@highstate/wireguard 0.9.20 → 0.9.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/{chunk-F7GNOL5A.js → chunk-3C5LH4YJ.js} +5 -3
  2. package/dist/chunk-3C5LH4YJ.js.map +1 -0
  3. package/dist/config/index.js +2 -2
  4. package/dist/config/index.js.map +1 -1
  5. package/dist/config-bundle/index.js +2 -2
  6. package/dist/config-bundle/index.js.map +1 -1
  7. package/dist/highstate.manifest.json +7 -7
  8. package/dist/identity/index.js +2 -2
  9. package/dist/identity/index.js.map +1 -1
  10. package/dist/node/index.js +1 -1
  11. package/dist/node.k8s/index.js +1 -1
  12. package/dist/peer/index.js +2 -2
  13. package/dist/peer/index.js.map +1 -1
  14. package/dist/peer-patch/index.js +2 -2
  15. package/dist/peer-patch/index.js.map +1 -1
  16. package/package.json +15 -10
  17. package/dist/chunk-F7GNOL5A.js.map +0 -1
package/dist/{chunk-F7GNOL5A.js → chunk-3C5LH4YJ.js} RENAMED
@@ -1,7 +1,7 @@
1
1
  import { l3EndpointToL4, parseL4Endpoint, l3EndpointToString, parseL34Endpoint, l4EndpointToString, l34EndpointToString } from '@highstate/common';
2
+ import { getBestEndpoint } from '@highstate/k8s';
2
3
  import { x25519 } from '@noble/curves/ed25519';
3
4
  import * as nc from 'node:crypto';
4
- import { getBestEndpoint } from '@highstate/k8s';
5
5
 
6
6
  // src/shared.ts
7
7
  var crypto = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : nc && typeof nc === "object" && "randomBytes" in nc ? nc : void 0;
@@ -100,6 +100,8 @@ function y3(e) {
100
100
  return n.has(r) ? s : (n.add(r), { done: false, hasNext: true, next: t });
101
101
  };
102
102
  }
103
+
104
+ // src/shared.ts
103
105
  function generateKey() {
104
106
  const key = x25519.utils.randomPrivateKey();
105
107
  return Buffer.from(key).toString("base64");
@@ -317,5 +319,5 @@ function shouldExpose(identity, exposePolicy) {
317
319
  */
318
320
 
319
321
  export { calculateAllowedEndpoints, calculateAllowedIps, calculateEndpoints, convertPrivateKeyToPublicKey, createPeerEntity, generateIdentityConfig, generateKey, generatePresharedKey, isExitNode, shouldExpose };
320
- //# sourceMappingURL=chunk-F7GNOL5A.js.map
321
- //# sourceMappingURL=chunk-F7GNOL5A.js.map
322
+ //# sourceMappingURL=chunk-3C5LH4YJ.js.map
323
+ //# sourceMappingURL=chunk-3C5LH4YJ.js.map
package/dist/chunk-3C5LH4YJ.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../../node_modules/@noble/hashes/src/cryptoNode.ts","../../../../node_modules/@noble/hashes/src/utils.ts","../../../../node_modules/remeda/dist/chunk-ANXBDSUI.js","../../../../node_modules/remeda/dist/chunk-3GOCSNFN.js","../../../../node_modules/remeda/dist/chunk-LFJW7BOT.js","../../../../node_modules/remeda/dist/chunk-QJLMYOTX.js","../../../../node_modules/remeda/dist/chunk-7ZI6JRPB.js","../src/shared.ts"],"names":["i","a","s","y"],"mappings":";;;;;;AASO,IAAM,MAAA,GACX,EAAA,IAAM,OAAO,EAAA,KAAO,YAAY,WAAA,IAAe,EAAA,GACvC,EAAA,CAAA,SAAA,GACJ,EAAA,IAAM,OAAO,EAAA,KAAO,QAAA,IAAY,aAAA,IAAiB,KAC/C,EAAA,GACA,MAAA;;;ACmXF,SAAU,WAAA,CAAY,cAAc,EAAA,EAAE;AAC1C,EAAA,IAAI,MAAA,IAAU,OAAO,MAAA,CAAO,eAAA,KAAoB,UAAA,EAAY;AAC1D,IAAA,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,WAAW,CAAC,CAAA;AAC3D,EAAA;AAEA,EAAA,IAAI,MAAA,IAAU,OAAO,MAAA,CAAO,WAAA,KAAgB,UAAA,EAAY;AACtD,IAAA,OAAO,UAAA,CAAW,IAAA,CAAK,MAAA,CAAO,WAAA,CAAY,WAAW,CAAC,CAAA;AACxD,EAAA;AACA,EAAA,MAAM,IAAI,MAAM,wCAAwC,CAAA;AAC1D;;;AC1YA,IAA2B,CAAA,GAAE,EAAC,IAAA,EAAK,KAAA,EAAG,SAAQ,KAAA,EAAE;;;ACAR,SAAS,CAAA,CAAE,MAAK,CAAA,EAAE;AAAC,EAAA,IAAI,CAAA,GAAE,CAAA,EAAE,CAAA,GAAE,CAAA,CAAE,GAAA,CAAI,CAAA,CAAA,KAAG,MAAA,IAAS,CAAA,GAAE,CAAA,CAAE,CAAC,CAAA,GAAE,MAAM,GAAE,CAAA,GAAE,CAAA;AAAE,EAAA,OAAK,CAAA,GAAE,EAAE,MAAA,IAAQ;AAAC,IAAA,IAAG,EAAE,CAAC,CAAA,KAAI,UAAQ,CAAC,CAAA,CAAE,CAAC,CAAA,EAAE;AAAC,MAAA,IAAIA,EAAAA,GAAE,EAAE,CAAC,CAAA;AAAE,MAAA,CAAA,GAAEA,EAAAA,CAAE,CAAC,CAAA,EAAE,CAAA,IAAG,CAAA;AAAE,MAAA;AAAA,IAAQ;AAAC,IAAA,IAAI,IAAE,EAAC;AAAE,IAAA,KAAA,IAAQA,EAAAA,GAAE,CAAA,EAAEA,EAAAA,GAAE,CAAA,CAAE,QAAOA,EAAAA,EAAAA,EAAI;AAAC,MAAA,IAAI,CAAA,GAAE,EAAEA,EAAC,CAAA;AAAE,MAAA,IAAG,MAAI,MAAA,KAAS,CAAA,CAAE,KAAK,CAAC,CAAA,EAAE,EAAE,QAAA,CAAA,EAAU;AAAA,IAAK;AAAC,IAAA,IAAIC,KAAE,EAAC;AAAE,IAAA,KAAA,IAAQD,MAAK,CAAA,EAAE,IAAG,EAAEA,EAAAA,EAAEC,EAAAA,EAAE,CAAC,CAAA,EAAE;AAAM,IAAA,IAAG,EAAC,QAAA,EAASC,EAAAA,EAAC,GAAE,CAAA,CAAE,GAAG,EAAE,CAAA;AAAE,IAAA,CAAA,GAAEA,KAAED,EAAAA,CAAE,CAAC,CAAA,GAAEA,EAAAA,EAAE,KAAG,CAAA,CAAE,MAAA;AAAA,EAAM;AAAC,EAAA,OAAO,CAAA;AAAC;AAAC,SAAS,CAAA,CAAE,CAAA,EAAE,CAAA,EAAE,CAAA,EAAE;AAAC,EAAA,IAAG,EAAE,MAAA,KAAS,CAAA,SAAS,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,EAAE,KAAA;AAAG,EAAA,IAAI,CAAA,GAAE,CAAA,EAAE,CAAA,GAAE,CAAA,EAAE,CAAA,GAAE,KAAA;AAAG,EAAA,KAAA,IAAO,CAAC,CAAA,EAAEA,EAAC,CAAA,IAAI,CAAA,CAAE,SAAQ,EAAE;AAAC,IAAA,IAAG,EAAC,KAAA,EAAMC,EAAAA,EAAE,KAAA,EAAMF,IAAC,GAAEC,EAAAA;AAAE,IAAA,IAAGD,EAAAA,CAAE,IAAA,CAAK,CAAC,CAAA,EAAE,IAAEC,EAAAA,CAAE,CAAA,EAAEC,EAAAA,EAAEF,EAAC,CAAA,EAAEC,EAAAA,CAAE,KAAA,IAAO,CAAA,EAAE,EAAE,OAAA,EAAQ;AAAC,MAAA,IAAG,CAAA,CAAE,WAAS,KAAA,EAAG;AAAC,QAAA,KAAA,IAAQ,CAAA,IAAK,CAAA,CAAE,IAAA,EAAK,IAAG,CAAA,CAAE,CAAA,EAAE,CAAA,EAAE,CAAA,CAAE,KAAA,CAAM,CAAA,GAAE,CAAC,CAAC,GAAE,OAAM,IAAA;AAAG,QAAA,OAAO,CAAA;AAAA,MAAC;AAAC,MAAA,CAAA,GAAE,CAAA,CAAE,IAAA;AAAA,IAAI;AAAC,IAAA,IAAG,CAAC,EAAE,OAAA,EAAQ;AAAM,IAAA,CAAA,CAAE,SAAO,CAAA,GAAE,IAAA,CAAA;AAAA,EAAG;AAAC,EAAA,OAAO,CAAA,CAAE,OAAA,IAAS,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,EAAE,CAAA;AAAC;AAAC,SAAS,EAAE,CAAA,EAAE;AAAC,EAAA,IAAG,EAAC,IAAA,EAAK,CAAA,EAAE,QAAA,EAAS,CAAA,KAAG,CAAA,EAAE,CAAA,GAAE,CAAA,CAAE,GAAG,CAAC,CAAA;AAAE,EAAA,OAAO,MAAA,CAAO,MAAA,CAAO,CAAA,EAAE,EAAC,QAAA,EAAS,CAAA,CAAE,MAAA,IAAQ,KAAA,EAAG,KAAA,EAAM,CAAA,EAAE,KAAA,EAAM,IAAG,CAAA;AAAC;AAAC,SAAS,EAAE,CAAA,EAAE;AAAC,EAAA,OAAO,OAAO,KAAG,QAAA,IAAU,OAAO,KAAG,QAAA,IAAU,CAAA,KAAI,IAAA,IAAM,MAAA,CAAO,QAAA,IAAY,CAAA;AAAC;;;ACA11B,SAASE,EAAAA,CAAE,GAAEH,EAAAA,EAAE;AAAC,EAAA,IAAIC,EAAAA,GAAED,EAAAA,CAAE,MAAA,GAAO,CAAA,CAAE,MAAA;AAAO,EAAA,IAAGC,OAAI,CAAA,EAAE;AAAC,IAAA,IAAG,CAAC,CAAA,EAAE,GAAG,CAAC,CAAA,GAAED,EAAAA;AAAE,IAAA,OAAO,EAAE,CAAA,EAAE,EAAC,MAAK,CAAA,EAAE,QAAA,EAAS,GAAE,CAAA;AAAA,EAAC;AAAC,EAAA,IAAGC,OAAI,CAAA,EAAE;AAAC,IAAA,IAAI,CAAA,GAAE,EAAC,IAAA,EAAK,CAAA,EAAE,UAASD,EAAAA,EAAC;AAAE,IAAA,OAAO,OAAO,MAAA,CAAO,CAAA,CAAA,KAAG,EAAE,CAAA,EAAE,CAAC,GAAE,CAAC,CAAA;AAAA,EAAC;AAAC,EAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAC;;;ACA1K,SAAS,KAAK,CAAA,EAAE;AAAC,EAAA,OAAOG,EAAAA,CAAE,GAAE,CAAC,CAAA;AAAC;AAAC,SAAS,CAAA,GAAG;AAAC,EAAA,IAAI,oBAAE,IAAI,GAAA,EAAA;AAAI,EAAA,OAAO,OAAG,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,GAAE,KAAG,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,EAAE,EAAC,IAAA,EAAK,KAAA,EAAG,OAAA,EAAQ,IAAA,EAAG,MAAK,CAAA,EAAC,CAAA;AAAE;;;ACA1H,SAAS,KAAK,CAAA,EAAE;AAAC,EAAA,OAAOA,EAAAA,CAAEA,IAAE,CAAC,CAAA;AAAC;AAAC,SAASA,GAAE,CAAA,EAAE;AAAC,EAAA,IAAI,CAAA,GAAE,CAAA,EAAE,CAAA,mBAAE,IAAI,GAAA,EAAA;AAAI,EAAA,OAAM,CAAC,CAAA,EAAEH,EAAAA,EAAE,CAAA,KAAI;AAAC,IAAA,IAAI,CAAA,GAAE,CAAA,CAAE,CAAA,EAAEA,EAAAA,EAAE,CAAC,CAAA;AAAE,IAAA,OAAO,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,GAAE,KAAG,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,EAAE,EAAC,IAAA,EAAK,KAAA,EAAG,OAAA,EAAQ,IAAA,EAAG,MAAK,CAAA,EAAC,CAAA;AAAA,EAAE,CAAA;AAAC;;;ACe3N,SAAS,WAAA,GAAsB;AACpC,EAAA,MAAM,GAAA,GAAM,MAAA,CAAO,KAAA,CAAM,gBAAA,EAAiB;AAE1C,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,SAAS,QAAQ,CAAA;AAC3C;AAEO,SAAS,6BAA6B,UAAA,EAA4B;AACvE,EAAA,MAAM,GAAA,GAAM,MAAA,CAAO,IAAA,CAAK,UAAA,EAAY,QAAQ,CAAA;AAE5C,EAAA,OAAO,MAAA,CAAO,KAAK,MAAA,CAAO,YAAA,CAAa,GAAG,CAAC,CAAA,CAAE,SAAS,QAAQ,CAAA;AAChE;AAEO,SAAS,oBAAA,GAA+B;AAC7C,EAAA,MAAM,GAAA,GAAM,YAAY,EAAE,CAAA;AAE1B,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,SAAS,QAAQ,CAAA;AAC3C;AAEO,SAAS,wBAAA,CAAyB,OAAe,KAAA,EAAuB;AAC7E,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,KAAA,EAAO,QAAQ,CAAA;AACxC,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,KAAA,EAAO,QAAQ,CAAA;AACxC,EAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAEhC,EAAA,KAAA,IAASA,EAAAA,GAAI,CAAA,EAAGA,EAAAA,GAAI,EAAA,EAAIA,EAAAA,EAAAA,EAAK;AAC3B,IAAA,MAAA,CAAOA,EAAC,CAAA,GAAI,IAAA,CAAKA,EAAC,CAAA,GAAI,KAAKA,EAAC,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,MAAM,CAAA,CAAE,SAAS,QAAQ,CAAA;AAC9C;AAEA,SAAS,kBAAA,CACP,QAAA,EACA,IAAA,EACA,OAAA,EACQ;AACR,EAAA,MAAM,KAAA,GAAQ;AAAA;AAAA,IAEZ,QAAA;AAAA,IACA,CAAA,EAAA,EAAK,KAAK,IAAI,CAAA,CAAA;AAAA,IACd,CAAA,YAAA,EAAe,KAAK,SAAS,CAAA;AAAA,GAC/B;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,MAAA,GAAS,CAAA,EAAG;AAC9B,IAAA,KAAA,CAAM,KAAK,CAAA,aAAA,EAAgB,IAAA,CAAK,WAAW,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EACzD;AAEA,EAAA,MAAM,YAAA,GAAe,eAAA,CAAgB,IAAA,CAAK,SAAA,EAAW,OAAO,CAAA;AAE5D,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,WAAA,EAAc,kBAAA,CAAmB,YAAY,CAAC,CAAA,CAAE,CAAA;AAAA,EAC7D;AAEA,EAAA,IAAI,QAAA,CAAS,IAAA,CAAK,gBAAA,IAAoB,IAAA,CAAK,gBAAA,EAAkB;AAC3D,IAAA,MAAM,YAAA,GAAe,wBAAA;AAAA,MACnB,SAAS,IAAA,CAAK,gBAAA;AAAA,MACd,IAAA,CAAK;AAAA,KACP;AAEA,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,eAAA,EAAkB,YAAY,CAAA,CAAE,CAAA;AAAA,EAC7C,CAAA,MAAA,IAAW,IAAA,CAAK,YAAA,IAAgB,QAAA,CAAS,KAAK,YAAA,EAAc;AAC1D,IAAA,IAAI,IAAA,CAAK,YAAA,KAAiB,QAAA,CAAS,IAAA,CAAK,YAAA,EAAc;AACpD,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,0CAA0C,IAAA,CAAK,IAAI,CAAA,KAAA,EAAQ,QAAA,CAAS,KAAK,IAAI,CAAA;AAAA,OAC/E;AAAA,IACF;AAEA,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,eAAA,EAAkB,IAAA,CAAK,YAAY,CAAA,CAAE,CAAA;AAAA,EAClD;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAeO,SAAS,sBAAA,CAAuB;AAAA,EACrC,QAAA;AAAA,EACA,KAAA;AAAA,EACA,UAAA,GAAa,SAAS,IAAA,CAAK,UAAA;AAAA,EAC3B,MAAM,EAAC;AAAA,EACP,QAAQ,EAAC;AAAA,EACT,SAAS,EAAC;AAAA,EACV,UAAU,EAAC;AAAA,EACX,WAAW,EAAC;AAAA,EACZ,gBAAA;AAAA,EACA;AACF,CAAA,EAA+B;AAC7B,EAAA,MAAM,MAAA,GAAS,CAAA,CAAO,KAAA,CAAM,OAAA,CAAQ,CAAA,IAAA,KAAQ,KAAK,GAAG,CAAA,CAAE,MAAA,CAAO,GAAG,CAAC,CAAA;AACjE,EAAA,MAAM,cAAc,CAAA,CAAO,KAAA,CAAM,QAAQ,CAAA,IAAA,KAAQ,IAAA,CAAK,WAAW,CAAC,CAAA;AAElE,EAAA,MAAM,KAAA,GAAQ;AAAA;AAAA,IAEZ,aAAA;AAAA,IACA,CAAA,EAAA,EAAK,QAAA,CAAS,IAAA,CAAK,IAAI,CAAA;AAAA,GACzB;AAEA,EAAA,IAAI,QAAA,CAAS,KAAK,OAAA,EAAS;AACzB,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,UAAA,EAAa,QAAA,CAAS,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA;AAAA,EACjD;AAEA,EAAA,KAAA,CAAM,IAAA;AAAA;AAAA,IAEJ,CAAA,aAAA,EAAgB,SAAS,UAAU,CAAA,CAAA;AAAA,IACnC;AAAA,GACF;AAEA,EAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACrB,IAAA,KAAA,CAAM,KAAK,CAAA,MAAA,EAAS,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EACzC;AAEA,EAAA,IAAI,UAAA,EAAY;AACd,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,aAAA,EAAgB,UAAU,CAAA,CAAE,CAAA;AAAA,EACzC;AAEA,EAAA,IAAI,KAAA,CAAM,SAAS,CAAA,EAAG;AACpB,IAAA,KAAA,CAAM,IAAA,EAAK;AACX,IAAA,KAAA,MAAW,WAAW,KAAA,EAAO;AAC3B,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,QAAA,EAAW,OAAO,CAAA,CAAE,CAAA;AAAA,IACjC;AAAA,EACF;AAEA,EAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACrB,IAAA,KAAA,CAAM,IAAA,EAAK;AACX,IAAA,KAAA,MAAW,WAAW,MAAA,EAAQ;AAC5B,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,SAAA,EAAY,OAAO,CAAA,CAAE,CAAA;AAAA,IAClC;AAAA,EACF;AAEA,EAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,IAAA,KAAA,CAAM,IAAA,EAAK;AACX,IAAA,KAAA,MAAW,WAAW,OAAA,EAAS;AAC7B,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,UAAA,EAAa,OAAO,CAAA,CAAE,CAAA;AAAA,IACnC;AAAA,EACF;AAEA,EAAA,IAAI,QAAA,CAAS,SAAS,CAAA,EAAG;AACvB,IAAA,KAAA,CAAM,IAAA,EAAK;AACX,IAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,WAAA,EAAc,OAAO,CAAA,CAAE,CAAA;AAAA,IACpC;AAAA,EACF;AAEA,EAAA,IAAI,gBAAA,EAAkB;AACpB,IAAA,KAAA,CAAM,IAAA,EAAK;AACX,IAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,sBAAA,EAAyB,UAAU,CAAA,KAAA,EAAQ,gBAAgB,CAAA,CAAE,CAAA;AAAA,IAC1E;AAAA,EACF;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,CAAA,IAAA,KAAQ,KAAK,IAAA,KAAS,QAAA,CAAS,KAAK,IAAI,CAAA;AAExE,EAAA,KAAA,MAAW,QAAQ,UAAA,EAAY;AAC7B,IAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AACb,IAAA,KAAA,CAAM,IAAA,CAAK,kBAAA,CAAmB,QAAA,EAAU,IAAA,EAAM,OAAO,CAAC,CAAA;AAAA,EACxD;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAUO,SAAS,kBAAA,CACd,EAAE,SAAA,EAAW,UAAA,IACb,EAAE,WAAA,EAAa,aAAY,EACL;AACtB,EAAA,OAAO,CAAA;AAAA,IACL;AAAA,MACE,GAAG,YAAY,GAAA,CAAI,CAAA,CAAA,KAAK,eAAe,CAAA,EAAG,UAAA,IAAc,KAAK,CAAC,CAAA;AAAA,MAC9D,GAAG,WAAA;AAAA,MACH,GAAG,SAAA,CAAU,GAAA,CAAI,eAAe;AAAA,KAClC;AAAA,IACA,CAAA,QAAA,KAAY,mBAAmB,QAAQ;AAAA,GACzC;AACF;AAEO,SAAS,mBAAA,CACd,EAAE,OAAA,EAAS,QAAA,IACX,EAAE,OAAA,IACF,gBAAA,EACU;AACV,EAAA,MAAM,MAAA,uBAAa,GAAA,EAAY;AAE/B,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,MAAA,CAAO,IAAI,OAAO,CAAA;AAAA,EACpB;AAEA,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,MAAA,CAAO,IAAI,WAAW,CAAA;AAEtB,IAAA,IAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAA,CAAO,IAAI,MAAM,CAAA;AAAA,IACnB;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,YAAY,gBAAA,EAAkB;AACvC,IAAA,IAAI,QAAA,CAAS,