@indigoai-us/hq-cloud 6.6.0 → 6.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cognito-auth.d.ts +32 -0
- package/dist/cognito-auth.d.ts.map +1 -1
- package/dist/cognito-auth.js +114 -0
- package/dist/cognito-auth.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/machine-auth.test.d.ts +14 -0
- package/dist/machine-auth.test.d.ts.map +1 -0
- package/dist/machine-auth.test.js +249 -0
- package/dist/machine-auth.test.js.map +1 -0
- package/package.json +2 -2
- package/src/cognito-auth.ts +183 -0
- package/src/index.ts +10 -1
- package/src/machine-auth.test.ts +314 -0
package/dist/cognito-auth.d.ts
CHANGED
|
@@ -69,6 +69,38 @@ export declare function isExpiring(tokens: CognitoTokens, bufferSeconds?: number
|
|
|
69
69
|
* forcing a re-login is the only safe self-heal.
|
|
70
70
|
*/
|
|
71
71
|
export declare function decodeAccessTokenClientId(accessToken: string): string | null;
|
|
72
|
+
export interface MachineCreds {
|
|
73
|
+
/** Cognito username (live boxes: "agt-<ulid>@agents.getindigo.ai"). */
|
|
74
|
+
username: string;
|
|
75
|
+
/** Long-lived machine secret (USER_PASSWORD_AUTH password). */
|
|
76
|
+
secret: string;
|
|
77
|
+
/** App client to mint against — provisioned creds carry their own
|
|
78
|
+
* (USER_PASSWORD_AUTH must be enabled on it); falls back to config. */
|
|
79
|
+
clientId?: string;
|
|
80
|
+
/** Cognito region for the mint endpoint; falls back to config. */
|
|
81
|
+
region?: string;
|
|
82
|
+
}
|
|
83
|
+
/** Resolve the machine-creds file path (HQ_MACHINE_CREDS_FILE overrides). */
|
|
84
|
+
export declare function machineCredsFilePath(): string;
|
|
85
|
+
/**
|
|
86
|
+
* Load machine credentials, or null when this process is not running as a
|
|
87
|
+
* machine identity (no creds file / unreadable / malformed).
|
|
88
|
+
*/
|
|
89
|
+
export declare function loadMachineCreds(): MachineCreds | null;
|
|
90
|
+
/** True when machine credentials are present — the CLI is a machine identity. */
|
|
91
|
+
export declare function isMachineIdentity(): boolean;
|
|
92
|
+
/**
|
|
93
|
+
* Mint a fresh session for the machine identity via USER_PASSWORD_AUTH
|
|
94
|
+
* against the Cognito IDP endpoint (plain unsigned HTTP — no AWS SDK
|
|
95
|
+
* dependency). Caches BOTH tokens with correct field semantics and returns
|
|
96
|
+
* them.
|
|
97
|
+
*/
|
|
98
|
+
export declare function mintMachineTokens(config: CognitoAuthConfig, creds?: MachineCreds): Promise<CognitoTokens>;
|
|
99
|
+
/**
|
|
100
|
+
* Return a valid (non-expiring) machine session, re-minting on demand.
|
|
101
|
+
* Cache-hit path never touches the network.
|
|
102
|
+
*/
|
|
103
|
+
export declare function getValidMachineTokens(config: CognitoAuthConfig): Promise<CognitoTokens>;
|
|
72
104
|
/**
|
|
73
105
|
* Open the Cognito Hosted UI in the user's browser, wait for the redirect
|
|
74
106
|
* back to localhost, and exchange the auth code for tokens.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cognito-auth.d.ts","sourceRoot":"","sources":["../src/cognito-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAaH,MAAM,WAAW,iBAAiB;IAChC,4DAA4D;IAC5D,MAAM,EAAE,MAAM,CAAC;IACf,oEAAoE;IACpE,cAAc,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAC;IACjB,gDAAgD;IAChD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gEAAgE;IAChE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,+KAA+K;IAC/K,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,SAAS,EAAE,QAAQ,CAAC;CACrB;AAED,qFAAqF;AACrF,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AASD,wBAAgB,gBAAgB,IAAI,aAAa,GAAG,IAAI,CAQvD;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAO5D;AAED,wBAAgB,iBAAiB,IAAI,IAAI,CAExC;AAiBD,yEAAyE;AACzE,wBAAgB,UAAU,CAAC,MAAM,EAAE,aAAa,EAAE,aAAa,SAAK,GAAG,OAAO,CAI7E;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,yBAAyB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAY5E;AAsCD;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,aAAa,CAAC,CA2GxB;AAsDD;;;;GAIG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,iBAAiB,EACzB,mBAAmB,EAAE,MAAM,GAC1B,OAAO,CAAC,aAAa,CAAC,CA4BxB;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,iBAAiB,EACzB,OAAO,GAAE;IAAE,WAAW,CAAC,EAAE,OAAO,CAAA;CAAO,GACtC,OAAO,CAAC,MAAM,CAAC,
|
|
1
|
+
{"version":3,"file":"cognito-auth.d.ts","sourceRoot":"","sources":["../src/cognito-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAaH,MAAM,WAAW,iBAAiB;IAChC,4DAA4D;IAC5D,MAAM,EAAE,MAAM,CAAC;IACf,oEAAoE;IACpE,cAAc,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAC;IACjB,gDAAgD;IAChD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gEAAgE;IAChE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,+KAA+K;IAC/K,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,SAAS,EAAE,QAAQ,CAAC;CACrB;AAED,qFAAqF;AACrF,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AASD,wBAAgB,gBAAgB,IAAI,aAAa,GAAG,IAAI,CAQvD;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAO5D;AAED,wBAAgB,iBAAiB,IAAI,IAAI,CAExC;AAiBD,yEAAyE;AACzE,wBAAgB,UAAU,CAAC,MAAM,EAAE,aAAa,EAAE,aAAa,SAAK,GAAG,OAAO,CAI7E;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,yBAAyB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAY5E;AAmBD,MAAM,WAAW,YAAY;IAC3B,uEAAuE;IACvE,QAAQ,EAAE,MAAM,CAAC;IACjB,+DAA+D;IAC/D,MAAM,EAAE,MAAM,CAAC;IACf;4EACwE;IACxE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,6EAA6E;AAC7E,wBAAgB,oBAAoB,IAAI,MAAM,CAK7C;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,YAAY,GAAG,IAAI,CA+BtD;AAED,iFAAiF;AACjF,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C;AAcD;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,iBAAiB,EACzB,KAAK,CAAC,EAAE,YAAY,GACnB,OAAO,CAAC,aAAa,CAAC,CAqDxB;AAED;;;GAGG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,aAAa,CAAC,CAYxB;AAsCD;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,aAAa,CAAC,CA2GxB;AAsDD;;;;GAIG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,iBAAiB,EACzB,mBAAmB,EAAE,MAAM,GAC1B,OAAO,CAAC,aAAa,CAAC,CA4BxB;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,iBAAiB,EACzB,OAAO,GAAE;IAAE,WAAW,CAAC,EAAE,OAAO,CAAA;CAAO,GACtC,OAAO,CAAC,MAAM,CAAC,CA8CjB"}
|
package/dist/cognito-auth.js
CHANGED
|
@@ -106,6 +106,114 @@ export function decodeAccessTokenClientId(accessToken) {
|
|
|
106
106
|
return null;
|
|
107
107
|
}
|
|
108
108
|
}
|
|
109
|
+
/** Resolve the machine-creds file path (HQ_MACHINE_CREDS_FILE overrides). */
|
|
110
|
+
export function machineCredsFilePath() {
|
|
111
|
+
return (process.env.HQ_MACHINE_CREDS_FILE ??
|
|
112
|
+
path.join(os.homedir(), ".hq-agent", "machine-creds.json"));
|
|
113
|
+
}
|
|
114
|
+
/**
|
|
115
|
+
* Load machine credentials, or null when this process is not running as a
|
|
116
|
+
* machine identity (no creds file / unreadable / malformed).
|
|
117
|
+
*/
|
|
118
|
+
export function loadMachineCreds() {
|
|
119
|
+
const file = machineCredsFilePath();
|
|
120
|
+
try {
|
|
121
|
+
if (!fs.existsSync(file))
|
|
122
|
+
return null;
|
|
123
|
+
const raw = JSON.parse(fs.readFileSync(file, "utf-8"));
|
|
124
|
+
// The creds FILE is the machine-identity signal — no username-shape
|
|
125
|
+
// gate. (6.7.0 required a "machine-" prefix, but live boxes are
|
|
126
|
+
// provisioned with "agt-<ulid>@agents.getindigo.ai", so detection
|
|
127
|
+
// never engaged on the first real agent box, 2026-06-12.)
|
|
128
|
+
if (typeof raw.username === "string" &&
|
|
129
|
+
raw.username.length > 0 &&
|
|
130
|
+
typeof raw.secret === "string" &&
|
|
131
|
+
raw.secret.length > 0) {
|
|
132
|
+
return {
|
|
133
|
+
username: raw.username,
|
|
134
|
+
secret: raw.secret,
|
|
135
|
+
clientId: typeof raw.clientId === "string" ? raw.clientId : undefined,
|
|
136
|
+
region: typeof raw.region === "string" ? raw.region : undefined,
|
|
137
|
+
};
|
|
138
|
+
}
|
|
139
|
+
return null;
|
|
140
|
+
}
|
|
141
|
+
catch {
|
|
142
|
+
return null;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
/** True when machine credentials are present — the CLI is a machine identity. */
|
|
146
|
+
export function isMachineIdentity() {
|
|
147
|
+
return loadMachineCreds() !== null;
|
|
148
|
+
}
|
|
149
|
+
/**
|
|
150
|
+
* Mint a fresh session for the machine identity via USER_PASSWORD_AUTH
|
|
151
|
+
* against the Cognito IDP endpoint (plain unsigned HTTP — no AWS SDK
|
|
152
|
+
* dependency). Caches BOTH tokens with correct field semantics and returns
|
|
153
|
+
* them.
|
|
154
|
+
*/
|
|
155
|
+
export async function mintMachineTokens(config, creds) {
|
|
156
|
+
const machineCreds = creds ?? loadMachineCreds();
|
|
157
|
+
if (!machineCreds) {
|
|
158
|
+
throw new CognitoAuthError(`No machine credentials found at ${machineCredsFilePath()}`);
|
|
159
|
+
}
|
|
160
|
+
// Prefer the creds file's own clientId/region: provisioning pairs the
|
|
161
|
+
// machine user with an app client that has USER_PASSWORD_AUTH enabled,
|
|
162
|
+
// which the CLI's default (browser) client may not.
