@factiii/stack 0.1.185 → 0.1.186
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -21
- package/README.md +441 -441
- package/bin/stack +300 -300
- package/dist/cli/dev-sync.js +16 -16
- package/dist/cli/init.d.ts.map +1 -1
- package/dist/cli/init.js +9 -1
- package/dist/cli/init.js.map +1 -1
- package/dist/plugins/addons/auth/index.js +7 -7
- package/dist/plugins/addons/vercel/index.js +9 -9
- package/dist/plugins/addons/vercel/scanfix/config.js +10 -10
- package/dist/plugins/addons/vercel/scanfix/token.js +15 -15
- package/dist/plugins/approved.json +13 -13
- package/dist/plugins/pipelines/aws/index.js +12 -12
- package/dist/plugins/pipelines/aws/policies/bootstrap-policy.json +135 -135
- package/dist/plugins/pipelines/aws/prod.js +1 -1
- package/dist/plugins/pipelines/factiii/prod.js +21 -21
- package/dist/plugins/pipelines/factiii/scanfix/bootstrap.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/bootstrap.js +10 -2
- package/dist/plugins/pipelines/factiii/scanfix/bootstrap.js.map +1 -1
- package/dist/plugins/pipelines/factiii/staging.js +23 -23
- package/dist/plugins/pipelines/factiii/workflows/stack-ci.yml +75 -75
- package/dist/plugins/pipelines/factiii/workflows/stack-cicd-prod.yml +73 -73
- package/dist/plugins/servers/amazon-linux/index.js +16 -16
- package/dist/plugins/servers/mac/index.js +12 -12
- package/dist/plugins/servers/mac/staging.js +2 -2
- package/dist/plugins/servers/ubuntu/index.js +23 -23
- package/dist/plugins/servers/windows/index.js +15 -15
- package/dist/scripts/generate-all.js +73 -73
- package/dist/utils/deployment-report.js +2 -2
- package/dist/utils/secret-prompts.js +34 -34
- package/dist/utils/ssh-helper.d.ts.map +1 -1
- package/dist/utils/ssh-helper.js +153 -25
- package/dist/utils/ssh-helper.js.map +1 -1
- package/dist/utils/template-generator.js +74 -74
- package/package.json +100 -93
package/dist/cli/init.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAOH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAOH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CA4DnE;AAED,eAAe,IAAI,CAAC"}
|
package/dist/cli/init.js
CHANGED
|
@@ -81,10 +81,18 @@ async function init(options = {}) {
|
|
|
81
81
|
'# Generated by: npx stack init\n\n' +
|
|
82
82
|
'dev_os: ' + devOS + '\n\n' +
|
|
83
83
|
'# Dev-only mode (default: true)\n' +
|
|
84
|
-
'#
|
|
84
|
+
'# When true, only --dev and --secrets stages are allowed.\n' +
|
|
85
|
+
'# Set to false to unlock staging/prod stages:\n' +
|
|
86
|
+
'# npx stack scan --staging (auto-unlocks on first run)\n' +
|
|
87
|
+
'# or manually change to: dev_only: false\n' +
|
|
85
88
|
'dev_only: true\n';
|
|
86
89
|
fs.writeFileSync(localPath, content, 'utf8');
|
|
87
90
|
console.log(' [OK] Created ' + config_files_js_1.STACK_LOCAL_FILENAME + ' (dev_os: ' + devOS + ', dev_only: true)');
|
|
91
|
+
console.log('');
|
|
92
|
+
console.log(' dev_only is enabled by default — only --dev and --secrets stages will run.');
|
|
93
|
+
console.log(' To unlock staging/prod, either:');
|
|
94
|
+
console.log(' - Run: npx stack scan --staging (auto-unlocks)');
|
|
95
|
+
console.log(' - Edit ' + config_files_js_1.STACK_LOCAL_FILENAME + ' and set dev_only: false');
|
|
88
96
|
}
|
|
89
97
|
// Ensure gitignore entries for sensitive files
|
|
90
98
|
(0, gitignore_js_1.ensureGitignored)(rootDir, config_files_js_1.STACK_LOCAL_FILENAME);
|
package/dist/cli/init.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASH,
|
|
1
|
+
{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASH,oBA4DC;AAnED,uCAAyB;AACzB,kEAAkI;AAClI,+EAA4E;AAC5E,iFAA2E;AAC3E,wDAAyD;AAGlD,KAAK,UAAU,IAAI,CAAC,UAAuB,EAAE;IAClD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,IAAA,oCAAkB,EAAC,OAAO,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAE9C,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,uCAAqB,GAAG,OAAO,CAAC,CAAC;QAC/D,IAAA,6CAAqB,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,MAAM,IAAA,4CAAmB,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;SAAM,IAAI,UAAU,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,IAAA,6CAAqB,EAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAA,4CAAmB,EAAC,OAAO,CAAC,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,uCAAqB,GAAG,uCAAuC,CAAC,CAAC;YACpF,OAAO,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC;YACzE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,uCAAqB,GAAG,iBAAiB,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IACpD,CAAC;IAED,uDAAuD;IACvD,MAAM,SAAS,GAAG,IAAA,mCAAiB,EAAC,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC1G,MAAM,OAAO,GACX,sEAAsE;YACtE,oCAAoC;YACpC,UAAU,GAAG,KAAK,GAAG,MAAM;YAC3B,mCAAmC;YACnC,6DAA6D;YAC7D,iDAAiD;YACjD,8DAA8D;YAC9D,8CAA8C;YAC9C,kBAAkB,CAAC;QACrB,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,sCAAoB,GAAG,YAAY,GAAG,KAAK,GAAG,mBAAmB,CAAC,CAAC;QACnG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,8EAA8E,CAAC,CAAC;QAC5F,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,aAAa,GAAG,sCAAoB,GAAG,0BAA0B,CAAC,CAAC;IACjF,CAAC;IAED,+CAA+C;IAC/C,IAAA,+BAAgB,EAAC,OAAO,EAAE,sCAAoB,CAAC,CAAC;IAChD,IAAA,+BAAgB,EAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IAC1C,IAAA,+BAAgB,EAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,YAAY,GAAG,uCAAqB,GAAG,mCAAmC,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,kBAAe,IAAI,CAAC"}
|
|
@@ -142,13 +142,13 @@ class AuthAddon {
|
|
|
142
142
|
}
|
|
143
143
|
}
|
|
144
144
|
static helpText = {
|
|
145
|
-
JWT_SECRET: `
|
|
146
|
-
JWT signing secret for @factiii/auth.
