@gradial/aci 0.1.0 → 0.1.2

package/dist/next/server.js

@@ -1,55 +1,31 @@
-import crypto from 'node:crypto';
-import { createClient, get as getEdgeConfigItem } from '@vercel/edge-config';
 import { headers } from 'next/headers';
+import { FragmentNotFoundError, PageNotFoundError, } from '../content/provider.js';
+import { S3ContentProvider } from '../providers/s3.js';
+import { getUncachedEdgeConfigValue } from './edge-config.js';
 const RELEASE_HEADER = 'x-gradial-release-id';
-export class PageNotFoundError extends Error {
-    constructor(route, cause) {
-        super(`Gradial page fragment not found for route ${route}`);
-        this.name = 'PageNotFoundError';
-        this.cause = cause;
-    }
-}
-export class FragmentNotFoundError extends Error {
-    constructor(name, cause) {
-        super(`Gradial fragment not found: ${name}`);
-        this.name = 'FragmentNotFoundError';
-        this.cause = cause;
-    }
-}
+export { FragmentNotFoundError, PageNotFoundError };
 export async function getPage(route = '', config = {}) {
-    const releaseId = await resolveReleaseId(config);
-    const key = releaseKey(config, releaseId, 'fragments', 'page', pageRouteSegment(route), 'index.json');
-    try {
-        return await getS3JSON(key, config);
-    }
-    catch (error) {
-        throw new PageNotFoundError(route, error);
-    }
+    const provider = await resolveProvider(config);
+    return await provider.getPage(route);
 }
 export async function getFragment(name, config = {}) {
-    const releaseId = await resolveReleaseId(config);
-    const cleanName = cleanPath(name).replace(/\.[^.]+$/, '');
-    const key = releaseKey(config, releaseId, 'fragments', 'global', `${cleanName}.json`);
-    try {
-        return await getS3JSON(key, config);
-    }
-    catch (error) {
-        throw new FragmentNotFoundError(name, error);
-    }
+    const provider = await resolveProvider(config);
+    return await provider.getFragment(name);
 }
 export async function getRoutes(config = {}) {
-    const releaseId = await resolveReleaseId(config);
-    const manifest = await getS3JSON(releaseKey(config, releaseId, 'route-manifest.json'), config);
-    return Object.keys(manifest.routes || {}).sort();
+    const provider = await resolveProvider(config);
+    const routes = await provider.listRoutes();
+    return routes.map((route) => route.path).sort();
 }
 export async function getRenderInput(route = '/', config = {}) {
+    const provider = await resolveProvider(config);
     const [page, siteConfig] = await Promise.all([
-        getPage(route, config),
-        getFragment('site', config),
+        provider.getPage(route),
+        provider.getSiteConfig(),
     ]);
     return {
         route,
-        domain: siteConfig.domain || 'www.baremetal.local',
+        domain: siteConfig.domain || 'www.aci.local',
         locale: siteConfig.defaultLocale || 'en-us',
         siteConfig,
         page,
@@ -63,18 +39,91 @@ export async function routeFromNextParams(params) {
         return '/';
     return `/${resolved.slug.join('/')}/`;
 }
+export async function generateGradialStaticParams() {
+    const { FileContentProvider } = await import('../providers/file.js');
+    const provider = new FileContentProvider();
+    const routes = await provider.listRoutes();
+    return routes.map((entry) => ({
+        slug: entry.path === '/' ? undefined : entry.path.replace(/^\/|\/$/g, '').split('/'),
+    }));
+}
+export class ReleaseAssetNotFoundError extends Error {
+    constructor(releaseId, assetPath, cause) {
+        super(`ACI release asset not found: ${releaseId}/${assetPath}`);
+        this.name = 'ReleaseAssetNotFoundError';
+        this.cause = cause;
+    }
+}
+export async function getReleaseAssetResponse(releaseId, assetPath, config = {}) {
+    const clean = cleanAssetPath(assetPath);
+    if (!releaseId || !clean) {
+        throw new ReleaseAssetNotFoundError(releaseId, assetPath);
+    }
+    const provider = new S3ContentProvider({
+        bucket: config.bucket,
+        keyPrefix: releaseKey(config, releaseId),
+        region: config.region,
+        accessKeyId: config.accessKeyId,
+        secretAccessKey: config.secretAccessKey,
+        sessionToken: config.sessionToken,
+        endpoint: config.endpoint,
+    });
+    const key = joinKey(provider.config.keyPrefix, 'assets', clean);
+    const res = await provider.fetchRaw(key);
+    if (!res.ok || !res.body) {
+        throw new ReleaseAssetNotFoundError(releaseId, clean, await safeResponseText(res));
+    }
+    const headers = new Headers();
+    copyHeader(res.headers, headers, 'content-type');
+    copyHeader(res.headers, headers, 'content-length');
+    copyHeader(res.headers, headers, 'etag');
+    copyHeader(res.headers, headers, 'last-modified');
+    headers.set('cache-control', 'public, max-age=31536000, immutable');
+    return new Response(res.body, { status: 200, headers });
+}
+function cleanAssetPath(value) {
+    const clean = value.replace(/^\/+|\/+$/g, '').replace(/\/+/g, '/');
+    if (!clean || clean.split('/').some((s) => s === '..' || s === '.'))