|
|
163
|
+
const region = machineCreds.region ?? config.region;
|
|
164
|
+
const clientId = machineCreds.clientId ?? config.clientId;
|
|
165
|
+
const res = await fetch(`https://cognito-idp.${region}.amazonaws.com/`, {
|
|
166
|
+
method: "POST",
|
|
167
|
+
headers: {
|
|
168
|
+
"Content-Type": "application/x-amz-json-1.1",
|
|
169
|
+
"X-Amz-Target": "AWSCognitoIdentityProviderService.InitiateAuth",
|
|
170
|
+
},
|
|
171
|
+
body: JSON.stringify({
|
|
172
|
+
AuthFlow: "USER_PASSWORD_AUTH",
|
|
173
|
+
ClientId: clientId,
|
|
174
|
+
AuthParameters: {
|
|
175
|
+
USERNAME: machineCreds.username,
|
|
176
|
+
PASSWORD: machineCreds.secret,
|
|
177
|
+
},
|
|
178
|
+
}),
|
|
179
|
+
});
|
|
180
|
+
const data = (await res.json().catch(() => ({})));
|
|
181
|
+
if (!res.ok) {
|
|
182
|
+
throw new CognitoAuthError(`Machine token mint failed (${res.status}): ${data.__type ?? ""} ${data.message ?? ""}`.trim());
|
|
183
|
+
}
|
|
184
|
+
const result = data.AuthenticationResult;
|
|
185
|
+
if (!result?.AccessToken || !result?.IdToken) {
|
|
186
|
+
throw new CognitoAuthError(`Machine token mint returned no tokens${data.ChallengeName ? ` (challenge: ${data.ChallengeName})` : ""}`);
|
|
187
|
+
}
|
|
188
|
+
const tokens = {
|
|
189
|
+
accessToken: result.AccessToken,
|
|
190
|
+
idToken: result.IdToken,
|
|
191
|
+
// Machine creds never expire — expiry is handled by re-minting, so the
|
|
192
|
+
// refresh token (when Cognito returns one at all) is never exercised.
|
|
193
|
+
refreshToken: result.RefreshToken ?? "",
|
|
194
|
+
expiresAt: Date.now() + (result.ExpiresIn ?? 3600) * 1000,
|
|
195
|
+
tokenType: "Bearer",
|
|
196
|
+
};
|
|
197
|
+
saveCachedTokens(tokens);
|
|
198
|
+
return tokens;
|
|
199
|
+
}
|
|
200
|
+
/**
|
|
201
|
+
* Return a valid (non-expiring) machine session, re-minting on demand.
|
|
202
|
+
* Cache-hit path never touches the network.
|
|
203
|
+
*/
|
|
204
|
+
export async function getValidMachineTokens(config) {
|
|
205
|
+
const cached = loadCachedTokens();
|
|
206
|
+
if (cached && !isExpiring(cached, 120)) {
|
|
207
|
+
const cachedClientId = decodeAccessTokenClientId(cached.accessToken);
|
|
208
|
+
// Compare against the client we'd actually mint with (creds-file
|
|
209
|
+
// clientId wins over config).
|
|
210
|
+
const expectedClientId = loadMachineCreds()?.clientId ?? config.clientId;
|
|
211
|
+
if (cachedClientId === null || cachedClientId === expectedClientId) {
|
|
212
|
+
return cached;
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
return mintMachineTokens(config);
|
|
216
|
+
}
|
|
109
217
|
// ---------------------------------------------------------------------------
|
|
110
218
|
// PKCE
|
|
111
219
|
// ---------------------------------------------------------------------------
|
|
@@ -303,6 +411,12 @@ export async function refreshTokens(config, currentRefreshToken) {
|
|
|
303
411
|
*/
|
|
304
412
|
export async function getValidAccessToken(config, options = {}) {
|
|
305
413
|
const interactive = options.interactive ?? true;
|
|
414
|
+
// Machine identities (company agents) never refresh or open a browser —
|
|
415
|
+
// they re-mint via USER_PASSWORD_AUTH on demand.
|
|
416
|
+
if (isMachineIdentity()) {
|
|
417
|
+
const machine = await getValidMachineTokens(config);
|
|
418
|
+
return machine.accessToken;
|
|
419
|
+
}
|
|
306
420
|
let cached = loadCachedTokens();
|
|
307
421
|
// Stale-pool detection: if the cached access token was issued by a
|
|
308
422
|
// different Cognito App Client than the one we're talking to now, drop the
|
package/dist/cognito-auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cognito-auth.js","sourceRoot":"","sources":["../src/cognito-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,IAAI,MAAM,MAAM,CAAC;AAuCxB,qFAAqF;AACrF,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,CAAC;AAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;AAE5D,MAAM,UAAU,gBAAgB;IAC9B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAqB;IACpD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7E,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5E,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,GAAY;IACpC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;QACnC,OAAO,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACzC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,UAAU,CAAC,MAAqB,EAAE,aAAa,GAAG,EAAE;IAClE,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrD,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,OAAO,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,GAAG,IAAI,CAAC;AACvD,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,yBAAyB,CAAC,WAAmB;IAC3D,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAClC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QAC3D,OAAO,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,OAAO;AACP,8EAA8E;AAE9E,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO,GAAG;SACP,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,YAAY;IACnB,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,eAAe,CAC/B,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CACtD,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,WAAW,CAAC,MAAyB;IAC5C,OAAO,WAAW,MAAM,CAAC,cAAc,SAAS,MAAM,CAAC,MAAM,oBAAoB,CAAC;AACpF,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,oBAAoB,IAAI,WAAW,CAAC;AAC7C,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAyB;IAEzB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC;IACjC,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3E,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,EAAE,CAAC;IAC/C,MAAM,KAAK,GAAG,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAEtD,2EAA2E;IAC3E,8EAA8E;IAC9E,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACnE,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1C,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IACtD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC5B,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;IACzE,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC;IAEd,2EAA2E;IAC3E,SAAS,eAAe,CAAC,IAAY,EAAE,aAAqB;QAC1D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,uEAAuE;YACvE,mEAAmE;YACnE,mEAAmE;YACnE,oEAAoE;YACpE,mDAAmD;YACnD,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC5C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;gBAChE,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACjC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;oBACrB,OAAO;gBACT,CAAC;gBACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAE5C,IAAI,KAAK,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,oCAAoC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBACrE,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;gBACD,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;oBAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;oBACpE,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,kCAAkC,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;gBACD,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;oBACjC,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,+BAA+B,CAAC,CAAC,CAAC;oBAC9D,OAAO;gBACT,CAAC;gBAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CACL;;;;yBAIe,CAChB,CAAC;gBACF,OAAO,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACzB,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;gBACpC,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBACrD,OAAO,CAAC,GAAG,CAAC,6CAA6C,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;gBACjF,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;oBAClC,qCAAqC;gBACvC,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,UAAU,CAC3B,GAAG,EAAE;gBACH,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,kCAAkC,CAAC,CAAC,CAAC;YACnE,CAAC,EACD,EAAE,GAAG,EAAE,GAAG,IAAI,CACf,CAAC;YAEF,SAAS,OAAO;gBACd,YAAY,CAAC,UAAU,CAAC,CAAC;gBACzB,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAcD,KAAK,UAAU,qBAAqB,CAClC,MAAyB,EACzB,IAAY,EACZ,QAAgB,EAChB,IAAY;IAEZ,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,oBAAoB;QAChC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,IAAI;QACJ,aAAa,EAAE,QAAQ;QACvB,YAAY,EAAE,WAAW,CAAC,IAAI,CAAC;KAChC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,gBAAgB,CACxB,0BAA0B,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;IACxD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QACxB,MAAM,IAAI,gBAAgB,CACxB,8FAA8F,CAC/F,CAAC;IACJ,CAAC;IACD,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,YAAY,EAAE,IAAI,CAAC,aAAa;QAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;QAC9C,SAAS,EAAE,QAAQ;KACpB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAyB,EACzB,mBAA2B;IAE3B,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,aAAa,EAAE,mBAAmB;KACnC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,gBAAgB,CACxB,mBAAmB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;IACxD,MAAM,MAAM,GAAkB;QAC5B,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,mBAAmB;QACvD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;QAC9C,SAAS,EAAE,QAAQ;KACpB,CAAC;IACF,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAyB,EACzB,UAAqC,EAAE;IAEvC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC;IAChD,IAAI,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAEhC,mEAAmE;IACnE,2EAA2E;IAC3E,wEAAwE;IACxE,sEAAsE;IACtE,wEAAwE;IACxE,wEAAwE;IACxE,sBAAsB;IACtB,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,cAAc,GAAG,yBAAyB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACrE,IAAI,cAAc,KAAK,IAAI,IAAI,cAAc,KAAK,MAAM,CAAC,QAAQ,EAAE,CAAC;YAClE,iBAAiB,EAAE,CAAC;YACpB,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;IACH,CAAC;IAED,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC,WAAW,CAAC;IAE7D,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;YACnE,OAAO,SAAS,CAAC,WAAW,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;IACH,CAAC;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,gBAAgB,CACxB,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC,WAAW,CAAC;AAC3B,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC"}
|
|
1
|
+
{"version":3,"file":"cognito-auth.js","sourceRoot":"","sources":["../src/cognito-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,IAAI,MAAM,MAAM,CAAC;AAuCxB,qFAAqF;AACrF,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,CAAC;AAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;AAE5D,MAAM,UAAU,gBAAgB;IAC9B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAqB;IACpD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7E,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5E,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,GAAY;IACpC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;QACnC,OAAO,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACzC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,UAAU,CAAC,MAAqB,EAAE,aAAa,GAAG,EAAE;IAClE,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrD,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,OAAO,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,GAAG,IAAI,CAAC;AACvD,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,yBAAyB,CAAC,WAAmB;IAC3D,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAClC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QAC3D,OAAO,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AA+BD,6EAA6E;AAC7E,MAAM,UAAU,oBAAoB;IAClC,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,qBAAqB;QACjC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,oBAAoB,CAAC,CAC3D,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACtC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAKpD,CAAC;QACF,oEAAoE;QACpE,gEAAgE;QAChE,kEAAkE;QAClE,0DAA0D;QAC1D,IACE,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ;YAChC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YACvB,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ;YAC9B,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EACrB,CAAC;YACD,OAAO;gBACL,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,QAAQ,EAAE,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;gBACrE,MAAM,EAAE,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;aAChE,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,iBAAiB;IAC/B,OAAO,gBAAgB,EAAE,KAAK,IAAI,CAAC;AACrC,CAAC;AAcD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAyB,EACzB,KAAoB;IAEpB,MAAM,YAAY,GAAG,KAAK,IAAI,gBAAgB,EAAE,CAAC;IACjD