SAAS,UAAA,EAAY;AAChC,MAAA,MAAA,CAAO,GAAA,CAAI,kBAAA,CAAmB,QAAQ,CAAC,CAAA;AAAA,IACzC;AAAA,EACF;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,MAAM,CAAA;AAC1B;AAEO,SAAS,yBAAA,CACd,EAAE,gBAAA,EAAiB,EACnB;AAAA,EACE,kBAAA;AAAA,EACA;AACF,CAAA,EACuB;AACvB,EAAA,OAAO,CAAA;AAAA,IACL;AAAA;AAAA,MAEE,GAAG,kBAAA;AAAA,MACH,GAAG,kBAAA;AAAA,MACH,GAAG,gBAAA,CAAiB,GAAA,CAAI,gBAAgB;AAAA,KAC1C;AAAA,IACA,CAAA,QAAA,KAAY,oBAAoB,QAAQ;AAAA,GAC1C;AACF;AAEA,SAAS,qBACP,EAAE,WAAA,EAAa,mBAAkB,EACjC,EAAE,SAAQ,EACA;AACV,EAAA,MAAM,MAAA,uBAAa,GAAA,EAAY;AAE/B,EAAA,KAAA,MAAW,MAAM,WAAA,EAAa;AAC5B,IAAA,MAAA,CAAO,IAAI,EAAE,CAAA;AAAA,EACf;AAEA,EAAA,IAAI,iBAAA,EAAmB;AACrB,IAAA,MAAA,CAAO,IAAI,YAAY,CAAA;AACvB,IAAA,MAAA,CAAO,IAAI,eAAe,CAAA;AAC1B,IAAA,MAAA,CAAO,IAAI,gBAAgB,CAAA;AAE3B,IAAA,IAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAA,CAAO,IAAI,UAAU,CAAA;AACrB,MAAA,MAAA,CAAO,IAAI,WAAW,CAAA;AAAA,IACxB;AAAA,EACF;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,MAAM,CAAA;AAC1B;AAEO,SAAS,WAAW,IAAA,EAA+B;AACxD,EAAA,OAAO,IAAA,CAAK,WAAW,QAAA,CAAS,WAAW,KAAK,IAAA,CAAK,UAAA,CAAW,SAAS,MAAM,CAAA;AACjF;AAEO,SAAS,gBAAA,CACd,IAAA,EACA,IAAA,EACA,MAAA,EACA,WACA,gBAAA,EACgB;AAChB,EAAA,MAAM,SAAA,GAAY,kBAAA,CAAmB,IAAA,EAAM,MAAM,CAAA;AACjD,EAAA,MAAM,gBAAA,GAAmB,yBAAA,CAA0B,IAAA,EAAM,MAAM,CAAA;AAC/D,EAAA,MAAM,UAAA,GAAa,mBAAA,CAAoB,IAAA,EAAM,MAAA,EAAQ,gBAAgB,CAAA;AACrE,EAAA,MAAM,WAAA,GAAc,oBAAA,CAAqB,IAAA,EAAM,MAAM,CAAA;AAErD,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,KAAK,QAAA,IAAY,IAAA;AAAA,IACvB,SAAA;AAAA,IACA,UAAA;AAAA,IACA,gBAAA;AAAA,IACA,WAAA;AAAA,IACA,KAAK,IAAA,CAAK,GAAA;AAAA,IACV,SAAA;AAAA,IACA,SAAS,IAAA,CAAK,OAAA;AAAA,IACd,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,gBAAA;AAAA,IACA,YAAY,IAAA,CAAK;AAAA,GACnB;AACF;AAEO,SAAS,YAAA,CACd,UACA,YAAA,EACS;AACT,EAAA,IAAI,iBAAiB,QAAA,EAAU;AAC7B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAiB,OAAA,EAAS;AAC5B,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,OAAO,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,MAAA,GAAS,CAAA;AAC1C","file":"chunk-3C5LH4YJ.js","sourcesContent":["/**\n * Internal webcrypto alias.\n * We prefer WebCrypto aka globalThis.crypto, which exists in node.js 16+.\n * Falls back to Node.js built-in crypto for Node.js <=v14.\n * See utils.ts for details.\n * @module\n */\n// @ts-ignore\nimport * as nc from 'node:crypto';\nexport const crypto: any =\n nc && typeof nc === 'object' && 'webcrypto' in nc\n ? (nc.webcrypto as any)\n : nc && typeof nc === 'object' && 'randomBytes' in nc\n ? nc\n : undefined;\n","/**\n * Utilities for hex, bytes, CSPRNG.\n * @module\n */\n/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\n\n/** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */\nexport function isBytes(a: unknown): a is Uint8Array {\n return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');\n}\n\n/** Asserts something is positive integer. */\nexport function anumber(n: number): void {\n if (!Number.isSafeInteger(n) || n < 0) throw new Error('positive integer expected, got ' + n);\n}\n\n/** Asserts something is Uint8Array. */\nexport function abytes(b: Uint8Array | undefined, ...lengths: number[]): void {\n if (!isBytes(b)) throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error('Uint8Array expected of length ' + lengths + ', got length=' + b.length);\n}\n\n/** Asserts something is hash */\nexport function ahash(h: IHash): void {\n if (typeof h !== 'function' || typeof h.create !== 'function')\n throw new Error('Hash should be wrapped by utils.createHasher');\n anumber(h.outputLen);\n anumber(h.blockLen);\n}\n\n/** Asserts a hash instance has not been destroyed / finished */\nexport function aexists(instance: any, checkFinished = true): void {\n if (instance.destroyed) throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished) throw new Error('Hash#digest() has already been called');\n}\n\n/** Asserts output is properly-sized byte array */\nexport function aoutput(out: any, instance: any): void {\n abytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error('digestInto() expects output buffer of length at least ' + min);\n }\n}\n\n/** Generic type encompassing 8/16/32-byte arrays - but not 64-byte. */\n// prettier-ignore\nexport type TypedArray = Int8Array | Uint8ClampedArray | Uint8Array |\n Uint16Array | Int16Array | Uint32Array | Int32Array;\n\n/** Cast u8 / u16 / u32 to u8. */\nexport function u8(arr: TypedArray): Uint8Array {\n return new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\n}\n\n/** Cast u8 / u16 / u32 to u32. */\nexport function u32(arr: TypedArray): Uint32Array {\n return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n}\n\n/** Zeroize a byte array. Warning: JS provides no guarantees. */\nexport function clean(...arrays: TypedArray[]): void {\n for (let i = 0; i < arrays.length; i++) {\n arrays[i].fill(0);\n }\n}\n\n/** Create DataView of an array for easy byte-level manipulation. */\nexport function createView(arr: TypedArray): DataView {\n return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n}\n\n/** The rotate right (circular right shift) operation for uint32 */\nexport function rotr(word: number, shift: number): number {\n return (word << (32 - shift)) | (word >>> shift);\n}\n\n/** The rotate left (circular left shift) operation for uint32 */\nexport function rotl(word: number, shift: number): number {\n return (word << shift) | ((word >>> (32 - shift)) >>> 0);\n}\n\n/** Is current platform little-endian? Most are. Big-Endian platform: IBM */\nexport const isLE: boolean = /* @__PURE__ */ (() =>\n new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44)();\n\n/** The byte swap operation for uint32 */\nexport function byteSwap(word: number): number {\n return (\n ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff)\n );\n}\n/** Conditionally byte swap if on a big-endian platform */\nexport const swap8IfBE: (n: number) => number = isLE\n ? (n: number) => n\n : (n: number) => byteSwap(n);\n\n/** @deprecated */\nexport const byteSwapIfBE: typeof swap8IfBE = swap8IfBE;\n/** In place byte swap for Uint32Array */\nexport function byteSwap32(arr: Uint32Array): Uint32Array {\n for (let i = 0; i < arr.length; i++) {\n arr[i] = byteSwap(arr[i]);\n }\n return arr;\n}\n\nexport const swap32IfBE: (u: Uint32Array) => Uint32Array = isLE\n ? (u: Uint32Array) => u\n : byteSwap32;\n\n// Built-in hex conversion https://caniuse.com/mdn-javascript_builtins_uint8array_fromhex\nconst hasHexBuiltin: boolean = /* @__PURE__ */ (() =>\n // @ts-ignore\n typeof Uint8Array.from([]).toHex === 'function' && typeof Uint8Array.fromHex === 'function')();\n\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>\n i.toString(16).padStart(2, '0')\n);\n\n/**\n * Convert byte array to hex string. Uses built-in function, when available.\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes: Uint8Array): string {\n abytes(bytes);\n // @ts-ignore\n if (hasHexBuiltin) return bytes.toHex();\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 } as const;\nfunction asciiToBase16(ch: number): number | undefined {\n if (ch >= asciis._0 && ch <= asciis._9) return ch - asciis._0; // '2' => 50-48\n if (ch >= asciis.A && ch <= asciis.F) return ch - (asciis.A - 10); // 'B' => 66-(65-10)\n if (ch >= asciis.a && ch <= asciis.f) return ch - (asciis.a - 10); // 'b' => 98-(97-10)\n return;\n}\n\n/**\n * Convert hex string to byte array. Uses built-in function, when available.\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex: string): Uint8Array {\n if (typeof hex !== 'string') throw new Error('hex string expected, got ' + typeof hex);\n // @ts-ignore\n if (hasHexBuiltin) return Uint8Array.fromHex(hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2) throw new Error('hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163\n }\n return array;\n}\n\n/**\n * There is no setImmediate in browser and setTimeout is slow.\n * Call of async fn will return Promise, which will be fullfiled only on\n * next scheduler queue processing step and this is exactly what we need.\n */\nexport const nextTick = async (): Promise<void> => {};\n\n/** Returns control to thread each 'tick' ms to avoid blocking. */\nexport async function asyncLoop(\n iters: number,\n tick: number,\n cb: (i: number) => void\n): Promise<void> {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick) continue;\n await nextTick();\n ts += diff;\n }\n}\n\n// Global symbols, but ts doesn't see them: https://github.com/microsoft/TypeScript/issues/31535\ndeclare const TextEncoder: any;\ndeclare const TextDecoder: any;\n\n/**\n * Converts string to bytes using UTF8 encoding.\n * @example utf8ToBytes('abc') // Uint8Array.from([97, 98, 99])\n */\nexport function utf8ToBytes(str: string): Uint8Array {\n if (typeof str !== 'string') throw new Error('string expected');\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n\n/**\n * Converts bytes to string using UTF8 encoding.\n * @example bytesToUtf8(Uint8Array.from([97, 98, 99])) // 'abc'\n */\nexport function bytesToUtf8(bytes: Uint8Array): string {\n return new TextDecoder().decode(bytes);\n}\n\n/** Accepted input of hash functions. Strings are converted to byte arrays. */\nexport type Input = string | Uint8Array;\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data: Input): Uint8Array {\n if (typeof data === 'string') data = utf8ToBytes(data);\n abytes(data);\n return data;\n}\n\n/** KDFs can accept string or Uint8Array for user convenience. */\nexport type KDFInput = string | Uint8Array;\n/**\n * Helper for KDFs: consumes uint8array or string.\n * When string is passed, does utf8 decoding, using TextDecoder.\n */\nexport function kdfInputToBytes(data: KDFInput): Uint8Array {\n if (typeof data === 'string') data = utf8ToBytes(data);\n abytes(data);\n return data;\n}\n\n/** Copies several Uint8Arrays into one. */\nexport function concatBytes(...arrays: Uint8Array[]): Uint8Array {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n\ntype EmptyObj = {};\nexport function checkOpts<T1 extends EmptyObj, T2 extends EmptyObj>(\n defaults: T1,\n opts?: T2\n): T1 & T2 {\n if (opts !== undefined && {}.toString.call(opts) !== '[object Object]')\n throw new Error('options should be object or undefined');\n const merged = Object.assign(defaults, opts);\n return merged as T1 & T2;\n}\n\n/** Hash interface. */\nexport type IHash = {\n (data: Uint8Array): Uint8Array;\n blockLen: number;\n outputLen: number;\n create: any;\n};\n\n/** For runtime check if class implements interface */\nexport abstract class Hash<T extends Hash<T>> {\n abstract blockLen: number; // Bytes per block\n abstract outputLen: number; // Bytes in output\n abstract update(buf: Input): this;\n // Writes digest into buf\n abstract digestInto(buf: Uint8Array): void;\n abstract digest(): Uint8Array;\n /**\n * Resets internal state. Makes Hash instance unusable.\n * Reset is impossible for keyed hashes if key is consumed into state. If digest is not consumed\n * by user, they will need to manually call `destroy()` when zeroing is necessary.\n */\n abstract destroy(): void;\n /**\n * Clones hash instance. Unsafe: doesn't check whether `to` is valid. Can be used as `clone()`\n * when no options are passed.\n * Reasons to use `_cloneInto` instead of clone: 1) performance 2) reuse instance => all internal\n * buffers are overwritten => causes buffer overwrite which is used for digest in some cases.\n * There are no guarantees for clean-up because it's impossible in JS.\n */\n abstract _cloneInto(to?: T): T;\n // Safe version that clones internal state\n abstract clone(): T;\n}\n\n/**\n * XOF: streaming API to read digest in chunks.\n * Same as 'squeeze' in keccak/k12 and 'seek' in blake3, but more generic name.\n * When hash used in XOF mode it is up to user to call '.destroy' afterwards, since we cannot\n * destroy state, next call can require more bytes.