+        return '';
+    return clean;
+}
+function copyHeader(from, to, name) {
+    const value = from.get(name);
+    if (value)
+        to.set(name, value);
+}
+async function safeResponseText(res) {
+    try {
+        return await res.text();
+    }
+    catch {
+        return '';
+    }
+}
 export async function resolveReleaseId(config = {}) {
     if (config.releaseId)
         return config.releaseId;
     const headerReleaseId = await releaseIdFromHeaders();
     if (headerReleaseId)
         return headerReleaseId;
-    if (process.env.GRADIAL_RELEASE_ID)
-        return process.env.GRADIAL_RELEASE_ID;
+    if (process.env.ACI_RELEASE_ID)
+        return process.env.ACI_RELEASE_ID;
     const activeReleaseId = await activeReleaseFromEdgeConfig(config);
     if (activeReleaseId)
         return activeReleaseId;
-    throw new Error('Gradial release ID is not available from headers, GRADIAL_RELEASE_ID, or Edge Config');
+    throw new Error('ACI release ID is not available from headers, ACI_RELEASE_ID, or Edge Config');
+}
+async function resolveProvider(config) {
+    const releaseId = await resolveReleaseId(config);
+    return new S3ContentProvider({
+        bucket: config.bucket,
+        keyPrefix: releaseKey(config, releaseId),
+        region: config.region,
+        accessKeyId: config.accessKeyId,
+        secretAccessKey: config.secretAccessKey,
+        sessionToken: config.sessionToken,
+        endpoint: config.endpoint,
+    });
 }
 async function releaseIdFromHeaders() {
     try {
@@ -87,7 +136,7 @@ async function releaseIdFromHeaders() {
 }
 async function activeReleaseFromEdgeConfig(config) {
     const edgeConfig = config.edgeConfig || process.env.EDGE_CONFIG || '';
-    const siteId = config.siteId || process.env.GRADIAL_SITE_ID || '';
+    const siteId = config.siteId || process.env.ACI_SITE_ID || '';
     if (!edgeConfig || !siteId)
         return '';
     const active = await activeReleasePointer(edgeConfig, siteId);
@@ -116,106 +165,10 @@ async function getEdgeConfigJSON(edgeConfig, key) {
     return value;
 }
 async function getEdgeConfigValue(edgeConfig, key) {
-    return edgeConfig === process.env.EDGE_CONFIG
-        ? await getEdgeConfigItem(key)
-        : await createClient(edgeConfig).get(key);
-}
-async function getS3JSON(key, config) {
-    const resolved = resolveS3Config(config);
-    const url = s3ObjectURL(resolved, key);
-    const signedHeaders = signedS3Headers('GET', url, resolved);
-    const res = await fetch(url, {
-        method: 'GET',
-        headers: signedHeaders,
-        cache: 'no-store',
-    });
-    if (!res.ok) {
-        throw new Error(`S3 GET ${key} failed with status ${res.status}: ${await res.text()}`);
-    }
-    return (await res.json());
-}
-function resolveS3Config(config) {
-    const resolved = {
-        siteId: config.siteId || process.env.GRADIAL_SITE_ID || '',
-        bucket: config.bucket || process.env.GRADIAL_S3_BUCKET || '',
-        keyPrefix: config.keyPrefix || process.env.GRADIAL_S3_KEY_PREFIX || '',
-        region: config.region || process.env.AWS_REGION || 'us-east-1',
-        accessKeyId: config.accessKeyId || process.env.AWS_ACCESS_KEY_ID || '',
-        secretAccessKey: config.secretAccessKey || process.env.AWS_SECRET_ACCESS_KEY || '',
-        sessionToken: config.sessionToken || process.env.AWS_SESSION_TOKEN || '',
-        endpoint: trimSlash(config.endpoint || process.env.GRADIAL_S3_ENDPOINT || ''),
-    };
-    for (const key of ['bucket', 'accessKeyId', 'secretAccessKey']) {
-        if (!resolved[key])
-            throw new Error(`Gradial S3 config missing ${key}`);
-    }
-    return resolved;
+    return getUncachedEdgeConfigValue(edgeConfig, key);
