npm - @enkryptify/sdk - Versions diffs - 0.1.0 - Mend

@enkryptify/sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,517 @@
+// src/errors.ts
+var EnkryptifyError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "EnkryptifyError";
+  }
+};
+var SecretNotFoundError = class extends EnkryptifyError {
+  constructor(key, workspace, environment) {
+    super(
+      `Secret "${key}" not found in workspace "${workspace}" (environment: "${environment}"). Verify the secret exists in your Enkryptify dashboard.
+Docs: https://docs.enkryptify.com/sdk/troubleshooting#secret-not-found`
+    );
+    this.name = "SecretNotFoundError";
+  }
+};
+var AuthenticationError = class extends EnkryptifyError {
+  constructor() {
+    super(
+      "Authentication failed (HTTP 401). Token is invalid, expired, or revoked. Generate a new token in your Enkryptify dashboard.\nDocs: https://docs.enkryptify.com/sdk/auth#token-issues"
+    );
+    this.name = "AuthenticationError";
+  }
+};
+var AuthorizationError = class extends EnkryptifyError {
+  constructor() {
+    super(
+      "Authorization failed (HTTP 403). Token does not have access to this resource. Check that your token has the required permissions.\nDocs: https://docs.enkryptify.com/sdk/auth#permissions"
+    );
+    this.name = "AuthorizationError";
+  }
+};
+var NotFoundError = class extends EnkryptifyError {
+  constructor(method, endpoint) {
+    super(
+      `Resource not found (HTTP 404) for ${method} ${endpoint}. Workspace, project, or environment not found. Verify your configuration.
+Docs: https://docs.enkryptify.com/sdk/troubleshooting#not-found`
+    );
+    this.name = "NotFoundError";
+  }
+};
+var RateLimitError = class extends EnkryptifyError {
+  retryAfter;
+  constructor(retryAfter) {
+    const parsed = retryAfter ? parseInt(retryAfter, 10) : null;
+    const retrySeconds = parsed !== null && !Number.isNaN(parsed) ? parsed : null;
+    super(
+      `Rate limited (HTTP 429). ${retrySeconds ? `Retry after ${retrySeconds} seconds.` : "Please retry later."}
+Docs: https://docs.enkryptify.com/sdk/troubleshooting#rate-limiting`
+    );
+    this.name = "RateLimitError";
+    this.retryAfter = retrySeconds;
+  }
+};
+var ApiError = class extends EnkryptifyError {
+  status;
+  constructor(status, statusText, method, endpoint) {
+    super(
+      `API request failed (HTTP ${status}) for ${method} ${endpoint}. ${statusText ? statusText + ". " : ""}This may be a temporary server issue \u2014 retry in a few moments.
+Docs: https://docs.enkryptify.com/sdk/troubleshooting#api-errors`
+    );
+    this.name = "ApiError";
+    this.status = status;
+  }
+};
+// src/internal/token-store.ts
+var store = /* @__PURE__ */ new WeakMap();
+function storeToken(provider, token) {
+  store.set(provider, token);
+}
+function retrieveToken(provider) {
+  const token = store.get(provider);
+  if (!token) {
+    throw new EnkryptifyError(
+      "Invalid or destroyed auth provider. Create a new one via Enkryptify.fromEnv().\nDocs: https://docs.enkryptify.com/sdk/auth"
+    );
+  }
+  return token;
+}
+// src/auth.ts
+var EnvAuthProvider = class {
+  _brand = "EnkryptifyAuthProvider";
+  constructor() {
+    const token = process.env.ENKRYPTIFY_TOKEN;
+    if (!token) {
+      throw new EnkryptifyError(
+        'ENKRYPTIFY_TOKEN environment variable is not set. Set it before initializing the SDK:\n  export ENKRYPTIFY_TOKEN="ek_..."\nDocs: https://docs.enkryptify.com/sdk/auth#environment-variables'
+      );
+    }
+    storeToken(this, token);
+  }
+};
+var TokenAuthProvider = class {
+  _brand = "EnkryptifyAuthProvider";
+  constructor(token) {
+    storeToken(this, token);
+  }
+};
+// src/api.ts
+var EnkryptifyApi = class {
+  #baseUrl;
+  #auth;
+  constructor(baseUrl, auth) {
+    this.#baseUrl = baseUrl;
+    this.#auth = auth;
+  }
+  async fetchSecret(workspace, project, secretName, environmentId) {
+    const path = `/v1/workspace/${encodeURIComponent(workspace)}/project/${encodeURIComponent(project)}/secret/${encodeURIComponent(secretName)}`;
+    const params = new URLSearchParams({ environmentId, resolve: "true" });
+    return this.#request("GET", `${path}?${params.toString()}`);
+  }
+  async fetchAllSecrets(workspace, project, environmentId) {
+    const path = `/v1/workspace/${encodeURIComponent(workspace)}/project/${encodeURIComponent(project)}/secret`;
+    const params = new URLSearchParams({ environmentId, resolve: "true" });
+    return this.#request("GET", `${path}?${params.toString()}`);
+  }
+  async #request(method, endpoint) {
+    const token = retrieveToken(this.#auth);
+    const url = `${this.#baseUrl}${endpoint}`;
+    const response = await fetch(url, {
+      method,
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json"
+      }
+    });
+    if (response.status === 401) {
+      throw new AuthenticationError();
+    }
+    if (response.status === 403) {
+      throw new AuthorizationError();
+    }
+    if (response.status === 404) {
+      throw new NotFoundError(method, endpoint);
+    }
+    if (response.status === 429) {
+      throw new RateLimitError(response.headers.get("Retry-After"));
+    }
+    if (!response.ok) {
+      throw new ApiError(response.status, response.statusText, method, endpoint);
+    }
+    return response.json();
+  }
+};
+// src/cache.ts
+var SecretCache = class {
+  #store = /* @__PURE__ */ new Map();
+  #ttl;
+  constructor(ttl) {
+    this.#ttl = ttl;
+  }
+  get(key) {
+    const entry = this.#store.get(key);
+    if (!entry) return void 0;
+    if (entry.expiresAt !== null && Date.now() > entry.expiresAt) {
+      this.#store.delete(key);
+      return void 0;
+    }
+    return entry.value;
+  }
+  set(key, value) {
+    this.#store.set(key, {
+      value,
+      expiresAt: this.#ttl === -1 ? null : Date.now() + this.#ttl
+    });
+  }
+  has(key) {
+    return this.get(key) !== void 0;
+  }
+  clear() {
+    this.#store.clear();
+    this.#store = /* @__PURE__ */ new Map();
+  }
+  get size() {
+    return this.#store.size;
+  }
+};
+// src/logger.ts
+var LEVELS = {
+  debug: 0,
+  info: 1,
+  warn: 2,
+  error: 3
+};
+var Logger = class {
+  #level;
+  constructor(level = "info") {
+    this.#level = LEVELS[level];
+  }
+  debug(message) {
+    if (this.#level <= LEVELS.debug) {
+      console.debug(`[Enkryptify] ${message}`);
+    }
+  }
+  info(message) {
+    if (this.#level <= LEVELS.info) {
+      console.info(`[Enkryptify] ${message}`);
+    }
+  }
+  warn(message) {
+    if (this.#level <= LEVELS.warn) {
+      console.warn(`[Enkryptify] ${message}`);
+    }
+  }
+  error(message) {
+    if (this.#level <= LEVELS.error) {
+      console.error(`[Enkryptify] ${message}`);
+    }
+  }