|
|
147
|
-
|
|
148
|
-
This is auto-generated (256-bit random) when you run:
|
|
149
|
-
npx stack fix --secrets
|
|
150
|
-
|
|
151
|
-
The secret is stored in Ansible Vault and used to sign
|
|
145
|
+
JWT_SECRET: `
|
|
146
|
+
JWT signing secret for @factiii/auth.
|
|
147
|
+
|
|
148
|
+
This is auto-generated (256-bit random) when you run:
|
|
149
|
+
npx stack fix --secrets
|
|
150
|
+
|
|
151
|
+
The secret is stored in Ansible Vault and used to sign
|
|
152
152
|
authentication tokens (JWT) for your application.`,
|
|
153
153
|
};
|
|
154
154
|
// ============================================================
|
|
@@ -128,15 +128,15 @@ class VercelAddon {
|
|
|
128
128
|
return false;
|
|
129
129
|
}
|
|
130
130
|
static helpText = {
|
|
131
|
-
VERCEL_TOKEN: `
|
|
132
|
-
Vercel API Token for deployments.
|
|
133
|
-
|
|
134
|
-
Get from: https://vercel.com/account/tokens
|
|
135
|
-
|
|
136
|
-
Create a new token with:
|
|
137
|
-
- Scope: Full Account (or specific team)
|
|
138
|
-
- Expiration: No Expiration (or custom)
|
|
139
|
-
|
|
131
|
+
VERCEL_TOKEN: `
|
|
132
|
+
Vercel API Token for deployments.
|
|
133
|
+
|
|
134
|
+
Get from: https://vercel.com/account/tokens
|
|
135
|
+
|
|
136
|
+
Create a new token with:
|
|
137
|
+
- Scope: Full Account (or specific team)
|
|
138
|
+
- Expiration: No Expiration (or custom)
|
|
139
|
+
|
|
140
140
|
The token will be stored securely in Ansible Vault.`,
|
|
141
141
|
};
|
|
142
142
|
// ============================================================
|
|
@@ -259,13 +259,13 @@ exports.fixes = [
|
|
|
259
259
|
return false;
|
|
260
260
|
}
|
|
261
261
|
},
|
|
262
|
-
manualFix: `
|
|
263
|
-
Add Vercel to stack.yml:
|
|
264
|
-
|
|
265
|
-
vercel: {}
|
|
266
|
-
|
|
267
|
-
Then run: npx stack fix
|
|
268
|
-
(Auto-creates project, detects framework, and saves IDs via Vercel API)
|
|
262
|
+
manualFix: `
|
|
263
|
+
Add Vercel to stack.yml:
|
|
264
|
+
|
|
265
|
+
vercel: {}
|
|
266
|
+
|
|
267
|
+
Then run: npx stack fix
|
|
268
|
+
(Auto-creates project, detects framework, and saves IDs via Vercel API)
|
|
269
269
|
`,
|
|
270
270
|
},
|
|
271
271
|
{
|
|
@@ -335,9 +335,9 @@ Then run: npx stack fix
|
|
|
335
335
|
return false;
|
|
336
336
|
}
|
|
337
337
|
},
|
|
338
|
-
manualFix: `
|
|
339
|
-
Run: npx stack fix
|
|
340
|
-
(Auto-creates .vercel/project.json from Vercel API — no CLI needed)
|
|
338
|
+
manualFix: `
|
|
339
|
+
Run: npx stack fix
|
|
340
|
+
(Auto-creates .vercel/project.json from Vercel API — no CLI needed)
|
|
341
341
|
`,
|
|
342
342
|
},
|
|
343
343
|
{
|
|
@@ -107,12 +107,12 @@ exports.fixes = [
|
|
|
107
107
|
return false;
|
|
108
108
|
}
|
|
109
109
|
},
|
|
110
|
-
manualFix: `
|
|
111
|
-
Store VERCEL_TOKEN in Ansible Vault manually:
|
|
112
|
-
|
|
113
|
-
npx stack deploy --secrets set VERCEL_TOKEN
|
|
114
|
-
|
|
115
|
-
Or get token from: https://vercel.com/account/tokens
|
|
110
|
+
manualFix: `
|
|
111
|
+
Store VERCEL_TOKEN in Ansible Vault manually:
|
|
112
|
+
|
|
113
|
+
npx stack deploy --secrets set VERCEL_TOKEN
|
|
114
|
+
|
|
115
|
+
Or get token from: https://vercel.com/account/tokens
|
|
116
116
|
`,
|
|
117
117
|
},
|
|
118
118
|
{
|
|
@@ -128,15 +128,15 @@ Or get token from: https://vercel.com/account/tokens
|
|
|
128
128
|
return !process.env.VERCEL_TOKEN;
|
|
129
129
|
},
|
|
130
130
|
fix: null,
|
|
131
|
-
manualFix: `
|
|
132
|
-
VERCEL_TOKEN is not required in your environment during development.