 }
-function releaseKey(config, releaseId, ...parts) {
-    return joinKey(config.keyPrefix || process.env.GRADIAL_S3_KEY_PREFIX || '', 'releases', releaseId, ...parts);
-}
-function s3ObjectURL(config, key) {
-    const encodedKey = encodeKey(key);
-    if (config.endpoint) {
-        return new URL(`${config.endpoint}/${encodeURIComponent(config.bucket)}${encodedKey}`);
-    }
-    return new URL(`https://${config.bucket}.s3.${config.region}.amazonaws.com${encodedKey}`);
-}
-function signedS3Headers(method, url, config) {
-    const now = new Date();
-    const amzDate = amzTimestamp(now);
-    const dateStamp = amzDate.slice(0, 8);
-    const payloadHash = sha256Hex('');
-    const headers = new Headers({
-        host: url.host,
-        'x-amz-content-sha256': payloadHash,
-        'x-amz-date': amzDate,
-    });
-    if (config.sessionToken)
-        headers.set('x-amz-security-token', config.sessionToken);
-    const signedHeaderNames = Array.from(headers.keys()).sort();
-    const canonicalHeaders = signedHeaderNames.map((key) => `${key}:${headers.get(key)?.trim()}\n`).join('');
-    const canonicalRequest = [
-        method,
-        url.pathname,
-        url.searchParams.toString(),
-        canonicalHeaders,
-        signedHeaderNames.join(';'),
-        payloadHash,
-    ].join('\n');
-    const credentialScope = `${dateStamp}/${config.region}/s3/aws4_request`;
-    const stringToSign = [
-        'AWS4-HMAC-SHA256',
-        amzDate,
-        credentialScope,
-        sha256Hex(canonicalRequest),
-    ].join('\n');
-    const signingKey = awsSigningKey(config.secretAccessKey, dateStamp, config.region, 's3');
-    const signature = hmacHex(signingKey, stringToSign);
-    headers.set('authorization', `AWS4-HMAC-SHA256 Credential=${config.accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaderNames.join(';')}, Signature=${signature}`);
-    return headers;
-}
-function awsSigningKey(secret, dateStamp, region, service) {
-    const kDate = hmac(Buffer.from(`AWS4${secret}`, 'utf8'), dateStamp);
-    const kRegion = hmac(kDate, region);
-    const kService = hmac(kRegion, service);
-    return hmac(kService, 'aws4_request');
-}
-function amzTimestamp(date) {
-    return date.toISOString().replace(/[:-]|\.\d{3}/g, '');
-}
-function hmac(key, value) {
-    return crypto.createHmac('sha256', key).update(value, 'utf8').digest();
-}
-function hmacHex(key, value) {
-    return crypto.createHmac('sha256', key).update(value, 'utf8').digest('hex');
-}
-function sha256Hex(value) {
-    return crypto.createHash('sha256').update(value, 'utf8').digest('hex');
-}
-function pageRouteSegment(route) {
-    const clean = cleanPath(route);
-    return clean === '' ? 'index' : clean;
+function releaseKey(config, releaseId) {
+    return joinKey(config.keyPrefix || process.env.ACI_S3_KEY_PREFIX || '', 'releases', releaseId);
 }
 function activeReleaseKey(siteId) {
     return `activeRelease_${edgeKeySegment(siteId)}`;
@@ -255,15 +208,10 @@ function clampRelease(activeReleaseId, activeSequence, compatibility) {
 function edgeKeySegment(value) {
     return value.replace(/[^A-Za-z0-9_-]/g, '_');
 }
-function cleanPath(value) {
-    return value.replace(/^\/+|\/+$/g, '').replace(/\/+/g, '/');
-}
 function joinKey(...parts) {
-    return parts.map(cleanPath).filter(Boolean).join('/');
-}
-function encodeKey(key) {
-    return `/${key.split('/').map(encodeURIComponent).join('/')}`;
-}
-function trimSlash(value) {
-    return value.replace(/\/+$/, '');
+    return parts
+        .flatMap((part) => part.split('/'))
+        .map((part) => part.trim())
+        .filter(Boolean)
+        .join('/');
 }

package/dist/providers/file.d.ts

@@ -1,18 +1,12 @@