+};
+// src/token-exchange.ts
+var TokenExchangeManager = class {
+  #baseUrl;
+  #staticToken;
+  #auth;
+  #logger;
+  #jwt = null;
+  #refreshTimer = null;
+  #exchangePromise = null;
+  constructor(baseUrl, staticToken, auth, logger) {
+    this.#baseUrl = baseUrl;
+    this.#staticToken = staticToken;
+    this.#auth = auth;
+    this.#logger = logger;
+  }
+  async ensureToken() {
+    if (this.#jwt) return;
+    if (this.#exchangePromise) {
+      return this.#exchangePromise;
+    }
+    this.#exchangePromise = this.#exchange();
+    try {
+      await this.#exchangePromise;
+    } finally {
+      this.#exchangePromise = null;
+    }
+  }
+  async #exchange() {
+    try {
+      const response = await fetch(`${this.#baseUrl}/v1/auth/exchange`, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${this.#staticToken}`,
+          "Content-Type": "application/json"
+        }
+      });
+      if (!response.ok) {
+        throw new Error(`Token exchange failed with HTTP ${response.status}`);
+      }
+      const data = await response.json();
+      this.#jwt = data.accessToken;
+      storeToken(this.#auth, this.#jwt);
+      this.#logger.debug("Token exchanged for short-lived JWT");
+      const refreshMs = (data.expiresIn - 60) * 1e3;
+      this.#scheduleRefresh(refreshMs);
+    } catch (error) {
+      this.#jwt = null;
+      storeToken(this.#auth, this.#staticToken);
+      this.#logger.warn(
+        `Token exchange failed, falling back to static token: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+  }
+  #scheduleRefresh(ms) {
+    if (this.#refreshTimer) {
+      clearTimeout(this.#refreshTimer);
+    }
+    this.#refreshTimer = setTimeout(() => {
+      this.#jwt = null;
+      this.#exchange();
+    }, ms);
+    this.#refreshTimer.unref?.();
+  }
+  destroy() {
+    if (this.#refreshTimer) {
+      clearTimeout(this.#refreshTimer);
+      this.#refreshTimer = null;
+    }
+    this.#jwt = null;
+  }
+};
+// src/enkryptify.ts
+var Enkryptify = class _Enkryptify {
+  #api;
+  #cache;
+  #logger;
+  #workspace;
+  #project;
+  #environment;
+  #strict;
+  #usePersonalValues;
+  #cacheEnabled;
+  #eagerCache;
+  #destroyed = false;
+  #eagerLoaded = false;
+  #tokenExchange = null;
+  constructor(config) {
+    if (!config.workspace) {
+      throw new EnkryptifyError(
+        'Missing required config field "workspace". Provide a workspace slug or ID.\nDocs: https://docs.enkryptify.com/sdk/configuration'
+      );
+    }
+    if (!config.project) {
+      throw new EnkryptifyError(
+        'Missing required config field "project". Provide a project slug or ID.\nDocs: https://docs.enkryptify.com/sdk/configuration'
+      );
+    }
+    if (!config.environment) {
+      throw new EnkryptifyError(
+        'Missing required config field "environment". Provide an environment ID.\nDocs: https://docs.enkryptify.com/sdk/configuration'
+      );
+    }
+    let auth;
+    if (config.token) {
+      _Enkryptify.#validateTokenFormat(config.token);
+      auth = new TokenAuthProvider(config.token);
+    } else if (config.auth) {
+      if (config.auth._brand !== "EnkryptifyAuthProvider") {
+        throw new EnkryptifyError(
+          "Invalid auth provider. Use Enkryptify.fromEnv() or pass a token option.\nDocs: https://docs.enkryptify.com/sdk/auth"
+        );
+      }
+      auth = config.auth;
+    } else {
+      const envToken = process.env.ENKRYPTIFY_TOKEN;
+      if (!envToken) {
+        throw new EnkryptifyError(
+          "No token provided. Set ENKRYPTIFY_TOKEN or pass token in options.\nDocs: https://docs.enkryptify.com/sdk/auth"
+        );
+      }
+      _Enkryptify.#validateTokenFormat(envToken);
+      auth = new TokenAuthProvider(envToken);
+    }
+    retrieveToken(auth);
+    this.#workspace = config.workspace;
+    this.#project = config.project;
+    this.#environment = config.environment;
+    this.#strict = config.options?.strict ?? true;
+    this.#usePersonalValues = config.options?.usePersonalValues ?? true;
+    this.#cacheEnabled = config.cache?.enabled ?? true;
+    this.#eagerCache = config.cache?.eager ?? true;
+    const cacheTtl = config.cache?.ttl ?? -1;
+    this.#logger = new Logger(config.logger?.level ?? "info");
+    this.#cache = this.#cacheEnabled ? new SecretCache(cacheTtl) : null;
+    const baseUrl = config.baseUrl ?? "https://api.enkryptify.com";
+    this.#api = new EnkryptifyApi(baseUrl, auth);
+    if (config.useTokenExchange) {
+      const staticToken = retrieveToken(auth);
+      this.#tokenExchange = new TokenExchangeManager(baseUrl, staticToken, auth, this.#logger);
+    }
+    this.#logger.info(
+      `Initialized for workspace "${this.#workspace}", project "${this.#project}", environment "${this.#environment}"`
+    );
+  }
+  static fromEnv() {
+    return new EnvAuthProvider();
+  }
+  static #validateTokenFormat(token) {
+    if (!token) {
+      throw new EnkryptifyError("Token must be a non-empty string.\nDocs: https://docs.enkryptify.com/sdk/auth");
+    }
+    if (token.startsWith("ek_live_")) return;
+    const dotCount = token.split(".").length - 1;
+    if (dotCount === 2) return;
+    throw new EnkryptifyError(
+      "Invalid token format. Expected an ek_live_ token or JWT.\nDocs: https://docs.enkryptify.com/sdk/auth#token-format"
+    );
+  }
+  async get(key, options) {
+    this.#guardDestroyed();
+    const useCache = this.#cacheEnabled && options?.cache !== false;
+    if (useCache && this.#cache) {
+      const cached = this.#cache.get(key);
+      if (cached !== void 0) {
+        this.#logger.debug(`Cache hit for secret "${key}"`);
+        return cached;
+      }
+      this.#logger.debug(`Cache miss for secret "${key}", fetching from API`);
+    }
+    await this.#tokenExchange?.ensureToken();
+    if (useCache && this.#eagerCache && !this.#eagerLoaded) {
+      return this.#fetchAndCacheAll(key);
+    }
+    return this.#fetchAndCacheSingle(key);
+  }
+  getFromCache(key) {
+    this.#guardDestroyed();
+    if (!this.#cacheEnabled || !this.#cache) {
+      throw new EnkryptifyError(
+        "Cache is disabled. Enable caching in the config or use get() to fetch from the API.\nDocs: https://docs.enkryptify.com/sdk/configuration#caching"
+      );
+    }
+    const value = this.#cache.get(key);
+    if (value === void 0) {
+      throw new SecretNotFoundError(key, this.#workspace, this.#environment);
+    }
+    return value;
+  }
+  async preload() {
+    this.#guardDestroyed();
+    if (!this.#cacheEnabled || !this.#cache) {
+      throw new EnkryptifyError(
+        "Cannot preload: caching is disabled. Enable caching in the config.\nDocs: https://docs.enkryptify.com/sdk/configuration#caching"
+      );