\n */\nexport type HashXOF<T extends Hash<T>> = Hash<T> & {\n xof(bytes: number): Uint8Array; // Read 'bytes' bytes from digest stream\n xofInto(buf: Uint8Array): Uint8Array; // read buf.length bytes from digest stream into buf\n};\n\n/** Hash function */\nexport type CHash = ReturnType<typeof createHasher>;\n/** Hash function with output */\nexport type CHashO = ReturnType<typeof createOptHasher>;\n/** XOF with output */\nexport type CHashXO = ReturnType<typeof createXOFer>;\n\n/** Wraps hash function, creating an interface on top of it */\nexport function createHasher<T extends Hash<T>>(\n hashCons: () => Hash<T>\n): {\n (msg: Input): Uint8Array;\n outputLen: number;\n blockLen: number;\n create(): Hash<T>;\n} {\n const hashC = (msg: Input): Uint8Array => hashCons().update(toBytes(msg)).digest();\n const tmp = hashCons();\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = () => hashCons();\n return hashC;\n}\n\nexport function createOptHasher<H extends Hash<H>, T extends Object>(\n hashCons: (opts?: T) => Hash<H>\n): {\n (msg: Input, opts?: T): Uint8Array;\n outputLen: number;\n blockLen: number;\n create(opts?: T): Hash<H>;\n} {\n const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({} as T);\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts?: T) => hashCons(opts);\n return hashC;\n}\n\nexport function createXOFer<H extends HashXOF<H>, T extends Object>(\n hashCons: (opts?: T) => HashXOF<H>\n): {\n (msg: Input, opts?: T): Uint8Array;\n outputLen: number;\n blockLen: number;\n create(opts?: T): HashXOF<H>;\n} {\n const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({} as T);\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts?: T) => hashCons(opts);\n return hashC;\n}\nexport const wrapConstructor: typeof createHasher = createHasher;\nexport const wrapConstructorWithOpts: typeof createOptHasher = createOptHasher;\nexport const wrapXOFConstructorWithOpts: typeof createXOFer = createXOFer;\n\n/** Cryptographically secure PRNG. Uses internal OS-level `crypto.getRandomValues`. */\nexport function randomBytes(bytesLength = 32): Uint8Array {\n if (crypto && typeof crypto.getRandomValues === 'function') {\n return crypto.getRandomValues(new Uint8Array(bytesLength));\n }\n // Legacy Node.js compatibility\n if (crypto && typeof crypto.randomBytes === 'function') {\n return Uint8Array.from(crypto.randomBytes(bytesLength));\n }\n throw new Error('crypto.getRandomValues must be defined');\n}\n","var e={done:!0,hasNext:!1},s={done:!1,hasNext:!1},a=()=>e,o=t=>({hasNext:!0,next:t,done:!1});export{s as a,a as b,o as c};\n","import{a as A}from\"./chunk-ANXBDSUI.js\";function C(t,...o){let n=t,u=o.map(e=>\"lazy\"in e?y(e):void 0),p=0;for(;p<o.length;){if(u[p]===void 0||!B(n)){let i=o[p];n=i(n),p+=1;continue}let r=[];for(let i=p;i<o.length;i++){let l=u[i];if(l===void 0||(r.push(l),l.isSingle))break}let a=[];for(let i of n)if(f(i,a,r))break;let{isSingle:s}=r.at(-1);n=s?a[0]:a,p+=r.length}return n}function f(t,o,n){if(n.length===0)return o.push(t),!1;let u=t,p=A,e=!1;for(let[r,a]of n.entries()){let{index:s,items:i}=a;if(i.push(u),p=a(u,s,i),a.index+=1,p.hasNext){if(p.hasMany??!1){for(let l of p.next)if(f(l,o,n.slice(r+1)))return!0;return e}u=p.next}if(!p.hasNext)break;p.done&&(e=!0)}return p.hasNext&&o.push(u),e}function y(t){let{lazy:o,lazyArgs:n}=t,u=o(...n);return Object.assign(u,{isSingle:o.single??!1,index:0,items:[]})}function B(t){return typeof t==\"string\"||typeof t==\"object\"&&t!==null&&Symbol.iterator in t}export{C as a};\n","import{a as o}from\"./chunk-3GOCSNFN.js\";function y(t,i){let a=i.length-t.length;if(a===1){let[n,...r]=i;return o(n,{lazy:t,lazyArgs:r})}if(a===0){let n={lazy:t,lazyArgs:i};return Object.assign(e=>o(e,n),n)}throw new Error(\"Wrong number of arguments\")}export{y as a};\n","import{a as r}from\"./chunk-LFJW7BOT.js\";import{a as n}from\"./chunk-ANXBDSUI.js\";function i(...e){return r(a,e)}function a(){let e=new Set;return t=>e.has(t)?n:(e.add(t),{done:!1,hasNext:!0,next:t})}export{i as a};\n","import{a as o}from\"./chunk-LFJW7BOT.js\";import{a}from\"./chunk-ANXBDSUI.js\";function T(...e){return o(y,e)}function y(e){let u=e,n=new Set;return(t,i,d)=>{let r=u(t,i,d);return n.has(r)?a:(n.add(r),{done:!1,hasNext:!0,next:t})}}export{T as a};\n","import type { k8s, network, wireguard } from \"@highstate/library\"\nimport type { Input, Unwrap } from \"@highstate/pulumi\"\nimport {\n l3EndpointToL4,\n l3EndpointToString,\n l4EndpointToString,\n l34EndpointToString,\n parseL4Endpoint,\n parseL34Endpoint,\n} from \"@highstate/common\"\nimport { getBestEndpoint } from \"@highstate/k8s\"\nimport { x25519 } from \"@noble/curves/ed25519\"\nimport { randomBytes } from \"@noble/hashes/utils\"\nimport { unique, uniqueBy } from \"remeda\"\n\nexport function generateKey(): string {\n const key = x25519.utils.randomPrivateKey()\n\n return Buffer.from(key).toString(\"base64\")\n}\n\nexport function convertPrivateKeyToPublicKey(privateKey: string): string {\n const key = Buffer.from(privateKey, \"base64\")\n\n return Buffer.from(x25519.getPublicKey(key)).toString(\"base64\")\n}\n\nexport function generatePresharedKey(): string {\n const key = randomBytes(32)\n\n return Buffer.from(key).toString(\"base64\")\n}\n\nexport function combinePresharedKeyParts(part1: string, part2: string): string {\n const key1 = Buffer.from(part1, \"base64\")\n const key2 = Buffer.from(part2, \"base64\")\n const result = new Uint8Array(32)\n\n for (let i = 0; i < 32; i++) {\n result[i] = key1[i] ^ key2[i]\n }\n\n return Buffer.from(result).toString(\"base64\")\n}\n\nfunction generatePeerConfig(\n identity: wireguard.Identity,\n peer: wireguard.Peer,\n cluster?: k8s.Cluster,\n): string {\n const lines = [\n //\n \"[Peer]\",\n `# ${peer.name}`,\n `PublicKey = ${peer.publicKey}`,\n ]\n\n if (peer.allowedIps.length > 0) {\n lines.push(`AllowedIPs = ${peer.allowedIps.join(\", \")}`)\n }\n\n const bestEndpoint = getBestEndpoint(peer.endpoints, cluster)\n\n if (bestEndpoint) {\n lines.push(`Endpoint = ${l4EndpointToString(bestEndpoint)}`)\n }\n\n if (identity.peer.presharedKeyPart && peer.presharedKeyPart) {\n const presharedKey = combinePresharedKeyParts(\n identity.peer.presharedKeyPart,\n peer.presharedKeyPart,\n )\n\n lines.push(`PresharedKey = ${presharedKey}`)\n } else if (peer.presharedKey || identity.peer.presharedKey) {\n if (peer.presharedKey !== identity.peer.presharedKey) {\n throw new Error(\n `Preshared keys do not match for peers: ${peer.name} and ${identity.peer.name}`,\n )\n }\n\n lines.push(`PresharedKey = ${peer.presharedKey}`)\n }\n\n return lines.join(\"\\n\")\n}\n\nexport type IdentityConfigArgs = {\n identity: wireguard.Identity\n peers: wireguard.Peer[]\n listenPort?: number\n dns?: string[]\n postUp?: string[]\n preUp?: string[]\n preDown?: string[]\n postDown?: string[]\n defaultInterface?: string\n cluster?: k8s.Cluster\n}\n\nexport function generateIdentityConfig({\n identity,\n peers,\n listenPort = identity.peer.listenPort,\n dns = [],\n preUp = [],\n postUp = [],\n preDown = [],\n postDown = [],\n defaultInterface,\n cluster,\n}: IdentityConfigArgs): string {\n const allDns = unique(peers.flatMap(peer => peer.dns).concat(dns))\n const excludedIps = unique(peers.flatMap(peer => peer.excludedIps))\n\n const lines = [\n //\n \"[Interface]\",\n `# ${identity.peer.name}`,\n ]\n\n if (identity.peer.address) {\n lines.push(`Address = ${identity.peer.address}`)\n }\n\n lines.push(\n //\n `PrivateKey = ${identity.privateKey}`,\n \"MTU = 1280\",\n )\n\n if (allDns.length > 0) {\n lines.push(`DNS = ${allDns.join(\", \")}`)\n }\n\n if (listenPort) {\n lines.push(`ListenPort = ${listenPort}`)\n }\n\n if (preUp.length > 0) {\n lines.push()\n for (const command of preUp) {\n lines.push(`PreUp = ${command}`)\n }\n }\n\n if (postUp.length > 0) {\n lines.push()\n for (const command of postUp) {\n lines.push(`PostUp = ${command}`)\n }\n }\n\n if (preDown.length > 0) {\n lines.push()\n for (const command of preDown) {\n lines.push(`PreDown = ${command}`)\n }\n }\n\n if (postDown.length > 0) {\n lines.push()\n for (const command of postDown) {\n lines.push(`PostDown = ${command}`)\n }\n }\n\n if (defaultInterface) {\n lines.push()\n for (const excludedIp of excludedIps) {\n lines.push(`PostUp = ip route add ${excludedIp} dev ${defaultInterface}`)\n }\n }\n\n const otherPeers = peers.filter(peer => peer.name !== identity.peer.name)\n\n for (const peer of otherPeers) {\n lines.push(\"\")\n lines.push(generatePeerConfig(identity, peer, cluster))\n }\n\n return lines.join(\"\\n\")\n}\n\ntype SharedPeerInputs = {\n network?: Input<wireguard.Network>\n l3Endpoints: Input<network.L3Endpoint>[]\n l4Endpoints: Input<network.L4Endpoint>[]\n allowedL3Endpoints: Input<network.L3Endpoint>[]\n allowedL4Endpoints: Input<network.L4Endpoint>[]\n}\n\nexport function calculateEndpoints(\n { endpoints, listenPort }: Pick<wireguard.SharedPeerArgs, \"endpoints\" | \"listenPort\">,\n { l3Endpoints, l4Endpoints }: Pick<Unwrap<SharedPeerInputs>, \"l3Endpoints\" | \"l4Endpoints\">,\n): network.L4Endpoint[] {\n return uniqueBy(\n [\n ...l3Endpoints.map(e => l3EndpointToL4(e, listenPort ?? 51820)),\n ...l4Endpoints,\n ...endpoints.map(parseL4Endpoint),\n ],\n endpoint => l4EndpointToString(endpoint),\n )\n}\n\nexport function calculateAllowedIps(\n { address, exitNode }: Pick<wireguard.SharedPeerArgs, \"address\" | \"exitNode\">,\n { network }: Unwrap<SharedPeerInputs>,\n allowedEndpoints: network.L34Endpoint[],\n): string[] {\n const result = new Set<string>()\n\n if (address) {\n result.add(address)\n }\n\n if (exitNode) {\n result.add(\"0.0.0.0/0\")\n\n if (network?.ipv6) {\n result.add(\"::/0\")\n }\n }\n\n for (const endpoint of allowedEndpoints) {\n if (endpoint.type !== \"hostname\") {\n result.add(l3EndpointToString(endpoint))\n }\n }\n\n return Array.from(result)\n}\n\nexport function calculateAllowedEndpoints(\n { allowedEndpoints }: Pick<wireguard.SharedPeerArgs, \"allowedEndpoints\">,\n {\n allowedL3Endpoints,\n allowedL4Endpoints,\n }: Pick<Unwrap<SharedPeerInputs>, \"allowedL3Endpoints\" | \"allowedL4Endpoints\">,\n): network.L34Endpoint[] {\n return uniqueBy(\n [\n //\n ...allowedL3Endpoints,\n ...allowedL4Endpoints,\n ...allowedEndpoints.map(parseL34Endpoint),\n ],\n endpoint => l34EndpointToString(endpoint),\n )\n}\n\nfunction calculateExcludedIps(\n { excludedIps, excludePrivateIps }: wireguard.SharedPeerArgs,\n { network }: Unwrap<SharedPeerInputs>,\n): string[] {\n const result = new Set<string>()\n\n for (const ip of excludedIps) {\n result.add(ip)\n }\n\n if (excludePrivateIps) {\n result.add(\"10.0.0.0/8\")\n result.add(\"172.16.0.0/12\")\n result.add(\"192.168.0.0/16\")\n\n if (network?.ipv6) {\n result.add(\"fc00::/7\")\n result.add(\"fe80::/10\")\n }\n }\n\n return Array.from(result)\n}\n\nexport function isExitNode(peer: wireguard.Peer): boolean {\n return peer.allowedIps.includes(\"0.0.0.0/0\") || peer.allowedIps.includes(\"::/0\")\n}\n\nexport function createPeerEntity(\n name: string,\n args: wireguard.SharedPeerArgs,\n inputs: Unwrap<SharedPeerInputs>,\n publicKey: string,\n presharedKeyPart?: string,\n): wireguard.Peer {\n const endpoints = calculateEndpoints(args, inputs)\n const allowedEndpoints = calculateAllowedEndpoints(args, inputs)\n const allowedIps = calculateAllowedIps(args, inputs, allowedEndpoints)\n const excludedIps = calculateExcludedIps(args, inputs)\n\n return {\n name: args.peerName ?? name,\n endpoints,\n allowedIps,\n allowedEndpoints,\n excludedIps,\n dns: args.dns,\n publicKey,\n address: args.address,\n network: inputs.network,\n presharedKeyPart,\n listenPort: args.listenPort,\n }\n}\n\nexport function shouldExpose(\n identity: wireguard.Identity,\n exposePolicy: wireguard.NodeExposePolicy,\n): boolean {\n if (exposePolicy === \"always\") {\n return true\n }\n\n if (exposePolicy === \"never\") {\n return false\n }\n\n return identity.peer.endpoints.length > 0\n}\n"]}
package/dist/config/index.js CHANGED
@@ -1,7 +1,7 @@
1
- import { generateIdentityConfig } from '../chunk-F7GNOL5A.js';
1
+ import { generateIdentityConfig } from '../chunk-3C5LH4YJ.js';
2
+ import { text } from '@highstate/contract';
2
3
  import { wireguard } from '@highstate/library';
3
4
  import { forUnit, toPromise } from '@highstate/pulumi';
4
- import { text } from '@highstate/contract';
5
5
 
6
6
  var { inputs, args, outputs } = forUnit(wireguard.config);
7
7
  var { identity, peers } = await toPromise(inputs);
package/dist/config/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/config/index.ts"],"names":[],"mappings":";;;;;AAKA,IAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,SAAQ,GAAI,OAAA,CAAQ,UAAU,MAAM,CAAA;AAE1D,IAAM,EAAE,QAAA,EAAU,KAAA,EAAM,GAAI,MAAM,UAAU,MAAM,CAAA;AAElD,IAAM,gBAAgB,sBAAA,CAAuB;AAAA,EAC3C,QAAA;AAAA,EACA,KAAA;AAAA,EACA,kBAAkB,IAAA,CAAK;AACzB,CAAC,CAAA;AAED,IAAO,iBAAQ,OAAA,CAAQ;AAAA,EACrB,MAAA,EAAQ;AAAA,IACN,KAAA,EAAO;AAAA,MACL,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO;AAAA,OACT;AAAA,MAEA,OAAA,EAAS;AAAA,QACP;AAAA,UACE,IAAA,EAAM,UAAA;AAAA,UACN,OAAA,EAAS,IAAA;AAAA;AAAA,UAAA;AAAA,SAGX;AAAA,QACA;AAAA,UACE,IAAA,EAAM,IAAA;AAAA,UACN,OAAA,EAAS,aAAA;AAAA,UACT,WAAA,EAAa,IAAA;AAAA,UACb,QAAA,EAAU;AAAA;AACZ;AACF;AACF;AAEJ,CAAC","file":"index.js","sourcesContent":["import { wireguard } from \"@highstate/library\"\nimport { forUnit, toPromise } from \"@highstate/pulumi\"\nimport { text } from \"@highstate/contract\"\nimport { generateIdentityConfig } from \"../shared\"\n\nconst { inputs, args, outputs } = forUnit(wireguard.config)\n\nconst { identity, peers } = await toPromise(inputs)\n\nconst configContent = generateIdentityConfig({\n identity,\n peers,\n defaultInterface: args.defaultInterface,\n})\n\nexport default outputs({\n $pages: {\n index: {\n meta: {\n title: \"WireGuard Configuration\",\n },\n\n content: [\n {\n type: \"markdown\",\n content: text`\n You can use this configuration to setup an external WireGuard device via \\`wg-quick\\` command.\n `,\n },\n {\n type: \"qr\",\n content: configContent,\n showContent: true,\n language: \"ini\",\n },\n ],\n },\n },\n})\n"]}