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,gBAAgB,CACxB,mCAAmC,oBAAoB,EAAE,EAAE,CAC5D,CAAC;IACJ,CAAC;IACD,sEAAsE;IACtE,uEAAuE;IACvE,oDAAoD;IACpD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC;IACpD,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC;IAC1D,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,uBAAuB,MAAM,iBAAiB,EAC9C;QACE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,4BAA4B;YAC5C,cAAc,EAAE,gDAAgD;SACjE;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,QAAQ,EAAE,oBAAoB;YAC9B,QAAQ,EAAE,QAAQ;YAClB,cAAc,EAAE;gBACd,QAAQ,EAAE,YAAY,CAAC,QAAQ;gBAC/B,QAAQ,EAAE,YAAY,CAAC,MAAM;aAC9B;SACF,CAAC;KACH,CACF,CAAC;IACF,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAyB,CAAC;IAC1E,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,gBAAgB,CACxB,8BAA8B,GAAG,CAAC,MAAM,MAAM,IAAI,CAAC,MAAM,IAAI,EAAE,IAAI,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,CAC/F,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,WAAW,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;QAC7C,MAAM,IAAI,gBAAgB,CACxB,wCAAwC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,gBAAgB,IAAI,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1G,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAkB;QAC5B,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,uEAAuE;QACvE,sEAAsE;QACtE,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;QACvC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,IAAI;QACzD,SAAS,EAAE,QAAQ;KACpB,CAAC;IACF,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,MAAyB;IAEzB,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAClC,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,cAAc,GAAG,yBAAyB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACrE,iEAAiE;QACjE,8BAA8B;QAC9B,MAAM,gBAAgB,GAAG,gBAAgB,EAAE,EAAE,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC;QACzE,IAAI,cAAc,KAAK,IAAI,IAAI,cAAc,KAAK,gBAAgB,EAAE,CAAC;YACnE,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IACD,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC;AAED,8EAA8E;AAC9E,OAAO;AACP,8EAA8E;AAE9E,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO,GAAG;SACP,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,YAAY;IACnB,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,eAAe,CAC/B,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CACtD,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,WAAW,CAAC,MAAyB;IAC5C,OAAO,WAAW,MAAM,CAAC,cAAc,SAAS,MAAM,CAAC,MAAM,oBAAoB,CAAC;AACpF,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,oBAAoB,IAAI,WAAW,CAAC;AAC7C,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAyB;IAEzB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC;IACjC,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3E,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,EAAE,CAAC;IAC/C,MAAM,KAAK,GAAG,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAEtD,2EAA2E;IAC3E,8EAA8E;IAC9E,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACnE,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1C,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IACtD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC5B,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;IACzE,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC;IAEd,2EAA2E;IAC3E,SAAS,eAAe,CAAC,IAAY,EAAE,aAAqB;QAC1D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,uEAAuE;YACvE,mEAAmE;YACnE,mEAAmE;YACnE,oEAAoE;YACpE,mDAAmD;YACnD,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC5C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;gBAChE,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACjC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;oBACrB,OAAO;gBACT,CAAC;gBACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAE5C,IAAI,KAAK,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,oCAAoC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBACrE,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;gBACD,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;oBAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;oBACpE,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,kCAAkC,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;gBACD,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;oBACjC,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,+BAA+B,CAAC,CAAC,CAAC;oBAC9D,OAAO;gBACT,CAAC;gBAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CACL;;;;yBAIe,CAChB,CAAC;gBACF,OAAO,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACzB,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;gBACpC,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBACrD,OAAO,CAAC,GAAG,CAAC,6CAA6C,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;gBACjF,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;oBAClC,qCAAqC;gBACvC,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,UAAU,CAC3B,GAAG,EAAE;gBACH,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,gBAAgB,CAAC,kCAAkC,CAAC,CAAC,CAAC;YACnE,CAAC,EACD,EAAE,GAAG,EAAE,GAAG,IAAI,CACf,CAAC;YAEF,SAAS,OAAO;gBACd,YAAY,CAAC,UAAU,CAAC,CAAC;gBACzB,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAcD,KAAK,UAAU,qBAAqB,CAClC,MAAyB,EACzB,IAAY,EACZ,QAAgB,EAChB,IAAY;IAEZ,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,oBAAoB;QAChC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,IAAI;QACJ,aAAa,EAAE,QAAQ;QACvB,YAAY,EAAE,WAAW,CAAC,IAAI,CAAC;KAChC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,gBAAgB,CACxB,0BAA0B,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;IACxD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QACxB,MAAM,IAAI,gBAAgB,CACxB,8FAA8F,CAC/F,CAAC;IACJ,CAAC;IACD,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,YAAY,EAAE,IAAI,CAAC,aAAa;QAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;QAC9C,SAAS,EAAE,QAAQ;KACpB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAyB,EACzB,mBAA2B;IAE3B,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,aAAa,EAAE,mBAAmB;KACnC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,eAAe,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,gBAAgB,CACxB,mBAAmB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;IACxD,MAAM,MAAM,GAAkB;QAC5B,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,mBAAmB;QACvD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;QAC9C,SAAS,EAAE,QAAQ;KACpB,CAAC;IACF,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAyB,EACzB,UAAqC,EAAE;IAEvC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC;IAEhD,wEAAwE;IACxE,iDAAiD;IACjD,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACpD,OAAO,OAAO,CAAC,WAAW,CAAC;IAC7B,CAAC;IAED,IAAI,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAEhC,mEAAmE;IACnE,2EAA2E;IAC3E,wEAAwE;IACxE,sEAAsE;IACtE,wEAAwE;IACxE,wEAAwE;IACxE,sBAAsB;IACtB,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,cAAc,GAAG,yBAAyB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACrE,IAAI,cAAc,KAAK,IAAI,IAAI,cAAc,KAAK,MAAM,CAAC,QAAQ,EAAE,CAAC;YAClE,iBAAiB,EAAE,CAAC;YACpB,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;IACH,CAAC;IAED,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC,WAAW,CAAC;IAE7D,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;YACnE,OAAO,SAAS,CAAC,WAAW,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;IACH,CAAC;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,gBAAgB,CACxB,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC,WAAW,CAAC;AAC3B,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -15,8 +15,8 @@ export type { OrphanClassification, ScopeShrinkPlan, BuildScopeShrinkPlanInput,
|
|
|
15
15
|
export { resolveCompanyScope, batchPrefixesForVend, listRemoteForScope, pullCompany, decideRemotePulls, VEND_PATH_CAP, POST_FILTER_THRESHOLD, VEND_FANOUT_CONCURRENCY, } from "./remote-pull.js";
|
|
16
16
|
export type { CompanyScope, ResolveCompanyScopeInput, ListRemoteForScopeInput, PullCompanyInput, PullCompanyResult, RemotePullDecision, DecideRemotePullsInput, SkippedKey, } from "./remote-pull.js";
|
|
17
17
|
export { createIgnoreFilter, isWithinSizeLimit, } from "./ignore.js";
|
|
18
|
-
export { browserLogin, refreshTokens, loadCachedTokens, saveCachedTokens, clearCachedTokens, isExpiring, getValidAccessToken, CognitoAuthError, } from "./cognito-auth.js";
|
|
19
|
-
export type { CognitoAuthConfig, CognitoTokens } from "./cognito-auth.js";
|
|
18
|
+
export { browserLogin, refreshTokens, loadCachedTokens, saveCachedTokens, clearCachedTokens, isExpiring, getValidAccessToken, CognitoAuthError, machineCredsFilePath, loadMachineCreds, isMachineIdentity, mintMachineTokens, getValidMachineTokens, } from "./cognito-auth.js";
|
|
19
|
+
export type { CognitoAuthConfig, CognitoTokens, MachineCreds, } from "./cognito-auth.js";
|
|
20
20
|
export { resolvePullScope, readPinnedPrefixes } from "./sync/pull-scope.js";
|
|
21
21
|
export type { PullScope, PullScopeClient } from "./sync/pull-scope.js";
|
|
22
22
|
export { PERSONAL_VAULT_EXCLUDED_TOP_LEVEL, PERSONAL_VAULT_COMPANY_EXCLUDED_SLUGS, computePersonalVaultPaths, computePersonalCompanySubdirs, } from "./personal-vault.js";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,iBAAiB,EACjB,cAAc,GACf,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,UAAU,EACV,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,UAAU,GACX,MAAM,SAAS,CAAC;AAEjB,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAExD,OAAO,EACL,WAAW,EACX,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,QAAQ,EACR,WAAW,EACX,cAAc,EAId,WAAW,EACX,YAAY,EAEZ,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,cAAc,EACd,cAAc,EACd,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,uBAAuB,EAMvB,2BAA2B,EAC3B,2BAA2B,GAC5B,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAGnD,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,uBAAuB,EACvB,0BAA0B,GAC3B,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,oBAAoB,EACpB,eAAe,EACf,yBAAyB,EACzB,qBAAqB,EACrB,sBAAsB,EACtB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,WAAW,EACX,iBAAiB,EACjB,aAAa,EACb,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,YAAY,EACZ,wBAAwB,EACxB,uBAAuB,EACvB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,EACtB,UAAU,GACX,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,YAAY,EACZ,aAAa,EACb,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,mBAAmB,EACnB,gBAAgB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,iBAAiB,EACjB,cAAc,GACf,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,UAAU,EACV,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,UAAU,GACX,MAAM,SAAS,CAAC;AAEjB,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAExD,OAAO,EACL,WAAW,EACX,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,QAAQ,EACR,WAAW,EACX,cAAc,EAId,WAAW,EACX,YAAY,EAEZ,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,cAAc,EACd,cAAc,EACd,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,uBAAuB,EAMvB,2BAA2B,EAC3B,2BAA2B,GAC5B,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAGnD,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,uBAAuB,EACvB,0BAA0B,GAC3B,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,oBAAoB,EACpB,eAAe,EACf,yBAAyB,EACzB,qBAAqB,EACrB,sBAAsB,EACtB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,WAAW,EACX,iBAAiB,EACjB,aAAa,EACb,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,YAAY,EACZ,wBAAwB,EACxB,uBAAuB,EACvB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,EACtB,UAAU,GACX,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,YAAY,EACZ,aAAa,EACb,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,iBAAiB,EACjB,aAAa,EACb,YAAY,GACb,MAAM,mBAAmB,CAAC;AAO3B,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC5E,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGvE,OAAO,EACL,iCAAiC,EACjC,qCAAqC,EACrC,yBAAyB,EACzB,6BAA6B,GAC9B,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAIhE,OAAO,EACL,iCAAiC,EACjC,uBAAuB,EACvB,2BAA2B,EAC3B,mCAAmC,GACpC,MAAM,gCAAgC,CAAC;AACxC,YAAY,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAG7E,OAAO,EAAE,WAAW,EAAE,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,0BAA0B,EAC1B,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,iBAAiB,EACjB,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,EACf,UAAU,EACV,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,EACtB,UAAU,EACV,iBAAiB,EACjB,oBAAoB,EACpB,2BAA2B,EAE3B,QAAQ,EACR,oBAAoB,EACpB,4BAA4B,EAC5B,aAAa,GACd,MAAM,mBAAmB,CAAC;AAK3B,OAAO,EAAE,uBAAuB,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AACtE,YAAY,EACV,uBAAuB,EACvB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,gBAAgB,CAAC;AAKxB,OAAO,EACL,4BAA4B,EAC5B,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EACV,4BAA4B,EAC5B,2BAA2B,EAC3B,UAAU,EACV,2BAA2B,GAC5B,MAAM,sBAAsB,CAAC;AAG9B,YAAY,EACV,UAAU,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,mBAAmB,GACpB,MAAM,mBAAmB,CAAC;AAG3B,YAAY,EACV,WAAW,EACX,cAAc,EACd,SAAS,EACT,UAAU,EACV,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC7C,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAC5G,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAC3D,YAAY,EAAE,gBAAgB,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAGzF,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACnE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC1G,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AACpD,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAClE,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACzC,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAGpE,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACzC,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAGpE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACzD,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAElE,YAAY,EACV,aAAa,EACb,gBAAgB,EAChB,kBAAkB,EAClB,UAAU,EACV,UAAU,EACV,WAAW,EACX,YAAY,EACZ,WAAW,EACX,UAAU,EACV,UAAU,EACV,UAAU,EACV,UAAU,EACV,WAAW,GACZ,MAAM,YAAY,CAAC;AAIpB,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,kBAAkB,EAClB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,yBAAyB,EACzB,iBAAiB,GAClB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAElE,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAG5D,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAG5D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAClE,YAAY,EACV,aAAa,EACb,cAAc,EACd,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,EACL,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAClE,YAAY,EACV,aAAa,EACb,cAAc,EACd,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,EACL,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAIhC,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,oBAAoB,EACpB,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,4BAA4B,EAC5B,kCAAkC,EAClC,yBAAyB,EACzB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,iBAAiB,CAAC;AACzB,YAAY,EACV,SAAS,EACT,oBAAoB,EACpB,aAAa,EACb,wBAAwB,EACxB,eAAe,EACf,SAAS,EACT,2BAA2B,EAC3B,kBAAkB,EAClB,gCAAgC,GACjC,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,YAAY,EACV,uBAAuB,EACvB,eAAe,EACf,kBAAkB,GACnB,MAAM,cAAc,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -27,7 +27,7 @@ export { buildScopeShrinkPlan, applyScopeShrink, ScopeShrinkBlockedError, ScopeS
|
|
|
27
27
|
export { resolveCompanyScope, batchPrefixesForVend, listRemoteForScope, pullCompany, decideRemotePulls, VEND_PATH_CAP, POST_FILTER_THRESHOLD, VEND_FANOUT_CONCURRENCY, } from "./remote-pull.js";
|
|
28
28
|
export { createIgnoreFilter, isWithinSizeLimit, } from "./ignore.js";
|
|
29
29
|
// Cognito browser-OAuth (VLT-9)
|
|
30
|
-
export { browserLogin, refreshTokens, loadCachedTokens, saveCachedTokens, clearCachedTokens, isExpiring, getValidAccessToken, CognitoAuthError, } from "./cognito-auth.js";
|
|
30
|
+
export { browserLogin, refreshTokens, loadCachedTokens, saveCachedTokens, clearCachedTokens, isExpiring, getValidAccessToken, CognitoAuthError, machineCredsFilePath, loadMachineCreds, isMachineIdentity, mintMachineTokens, getValidMachineTokens, } from "./cognito-auth.js";
|
|
31
31
|
// Per-company PULL scope resolver (US-005) — shared between hq-sync-runner and
|
|
32
32
|
// `hq sync pull|now` (hq-cli). Exported so hq-cli's foreground pull paths resolve
|
|
33
33
|
// the SAME effective scope the menubar runner does, instead of defaulting every
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,iBAAiB,EACjB,cAAc,GACf,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,UAAU,EACV,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,UAAU,GACX,MAAM,SAAS,CAAC;AAIjB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,QAAQ,EACR,WAAW,EACX,cAAc;AACd,4EAA4E;AAC5E,iEAAiE;AACjE,yEAAyE;AACzE,WAAW,EACX,YAAY;AACZ,sBAAsB;AACtB,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,cAAc,EACd,cAAc,EACd,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,uBAAuB;AACvB,6EAA6E;AAC7E,2EAA2E;AAC3E,sEAAsE;AACtE,6EAA6E;AAC7E,yEAAyE;AACzE,2BAA2B,EAC3B,2BAA2B,GAC5B,MAAM,cAAc,CAAC;AAItB,oCAAoC;AACpC,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAE9B,gDAAgD;AAChD,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,uBAAuB,EACvB,0BAA0B,GAC3B,MAAM,mBAAmB,CAAC;AAW3B,qDAAqD;AACrD,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,WAAW,EACX,iBAAiB,EACjB,aAAa,EACb,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,kBAAkB,CAAC;AAY1B,OAAO,EACL,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAErB,gCAAgC;AAChC,OAAO,EACL,YAAY,EACZ,aAAa,EACb,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,mBAAmB,EACnB,gBAAgB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,iBAAiB,EACjB,cAAc,GACf,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,UAAU,EACV,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,UAAU,GACX,MAAM,SAAS,CAAC;AAIjB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,QAAQ,EACR,WAAW,EACX,cAAc;AACd,4EAA4E;AAC5E,iEAAiE;AACjE,yEAAyE;AACzE,WAAW,EACX,YAAY;AACZ,sBAAsB;AACtB,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,cAAc,EACd,cAAc,EACd,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,uBAAuB;AACvB,6EAA6E;AAC7E,2EAA2E;AAC3E,sEAAsE;AACtE,6EAA6E;AAC7E,yEAAyE;AACzE,2BAA2B,EAC3B,2BAA2B,GAC5B,MAAM,cAAc,CAAC;AAItB,oCAAoC;AACpC,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAE9B,gDAAgD;AAChD,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,uBAAuB,EACvB,0BAA0B,GAC3B,MAAM,mBAAmB,CAAC;AAW3B,qDAAqD;AACrD,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,WAAW,EACX,iBAAiB,EACjB,aAAa,EACb,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,kBAAkB,CAAC;AAY1B,OAAO,EACL,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAErB,gCAAgC;AAChC,OAAO,EACL,YAAY,EACZ,aAAa,EACb,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAO3B,+EAA+E;AAC/E,kFAAkF;AAClF,gFAAgF;AAChF,gFAAgF;AAChF,aAAa;AACb,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAG5E,6EAA6E;AAC7E,OAAO,EACL,iCAAiC,EACjC,qCAAqC,EACrC,yBAAyB,EACzB,6BAA6B,GAC9B,MAAM,qBAAqB,CAAC;AAG7B,2EAA2E;AAC3E,kEAAkE;AAClE,OAAO,EACL,iCAAiC,EACjC,uBAAuB,EACvB,2BAA2B,EAC3B,mCAAmC,GACpC,MAAM,gCAAgC,CAAC;AAGxC,0BAA0B;AAC1B,OAAO,EAAE,WAAW,EAAE,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,0BAA0B,EAC1B,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAyB3B,8EAA8E;AAC9E,4EAA4E;AAC5E,2DAA2D;AAC3D,OAAO,EAAE,uBAAuB,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAOtE,4EAA4E;AAC5E,0EAA0E;AAC1E,2EAA2E;AAC3E,OAAO,EACL,4BAA4B,EAC5B,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AA0B9B,eAAe;AACf,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAE7C,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAG3D,kCAAkC;AAClC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAGzC,4EAA4E;AAC5E,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAGzC,gFAAgF;AAChF,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAmBzD,2EAA2E;AAC3E,0EAA0E;AAC1E,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,kBAAkB,EAClB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAE1B,6CAA6C;AAC7C,OAAO,EACL,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,yBAAyB,EACzB,iBAAiB,GAClB,MAAM,8BAA8B,CAAC;AAGtC,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,2BAA2B,CAAC;AAGnC,yDAAyD;AACzD,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAG9B,uBAAuB;AACvB,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AASlE,oEAAoE;AACpE,sDAAsD;AACtD,OAAO,EACL,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAEhC,uBAAuB;AACvB,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AASlE,oEAAoE;AACpE,sDAAsD;AACtD,OAAO,EACL,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAEhC,4EAA4E;AAC5E,6EAA6E;AAC7E,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,oBAAoB,EACpB,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,4BAA4B,EAC5B,kCAAkC,EAClC,yBAAyB,EACzB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,iBAAiB,CAAC;AAazB,2EAA2E;AAC3E,6BAA6B;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Unit tests for the machine-identity auth mode in cognito-auth.ts.
|
|
3
|
+
*
|
|
4
|
+
* Machine identities (company agents) carry long-lived Cognito creds at
|
|
5
|
+
* ~/.hq-agent/machine-creds.json (HQ_MACHINE_CREDS_FILE override) and mint
|
|
6
|
+
* sessions via USER_PASSWORD_AUTH on demand — no browser, no refresh token.
|
|
7
|
+
* The contract under test:
|
|
8
|
+
* - detection: creds file present + well-formed → machine mode
|
|
9
|
+
* - minting: BOTH tokens cached with correct field semantics
|
|
10
|
+
* - re-mint on expiry; cache hit when valid
|
|
11
|
+
* - getValidAccessToken short-circuits into machine mode (never browser)
|
|
12
|
+
*/
|
|
13
|
+
export {};
|
|
14
|
+
//# sourceMappingURL=machine-auth.test.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"machine-auth.test.d.ts","sourceRoot":"","sources":["../src/machine-auth.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG"}
|
|
@@ -0,0 +1,249 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Unit tests for the machine-identity auth mode in cognito-auth.ts.
|
|
3
|
+
*
|
|
4
|
+
* Machine identities (company agents) carry long-lived Cognito creds at
|
|
5
|
+
* ~/.hq-agent/machine-creds.json (HQ_MACHINE_CREDS_FILE override) and mint
|
|
6
|
+
* sessions via USER_PASSWORD_AUTH on demand — no browser, no refresh token.
|
|
7
|
+
* The contract under test:
|
|
8
|
+
* - detection: creds file present + well-formed → machine mode
|
|
9
|
+
* - minting: BOTH tokens cached with correct field semantics
|
|
10
|
+
* - re-mint on expiry; cache hit when valid
|
|
11
|
+
* - getValidAccessToken short-circuits into machine mode (never browser)
|
|
12
|
+
*/
|
|
13
|
+
import * as fs from "fs";
|
|
14
|
+
import * as os from "os";
|
|
15
|
+
import * as path from "path";
|
|
16
|
+
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
|
|
17
|
+
let originalHome;
|
|
18
|
+
let originalCredsEnv;
|
|
19
|
+
let tmpHome;
|
|
20
|
+
beforeEach(() => {
|
|
21
|
+
originalHome = process.env.HOME;
|
|
22
|
+
originalCredsEnv = process.env.HQ_MACHINE_CREDS_FILE;
|
|
23
|
+
tmpHome = fs.mkdtempSync(path.join(os.tmpdir(), "hq-machine-auth-test-"));
|
|
24
|
+
process.env.HOME = tmpHome;
|
|
25
|
+
delete process.env.HQ_MACHINE_CREDS_FILE;
|
|
26
|
+
vi.resetModules();
|
|
27
|
+
});
|
|
28
|
+
afterEach(() => {
|
|
29
|
+
if (originalHome === undefined)
|
|
30
|
+
delete process.env.HOME;
|
|
31
|
+
else
|
|
32
|
+
process.env.HOME = originalHome;
|
|
33
|
+
if (originalCredsEnv === undefined)
|
|
34
|
+
delete process.env.HQ_MACHINE_CREDS_FILE;
|
|
35
|
+
else
|
|
36
|
+
process.env.HQ_MACHINE_CREDS_FILE = originalCredsEnv;
|
|
37
|
+
fs.rmSync(tmpHome, { recursive: true, force: true });
|
|
38
|
+
vi.unstubAllGlobals();
|
|
39
|
+
vi.restoreAllMocks();
|
|
40
|
+
});
|
|
41
|
+
async function importModule() {
|
|
42
|
+
return await import("./cognito-auth.js");
|
|
43
|
+
}
|
|
44
|
+
const CONFIG = {
|
|
45
|
+
region: "us-east-1",
|
|
46
|
+
userPoolDomain: "vault-indigo-hq-prod",
|
|
47
|
+
clientId: "test-client-id",
|
|
48
|
+
};
|
|
49
|
+
function writeCreds(creds = { username: "machine-agt_01TEST", secret: "s3cret" }) {
|
|
50
|
+
const dir = path.join(tmpHome, ".hq-agent");
|
|
51
|
+
fs.mkdirSync(dir, { recursive: true });
|
|
52
|
+
const file = path.join(dir, "machine-creds.json");
|
|
53
|
+
fs.writeFileSync(file, JSON.stringify(creds));
|
|
54
|
+
return file;
|
|
55
|
+
}
|
|
56
|
+
/** Build a fake JWT whose payload decodes to the given claims. */
|
|
57
|
+
function fakeJwt(claims) {
|
|
58
|
+
const enc = (o) => Buffer.from(JSON.stringify(o)).toString("base64url");
|
|
59
|
+
return `${enc({ alg: "RS256", kid: "k" })}.${enc(claims)}.sig`;
|
|
60
|
+
}
|
|
61
|
+
function stubMintFetch(overrides = {}) {
|
|
62
|
+
const calls = [];
|
|
63
|
+
const fetchMock = vi.fn(async (url, init) => {
|
|
64
|
+
calls.push({ url: String(url), init: init ?? {} });
|
|
65
|
+
return new Response(JSON.stringify({
|
|
66
|
+
AuthenticationResult: {
|
|
67
|
+
AccessToken: overrides.AccessToken ??