+    }
+    await this.#tokenExchange?.ensureToken();
+    const secrets = await this.#api.fetchAllSecrets(this.#workspace, this.#project, this.#environment);
+    let count = 0;
+    for (const secret of secrets) {
+      const value = this.#resolveValue(secret);
+      if (value !== void 0) {
+        this.#cache.set(secret.name, value);
+        count++;
+      }
+    }
+    this.#eagerLoaded = true;
+    this.#logger.info(`Preloaded ${count} secrets into cache`);
+  }
+  destroy() {
+    if (this.#destroyed) return;
+    this.#tokenExchange?.destroy();
+    this.#cache?.clear();
+    this.#destroyed = true;
+    this.#logger.info("Client destroyed, all cached secrets cleared");
+  }
+  #guardDestroyed() {
+    if (this.#destroyed) {
+      throw new EnkryptifyError(
+        "This Enkryptify client has been destroyed. Create a new instance to continue.\nDocs: https://docs.enkryptify.com/sdk/lifecycle"
+      );
+    }
+  }
+  async #fetchAndCacheAll(key) {
+    this.#logger.debug(
+      `Fetching secret(s) from API: GET /v1/workspace/${this.#workspace}/project/${this.#project}/secret`
+    );
+    const start = Date.now();
+    const secrets = await this.#api.fetchAllSecrets(this.#workspace, this.#project, this.#environment);
+    this.#logger.debug(`API responded with ${secrets.length} secret(s) in ${Date.now() - start}ms`);
+    let found;
+    for (const secret of secrets) {
+      const value = this.#resolveValue(secret);
+      if (value !== void 0 && this.#cache) {
+        this.#cache.set(secret.name, value);
+        this.#logger.debug(
+          `Cached secret "${secret.name}" (${this.#cache ? "TTL: cache configured" : "no expiry"})`
+        );
+      }
+      if (secret.name === key) {
+        found = value;
+      }
+    }
+    this.#eagerLoaded = true;
+    if (found !== void 0) {
+      return found;
+    }
+    return this.#handleNotFound(key);
+  }
+  async #fetchAndCacheSingle(key) {
+    this.#logger.debug(
+      `Fetching secret(s) from API: GET /v1/workspace/${this.#workspace}/project/${this.#project}/secret/${key}`
+    );
+    let secret;
+    try {
+      const start = Date.now();
+      secret = await this.#api.fetchSecret(this.#workspace, this.#project, key, this.#environment);
+      this.#logger.debug(`API responded with 1 secret(s) in ${Date.now() - start}ms`);
+    } catch (error) {
+      if (error instanceof NotFoundError) {
+        return this.#handleNotFound(key);
+      }
+      throw error;
+    }
+    const value = this.#resolveValue(secret);
+    if (value === void 0) {
+      return this.#handleNotFound(key);
+    }
+    if (this.#cacheEnabled && this.#cache) {
+      this.#cache.set(key, value);
+    }
+    return value;
+  }
+  #handleNotFound(key) {
+    if (this.#strict) {
+      throw new SecretNotFoundError(key, this.#workspace, this.#environment);
+    }
+    this.#logger.warn(`Secret "${key}" not found (strict mode disabled, returning empty string)`);
+    return "";
+  }
+  #resolveValue(secret) {
+    const envValues = secret.values.filter((v) => v.environmentId === this.#environment);
+    if (this.#usePersonalValues) {
+      const personal = envValues.find((v) => v.isPersonal);
+      if (personal) return personal.value;
+      const shared = envValues.find((v) => !v.isPersonal);
+      if (shared) {
+        this.#logger.warn(`No personal value for "${secret.name}", falling back to shared value`);
+        return shared.value;
+      }
+    } else {
+      const shared = envValues.find((v) => !v.isPersonal);
+      if (shared) return shared.value;
+    }
+    return void 0;
+  }
+};
+export { ApiError, AuthenticationError, AuthorizationError, Enkryptify, EnkryptifyError, NotFoundError, RateLimitError, SecretNotFoundError, Enkryptify as default };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/errors.ts","../src/internal/token-store.ts","../src/auth.ts","../src/api.ts","../src/cache.ts","../src/logger.ts","../src/token-exchange.ts","../src/enkryptify.ts"],"names":[],"mappings":";AAAO,IAAM,eAAA,GAAN,cAA8B,KAAA,CAAM;AAAA,EACvC,YAAY,OAAA,EAAiB;AACzB,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AAAA,EAChB;AACJ;AAEO,IAAM,mBAAA,GAAN,cAAkC,eAAA,CAAgB;AAAA,EACrD,WAAA,CAAY,GAAA,EAAa,SAAA,EAAmB,WAAA,EAAqB;AAC7D,IAAA,KAAA;AAAA,MACI,CAAA,QAAA,EAAW,GAAG,CAAA,0BAAA,EAA6B,SAAS,oBAAoB,WAAW,CAAA;AAAA,sEAAA;AAAA,KAGvF;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,qBAAA;AAAA,EAChB;AACJ;AAEO,IAAM,mBAAA,GAAN,cAAkC,eAAA,CAAgB;AAAA,EACrD,WAAA,GAAc;AACV,IAAA,KAAA;AAAA,MACI;AAAA,KAGJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,qBAAA;AAAA,EAChB;AACJ;AAEO,IAAM,kBAAA,GAAN,cAAiC,eAAA,CAAgB;AAAA,EACpD,WAAA,GAAc;AACV,IAAA,KAAA;AAAA,MACI;AAAA,KAGJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AAAA,EAChB;AACJ;AAEO,IAAM,aAAA,GAAN,cAA4B,eAAA,CAAgB;AAAA,EAC/C,WAAA,CAAY,QAAgB,QAAA,EAAkB;AAC1C,IAAA,KAAA;AAAA,MACI,CAAA,kCAAA,EAAqC,MAAM,CAAA,CAAA,EAAI,QAAQ,CAAA;AAAA,+DAAA;AAAA,KAG3D;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AAAA,EAChB;AACJ;AAEO,IAAM,cAAA,GAAN,cAA6B,eAAA,CAAgB;AAAA,EAChC,UAAA;AAAA,EAEhB,YAAY,UAAA,EAA4B;AACpC,IAAA,MAAM,MAAA,GAAS,UAAA,GAAa,QAAA,CAAS,UAAA,EAAY,EAAE,CAAA,GAAI,IAAA;AACvD,IAAA,MAAM,YAAA,GAAe,WAAW,IAAA,IAAQ,CAAC,OAAO,KAAA,CAAM,MAAM,IAAI,MAAA,GAAS,IAAA;AACzE,IAAA,KAAA;AAAA,MACI,CAAA,yBAAA,EACO,YAAA,GAAe,CAAA,YAAA,EAAe,YAAY,cAAc,qBAAqB;AAAA,mEAAA;AAAA,KAExF;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,gBAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,YAAA;AAAA,EACtB;AACJ;AAEO,IAAM,QAAA,GAAN,cAAuB,eAAA,CAAgB;AAAA,EAC1B,MAAA;AAAA,EAEhB,WAAA,CAAY,MAAA,EAAgB,UAAA,EAAoB,MAAA,EAAgB,QAAA,EAAkB;AAC9E,IAAA,KAAA;AAAA,MACI,CAAA,yBAAA,EAA4B,MAAM,CAAA,MAAA,EAAS,MAAM,CAAA,CAAA,EAAI,QAAQ,CAAA,EAAA,EACtD,UAAA,GAAa,UAAA,GAAa,IAAA,GAAO,EAAE,CAAA;AAAA,gEAAA;AAAA,KAG9C;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,UAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAClB;AACJ;;;AC9EA,IAAM,KAAA,uBAAY,OAAA,EAAwB;AAEnC,SAAS,UAAA,CAAW,UAAkB,KAAA,EAAqB;AAC9D,EAAA,KAAA,CAAM,GAAA,CAAI,UAAU,KAAK,CAAA;AAC7B;AAEO,SAAS,cAAc,QAAA,EAA0B;AACpD,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,GAAA,CAAI,QAAQ,CAAA;AAChC,EAAA,IAAI,CAAC,KAAA,EAAO;AACR,IAAA,MAAM,IAAI,eAAA;AAAA,MACN;AAAA,KAEJ;AAAA,EACJ;AACA,EAAA,OAAO,KAAA;AACX;;;ACbO,IAAM,kBAAN,MAAwD;AAAA,EAClD,MAAA,GAAS,wBAAA;AAAA,EAElB,WAAA,GAAc;AACV,IAAA,MAAM,KAAA,GAAQ,QAAQ,GAAA,CAAI,gBAAA;AAC1B,IAAA,IAAI,CAAC,KAAA,EAAO;AACR,MAAA,MAAM,IAAI,eAAA;AAAA,QACN;AAAA,OAGJ;AAAA,IACJ;AACA,IAAA,UAAA,CAAW,MAAM,KAAK,CAAA;AAAA,EAC1B;AACJ,CAAA;AAEO,IAAM,oBAAN,MAA0D;AAAA,EACpD,MAAA,GAAS,wBAAA;AAAA,EAElB,YAAY,KAAA,EAAe;AACvB,IAAA,UAAA,CAAW,MAAM,KAAK,CAAA;AAAA,EAC1B;AACJ,CAAA;;;ACtBO,IAAM,gBAAN,MAAoB;AAAA,EACvB,QAAA;AAAA,EACA,KAAA;AAAA,EAEA,WAAA,CAAY,SAAiB,IAAA,EAA8B;AACvD,IAAA,IAAA,CAAK,