@distilled.cloud/aws 0.20.2 → 0.21.0

package/lib/credentials.d.ts

@@ -1,143 +1,17 @@
-import { type AwsCredentialIdentity } from "@smithy/types";
-import * as Effect from "effect/Effect";
+import * as BrowserCredentials from "./credentials.browser.ts";
+export * from "./credentials.browser.ts";
 import * as Layer from "effect/Layer";
-import type { PlatformError } from "effect/PlatformError";
-import * as Redacted from "effect/Redacted";
-import * as Context from "effect/Context";
-import type { HttpClientError } from "effect/unstable/http/HttpClientError";
 import { Auth } from "./auth.ts";
-export * as AWSTypes from "@aws-sdk/types";
-export interface AwsCredentials {
-    readonly accessKeyId: string;
-    readonly secretAccessKey: string;
-    readonly sessionToken?: string;
-}
-/**
- * Resolved credential values ready for request signing.
- */
-export interface ResolvedCredentials {
-    readonly accessKeyId: Redacted.Redacted<string>;
-    readonly secretAccessKey: Redacted.Redacted<string>;
-    readonly sessionToken: Redacted.Redacted<string> | undefined;
-    readonly expiration?: number;
-}
-/**
- * The requirements for resolving credentials (HttpClient for SSO, FileSystem for cache).
- */
-/**
- * Error types that can occur during credential resolution.
- */
-export type CredentialsError = AwsCredentialProviderError | ProfileNotFound | InvalidSSOProfile | InvalidSSOToken | ExpiredSSOToken | ConflictingSSORegion | ConflictingSSOStartUrl | SsoPortalError | HttpClientError | PlatformError;
-declare const Credentials_base: Context.ServiceClass<Credentials, "AWS::Credentials", Effect.Effect<ResolvedCredentials, CredentialsError, never>>;
-export declare class Credentials extends Credentials_base {
-}
-export declare const mock: Layer.Layer<Credentials, never, never>;
-/**
- * Create resolved credentials from an AWS credential identity.
- */
-export declare const fromAwsCredentialIdentity: (identity: AwsCredentialIdentity) => ResolvedCredentials;
-type ProviderName = "env" | "ini" | "chain" | "container" | "http" | "process" | "token-file";
-export declare const _providerHints: (provider: ProviderName) => ReadonlyArray<string> | undefined;
-/**
- * Create a credentials provider from static credentials.
- * No lazy loading or caching needed since credentials are already available.
- */
-export declare const fromCredentials: (credentials: AwsCredentialIdentity) => Layer.Layer<Credentials>;
-export declare const fromEnv: () => Layer.Layer<Credentials, never, never>;
-export declare const fromChain: () => Layer.Layer<Credentials, never, never>;
-export declare const fromIni: () => Layer.Layer<Credentials, never, never>;
-export declare const fromContainerMetadata: () => Layer.Layer<Credentials, never, never>;
-export declare const fromHttp: () => Layer.Layer<Credentials, never, never>;
-export declare const fromProcess: () => Layer.Layer<Credentials, never, never>;
-export declare const fromTokenFile: () => Layer.Layer<Credentials, never, never>;
-export declare const ssoRegion: (region: string) => Layer.Layer<SsoRegion, never, never>;
-declare const SsoRegion_base: Context.ServiceClass<SsoRegion, "AWS::SsoRegion", string>;
-export declare class SsoRegion extends SsoRegion_base {
-}
-declare const SsoStartUrl_base: Context.ServiceClass<SsoStartUrl, "AWS::SsoStartUrl", string>;
-export declare class SsoStartUrl extends SsoStartUrl_base {
-}
-declare const ProfileNotFound_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
-    readonly _tag: "Alchemy::AWS::ProfileNotFound";
-} & Readonly<A>;
-export declare class ProfileNotFound extends ProfileNotFound_base<{
-    message: string;
-    profile: string;
-}> {
-}
-declare const ConflictingSSORegion_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
-    readonly _tag: "Alchemy::AWS::ConflictingSSORegion";
-} & Readonly<A>;
-export declare class ConflictingSSORegion extends ConflictingSSORegion_base<{
-    message: string;
-    ssoRegion: string;
-    profile: string;
-}> {
-}
-declare const ConflictingSSOStartUrl_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
-    readonly _tag: "Alchemy::AWS::ConflictingSSOStartUrl";
-} & Readonly<A>;
-export declare class ConflictingSSOStartUrl extends ConflictingSSOStartUrl_base<{
-    message: string;
-    ssoStartUrl: string;
-    profile: string;
-}> {
-}
-declare const InvalidSSOProfile_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
-    readonly _tag: "Alchemy::AWS::InvalidSSOProfile";
-} & Readonly<A>;
-export declare class InvalidSSOProfile extends InvalidSSOProfile_base<{
-    message: string;
-    profile: string;
-    missingFields: string[];
-}> {
-}
-declare const InvalidSSOToken_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
-    readonly _tag: "Alchemy::AWS::InvalidSSOToken";
-} & Readonly<A>;
-export declare class InvalidSSOToken extends InvalidSSOToken_base<{
-    message: string;
-    sso_session: string;
-}> {
-}
-declare const ExpiredSSOToken_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
-    readonly _tag: "Alchemy::AWS::ExpiredSSOToken";
-} & Readonly<A>;
-export declare class ExpiredSSOToken extends ExpiredSSOToken_base<{
-    message: string;
-    profile: string;
-}> {
-}
-declare const AwsCredentialProviderError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
-    readonly _tag: "AWS::CredentialProviderError";
-} & Readonly<A>;
-export declare class AwsCredentialProviderError extends AwsCredentialProviderError_base<{
-    message: string;
-    provider: string;
-    cause?: unknown;
-    hints?: ReadonlyArray<string>;
-}> {
-}
-declare const SsoPortalError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
-    readonly _tag: "Alchemy::AWS::SsoPortalError";
-} & Readonly<A>;
-/**
- * The AWS SSO portal returned a response with no `roleCredentials`, e.g. a
- * `ForbiddenException` when an IAM Identity Center role assignment is in a
- * stale state.
- */
-export declare class SsoPortalError extends SsoPortalError_base<{
-    message: string;
-    profile: string;
-    account_id?: string;
-    role_name?: string;
-    status?: number;
-}> {
-}
+export declare const fromEnv: () => Layer.Layer<BrowserCredentials.Credentials, never, never>;
+export declare const fromChain: () => Layer.Layer<BrowserCredentials.Credentials, never, never>;
+export declare const fromIni: () => Layer.Layer<BrowserCredentials.Credentials, never, never>;
+export declare const fromContainerMetadata: () => Layer.Layer<BrowserCredentials.Credentials, never, never>;
+export declare const fromProcess: () => Layer.Layer<BrowserCredentials.Credentials, never, never>;
+export declare const fromTokenFile: () => Layer.Layer<BrowserCredentials.Credentials, never, never>;
 /**
  * Create a lazy, cached SSO credentials provider.
  * SSO credential resolution is deferred until the Effect is run,
  * and credentials are cached until they expire.
  */
-export declare const fromSSO: (profileName?: string) => Layer.Layer<Credentials, never, Auth>;
+export declare const fromSSO: (profileName?: string) => Layer.Layer<BrowserCredentials.Credentials, never, Auth>;
 //# sourceMappingURL=credentials.d.ts.map