|
|
68
|
+
fakeJwt({ token_use: "access", client_id: CONFIG.clientId }),
|
|
69
|
+
IdToken: overrides.IdToken ?? fakeJwt({ token_use: "id" }),
|
|
70
|
+
RefreshToken: overrides.RefreshToken,
|
|
71
|
+
ExpiresIn: overrides.ExpiresIn ?? 3600,
|
|
72
|
+
},
|
|
73
|
+
}), { status: 200 });
|
|
74
|
+
});
|
|
75
|
+
vi.stubGlobal("fetch", fetchMock);
|
|
76
|
+
return { fetchMock, calls };
|
|
77
|
+
}
|
|
78
|
+
// ---------------------------------------------------------------------------
|
|
79
|
+
// Detection
|
|
80
|
+
// ---------------------------------------------------------------------------
|
|
81
|
+
describe("machine identity detection", () => {
|
|
82
|
+
it("is off when no creds file exists", async () => {
|
|
83
|
+
const { isMachineIdentity, loadMachineCreds } = await importModule();
|
|
84
|
+
expect(loadMachineCreds()).toBeNull();
|
|
85
|
+
expect(isMachineIdentity()).toBe(false);
|
|
86
|
+
});
|
|
87
|
+
it("detects creds at the default ~/.hq-agent path", async () => {
|
|
88
|
+
writeCreds();
|
|
89
|
+
const { isMachineIdentity, loadMachineCreds } = await importModule();
|
|
90
|
+
expect(loadMachineCreds()).toEqual({
|
|
91
|
+
username: "machine-agt_01TEST",
|
|
92
|
+
secret: "s3cret",
|
|
93
|
+
clientId: undefined,
|
|
94
|
+
region: undefined,
|
|
95
|
+
});
|
|
96
|
+
expect(isMachineIdentity()).toBe(true);
|
|
97
|
+
});
|
|
98
|
+
it("detects provisioned-shape creds (agt-<ulid>@agents domain + clientId/region)", async () => {
|
|
99
|
+
writeCreds({
|
|
100
|
+
username: "agt-01ktt1rjj6kqrhnhhst0k4vrgt@agents.getindigo.ai",
|
|
101
|
+
secret: "s3cret",
|
|
102
|
+
clientId: "agent-client-1",
|
|
103
|
+
region: "us-east-1",
|
|
104
|
+
userPoolId: "us-east-1_pool",
|
|
105
|
+
});
|
|
106
|
+
const { isMachineIdentity, loadMachineCreds } = await importModule();
|
|
107
|
+
expect(loadMachineCreds()).toEqual({
|
|
108
|
+
username: "agt-01ktt1rjj6kqrhnhhst0k4vrgt@agents.getindigo.ai",
|
|
109
|
+
secret: "s3cret",
|
|
110
|
+
clientId: "agent-client-1",
|
|
111
|
+
region: "us-east-1",
|
|
112
|
+
});
|
|
113
|
+
expect(isMachineIdentity()).toBe(true);
|
|
114
|
+
});
|
|
115
|
+
it("honors HQ_MACHINE_CREDS_FILE override", async () => {
|
|
116
|
+
const custom = path.join(tmpHome, "elsewhere.json");
|
|
117
|
+
fs.writeFileSync(custom, JSON.stringify({ username: "machine-agt_X", secret: "y" }));
|
|
118
|
+
process.env.HQ_MACHINE_CREDS_FILE = custom;
|
|
119
|
+
const { loadMachineCreds, machineCredsFilePath } = await importModule();
|
|
120
|
+
expect(machineCredsFilePath()).toBe(custom);
|
|
121
|
+
expect(loadMachineCreds()?.username).toBe("machine-agt_X");
|
|
122
|
+
});
|
|
123
|
+
it("rejects malformed creds (missing secret, empty username, bad JSON)", async () => {
|
|
124
|
+
const { loadMachineCreds } = await importModule();
|
|
125
|
+
writeCreds({ username: "", secret: "x" });
|
|
126
|
+
expect(loadMachineCreds()).toBeNull();
|
|
127
|
+
writeCreds({ username: "machine-agt_01TEST" });
|
|
128
|
+
expect(loadMachineCreds()).toBeNull();
|
|
129
|
+
fs.writeFileSync(path.join(tmpHome, ".hq-agent", "machine-creds.json"), "{nope");
|
|
130
|
+
expect(loadMachineCreds()).toBeNull();
|
|
131
|
+
});
|
|
132
|
+
});
|
|
133
|
+
// ---------------------------------------------------------------------------
|
|
134
|
+
// Minting
|
|
135
|
+
// ---------------------------------------------------------------------------
|
|
136
|
+
describe("mintMachineTokens", () => {
|
|
137
|
+
it("prefers the creds file's clientId/region over config (agent app client has USER_PASSWORD_AUTH)", async () => {
|
|
138
|
+
writeCreds({
|
|
139
|
+
username: "agt-01ktt1rjj6kqrhnhhst0k4vrgt@agents.getindigo.ai",
|
|
140
|
+
secret: "s3cret",
|
|
141
|
+
clientId: "agent-client-1",
|
|
142
|
+
region: "eu-west-1",
|
|
143
|
+
});
|
|
144
|
+
const { calls } = stubMintFetch();
|
|
145
|
+
const { mintMachineTokens } = await importModule();
|
|
146
|
+
await mintMachineTokens(CONFIG);
|
|
147
|
+
expect(calls[0].url).toBe("https://cognito-idp.eu-west-1.amazonaws.com/");
|
|
148
|
+
const body = JSON.parse(String(calls[0].init.body));
|
|
149
|
+
expect(body.ClientId).toBe("agent-client-1");
|
|
150
|
+
});
|
|
151
|
+
it("mints via USER_PASSWORD_AUTH and caches both tokens with correct fields", async () => {
|
|
152
|
+
writeCreds();
|
|
153
|
+
const { calls } = stubMintFetch({ RefreshToken: "rt" });
|
|
154
|
+
const { mintMachineTokens, loadCachedTokens } = await importModule();
|
|
155
|
+
const tokens = await mintMachineTokens(CONFIG);
|
|
156
|
+
// Request shape: Cognito IDP InitiateAuth with the machine creds.
|
|
157
|
+
expect(calls).toHaveLength(1);
|
|
158
|
+
expect(calls[0].url).toBe("https://cognito-idp.us-east-1.amazonaws.com/");
|
|
159
|
+
const body = JSON.parse(String(calls[0].init.body));
|
|
160
|
+
expect(body).toMatchObject({
|
|
161
|
+
AuthFlow: "USER_PASSWORD_AUTH",
|
|
162
|
+
ClientId: CONFIG.clientId,
|
|
163
|
+
AuthParameters: { USERNAME: "machine-agt_01TEST", PASSWORD: "s3cret" },
|
|
164
|
+
});
|
|
165
|
+
// Field semantics: access token in accessToken, id token in idToken.
|
|
166
|
+
const accessClaims = JSON.parse(Buffer.from(tokens.accessToken.split(".")[1], "base64url").toString());
|
|
167
|
+
const idClaims = JSON.parse(Buffer.from(tokens.idToken.split(".")[1], "base64url").toString());
|
|
168
|
+
expect(accessClaims.token_use).toBe("access");
|
|
169
|
+
expect(idClaims.token_use).toBe("id");
|
|
170
|
+
expect(tokens.refreshToken).toBe("rt");
|
|
171
|
+
expect(typeof tokens.expiresAt).toBe("number");
|
|
172
|
+
// Persisted to the shared cache file.
|
|
173
|
+
expect(loadCachedTokens()).toEqual(tokens);
|
|
174
|
+
});
|
|
175
|
+
it("throws CognitoAuthError on auth failure", async () => {
|
|
176
|
+
writeCreds();
|
|
177
|
+
vi.stubGlobal("fetch", vi.fn(async () => new Response(JSON.stringify({ __type: "NotAuthorizedException", message: "nope" }), { status: 400 })));
|
|
178
|
+
const { mintMachineTokens, CognitoAuthError } = await importModule();
|
|
179
|
+
await expect(mintMachineTokens(CONFIG)).rejects.toBeInstanceOf(CognitoAuthError);
|
|
180
|
+
});
|
|
181
|
+
it("throws when no creds are present", async () => {
|
|
182
|
+
const { mintMachineTokens, CognitoAuthError } = await importModule();
|
|
183
|
+
await expect(mintMachineTokens(CONFIG)).rejects.toBeInstanceOf(CognitoAuthError);
|
|
184
|
+
});
|
|
185
|
+
});
|
|
186
|
+
// ---------------------------------------------------------------------------
|
|
187
|
+
// getValidMachineTokens — cache vs re-mint
|
|
188
|
+
// ---------------------------------------------------------------------------
|
|
189
|
+
describe("getValidMachineTokens", () => {
|
|
190
|
+
it("returns the cache when valid without touching the network", async () => {
|
|
191
|
+
writeCreds();
|
|
192
|
+
const { fetchMock } = stubMintFetch();
|
|
193
|
+
const { saveCachedTokens, getValidMachineTokens } = await importModule();
|
|
194
|
+
const cached = {
|
|
195
|
+
accessToken: fakeJwt({ token_use: "access", client_id: CONFIG.clientId }),
|
|
196
|
+
idToken: fakeJwt({ token_use: "id" }),
|
|
197
|
+
refreshToken: "",
|
|
198
|
+
expiresAt: Date.now() + 30 * 60 * 1000,
|
|
199
|
+
tokenType: "Bearer",
|
|
200
|
+
};
|
|
201
|
+
saveCachedTokens(cached);
|
|
202
|
+
const tokens = await getValidMachineTokens(CONFIG);
|
|
203
|
+
expect(tokens).toEqual(cached);
|
|
204
|
+
expect(fetchMock).not.toHaveBeenCalled();
|
|
205
|
+
});
|
|
206
|
+
it("re-mints when the cache is expiring", async () => {
|
|
207
|
+
writeCreds();
|
|
208
|
+
const { fetchMock } = stubMintFetch();
|
|
209
|
+
const { saveCachedTokens, getValidMachineTokens } = await importModule();
|
|
210
|
+
saveCachedTokens({
|
|
211
|
+
accessToken: fakeJwt({ token_use: "access", client_id: CONFIG.clientId }),
|
|
212
|
+
idToken: fakeJwt({ token_use: "id" }),
|
|
213
|
+
refreshToken: "",
|
|
214
|
+
expiresAt: Date.now() + 10 * 1000,
|
|
215
|
+
tokenType: "Bearer",
|
|
216
|
+
});
|
|
217
|
+
await getValidMachineTokens(CONFIG);
|
|
218
|
+
expect(fetchMock).toHaveBeenCalledTimes(1);
|
|
219
|
+
});
|
|
220
|
+
it("re-mints when the cached token targets a different app client", async () => {
|
|
221
|
+
writeCreds();
|
|
222
|
+
const { fetchMock } = stubMintFetch();
|
|
223
|
+
const { saveCachedTokens, getValidMachineTokens } = await importModule();
|
|
224
|
+
saveCachedTokens({
|
|
225
|
+
accessToken: fakeJwt({ token_use: "access", client_id: "other-client" }),
|
|
226
|
+
idToken: fakeJwt({ token_use: "id" }),
|
|
227
|
+
refreshToken: "",
|
|
228
|
+
expiresAt: Date.now() + 30 * 60 * 1000,
|
|
229
|
+
tokenType: "Bearer",
|
|
230
|
+
});
|
|
231
|
+
await getValidMachineTokens(CONFIG);
|
|
232
|
+
expect(fetchMock).toHaveBeenCalledTimes(1);
|
|
233
|
+
});
|
|
234
|
+
});
|
|
235
|
+
// ---------------------------------------------------------------------------
|
|
236
|
+
// getValidAccessToken — machine-mode short circuit
|
|
237
|
+
// ---------------------------------------------------------------------------
|
|
238
|
+
describe("getValidAccessToken in machine mode", () => {
|
|
239
|
+
it("mints via machine creds instead of refreshing or opening a browser", async () => {
|
|
240
|
+
writeCreds();
|
|
241
|
+
const { calls } = stubMintFetch();
|
|
242
|
+
const { getValidAccessToken } = await importModule();
|
|
243
|
+
const token = await getValidAccessToken(CONFIG, { interactive: false });
|
|
244
|
+
expect(calls).toHaveLength(1);
|
|
245
|
+
const claims = JSON.parse(Buffer.from(token.split(".")[1], "base64url").toString());
|
|
246
|
+
expect(claims.token_use).toBe("access");
|
|
247
|
+
});
|
|
248
|
+
});
|
|
249
|
+