-import { type ContentPathOptions } from '../content/routes.js';
-import { type ContentProvider, type RenderInputOptions } from '../content/provider.js';
-import type { KernelPage, KernelRouteMetadata, KernelSiteConfig, RenderInput } from '../content/types.js';
-export interface FileContentProviderOptions extends ContentPathOptions {
-    parseSiteConfig?: (value: unknown, source: string) => KernelSiteConfig;
-    parsePage?: (value: unknown, source: string) => KernelPage;
+import { type CompiledManifest, type ContentProvider, type RouteEntry } from '../content/provider.js';
+export declare class FileContentProvider implements ContentProvider {
+    #private;
+    readonly root: string;
+    constructor(root?: string);
+    listRoutes(): Promise<RouteEntry[]>;
+    getSiteConfig<T = unknown>(): Promise<T>;
+    getPage<T = unknown>(route: string): Promise<T>;
+    getFragment<T = unknown>(id: string): Promise<T>;
+    manifest(): Promise<CompiledManifest>;
+    private readJSON;
 }
-export declare class FileContentProvider<TPage extends KernelPage = KernelPage, TSiteConfig extends KernelSiteConfig = KernelSiteConfig> implements ContentProvider<TPage, TSiteConfig> {
-    readonly options: FileContentProviderOptions;
-    constructor(options?: FileContentProviderOptions);
-    loadSiteConfig(): Promise<TSiteConfig>;
-    loadPage(route?: string): Promise<TPage | null>;
-    listRoutes(): Promise<string[]>;
-    listPublishedRoutes(): Promise<string[]>;
-    resolveRouteMetadata(route?: string): Promise<KernelRouteMetadata>;
-    loadRenderInput(route?: string, options?: RenderInputOptions): Promise<RenderInput<TPage, TSiteConfig>>;
-}
-export declare function createFileContentProvider<TPage extends KernelPage = KernelPage, TSiteConfig extends KernelSiteConfig = KernelSiteConfig>(options?: FileContentProviderOptions): FileContentProvider<TPage, TSiteConfig>;

package/dist/providers/file.js

@@ -1,91 +1,57 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
-import { localeRoot, normalizeRoute, routeFromRelativePagePath, routeToPagePath, siteRoot } from '../content/routes.js';
-import { loadRenderInput, routeMetadataForContent } from '../content/provider.js';
-import { parseKernelPage, parseKernelSiteConfig } from '../content/validation.js';
+import { FragmentNotFoundError, PageNotFoundError } from '../content/provider.js';
+import { normalizeRoute } from '../content/routes.js';
 export class FileContentProvider {
-    options;
-    constructor(options = {}) {
-        this.options = options;
+    root;
+    #manifest;
+    constructor(root) {
+        const resolved = root
+            || process.env.ACI_CONTENT_ROOT
+            || '.aci/compiled';
+        this.root = path.resolve(process.cwd(), resolved);
     }
-    async loadSiteConfig() {
-        const source = path.join(siteRoot(this.options), 'site.json');
-        const parsed = await readJSON(source);
-        const value = this.options.parseSiteConfig
-            ? this.options.parseSiteConfig(parsed, source)
-            : parseKernelSiteConfig(parsed, source);
-        return value;
-    }
-    async loadPage(route = '/') {
-        const source = routeToPagePath(route, this.options);
+    async listRoutes() {
+        const manifest = await this.manifest();
+        return Object.values(manifest.routes).sort((a, b) => a.path.localeCompare(b.path));
+    }
+    async getSiteConfig() {
+        const manifest = await this.manifest();
+        return await this.readJSON(manifest.siteConfigRef);
+    }
+    async getPage(route) {
+        const manifest = await this.manifest();
+        const normalized = normalizeRoute(route);
+        const entry = Object.values(manifest.routes).find((candidate) => normalizeRoute(candidate.path) === normalized);