package/lib/credentials.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAUA,OAAO,EACL,KAAK,qBAAqB,EAE3B,MAAM,eAAe,CAAC;AAEvB,OAAO,KAAK,MAAM,MAAM,eAAe,CAAC;AACxC,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AACtC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,KAAK,QAAQ,MAAM,iBAAiB,CAAC;AAC5C,OAAO,KAAK,OAAO,MAAM,gBAAgB,CAAC;AAC1C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sCAAsC,CAAC;AAC5E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAE3C,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChD,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpD,QAAQ,CAAC,YAAY,EAAE,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC;IAC7D,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED;;GAEG;AAEH;;GAEG;AACH,MAAM,MAAM,gBAAgB,GACxB,0BAA0B,GAC1B,eAAe,GACf,iBAAiB,GACjB,eAAe,GACf,eAAe,GACf,oBAAoB,GACpB,sBAAsB,GACtB,cAAc,GACd,eAAe,GACf,aAAa,CAAC;;AAElB,qBAAa,WAAY,SAAQ,gBAGV;CAAG;AAE1B,eAAO,MAAM,IAAI,wCAOhB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,yBAAyB,aAC1B,qBAAqB,KAC9B,mBAOD,CAAC;AAEH,KAAK,YAAY,GACb,KAAK,GACL,KAAK,GACL,OAAO,GACP,WAAW,GACX,MAAM,GACN,SAAS,GACT,YAAY,CAAC;AAkCjB,eAAO,MAAM,cAAc,aA/Bf,YAAY,KACrB,aAAa,CAAC,MAAM,CAAC,GAAG,SA8BgB,CAAC;AA2D5C;;;GAGG;AACH,eAAO,MAAM,eAAe,gBACb,qBAAqB,KACjC,KAAK,CAAC,KAAK,CAAC,WAAW,CAIvB,CAAC;AAEJ,eAAO,MAAM,OAAO,8CAA4C,CAAC;AAEjE,eAAO,MAAM,SAAS,8CACuC,CAAC;AAI9D,eAAO,MAAM,OAAO,8CAA4C,CAAC;AAEjE,eAAO,MAAM,qBAAqB,8CACuB,CAAC;AAE1D,eAAO,MAAM,QAAQ,8CAA8C,CAAC;AAEpE,eAAO,MAAM,WAAW,8CAAoD,CAAC;AAE7E,eAAO,MAAM,aAAa,8CACwB,CAAC;AAEnD,eAAO,MAAM,SAAS,WAAY,MAAM,yCAAqC,CAAC;;AAE9E,qBAAa,SAAU,SAAQ,cAE9B;CAAG;;AACJ,qBAAa,WAAY,SAAQ,gBAEhC;CAAG;;;;AAEJ,qBAAa,eAAgB,SAAQ,qBAEnC;IACA,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;CAAG;;;;AAEL,qBAAa,oBAAqB,SAAQ,0BAExC;IACA,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;CAAG;;;;AAEL,qBAAa,sBAAuB,SAAQ,4BAE1C;IACA,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;CAAG;;;;AAEL,qBAAa,iBAAkB,SAAQ,uBAErC;IACA,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB,CAAC;CAAG;;;;AAEL,qBAAa,eAAgB,SAAQ,qBAEnC;IACA,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;CAAG;;;;AAEL,qBAAa,eAAgB,SAAQ,qBAEnC;IACA,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;CAAG;;;;AAEL,qBAAa,0BAA2B,SAAQ,gCAE9C;IACA,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC/B,CAAC;CAAG;;;;AAEL;;;;GAIG;AACH,qBAAa,cAAe,SAAQ,oBAElC;IACA,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;CAAG;AAEL;;;;GAIG;AACH,eAAO,MAAM,OAAO,iBAAiB,MAAM,0CAQxC,CAAC"}
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,kBAAkB,MAAM,0BAA0B,CAAC;AAC/D,cAAc,0BAA0B,CAAC;AAGzC,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,eAAO,MAAM,OAAO,iEACoC,CAAC;AAEzD,eAAO,MAAM,SAAS,iEAInB,CAAC;AAIJ,eAAO,MAAM,OAAO,iEACoC,CAAC;AAEzD,eAAO,MAAM,qBAAqB,iEAC0C,CAAC;AAE7E,eAAO,MAAM,WAAW,iEACwC,CAAC;AAEjE,eAAO,MAAM,aAAa,iEAC2C,CAAC;AAEtE;;;;GAIG;AACH,eAAO,MAAM,OAAO,iBAAiB,MAAM,6DAUxC,CAAC"}