|
|
133
|
-
It will be automatically read from Ansible Vault during deployment.
|
|
134
|
-
|
|
135
|
-
If you want to set it in your shell for testing:
|
|
136
|
-
export VERCEL_TOKEN="your-token-here"
|
|
137
|
-
|
|
138
|
-
Or add to your shell profile (~/.bashrc, ~/.zshrc):
|
|
139
|
-
export VERCEL_TOKEN="$(npx stack deploy --secrets get VERCEL_TOKEN)"
|
|
131
|
+
manualFix: `
|
|
132
|
+
VERCEL_TOKEN is not required in your environment during development.
|
|
133
|
+
It will be automatically read from Ansible Vault during deployment.
|
|
134
|
+
|
|
135
|
+
If you want to set it in your shell for testing:
|
|
136
|
+
export VERCEL_TOKEN="your-token-here"
|
|
137
|
+
|
|
138
|
+
Or add to your shell profile (~/.bashrc, ~/.zshrc):
|
|
139
|
+
export VERCEL_TOKEN="$(npx stack deploy --secrets get VERCEL_TOKEN)"
|
|
140
140
|
`,
|
|
141
141
|
},
|
|
142
142
|
];
|
|
@@ -1,13 +1,13 @@
|
|
|
1
|
-
{
|
|
2
|
-
"version": 1,
|
|
3
|
-
"description": "List of approved/validated external plugins for Factiii Stack",
|
|
4
|
-
"approved": [
|
|
5
|
-
"@factiii/stack-plugin-expo",
|
|
6
|
-
"@factiii/stack-plugin-prisma-trpc",
|
|
7
|
-
"@factiii/stack-plugin-nextjs"
|
|
8
|
-
],
|
|
9
|
-
"lastUpdated": "2024-12-16"
|
|
10
|
-
}
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
1
|
+
{
|
|
2
|
+
"version": 1,
|
|
3
|
+
"description": "List of approved/validated external plugins for Factiii Stack",
|
|
4
|
+
"approved": [
|
|
5
|
+
"@factiii/stack-plugin-expo",
|
|
6
|
+
"@factiii/stack-plugin-prisma-trpc",
|
|
7
|
+
"@factiii/stack-plugin-nextjs"
|
|
8
|
+
],
|
|
9
|
+
"lastUpdated": "2024-12-16"
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
|
|
@@ -166,17 +166,17 @@ class AWSPipeline {
|
|
|
166
166
|
'free-tier': free_tier_js_1.default,
|
|
167
167
|
};
|
|
168
168
|
static helpText = {
|
|
169
|
-
SSH: `
|
|
170
|
-
SSH private key for accessing the EC2 instance.
|
|
171
|
-
|
|
172
|
-
Option A: Auto-generate via AWS (recommended)
|
|
173
|
-
- Factiii will create an EC2 Key Pair via AWS API
|
|
174
|
-
|
|
175
|
-
Option B: Use existing key
|
|
169
|
+
SSH: `
|
|
170
|
+
SSH private key for accessing the EC2 instance.
|
|
171
|
+
|
|
172
|
+
Option A: Auto-generate via AWS (recommended)
|
|
173
|
+
- Factiii will create an EC2 Key Pair via AWS API
|
|
174
|
+
|
|
175
|
+
Option B: Use existing key
|
|
176
176
|
ssh-keygen -t ed25519 -C "deploy-key" -f ~/.ssh/deploy_key`,
|
|
177
|
-
AWS_SECRET_ACCESS_KEY: `
|
|
178
|
-
AWS Secret Access Key
|
|
179
|
-
|
|
177
|
+
AWS_SECRET_ACCESS_KEY: `
|
|
178
|
+
AWS Secret Access Key
|
|
179
|
+
|
|
180
180
|
Get from AWS Console: IAM -> Users -> Security credentials`,
|
|
181
181
|
};
|
|
182
182
|
// ============================================================
|
|
@@ -498,8 +498,8 @@ class AWSPipeline {
|
|
|
498
498
|
}
|
|
499
499
|
try {
|
|
500
500
|
const repoName = config.name ?? 'app';
|
|
501
|
-
await AWSPipeline.sshExec(envConfig, `
|
|
502
|
-
cd ~/.factiii && docker compose stop ${repoName}-prod
|
|
501
|
+
await AWSPipeline.sshExec(envConfig, `
|
|
502
|
+
cd ~/.factiii && docker compose stop ${repoName}-prod
|
|
503
503
|
`);
|
|
504
504
|
return { success: true, message: 'Production containers stopped' };
|
|
505
505
|
}
|
|
@@ -1,135 +1,135 @@
|
|
|
1
|
-
{
|
|
2
|
-
"Version": "2012-10-17",
|
|
3
|
-
"Statement": [
|
|
4
|
-
{
|
|
5
|
-
"Sid": "FactiiiEC2Full",
|
|
6
|
-
"Effect": "Allow",
|
|
7
|
-
"Action": [
|
|
8
|
-
"ec2:CreateVpc",
|
|
9
|
-
"ec2:DeleteVpc",
|
|
10
|
-
"ec2:DescribeVpcs",
|
|
11
|
-
"ec2:ModifyVpcAttribute",
|
|
12
|
-
"ec2:CreateSubnet",
|
|
13
|
-
"ec2:DeleteSubnet",
|
|
14
|
-
"ec2:DescribeSubnets",
|
|
15
|
-
"ec2:ModifySubnetAttribute",