+        if (!entry) {
+            throw new PageNotFoundError(route);
+        }
         try {
-            const parsed = await readJSON(source);
-            const value = this.options.parsePage
-                ? this.options.parsePage(parsed, source)
-                : parseKernelPage(parsed, source);
-            return value;
+            return await this.readJSON(entry.payloadRef);
         }
         catch (error) {
-            if (isNotFound(error)) {
-                return null;
-            }
-            throw error;
+            throw new PageNotFoundError(route, error);
         }
     }
-    async listRoutes() {
-        const files = await walk(localeRoot(this.options));
-        return files
-            .filter((entry) => entry.endsWith('/_index.json'))
-            .map((entry) => routeFromRelativePagePath(entry))
-            .sort((left, right) => left.localeCompare(right));
-    }
-    async listPublishedRoutes() {
-        const routes = await this.listRoutes();
-        const pages = await Promise.all(routes.map(async (route) => ({
-            route,
-            page: await this.loadPage(route)
-        })));
-        return pages
-            .filter((entry) => entry.page?.status === 'published')
-            .map((entry) => entry.route);
-    }
-    async resolveRouteMetadata(route = '/') {
-        const normalizedRoute = normalizeRoute(route);
-        const [siteConfig, page] = await Promise.all([
-            this.loadSiteConfig(),
-            this.loadPage(normalizedRoute)
-        ]);
-        return routeMetadataForContent(siteConfig, page);
-    }
-    async loadRenderInput(route = '/', options = {}) {
-        return loadRenderInput(this, route, options);
-    }
-}
-export function createFileContentProvider(options = {}) {
-    return new FileContentProvider(options);
-}
-async function readJSON(source) {
-    const raw = await fs.readFile(source, 'utf8');
-    return JSON.parse(raw);
-}
-async function walk(directory, prefix = '') {
-    const entries = await fs.readdir(directory, { withFileTypes: true });
-    const files = [];
-    for (const entry of entries) {
-        const relative = prefix ? path.join(prefix, entry.name) : entry.name;
-        const absolute = path.join(directory, entry.name);
-        if (entry.isDirectory()) {
-            files.push(...await walk(absolute, relative));
+    async getFragment(id) {
+        const manifest = await this.manifest();
+        const entry = manifest.fragments[id];
+        if (!entry) {
+            throw new FragmentNotFoundError(id);
+        }
+        try {
+            return await this.readJSON(entry.payloadRef);
         }
-        else if (entry.isFile()) {
-            files.push(relative);
+        catch (error) {
+            throw new FragmentNotFoundError(id, error);
         }
     }
-    return files;
-}
-function isNotFound(error) {
-    return typeof error === 'object'
-        && error !== null
-        && 'code' in error
-        && error.code === 'ENOENT';
+    async manifest() {
+        this.#manifest ??= this.readJSON('manifest.json');
+        return await this.#manifest;
+    }
+    async readJSON(key) {
+        const raw = await fs.readFile(path.join(this.root, key), 'utf8');
+        return JSON.parse(raw);
+    }
 }

package/dist/providers/s3.d.ts

@@ -0,0 +1,26 @@
+import { type CompiledManifest, type ContentProvider, type RouteEntry } from '../content/provider.js';
+export interface S3ContentProviderConfig {
+    bucket?: string;
+    keyPrefix?: string;
+    region?: string;
+    accessKeyId?: string;
+    secretAccessKey?: string;
+    sessionToken?: string;
+    endpoint?: string;
+}