package/lib/credentials.js

@@ -1,149 +1,20 @@
-import { fromContainerMetadata as _fromContainerMetadata, fromEnv as _fromEnv, fromHttp as _fromHttp, fromIni as _fromIni, fromNodeProviderChain as _fromNodeProviderChain, fromProcess as _fromProcess, fromTokenFile as _fromTokenFile, } from "@aws-sdk/credential-providers";
-import {} from "@smithy/types";
-import * as Data from "effect/Data";
+import { fromContainerMetadata as _fromContainerMetadata, fromEnv as _fromEnv, fromIni as _fromIni, fromNodeProviderChain as _fromNodeProviderChain, fromProcess as _fromProcess, fromTokenFile as _fromTokenFile, } from "@aws-sdk/credential-providers";
+import * as BrowserCredentials from "./credentials.browser.js";
+export * from "./credentials.browser.js";
 import * as Effect from "effect/Effect";
 import * as Layer from "effect/Layer";
-import * as Redacted from "effect/Redacted";
-import * as Context from "effect/Context";
 import { Auth } from "./auth.js";
-export * as AWSTypes from "@aws-sdk/types";
-export class Credentials extends Context.Service()("AWS::Credentials") {
-}
-export const mock = Layer.succeed(Credentials, Effect.succeed({
-    accessKeyId: Redacted.make("test"),
-    secretAccessKey: Redacted.make("test"),
-    sessionToken: Redacted.make("test"),
-}));
-/**
- * Create resolved credentials from an AWS credential identity.
- */
-export const fromAwsCredentialIdentity = (identity) => ({
-    accessKeyId: Redacted.make(identity.accessKeyId),
-    secretAccessKey: Redacted.make(identity.secretAccessKey),
-    sessionToken: identity.sessionToken
-        ? Redacted.make(identity.sessionToken)
-        : undefined,
-    expiration: identity.expiration?.getTime(),
-});
-const providerHints = (provider) => {
-    switch (provider) {
-        case "env":
-            return [
-                "Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (and AWS_SESSION_TOKEN if needed).",
-            ];
-        case "ini":
-            return ["Check ~/.aws/credentials and ~/.aws/config for the profile."];
-        case "chain":
-            return [
-                "Configure at least one credential source for the default chain.",
-                "If using SSO, run `aws sso login` for the profile.",
-            ];
-        case "container":
-            return ["Ensure a container credential endpoint is available."];
-        case "http":
-            return ["Ensure the configured credential endpoint is reachable."];
-        case "process":
-            return [
-                "Set AWS_CREDENTIAL_PROCESS to a valid command and ensure it exits successfully.",
-            ];
-        case "token-file":
-            return [
-                "Set AWS_WEB_IDENTITY_TOKEN_FILE and ensure the file is readable.",
-            ];
-        default:
-            return;
-    }
-};
-export const _providerHints = providerHints;
-/**
- * Time window (5 mins) to refresh credentials before they actually expire.
- * This prevents using credentials that are about to expire.
- */
-const CREDENTIAL_REFRESH_WINDOW_MS = 5 * 60 * 1000;
-/**
- * Create a credentials effect with lazy resolution and expiration-aware caching.
- * Uses Effect.cachedWithTTL where the TTL is computed from the credentials' expiration.
- */
-const createCachedCredentialsEffect = (resolve) => {
-    let cachedCreds;
-    let expiresAt;
-    return Effect.suspend(() => {
-        const now = Date.now();
-        if (cachedCreds && expiresAt && now < expiresAt) {
-            return Effect.succeed(cachedCreds);
-        }
-        return Effect.map(resolve, (creds) => {
-            cachedCreds = creds;
-            expiresAt = creds.expiration
-                ? creds.expiration - CREDENTIAL_REFRESH_WINDOW_MS
-                : undefined;
-            return creds;
-        });
-    });
-};
-/**
- * Create a lazy, cached credentials provider from an AWS SDK credential provider.
- * Credentials are resolved on first access and cached based on their expiration time.
- */