|
|
16
|
-
"ec2:CreateInternetGateway",
|
|
17
|
-
"ec2:DeleteInternetGateway",
|
|
18
|
-
"ec2:AttachInternetGateway",
|
|
19
|
-
"ec2:DetachInternetGateway",
|
|
20
|
-
"ec2:DescribeInternetGateways",
|
|
21
|
-
"ec2:CreateRouteTable",
|
|
22
|
-
"ec2:DeleteRouteTable",
|
|
23
|
-
"ec2:CreateRoute",
|
|
24
|
-
"ec2:AssociateRouteTable",
|
|
25
|
-
"ec2:DescribeRouteTables",
|
|
26
|
-
"ec2:CreateSecurityGroup",
|
|
27
|
-
"ec2:DeleteSecurityGroup",
|
|
28
|
-
"ec2:AuthorizeSecurityGroupIngress",
|
|
29
|
-
"ec2:RevokeSecurityGroupIngress",
|
|
30
|
-
"ec2:DescribeSecurityGroups",
|
|
31
|
-
"ec2:CreateKeyPair",
|
|
32
|
-
"ec2:DeleteKeyPair",
|
|
33
|
-
"ec2:DescribeKeyPairs",
|
|
34
|
-
"ec2:RunInstances",
|
|
35
|
-
"ec2:TerminateInstances",
|
|
36
|
-
"ec2:DescribeInstances",
|
|
37
|
-
"ec2:AllocateAddress",
|
|
38
|
-
"ec2:ReleaseAddress",
|
|
39
|
-
"ec2:AssociateAddress",
|
|
40
|
-
"ec2:DescribeAddresses",
|
|
41
|
-
"ec2:DescribeAvailabilityZones",
|
|
42
|
-
"ec2:DescribeImages",
|
|
43
|
-
"ec2:CreateTags"
|
|
44
|
-
],
|
|
45
|
-
"Resource": "*"
|
|
46
|
-
},
|
|
47
|
-
{
|
|
48
|
-
"Sid": "FactiiiRDSFull",
|
|
49
|
-
"Effect": "Allow",
|
|
50
|
-
"Action": [
|
|
51
|
-
"rds:CreateDBInstance",
|
|
52
|
-
"rds:DeleteDBInstance",
|
|
53
|
-
"rds:DescribeDBInstances",
|
|
54
|
-
"rds:CreateDBSubnetGroup",
|
|
55
|
-
"rds:DeleteDBSubnetGroup",
|
|
56
|
-
"rds:DescribeDBSubnetGroups",
|
|
57
|
-
"rds:AddTagsToResource",
|
|
58
|
-
"rds:ListTagsForResource"
|
|
59
|
-
],
|
|
60
|
-
"Resource": "*"
|
|
61
|
-
},
|
|
62
|
-
{
|
|
63
|
-
"Sid": "FactiiiS3Full",
|
|
64
|
-
"Effect": "Allow",
|
|
65
|
-
"Action": [
|
|
66
|
-
"s3:CreateBucket",
|
|
67
|
-
"s3:DeleteBucket",
|
|
68
|
-
"s3:ListBucket",
|
|
69
|
-
"s3:PutBucketEncryption",
|
|
70
|
-
"s3:PutBucketPublicAccessBlock",
|
|
71
|
-
"s3:PutBucketCORS",
|
|
72
|
-
"s3:GetBucketEncryption",
|
|
73
|
-
"s3:GetBucketPublicAccessBlock",
|
|
74
|
-
"s3:GetBucketCORS",
|
|
75
|
-
"s3:PutObject",
|
|
76
|
-
"s3:GetObject",
|
|
77
|
-
"s3:ListAllMyBuckets"
|
|
78
|
-
],
|
|
79
|
-
"Resource": "*"
|
|
80
|
-
},
|
|
81
|
-
{
|
|
82
|
-
"Sid": "FactiiiECRFull",
|
|
83
|
-
"Effect": "Allow",
|
|
84
|
-
"Action": [
|
|
85
|
-
"ecr:CreateRepository",
|
|
86
|
-
"ecr:DeleteRepository",
|
|
87
|
-
"ecr:DescribeRepositories",
|
|
88
|
-
"ecr:GetAuthorizationToken",
|
|
89
|
-
"ecr:PutLifecyclePolicy",
|
|
90
|
-
"ecr:BatchGetImage",
|
|
91
|
-
"ecr:BatchCheckLayerAvailability",
|
|
92
|
-
"ecr:PutImage",
|
|
93
|
-
"ecr:InitiateLayerUpload",
|
|
94
|
-
"ecr:UploadLayerPart",
|
|
95
|
-
"ecr:CompleteLayerUpload"
|
|
96
|
-
],
|
|
97
|
-
"Resource": "*"
|
|
98
|
-
},
|
|
99
|
-
{
|
|
100
|
-
"Sid": "FactiiiSES",
|
|
101
|
-
"Effect": "Allow",
|
|
102
|
-
"Action": [
|
|
103
|
-
"ses:VerifyDomainIdentity",
|
|
104
|
-
"ses:VerifyDomainDkim",
|
|
105
|
-
"ses:GetAccountSendingEnabled",
|
|
106
|
-
"ses:GetIdentityVerificationAttributes",
|
|
107
|
-
"ses:GetIdentityDkimAttributes"
|
|
108
|
-
],
|
|
109
|
-
"Resource": "*"
|
|
110
|
-
},
|
|
111
|
-
{
|
|
112
|
-
"Sid": "FactiiiIAMLimited",
|
|
113
|
-
"Effect": "Allow",
|
|
114
|
-
"Action": [
|
|
115
|
-
"iam:CreateUser",
|
|
116
|
-
"iam:DeleteUser",
|
|
117
|
-
"iam:GetUser",
|
|
118
|
-
"iam:PutUserPolicy",
|
|
119
|
-
"iam:DeleteUserPolicy",
|
|
120
|
-
"iam:CreateAccessKey",
|
|
121
|
-
"iam:ListAccessKeys",
|
|
122
|
-
"iam:ListUsers"
|
|
123
|
-
],
|
|
124
|
-
"Resource": "*"
|
|
125
|
-
},
|
|
126
|
-
{
|
|
127
|
-
"Sid": "FactiiiSTS",
|
|
128
|
-
"Effect": "Allow",
|
|
129
|
-
"Action": [
|
|
130
|
-
"sts:GetCallerIdentity"
|
|
131
|
-
],
|
|
132
|
-
"Resource": "*"
|
|
133
|
-
}
|
|
134
|
-
]
|
|
135
|
-
}
|
|
1
|
+
{
|