1
+ {"version":3,"sources":["../../src/config/index.ts"],"names":[],"mappings":";;;;;AAKA,IAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,SAAQ,GAAI,OAAA,CAAQ,UAAU,MAAM,CAAA;AAE1D,IAAM,EAAE,QAAA,EAAU,KAAA,EAAM,GAAI,MAAM,UAAU,MAAM,CAAA;AAElD,IAAM,gBAAgB,sBAAA,CAAuB;AAAA,EAC3C,QAAA;AAAA,EACA,KAAA;AAAA,EACA,kBAAkB,IAAA,CAAK;AACzB,CAAC,CAAA;AAED,IAAO,iBAAQ,OAAA,CAAQ;AAAA,EACrB,MAAA,EAAQ;AAAA,IACN,KAAA,EAAO;AAAA,MACL,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO;AAAA,OACT;AAAA,MAEA,OAAA,EAAS;AAAA,QACP;AAAA,UACE,IAAA,EAAM,UAAA;AAAA,UACN,OAAA,EAAS,IAAA;AAAA;AAAA,UAAA;AAAA,SAGX;AAAA,QACA;AAAA,UACE,IAAA,EAAM,IAAA;AAAA,UACN,OAAA,EAAS,aAAA;AAAA,UACT,WAAA,EAAa,IAAA;AAAA,UACb,QAAA,EAAU;AAAA;AACZ;AACF;AACF;AAEJ,CAAC","file":"index.js","sourcesContent":["import { text } from \"@highstate/contract\"\nimport { wireguard } from \"@highstate/library\"\nimport { forUnit, toPromise } from \"@highstate/pulumi\"\nimport { generateIdentityConfig } from \"../shared\"\n\nconst { inputs, args, outputs } = forUnit(wireguard.config)\n\nconst { identity, peers } = await toPromise(inputs)\n\nconst configContent = generateIdentityConfig({\n identity,\n peers,\n defaultInterface: args.defaultInterface,\n})\n\nexport default outputs({\n $pages: {\n index: {\n meta: {\n title: \"WireGuard Configuration\",\n },\n\n content: [\n {\n type: \"markdown\",\n content: text`\n You can use this configuration to setup an external WireGuard device via \\`wg-quick\\` command.\n `,\n },\n {\n type: \"qr\",\n content: configContent,\n showContent: true,\n language: \"ini\",\n },\n ],\n },\n },\n})\n"]}
package/dist/config-bundle/index.js CHANGED
@@ -1,7 +1,7 @@
1
- import { generateIdentityConfig } from '../chunk-F7GNOL5A.js';
1
+ import { generateIdentityConfig } from '../chunk-3C5LH4YJ.js';
2
+ import { text } from '@highstate/contract';
2
3
  import { wireguard } from '@highstate/library';
3
4
  import { forUnit, toPromise, secret, fileFromBuffer } from '@highstate/pulumi';
4
- import { text } from '@highstate/contract';
5
5
  import ZipStream from 'zip-stream';
6
6
 
7
7
  var { name, inputs, args, outputs } = forUnit(wireguard.configBundle);
package/dist/config-bundle/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/config-bundle/index.ts"],"names":[],"mappings":";;;;;;AAMA,IAAM,EAAE,MAAM,MAAA,EAAQ,IAAA,EAAM,SAAQ,GAAI,OAAA,CAAQ,UAAU,YAAY,CAAA;AAEtE,IAAM,EAAE,QAAA,EAAU,KAAA,EAAO,aAAY,GAAI,MAAM,UAAU,MAAM,CAAA;AAE/D,IAAM,SAAiC,EAAC;AACxC,IAAM,SAAA,GAAY,IAAI,SAAA,EAAU;AAEhC,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,EAAA,MAAM,gBAAgB,sBAAA,CAAuB;AAAA,IAC3C,QAAA;AAAA,IACA,KAAA,EAAO,CAAC,GAAG,WAAA,EAAa,IAAI,CAAA;AAAA,IAC5B,kBAAkB,IAAA,CAAK;AAAA,GACxB,CAAA;AAED,EAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACrC,IAAA,OAAO,SAAA,CAAU,KAAA;AAAA,MACf,aAAA;AAAA,MACA;AAAA,QACE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,IAAI,CAAA,KAAA,CAAA;AAAA;AAAA,QAGlB,IAAA,kBAAM,IAAI,IAAA,CAAK,CAAC;AAAA,OAClB;AAAA,MACA,CAAA,GAAA,KAAO;AACL,QAAA,IAAI,GAAA,EAAK;AACP,UAAA,MAAA,CAAO,GAAG,CAAA;AAAA,QACZ,CAAA,MAAO;AACL,UAAA,OAAA,CAAQ,IAAI,CAAA;AAAA,QACd;AAAA,MACF;AAAA,KACF;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAA,CAAO,IAAA;AAAA,IACL;AAAA,MACE,IAAA,EAAM,UAAA;AAAA,MACN,OAAA,EAAS,CAAA,IAAA,EAAO,IAAA,CAAK,IAAI,CAAA;AAAA,KAC3B;AAAA,IACA;AAAA,MACE,IAAA,EAAM,IAAA;AAAA,MACN,OAAA,EAAS,OAAO,aAAa,CAAA;AAAA,MAC7B,WAAA,EAAa,IAAA;AAAA,MACb,QAAA,EAAU;AAAA;AACZ,GACF;AACF;AAEA,SAAA,CAAU,MAAA,EAAO;AAEjB,IAAM,UAAU,MAAM,IAAI,OAAA,CAAgB,CAAC,SAAS,MAAA,KAAW;AAC7D,EAAA,MAAM,UAAoB,EAAC;AAE3B,EAAA,SAAA,CAAU,GAAG,MAAA,EAAQ,CAAA,IAAA,KAAQ,OAAA,CAAQ,IAAA,CAAK,IAAc,CAAC,CAAA;AACzD,EAAA,SAAA,CAAU,EAAA,CAAG,OAAA,EAAS,CAAA,GAAA,KAAO,MAAA,CAAO,GAAY,CAAC,CAAA;AACjD,EAAA,SAAA,CAAU,EAAA,CAAG,OAAO,MAAM,OAAA,CAAQ,OAAO,MAAA,CAAO,OAAO,CAAC,CAAC,CAAA;AAC3D,CAAC,CAAA;AAED,IAAM,OAAA,GAAU,cAAA,CAAe,CAAA,EAAG,IAAI,QAAQ,OAAA,EAAS;AAAA,EACrD,WAAA,EAAa,iBAAA;AAAA,EACb,QAAA,EAAU;AACZ,CAAC,CAAA;AAED,IAAO,wBAAQ,OAAA,CAAQ;AAAA,EACrB,MAAA,EAAQ;AAAA,IACN,KAAA,EAAO;AAAA,MACL,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO;AAAA,OACT;AAAA,MACA,OAAA,EAAS;AAAA,QACP;AAAA,UACE,IAAA,EAAM,UAAA;AAAA,UACN,OAAA,EAAS,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA,UAAA;AAAA,SAMX;AAAA,QACA;AAAA,UACE,IAAA,EAAM,MAAA;AAAA,UACN,IAAA,EAAM;AAAA,SACR;AAAA,QACA,GAAG;AAAA;AACL;AACF;AAEJ,CAAC","file":"index.js","sourcesContent":["import { wireguard } from \"@highstate/library\"\nimport { fileFromBuffer, forUnit, secret, toPromise, type DeepInput } from \"@highstate/pulumi\"\nimport { text, type PageBlock } from \"@highstate/contract\"\nimport ZipStream from \"zip-stream\"\nimport { generateIdentityConfig } from \"../shared\"\n\nconst { name, inputs, args, outputs } = forUnit(wireguard.configBundle)\n\nconst { identity, peers, sharedPeers } = await toPromise(inputs)\n\nconst blocks: DeepInput<PageBlock>[] = []\nconst zipStream = new ZipStream()\n\nfor (const peer of peers) {\n const configContent = generateIdentityConfig({\n identity,\n peers: [...sharedPeers, peer],\n defaultInterface: args.defaultInterface,\n })\n\n await new Promise((resolve, reject) => {\n return zipStream.entry(\n configContent,\n {\n name: `${peer.name}.conf`,\n\n // to prevent zip-stream from using the current date, for reproducibility\n date: new Date(0),\n },\n err => {\n if (err) {\n reject(err)\n } else {\n resolve(null)\n }\n },\n )\n })\n\n blocks.push(\n {\n type: \"markdown\",\n content: `### ${peer.name}`,\n },\n {\n type: \"qr\",\n content: secret(configContent),\n showContent: true,\n language: \"ini\",\n },\n )\n}\n\nzipStream.finish()\n\nconst content = await new Promise<Buffer>((resolve, reject) => {\n const buffers: Buffer[] = []\n\n zipStream.on(\"data\", data => buffers.push(data as Buffer))\n zipStream.on(\"error\", err => reject(err as Error))\n zipStream.on(\"end\", () => resolve(Buffer.concat(buffers)))\n})\n\nconst zipFile = fileFromBuffer(`${name}.zip`, content, {\n contentType: \"application/zip\",\n isSecret: true,\n})\n\nexport default outputs({\n $pages: {\n index: {\n meta: {\n title: \"WireGuard Configuration Bundle\",\n },\n content: [\n {\n type: \"markdown\",\n content: text`\n You can use the following configurations to setup an external WireGuard device via \\`wg-quick\\` command or\n using the WireGuard app on your desktop or mobile device.\n \n You can also bulk import all configurations from zip file using the WireGuard app.\n `,\n },\n {\n type: \"file\",\n file: zipFile,\n },\n ...blocks,\n ],\n },\n },\n})\n"]}
1
+ {"version":3,"sources":["../../src/config-bundle/index.ts"],"names":[],"mappings":";;;;;;AAMA,IAAM,EAAE,MAAM,MAAA,EAAQ,IAAA,EAAM,SAAQ,GAAI,OAAA,CAAQ,UAAU,YAAY,CAAA;AAEtE,IAAM,EAAE,QAAA,EAAU,KAAA,EAAO,aAAY,GAAI,MAAM,UAAU,MAAM,CAAA;AAE/D,IAAM,SAAiC,EAAC;AACxC,IAAM,SAAA,GAAY,IAAI,SAAA,EAAU;AAEhC,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,EAAA,MAAM,gBAAgB,sBAAA,CAAuB;AAAA,IAC3C,QAAA;AAAA,IACA,KAAA,EAAO,CAAC,GAAG,WAAA,EAAa,IAAI,CAAA;AAAA,IAC5B,kBAAkB,IAAA,CAAK;AAAA,GACxB,CAAA;AAED,EAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACrC,IAAA,OAAO,SAAA,CAAU,KAAA;AAAA,MACf,aAAA;AAAA,MACA;AAAA,QACE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,IAAI,CAAA,KAAA,CAAA;AAAA;AAAA,QAGlB,IAAA,kBAAM,IAAI,IAAA,CAAK,CAAC;AAAA,OAClB;AAAA,MACA,CAAA,GAAA,KAAO;AACL,QAAA,IAAI,GAAA,EAAK;AACP,UAAA,MAAA,CAAO,GAAG,CAAA;AAAA,QACZ,CAAA,MAAO;AACL,UAAA,OAAA,CAAQ,IAAI,CAAA;AAAA,QACd;AAAA,MACF;AAAA,KACF;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAA,CAAO,IAAA;AAAA,IACL;AAAA,MACE,IAAA,EAAM,UAAA;AAAA,MACN,OAAA,EAAS,CAAA,IAAA,EAAO,IAAA,CAAK,IAAI,CAAA;AAAA,KAC3B;AAAA,IACA;AAAA,MACE,IAAA,EAAM,IAAA;AAAA,MACN,OAAA,EAAS,OAAO,aAAa,CAAA;AAAA,MAC7B,WAAA,EAAa,IAAA;AAAA,MACb,QAAA,EAAU;AAAA;AACZ,GACF;AACF;AAEA,SAAA,CAAU,MAAA,EAAO;AAEjB,IAAM,UAAU,MAAM,IAAI,OAAA,CAAgB,CAAC,SAAS,MAAA,KAAW;AAC7D,EAAA,MAAM,UAAoB,EAAC;AAE3B,EAAA,SAAA,CAAU,GAAG,MAAA,EAAQ,CAAA,IAAA,KAAQ,OAAA,CAAQ,IAAA,CAAK,IAAc,CAAC,CAAA;AACzD,EAAA,SAAA,CAAU,EAAA,CAAG,OAAA,EAAS,CAAA,GAAA,KAAO,MAAA,CAAO,GAAY,CAAC,CAAA;AACjD,EAAA,SAAA,CAAU,EAAA,CAAG,OAAO,MAAM,OAAA,CAAQ,OAAO,MAAA,CAAO,OAAO,CAAC,CAAC,CAAA;AAC3D,CAAC,CAAA;AAED,IAAM,OAAA,GAAU,cAAA,CAAe,CAAA,EAAG,IAAI,QAAQ,OAAA,EAAS;AAAA,EACrD,WAAA,EAAa,iBAAA;AAAA,EACb,QAAA,EAAU;AACZ,CAAC,CAAA;AAED,IAAO,wBAAQ,OAAA,CAAQ;AAAA,EACrB,MAAA,EAAQ;AAAA,IACN,KAAA,EAAO;AAAA,MACL,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO;AAAA,OACT;AAAA,MACA,OAAA,EAAS;AAAA,QACP;AAAA,UACE,IAAA,EAAM,UAAA;AAAA,UACN,OAAA,EAAS,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA,UAAA;AAAA,SAMX;AAAA,QACA;AAAA,UACE,IAAA,EAAM,MAAA;AAAA,UACN,IAAA,EAAM;AAAA,SACR;AAAA,QACA,GAAG;AAAA;AACL;AACF;AAEJ,CAAC","file":"index.js","sourcesContent":["import { type PageBlock, text } from \"@highstate/contract\"\nimport { wireguard } from \"@highstate/library\"\nimport { type DeepInput, fileFromBuffer, forUnit, secret, toPromise } from \"@highstate/pulumi\"\nimport ZipStream from \"zip-stream\"\nimport { generateIdentityConfig } from \"../shared\"\n\nconst { name, inputs, args, outputs } = forUnit(wireguard.configBundle)\n\nconst { identity, peers, sharedPeers } = await toPromise(inputs)\n\nconst blocks: DeepInput<PageBlock>[] = []\nconst zipStream = new ZipStream()\n\nfor (const peer of peers) {\n const configContent = generateIdentityConfig({\n identity,\n peers: [...sharedPeers, peer],\n defaultInterface: args.defaultInterface,\n })\n\n await new Promise((resolve, reject) => {\n return zipStream.entry(\n configContent,\n {\n name: `${peer.name}.conf`,\n\n // to prevent zip-stream from using the current date, for reproducibility\n date: new Date(0),\n },\n err => {\n if (err) {\n reject(err)\n } else {\n resolve(null)\n }\n },\n )\n })\n\n blocks.push(\n {\n type: \"markdown\",\n content: `### ${peer.name}`,\n },\n {\n type: \"qr\",\n content: secret(configContent),\n showContent: true,\n language: \"ini\",\n },\n )\n}\n\nzipStream.finish()\n\nconst content = await new Promise<Buffer>((resolve, reject) => {\n const buffers: Buffer[] = []\n\n zipStream.on(\"data\", data => buffers.push(data as Buffer))\n zipStream.on(\"error\", err => reject(err as Error))\n zipStream.on(\"end\", () => resolve(Buffer.concat(buffers)))\n})\n\nconst zipFile = fileFromBuffer(`${name}.zip`, content, {\n contentType: \"application/zip\",\n isSecret: true,\n})\n\nexport default outputs({\n $pages: {\n index: {\n meta: {\n title: \"WireGuard Configuration Bundle\",\n },\n content: [\n {\n type: \"markdown\",\n content: text`\n You can use the following configurations to setup an external WireGuard device via \\`wg-quick\\` command or\n using the WireGuard app on your desktop or mobile device.\n \n You can also bulk import all configurations from zip file using the WireGuard app.\n `,\n },\n {\n type: \"file\",\n file: zipFile,\n },\n ...blocks,\n ],\n },\n },\n})\n"]}
package/dist/highstate.manifest.json CHANGED
@@ -1,12 +1,12 @@
1
1
  {
2
2
  "sourceHashes": {
3
3
  "./dist/network/index.js": 766329062,
4
- "./dist/identity/index.js": 2866379110,
5
- "./dist/config/index.js": 2245544703,
6
- "./dist/config-bundle/index.js": 2816168683,
7
- "./dist/node/index.js": 2562701380,
8
- "./dist/node.k8s/index.js": 3085656507,
9
- "./dist/peer/index.js": 414444955,
10
- "./dist/peer-patch/index.js": 2938252704
4
+ "./dist/identity/index.js": 922833813,
5
+ "./dist/config/index.js": 3974380189,
6
+ "./dist/config-bundle/index.js": 4208158159,
7
+ "./dist/node/index.js": 2042790442,
8
+ "./dist/node.k8s/index.js": 908824913,
9
+ "./dist/peer/index.js": 2355368673,
10
+ "./dist/peer-patch/index.js": 969880957
11
11
  }
12
12
  }
package/dist/identity/index.js CHANGED
@@ -1,7 +1,7 @@
1
- import { generateKey, generatePresharedKey, convertPrivateKeyToPublicKey, createPeerEntity } from '../chunk-F7GNOL5A.js';
1
+ import { generateKey, generatePresharedKey, convertPrivateKeyToPublicKey, createPeerEntity } from '../chunk-3C5LH4YJ.js';
2
+ import { l4EndpointToString } from '@highstate/common';
2
3
  import { wireguard } from '@highstate/library';
3
4
  import { forUnit, toPromise } from '@highstate/pulumi';
4
- import { l4EndpointToString } from '@highstate/common';
5
5
 
6
6
  var { name, args, inputs, getSecret, outputs } = forUnit(wireguard.identity);
7
7
  var privateKey = getSecret("privateKey", generateKey);