+type ResolvedS3Config = Required<S3ContentProviderConfig>;
+export declare class S3ContentProvider implements ContentProvider {
+    #private;
+    readonly config: ResolvedS3Config;
+    constructor(config?: S3ContentProviderConfig);
+    listRoutes(): Promise<RouteEntry[]>;
+    getSiteConfig<T = unknown>(): Promise<T>;
+    getPage<T = unknown>(route: string): Promise<T>;
+    getFragment<T = unknown>(id: string): Promise<T>;
+    manifest(): Promise<CompiledManifest>;
+    fetchRaw(key: string): Promise<Response>;
+    private getJSON;
+}
+export declare function getS3JSON<T>(key: string, config: ResolvedS3Config): Promise<T>;
+export declare function getS3Raw(key: string, config: ResolvedS3Config): Promise<Response>;
+export {};

package/dist/providers/s3.js

@@ -0,0 +1,174 @@
+import crypto from 'node:crypto';
+import { FragmentNotFoundError, PageNotFoundError } from '../content/provider.js';
+import { normalizeRoute } from '../content/routes.js';
+// ---------------------------------------------------------------------------
+// S3 content provider — reads compiled content files from S3
+// ---------------------------------------------------------------------------
+export class S3ContentProvider {
+    config;
+    #manifest;
+    constructor(config = {}) {
+        this.config = resolveS3Config(config);
+    }
+    async listRoutes() {
+        const manifest = await this.manifest();
+        return Object.values(manifest.routes).sort((a, b) => a.path.localeCompare(b.path));
+    }
+    async getSiteConfig() {
+        const manifest = await this.manifest();
+        return await this.getJSON(manifest.siteConfigRef);
+    }
+    async getPage(route) {
+        const manifest = await this.manifest();
+        const normalized = normalizeRoute(route);
+        const entry = Object.values(manifest.routes).find((candidate) => normalizeRoute(candidate.path) === normalized);
+        if (!entry) {
+            throw new PageNotFoundError(route);
+        }
+        try {
+            return await this.getJSON(entry.payloadRef);
+        }
+        catch (error) {
+            throw new PageNotFoundError(route, error);
+        }
+    }
+    async getFragment(id) {
+        const manifest = await this.manifest();
+        const entry = manifest.fragments[id];
+        if (!entry) {
+            throw new FragmentNotFoundError(id);
+        }
+        try {
+            return await this.getJSON(entry.payloadRef);
+        }
+        catch (error) {
+            throw new FragmentNotFoundError(id, error);
+        }
+    }
+    async manifest() {
+        this.#manifest ??= this.getJSON('manifest.json');
+        return await this.#manifest;
+    }
+    async fetchRaw(key) {
+        return await getS3Raw(key, this.config);
+    }
+    async getJSON(key) {
+        return await getS3JSON(joinKey(this.config.keyPrefix, key), this.config);
+    }
+}
+// ---------------------------------------------------------------------------
+// S3 fetch with AWS SigV4 signing
+// ---------------------------------------------------------------------------
+export async function getS3JSON(key, config) {
+    const url = s3ObjectURL(config, key);
+    const signedHeaders = signedS3Headers('GET', url, config);
+    const res = await fetch(url, {
+        method: 'GET',
+        headers: signedHeaders,
+        cache: 'no-store'
+    });
+    if (!res.ok) {
+        throw new Error(`S3 GET ${key} failed with status ${res.status}: ${await res.text()}`);
+    }
+    return (await res.json());
+}
+export async function getS3Raw(key, config) {
+    const url = s3ObjectURL(config, key);
+    const signedHeaders = signedS3Headers('GET', url, config);
+    return await fetch(url, {