|
2
|
+
"Version": "2012-10-17",
|
|
3
|
+
"Statement": [
|
|
4
|
+
{
|
|
5
|
+
"Sid": "FactiiiEC2Full",
|
|
6
|
+
"Effect": "Allow",
|
|
7
|
+
"Action": [
|
|
8
|
+
"ec2:CreateVpc",
|
|
9
|
+
"ec2:DeleteVpc",
|
|
10
|
+
"ec2:DescribeVpcs",
|
|
11
|
+
"ec2:ModifyVpcAttribute",
|
|
12
|
+
"ec2:CreateSubnet",
|
|
13
|
+
"ec2:DeleteSubnet",
|
|
14
|
+
"ec2:DescribeSubnets",
|
|
15
|
+
"ec2:ModifySubnetAttribute",
|
|
16
|
+
"ec2:CreateInternetGateway",
|
|
17
|
+
"ec2:DeleteInternetGateway",
|
|
18
|
+
"ec2:AttachInternetGateway",
|
|
19
|
+
"ec2:DetachInternetGateway",
|
|
20
|
+
"ec2:DescribeInternetGateways",
|
|
21
|
+
"ec2:CreateRouteTable",
|
|
22
|
+
"ec2:DeleteRouteTable",
|
|
23
|
+
"ec2:CreateRoute",
|
|
24
|
+
"ec2:AssociateRouteTable",
|
|
25
|
+
"ec2:DescribeRouteTables",
|
|
26
|
+
"ec2:CreateSecurityGroup",
|
|
27
|
+
"ec2:DeleteSecurityGroup",
|
|
28
|
+
"ec2:AuthorizeSecurityGroupIngress",
|
|
29
|
+
"ec2:RevokeSecurityGroupIngress",
|
|
30
|
+
"ec2:DescribeSecurityGroups",
|
|
31
|
+
"ec2:CreateKeyPair",
|
|
32
|
+
"ec2:DeleteKeyPair",
|
|
33
|
+
"ec2:DescribeKeyPairs",
|
|
34
|
+
"ec2:RunInstances",
|
|
35
|
+
"ec2:TerminateInstances",
|
|
36
|
+
"ec2:DescribeInstances",
|
|
37
|
+
"ec2:AllocateAddress",
|
|
38
|
+
"ec2:ReleaseAddress",
|
|
39
|
+
"ec2:AssociateAddress",
|
|
40
|
+
"ec2:DescribeAddresses",
|
|
41
|
+
"ec2:DescribeAvailabilityZones",
|
|
42
|
+
"ec2:DescribeImages",
|
|
43
|
+
"ec2:CreateTags"
|
|
44
|
+
],
|
|
45
|
+
"Resource": "*"
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
"Sid": "FactiiiRDSFull",
|
|
49
|
+
"Effect": "Allow",
|
|
50
|
+
"Action": [
|
|
51
|
+
"rds:CreateDBInstance",
|
|
52
|
+
"rds:DeleteDBInstance",
|
|
53
|
+
"rds:DescribeDBInstances",
|
|
54
|
+
"rds:CreateDBSubnetGroup",
|
|
55
|
+
"rds:DeleteDBSubnetGroup",
|
|
56
|
+
"rds:DescribeDBSubnetGroups",
|
|
57
|
+
"rds:AddTagsToResource",
|
|
58
|
+
"rds:ListTagsForResource"
|
|
59
|
+
],
|
|
60
|
+
"Resource": "*"
|
|
61
|
+
},
|
|
62
|
+
{
|
|
63
|
+
"Sid": "FactiiiS3Full",
|
|
64
|
+
"Effect": "Allow",
|
|
65
|
+
"Action": [
|
|
66
|
+
"s3:CreateBucket",
|
|
67
|
+
"s3:DeleteBucket",
|
|
68
|
+
"s3:ListBucket",
|
|
69
|
+
"s3:PutBucketEncryption",
|
|
70
|
+
"s3:PutBucketPublicAccessBlock",
|
|
71
|
+
"s3:PutBucketCORS",
|
|
72
|
+
"s3:GetBucketEncryption",
|
|
73
|
+
"s3:GetBucketPublicAccessBlock",
|
|
74
|
+
"s3:GetBucketCORS",
|
|
75
|
+
"s3:PutObject",
|
|
76
|
+
"s3:GetObject",
|
|
77
|
+
"s3:ListAllMyBuckets"
|
|
78
|
+
],
|
|
79
|
+
"Resource": "*"
|
|
80
|
+
},
|
|
81
|
+
{
|
|
82
|
+
"Sid": "FactiiiECRFull",
|
|
83
|
+
"Effect": "Allow",
|
|
84
|
+
"Action": [
|
|
85
|
+
"ecr:CreateRepository",
|
|
86
|
+
"ecr:DeleteRepository",
|
|
87
|
+
"ecr:DescribeRepositories",
|
|
88
|
+
"ecr:GetAuthorizationToken",
|
|
89
|
+
"ecr:PutLifecyclePolicy",
|
|
90
|
+
"ecr:BatchGetImage",
|
|
91
|
+
"ecr:BatchCheckLayerAvailability",
|
|
92
|
+
"ecr:PutImage",
|
|
93
|
+
"ecr:InitiateLayerUpload",
|
|
94
|
+
"ecr:UploadLayerPart",
|
|
95
|
+
"ecr:CompleteLayerUpload"
|
|
96
|
+
],
|
|
97
|
+
"Resource": "*"
|
|
98
|
+
},
|
|
99
|
+
{
|
|
100
|
+
"Sid": "FactiiiSES",
|
|
101
|
+
"Effect": "Allow",
|
|
102
|
+
"Action": [
|
|
103
|
+
"ses:VerifyDomainIdentity",
|
|
104
|
+
"ses:VerifyDomainDkim",
|
|
105
|
+
"ses:GetAccountSendingEnabled",
|
|
106
|
+
"ses:GetIdentityVerificationAttributes",
|
|
107
|
+
"ses:GetIdentityDkimAttributes"
|
|
108
|
+
],
|
|
109
|
+
"Resource": "*"
|
|
110
|
+
},
|
|
111
|
+
{
|
|
112
|
+
"Sid": "FactiiiIAMLimited",
|
|
113
|
+
"Effect": "Allow",
|
|
114
|
+
"Action": [
|
|
115
|
+
"iam:CreateUser",
|
|
116
|
+
"iam:DeleteUser",
|
|
117
|
+
"iam:GetUser",
|
|
118
|
+
"iam:PutUserPolicy",
|
|