QAAA,GAAW,OAAA;AAChB,IAAA,IAAA,CAAK,KAAA,GAAQ,IAAA;AAAA,EACjB;AAAA,EAEA,MAAM,WAAA,CAAY,SAAA,EAAmB,OAAA,EAAiB,YAAoB,aAAA,EAAwC;AAC9G,IAAA,MAAM,IAAA,GAAO,CAAA,cAAA,EAAiB,kBAAA,CAAmB,SAAS,CAAC,CAAA,SAAA,EAAY,kBAAA,CAAmB,OAAO,CAAC,CAAA,QAAA,EAAW,kBAAA,CAAmB,UAAU,CAAC,CAAA,CAAA;AAC3I,IAAA,MAAM,SAAS,IAAI,eAAA,CAAgB,EAAE,aAAA,EAAe,OAAA,EAAS,QAAQ,CAAA;AACrE,IAAA,OAAO,IAAA,CAAK,SAAS,KAAA,EAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,MAAA,CAAO,QAAA,EAAU,CAAA,CAAE,CAAA;AAAA,EAC9D;AAAA,EAEA,MAAM,eAAA,CAAgB,SAAA,EAAmB,OAAA,EAAiB,aAAA,EAA0C;AAChG,IAAA,MAAM,IAAA,GAAO,iBAAiB,kBAAA,CAAmB,SAAS,CAAC,CAAA,SAAA,EAAY,kBAAA,CAAmB,OAAO,CAAC,CAAA,OAAA,CAAA;AAClG,IAAA,MAAM,SAAS,IAAI,eAAA,CAAgB,EAAE,aAAA,EAAe,OAAA,EAAS,QAAQ,CAAA;AACrE,IAAA,OAAO,IAAA,CAAK,SAAS,KAAA,EAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,MAAA,CAAO,QAAA,EAAU,CAAA,CAAE,CAAA;AAAA,EAC9D;AAAA,EAEA,MAAM,QAAA,CAAY,MAAA,EAAgB,QAAA,EAA8B;AAC5D,IAAA,MAAM,KAAA,GAAQ,aAAA,CAAc,IAAA,CAAK,KAAK,CAAA;AACtC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,QAAQ,GAAG,QAAQ,CAAA,CAAA;AAEvC,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,MAC9B,MAAA;AAAA,MACA,OAAA,EAAS;AAAA,QACL,aAAA,EAAe,UAAU,KAAK,CAAA,CAAA;AAAA,QAC9B,cAAA,EAAgB;AAAA;AACpB,KACH,CAAA;AAED,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AACzB,MAAA,MAAM,IAAI,mBAAA,EAAoB;AAAA,IAClC;AAEA,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AACzB,MAAA,MAAM,IAAI,kBAAA,EAAmB;AAAA,IACjC;AAEA,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AACzB,MAAA,MAAM,IAAI,aAAA,CAAc,MAAA,EAAQ,QAAQ,CAAA;AAAA,IAC5C;AAEA,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AACzB,MAAA,MAAM,IAAI,cAAA,CAAe,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,aAAa,CAAC,CAAA;AAAA,IAChE;AAEA,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,MAAM,IAAI,QAAA,CAAS,QAAA,CAAS,QAAQ,QAAA,CAAS,UAAA,EAAY,QAAQ,QAAQ,CAAA;AAAA,IAC7E;AAEA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACzB;AACJ,CAAA;;;ACtDO,IAAM,cAAN,MAAkB;AAAA,EACrB,MAAA,uBAAa,GAAA,EAAwB;AAAA,EACrC,IAAA;AAAA,EAEA,YAAY,GAAA,EAAa;AACrB,IAAA,IAAA,CAAK,IAAA,GAAO,GAAA;AAAA,EAChB;AAAA,EAEA,IAAI,GAAA,EAAiC;AACjC,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,GAAG,CAAA;AACjC,IAAA,IAAI,CAAC,OAAO,OAAO,MAAA;AAEnB,IAAA,IAAI,MAAM,SAAA,KAAc,IAAA,IAAQ,KAAK,GAAA,EAAI,GAAI,MAAM,SAAA,EAAW;AAC1D,MAAA,IAAA,CAAK,MAAA,CAAO,OAAO,GAAG,CAAA;AACtB,MAAA,OAAO,MAAA;AAAA,IACX;AAEA,IAAA,OAAO,KAAA,CAAM,KAAA;AAAA,EACjB;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AAClC,IAAA,IAAA,CAAK,MAAA,CAAO,IAAI,GAAA,EAAK;AAAA,MACjB,KAAA;AAAA,MACA,SAAA,EAAW,KAAK,IAAA,KAAS,EAAA,GAAK,OAAO,IAAA,CAAK,GAAA,KAAQ,IAAA,CAAK;AAAA,KAC1D,CAAA;AAAA,EACL;AAAA,EAEA,IAAI,GAAA,EAAsB;AACtB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA,KAAM,MAAA;AAAA,EAC7B;AAAA,EAEA,KAAA,GAAc;AACV,IAAA,IAAA,CAAK,OAAO,KAAA,EAAM;AAClB,IAAA,IAAA,CAAK,MAAA,uBAAa,GAAA,EAAI;AAAA,EAC1B;AAAA,EAEA,IAAI,IAAA,GAAe;AACf,IAAA,OAAO,KAAK,MAAA,CAAO,IAAA;AAAA,EACvB;AACJ,CAAA;;;AC1CA,IAAM,MAAA,GAAmC;AAAA,EACrC,KAAA,EAAO,CAAA;AAAA,EACP,IAAA,EAAM,CAAA;AAAA,EACN,IAAA,EAAM,CAAA;AAAA,EACN,KAAA,EAAO;AACX,CAAA;AAGO,IAAM,SAAN,MAAa;AAAA,EAChB,MAAA;AAAA,EAEA,WAAA,CAAY,QAAkB,MAAA,EAAQ;AAClC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAO,KAAK,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,OAAA,EAAuB;AACzB,IAAA,IAAI,IAAA,CAAK,MAAA,IAAU,MAAA,CAAO,KAAA,EAAO;AAC7B,MAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,aAAA,EAAgB,OAAO,CAAA,CAAE,CAAA;AAAA,IAC3C;AAAA,EACJ;AAAA,EAEA,KAAK,OAAA,EAAuB;AACxB,IAAA,IAAI,IAAA,CAAK,MAAA,IAAU,MAAA,CAAO,IAAA,EAAM;AAC5B,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,aAAA,EAAgB,OAAO,CAAA,CAAE,CAAA;AAAA,IAC1C;AAAA,EACJ;AAAA,EAEA,KAAK,OAAA,EAAuB;AACxB,IAAA,IAAI,IAAA,CAAK,MAAA,IAAU,MAAA,CAAO,IAAA,EAAM;AAC5B,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,aAAA,EAAgB,OAAO,CAAA,CAAE,CAAA;AAAA,IAC1C;AAAA,EACJ;AAAA,EAEA,MAAM,OAAA,EAAuB;AACzB,IAAA,IAAI,IAAA,CAAK,MAAA,IAAU,MAAA,CAAO,KAAA,EAAO;AAC7B,MAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,aAAA,EAAgB,OAAO,CAAA,CAAE,CAAA;AAAA,IAC3C;AAAA,EACJ;AACJ,CAAA;;;ACpCO,IAAM,uBAAN,MAA2B;AAAA,EAC9B,QAAA;AAAA,EACA,YAAA;AAAA,EACA,KAAA;AAAA,EACA,OAAA;AAAA,EACA,IAAA,GAAsB,IAAA;AAAA,EACtB,aAAA,GAAsD,IAAA;AAAA,EACtD,gBAAA,GAAyC,IAAA;AAAA,EAEzC,WAAA,CAAY,OAAA,EAAiB,WAAA,EAAqB,IAAA,EAA8B,MAAA,EAAgB;AAC5F,IAAA,IAAA,CAAK,QAAA,GAAW,OAAA;AAChB,IAAA,IAAA,CAAK,YAAA,GAAe,WAAA;AACpB,IAAA,IAAA,CAAK,KAAA,GAAQ,IAAA;AACb,IAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AAAA,EACnB;AAAA,EAEA,MAAM,WAAA,GAA6B;AAC/B,IAAA,IAAI,KAAK,IAAA,EAAM;AAGf,IAAA,IAAI,KAAK,gBAAA,EAAkB;AACvB,MAAA,OAAO,IAAA,CAAK,gBAAA;AAAA,IAChB;AAEA,IAAA,IAAA,CAAK,gBAAA,GAAmB,KAAK,SAAA,EAAU;AACvC,IAAA,IAAI;AACA,MAAA,MAAM,IAAA,CAAK,gBAAA;AAAA,IACf,CAAA,SAAE;AACE,MAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AAAA,IAC5B;AAAA,EACJ;AAAA,EAEA,MAAM,SAAA,GAA2B;AAC7B,IAAA,IAAI;AACA,MAAA,MAAM,WAAW,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,QAAQ,CAAA,iBAAA,CAAA,EAAqB;AAAA,QAC9D,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACL,aAAA,EAAe,CAAA,OAAA,EAAU,IAAA,CAAK,YAAY,CAAA,CAAA;AAAA,UAC1C,cAAA,EAAgB;AAAA;AACpB,OACH,CAAA;AAED,MAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,gCAAA,EAAmC,QAAA,CAAS,MAAM,CAAA,CAAE,CAAA;AAAA,MACxE;AAEA,MAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,MAAA,IAAA,CAAK,OAAO,IAAA,CAAK,WAAA;AACjB,MAAA,UAAA,CAAW,IAAA,CAAK,KAAA,EAAO,IAAA,CAAK,IAAI,CAAA;AAChC,MAAA,IAAA,CAAK,OAAA,CAAQ,MAAM,qCAAqC,CAAA;AAGxD,MAAA,MAAM,SAAA,GAAA,CAAa,IAAA,CAAK,SAAA,GAAY,EAAA,IAAM,GAAA;AAC1C,MAAA,IAAA,CAAK,iBAAiB,SAAS,CAAA;AAAA,IACnC,SAAS,KAAA,EAAO;AAEZ,MAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,MAAA,UAAA,CAAW,IAAA,CAAK,KAAA,EAAO,IAAA,CAAK,YAAY,CAAA;AACxC,MAAA,IAAA,CAAK,OAAA,CAAQ,IAAA;AAAA,QACT,wDAAwD,KAAA,YAAiB,KAAA,GAAQ,MAAM,OAAA,GAAU,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,OAClH;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,iBAAiB,EAAA,EAAkB;AAC/B,IAAA,IAAI,KAAK,aAAA,EAAe;AACpB,MAAA,YAAA,CAAa,KAAK,aAAa,CAAA;AAAA,IACnC;AACA,IAAA,IAAA,CAAK,aAAA,GAAgB,WAAW,MAAM;AAClC,MAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,MAAA,IAAA,CAAK,SAAA,EAAU;AAAA,IACnB,GAAG,EAAE,CAAA;AAEL,IAAA,IAAA,CAAK,cAAc,KAAA,IAAQ;AAAA,EAC/B;AAAA,EAEA,OAAA,GAAgB;AACZ,IAAA,IAAI,KAAK,aAAA,EAAe;AACpB,MAAA,YAAA,CAAa,KAAK,aAAa,CAAA;AAC/B,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA;AAAA,IACzB;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AAAA,EAChB;AACJ,CAAA;;;AC9EO,IAAM,UAAA,GAAN,MAAM,WAAA,CAAkC;AAAA,EAC3C,IAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EACA,UAAA;AAAA,EACA,QAAA;AAAA,EACA,YAAA;AAAA,EACA,OAAA;AAAA,EACA,kBAAA;AAAA,EACA,aAAA;AAAA,EACA,WAAA;AAAA,EACA,UAAA,GAAa,KAAA;AAAA,EACb,YAAA,GAAe,KAAA;AAAA,EACf,cAAA,GAA8C,IAAA;AAAA,EAE9C,YAAY,MAAA,EAA0B;AAClC,IAAA,IAAI,CAAC,OAAO,SAAA,EAAW;AACnB,MAAA,MAAM,IAAI,eAAA;AAAA,QACN;AAAA,OAEJ;AAAA,IACJ;AACA,IAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACjB,MAAA,MAAM,IAAI,eAAA;AAAA,QACN;AAAA,OAEJ;AAAA,IACJ;AACA,IAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACrB,MAAA,MAAM,IAAI,eAAA;AAAA,QACN;AAAA,OAEJ;AAAA,IACJ;AAGA,IAAA,IAAI,IAAA;AACJ,IAAA,IAAI,OAAO,KAAA,EAAO;AACd,MAAA,WAAA,CAAW,oBAAA,CAAqB,OAAO,KAAK,CAAA;AAC5C,MAAA,IAAA,GAAO,IAAI,iBAAA,CAAkB,MAAA,CAAO,KAAK,CAAA;AAAA,IAC7C,CAAA,MAAA,IAAW,OAAO,IAAA,EAAM;AACpB,MAAA,IAAI,MAAA,CAAO,IAAA,CAAK,MAAA,KAAW,wBAAA,EAA0B;AACjD,QAAA,MAAM,IAAI,eAAA;AAAA,UACN;AAAA,SAEJ;AAAA,MACJ;AACA,MAAA,IAAA,GAAO,MAAA,CAAO,IAAA;AAAA,IAClB,CAAA,MAAO;AACH,MAAA,MAAM,QAAA,GAAW,QAAQ,GAAA,CAAI,gBAAA;AAC7B,MAAA,IAAI,CAAC,QAAA,EAAU;AACX,QAAA,MAAM,IAAI,eAAA;AAAA,UACN;AAAA,SAEJ;AAAA,MACJ;AACA,MAAA,WAAA,CAAW,qBAAqB,QAAQ,CAAA;AACxC,MAAA,IAAA,GAAO,IAAI,kBAAkB,QAAQ,CAAA;AAAA,IACzC;AAGA,IAAA,aAAA,CAAc,IAAI,CAAA;AAElB,IAAA,IAAA,CAAK,aAAa,MAAA,CAAO,SAAA;AACzB,IAAA,IAAA,CAAK,WAAW,MAAA,CAAO,OAAA;AACvB,IAAA,IAAA,CAAK,eAAe,MAAA,CAAO,WAAA;AAC3B,IAAA,IAAA,CAAK,OAAA,GAAU,MAAA,CAAO,OAAA,EAAS,MAAA,IAAU,IAAA;AACzC,IAAA,IAAA,CAAK,kBAAA,GAAqB,MAAA,CAAO,OAAA,EAAS,iBAAA,IAAqB,IAAA;AAE/D,IAAA,IAAA,CAAK,aAAA,GAAgB,MAAA,CAAO,KAAA,EAAO,OAAA,IAAW,IAAA;AAC9C,IAAA,IAAA,CAAK,WAAA,GAAc,MAAA,CAAO,KAAA,EAAO,KAAA,IAAS,IAAA;AAC1C,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,KAAA,EAAO,GAAA,IAAO,EAAA;AAEtC,IAAA,IAAA,CAAK,UAAU,IAAI,MAAA,CAAO,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AACxD,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,aAAA,GAAgB,IAAI,WAAA,CAAY,QAAQ,CAAA,GAAI,IAAA;AAE/D,IAAA,MAAM,OAAA,GAAU,OAAO,OAAA,IAAW,4BAAA;AAClC,IAAA,IAAA,CAAK,IAAA,GAAO,IAAI,aAAA,CAAc,OAAA,EAAS,IAAI,CAAA;AAE3C,IAAA,IAAI,OAAO,gBAAA,EAAkB;AACzB,MAAA,MAAM,WAAA,GAAc,cAAc,IAAI,CAAA;AACtC,MAAA,IAAA,CAAK,iBAAiB,IAAI,oBAAA,CAAqB,SAAS,WAAA,EAAa,IAAA,EAAM,KAAK,OAAO,CAAA;AAAA,IAC3F;AAEA,IAAA,IAAA,CAAK,OAAA,CAAQ,IAAA;AAAA,MACT,CAAA,2BAAA,EAA8B,KAAK,UAAU,CAAA,YAAA,EAAe,KAAK,QAAQ,CAAA,gBAAA,EAAmB,KAAK,YAAY,CAAA,CAAA;AAAA,KACjH;AAAA,EACJ;AAAA,EAEA,OAAO,OAAA,GAAkC;AACrC,IAAA,OAAO,IAAI,eAAA,EAAgB;AAAA,EAC/B;AAAA,EAEA,OAAO,qBAAqB,KAAA,EAAqB;AAC7C,IAAA,IAAI,CAAC,KAAA,EAAO;AACR,MAAA,MAAM,IAAI,gBAAgB,+EAA+E,CAAA;AAAA,IAC7G;AAGA,IAAA,IAAI,KAAA,CAAM,UAAA,CAAW,UAAU,CAAA,EAAG;AAGlC,IAAA,MAAM,QAAA,GAAW,KAAA,CAAM,KAAA,CAAM,GAAG,EAAE,MAAA,GAAS,CAAA;AAC3C,IAAA,IAAI,aAAa,CAAA,EAAG;AAEpB,IAAA,MAAM,IAAI,eAAA;AAAA,MACN;AAAA,KAEJ;AAAA,EACJ;AAAA,EAEA,MAAM,GAAA,CAAI,GAAA,EAAa,OAAA,EAAgD;AACnE,IAAA,IAAA,CAAK,eAAA,EAAgB;AAErB,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,aAAA,IAAiB,OAAA,EAAS,KAAA,KAAU,KAAA;AAE1D,IAAA,IAAI,QAAA,IAAY,KAAK,MAAA,EAAQ;AACzB,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,GAAG,CAAA;AAClC,MAAA,IAAI,WAAW,MAAA,EAAW;AACtB,QAAA,IAAA,CAAK,OAAA,CAAQ,KAAA,CAAM,CAAA,sBAAA,EAAyB,GAAG,CAAA,CAAA,CAAG,CAAA;AAClD,QAAA,OAAO,MAAA;AAAA,MACX;AACA,MAAA,IAAA,CAAK,OAAA,CAAQ,KAAA,CAAM,CAAA,uBAAA,EAA0B,GAAG,CAAA,oBAAA,CAAsB,CAAA;AAAA,IAC1E;AAEA,IAAA,MAAM,IAAA,CAAK,gBAAgB,WAAA,EAAY;AAEvC,IAAA,IAAI,QAAA,IAAY,IAAA,CAAK,WAAA,IAAe,CAAC,KAAK,YAAA,EAAc;AACpD,MAAA,OAAO,IAAA,CAAK,kBAAkB,GAAG,CAAA;AAAA,IACrC;AAEA,IAAA,OAAO,IAAA,CAAK,qBAAqB,GAAG,CAAA;AAAA,EACxC;AAAA,EAEA,aAAa,GAAA,EAAqB;AAC9B,IAAA,IAAA,CAAK,eAAA,EAAgB;AAErB,IAAA,IAAI,CAAC,IAAA,CAAK,aAAA,IAAiB,CAAC,KAAK,MAAA,EAAQ;AACrC,MAAA,MAAM,IAAI,eAAA;AAAA,QACN;AAAA,OAEJ;AAAA,IACJ;AAEA,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,GAAG,CAAA;AACjC,IAAA,IAAI,UAAU,MAAA,EAAW;AACrB,MAAA,MAAM,IAAI,mBAAA,CAAoB,GAAA,EAAK,IAAA,CAAK,UAAA,EAAY,KAAK,YAAY,CAAA;AAAA,IACzE;AAEA,IAAA,OAAO,KAAA;AAAA,EACX;AAAA,EAEA,MAAM,OAAA,GAAyB;AAC3B,IAAA,IAAA,CAAK,eAAA,EAAgB;AAErB,IAAA,IAAI,CAAC,IAAA,CAAK,aAAA,IAAiB,CAAC,KAAK,MAAA,EAAQ;AACrC,MAAA,MAAM,IAAI,eAAA;AAAA,QACN;AAAA,OAEJ;AAAA,IACJ;AAEA,IAAA,MAAM,IAAA,CAAK,gBAAgB,WAAA,EAAY;AAEvC,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,IAAA,CAAK,eAAA,CAAgB,KAAK,UAAA,EAAY,IAAA,CAAK,QAAA,EAAU,IAAA,CAAK,YAAY,CAAA;AAEjG,IAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,IAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC1B,MAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,aAAA,CAAc,MAAM,CAAA;AACvC,MAAA,IAAI,UAAU,MAAA,EAAW;AACrB,QAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,MAAA,CAAO,IAAA,EAAM,KAAK,CAAA;AAClC,QAAA,KAAA,EAAA;AAAA,MACJ;AAAA,IACJ;AAEA,IAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AACpB,IAAA,IAAA,CAAK,OAAA,CAAQ,IAAA,CAAK,CAAA,UAAA,EAAa,KAAK,CAAA,mBAAA,CAAqB,CAAA;AAAA,EAC7D;AAAA,EAEA,OAAA,GAAgB;AACZ,IAAA,IAAI,KAAK,UAAA,EAAY;AACrB,IAAA,IAAA,CAAK,gBAAgB,OAAA,EAAQ;AAC7B,IAAA,IAAA,CAAK,QAAQ,KAAA,EAAM;AACnB,IAAA,IAAA,CAAK,UAAA,GAAa,IAAA;AAClB,IAAA,IAAA,CAAK,OAAA,CAAQ,KAAK,8CAA8C,CAAA;AAAA,EACpE;AAAA,EAEA,eAAA,GAAwB;AACpB,IAAA,IAAI,KAAK,UAAA,EAAY;AACjB,MAAA,MAAM,IAAI,eAAA;AAAA,QACN;AAAA,OAEJ;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,MAAM,kBAAkB,GAAA,EAA8B;AAClD,IAAA,IAAA,CAAK,OAAA,CAAQ,KAAA;AAAA,MACT,CAAA,+CAAA,EAAkD,IAAA,CAAK,UAAU,CAAA,SAAA,EAAY,KAAK,QAAQ,CAAA,OAAA;AAAA,KAC9F;AACA,IAAA,MAAM,KAAA,GAAQ,KAAK,GAAA,EAAI;AACvB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,IAAA,CAAK,eAAA,CAAgB,KAAK,UAAA,EAAY,IAAA,CAAK,QAAA,EAAU,IAAA,CAAK,YAAY,CAAA;AACjG,IAAA,IAAA,CAAK,OAAA,CAAQ,KAAA,CAAM,CAAA,mBAAA,EAAsB,OAAA,CAAQ,MAAM,iBAAiB,IAAA,CAAK,GAAA,EAAI,GAAI,KAAK,CAAA,EAAA,CAAI,CAAA;AAE9F,IAAA,IAAI,KAAA;AAEJ,IAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC1B,MAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,aAAA,CAAc,MAAM,CAAA;AACvC,MAAA,IAAI,KAAA,KAAU,MAAA,IAAa,IAAA,CAAK,MAAA,EAAQ;AACpC,QAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,MAAA,CAAO,IAAA,EAAM,KAAK,CAAA;AAClC,QAAA,IAAA,CAAK,OAAA,CAAQ,KAAA;AAAA,UACT,kBAAkB,MAAA,CAAO,IAAI,MAAM,IAAA,CAAK,MAAA,GAAS,0BAA0B,WAAW,CAAA,CAAA;AAAA,SAC1F;AAAA,MACJ;AACA,MAAA,IAAI,MAAA,CAAO,SAAS,GAAA,EAAK;AACrB,QAAA,KAAA,GAAQ,KAAA;AAAA,MACZ;AAAA,IACJ;AAEA,IAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AAEpB,IAAA,IAAI,UAAU,MAAA,EAAW;AACrB,MAAA,OAAO,KAAA;AAAA,IACX;AAEA,IAAA,OAAO,IAAA,CAAK,gBAAgB,GAAG,CAAA;AAAA,EACnC;AAAA,EAEA,MAAM,qBAAqB,GAAA,EAA8B;AACrD,IAAA,IAAA,CAAK,OAAA,CAAQ,KAAA;AAAA,MACT,kDAAkD,IAAA,CAAK,UAAU,YAAY,IAAA,CAAK,QAAQ,WAAW,GAAG,CAAA;AAAA,KAC5G;AACA,IAAA,IAAI,MAAA;AACJ,IAAA,IAAI;AACA,MAAA,MAAM,KAAA,GAAQ,KAAK,GAAA,EAAI;AACvB,MAAA,MAAA,GAAS,MAAM,IAAA,CAAK,IAAA,CAAK,WAAA,CAAY,IAAA,CAAK,YAAY,IAAA,CAAK,QAAA,EAAU,GAAA,EAAK,IAAA,CAAK,YAAY,CAAA;AAC3F,MAAA,IAAA,CAAK,QAAQ,KAAA,CAAM,CAAA,kCAAA,EAAqC,KAAK,GAAA,EAAI,GAAI,KAAK,CAAA,EAAA,CAAI,CAAA;AAAA,IAClF,SAAS,KAAA,EAAO;AAEZ,MAAA,IAAI,iBAAiB,aAAA,EAAe;AAChC,QAAA,OAAO,IAAA,CAAK,gBAAgB,GAAG,CAAA;AAAA,MACnC;AACA,MAAA,MAAM,KAAA;AAAA,IACV;AAEA,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,aAAA,CAAc,MAAM,CAAA;AACvC,IAAA,IAAI,UAAU,MAAA,EAAW;AACrB,MAAA,OAAO,IAAA,CAAK,gBAAgB,GAAG,CAAA;AAAA,IACnC;AAEA,IAAA,IAAI,IAAA,CAAK,aAAA,IAAiB,IAAA,CAAK,MAAA,EAAQ;AACnC,