-const createLazyProvider = (provider, providerName) => {
-    const resolve = Effect.gen(function* () {
-        const hints = providerHints(providerName);
-        const identity = yield* Effect.tryPromise({
-            try: () => provider({})(),
-            catch: (cause) => new AwsCredentialProviderError({
-                message: `Failed to resolve credentials from ${providerName}.`,
-                provider: providerName,
-                cause,
-                hints,
-            }),
-        });
-        return fromAwsCredentialIdentity(identity);
-    });
-    return Layer.succeed(Credentials, createCachedCredentialsEffect(resolve));
-};
-/**
- * Create a credentials provider from static credentials.
- * No lazy loading or caching needed since credentials are already available.
- */
-export const fromCredentials = (credentials) => Layer.succeed(Credentials, Effect.succeed(fromAwsCredentialIdentity(credentials)));
-export const fromEnv = () => createLazyProvider(_fromEnv, "env");
-export const fromChain = () => createLazyProvider(() => _fromNodeProviderChain(), "chain");
+export const fromEnv = () => BrowserCredentials.createLazyProvider(_fromEnv, "env");
+export const fromChain = () => BrowserCredentials.createLazyProvider(() => _fromNodeProviderChain(), "chain");
 // export const fromSSO = () => createLazyProvider(_fromSSO);
-export const fromIni = () => createLazyProvider(_fromIni, "ini");
-export const fromContainerMetadata = () => createLazyProvider(_fromContainerMetadata, "container");
-export const fromHttp = () => createLazyProvider(_fromHttp, "http");
-export const fromProcess = () => createLazyProvider(_fromProcess, "process");
-export const fromTokenFile = () => createLazyProvider(_fromTokenFile, "token-file");
-export const ssoRegion = (region) => Layer.succeed(SsoRegion, region);
-export class SsoRegion extends Context.Service()("AWS::SsoRegion") {
-}
-export class SsoStartUrl extends Context.Service()("AWS::SsoStartUrl") {
-}
-export class ProfileNotFound extends Data.TaggedError("Alchemy::AWS::ProfileNotFound") {
-}
-export class ConflictingSSORegion extends Data.TaggedError("Alchemy::AWS::ConflictingSSORegion") {
-}
-export class ConflictingSSOStartUrl extends Data.TaggedError("Alchemy::AWS::ConflictingSSOStartUrl") {
-}
-export class InvalidSSOProfile extends Data.TaggedError("Alchemy::AWS::InvalidSSOProfile") {
-}
-export class InvalidSSOToken extends Data.TaggedError("Alchemy::AWS::InvalidSSOToken") {
-}
-export class ExpiredSSOToken extends Data.TaggedError("Alchemy::AWS::ExpiredSSOToken") {
-}
-export class AwsCredentialProviderError extends Data.TaggedError("AWS::CredentialProviderError") {
-}
-/**
- * The AWS SSO portal returned a response with no `roleCredentials`, e.g. a
- * `ForbiddenException` when an IAM Identity Center role assignment is in a
- * stale state.
- */
-export class SsoPortalError extends Data.TaggedError("Alchemy::AWS::SsoPortalError") {
-}
+export const fromIni = () => BrowserCredentials.createLazyProvider(_fromIni, "ini");
+export const fromContainerMetadata = () => BrowserCredentials.createLazyProvider(_fromContainerMetadata, "container");
+export const fromProcess = () => BrowserCredentials.createLazyProvider(_fromProcess, "process");
+export const fromTokenFile = () => BrowserCredentials.createLazyProvider(_fromTokenFile, "token-file");
 /**
  * Create a lazy, cached SSO credentials provider.
  * SSO credential resolution is deferred until the Effect is run,
  * and credentials are cached until they expire.
  */
-export const fromSSO = (profileName = "default") => Layer.effect(Credentials, Auth.use((auth) => Effect.succeed(createCachedCredentialsEffect(auth.loadProfileCredentials(profileName)))));
+export const fromSSO = (profileName = "default") => Layer.effect(BrowserCredentials.Credentials, Auth.use((auth) => Effect.succeed(BrowserCredentials.createCachedCredentialsEffect(auth.loadProfileCredentials(profileName)))));
 //# sourceMappingURL=credentials.js.map