119
|
+
"iam:DeleteUserPolicy",
|
|
120
|
+
"iam:CreateAccessKey",
|
|
121
|
+
"iam:ListAccessKeys",
|
|
122
|
+
"iam:ListUsers"
|
|
123
|
+
],
|
|
124
|
+
"Resource": "*"
|
|
125
|
+
},
|
|
126
|
+
{
|
|
127
|
+
"Sid": "FactiiiSTS",
|
|
128
|
+
"Effect": "Allow",
|
|
129
|
+
"Action": [
|
|
130
|
+
"sts:GetCallerIdentity"
|
|
131
|
+
],
|
|
132
|
+
"Resource": "*"
|
|
133
|
+
}
|
|
134
|
+
]
|
|
135
|
+
}
|
|
@@ -154,7 +154,7 @@ async function writeEnvFile(envConfig, repoDir, environment, envVarsString) {
|
|
|
154
154
|
else {
|
|
155
155
|
// We're remote - SSH to write
|
|
156
156
|
console.log(` 📝 Writing ${envFileName} on remote server (${envVars.length} variables)...`);
|
|
157
|
-
await sshExecCommand(envConfig, `cat > ${repoDir}/${envFileName} << 'ENVEOF'
|
|
157
|
+
await sshExecCommand(envConfig, `cat > ${repoDir}/${envFileName} << 'ENVEOF'
|
|
158
158
|
${envFileContent}ENVEOF`);
|
|
159
159
|
}
|
|
160
160
|
}
|
|
@@ -105,27 +105,27 @@ async function ensureDockerRunning(envConfig, isOnServer) {
|
|
|
105
105
|
const checkCmd = 'export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && docker info > /dev/null 2>&1 && echo "running" || echo "stopped"';
|
|
106
106
|
// Start Docker and wait up to 60 seconds for it to be ready
|
|
107
107
|
// Use headless binary start over SSH since `open -a Docker` requires a GUI session
|
|
108
|
-
const startCmd = `
|
|
109
|
-
export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && \
|
|
110
|
-
if ! docker info > /dev/null 2>&1; then
|
|
111
|
-
echo "Starting Docker Desktop..." && \
|
|
112
|
-
if [ -n "$SSH_CONNECTION" ] || [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]; then
|
|
113
|
-
nohup /Applications/Docker.app/Contents/MacOS/Docker --unattended > /dev/null 2>&1 &
|
|
114
|
-
else
|
|
115
|
-
open -a Docker
|
|
116
|
-
fi && \
|
|
117
|
-
for i in {1..60}; do
|
|
118
|
-
sleep 1
|
|
119
|
-
if docker info > /dev/null 2>&1; then
|
|
120
|
-
echo "Docker is ready"
|
|
121
|
-
exit 0
|
|
122
|
-
fi
|
|
123
|
-
done
|
|
124
|
-
echo "Docker failed to start within 60 seconds"
|
|
125
|
-
exit 1
|
|
126
|
-
else
|
|
127
|
-
echo "Docker is already running"
|
|
128
|
-
fi
|
|
108
|
+
const startCmd = `
|
|
109
|
+
export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && \
|
|
110
|
+
if ! docker info > /dev/null 2>&1; then
|
|
111
|
+
echo "Starting Docker Desktop..." && \
|
|
112
|
+
if [ -n "$SSH_CONNECTION" ] || [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]; then
|
|
113
|
+
nohup /Applications/Docker.app/Contents/MacOS/Docker --unattended > /dev/null 2>&1 &
|
|
114
|
+
else
|
|
115
|
+
open -a Docker
|
|
116
|
+
fi && \
|
|
117
|
+
for i in {1..60}; do
|
|
118
|
+
sleep 1
|
|
119
|
+
if docker info > /dev/null 2>&1; then
|
|
120
|
+
echo "Docker is ready"
|
|
121
|
+
exit 0
|
|
122
|
+
fi
|
|
123
|
+
done
|
|
124
|
+
echo "Docker failed to start within 60 seconds"
|
|
125
|
+
exit 1
|
|
126
|
+
else
|
|
127
|
+
echo "Docker is already running"
|
|
128
|
+
fi
|
|
129
129
|
`;
|
|
130
130
|
if (isOnServer) {
|
|
131
131
|
// We're on the server - run commands directly
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/factiii/scanfix/bootstrap.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EAAE,GAAG,EAAiB,MAAM,4BAA4B,CAAC;AAWrE,eAAO,MAAM,cAAc,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/factiii/scanfix/bootstrap.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EAAE,GAAG,EAAiB,MAAM,4BAA4B,CAAC;AAWrE,eAAO,MAAM,cAAc,EAAE,GAAG,EA4H/B,CAAC"}
|
|
@@ -104,13 +104,21 @@ exports.bootstrapFixes = [
|
|
|
104
104
|
'dev_os: ' + devOS + '\n' +
|
|
105
105
|
'\n' +
|
|
106
106
|
'# Dev-only mode (default: true)\n' +
|
|
107
|
-
'#
|