package/dist/identity/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/identity/index.ts"],"names":[],"mappings":";;;;;AAUA,IAAM,EAAE,MAAM,IAAA,EAAM,MAAA,EAAQ,WAAW,OAAA,EAAQ,GAAI,OAAA,CAAQ,SAAA,CAAU,QAAQ,CAAA;AAE7E,IAAM,UAAA,GAAa,SAAA,CAAU,YAAA,EAAc,WAAW,CAAA;AACtD,IAAM,sBAAA,GAAyB,SAAA,CAAU,kBAAA,EAAoB,oBAAoB,CAAA;AAEjF,IAAM,aAAA,GAAgB,MAAM,SAAA,CAAU,MAAM,CAAA;AAC5C,IAAM,YAAY,MAAM,SAAA,CAAU,UAAA,CAAW,KAAA,CAAM,4BAA4B,CAAC,CAAA;AAChF,IAAM,gBAAA,GAAmB,MAAM,SAAA,CAAU,sBAAsB,CAAA;AAE/D,IAAM,OAAO,gBAAA,CAAiB,IAAA,EAAM,IAAA,EAAM,aAAA,EAAe,WAAW,gBAAgB,CAAA;AAEpF,IAAO,mBAAQ,OAAA,CAAQ;AAAA,EACrB,QAAA,EAAU;AAAA,IACR,IAAA;AAAA,IACA;AAAA,GACF;AAAA,EAEA,IAAA;AAAA,EAEA,WAAW,IAAA,CAAK,SAAA;AAAA,EAEhB,aAAA,EAAe;AAAA,IACb,SAAA;AAAA,IACA,SAAA,EAAW;AAAA,MACT,KAAA,EAAO,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,kBAAkB,CAAA;AAAA,MAC5C,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA,WAAA,EAAa;AAAA,MACX,OAAO,IAAA,CAAK,WAAA;AAAA,MACZ,eAAA,EAAiB;AAAA;AACnB;AAEJ,CAAC","file":"index.js","sourcesContent":["import { wireguard } from \"@highstate/library\"\nimport { forUnit, toPromise } from \"@highstate/pulumi\"\nimport { l4EndpointToString } from \"@highstate/common\"\nimport {\n convertPrivateKeyToPublicKey,\n createPeerEntity,\n generateKey,\n generatePresharedKey,\n} from \"../shared\"\n\nconst { name, args, inputs, getSecret, outputs } = forUnit(wireguard.identity)\n\nconst privateKey = getSecret(\"privateKey\", generateKey)\nconst presharedKeyPartOutput = getSecret(\"presharedKeyPart\", generatePresharedKey)\n\nconst resolvedInpus = await toPromise(inputs)\nconst publicKey = await toPromise(privateKey.apply(convertPrivateKeyToPublicKey))\nconst presharedKeyPart = await toPromise(presharedKeyPartOutput)\n\nconst peer = createPeerEntity(name, args, resolvedInpus, publicKey, presharedKeyPart)\n\nexport default outputs({\n identity: {\n peer,\n privateKey,\n },\n\n peer,\n\n endpoints: peer.endpoints,\n\n $statusFields: {\n publicKey,\n endpoints: {\n value: peer.endpoints.map(l4EndpointToString),\n complementaryTo: \"endpoints\",\n },\n excludedIps: {\n value: peer.excludedIps,\n complementaryTo: \"excludedIps\",\n },\n },\n})\n"]}
1
+ {"version":3,"sources":["../../src/identity/index.ts"],"names":[],"mappings":";;;;;AAUA,IAAM,EAAE,MAAM,IAAA,EAAM,MAAA,EAAQ,WAAW,OAAA,EAAQ,GAAI,OAAA,CAAQ,SAAA,CAAU,QAAQ,CAAA;AAE7E,IAAM,UAAA,GAAa,SAAA,CAAU,YAAA,EAAc,WAAW,CAAA;AACtD,IAAM,sBAAA,GAAyB,SAAA,CAAU,kBAAA,EAAoB,oBAAoB,CAAA;AAEjF,IAAM,aAAA,GAAgB,MAAM,SAAA,CAAU,MAAM,CAAA;AAC5C,IAAM,YAAY,MAAM,SAAA,CAAU,UAAA,CAAW,KAAA,CAAM,4BAA4B,CAAC,CAAA;AAChF,IAAM,gBAAA,GAAmB,MAAM,SAAA,CAAU,sBAAsB,CAAA;AAE/D,IAAM,OAAO,gBAAA,CAAiB,IAAA,EAAM,IAAA,EAAM,aAAA,EAAe,WAAW,gBAAgB,CAAA;AAEpF,IAAO,mBAAQ,OAAA,CAAQ;AAAA,EACrB,QAAA,EAAU;AAAA,IACR,IAAA;AAAA,IACA;AAAA,GACF;AAAA,EAEA,IAAA;AAAA,EAEA,WAAW,IAAA,CAAK,SAAA;AAAA,EAEhB,aAAA,EAAe;AAAA,IACb,SAAA;AAAA,IACA,SAAA,EAAW;AAAA,MACT,KAAA,EAAO,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,kBAAkB,CAAA;AAAA,MAC5C,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA,WAAA,EAAa;AAAA,MACX,OAAO,IAAA,CAAK,WAAA;AAAA,MACZ,eAAA,EAAiB;AAAA;AACnB;AAEJ,CAAC","file":"index.js","sourcesContent":["import { l4EndpointToString } from \"@highstate/common\"\nimport { wireguard } from \"@highstate/library\"\nimport { forUnit, toPromise } from \"@highstate/pulumi\"\nimport {\n convertPrivateKeyToPublicKey,\n createPeerEntity,\n generateKey,\n generatePresharedKey,\n} from \"../shared\"\n\nconst { name, args, inputs, getSecret, outputs } = forUnit(wireguard.identity)\n\nconst privateKey = getSecret(\"privateKey\", generateKey)\nconst presharedKeyPartOutput = getSecret(\"presharedKeyPart\", generatePresharedKey)\n\nconst resolvedInpus = await toPromise(inputs)\nconst publicKey = await toPromise(privateKey.apply(convertPrivateKeyToPublicKey))\nconst presharedKeyPart = await toPromise(presharedKeyPartOutput)\n\nconst peer = createPeerEntity(name, args, resolvedInpus, publicKey, presharedKeyPart)\n\nexport default outputs({\n identity: {\n peer,\n privateKey,\n },\n\n peer,\n\n endpoints: peer.endpoints,\n\n $statusFields: {\n publicKey,\n endpoints: {\n value: peer.endpoints.map(l4EndpointToString),\n complementaryTo: \"endpoints\",\n },\n excludedIps: {\n value: peer.excludedIps,\n complementaryTo: \"excludedIps\",\n },\n },\n})\n"]}
package/dist/node/index.js CHANGED
@@ -1,4 +1,4 @@
1
- import { generateIdentityConfig } from '../chunk-F7GNOL5A.js';
1
+ import { generateIdentityConfig } from '../chunk-3C5LH4YJ.js';
2
2
  import { Command, l3EndpointToL4, l4EndpointToString } from '@highstate/common';
3
3
  import { wireguard } from '@highstate/library';
4
4
  import { forUnit, toPromise } from '@highstate/pulumi';
package/dist/node.k8s/index.js CHANGED
@@ -1,4 +1,4 @@
1
- import { generateIdentityConfig, shouldExpose, isExitNode } from '../chunk-F7GNOL5A.js';
1
+ import { generateIdentityConfig, shouldExpose, isExitNode } from '../chunk-3C5LH4YJ.js';
2
2
  import { l34EndpointToString, updateEndpoints, l4EndpointToString } from '@highstate/common';
3
3
  import { Namespace, Secret, ExposableWorkload, NetworkPolicy } from '@highstate/k8s';
4
4
  import { wireguard as wireguard$1 } from '@highstate/library';
package/dist/peer/index.js CHANGED
@@ -1,7 +1,7 @@
1
- import { createPeerEntity } from '../chunk-F7GNOL5A.js';
1
+ import { createPeerEntity } from '../chunk-3C5LH4YJ.js';
2
+ import { l3EndpointToString, l4EndpointToString } from '@highstate/common';
2
3
  import { wireguard } from '@highstate/library';
3
4
  import { forUnit, toPromise } from '@highstate/pulumi';
4
- import { l3EndpointToString, l4EndpointToString } from '@highstate/common';
5
5
 
6
6
  var { name, args, secrets, inputs, outputs } = forUnit(wireguard.peer);
7
7
  var resolvedInpus = await toPromise(inputs);
package/dist/peer/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/peer/index.ts"],"names":[],"mappings":";;;;;AAKA,IAAM,EAAE,MAAM,IAAA,EAAM,OAAA,EAAS,QAAQ,OAAA,EAAQ,GAAI,OAAA,CAAQ,SAAA,CAAU,IAAI,CAAA;AAEvE,IAAM,aAAA,GAAgB,MAAM,SAAA,CAAU,MAAM,CAAA;AAC5C,IAAM,YAAA,GAAe,MAAM,SAAA,CAAU,OAAA,CAAQ,YAAY,CAAA;AAEzD,IAAM,OAAO,gBAAA,CAAiB,IAAA,EAAM,MAAM,aAAA,EAAe,IAAA,CAAK,WAAW,YAAY,CAAA;AAErF,IAAO,eAAQ,OAAA,CAAQ;AAAA,EACrB,IAAA;AAAA,EACA,WAAW,IAAA,CAAK,SAAA;AAAA,EAEhB,aAAA,EAAe;AAAA,IACb,SAAA,EAAW;AAAA,MACT,KAAA,EAAO,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,kBAAkB,CAAA;AAAA,MAC5C,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA,gBAAA,EAAkB;AAAA,MAChB,KAAA,EAAO,IAAA,CAAK,gBAAA,CAAiB,GAAA,CAAI,kBAAkB,CAAA;AAAA,MACnD,eAAA,EAAiB;AAAA;AACnB;AAEJ,CAAC","file":"index.js","sourcesContent":["import { wireguard } from \"@highstate/library\"\nimport { forUnit, toPromise } from \"@highstate/pulumi\"\nimport { l3EndpointToString, l4EndpointToString } from \"@highstate/common\"\nimport { createPeerEntity } from \"../shared\"\n\nconst { name, args, secrets, inputs, outputs } = forUnit(wireguard.peer)\n\nconst resolvedInpus = await toPromise(inputs)\nconst presharedKey = await toPromise(secrets.presharedKey)\n\nconst peer = createPeerEntity(name, args, resolvedInpus, args.publicKey, presharedKey)\n\nexport default outputs({\n peer,\n endpoints: peer.endpoints,\n\n $statusFields: {\n endpoints: {\n value: peer.endpoints.map(l4EndpointToString),\n complementaryTo: \"endpoints\",\n },\n allowedEndpoints: {\n value: peer.allowedEndpoints.map(l3EndpointToString),\n complementaryTo: \"allowedEndpoints\",\n },\n },\n})\n"]}
1
+ {"version":3,"sources":["../../src/peer/index.ts"],"names":[],"mappings":";;;;;AAKA,IAAM,EAAE,MAAM,IAAA,EAAM,OAAA,EAAS,QAAQ,OAAA,EAAQ,GAAI,OAAA,CAAQ,SAAA,CAAU,IAAI,CAAA;AAEvE,IAAM,aAAA,GAAgB,MAAM,SAAA,CAAU,MAAM,CAAA;AAC5C,IAAM,YAAA,GAAe,MAAM,SAAA,CAAU,OAAA,CAAQ,YAAY,CAAA;AAEzD,IAAM,OAAO,gBAAA,CAAiB,IAAA,EAAM,MAAM,aAAA,EAAe,IAAA,CAAK,WAAW,YAAY,CAAA;AAErF,IAAO,eAAQ,OAAA,CAAQ;AAAA,EACrB,IAAA;AAAA,EACA,WAAW,IAAA,CAAK,SAAA;AAAA,EAEhB,aAAA,EAAe;AAAA,IACb,SAAA,EAAW;AAAA,MACT,KAAA,EAAO,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,kBAAkB,CAAA;AAAA,MAC5C,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA,gBAAA,EAAkB;AAAA,MAChB,KAAA,EAAO,IAAA,CAAK,gBAAA,CAAiB,GAAA,CAAI,kBAAkB,CAAA;AAAA,MACnD,eAAA,EAAiB;AAAA;AACnB;AAEJ,CAAC","file":"index.js","sourcesContent":["import { l3EndpointToString, l4EndpointToString } from \"@highstate/common\"\nimport { wireguard } from \"@highstate/library\"\nimport { forUnit, toPromise } from \"@highstate/pulumi\"\nimport { createPeerEntity } from \"../shared\"\n\nconst { name, args, secrets, inputs, outputs } = forUnit(wireguard.peer)\n\nconst resolvedInpus = await toPromise(inputs)\nconst presharedKey = await toPromise(secrets.presharedKey)\n\nconst peer = createPeerEntity(name, args, resolvedInpus, args.publicKey, presharedKey)\n\nexport default outputs({\n peer,\n endpoints: peer.endpoints,\n\n $statusFields: {\n endpoints: {\n value: peer.endpoints.map(l4EndpointToString),\n complementaryTo: \"endpoints\",\n },\n allowedEndpoints: {\n value: peer.allowedEndpoints.map(l3EndpointToString),\n complementaryTo: \"allowedEndpoints\",\n },\n },\n})\n"]}
package/dist/peer-patch/index.js CHANGED
@@ -1,7 +1,7 @@
1
- import { calculateEndpoints, calculateAllowedEndpoints, calculateAllowedIps } from '../chunk-F7GNOL5A.js';
1
+ import { calculateEndpoints, calculateAllowedEndpoints, calculateAllowedIps } from '../chunk-3C5LH4YJ.js';
2
+ import { updateEndpoints, l3EndpointToString, l4EndpointToString } from '@highstate/common';
2
3
  import { wireguard } from '@highstate/library';
3
4
  import { forUnit, toPromise } from '@highstate/pulumi';
4
- import { updateEndpoints, l3EndpointToString, l4EndpointToString } from '@highstate/common';
5
5
 
6
6
  var { args, inputs, outputs } = forUnit(wireguard.peerPatch);
7
7
  var resolvedInputs = await toPromise(inputs);
package/dist/peer-patch/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/peer-patch/index.ts"],"names":[],"mappings":";;;;;AAKA,IAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAQ,GAAI,OAAA,CAAQ,UAAU,SAAS,CAAA;AAE7D,IAAM,cAAA,GAAiB,MAAM,SAAA,CAAU,MAAM,CAAA;AAE7C,IAAM,YAAY,MAAM,eAAA;AAAA,EACtB,OAAO,IAAA,CAAK,SAAA;AAAA,EACZ,EAAC;AAAA,EACD,kBAAA,CAAmB,EAAE,GAAG,IAAA,EAAM,YAAY,cAAA,CAAe,IAAA,CAAK,UAAA,EAAW,EAAG,cAAc,CAAA;AAAA,EAC1F,IAAA,CAAK;AACP,CAAA;AAEA,IAAM,mBAAmB,MAAM,eAAA;AAAA,EAC7B,OAAO,IAAA,CAAK,gBAAA;AAAA,EACZ,EAAC;AAAA,EACD,yBAAA,CAA0B,MAAM,cAAc,CAAA;AAAA,EAC9C,IAAA,CAAK;AACP,CAAA;AAEA,IAAO,qBAAQ,OAAA,CAAQ;AAAA,EACrB,IAAA,EAAM;AAAA,IACJ,GAAG,cAAA,CAAe,IAAA;AAAA,IAClB,SAAA;AAAA,IACA,gBAAA;AAAA,IACA,GAAA,EAAK,KAAK,GAAA,CAAI,MAAA,GAAS,IAAI,IAAA,CAAK,GAAA,GAAM,eAAe,IAAA,CAAK,GAAA;AAAA,IAC1D,UAAA,EAAY,mBAAA;AAAA,MACV,EAAE,SAAS,IAAA,CAAK,OAAA,IAAW,eAAe,IAAA,CAAK,OAAA,EAAS,QAAA,EAAU,IAAA,CAAK,QAAA,EAAS;AAAA,MAChF,cAAA;AAAA,MACA;AAAA;AACF,GACF;AAAA,EAEA,SAAA;AAAA,EAEA,aAAA,EAAe;AAAA,IACb,SAAA,EAAW;AAAA,MACT,KAAA,EAAO,SAAA,CAAU,GAAA,CAAI,kBAAkB,CAAA;AAAA,MACvC,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA,gBAAA,EAAkB;AAAA,MAChB,KAAA,EAAO,gBAAA,CAAiB,GAAA,CAAI,kBAAkB,CAAA;AAAA,MAC9C,eAAA,EAAiB;AAAA;AACnB;AAEJ,CAAC","file":"index.js","sourcesContent":["import { wireguard } from \"@highstate/library\"\nimport { forUnit, toPromise } from \"@highstate/pulumi\"\nimport { l3EndpointToString, l4EndpointToString, updateEndpoints } from \"@highstate/common\"\nimport { calculateAllowedEndpoints, calculateAllowedIps, calculateEndpoints } from \"../shared\"\n\nconst { args, inputs, outputs } = forUnit(wireguard.peerPatch)\n\nconst resolvedInputs = await toPromise(inputs)\n\nconst endpoints = await updateEndpoints(\n inputs.peer.endpoints,\n [],\n calculateEndpoints({ ...args, listenPort: resolvedInputs.peer.listenPort }, resolvedInputs),\n args.endpointsPatchMode,\n)\n\nconst allowedEndpoints = await updateEndpoints(\n inputs.peer.allowedEndpoints,\n [],\n calculateAllowedEndpoints(args, resolvedInputs),\n args.allowedEndpointsPatchMode,\n)\n\nexport default outputs({\n peer: {\n ...resolvedInputs.peer,\n endpoints,\n allowedEndpoints,\n dns: args.dns.length > 0 ? args.dns : resolvedInputs.peer.dns,\n allowedIps: calculateAllowedIps(\n { address: args.address ?? resolvedInputs.peer.address, exitNode: args.exitNode },\n resolvedInputs,\n allowedEndpoints,\n ),\n },\n\n endpoints,\n\n $statusFields: {\n endpoints: {\n value: endpoints.map(l4EndpointToString),\n complementaryTo: \"endpoints\",\n },\n allowedEndpoints: {\n value: allowedEndpoints.map(l3EndpointToString),\n complementaryTo: \"allowedEndpoints\",\n },\n },\n})\n"]}
1