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,IAC9B;AAEA,IAAA,OAAO,KAAA;AAAA,EACX;AAAA,EAEA,gBAAgB,GAAA,EAAqB;AACjC,IAAA,IAAI,KAAK,OAAA,EAAS;AACd,MAAA,MAAM,IAAI,mBAAA,CAAoB,GAAA,EAAK,IAAA,CAAK,UAAA,EAAY,KAAK,YAAY,CAAA;AAAA,IACzE;AACA,IAAA,IAAA,CAAK,OAAA,CAAQ,IAAA,CAAK,CAAA,QAAA,EAAW,GAAG,CAAA,0DAAA,CAA4D,CAAA;AAC5F,IAAA,OAAO,EAAA;AAAA,EACX;AAAA,EAEA,cAAc,MAAA,EAAoC;AAC9C,IAAA,MAAM,SAAA,GAAY,OAAO,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,aAAA,KAAkB,IAAA,CAAK,YAAY,CAAA;AAEnF,IAAA,IAAI,KAAK,kBAAA,EAAoB;AACzB,MAAA,MAAM,WAAW,SAAA,CAAU,IAAA,CAAK,CAAC,CAAA,KAAM,EAAE,UAAU,CAAA;AACnD,MAAA,IAAI,QAAA,SAAiB,QAAA,CAAS,KAAA;AAE9B,MAAA,MAAM,SAAS,SAAA,CAAU,IAAA,CAAK,CAAC,CAAA,KAAM,CAAC,EAAE,UAAU,CAAA;AAClD,MAAA,IAAI,MAAA,EAAQ;AACR,QAAA,IAAA,CAAK,OAAA,CAAQ,IAAA,CAAK,CAAA,uBAAA,EAA0B,MAAA,CAAO,IAAI,CAAA,+BAAA,CAAiC,CAAA;AACxF,QAAA,OAAO,MAAA,CAAO,KAAA;AAAA,MAClB;AAAA,IACJ,CAAA,MAAO;AACH,MAAA,MAAM,SAAS,SAAA,CAAU,IAAA,CAAK,CAAC,CAAA,KAAM,CAAC,EAAE,UAAU,CAAA;AAClD,MAAA,IAAI,MAAA,SAAe,MAAA,CAAO,KAAA;AAAA,IAC9B;AAEA,IAAA,OAAO,MAAA;AAAA,EACX;AACJ","file":"index.js","sourcesContent":["export class EnkryptifyError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"EnkryptifyError\";\n }\n}\n\nexport class SecretNotFoundError extends EnkryptifyError {\n constructor(key: string, workspace: string, environment: string) {\n super(\n `Secret \"${key}\" not found in workspace \"${workspace}\" (environment: \"${environment}\"). ` +\n `Verify the secret exists in your Enkryptify dashboard.\\n` +\n `Docs: https://docs.enkryptify.com/sdk/troubleshooting#secret-not-found`,\n );\n this.name = \"SecretNotFoundError\";\n }\n}\n\nexport class AuthenticationError extends EnkryptifyError {\n constructor() {\n super(\n \"Authentication failed (HTTP 401). Token is invalid, expired, or revoked. \" +\n \"Generate a new token in your Enkryptify dashboard.\\n\" +\n \"Docs: https://docs.enkryptify.com/sdk/auth#token-issues\",\n );\n this.name = \"AuthenticationError\";\n }\n}\n\nexport class AuthorizationError extends EnkryptifyError {\n constructor() {\n super(\n \"Authorization failed (HTTP 403). Token does not have access to this resource. \" +\n \"Check that your token has the required permissions.\\n\" +\n \"Docs: https://docs.enkryptify.com/sdk/auth#permissions\",\n );\n this.name = \"AuthorizationError\";\n }\n}\n\nexport class NotFoundError extends EnkryptifyError {\n constructor(method: string, endpoint: string) {\n super(\n `Resource not found (HTTP 404) for ${method} ${endpoint}. ` +\n \"Workspace, project, or environment not found. Verify your configuration.\\n\" +\n \"Docs: https://docs.enkryptify.com/sdk/troubleshooting#not-found\",\n );\n this.name = \"NotFoundError\";\n }\n}\n\nexport class RateLimitError extends EnkryptifyError {\n public readonly retryAfter: number | null;\n\n constructor(retryAfter?: string | null) {\n const parsed = retryAfter ? parseInt(retryAfter, 10) : null;\n const retrySeconds = parsed !== null && !Number.isNaN(parsed) ? parsed : null;\n super(\n `Rate limited (HTTP 429). ` +\n `${retrySeconds ? `Retry after ${retrySeconds} seconds.` : \"Please retry later.\"}\\n` +\n \"Docs: https://docs.enkryptify.com/sdk/troubleshooting#rate-limiting\",\n );\n this.name = \"RateLimitError\";\n this.retryAfter = retrySeconds;\n }\n}\n\nexport class ApiError extends EnkryptifyError {\n public readonly status: number;\n\n constructor(status: number, statusText: string, method: string, endpoint: string) {\n super(\n `API request failed (HTTP ${status}) for ${method} ${endpoint}. ` +\n `${statusText ? statusText + \". \" : \"\"}` +\n `This may be a temporary server issue — retry in a few moments.\\n` +\n `Docs: https://docs.enkryptify.com/sdk/troubleshooting#api-errors`,\n );\n this.name = \"ApiError\";\n this.status = status;\n }\n}\n","import { EnkryptifyError } from \"@/errors\";\n\nconst store = new WeakMap<object, string>();\n\nexport function storeToken(provider: object, token: string): void {\n store.set(provider, token);\n}\n\nexport function retrieveToken(provider: object): string {\n const token = store.get(provider);\n if (!token) {\n throw new EnkryptifyError(\n \"Invalid or destroyed auth provider. Create a new one via Enkryptify.fromEnv().\\n\" +\n \"Docs: https://docs.enkryptify.com/sdk/auth\",\n );\n }\n return token;\n}\n","import type { EnkryptifyAuthProvider } from \"@/types\";\nimport { EnkryptifyError } from \"@/errors\";\nimport { storeToken } from \"@/internal/token-store\";\n\nexport class EnvAuthProvider implements EnkryptifyAuthProvider {\n readonly _brand = \"EnkryptifyAuthProvider\" as const;\n\n constructor() {\n const token = process.env.ENKRYPTIFY_TOKEN;\n if (!token) {\n throw new EnkryptifyError(\n \"ENKRYPTIFY_TOKEN environment variable is not set. Set it before initializing the SDK:\\n\" +\n ' export ENKRYPTIFY_TOKEN=\"ek_...\"\\n' +\n \"Docs: https://docs.enkryptify.com/sdk/auth#environment-variables\",\n );\n }\n storeToken(this, token);\n }\n}\n\nexport class TokenAuthProvider implements EnkryptifyAuthProvider {\n readonly _brand = \"EnkryptifyAuthProvider\" as const;\n\n constructor(token: string) {\n storeToken(this, token);\n }\n}\n","import type { EnkryptifyAuthProvider, Secret } from \"@/types\";\nimport { AuthenticationError, AuthorizationError, NotFoundError, RateLimitError, ApiError } from \"@/errors\";\nimport { retrieveToken } from \"@/internal/token-store\";\n\nexport class EnkryptifyApi {\n #baseUrl: string;\n #auth: EnkryptifyAuthProvider;\n\n constructor(baseUrl: string, auth: EnkryptifyAuthProvider) {\n this.#baseUrl = baseUrl;\n this.#auth = auth;\n }\n\n async fetchSecret(workspace: string, project: string, secretName: string, environmentId: string): Promise<Secret> {\n const path = `/v1/workspace/${encodeURIComponent(workspace)}/project/${encodeURIComponent(project)}/secret/${encodeURIComponent(secretName)}`;\n const params = new URLSearchParams({ environmentId, resolve: \"true\" });\n return this.#request(\"GET\", `${path}?${params.toString()}`);\n }\n\n async fetchAllSecrets(workspace: string, project: string, environmentId: string): Promise<Secret[]> {\n const path = `/v1/workspace/${encodeURIComponent(workspace)}/project/${encodeURIComponent(project)}/secret`;\n const params = new URLSearchParams({ environmentId, resolve: \"true\" });\n return this.#request(\"GET\", `${path}?${params.toString()}`);\n }\n\n async #request<T>(method: string, endpoint: string): Promise<T> {\n const token = retrieveToken(this.#auth);\n const url = `${this.#baseUrl}${endpoint}`;\n\n const response = await fetch(url, {\n method,\n headers: {\n Authorization: `Bearer ${token}`,\n \"Content-Type\": \"application/json\",\n },\n });\n\n if (response.status === 401) {\n throw new AuthenticationError();\n }\n\n if (response.status === 403) {\n throw new AuthorizationError();\n }\n\n if (response.status === 404) {\n throw new NotFoundError(method, endpoint);\n }\n\n if (response.status === 429) {\n throw new RateLimitError(response.headers.get(\"Retry-After\"));\n }\n\n if (!response.ok) {\n throw new ApiError(response.status, response.statusText, method, endpoint);\n }\n\n return response.json() as Promise<T>;\n }\n}\n","interface CacheEntry {\n value: string;\n expiresAt: number | null;\n}\n\nexport class SecretCache {\n #store = new Map<string, CacheEntry>();\n #ttl: number;\n\n constructor(ttl: number) {\n this.#ttl = ttl;\n }\n\n get(key: string): string | undefined {\n const entry = this.#store.get(key);\n if (!entry) return undefined;\n\n if (entry.expiresAt !== null && Date.now() > entry.expiresAt) {\n this.#store.delete(key);\n return undefined;\n }\n\n return entry.value;\n }\n\n set(key: string, value: string): void {\n this.#store.set(key, {\n value,\n expiresAt: this.#ttl === -1 ? null : Date.now() + this.#ttl,\n });\n }\n\n has(key: string): boolean {\n return this.get(key) !== undefined;\n }\n\n clear(): void {\n this.#store.clear();\n this.#store = new Map();\n }\n\n get size(): number {\n return this.#store.size;\n }\n}\n","type LogLevel = \"debug\" | \"info\" | \"warn\" | \"error\";\n\nconst LEVELS: Record<LogLevel, number> = {\n debug: 0,\n info: 1,\n warn: 2,\n error: 3,\n};\n\n/* eslint-disable no-console */\nexport class Logger {\n #level: number;\n\n constructor(level: LogLevel = \"info\") {\n this.#level = LEVELS[level];\n }\n\n debug(message: string): void {\n if (this.#level <= LEVELS.debug) {\n console.debug(`[Enkryptify] ${message}`);\n }\n }\n\n info(message: string): void {\n if (this.#level <= LEVELS.info) {\n console.info(`[Enkryptify] ${message}`);\n }\n }\n\n warn(message: string): void {\n if (this.#level <= LEVELS.warn) {\n console.warn(`[Enkryptify] ${message}`);\n }\n }\n\n error(message: string): void {\n if (this.#level <= LEVELS.error) {\n console.error(`[Enkryptify] ${message}`);\n }\n }\n}\n","import type { EnkryptifyAuthProvider, TokenExchangeResponse } from \"@/types\";\nimport type { Logger } from \"@/logger\";\nimport { storeToken } from \"@/internal/token-store\";\n\nexport class TokenExchangeManager {\n #baseUrl: string;\n #staticToken: string;\n #auth: EnkryptifyAuthProvider;\n #logger: Logger;\n #jwt: string | null = null;\n #refreshTimer: ReturnType<typeof setTimeout> | null = null;\n #exchangePromise: Promise<void> | null = null;\n\n constructor(baseUrl: string, staticToken: string, auth: EnkryptifyAuthProvider, logger: Logger) {\n this.#baseUrl = baseUrl;\n this.#staticToken = staticToken;\n this.#auth = auth;\n this.#logger = logger;\n }\n\n async ensureToken(): Promise<void> {\n if (this.#jwt) return;\n\n // Deduplicate concurrent exchange calls\n if (this.#exchangePromise) {\n return this.#exchangePromise;\n }\n\n this.#exchangePromise = this.#exchange();\n try {\n await this.#exchangePromise;\n } finally {\n this.#exchangePromise = null;\n }\n }\n\n async #exchange(): Promise<void> {\n try {\n const response = await fetch(`${this.#baseUrl}/v1/auth/exchange`, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${this.#staticToken}`,\n \"Content-Type\": \"application/json\",\n },\n });\n\n if (!response.ok) {\n throw new Error(`Token exchange failed with HTTP ${response.status}`);\n }\n\n const data = (await response.json()) as TokenExchangeResponse;\n this.#jwt = data.accessToken;\n storeToken(this.#auth, this.#jwt);\n this.#logger.debug(\"Token exchanged for short-lived JWT\");\n\n // Refresh 60 seconds before expiry\n const refreshMs = (data.expiresIn - 60) * 1000;\n this.#scheduleRefresh(refreshMs);\n } catch (error) {\n // Fallback to static token\n this.#jwt = null;\n storeToken(this.#auth, this.#staticToken);\n this.#logger.warn(\n `Token exchange failed, falling back to static token: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n }\n\n #scheduleRefresh(ms: number): void {\n if (this.#refreshTimer) {\n clearTimeout(this.#refreshTimer);\n }\n this.#refreshTimer = setTimeout(() => {\n this.#jwt = null;\n this.#exchange();\n }, ms);\n // Don't keep the process alive just for token refresh\n this.#refreshTimer.unref?.();\n }\n\n destroy(): void {\n if (this.#refreshTimer) {\n clearTimeout(this.#refreshTimer);\n this.#refreshTimer = null;\n }\n this.#jwt = null;\n }\n}\n","import type { EnkryptifyAuthProvider, EnkryptifyConfig, IEnkryptify, Secret } from \"@/types\";\nimport { EnkryptifyError, SecretNotFoundError, NotFoundError } from \"@/errors\";\nimport { EnvAuthProvider, TokenAuthProvider } from \"@/auth\";\nimport { EnkryptifyApi } from \"@/api\";\nimport { SecretCache } from \"@/cache\";\nimport { Logger } from \"@/logger\";\nimport { retrieveToken } from \"@/internal/token-store\";\nimport { TokenExchangeManager } from \"@/token-exchange\";\n\nexport class Enkryptify implements IEnkryptify {\n #api: EnkryptifyApi;\n #cache: SecretCache | null;\n #logger: Logger;\n #workspace: string;\n #project: string;\n #environment: string;\n #strict: boolean;\n #usePersonalValues: boolean;\n #cacheEnabled: boolean;\n #eagerCache: boolean;\n #destroyed = false;\n #eagerLoaded = false;\n #tokenExchange: TokenExchangeManager | null = null;\n\n constructor(config: EnkryptifyConfig) {\n if (!config.workspace) {\n throw new EnkryptifyError(\n 'Missing required config field \"workspace\". Provide a workspace slug or ID.\\n' +\n \"Docs: https://docs.enkryptify.com/sdk/configuration\",\n );\n }\n if (!config.project) {\n throw new EnkryptifyError(\n 'Missing required config field \"project\". Provide a project slug or ID.\\n' +\n \"Docs: https://docs.enkryptify.com/sdk/configuration\",\n );\n }\n if (!config.environment) {\n throw new EnkryptifyError(\n 'Missing required config field \"environment\". Provide an environment ID.\\n' +\n \"Docs: https://docs.enkryptify.com/sdk/configuration\",\n );\n }\n\n // Resolve auth provider: token option → auth option → env var\n let auth: EnkryptifyAuthProvider;\n if (config.token) {\n Enkryptify.#validateTokenFormat(config.token);\n auth = new TokenAuthProvider(config.token);\n } else if (config.auth) {\n if (config.auth._brand !== \"EnkryptifyAuthProvider\") {\n throw new EnkryptifyError(\n \"Invalid auth provider. Use Enkryptify.fromEnv() or pass a token option.\\n\" +\n \"Docs: https://docs.enkryptify.com/sdk/auth\",\n );\n }\n auth = config.auth;\n } else {\n const envToken = process.env.ENKRYPTIFY_TOKEN;\n if (!envToken) {\n throw new EnkryptifyError(\n \"No token provided. Set ENKRYPTIFY_TOKEN or pass token in options.\\n\" +\n \"Docs: https://docs.enkryptify.com/sdk/auth\",\n );\n }\n Enkryptify.