|
107
|
+
'# When true, only --dev and --secrets stages are allowed.\n' +
|
|
108
|
+
'# Set to false to unlock staging/prod stages:\n' +
|
|
109
|
+
'# npx stack scan --staging (auto-unlocks on first run)\n' +
|
|
110
|
+
'# or manually change to: dev_only: false\n' +
|
|
108
111
|
'dev_only: true\n';
|
|
109
112
|
fs.writeFileSync(localPath, content, 'utf8');
|
|
110
113
|
// Also ensure gitignored
|
|
111
114
|
(0, gitignore_js_1.ensureGitignored)(rootDir, config_files_js_1.STACK_LOCAL_FILENAME);
|
|
112
115
|
(0, gitignore_js_1.ensureGitignored)(rootDir, 'factiii.local.yml');
|
|
113
|
-
console.log(' [OK] Created ' + config_files_js_1.STACK_LOCAL_FILENAME + ' (dev_os: ' + devOS + ')');
|
|
116
|
+
console.log(' [OK] Created ' + config_files_js_1.STACK_LOCAL_FILENAME + ' (dev_os: ' + devOS + ', dev_only: true)');
|
|
117
|
+
console.log('');
|
|
118
|
+
console.log(' dev_only is enabled by default — only --dev and --secrets stages will run.');
|
|
119
|
+
console.log(' To unlock staging/prod, either:');
|
|
120
|
+
console.log(' - Run: npx stack scan --staging (auto-unlocks)');
|
|
121
|
+
console.log(' - Edit ' + config_files_js_1.STACK_LOCAL_FILENAME + ' and set dev_only: false');
|
|
114
122
|
return true;
|
|
115
123
|
},
|
|
116
124
|
manualFix: 'Create ' + config_files_js_1.STACK_LOCAL_FILENAME + ' with: dev_os: mac|windows|ubuntu',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/factiii/scanfix/bootstrap.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AAEzB,2EAAkL;AAClL,iEAAgF;AAGhF;;GAEG;AACH,SAAS,WAAW;IAClB,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAChD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC;IACnD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEY,QAAA,cAAc,GAAU;IACnC,kEAAkE;IAClE;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,KAAK,GAAG,uCAAqB,GAAG,YAAY;QACzD,IAAI,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACxE,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,IAAA,oCAAkB,EAAC,OAAO,CAAC,CAAC,CAAC;QACrD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACvE,kDAAkD;YAClD,MAAM,EAAE,qBAAqB,EAAE,GAAG,wDAAa,8CAA8C,GAAC,CAAC;YAC/F,OAAO,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;QACD,SAAS,EAAE,oBAAoB;KAChC;IAED;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,KAAK,GAAG,qCAAmB,GAAG,YAAY;QACvD,IAAI,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACxE,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,IAAA,kCAAgB,EAAC,OAAO,CAAC,CAAC,CAAC;QACnD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACvE,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,+CAA+C,GAAC,CAAC;YAC9F,MAAM,mBAAmB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,SAAS,EAAE,oBAAoB;KAChC;IAED;QACE,EAAE,EAAE,yBAAyB;QAC7B,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,KAAK,GAAG,sCAAoB,GAAG,oCAAoC;QAChF,IAAI,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACxE,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,IAAA,mCAAiB,EAAC,OAAO,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACvE,MAAM,SAAS,GAAG,IAAA,mCAAiB,EAAC,OAAO,CAAC,CAAC;YAC7C,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;YAC5B,MAAM,OAAO,GACX,sEAAsE;gBACtE,6BAA6B;gBAC7B,IAAI;gBACJ,UAAU,GAAG,KAAK,GAAG,IAAI;gBACzB,IAAI;gBACJ,mCAAmC;gBACnC,
|
|
1
|
+