+ {"version":3,"sources":["../../src/peer-patch/index.ts"],"names":[],"mappings":";;;;;AAKA,IAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAQ,GAAI,OAAA,CAAQ,UAAU,SAAS,CAAA;AAE7D,IAAM,cAAA,GAAiB,MAAM,SAAA,CAAU,MAAM,CAAA;AAE7C,IAAM,YAAY,MAAM,eAAA;AAAA,EACtB,OAAO,IAAA,CAAK,SAAA;AAAA,EACZ,EAAC;AAAA,EACD,kBAAA,CAAmB,EAAE,GAAG,IAAA,EAAM,YAAY,cAAA,CAAe,IAAA,CAAK,UAAA,EAAW,EAAG,cAAc,CAAA;AAAA,EAC1F,IAAA,CAAK;AACP,CAAA;AAEA,IAAM,mBAAmB,MAAM,eAAA;AAAA,EAC7B,OAAO,IAAA,CAAK,gBAAA;AAAA,EACZ,EAAC;AAAA,EACD,yBAAA,CAA0B,MAAM,cAAc,CAAA;AAAA,EAC9C,IAAA,CAAK;AACP,CAAA;AAEA,IAAO,qBAAQ,OAAA,CAAQ;AAAA,EACrB,IAAA,EAAM;AAAA,IACJ,GAAG,cAAA,CAAe,IAAA;AAAA,IAClB,SAAA;AAAA,IACA,gBAAA;AAAA,IACA,GAAA,EAAK,KAAK,GAAA,CAAI,MAAA,GAAS,IAAI,IAAA,CAAK,GAAA,GAAM,eAAe,IAAA,CAAK,GAAA;AAAA,IAC1D,UAAA,EAAY,mBAAA;AAAA,MACV,EAAE,SAAS,IAAA,CAAK,OAAA,IAAW,eAAe,IAAA,CAAK,OAAA,EAAS,QAAA,EAAU,IAAA,CAAK,QAAA,EAAS;AAAA,MAChF,cAAA;AAAA,MACA;AAAA;AACF,GACF;AAAA,EAEA,SAAA;AAAA,EAEA,aAAA,EAAe;AAAA,IACb,SAAA,EAAW;AAAA,MACT,KAAA,EAAO,SAAA,CAAU,GAAA,CAAI,kBAAkB,CAAA;AAAA,MACvC,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA,gBAAA,EAAkB;AAAA,MAChB,KAAA,EAAO,gBAAA,CAAiB,GAAA,CAAI,kBAAkB,CAAA;AAAA,MAC9C,eAAA,EAAiB;AAAA;AACnB;AAEJ,CAAC","file":"index.js","sourcesContent":["import { l3EndpointToString, l4EndpointToString, updateEndpoints } from \"@highstate/common\"\nimport { wireguard } from \"@highstate/library\"\nimport { forUnit, toPromise } from \"@highstate/pulumi\"\nimport { calculateAllowedEndpoints, calculateAllowedIps, calculateEndpoints } from \"../shared\"\n\nconst { args, inputs, outputs } = forUnit(wireguard.peerPatch)\n\nconst resolvedInputs = await toPromise(inputs)\n\nconst endpoints = await updateEndpoints(\n inputs.peer.endpoints,\n [],\n calculateEndpoints({ ...args, listenPort: resolvedInputs.peer.listenPort }, resolvedInputs),\n args.endpointsPatchMode,\n)\n\nconst allowedEndpoints = await updateEndpoints(\n inputs.peer.allowedEndpoints,\n [],\n calculateAllowedEndpoints(args, resolvedInputs),\n args.allowedEndpointsPatchMode,\n)\n\nexport default outputs({\n peer: {\n ...resolvedInputs.peer,\n endpoints,\n allowedEndpoints,\n dns: args.dns.length > 0 ? args.dns : resolvedInputs.peer.dns,\n allowedIps: calculateAllowedIps(\n { address: args.address ?? resolvedInputs.peer.address, exitNode: args.exitNode },\n resolvedInputs,\n allowedEndpoints,\n ),\n },\n\n endpoints,\n\n $statusFields: {\n endpoints: {\n value: endpoints.map(l4EndpointToString),\n complementaryTo: \"endpoints\",\n },\n allowedEndpoints: {\n value: allowedEndpoints.map(l3EndpointToString),\n complementaryTo: \"allowedEndpoints\",\n },\n },\n})\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@highstate/wireguard",
3
- "version": "0.9.20",
3
+ "version": "0.9.21",
4
4
  "type": "module",
5
5
  "files": [
6
6
  "dist"
@@ -20,22 +20,27 @@
20
20
  },
21
21
  "scripts": {
22
22
  "build": "highstate build",
23
- "update-images": "../../scripts/update-images.sh ./assets/images.json"
23
+ "update-images": "../../scripts/update-images.sh ./assets/images.json",
24
+ "typecheck": "tsgo --noEmit --skipLibCheck",
25
+ "biome": "biome check --write --unsafe --error-on-warnings",
26
+ "biome:check": "biome check --error-on-warnings"
24
27
  },
25
28
  "dependencies": {
26
- "@highstate/common": "^0.9.20",
27
- "@highstate/contract": "^0.9.20",
28
- "@highstate/k8s": "^0.9.20",
29
- "@highstate/library": "^0.9.20",
30
- "@highstate/pulumi": "^0.9.20",
29
+ "@highstate/common": "^0.9.21",
30
+ "@highstate/contract": "^0.9.21",
31
+ "@highstate/k8s": "^0.9.21",
32
+ "@highstate/library": "^0.9.21",
33
+ "@highstate/pulumi": "^0.9.21",
31
34
  "@noble/curves": "^1.8.0",
32
35
  "@pulumi/kubernetes": "^4.18.0",
33
36
  "deepmerge-ts": "^7.1.5",
34
37
  "zip-stream": "^7.0.2"
35
38
  },
36
39
  "devDependencies": {
37
- "@highstate/cli": "^0.9.20",
38
- "@types/zip-stream": "^7.0.0"
40
+ "@biomejs/biome": "2.2.0",
41
+ "@highstate/cli": "^0.9.21",
42
+ "@types/zip-stream": "^7.0.0",
43
+ "@typescript/native-preview": "^7.0.0-dev.20250920.1"
39
44
  },
40
- "gitHead": "4bf9183450c2c6f51d6a99d77efc379ff5c7b7ef"
45
+ "gitHead": "390ff15c0e0076822a682f9d4e19260942a8d6c2"
41
46
  }
package/dist/chunk-F7GNOL5A.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../../../../node_modules/@noble/hashes/src/cryptoNode.ts","../../../../node_modules/@noble/hashes/src/utils.ts","../../../../node_modules/remeda/dist/chunk-ANXBDSUI.js","../../../../node_modules/remeda/dist/chunk-3GOCSNFN.js","../../../../node_modules/remeda/dist/chunk-LFJW7BOT.js","../../../../node_modules/remeda/dist/chunk-QJLMYOTX.js","../../../../node_modules/remeda/dist/chunk-7ZI6JRPB.js","../src/shared.ts"],"names":["i","a","s","y"],"mappings":";;;;;;AASO,IAAM,MAAA,GACX,EAAA,IAAM,OAAO,EAAA,KAAO,YAAY,WAAA,IAAe,EAAA,GACvC,EAAA,CAAA,SAAA,GACJ,EAAA,IAAM,OAAO,EAAA,KAAO,QAAA,IAAY,aAAA,IAAiB,KAC/C,EAAA,GACA,MAAA;;;ACmXF,SAAU,WAAA,CAAY,cAAc,EAAA,EAAE;AAC1C,EAAA,IAAI,MAAA,IAAU,OAAO,MAAA,CAAO,eAAA,KAAoB,UAAA,EAAY;AAC1D,IAAA,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,WAAW,CAAC,CAAA;AAC3D,EAAA;AAEA,EAAA,IAAI,MAAA,IAAU,OAAO,MAAA,CAAO,WAAA,KAAgB,UAAA,EAAY;AACtD,IAAA,OAAO,UAAA,CAAW,IAAA,CAAK,MAAA,CAAO,WAAA,CAAY,WAAW,CAAC,CAAA;AACxD,EAAA;AACA,EAAA,MAAM,IAAI,MAAM,wCAAwC,CAAA;AAC1D;;;AC1YA,IAA2B,CAAA,GAAE,EAAC,IAAA,EAAK,KAAA,EAAG,SAAQ,KAAA,EAAE;;;ACAR,SAAS,CAAA,CAAE,MAAK,CAAA,EAAE;AAAC,EAAA,IAAI,CAAA,GAAE,CAAA,EAAE,CAAA,GAAE,CAAA,CAAE,GAAA,CAAI,CAAA,CAAA,KAAG,MAAA,IAAS,CAAA,GAAE,CAAA,CAAE,CAAC,CAAA,GAAE,MAAM,GAAE,CAAA,GAAE,CAAA;AAAE,EAAA,OAAK,CAAA,GAAE,EAAE,MAAA,IAAQ;AAAC,IAAA,IAAG,EAAE,CAAC,CAAA,KAAI,UAAQ,CAAC,CAAA,CAAE,CAAC,CAAA,EAAE;AAAC,MAAA,IAAIA,EAAAA,GAAE,EAAE,CAAC,CAAA;AAAE,MAAA,CAAA,GAAEA,EAAAA,CAAE,CAAC,CAAA,EAAE,CAAA,IAAG,CAAA;AAAE,MAAA;AAAA,IAAQ;AAAC,IAAA,IAAI,IAAE,EAAC;AAAE,IAAA,KAAA,IAAQA,EAAAA,GAAE,CAAA,EAAEA,EAAAA,GAAE,CAAA,CAAE,QAAOA,EAAAA,EAAAA,EAAI;AAAC,MAAA,IAAI,CAAA,GAAE,EAAEA,EAAC,CAAA;AAAE,MAAA,IAAG,MAAI,MAAA,KAAS,CAAA,CAAE,KAAK,CAAC,CAAA,EAAE,EAAE,QAAA,CAAA,EAAU;AAAA,IAAK;AAAC,IAAA,IAAIC,KAAE,EAAC;AAAE,IAAA,KAAA,IAAQD,MAAK,CAAA,EAAE,IAAG,EAAEA,EAAAA,EAAEC,EAAAA,EAAE,CAAC,CAAA,EAAE;AAAM,IAAA,IAAG,EAAC,QAAA,EAASC,EAAAA,EAAC,GAAE,CAAA,CAAE,GAAG,EAAE,CAAA;AAAE,IAAA,CAAA,GAAEA,KAAED,EAAAA,CAAE,CAAC,CAAA,GAAEA,EAAAA,EAAE,KAAG,CAAA,CAAE,MAAA;AAAA,EAAM;AAAC,EAAA,OAAO,CAAA;AAAC;AAAC,SAAS,CAAA,CAAE,CAAA,EAAE,CAAA,EAAE,CAAA,EAAE;AAAC,EAAA,IAAG,EAAE,MAAA,KAAS,CAAA,SAAS,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,EAAE,KAAA;AAAG,EAAA,IAAI,CAAA,GAAE,CAAA,EAAE,CAAA,GAAE,CAAA,EAAE,CAAA,GAAE,KAAA;AAAG,EAAA,KAAA,IAAO,CAAC,CAAA,EAAEA,EAAC,CAAA,IAAI,CAAA,CAAE,SAAQ,EAAE;AAAC,IAAA,IAAG,EAAC,KAAA,EAAMC,EAAAA,EAAE,KAAA,EAAMF,IAAC,GAAEC,EAAAA;AAAE,IAAA,IAAGD,EAAAA,CAAE,IAAA,CAAK,CAAC,CAAA,EAAE,IAAEC,EAAAA,CAAE,CAAA,EAAEC,EAAAA,EAAEF,EAAC,CAAA,EAAEC,EAAAA,CAAE,KAAA,IAAO,CAAA,EAAE,EAAE,OAAA,EAAQ;AAAC,MAAA,IAAG,CAAA,CAAE,WAAS,KAAA,EAAG;AAAC,QAAA,KAAA,IAAQ,CAAA,IAAK,CAAA,CAAE,IAAA,EAAK,IAAG,CAAA,CAAE,CAAA,EAAE,CAAA,EAAE,CAAA,CAAE,KAAA,CAAM,CAAA,GAAE,CAAC,CAAC,GAAE,OAAM,IAAA;AAAG,QAAA,OAAO,CAAA;AAAA,MAAC;AAAC,MAAA,CAAA,GAAE,CAAA,CAAE,IAAA;AAAA,IAAI;AAAC,IAAA,IAAG,CAAC,EAAE,OAAA,EAAQ;AAAM,IAAA,CAAA,CAAE,SAAO,CAAA,GAAE,IAAA,CAAA;AAAA,EAAG;AAAC,EAAA,OAAO,CAAA,CAAE,OAAA,IAAS,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,EAAE,CAAA;AAAC;AAAC,SAAS,EAAE,CAAA,EAAE;AAAC,EAAA,IAAG,EAAC,IAAA,EAAK,CAAA,EAAE,QAAA,EAAS,CAAA,KAAG,CAAA,EAAE,CAAA,GAAE,CAAA,CAAE,GAAG,CAAC,CAAA;AAAE,EAAA,OAAO,MAAA,CAAO,MAAA,CAAO,CAAA,EAAE,EAAC,QAAA,EAAS,CAAA,CAAE,MAAA,IAAQ,KAAA,EAAG,KAAA,EAAM,CAAA,EAAE,KAAA,EAAM,IAAG,CAAA;AAAC;AAAC,SAAS,EAAE,CAAA,EAAE;AAAC,EAAA,OAAO,OAAO,KAAG,QAAA,IAAU,OAAO,KAAG,QAAA,IAAU,CAAA,KAAI,IAAA,IAAM,MAAA,CAAO,QAAA,IAAY,CAAA;AAAC;;;ACA11B,SAASE,EAAAA,CAAE,GAAEH,EAAAA,EAAE;AAAC,EAAA,IAAIC,EAAAA,GAAED,EAAAA,CAAE,MAAA,GAAO,CAAA,CAAE,MAAA;AAAO,EAAA,IAAGC,OAAI,CAAA,EAAE;AAAC,IAAA,IAAG,CAAC,CAAA,EAAE,GAAG,CAAC,CAAA,GAAED,EAAAA;AAAE,IAAA,OAAO,EAAE,CAAA,EAAE,EAAC,MAAK,CAAA,EAAE,QAAA,EAAS,GAAE,CAAA;AAAA,EAAC;AAAC,EAAA,IAAGC,OAAI,CAAA,EAAE;AAAC,IAAA,IAAI,CAAA,GAAE,EAAC,IAAA,EAAK,CAAA,EAAE,UAASD,EAAAA,EAAC;AAAE,IAAA,OAAO,OAAO,MAAA,CAAO,CAAA,CAAA,KAAG,EAAE,CAAA,EAAE,CAAC,GAAE,CAAC,CAAA;AAAA,EAAC;AAAC,EAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAC;;;ACA1K,SAAS,KAAK,CAAA,EAAE;AAAC,EAAA,OAAOG,EAAAA,CAAE,GAAE,CAAC,CAAA;AAAC;AAAC,SAAS,CAAA,GAAG;AAAC,EAAA,IAAI,oBAAE,IAAI,GAAA,EAAA;AAAI,EAAA,OAAO,OAAG,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,GAAE,KAAG,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,EAAE,EAAC,IAAA,EAAK,KAAA,EAAG,OAAA,EAAQ,IAAA,EAAG,MAAK,CAAA,EAAC,CAAA;AAAE;;;ACA1H,SAAS,KAAK,CAAA,EAAE;AAAC,EAAA,OAAOA,EAAAA,CAAEA,IAAE,CAAC,CAAA;AAAC;AAAC,SAASA,GAAE,CAAA,EAAE;AAAC,EAAA,IAAI,CAAA,GAAE,CAAA,EAAE,CAAA,mBAAE,IAAI,GAAA,EAAA;AAAI,EAAA,OAAM,CAAC,CAAA,EAAEH,EAAAA,EAAE,CAAA,KAAI;AAAC,IAAA,IAAI,CAAA,GAAE,CAAA,CAAE,CAAA,EAAEA,EAAAA,EAAE,CAAC,CAAA;AAAE,IAAA,OAAO,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,GAAE,KAAG,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,EAAE,EAAC,IAAA,EAAK,KAAA,EAAG,OAAA,EAAQ,IAAA,EAAG,MAAK,CAAA,EAAC,CAAA;AAAA,EAAE,CAAA;AAAC;ACe3N,SAAS,WAAA,GAAsB;AACpC,EAAA,MAAM,GAAA,GAAM,MAAA,CAAO,KAAA,CAAM,gBAAA,EAAiB;AAE1C,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,SAAS,QAAQ,CAAA;AAC3C;AAEO,SAAS,6BAA6B,UAAA,EAA4B;AACvE,EAAA,MAAM,GAAA,GAAM,MAAA,CAAO,IAAA,CAAK,UAAA,EAAY,QAAQ,CAAA;AAE5C,EAAA,OAAO,MAAA,CAAO,KAAK,MAAA,CAAO,YAAA,CAAa,GAAG,CAAC,CAAA,CAAE,SAAS,QAAQ,CAAA;AAChE;AAEO,SAAS,oBAAA,GAA+B;AAC7C,EAAA,MAAM,GAAA,GAAM,YAAY,EAAE,CAAA;AAE1B,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,SAAS,QAAQ,CAAA;AAC3C;AAEO,SAAS,wBAAA,CAAyB,OAAe,KAAA,EAAuB;AAC7E,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,KAAA,EAAO,QAAQ,CAAA;AACxC,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,KAAA,EAAO,QAAQ,CAAA;AACxC,EAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAEhC,EAAA,KAAA,IAASA,EAAAA,GAAI,CAAA,EAAGA,EAAAA,GAAI,EAAA,EAAIA,EAAAA,EAAAA,EAAK;AAC3B,IAAA,MAAA,CAAOA,EAAC,CAAA,GAAI,IAAA,CAAKA,EAAC,CAAA,GAAI,KAAKA,EAAC,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,MAAM,CAAA,CAAE,SAAS,QAAQ,CAAA;AAC9C;AAEA,SAAS,kBAAA,CACP,QAAA,EACA,IAAA,EACA,OAAA,EACQ;AACR,EAAA,MAAM,KAAA,GAAQ;AAAA;AAAA,IAEZ,QAAA;AAAA,IACA,CAAA,EAAA,EAAK,KAAK,IAAI,CAAA,CAAA;AAAA,IACd,CAAA,YAAA,EAAe,KAAK,SAAS,CAAA;AAAA,GAC/B;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,MAAA,GAAS,CAAA,EAAG;AAC9B,IAAA,KAAA,CAAM,KAAK,CAAA,aAAA,EAAgB,IAAA,CAAK,WAAW,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EACzD;AAEA,EAAA,MAAM,YAAA,GAAe,eAAA,CAAgB,IAAA,CAAK,SAAA,EAAW,OAAO,CAAA;AAE5D,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,WAAA,EAAc,kBAAA,CAAmB,YAAY,CAAC,CAAA,CAAE,CAAA;AAAA,EAC7D;AAEA,EAAA,IAAI,QAAA,CAAS,IAAA,CAAK,gBAAA,IAAoB,IAAA,CAAK,gBAAA,EAAkB;AAC3D,IAAA,MAAM,YAAA,GAAe,wBAAA;AAAA,MACnB,SAAS,IAAA,CAAK,gBAAA;AAAA,MACd,IAAA,CAAK;AAAA,KACP;AAEA,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,eAAA,EAAkB,YAAY,CAAA,CAAE,CAAA;AAAA,EAC7C,CAAA,MAAA,IAAW,IAAA,CAAK,YAAA,IAAgB,QAAA,CAAS,KAAK,YAAA,EAAc;AAC1D,IAAA,IAAI,IAAA,CAAK,YAAA,KAAiB,QAAA,CAAS,IAAA,CAAK,YAAA,EAAc;AACpD,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,0CAA0C,IAAA,CAAK,IAAI,CAAA,KAAA,EAAQ,QAAA,CAAS,KAAK,IAAI,CAAA;AAAA,OAC/E;AAAA,IACF;AAEA,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,eAAA,EAAkB,IAAA,CAAK,YAAY,CAAA,CAAE,CAAA;AAAA,EAClD;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAeO,SAAS,sBAAA,CAAuB;AAAA,EACrC,QAAA;AAAA,EACA,KAAA;AAAA,EACA,UAAA,GAAa,SAAS,IAAA,CAAK,UAAA;AAAA,EAC3B,MAAM,EAAC;AAAA,EACP,QAAQ,EAAC;AAAA,EACT,SAAS,EAAC;AAAA,EACV,UAAU,EAAC;AAAA,EACX,WAAW,EAAC;AAAA,EACZ,gBAAA;AAAA,EACA;AACF,CAAA,EAA+B;AAC7B,EAAA,MAAM,MAAA,GAAS,CAAA,CAAO,KAAA,CAAM,OAAA,CAAQ,CAAA,IAAA,KAAQ,KAAK,GAAG,CAAA,CAAE,MAAA,CAAO,GAAG,CAAC,CAAA;AACjE,EAAA,MAAM,cAAc,CAAA,CAAO,KAAA,CAAM,QAAQ,CAAA,IAAA,KAAQ,IAAA,CAAK,WAAW,CAAC,CAAA;AAElE,EAAA,MAAM,KAAA,GAAQ;AAAA;AAAA,IAEZ,aAAA;AAAA,IACA,CAAA,EAAA,EAAK,QAAA,CAAS,IAAA,CAAK,IAAI,CAAA;AAAA,GACzB;AAEA,EAAA,IAAI,QAAA,CAAS,KAAK,OAAA,EAAS;AACzB,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,UAAA,EAAa,QAAA,CAAS,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA;AAAA,EACjD;AAEA,EAAA,KAAA,CAAM,IAAA;AAAA;AAAA,IAEJ,CAAA,aAAA,EAAgB,SAAS,UAAU,CAAA,CAAA;AAAA,IACnC;AAAA,GACF;AAEA,EAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACrB,IAAA,KAAA,CAAM,KAAK,CAAA,MAAA,EAAS,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EACzC;AAEA,EAAA,IAAI,UAAA,EAAY;AACd,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,aAAA,EAAgB,UAAU,CAAA,CAAE,CAAA;AAAA,EACzC;AAEA,EAAA,IAAI,KAAA,CAAM,SAAS,CAAA,EAAG;AACpB,IAAA,KAAA,CAAM,IAAA,EAAK;AACX,IAAA,KAAA,MAAW,WAAW,KAAA,EAAO;AAC3B,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,QAAA,EAAW,OAAO,CAAA,CAAE,CAAA;AAAA,IACjC;AAAA,EACF;AAEA,EAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACrB,IAAA,KAAA,CAAM,IAAA,EAAK;AACX,IAAA,KAAA,MAAW,WAAW,MAAA,EAAQ;AAC5B,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,SAAA,EAAY,OAAO,CAAA,CAAE,CAAA;AAAA,IAClC;AAAA,EACF;AAEA,EAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,IAAA,KAAA,CAAM,IAAA,EAAK;AACX,IAAA,KAAA,MAAW,WAAW,OAAA,EAAS;AAC7B,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,UAAA,EAAa,OAAO,CAAA,CAAE,CAAA;AAAA,IACnC;AAAA,EACF;AAEA,EAAA,IAAI,QAAA,CAAS,SAAS,CAAA,EAAG;AACvB,IAAA,KAAA,CAAM,IAAA,EAAK;AACX,IAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,WAAA,EAAc,OAAO,CAAA,CAAE,CAAA;AAAA,IACpC;AAAA,EACF;AAEA,EAAA,IAAI,gBAAA,EAAkB;AACpB,IAAA,KAAA,CAAM,IAAA,EAAK;AACX,IAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,sBAAA,EAAyB,UAAU,CAAA,KAAA,EAAQ,gBAAgB,CAAA,CAAE,CAAA;AAAA,IAC1E;AAAA,EACF;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,CAAA,IAAA,KAAQ,KAAK,IAAA,KAAS,QAAA,CAAS,KAAK,IAAI,CAAA;AAExE,EAAA,KAAA,MAAW,QAAQ,UAAA,EAAY;AAC7B,IAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AACb,IAAA,KAAA,CAAM,IAAA,CAAK,kBAAA,CAAmB,QAAA,EAAU,IAAA,EAAM,OAAO,CAAC,CAAA;AAAA,EACxD;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAUO,SAAS,kBAAA,CACd,EAAE,SAAA,EAAW,UAAA,IACb,EAAE,WAAA,EAAa,aAAY,EACL;AACtB,EAAA,OAAO,CAAA;AAAA,IACL;AAAA,MACE,GAAG,YAAY,GAAA,CAAI,CAAA,CAAA,KAAK,eAAe,CAAA,EAAG,UAAA,IAAc,KAAK,CAAC,CAAA;AAAA,MAC9D,GAAG,WAAA;AAAA,MACH,GAAG,SAAA,CAAU,GAAA,CAAI,eAAe;AAAA,KAClC;AAAA,IACA,CAAA,QAAA,KAAY,mBAAmB,QAAQ;AAAA,GACzC;AACF;AAEO,SAAS,mBAAA,CACd,EAAE,OAAA,EAAS,QAAA,IACX,EAAE,OAAA,IACF,gBAAA,EACU;AACV,EAAA,MAAM,MAAA,uBAAa,GAAA,EAAY;AAE/B,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,MAAA,CAAO,IAAI,OAAO,CAAA;AAAA,EACpB;AAEA,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,MAAA,CAAO,IAAI,WAAW,CAAA;AAEtB,IAAA,IAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAA,CAAO,IAAI,MAAM,CAAA;AAAA,IACnB;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,YAAY,gBAAA,EAAkB;AACvC,IAAA,IAAI,QAAA,CAAS,SAAS,UAAA,EAAY;AAChC,MAAA,MAAA,CAAO,GAAA,CAAI,kBAAA,CAAmB,QAAQ,CAAC,CAAA;AAAA,IACzC;AAAA,EACF;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,MAAM,CAAA;AAC1B;AAEO,SAAS,yBAAA,CACd,EAAE,gBAAA,EAAiB,EACnB;AAAA,EACE,kBAAA;AAAA,EACA;AACF,CAAA,EACuB;AACvB,EAAA,OAAO,CAAA;AAAA,IACL;AAAA;AAAA,MAEE,GAAG,kBAAA;AAAA,MACH,GAAG,kBAAA;AAAA,MACH,GAAG,gBAAA,CAAiB,GAAA,CAAI,gBAAgB;AAAA,KAC1C;AAAA,IACA,CAAA,QAAA,KAAY,oBAAoB,QAAQ;AAAA,GAC1C;AACF;AAEA,SAAS,qBACP,EAAE,WAAA,EAAa,mBAAkB,EACjC,EAAE,SAAQ,EACA;AACV,EAAA,MAAM,MAAA,uBAAa,GAAA,EAAY;AAE/B,EAAA,KAAA,MAAW,MAAM,WAAA,EAAa;AAC5B,IAAA,MAAA,CAAO,IAAI,EAAE,CAAA;AAAA,EACf;AAEA,EAAA,IAAI,iBAAA,EAAmB;AACrB,IAAA,MAAA,CAAO,IAAI,YAAY,CAAA;AACvB,IAAA,MAAA,CAAO,IAAI,eAAe,CAAA;AAC1B,IAAA,MAAA,CAAO,IAAI,gBAAgB,CAAA;AAE3B,IAAA,IAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAA,CAAO,IAAI,UAAU,CAAA;AACrB,MAAA,MAAA,CAAO,IAAI,WAAW,CAAA;AAAA,IACxB;AAAA,EACF;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,MAAM,CAAA;AAC1B;AAEO,SAAS,WAAW,IAAA,EAA+B;AACxD,EAAA,OAAO,IAAA,CAAK,WAAW,QAAA,CAAS,WAAW,KAAK,IAAA,CAAK,UAAA,CAAW,SAAS,MAAM,CAAA;AACjF;AAEO,SAAS,gBAAA,CACd,IAAA,EACA,IAAA,EACA,MAAA,EACA,WACA,gBAAA,EACgB;AAChB,EAAA,MAAM,SAAA,GAAY,kBAAA,CAAmB,IAAA,EAAM,MAAM,CAAA;AACjD,EAAA,MAAM,gBAAA,GAAmB,yBAAA,CAA0B,IAAA,EAAM,MAAM,CAAA;AAC/D,EAAA,MAAM,UAAA,GAAa,mBAAA,CAAoB,IAAA,EAAM,MAAA,EAAQ,gBAAgB,CAAA;AACrE,EAAA,MAAM,WAAA,GAAc,oBAAA,CAAqB,IAAA,EAAM,MAAM,CAAA;AAErD,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,KAAK,QAAA,IAAY,IAAA;AAAA,IACvB,SAAA;AAAA,IACA,UAAA;AAAA,IACA,gBAAA;AAAA,IACA,WAAA;AAAA,IACA,KAAK,IAAA,CAAK,GAAA;AAAA,IACV,SAAA;AAAA,IACA,SAAS,IAAA,CAAK,OAAA;AAAA,IACd,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,gBAAA;AAAA,IACA,YAAY,IAAA,CAAK;AAAA,GACnB;AACF;AAEO,SAAS,YAAA,CACd,UACA,YAAA,EACS;AACT,EAAA,IAAI,iBAAiB,QAAA,EAAU;AAC7B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAiB,OAAA,EAAS;AAC5B,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,OAAO,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,MAAA,GAAS,CAAA;AAC1C","file":"chunk-F7GNOL5A.js","sourcesContent":["/**\n * Internal webcrypto alias.\n * We prefer WebCrypto aka globalThis.crypto, which exists in node.js 16+.\n * Falls back to Node.js built-in crypto for Node.js <=v14.\n * See utils.ts for details.\n * @module\n */\n// @ts-ignore\nimport * as nc from 'node:crypto';\nexport const crypto: any =\n nc && typeof nc === 'object' && 'webcrypto' in nc\n ? (nc.webcrypto as any)\n : nc && typeof nc === 'object' && 'randomBytes' in nc\n ? nc\n : undefined;\n","/**\n * Utilities for hex, bytes, CSPRNG.\n * @module\n */\n/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\n\n/** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */\nexport function isBytes(a: unknown): a is Uint8Array {\n return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');\n}\n\n/** Asserts something is positive integer. */\nexport function anumber(n: number): void {\n if (!Number.isSafeInteger(n) || n < 0) throw new Error('positive integer expected, got ' + n);\n}\n\n/** Asserts something is Uint8Array. */\nexport function abytes(b: Uint8Array | undefined, ...lengths: number[]): void {\n if (!isBytes(b)) throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error('Uint8Array expected of length ' + lengths + ', got length=' + b.length);\n}\n\n/** Asserts something is hash */\nexport function ahash(h: IHash): void {\n if (typeof h !== 'function' || typeof h.create !== 'function')\n throw new Error('Hash should be wrapped by utils.createHasher');\n anumber(h.outputLen);\n anumber(h.blockLen);\n}\n\n/** Asserts a hash instance has not been destroyed / finished */\nexport function aexists(instance: any, checkFinished = true): void {\n if (instance.destroyed) throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished) throw new Error('Hash#digest() has already been called');\n}\n\n/** Asserts output is properly-sized byte array */\nexport function aoutput(out: any, instance: any): void {\n abytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error('digestInto() expects output buffer of length at least ' + min);\n }\n}\n\n/** Generic type encompassing 8/16/32-byte arrays - but not 64-byte. */\n// prettier-ignore\nexport type TypedArray = Int8Array | Uint8ClampedArray | Uint8Array |\n Uint16Array | Int16Array | Uint32Array | Int32Array;\n\n/** Cast u8 / u16 / u32 to u8. */\nexport function u8(arr: TypedArray): Uint8Array {\n return new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\n}\n\n/** Cast u8 / u16 / u32 to u32. */\nexport function u32(arr: TypedArray): Uint32Array {\n return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n}\n\n/** Zeroize a byte array. Warning: JS provides no guarantees. */\nexport function clean(...arrays: TypedArray[]): void {\n for (let i = 0; i < arrays.length; i++) {\n arrays[i].fill(0);\n }\n}\n\n/** Create DataView of an array for easy byte-level manipulation. */\nexport function createView(arr: TypedArray): DataView {\n return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n}\n\n/** The rotate right (circular right shift) operation for uint32 */\nexport function rotr(word: number, shift: number): number {\n return (word << (32 - shift)) | (word >>> shift);\n}\n\n/** The rotate left (circular left shift) operation for uint32 */\nexport function rotl(word: number, shift: number): number {\n return (word << shift) | ((word >>> (32 - shift)) >>> 0);\n}\n\n/** Is current platform little-endian? Most are. Big-Endian platform: IBM */\nexport const isLE: boolean = /* @__PURE__ */ (() =>\n new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44)();\n\n/** The byte swap operation for uint32 */\nexport function byteSwap(word: number): number {\n return (\n ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff)\n );\n}\n/** Conditionally byte swap if on a big-endian platform */\nexport const swap8IfBE: (n: number) => number = isLE\n ? (n: number) => n\n : (n: number) => byteSwap(n);\n\n/** @deprecated */\nexport const byteSwapIfBE: typeof swap8IfBE = swap8IfBE;\n/** In place byte swap for Uint32Array */\nexport function byteSwap32(arr: Uint32Array): Uint32Array {\n for (let i = 0; i < arr.length; i++) {\n arr[i] = byteSwap(arr[i]);\n }\n return arr;\n}\n\nexport const swap32IfBE: (u: Uint32Array) => Uint32Array = isLE\n ? (u: Uint32Array) => u\n : byteSwap32;\n\n// Built-in hex conversion https://caniuse.com/mdn-javascript_builtins_uint8array_fromhex\nconst hasHexBuiltin: boolean = /* @__PURE__ */ (() =>\n // @ts-ignore\n typeof Uint8Array.from([]).toHex === 'function' && typeof Uint8Array.fromHex === 'function')();\n\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>\n i.toString(16).padStart(2, '0')\n);\n\n/**\n * Convert byte array to hex string. Uses built-in function, when available.\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes: Uint8Array): string {\n abytes(bytes);\n // @ts-ignore\n if (hasHexBuiltin) return bytes.toHex();\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 } as const;\nfunction asciiToBase16(ch: number): number | undefined {\n if (ch >= asciis._0 && ch <= asciis._9) return ch - asciis._0; // '2' => 50-48\n if (ch >= asciis.A && ch <= asciis.F) return ch - (asciis.A - 10); // 'B' => 66-(65-10)\n if (ch >= asciis.a && ch <= asciis.f) return ch - (asciis.a - 10); // 'b' => 98-(97-10)\n return;\n}\n\n/**\n * Convert hex string to byte array. Uses built-in function, when available.\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex: string): Uint8Array {\n if (typeof hex !== 'string') throw new Error('hex string expected, got ' + typeof hex);\n // @ts-ignore\n if (hasHexBuiltin) return Uint8Array.fromHex(hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2) throw new Error('hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163\n }\n return array;\n}\n\n/**\n * There is no setImmediate in browser and setTimeout is slow.\n * Call of async fn will return Promise, which will be fullfiled only on\n * next scheduler queue processing step and this is exactly what we need.\n */\nexport const nextTick = async (): Promise<void> => {};\n\n/** Returns control to thread each 'tick' ms to avoid blocking. */\nexport async function asyncLoop(\n iters: number,\n tick: number,\n cb: (i: number) => void\n): Promise<void> {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick) continue;\n await nextTick();\n ts += diff;\n }\n}\n\n// Global symbols, but ts doesn't see them: https://github.com/microsoft/TypeScript/issues/31535\ndeclare const TextEncoder: any;\ndeclare const TextDecoder: any;\n\n/**\n * Converts string to bytes using UTF8 encoding.\n * @example utf8ToBytes('abc') // Uint8Array.from([97, 98, 99])\n */\nexport function utf8ToBytes(str: string): Uint8Array {\n if (typeof str !== 'string') throw new Error('string expected');\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n\n/**\n * Converts bytes to string using UTF8 encoding.\n * @example bytesToUtf8(Uint8Array.from([97, 98, 99])) // 'abc'\n */\nexport function bytesToUtf8(bytes: Uint8Array): string {\n return new TextDecoder().decode(bytes);\n}\n\n/** Accepted input of hash functions. Strings are converted to byte arrays. */\nexport type Input = string | Uint8Array;\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data: Input): Uint8Array {\n if (typeof data === 'string') data = utf8ToBytes(data);\n abytes(data);\n return data;\n}\n\n/** KDFs can accept string or Uint8Array for user convenience. */\nexport type KDFInput = string | Uint8Array;\n/**\n * Helper for KDFs: consumes uint8array or string.\n * When string is passed, does utf8 decoding, using TextDecoder.\n */\nexport function kdfInputToBytes(data: KDFInput): Uint8Array {\n if (typeof data === 'string') data = utf8ToBytes(data);\n abytes(data);\n return data;\n}\n\n/** Copies several Uint8Arrays into one. */\nexport function concatBytes(...arrays: Uint8Array[]): Uint8Array {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n\ntype EmptyObj = {};\nexport function checkOpts<T1 extends EmptyObj, T2 extends EmptyObj>(\n defaults: T1,\n opts?: T2\n): T1 & T2 {\n if (opts !== undefined && {}.toString.call(opts) !== '[object Object]')\n throw new Error('options should be object or undefined');\n const merged = Object.assign(defaults, opts);\n return merged as T1 & T2;\n}\n\n/** Hash interface. */\nexport type IHash = {\n (data: Uint8Array): Uint8Array;\n blockLen: number;\n outputLen: number;\n create: any;\n};\n\n/** For runtime check if class implements interface */\nexport abstract class Hash<T extends Hash<T>> {\n abstract blockLen: number; // Bytes per block\n abstract outputLen: number; // Bytes in output\n abstract update(buf: Input): this;\n // Writes digest into buf\n abstract digestInto(buf: Uint8Array): void;\n abstract digest(): Uint8Array;\n /**\n * Resets internal state. Makes Hash instance unusable.\n * Reset is impossible for keyed hashes if key is consumed into state. If digest is not consumed\n * by user, they will need to manually call `destroy()` when zeroing is necessary.\n */\n abstract destroy(): void;\n /**\n * Clones hash instance. Unsafe: doesn't check whether `to` is valid. Can be used as `clone()`\n * when no options are passed.\n * Reasons to use `_cloneInto` instead of clone: 1) performance 2) reuse instance => all internal\n * buffers are overwritten => causes buffer overwrite which is used for digest in some cases.\n * There are no guarantees for clean-up because it's impossible in JS.\n */\n abstract _cloneInto(to?: T): T;\n // Safe version that clones internal state\n abstract clone(): T;\n}\n\n/**\n * XOF: streaming API to read digest in chunks.\n * Same as 'squeeze' in keccak/k12 and 'seek' in blake3, but more generic name.\n * When hash used in XOF mode it is up to user to call '.destroy' afterwards, since we cannot\n * destroy state, next call can require more bytes.\n */\nexport type HashXOF<T extends Hash<T>> = Hash<T> & {\n xof(bytes: number): Uint8Array; // Read 'bytes' bytes from digest stream\n xofInto(buf: Uint8Array): Uint8Array; // read buf.length bytes from digest stream into buf\n};\n\n/** Hash function */\nexport type CHash = ReturnType<typeof createHasher>;\n/** Hash function with output */\nexport type CHashO = ReturnType<typeof createOptHasher>;\n/** XOF with output */\nexport type CHashXO = ReturnType<typeof createXOFer>;\n\n/** Wraps hash function, creating an interface on top of it */\nexport function createHasher<T extends Hash<T>>(\n hashCons: () => Hash<T>\n): {\n (msg: Input): Uint8Array;\n outputLen: number;\n blockLen: number;\n create(): Hash<T>;\n} {\n const hashC = (msg: Input): Uint8Array => hashCons().update(toBytes(msg)).digest();\n const tmp = hashCons();\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = () => hashCons();\n return hashC;\n}\n\nexport function createOptHasher<H extends Hash<H>, T extends Object>(\n hashCons: (opts?: T) => Hash<H>\n): {\n (msg: Input, opts?: T): Uint8Array;\n outputLen: number;\n blockLen: number;\n create(opts?: T): Hash<H>;\n} {\n const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({} as T);\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts?: T) => hashCons(opts);\n return hashC;\n}\n\nexport function createXOFer<H extends HashXOF<H>, T extends Object>(\n hashCons: (opts?: T) => HashXOF<H>\n): {\n (msg: Input, opts?: T): Uint8Array;\n outputLen: number;\n blockLen: number;\n create(opts?: T): HashXOF<H>;\n} {\n const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({} as T);\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts?: T) => hashCons(opts);\n return hashC;\n}\nexport const wrapConstructor: typeof createHasher = createHasher;\nexport const wrapConstructorWithOpts: typeof createOptHasher = createOptHasher;\nexport const wrapXOFConstructorWithOpts: typeof createXOFer = createXOFer;\n\n/** Cryptographically secure PRNG. Uses internal OS-level `crypto.getRandomValues`. */\nexport function randomBytes(bytesLength = 32): Uint8Array {\n if (crypto && typeof crypto.getRandomValues === 'function') {\n return crypto.getRandomValues(new Uint8Array(bytesLength));\n }\n // Legacy Node.js compatibility\n if (crypto && typeof crypto.randomBytes === 'function') {\n return Uint8Array.from(crypto.randomBytes(bytesLength));\n }\n throw new Error('crypto.getRandomValues must be defined');\n}\n","var e={done:!0,hasNext:!1},s={done:!1,hasNext:!1},a=()=>e,o=t=>({hasNext:!0,next:t,done:!1});export{s as a,a as b,o as c};\n","import{a as A}from\"./chunk-ANXBDSUI.js\";function C(t,...o){let n=t,u=o.map(e=>\"lazy\"in e?y(e):void 0),p=0;for(;p<o.length;){if(u[p]===void 0||!B(n)){let i=o[p];n=i(n),p+=1;continue}let r=[];for(let i=p;i<o.length;i++){let l=u[i];if(l===void 0||(r.push(l),l.isSingle))break}let a=[];for(let i of n)if(f(i,a,r))break;let{isSingle:s}=r.at(-1);n=s?a[0]:a,p+=r.length}return n}function f(t,o,n){if(n.length===0)return o.push(t),!1;let u=t,p=A,e=!1;for(let[r,a]of n.entries()){let{index:s,items:i}=a;if(i.push(u),p=a(u,s,i),a.index+=1,p.hasNext){if(p.hasMany??!1){for(let l of p.next)if(f(l,o,n.slice(r+1)))return!0;return e}u=p.next}if(!p.hasNext)break;p.done&&(e=!0)}return p.hasNext&&o.push(u),e}function y(t){let{lazy:o,lazyArgs:n}=t,u=o(...n);return Object.assign(u,{isSingle:o.single??!1,index:0,items:[]})}function B(t){return typeof t==\"string\"||typeof t==\"object\"&&t!==null&&Symbol.iterator in t}export{C as a};\n","import{a as o}from\"./chunk-3GOCSNFN.js\";function y(t,i){let a=i.length-t.length;if(a===1){let[n,...r]=i;return o(n,{lazy:t,lazyArgs:r})}if(a===0){let n={lazy:t,lazyArgs:i};return Object.assign(e=>o(e,n),n)}throw new Error(\"Wrong number of arguments\")}export{y as a};\n","import{a as r}from\"./chunk-LFJW7BOT.js\";import{a as n}from\"./chunk-ANXBDSUI.js\";function i(...e){return r(a,e)}function a(){let e=new Set;return t=>e.has(t)?n:(e.add(t),{done:!1,hasNext:!0,next:t})}export{i as a};\n","import{a as o}from\"./chunk-LFJW7BOT.js\";import{a}from\"./chunk-ANXBDSUI.js\";function T(...e){return o(y,e)}function y(e){let u=e,n=new Set;return(t,i,d)=>{let r=u(t,i,d);return n.has(r)?a:(n.add(r),{done:!1,hasNext:!0,next:t})}}export{T as a};\n","import type { k8s, network, wireguard } from \"@highstate/library\"\nimport type { Input, Unwrap } from \"@highstate/pulumi\"\nimport {\n l34EndpointToString,\n l3EndpointToString,\n l3EndpointToL4,\n l4EndpointToString,\n parseL34Endpoint,\n parseL4Endpoint,\n} from \"@highstate/common\"\nimport { x25519 } from \"@noble/curves/ed25519\"\nimport { randomBytes } from \"@noble/hashes/utils\"\nimport { unique, uniqueBy } from \"remeda\"\nimport { getBestEndpoint } from \"@highstate/k8s\"\n\nexport function generateKey(): string {\n const key = x25519.utils.randomPrivateKey()\n\n return Buffer.from(key).toString(\"base64\")\n}\n\nexport function convertPrivateKeyToPublicKey(privateKey: string): string {\n const key = Buffer.from(privateKey, \"base64\")\n\n return Buffer.from(x25519.getPublicKey(key)).toString(\"base64\")\n}\n\nexport function generatePresharedKey(): string {\n const key = randomBytes(32)\n\n return Buffer.from(key).toString(\"base64\")\n}\n\nexport function combinePresharedKeyParts(part1: string, part2: string): string {\n const key1 = Buffer.from(part1, \"base64\")\n const key2 = Buffer.from(part2, \"base64\")\n const result = new Uint8Array(32)\n\n for (let i = 0; i < 32; i++) {\n result[i] = key1[i] ^ key2[i]\n }\n\n return Buffer.from(result).toString(\"base64\")\n}\n\nfunction generatePeerConfig(\n identity: wireguard.Identity,\n peer: wireguard.Peer,\n cluster?: k8s.Cluster,\n): string {\n const lines = [\n //\n \"[Peer]\",\n `# ${peer.name}`,\n `PublicKey = ${peer.publicKey}`,\n ]\n\n if (peer.allowedIps.length > 0) {\n lines.push(`AllowedIPs = ${peer.allowedIps.join(\", \")}`)\n }\n\n const bestEndpoint = getBestEndpoint(peer.endpoints, cluster)\n\n if (bestEndpoint) {\n lines.push(`Endpoint = ${l4EndpointToString(bestEndpoint)}`)\n }\n\n if (identity.peer.presharedKeyPart && peer.presharedKeyPart) {\n const presharedKey = combinePresharedKeyParts(\n identity.peer.presharedKeyPart,\n peer.presharedKeyPart,\n )\n\n lines.push(`PresharedKey = ${presharedKey}`)\n } else if (peer.presharedKey || identity.peer.presharedKey) {\n if (peer.presharedKey !== identity.peer.presharedKey) {\n throw new Error(\n `Preshared keys do not match for peers: ${peer.name} and ${identity.peer.name}`,\n )\n }\n\n lines.push(`PresharedKey = ${peer.presharedKey}`)\n }\n\n return lines.join(\"\\n\")\n}\n\nexport type IdentityConfigArgs = {\n identity: wireguard.Identity\n peers: wireguard.Peer[]\n listenPort?: number\n dns?: string[]\n postUp?: string[]\n preUp?: string[]\n preDown?: string[]\n postDown?: string[]\n defaultInterface?: string\n cluster?: k8s.Cluster\n}\n\nexport function generateIdentityConfig({\n identity,\n peers,\n listenPort = identity.peer.listenPort,\n dns = [],\n preUp = [],\n postUp = [],\n preDown = [],\n postDown = [],\n defaultInterface,\n cluster,\n}: IdentityConfigArgs): string {\n const allDns = unique(peers.flatMap(peer => peer.dns).concat(dns))\n const excludedIps = unique(peers.flatMap(peer => peer.excludedIps))\n\n const lines = [\n //\n \"[Interface]\",\n `# ${identity.peer.name}`,\n ]\n\n if (identity.peer.address) {\n lines.push(`Address = ${identity.peer.address}`)\n }\n\n lines.push(\n //\n `PrivateKey = ${identity.privateKey}`,\n \"MTU = 1280\",\n )\n\n if (allDns.length > 0) {\n lines.push(`DNS = ${allDns.join(\", \")}`)\n }\n\n if (listenPort) {\n lines.push(`ListenPort = ${listenPort}`)\n }\n\n if (preUp.length > 0) {\n lines.push()\n for (const command of preUp) {\n lines.push(`PreUp = ${command}`)\n }\n }\n\n if (postUp.length > 0) {\n lines.push()\n for (const command of postUp) {\n lines.push(`PostUp = ${command}`)\n }\n }\n\n if (preDown.length > 0) {\n lines.push()\n for (const command of preDown) {\n lines.push(`PreDown = ${command}`)\n }\n }\n\n if (postDown.length > 0) {\n lines.push()\n for (const command of postDown) {\n lines.push(`PostDown = ${command}`)\n }\n }\n\n if (defaultInterface) {\n lines.push()\n for (const excludedIp of excludedIps) {\n lines.push(`PostUp = ip route add ${excludedIp} dev ${defaultInterface}`)\n }\n }\n\n const otherPeers = peers.filter(peer => peer.name !== identity.peer.name)\n\n for (const peer of otherPeers) {\n lines.push(\"\")\n lines.push(generatePeerConfig(identity, peer, cluster))\n }\n\n return lines.join(\"\\n\")\n}\n\ntype SharedPeerInputs = {\n network?: Input<wireguard.Network>\n l3Endpoints: Input<network.L3Endpoint>[]\n l4Endpoints: Input<network.L4Endpoint>[]\n allowedL3Endpoints: Input<network.L3Endpoint>[]\n allowedL4Endpoints: Input<network.L4Endpoint>[]\n}\n\nexport function calculateEndpoints(\n { endpoints, listenPort }: Pick<wireguard.SharedPeerArgs, \"endpoints\" | \"listenPort\">,\n { l3Endpoints, l4Endpoints }: Pick<Unwrap<SharedPeerInputs>, \"l3Endpoints\" | \"l4Endpoints\">,\n): network.L4Endpoint[] {\n return uniqueBy(\n [\n ...l3Endpoints.map(e => l3EndpointToL4(e, listenPort ?? 51820)),\n ...l4Endpoints,\n ...endpoints.map(parseL4Endpoint),\n ],\n endpoint => l4EndpointToString(endpoint),\n )\n}\n\nexport function calculateAllowedIps(\n { address, exitNode }: Pick<wireguard.SharedPeerArgs, \"address\" | \"exitNode\">,\n { network }: Unwrap<SharedPeerInputs>,\n allowedEndpoints: network.L34Endpoint[],\n): string[] {\n const result = new Set<string>()\n\n if (address) {\n result.add(address)\n }\n\n if (exitNode) {\n result.add(\"0.0.0.0/0\")\n\n if (network?.ipv6) {\n result.add(\"::/0\")\n }\n }\n\n for (const endpoint of allowedEndpoints) {\n if (endpoint.type !== \"hostname\") {\n result.add(l3EndpointToString(endpoint))\n }\n }\n\n return Array.from(result)\n}\n\nexport function calculateAllowedEndpoints(\n { allowedEndpoints }: Pick<wireguard.SharedPeerArgs, \"allowedEndpoints\">,\n {\n allowedL3Endpoints,\n allowedL4Endpoints,\n }: Pick<Unwrap<SharedPeerInputs>, \"allowedL3Endpoints\" | \"allowedL4Endpoints\">,\n): network.L34Endpoint[] {\n return uniqueBy(\n [\n //\n ...allowedL3Endpoints,\n ...allowedL4Endpoints,\n ...allowedEndpoints.map(parseL34Endpoint),\n ],\n endpoint => l34EndpointToString(endpoint),\n )\n}\n\nfunction calculateExcludedIps(\n { excludedIps, excludePrivateIps }: wireguard.SharedPeerArgs,\n { network }: Unwrap<SharedPeerInputs>,\n): string[] {\n const result = new Set<string>()\n\n for (const ip of excludedIps) {\n result.add(ip)\n }\n\n if (excludePrivateIps) {\n result.add(\"10.0.0.0/8\")\n result.add(\"172.16.0.0/12\")\n result.add(\"192.168.0.0/16\")\n\n if (network?.ipv6) {\n result.add(\"fc00::/7\")\n result.add(\"fe80::/10\")\n }\n }\n\n return Array.from(result)\n}\n\nexport function isExitNode(peer: wireguard.Peer): boolean {\n return peer.allowedIps.includes(\"0.0.0.0/0\") || peer.allowedIps.includes(\"::/0\")\n}\n\nexport function createPeerEntity(\n name: string,\n args: wireguard.SharedPeerArgs,\n inputs: Unwrap<SharedPeerInputs>,\n publicKey: string,\n presharedKeyPart?: string,\n): wireguard.Peer {\n const endpoints = calculateEndpoints(args, inputs)\n const allowedEndpoints = calculateAllowedEndpoints(args, inputs)\n const allowedIps = calculateAllowedIps(args, inputs, allowedEndpoints)\n const excludedIps = calculateExcludedIps(args, inputs)\n\n return {\n name: args.peerName ?? name,\n endpoints,\n allowedIps,\n allowedEndpoints,\n excludedIps,\n dns: args.dns,\n publicKey,\n address: args.address,\n network: inputs.network,\n presharedKeyPart,\n listenPort: args.listenPort,\n }\n}\n\nexport function shouldExpose(\n identity: wireguard.Identity,\n exposePolicy: wireguard.NodeExposePolicy,\n): boolean {\n if (exposePolicy === \"always\") {\n return true\n }\n\n if (exposePolicy === \"never\") {\n return false\n }\n\n return identity.peer.endpoints.length > 0\n}\n"]}