//# sourceMappingURL=machine-auth.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"machine-auth.test.js","sourceRoot":"","sources":["../src/machine-auth.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAEzE,IAAI,YAAgC,CAAC;AACrC,IAAI,gBAAoC,CAAC;AACzC,IAAI,OAAe,CAAC;AAEpB,UAAU,CAAC,GAAG,EAAE;IACd,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;IAChC,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IACrD,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,OAAO,CAAC;IAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IACzC,EAAE,CAAC,YAAY,EAAE,CAAC;AACpB,CAAC,CAAC,CAAC;AAEH,SAAS,CAAC,GAAG,EAAE;IACb,IAAI,YAAY,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;;QACnD,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC;IACrC,IAAI,gBAAgB,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;;QACxE,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,gBAAgB,CAAC;IAC1D,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,EAAE,CAAC,gBAAgB,EAAE,CAAC;IACtB,EAAE,CAAC,eAAe,EAAE,CAAC;AACvB,CAAC,CAAC,CAAC;AAEH,KAAK,UAAU,YAAY;IACzB,OAAO,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,MAAM,GAAG;IACb,MAAM,EAAE,WAAW;IACnB,cAAc,EAAE,sBAAsB;IACtC,QAAQ,EAAE,gBAAgB;CAC3B,CAAC;AAEF,SAAS,UAAU,CACjB,QAAiB,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,EAAE,QAAQ,EAAE;IAErE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAC5C,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;IAClD,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,kEAAkE;AAClE,SAAS,OAAO,CAAC,MAA+B;IAC9C,MAAM,GAAG,GAAG,CAAC,CAAU,EAAE,EAAE,CACzB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvD,OAAO,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC;AACjE,CAAC;AAED,SAAS,aAAa,CACpB,YAKK,EAAE;IAEP,MAAM,KAAK,GAA8C,EAAE,CAAC;IAC5D,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,GAAiB,EAAE,IAAkB,EAAE,EAAE;QACtE,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QACnD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;YACb,oBAAoB,EAAE;gBACpB,WAAW,EACT,SAAS,CAAC,WAAW;oBACrB,OAAO,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC9D,OAAO,EAAE,SAAS,CAAC,OAAO,IAAI,OAAO,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;gBAC1D,YAAY,EAAE,SAAS,CAAC,YAAY;gBACpC,SAAS,EAAE,SAAS,CAAC,SAAS,IAAI,IAAI;aACvC;SACF,CAAC,EACF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAClC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AAC9B,CAAC;AAED,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;IAC1C,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACrE,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACrE,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC,OAAO,CAAC;YACjC,QAAQ,EAAE,oBAAoB;YAC9B,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,SAAS;SAClB,CAAC,CAAC;QACH,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8EAA8E,EAAE,KAAK,IAAI,EAAE;QAC5F,UAAU,CAAC;YACT,QAAQ,EAAE,oDAAoD;YAC9D,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,gBAAgB;YAC1B,MAAM,EAAE,WAAW;YACnB,UAAU,EAAE,gBAAgB;SAC7B,CAAC,CAAC;QACH,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACrE,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC,OAAO,CAAC;YACjC,QAAQ,EAAE,oDAAoD;YAC9D,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,gBAAgB;YAC1B,MAAM,EAAE,WAAW;SACpB,CAAC,CAAC;QACH,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;QACpD,EAAE,CAAC,aAAa,CACd,MAAM,EACN,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAC3D,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,MAAM,CAAC;QAC3C,MAAM,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACxE,MAAM,CAAC,oBAAoB,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,CAAC,gBAAgB,EAAE,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAClD,UAAU,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1C,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;QACtC,UAAU,CAAC,EAAE,QAAQ,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAC/C,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;QACtC,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,oBAAoB,CAAC,EAAE,OAAO,CAAC,CAAC;QACjF,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,gGAAgG,EAAE,KAAK,IAAI,EAAE;QAC9G,UAAU,CAAC;YACT,QAAQ,EAAE,oDAAoD;YAC9D,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,gBAAgB;YAC1B,MAAM,EAAE,WAAW;SACpB,CAAC,CAAC;QACH,MAAM,EAAE,KAAK,EAAE,GAAG,aAAa,EAAE,CAAC;QAClC,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACnD,MAAM,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAChC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QAC1E,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QACxD,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAErE,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAE/C,kEAAkE;QAClE,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QAC1E,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,CAAC,aAAa,CAAC;YACzB,QAAQ,EAAE,oBAAoB;YAC9B,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,cAAc,EAAE,EAAE,QAAQ,EAAE,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,EAAE;SACvE,CAAC,CAAC;QAEH,qEAAqE;QACrE,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAC7B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CACtE,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CACzB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAClE,CAAC;QACF,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,CAAC,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE/C,sCAAsC;QACtC,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,UAAU,EAAE,CAAC;QACb,EAAE,CAAC,UAAU,CACX,OAAO,EACP,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CACf,IAAI,QAAQ,CACV,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,wBAAwB,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,EACrE,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CACF,CACF,CAAC;QACF,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACrE,MAAM,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAC5D,gBAAgB,CACjB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACrE,MAAM,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAC5D,gBAAgB,CACjB,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,2CAA2C;AAC3C,8EAA8E;AAE9E,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,SAAS,EAAE,GAAG,aAAa,EAAE,CAAC;QACtC,MAAM,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACzE,MAAM,MAAM,GAAG;YACb,WAAW,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzE,OAAO,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;YACrC,YAAY,EAAE,EAAE;YAChB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;YACtC,SAAS,EAAE,QAAiB;SAC7B,CAAC;QACF,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAEzB,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,SAAS,EAAE,GAAG,aAAa,EAAE,CAAC;QACtC,MAAM,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACzE,gBAAgB,CAAC;YACf,WAAW,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzE,OAAO,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;YACrC,YAAY,EAAE,EAAE;YAChB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;YACjC,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QAEH,MAAM,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,CAAC,SAAS,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,SAAS,EAAE,GAAG,aAAa,EAAE,CAAC;QACtC,MAAM,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QACzE,gBAAgB,CAAC;YACf,WAAW,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC;YACxE,OAAO,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;YACrC,YAAY,EAAE,EAAE;YAChB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;YACtC,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QAEH,MAAM,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,CAAC,SAAS,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,mDAAmD;AACnD,8EAA8E;AAE9E,QAAQ,CAAC,qCAAqC,EAAE,GAAG,EAAE;IACnD,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,KAAK,EAAE,GAAG,aAAa,EAAE,CAAC;QAClC,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAErD,MAAM,KAAK,GAAG,MAAM,mBAAmB,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,CAAC;QAExE,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CACvB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CACzD,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@indigoai-us/hq-cloud",
|
|
3
|
-
"version": "6.
|
|
4
|
-
"description": "HQ by Indigo cloud sync engine
|
|
3
|
+
"version": "6.7.1",
|
|
4
|
+
"description": "HQ by Indigo cloud sync engine — bidirectional S3 sync for mobile access",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
7
|
"bin": {
|
package/src/cognito-auth.ts
CHANGED
|
@@ -147,6 +147,181 @@ export function decodeAccessTokenClientId(accessToken: string): string | null {
|
|
|
147
147
|
}
|
|
148
148
|
}
|
|
149
149
|
|
|
150
|
+
// ---------------------------------------------------------------------------
|
|
151
|
+
// Machine identity (company agents)
|
|
152
|
+
// ---------------------------------------------------------------------------
|
|
153
|
+
//
|
|
154
|
+
// HQ company agents run headless on their own boxes with long-lived Cognito
|
|
155
|
+
// MACHINE credentials ({username: "machine-agt_<ulid>", secret}) provisioned
|
|
156
|
+
// by hq-pro's agent bootstrap and stored at ~/.hq-agent/machine-creds.json.
|
|
157
|
+
// There is no browser, no Hosted UI, and no refresh-token dance: the creds
|
|
158
|
+
// never expire, so the CLI simply re-mints a session via USER_PASSWORD_AUTH
|
|
159
|
+
// whenever the cached tokens are missing or expiring.
|
|
160
|
+
//
|
|
161
|
+
// Token semantics matter here. The agent's identity claims
|
|
162
|
+
// (custom:entityType=agent, custom:entityUid=agt_*) ride the ID token only;
|
|
163
|
+
// APIs that verify token_use=access (e.g. hq-deploy) need the real access
|
|
164
|
+
// token. Both are cached with correct field semantics — callers pick the
|
|
165
|
+
// token type each API actually validates.
|
|
166
|
+
|
|
167
|
+
export interface MachineCreds {
|
|
168
|
+
/** Cognito username (live boxes: "agt-<ulid>@agents.getindigo.ai"). */
|
|
169
|
+
username: string;
|
|
170
|
+
/** Long-lived machine secret (USER_PASSWORD_AUTH password). */
|
|
171
|
+
secret: string;
|
|
172
|
+
/** App client to mint against — provisioned creds carry their own
|
|
173
|
+
* (USER_PASSWORD_AUTH must be enabled on it); falls back to config. */
|
|
174
|
+
clientId?: string;
|
|
175
|
+
/** Cognito region for the mint endpoint; falls back to config. */
|
|
176
|
+
region?: string;
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
/** Resolve the machine-creds file path (HQ_MACHINE_CREDS_FILE overrides). */
|
|
180
|
+
export function machineCredsFilePath(): string {
|
|
181
|
+
return (
|
|
182
|
+
process.env.HQ_MACHINE_CREDS_FILE ??
|
|
183
|
+
path.join(os.homedir(), ".hq-agent", "machine-creds.json")
|
|
184
|
+
);
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
/**
|
|
188
|
+
* Load machine credentials, or null when this process is not running as a
|
|
189
|
+
* machine identity (no creds file / unreadable / malformed).