package/lib/credentials.js.map

@@ -1 +1 @@
-{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,IAAI,sBAAsB,EAC/C,OAAO,IAAI,QAAQ,EACnB,QAAQ,IAAI,SAAS,EACrB,OAAO,IAAI,QAAQ,EACnB,qBAAqB,IAAI,sBAAsB,EAC/C,WAAW,IAAI,YAAY,EAC3B,aAAa,IAAI,cAAc,GAChC,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAGN,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,IAAI,MAAM,aAAa,CAAC;AACpC,OAAO,KAAK,MAAM,MAAM,eAAe,CAAC;AACxC,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AAEtC,OAAO,KAAK,QAAQ,MAAM,iBAAiB,CAAC;AAC5C,OAAO,KAAK,OAAO,MAAM,gBAAgB,CAAC;AAE1C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAqC3C,MAAM,OAAO,WAAY,SAAQ,OAAO,CAAC,OAAO,EAG7C,CAAC,kBAAkB,CAAC;CAAG;AAE1B,MAAM,CAAC,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAC/B,WAAW,EACX,MAAM,CAAC,OAAO,CAAC;IACb,WAAW,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;IAClC,eAAe,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;IACtC,YAAY,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;CACpC,CAAC,CACH,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CACvC,QAA+B,EACV,EAAE,CAAC,CAAC;IACzB,WAAW,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;IAChD,eAAe,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC;IACxD,YAAY,EAAE,QAAQ,CAAC,YAAY;QACjC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QACtC,CAAC,CAAC,SAAS;IACb,UAAU,EAAE,QAAQ,CAAC,UAAU,EAAE,OAAO,EAAE;CAC3C,CAAC,CAAC;AAWH,MAAM,aAAa,GAAG,CACpB,QAAsB,EACa,EAAE;IACrC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,KAAK;YACR,OAAO;gBACL,oFAAoF;aACrF,CAAC;QACJ,KAAK,KAAK;YACR,OAAO,CAAC,6DAA6D,CAAC,CAAC;QACzE,KAAK,OAAO;YACV,OAAO;gBACL,iEAAiE;gBACjE,oDAAoD;aACrD,CAAC;QACJ,KAAK,WAAW;YACd,OAAO,CAAC,sDAAsD,CAAC,CAAC;QAClE,KAAK,MAAM;YACT,OAAO,CAAC,yDAAyD,CAAC,CAAC;QACrE,KAAK,SAAS;YACZ,OAAO;gBACL,iFAAiF;aAClF,CAAC;QACJ,KAAK,YAAY;YACf,OAAO;gBACL,kEAAkE;aACnE,CAAC;QACJ;YACE,OAAO;IACX,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG,aAAa,CAAC;AAE5C;;;GAGG;AACH,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnD;;;GAGG;AACH,MAAM,6BAA6B,GAAG,CACpC,OAAiD,EACP,EAAE;IAC5C,IAAI,WAA4C,CAAC;IACjD,IAAI,SAA6B,CAAC;IAElC,OAAO,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,WAAW,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;YAChD,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YACnC,WAAW,GAAG,KAAK,CAAC;YACpB,SAAS,GAAG,KAAK,CAAC,UAAU;gBAC1B,CAAC,CAAC,KAAK,CAAC,UAAU,GAAG,4BAA4B;gBACjD,CAAC,CAAC,SAAS,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,kBAAkB,GAAG,CACzB,QAAuD,EACvD,YAA0B,EACA,EAAE;IAC5B,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;QAClC,MAAM,KAAK,GAAG,aAAa,CAAC,YAAY,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;YACxC,GAAG,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE;YACzB,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE,CACf,IAAI,0BAA0B,CAAC;gBAC7B,OAAO,EAAE,sCAAsC,YAAY,GAAG;gBAC9D,QAAQ,EAAE,YAAY;gBACtB,KAAK;gBACL,KAAK;aACN,CAAC;SACL,CAAC,CAAC;QACH,OAAO,yBAAyB,CAAC,QAAQ,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,6BAA6B,CAAC,OAAO,CAAC,CAAC,CAAC;AAC5E,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAC7B,WAAkC,EACR,EAAE,CAC5B,KAAK,CAAC,OAAO,CACX,WAAW,EACX,MAAM,CAAC,OAAO,CAAC,yBAAyB,CAAC,WAAW,CAAC,CAAC,CACvD,CAAC;AAEJ,MAAM,CAAC,