+        method: 'GET',
+        headers: signedHeaders,
+        cache: 'no-store'
+    });
+}
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+function resolveS3Config(config) {
+    const resolved = {
+        bucket: config.bucket || process.env.ACI_S3_BUCKET || '',
+        keyPrefix: config.keyPrefix || process.env.ACI_S3_KEY_PREFIX || '',
+        region: config.region || process.env.AWS_REGION || 'us-east-1',
+        accessKeyId: config.accessKeyId || process.env.AWS_ACCESS_KEY_ID || '',
+        secretAccessKey: config.secretAccessKey || process.env.AWS_SECRET_ACCESS_KEY || '',
+        sessionToken: config.sessionToken || process.env.AWS_SESSION_TOKEN || '',
+        endpoint: trimSlash(config.endpoint || process.env.ACI_S3_ENDPOINT || '')
+    };
+    for (const key of ['bucket', 'accessKeyId', 'secretAccessKey']) {
+        if (!resolved[key])
+            throw new Error(`S3 config missing ${key}`);
+    }
+    return resolved;
+}
+function s3ObjectURL(config, key) {
+    const encodedKey = encodeKey(key);
+    if (config.endpoint) {
+        return new URL(`${config.endpoint}/${encodeURIComponent(config.bucket)}${encodedKey}`);
+    }
+    return new URL(`https://${config.bucket}.s3.${config.region}.amazonaws.com${encodedKey}`);
+}
+function signedS3Headers(method, url, config) {
+    const now = new Date();
+    const amzDate = amzTimestamp(now);
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = sha256Hex('');
+    const headers = new Headers({
+        host: url.host,
+        'x-amz-content-sha256': payloadHash,
+        'x-amz-date': amzDate
+    });
+    if (config.sessionToken)
+        headers.set('x-amz-security-token', config.sessionToken);
+    const signedHeaderNames = Array.from(headers.keys()).sort();
+    const canonicalHeaders = signedHeaderNames.map((k) => `${k}:${headers.get(k)?.trim()}\n`).join('');
+    const canonicalRequest = [
+        method,
+        url.pathname,
+        url.searchParams.toString(),
+        canonicalHeaders,
+        signedHeaderNames.join(';'),
+        payloadHash
+    ].join('\n');
+    const credentialScope = `${dateStamp}/${config.region}/s3/aws4_request`;
+    const stringToSign = [
+        'AWS4-HMAC-SHA256',
+        amzDate,
+        credentialScope,
+        sha256Hex(canonicalRequest)
+    ].join('\n');
+    const signingKey = awsSigningKey(config.secretAccessKey, dateStamp, config.region, 's3');
+    const signature = hmacHex(signingKey, stringToSign);
+    headers.set('authorization', `AWS4-HMAC-SHA256 Credential=${config.accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaderNames.join(';')}, Signature=${signature}`);
+    return headers;
+}
+function awsSigningKey(secret, dateStamp, region, service) {
+    const kDate = hmac(Buffer.from(`AWS4${secret}`, 'utf8'), dateStamp);
+    const kRegion = hmac(kDate, region);
+    const kService = hmac(kRegion, service);
+    return hmac(kService, 'aws4_request');
+}
+function amzTimestamp(date) {
+    return date.toISOString().replace(/[:-]|\.\d{3}/g, '');
+}
+function hmac(key, value) {
+    return crypto.createHmac('sha256', key).update(value, 'utf8').digest();
+}
+function hmacHex(key, value) {
+    return crypto.createHmac('sha256', key).update(value, 'utf8').digest('hex');
+}
+function sha256Hex(value) {
+    return crypto.createHash('sha256').update(value, 'utf8').digest('hex');
+}
+function trimSlash(value) {
+    return value.replace(/\/+$/, '');
+}
+function encodeKey(key) {
+    return `/${key.split('/').map(encodeURIComponent).join('/')}`;
+}
+function joinKey(...parts) {
+    return parts
+        .flatMap((part) => part.split('/'))
+        .map((part) => part.trim())
+        .filter(Boolean)
+        .join('/');
+}