|
|
190
|
+
*/
|
|
191
|
+
export function loadMachineCreds(): MachineCreds | null {
|
|
192
|
+
const file = machineCredsFilePath();
|
|
193
|
+
try {
|
|
194
|
+
if (!fs.existsSync(file)) return null;
|
|
195
|
+
const raw = JSON.parse(fs.readFileSync(file, "utf-8")) as {
|
|
196
|
+
username?: unknown;
|
|
197
|
+
secret?: unknown;
|
|
198
|
+
clientId?: unknown;
|
|
199
|
+
region?: unknown;
|
|
200
|
+
};
|
|
201
|
+
// The creds FILE is the machine-identity signal — no username-shape
|
|
202
|
+
// gate. (6.7.0 required a "machine-" prefix, but live boxes are
|
|
203
|
+
// provisioned with "agt-<ulid>@agents.getindigo.ai", so detection
|
|
204
|
+
// never engaged on the first real agent box, 2026-06-12.)
|
|
205
|
+
if (
|
|
206
|
+
typeof raw.username === "string" &&
|
|
207
|
+
raw.username.length > 0 &&
|
|
208
|
+
typeof raw.secret === "string" &&
|
|
209
|
+
raw.secret.length > 0
|
|
210
|
+
) {
|
|
211
|
+
return {
|
|
212
|
+
username: raw.username,
|
|
213
|
+
secret: raw.secret,
|
|
214
|
+
clientId: typeof raw.clientId === "string" ? raw.clientId : undefined,
|
|
215
|
+
region: typeof raw.region === "string" ? raw.region : undefined,
|
|
216
|
+
};
|
|
217
|
+
}
|
|
218
|
+
return null;
|
|
219
|
+
} catch {
|
|
220
|
+
return null;
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
|
|
224
|
+
/** True when machine credentials are present — the CLI is a machine identity. */
|
|
225
|
+
export function isMachineIdentity(): boolean {
|
|
226
|
+
return loadMachineCreds() !== null;
|
|
227
|
+
}
|
|
228
|
+
|
|
229
|
+
interface InitiateAuthResponse {
|
|
230
|
+
AuthenticationResult?: {
|
|
231
|
+
AccessToken?: string;
|
|
232
|
+
IdToken?: string;
|
|
233
|
+
RefreshToken?: string;
|
|
234
|
+
ExpiresIn?: number;
|
|
235
|
+
};
|
|
236
|
+
ChallengeName?: string;
|
|
237
|
+
__type?: string;
|
|
238
|
+
message?: string;
|
|
239
|
+
}
|
|
240
|
+
|
|
241
|
+
/**
|
|
242
|
+
* Mint a fresh session for the machine identity via USER_PASSWORD_AUTH
|
|
243
|
+
* against the Cognito IDP endpoint (plain unsigned HTTP — no AWS SDK
|
|
244
|
+
* dependency). Caches BOTH tokens with correct field semantics and returns
|
|
245
|
+
* them.
|
|
246
|
+
*/
|
|
247
|
+
export async function mintMachineTokens(
|
|
248
|
+
config: CognitoAuthConfig,
|
|
249
|
+
creds?: MachineCreds,
|
|
250
|
+
): Promise<CognitoTokens> {
|
|
251
|
+
const machineCreds = creds ?? loadMachineCreds();
|
|
252
|
+
if (!machineCreds) {
|
|
253
|
+
throw new CognitoAuthError(
|
|
254
|
+
`No machine credentials found at ${machineCredsFilePath()}`,
|
|
255
|
+
);
|
|
256
|
+
}
|
|
257
|
+
// Prefer the creds file's own clientId/region: provisioning pairs the
|
|
258
|
+
// machine user with an app client that has USER_PASSWORD_AUTH enabled,
|
|
259
|
+
// which the CLI's default (browser) client may not.
|
|
260
|
+
const region = machineCreds.region ?? config.region;
|
|
261
|
+
const clientId = machineCreds.clientId ?? config.clientId;
|
|
262
|
+
const res = await fetch(
|
|
263
|
+
`https://cognito-idp.${region}.amazonaws.com/`,
|
|
264
|
+
{
|
|
265
|
+
method: "POST",
|
|
266
|
+
headers: {
|
|
267
|
+
"Content-Type": "application/x-amz-json-1.1",
|
|
268
|
+
"X-Amz-Target": "AWSCognitoIdentityProviderService.InitiateAuth",
|
|
269
|
+
},
|
|
270
|
+
body: JSON.stringify({
|
|
271
|
+
AuthFlow: "USER_PASSWORD_AUTH",
|
|
272
|
+
ClientId: clientId,
|
|
273
|
+
AuthParameters: {
|
|
274
|
+
USERNAME: machineCreds.username,
|
|
275
|
+
PASSWORD: machineCreds.secret,
|
|
276
|
+
},
|
|
277
|
+
}),
|
|
278
|
+
},
|
|
279
|
+
);
|
|
280
|
+
const data = (await res.json().catch(() => ({}))) as InitiateAuthResponse;
|
|
281
|
+
if (!res.ok) {
|
|
282
|
+
throw new CognitoAuthError(
|
|
283
|
+
`Machine token mint failed (${res.status}): ${data.__type ?? ""} ${data.message ?? ""}`.trim(),
|
|
284
|
+
);
|
|
285
|
+
}
|
|
286
|
+
const result = data.AuthenticationResult;
|
|
287
|
+
if (!result?.AccessToken || !result?.IdToken) {
|
|
288
|
+
throw new CognitoAuthError(
|
|
289
|
+
`Machine token mint returned no tokens${data.ChallengeName ? ` (challenge: ${data.ChallengeName})` : ""}`,
|
|
290
|
+
);
|
|
291
|
+
}
|
|
292
|
+
const tokens: CognitoTokens = {
|
|
293
|
+
accessToken: result.AccessToken,
|
|
294
|
+
idToken: result.IdToken,
|
|
295
|
+
// Machine creds never expire — expiry is handled by re-minting, so the
|
|
296
|
+
// refresh token (when Cognito returns one at all) is never exercised.
|
|
297
|
+
refreshToken: result.RefreshToken ?? "",
|
|
298
|
+
expiresAt: Date.now() + (result.ExpiresIn ?? 3600) * 1000,
|
|
299
|
+
tokenType: "Bearer",
|
|
300
|
+
};
|
|
301
|
+
saveCachedTokens(tokens);
|
|
302
|
+
return tokens;
|
|
303
|
+
}
|
|
304
|
+
|
|
305
|
+
/**
|
|
306
|
+
* Return a valid (non-expiring) machine session, re-minting on demand.
|
|
307
|
+
* Cache-hit path never touches the network.
|
|
308
|
+
*/
|
|
309
|
+
export async function getValidMachineTokens(
|
|
310
|
+
config: CognitoAuthConfig,
|
|
311
|
+
): Promise<CognitoTokens> {
|
|
312
|
+
const cached = loadCachedTokens();
|
|
313
|
+
if (cached && !isExpiring(cached, 120)) {
|
|
314
|
+
const cachedClientId = decodeAccessTokenClientId(cached.accessToken);
|
|
315
|
+
// Compare against the client we'd actually mint with (creds-file
|
|
316
|
+
// clientId wins over config).
|
|
317
|
+
const expectedClientId = loadMachineCreds()?.clientId ?? config.clientId;
|
|
318
|
+
if (cachedClientId === null || cachedClientId === expectedClientId) {
|
|
319
|
+
return cached;
|
|
320
|
+
}
|
|
321
|
+
}
|
|
322
|
+
return mintMachineTokens(config);
|
|
323
|
+
}
|
|
324
|
+
|
|
150
325
|
// ---------------------------------------------------------------------------
|
|
151
326
|
// PKCE
|
|
152
327
|
// ---------------------------------------------------------------------------
|
|
@@ -402,6 +577,14 @@ export async function getValidAccessToken(
|
|
|
402
577
|
options: { interactive?: boolean } = {},
|
|
403
578
|
): Promise<string> {
|
|
404
579
|
const interactive = options.interactive ?? true;
|
|
580
|
+
|
|
581
|
+
// Machine identities (company agents) never refresh or open a browser —
|
|
582
|
+
// they re-mint via USER_PASSWORD_AUTH on demand.
|
|
583
|
+
if (isMachineIdentity()) {
|
|
584
|
+
const machine = await getValidMachineTokens(config);
|
|
585
|
+
return machine.accessToken;
|
|
586
|
+
}
|
|
587
|
+
|
|
405
588
|
let cached = loadCachedTokens();
|
|
406
589
|
|
|
407
590
|
// Stale-pool detection: if the cached access token was issued by a
|
package/src/index.ts
CHANGED
|
@@ -118,8 +118,17 @@ export {
|
|
|
118
118
|
isExpiring,
|
|
119
119
|
getValidAccessToken,
|
|
120
120
|
CognitoAuthError,
|
|
121
|
+
machineCredsFilePath,
|
|
122
|
+
loadMachineCreds,
|
|
123
|
+
isMachineIdentity,
|
|
124
|
+
mintMachineTokens,
|
|
125
|
+
getValidMachineTokens,
|
|
126
|
+
} from "./cognito-auth.js";
|
|
127
|
+
export type {
|
|
128
|
+
CognitoAuthConfig,
|
|
129
|
+
CognitoTokens,
|
|
130
|
+
MachineCreds,
|
|
121
131
|
} from "./cognito-auth.js";
|
|
122
|
-
export type { CognitoAuthConfig, CognitoTokens } from "./cognito-auth.js";
|
|
123
132
|
|
|
124
133
|
// Per-company PULL scope resolver (US-005) — shared between hq-sync-runner and
|
|
125
134
|
// `hq sync pull|now` (hq-cli). Exported so hq-cli's foreground pull paths resolve
|
|
@@ -0,0 +1,314 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Unit tests for the machine-identity auth mode in cognito-auth.ts.
|
|
3
|
+
*
|
|
4
|
+
* Machine identities (company agents) carry long-lived Cognito creds at
|
|
5
|
+
* ~/.hq-agent/machine-creds.json (HQ_MACHINE_CREDS_FILE override) and mint
|
|
6
|
+
* sessions via USER_PASSWORD_AUTH on demand — no browser, no refresh token.