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,kBAAkB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AAEjE,MAAM,CAAC,MAAM,SAAS,GAAG,GAAG,EAAE,CAC5B,kBAAkB,CAAC,GAAG,EAAE,CAAC,sBAAsB,EAAE,EAAE,OAAO,CAAC,CAAC;AAE9D,6DAA6D;AAE7D,MAAM,CAAC,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,kBAAkB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AAEjE,MAAM,CAAC,MAAM,qBAAqB,GAAG,GAAG,EAAE,CACxC,kBAAkB,CAAC,sBAAsB,EAAE,WAAW,CAAC,CAAC;AAE1D,MAAM,CAAC,MAAM,QAAQ,GAAG,GAAG,EAAE,CAAC,kBAAkB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAEpE,MAAM,CAAC,MAAM,WAAW,GAAG,GAAG,EAAE,CAAC,kBAAkB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;AAE7E,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,EAAE,CAChC,kBAAkB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;AAEnD,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAE9E,MAAM,OAAO,SAAU,SAAQ,OAAO,CAAC,OAAO,EAAqB,CACjE,gBAAgB,CACjB;CAAG;AACJ,MAAM,OAAO,WAAY,SAAQ,OAAO,CAAC,OAAO,EAAuB,CACrE,kBAAkB,CACnB;CAAG;AAEJ,MAAM,OAAO,eAAgB,SAAQ,IAAI,CAAC,WAAW,CACnD,+BAA+B,CAI/B;CAAG;AAEL,MAAM,OAAO,oBAAqB,SAAQ,IAAI,CAAC,WAAW,CACxD,oCAAoC,CAKpC;CAAG;AAEL,MAAM,OAAO,sBAAuB,SAAQ,IAAI,CAAC,WAAW,CAC1D,sCAAsC,CAKtC;CAAG;AAEL,MAAM,OAAO,iBAAkB,SAAQ,IAAI,CAAC,WAAW,CACrD,iCAAiC,CAKjC;CAAG;AAEL,MAAM,OAAO,eAAgB,SAAQ,IAAI,CAAC,WAAW,CACnD,+BAA+B,CAI/B;CAAG;AAEL,MAAM,OAAO,eAAgB,SAAQ,IAAI,CAAC,WAAW,CACnD,+BAA+B,CAI/B;CAAG;AAEL,MAAM,OAAO,0BAA2B,SAAQ,IAAI,CAAC,WAAW,CAC9D,8BAA8B,CAM9B;CAAG;AAEL;;;;GAIG;AACH,MAAM,OAAO,cAAe,SAAQ,IAAI,CAAC,WAAW,CAClD,8BAA8B,CAO9B;CAAG;AAEL;;;;GAIG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,WAAW,GAAW,SAAS,EAAE,EAAE,CACzD,KAAK,CAAC,MAAM,CACV,WAAW,EACX,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAChB,MAAM,CAAC,OAAO,CACZ,6BAA6B,CAAC,IAAI,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC,CACxE,CACF,CACF,CAAC"}
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,IAAI,sBAAsB,EAC/C,OAAO,IAAI,QAAQ,EACnB,OAAO,IAAI,QAAQ,EACnB,qBAAqB,IAAI,sBAAsB,EAC/C,WAAW,IAAI,YAAY,EAC3B,aAAa,IAAI,cAAc,GAChC,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,kBAAkB,MAAM,0BAA0B,CAAC;AAC/D,cAAc,0BAA0B,CAAC;AAEzC,OAAO,KAAK,MAAM,MAAM,eAAe,CAAC;AACxC,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,CAAC,MAAM,OAAO,GAAG,GAAG,EAAE,CAC1B,kBAAkB,CAAC,kBAAkB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AAEzD,MAAM,CAAC,MAAM,SAAS,GAAG,GAAG,EAAE,CAC5B,kBAAkB,CAAC,kBAAkB,CACnC,GAAG,EAAE,CAAC,sBAAsB,EAAE,EAC9B,OAAO,CACR,CAAC;AAEJ,6DAA6D;AAE7D,MAAM,CAAC,MAAM,OAAO,GAAG,GAAG,EAAE,CAC1B,kBAAkB,CAAC,kBAAkB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AAEzD,MAAM,CAAC,MAAM,qBAAqB,GAAG,GAAG,EAAE,CACxC,kBAAkB,CAAC,kBAAkB,CAAC,sBAAsB,EAAE,WAAW,CAAC,CAAC;AAE7E,MAAM,CAAC,MAAM,WAAW,GAAG,GAAG,EAAE,CAC9B,kBAAkB,CAAC,kBAAkB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;AAEjE,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,EAAE,CAChC,kBAAkB,CAAC,kBAAkB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;AAEtE;;;;GAIG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,WAAW,GAAW,SAAS,EAAE,EAAE,CACzD,KAAK,CAAC,MAAM,CACV,kBAAkB,CAAC,WAAW,EAC9B,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAChB,MAAM,CAAC,OAAO,CACZ,kBAAkB,CAAC,6BAA6B,CAC9C,IAAI,CAAC,sBAAsB,CAAC,WAAW,CAAC,CACzC,CACF,CACF,CACF,CAAC"}