#validateTokenFormat(envToken);\n auth = new TokenAuthProvider(envToken);\n }\n\n // Validate that the auth provider has a token in the store\n retrieveToken(auth);\n\n this.#workspace = config.workspace;\n this.#project = config.project;\n this.#environment = config.environment;\n this.#strict = config.options?.strict ?? true;\n this.#usePersonalValues = config.options?.usePersonalValues ?? true;\n\n this.#cacheEnabled = config.cache?.enabled ?? true;\n this.#eagerCache = config.cache?.eager ?? true;\n const cacheTtl = config.cache?.ttl ?? -1;\n\n this.#logger = new Logger(config.logger?.level ?? \"info\");\n this.#cache = this.#cacheEnabled ? new SecretCache(cacheTtl) : null;\n\n const baseUrl = config.baseUrl ?? \"https://api.enkryptify.com\";\n this.#api = new EnkryptifyApi(baseUrl, auth);\n\n if (config.useTokenExchange) {\n const staticToken = retrieveToken(auth);\n this.#tokenExchange = new TokenExchangeManager(baseUrl, staticToken, auth, this.#logger);\n }\n\n this.#logger.info(\n `Initialized for workspace \"${this.#workspace}\", project \"${this.#project}\", environment \"${this.#environment}\"`,\n );\n }\n\n static fromEnv(): EnkryptifyAuthProvider {\n return new EnvAuthProvider();\n }\n\n static #validateTokenFormat(token: string): void {\n if (!token) {\n throw new EnkryptifyError(\"Token must be a non-empty string.\\nDocs: https://docs.enkryptify.com/sdk/auth\");\n }\n\n // Accept ek_live_ API tokens\n if (token.startsWith(\"ek_live_\")) return;\n\n // Accept JWTs (three base64 segments separated by dots)\n const dotCount = token.split(\".\").length - 1;\n if (dotCount === 2) return;\n\n throw new EnkryptifyError(\n \"Invalid token format. Expected an ek_live_ token or JWT.\\n\" +\n \"Docs: https://docs.enkryptify.com/sdk/auth#token-format\",\n );\n }\n\n async get(key: string, options?: { cache?: boolean }): Promise<string> {\n this.#guardDestroyed();\n\n const useCache = this.#cacheEnabled && options?.cache !== false;\n\n if (useCache && this.#cache) {\n const cached = this.#cache.get(key);\n if (cached !== undefined) {\n this.#logger.debug(`Cache hit for secret \"${key}\"`);\n return cached;\n }\n this.#logger.debug(`Cache miss for secret \"${key}\", fetching from API`);\n }\n\n await this.#tokenExchange?.ensureToken();\n\n if (useCache && this.#eagerCache && !this.#eagerLoaded) {\n return this.#fetchAndCacheAll(key);\n }\n\n return this.#fetchAndCacheSingle(key);\n }\n\n getFromCache(key: string): string {\n this.#guardDestroyed();\n\n if (!this.#cacheEnabled || !this.#cache) {\n throw new EnkryptifyError(\n \"Cache is disabled. Enable caching in the config or use get() to fetch from the API.\\n\" +\n \"Docs: https://docs.enkryptify.com/sdk/configuration#caching\",\n );\n }\n\n const value = this.#cache.get(key);\n if (value === undefined) {\n throw new SecretNotFoundError(key, this.#workspace, this.#environment);\n }\n\n return value;\n }\n\n async preload(): Promise<void> {\n this.#guardDestroyed();\n\n if (!this.#cacheEnabled || !this.#cache) {\n throw new EnkryptifyError(\n \"Cannot preload: caching is disabled. Enable caching in the config.\\n\" +\n \"Docs: https://docs.enkryptify.com/sdk/configuration#caching\",\n );\n }\n\n await this.#tokenExchange?.ensureToken();\n\n const secrets = await this.#api.fetchAllSecrets(this.#workspace, this.#project, this.#environment);\n\n let count = 0;\n for (const secret of secrets) {\n const value = this.#resolveValue(secret);\n if (value !== undefined) {\n this.#cache.set(secret.name, value);\n count++;\n }\n }\n\n this.#eagerLoaded = true;\n this.#logger.info(`Preloaded ${count} secrets into cache`);\n }\n\n destroy(): void {\n if (this.#destroyed) return;\n this.#tokenExchange?.destroy();\n this.#cache?.clear();\n this.#destroyed = true;\n this.#logger.info(\"Client destroyed, all cached secrets cleared\");\n }\n\n #guardDestroyed(): void {\n if (this.#destroyed) {\n throw new EnkryptifyError(\n \"This Enkryptify client has been destroyed. Create a new instance to continue.\\n\" +\n \"Docs: https://docs.enkryptify.com/sdk/lifecycle\",\n );\n }\n }\n\n async #fetchAndCacheAll(key: string): Promise<string> {\n this.#logger.debug(\n `Fetching secret(s) from API: GET /v1/workspace/${this.#workspace}/project/${this.#project}/secret`,\n );\n const start = Date.now();\n const secrets = await this.#api.fetchAllSecrets(this.#workspace, this.#project, this.#environment);\n this.#logger.debug(`API responded with ${secrets.length} secret(s) in ${Date.now() - start}ms`);\n\n let found: string | undefined;\n\n for (const secret of secrets) {\n const value = this.#resolveValue(secret);\n if (value !== undefined && this.#cache) {\n this.#cache.set(secret.name, value);\n this.#logger.debug(\n `Cached secret \"${secret.name}\" (${this.#cache ? \"TTL: cache configured\" : \"no expiry\"})`,\n );\n }\n if (secret.name === key) {\n found = value;\n }\n }\n\n this.#eagerLoaded = true;\n\n if (found !== undefined) {\n return found;\n }\n\n return this.#handleNotFound(key);\n }\n\n async #fetchAndCacheSingle(key: string): Promise<string> {\n this.#logger.debug(\n `Fetching secret(s) from API: GET /v1/workspace/${this.#workspace}/project/${this.#project}/secret/${key}`,\n );\n let secret: Secret;\n try {\n const start = Date.now();\n secret = await this.#api.fetchSecret(this.#workspace, this.#project, key, this.#environment);\n this.#logger.debug(`API responded with 1 secret(s) in ${Date.now() - start}ms`);\n } catch (error) {\n // NotFoundError is imported at the module level via @/errors\n if (error instanceof NotFoundError) {\n return this.#handleNotFound(key);\n }\n throw error;\n }\n\n const value = this.#resolveValue(secret);\n if (value === undefined) {\n return this.#handleNotFound(key);\n }\n\n if (this.#cacheEnabled && this.#cache) {\n this.#cache.set(key, value);\n }\n\n return value;\n }\n\n #handleNotFound(key: string): string {\n if (this.#strict) {\n throw new SecretNotFoundError(key, this.#workspace, this.#environment);\n }\n this.#logger.warn(`Secret \"${key}\" not found (strict mode disabled, returning empty string)`);\n return \"\";\n }\n\n #resolveValue(secret: Secret): string | undefined {\n const envValues = secret.values.filter((v) => v.environmentId === this.#environment);\n\n if (this.#usePersonalValues) {\n const personal = envValues.find((v) => v.isPersonal);\n if (personal) return personal.value;\n\n const shared = envValues.find((v) => !v.isPersonal);\n if (shared) {\n this.#logger.warn(`No personal value for \"${secret.name}\", falling back to shared value`);\n return shared.value;\n }\n } else {\n const shared = envValues.find((v) => !v.isPersonal);\n if (shared) return shared.value;\n }\n\n return undefined;\n }\n}\n"]}