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/factiii/scanfix/bootstrap.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AAEzB,2EAAkL;AAClL,iEAAgF;AAGhF;;GAEG;AACH,SAAS,WAAW;IAClB,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAChD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC;IACnD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEY,QAAA,cAAc,GAAU;IACnC,kEAAkE;IAClE;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,KAAK,GAAG,uCAAqB,GAAG,YAAY;QACzD,IAAI,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACxE,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,IAAA,oCAAkB,EAAC,OAAO,CAAC,CAAC,CAAC;QACrD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACvE,kDAAkD;YAClD,MAAM,EAAE,qBAAqB,EAAE,GAAG,wDAAa,8CAA8C,GAAC,CAAC;YAC/F,OAAO,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;QACD,SAAS,EAAE,oBAAoB;KAChC;IAED;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,KAAK,GAAG,qCAAmB,GAAG,YAAY;QACvD,IAAI,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACxE,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,IAAA,kCAAgB,EAAC,OAAO,CAAC,CAAC,CAAC;QACnD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACvE,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,+CAA+C,GAAC,CAAC;YAC9F,MAAM,mBAAmB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,SAAS,EAAE,oBAAoB;KAChC;IAED;QACE,EAAE,EAAE,yBAAyB;QAC7B,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,KAAK,GAAG,sCAAoB,GAAG,oCAAoC;QAChF,IAAI,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACxE,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,IAAA,mCAAiB,EAAC,OAAO,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACvE,MAAM,SAAS,GAAG,IAAA,mCAAiB,EAAC,OAAO,CAAC,CAAC;YAC7C,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;YAC5B,MAAM,OAAO,GACX,sEAAsE;gBACtE,6BAA6B;gBAC7B,IAAI;gBACJ,UAAU,GAAG,KAAK,GAAG,IAAI;gBACzB,IAAI;gBACJ,mCAAmC;gBACnC,6DAA6D;gBAC7D,iDAAiD;gBACjD,8DAA8D;gBAC9D,8CAA8C;gBAC9C,kBAAkB,CAAC;YACrB,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;YAC7C,yBAAyB;YACzB,IAAA,+BAAgB,EAAC,OAAO,EAAE,sCAAoB,CAAC,CAAC;YAChD,IAAA,+BAAgB,EAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,sCAAoB,GAAG,YAAY,GAAG,KAAK,GAAG,mBAAmB,CAAC,CAAC;YACnG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,8EAA8E,CAAC,CAAC;YAC5F,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;YACpE,OAAO,CAAC,GAAG,CAAC,aAAa,GAAG,sCAAoB,GAAG,0BAA0B,CAAC,CAAC;YAC/E,OAAO,IAAI,CAAC;QACd,CAAC;QACD,SAAS,EAAE,SAAS,GAAG,sCAAoB,GAAG,mCAAmC;KAClF;IAED,iEAAiE;IACjE;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,KAAK,GAAG,sCAAoB,GAAG,oBAAoB;QAChE,IAAI,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACxE,oFAAoF;YACpF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAA,mCAAiB,EAAC,OAAO,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC7D,OAAO,CAAC,IAAA,2BAAY,EAAC,OAAO,EAAE,sCAAoB,CAAC,CAAC;QACtD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACvE,IAAA,+BAAgB,EAAC,OAAO,EAAE,sCAAoB,CAAC,CAAC;YAChD,IAAA,+BAAgB,EAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,SAAS,EAAE,MAAM,GAAG,sCAAoB,GAAG,gBAAgB;KAC5D;IAED;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mCAAmC;QAChD,IAAI,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACxE,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;YAC9D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC1C,OAAO,CAAC,IAAA,2BAAY,EAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAChD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACvE,IAAA,+BAAgB,EAAC,OAAO,EAAE,cAAc,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,SAAS,EAAE,gCAAgC;KAC5C;IAED;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,gCAAgC;QAC7C,IAAI,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACxE,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAC3D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC1C,OAAO,CAAC,IAAA,2BAAY,EAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAC7C,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,OAAsB,EAAE,OAAe,EAAoB,EAAE;YACvE,IAAA,+BAAgB,EAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YACvC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,SAAS,EAAE,6BAA6B;KACzC;CACF,CAAC"}
|