package/lib/index.browser.d.ts

@@ -0,0 +1,50 @@
+/**
+ * AWS Authentication service for loading AWS profiles and credentials.
+ *
+ * @since 0.0.0
+ */
+export * as Auth from "./auth.browser.ts";
+/**
+ * AWS Credentials providers for obtaining temporary or long-lived credentials.
+ *
+ * @since 0.0.0
+ */
+export * as Credentials from "./credentials.browser.ts";
+/**
+ * AWS Endpoint configuration for custom or local endpoints.
+ *
+ * @since 0.0.0
+ */
+export * as Endpoint from "./endpoint.ts";
+/**
+ * Common AWS error types shared across all services.
+ *
+ * @since 0.0.0
+ */
+export * as Errors from "./errors.ts";
+/**
+ * AWS Region configuration.
+ *
+ * @since 0.0.0
+ */
+export * as Region from "./region.ts";
+/**
+ * Retry policy configuration for AWS API calls.
+ *
+ * @since 0.0.0
+ */
+export * as Retry from "./retry.ts";
+/**
+ * Sensitive data schemas for the smithy.api#sensitive trait.
+ * Wraps values in Effect's Redacted type to prevent accidental logging.
+ *
+ * @since 0.0.0
+ */
+export * as Sensitive from "./sensitive.ts";
+/**
+ * Smithy trait annotations for AWS service schemas.
+ *
+ * @since 0.0.0
+ */
+export * as Traits from "./traits.ts";
+//# sourceMappingURL=index.browser.d.ts.map

package/lib/index.browser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.browser.d.ts","sourceRoot":"","sources":["../src/index.browser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,IAAI,MAAM,mBAAmB,CAAC;AAE1C;;;;GAIG;AACH,OAAO,KAAK,WAAW,MAAM,0BAA0B,CAAC;AAExD;;;;GAIG;AACH,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAC;AAE1C;;;;GAIG;AACH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC;;;;GAIG;AACH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC;;;;GAIG;AACH,OAAO,KAAK,KAAK,MAAM,YAAY,CAAC;AAEpC;;;;;GAKG;AACH,OAAO,KAAK,SAAS,MAAM,gBAAgB,CAAC;AAE5C;;;;GAIG;AACH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC"}

package/lib/index.browser.js

@@ -0,0 +1,50 @@
+/**
+ * AWS Authentication service for loading AWS profiles and credentials.
+ *
+ * @since 0.0.0
+ */
+export * as Auth from "./auth.browser.js";
+/**
+ * AWS Credentials providers for obtaining temporary or long-lived credentials.
+ *
+ * @since 0.0.0
+ */
+export * as Credentials from "./credentials.browser.js";
+/**
+ * AWS Endpoint configuration for custom or local endpoints.
+ *
+ * @since 0.0.0
+ */
+export * as Endpoint from "./endpoint.js";
+/**
+ * Common AWS error types shared across all services.
+ *
+ * @since 0.0.0
+ */
+export * as Errors from "./errors.js";
+/**
+ * AWS Region configuration.
+ *
+ * @since 0.0.0
+ */
+export * as Region from "./region.js";
+/**
+ * Retry policy configuration for AWS API calls.
+ *
+ * @since 0.0.0
+ */
+export * as Retry from "./retry.js";
+/**
+ * Sensitive data schemas for the smithy.api#sensitive trait.
+ * Wraps values in Effect's Redacted type to prevent accidental logging.
+ *
+ * @since 0.0.0
+ */
+export * as Sensitive from "./sensitive.js";
+/**
+ * Smithy trait annotations for AWS service schemas.
+ *
+ * @since 0.0.0
+ */
+export * as Traits from "./traits.js";
+//# sourceMappingURL=index.browser.js.map

