIER_LENGTH, RECOMMENDED_STATE_LENGTH, base64urlEncode, clearAccessCaches, createOAuthFlow, domainUsesAccess, generateAuthUrl, generatePKCECodes, generateRandomState, getAccessClientIdFromEnv, getAccessClientSecretFromEnv, getAccessHeaders, getAuthConfigFilePath, getAuthDomainFromEnv, getAuthUrlFromEnv, getCfAuthorizationTokenFromEnv, getClientIdFromEnv, getCloudflareAccessHeaders, getRevokeUrlFromEnv, getTokenUrlFromEnv, readAuthConfigFile, readStoredAuthState, toErrorClass, writeAuthConfigFile };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map