package/lib/index.browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.browser.js","sourceRoot":"","sources":["../src/index.browser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,IAAI,MAAM,mBAAmB,CAAC;AAE1C;;;;GAIG;AACH,OAAO,KAAK,WAAW,MAAM,0BAA0B,CAAC;AAExD;;;;GAIG;AACH,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAC;AAE1C;;;;GAIG;AACH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC;;;;GAIG;AACH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC;;;;GAIG;AACH,OAAO,KAAK,KAAK,MAAM,YAAY,CAAC;AAEpC;;;;;GAKG;AACH,OAAO,KAAK,SAAS,MAAM,gBAAgB,CAAC;AAE5C;;;;GAIG;AACH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@distilled.cloud/aws",
-  "version": "0.20.2",
+  "version": "0.21.0",
   "repository": {
     "type": "git",
     "url": "https://github.com/alchemy-run/distilled",
@@ -14,6 +14,12 @@
     "src"
   ],
   "exports": {
+    ".": {
+      "types": "./lib/index.d.ts",
+      "bun": "./src/index.ts",
+      "browser": "./lib/index.browser.js",
+      "default": "./lib/index.js"
+    },
     "./*": {
       "types": "./lib/services/*.d.ts",
       "bun": "./src/services/*.ts",
@@ -22,6 +28,7 @@
     "./Auth": {
       "types": "./lib/auth.d.ts",
       "bun": "./src/auth.ts",
+      "browser": "./lib/auth.browser.js",
       "default": "./lib/auth.js"
     },
     "./Category": {
@@ -32,6 +39,7 @@
     "./Credentials": {
       "types": "./lib/credentials.d.ts",
       "bun": "./src/credentials.ts",
+      "browser": "./lib/credentials.browser.js",
       "default": "./lib/credentials.js"
     },
     "./Errors": {
@@ -58,11 +66,6 @@
       "types": "./lib/traits.d.ts",
       "bun": "./src/traits.ts",
       "default": "./lib/traits.js"
-    },
-    ".": {
-      "types": "./lib/index.d.ts",
-      "bun": "./src/index.ts",
-      "default": "./lib/index.js"
     }
   },
   "scripts": {
@@ -82,7 +85,7 @@
     "@aws-crypto/util": "^5.2.0",
     "@aws-sdk/credential-providers": "^3.994.0",
     "@aws-sdk/types": "^3.973.1",
-    "@distilled.cloud/core": "0.20.2",
+    "@distilled.cloud/core": "0.21.0",
     "@smithy/shared-ini-file-loader": "^4.4.3",
     "@smithy/types": "^4.12.0",
     "@smithy/util-base64": "^4.3.0",

package/src/auth.browser.ts

@@ -0,0 +1,88 @@
+import * as Context from "effect/Context";
+import * as Effect from "effect/Effect";
+import * as Option from "effect/Option";
+import type {
+  CredentialsError,
+  ResolvedCredentials,
+} from "./credentials.browser.ts";
+
+export class Auth extends Context.Service<
+  Auth,
+  {
+    loadProfile: (
+      profileName: string,
+    ) => Effect.Effect<AwsProfileConfig, CredentialsError>;
+    loadProfileCredentials: (
+      profileName: string,
+    ) => Effect.Effect<ResolvedCredentials, CredentialsError>;
+  }
+>()("distilled-aws/AWS/Auth") {}
+
+// This doesn't do anything - it's here so that when building for the browser, you don't get a warning about `Auth.Default` not being exported.
+export const Default = Effect.serviceOption(Auth).pipe(
+  Effect.map(Option.getOrThrow),
+);
+
+export interface AwsProfileConfig {
+  sso_session?: string;
+  sso_account_id?: string;
+  sso_role_name?: string;
+  region?: string;
+  output?: string;
+  sso_start_url?: string;
+  sso_region?: string;
+}
+export interface SsoProfileConfig extends AwsProfileConfig {
+  sso_start_url: string;
+  sso_region: string;
+  sso_account_id: string;
+  sso_role_name: string;
+}
+
+/**
+ * Cached SSO token retrieved from SSO login flow.
+ * @public
+ */
+export interface SSOToken {
+  /**
+   * A base64 encoded string returned by the sso-oidc service.
+   */
+  accessToken: string;
+
+  /**
+   * The expiration time of the accessToken as an RFC 3339 formatted timestamp.
+   */
+  expiresAt: string;
+
+  /**
+   * The token used to obtain an access token in the event that the accessToken is invalid or expired.
+   */
+  refreshToken?: string;
+
+  /**
+   * The unique identifier string for each client. The client ID generated when performing the registration
+   * portion of the OIDC authorization flow. This is used to refresh the accessToken.
+   */
+  clientId?: string;
+
+  /**
+   * A secret string generated when performing the registration portion of the OIDC authorization flow.
+   * This is used to refresh the accessToken.
+   */
+  clientSecret?: string;
+
+  /**
+   * The expiration time of the client registration (clientId and clientSecret) as an RFC 3339 formatted timestamp.
+   */
+  registrationExpiresAt?: string;
+
+  /**
+   * The configured sso_region for the profile that credentials are being resolved for.
+   */
+  region?: string;
+
+  /**
+   * The configured sso_start_url for the profile that credentials are being resolved for.
+   */
+  startUrl?: string;
+}