|
|
7
|
+
* The contract under test:
|
|
8
|
+
* - detection: creds file present + well-formed → machine mode
|
|
9
|
+
* - minting: BOTH tokens cached with correct field semantics
|
|
10
|
+
* - re-mint on expiry; cache hit when valid
|
|
11
|
+
* - getValidAccessToken short-circuits into machine mode (never browser)
|
|
12
|
+
*/
|
|
13
|
+
|
|
14
|
+
import * as fs from "fs";
|
|
15
|
+
import * as os from "os";
|
|
16
|
+
import * as path from "path";
|
|
17
|
+
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
|
|
18
|
+
|
|
19
|
+
let originalHome: string | undefined;
|
|
20
|
+
let originalCredsEnv: string | undefined;
|
|
21
|
+
let tmpHome: string;
|
|
22
|
+
|
|
23
|
+
beforeEach(() => {
|
|
24
|
+
originalHome = process.env.HOME;
|
|
25
|
+
originalCredsEnv = process.env.HQ_MACHINE_CREDS_FILE;
|
|
26
|
+
tmpHome = fs.mkdtempSync(path.join(os.tmpdir(), "hq-machine-auth-test-"));
|
|
27
|
+
process.env.HOME = tmpHome;
|
|
28
|
+
delete process.env.HQ_MACHINE_CREDS_FILE;
|
|
29
|
+
vi.resetModules();
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
afterEach(() => {
|
|
33
|
+
if (originalHome === undefined) delete process.env.HOME;
|
|
34
|
+
else process.env.HOME = originalHome;
|
|
35
|
+
if (originalCredsEnv === undefined) delete process.env.HQ_MACHINE_CREDS_FILE;
|
|
36
|
+
else process.env.HQ_MACHINE_CREDS_FILE = originalCredsEnv;
|
|
37
|
+
fs.rmSync(tmpHome, { recursive: true, force: true });
|
|
38
|
+
vi.unstubAllGlobals();
|
|
39
|
+
vi.restoreAllMocks();
|
|
40
|
+
});
|
|
41
|
+
|
|
42
|
+
async function importModule() {
|
|
43
|
+
return await import("./cognito-auth.js");
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
const CONFIG = {
|
|
47
|
+
region: "us-east-1",
|
|
48
|
+
userPoolDomain: "vault-indigo-hq-prod",
|
|
49
|
+
clientId: "test-client-id",
|
|
50
|
+
};
|
|
51
|
+
|
|
52
|
+
function writeCreds(
|
|
53
|
+
creds: unknown = { username: "machine-agt_01TEST", secret: "s3cret" },
|
|
54
|
+
): string {
|
|
55
|
+
const dir = path.join(tmpHome, ".hq-agent");
|
|
56
|
+
fs.mkdirSync(dir, { recursive: true });
|
|
57
|
+
const file = path.join(dir, "machine-creds.json");
|
|
58
|
+
fs.writeFileSync(file, JSON.stringify(creds));
|
|
59
|
+
return file;
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
/** Build a fake JWT whose payload decodes to the given claims. */
|
|
63
|
+
function fakeJwt(claims: Record<string, unknown>): string {
|
|
64
|
+
const enc = (o: unknown) =>
|
|
65
|
+
Buffer.from(JSON.stringify(o)).toString("base64url");
|
|
66
|
+
return `${enc({ alg: "RS256", kid: "k" })}.${enc(claims)}.sig`;
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
function stubMintFetch(
|
|
70
|
+
overrides: Partial<{
|
|
71
|
+
AccessToken: string;
|
|
72
|
+
IdToken: string;
|
|
73
|
+
RefreshToken: string;
|
|
74
|
+
ExpiresIn: number;
|
|
75
|
+
}> = {},
|
|
76
|
+
) {
|
|
77
|
+
const calls: Array<{ url: string; init: RequestInit }> = [];
|
|
78
|
+
const fetchMock = vi.fn(async (url: string | URL, init?: RequestInit) => {
|
|
79
|
+
calls.push({ url: String(url), init: init ?? {} });
|
|
80
|
+
return new Response(
|
|
81
|
+
JSON.stringify({
|
|
82
|
+
AuthenticationResult: {
|
|
83
|
+
AccessToken:
|
|
84
|
+
overrides.AccessToken ??
|
|
85
|
+
fakeJwt({ token_use: "access", client_id: CONFIG.clientId }),
|
|
86
|
+
IdToken: overrides.IdToken ?? fakeJwt({ token_use: "id" }),
|
|
87
|
+
RefreshToken: overrides.RefreshToken,
|
|
88
|
+
ExpiresIn: overrides.ExpiresIn ?? 3600,
|
|
89
|
+
},
|
|
90
|
+
}),
|
|
91
|
+
{ status: 200 },
|
|
92
|
+
);
|
|
93
|
+
});
|
|
94
|
+
vi.stubGlobal("fetch", fetchMock);
|
|
95
|
+
return { fetchMock, calls };
|
|
96
|
+
}
|
|
97
|
+
|
|
98
|
+
// ---------------------------------------------------------------------------
|
|
99
|
+
// Detection
|
|
100
|
+
// ---------------------------------------------------------------------------
|
|
101
|
+
|
|
102
|
+
describe("machine identity detection", () => {
|
|
103
|
+
it("is off when no creds file exists", async () => {
|
|
104
|
+
const { isMachineIdentity, loadMachineCreds } = await importModule();
|
|
105
|
+
expect(loadMachineCreds()).toBeNull();
|
|
106
|
+
expect(isMachineIdentity()).toBe(false);
|
|
107
|
+
});
|
|
108
|
+
|
|
109
|
+
it("detects creds at the default ~/.hq-agent path", async () => {
|
|
110
|
+
writeCreds();
|
|
111
|
+
const { isMachineIdentity, loadMachineCreds } = await importModule();
|
|
112
|
+
expect(loadMachineCreds()).toEqual({
|
|
113
|
+
username: "machine-agt_01TEST",
|
|
114
|
+
secret: "s3cret",
|
|
115
|
+
clientId: undefined,
|
|
116
|
+
region: undefined,
|
|
117
|
+
});
|
|
118
|
+
expect(isMachineIdentity()).toBe(true);
|
|
119
|
+
});
|
|
120
|
+
|
|
121
|
+
it("detects provisioned-shape creds (agt-<ulid>@agents domain + clientId/region)", async () => {
|
|
122
|
+
writeCreds({
|
|
123
|
+
username: "agt-01ktt1rjj6kqrhnhhst0k4vrgt@agents.getindigo.ai",
|
|
124
|
+
secret: "s3cret",
|
|
125
|
+
clientId: "agent-client-1",
|
|
126
|
+
region: "us-east-1",
|
|
127
|
+
userPoolId: "us-east-1_pool",
|
|
128
|
+
});
|
|
129
|
+
const { isMachineIdentity, loadMachineCreds } = await importModule();
|
|
130
|
+
expect(loadMachineCreds()).toEqual({
|
|
131
|
+
username: "agt-01ktt1rjj6kqrhnhhst0k4vrgt@agents.getindigo.ai",
|
|
132
|
+
secret: "s3cret",
|
|
133
|
+
clientId: "agent-client-1",
|
|
134
|
+
region: "us-east-1",
|
|
135
|
+
});
|
|
136
|
+
expect(isMachineIdentity()).toBe(true);
|
|
137
|
+
});
|
|
138
|
+
|
|
139
|
+
it("honors HQ_MACHINE_CREDS_FILE override", async () => {
|
|
140
|
+
const custom = path.join(tmpHome, "elsewhere.json");
|
|
141
|
+
fs.writeFileSync(
|
|
142
|
+
custom,
|
|
143
|
+
JSON.stringify({ username: "machine-agt_X", secret: "y" }),
|
|
144
|
+
);
|
|
145
|
+
process.env.HQ_MACHINE_CREDS_FILE = custom;
|
|
146
|
+
const { loadMachineCreds, machineCredsFilePath } = await importModule();
|
|
147
|
+
expect(machineCredsFilePath()).toBe(custom);
|
|
148
|
+
expect(loadMachineCreds()?.username).toBe("machine-agt_X");
|
|
149
|
+
});
|
|
150
|
+
|
|
151
|
+
it("rejects malformed creds (missing secret, empty username, bad JSON)", async () => {
|
|
152
|
+
const { loadMachineCreds } = await importModule();
|
|
153
|
+
writeCreds({ username: "", secret: "x" });
|
|
154
|
+
expect(loadMachineCreds()).toBeNull();
|
|
155
|
+
writeCreds({ username: "machine-agt_01TEST" });
|
|
156
|
+
expect(loadMachineCreds()).toBeNull();
|
|
157
|
+
fs.writeFileSync(path.join(tmpHome, ".hq-agent", "machine-creds.json"), "{nope");
|
|
158
|
+
expect(loadMachineCreds()).toBeNull();
|
|
159
|
+
});
|
|
160
|
+
});
|
|
161
|
+
|
|
162
|
+
// ---------------------------------------------------------------------------
|
|
163
|
+
// Minting
|
|
164
|
+
// ---------------------------------------------------------------------------
|
|
165
|
+
|
|
166
|
+
describe("mintMachineTokens", () => {
|
|
167
|
+
it("prefers the creds file's clientId/region over config (agent app client has USER_PASSWORD_AUTH)", async () => {
|
|
168
|
+
writeCreds({
|
|
169
|
+
username: "agt-01ktt1rjj6kqrhnhhst0k4vrgt@agents.getindigo.ai",
|
|
170
|
+
secret: "s3cret",
|
|
171
|
+
clientId: "agent-client-1",
|
|
172
|
+
region: "eu-west-1",
|
|
173
|
+
});
|
|
174
|
+
const { calls } = stubMintFetch();
|
|
175
|
+
const { mintMachineTokens } = await importModule();
|
|
176
|
+
await mintMachineTokens(CONFIG);
|
|
177
|
+
expect(calls[0].url).toBe("https://cognito-idp.eu-west-1.amazonaws.com/");
|
|
178
|
+
const body = JSON.parse(String(calls[0].init.body));
|
|
179
|
+
expect(body.ClientId).toBe("agent-client-1");
|
|
180
|
+
});
|
|
181
|
+
|
|
182
|
+
it("mints via USER_PASSWORD_AUTH and caches both tokens with correct fields", async () => {
|
|
183
|
+
writeCreds();
|
|
184
|
+
const { calls } = stubMintFetch({ RefreshToken: "rt" });
|
|
185
|
+
const { mintMachineTokens, loadCachedTokens } = await importModule();
|
|
186
|
+
|
|
187
|
+
const tokens = await mintMachineTokens(CONFIG);
|
|
188
|
+
|
|
189
|
+
// Request shape: Cognito IDP InitiateAuth with the machine creds.
|
|
190
|
+
expect(calls).toHaveLength(1);
|
|
191
|
+
expect(calls[0].url).toBe("https://cognito-idp.us-east-1.amazonaws.com/");
|
|
192
|
+
const body = JSON.parse(String(calls[0].init.body));
|
|
193
|
+
expect(body).toMatchObject({
|
|
194
|
+
AuthFlow: "USER_PASSWORD_AUTH",
|
|
195
|
+
ClientId: CONFIG.clientId,
|
|
196
|
+
AuthParameters: { USERNAME: "machine-agt_01TEST", PASSWORD: "s3cret" },
|
|
197
|
+
});
|
|
198
|
+
|
|
199
|
+
// Field semantics: access token in accessToken, id token in idToken.
|
|
200
|
+
const accessClaims = JSON.parse(
|
|
201
|
+
Buffer.from(tokens.accessToken.split(".")[1], "base64url").toString(),
|
|
202
|
+
);
|
|
203
|
+
const idClaims = JSON.parse(
|
|
204
|
+
Buffer.from(tokens.idToken.split(".")[1], "base64url").toString(),
|
|
205
|
+
);
|
|
206
|
+
expect(accessClaims.token_use).toBe("access");
|
|
207
|
+
expect(idClaims.token_use).toBe("id");
|
|
208
|
+
expect(tokens.refreshToken).toBe("rt");
|
|
209
|
+
expect(typeof tokens.expiresAt).toBe("number");
|
|
210
|
+
|
|
211
|
+
// Persisted to the shared cache file.
|
|
212
|
+
expect(loadCachedTokens()).toEqual(tokens);
|
|
213
|
+
});
|
|
214
|
+
|
|
215
|
+
it("throws CognitoAuthError on auth failure", async () => {
|
|
216
|
+
writeCreds();
|
|
217
|
+
vi.stubGlobal(
|
|
218
|
+
"fetch",
|
|
219
|
+
vi.fn(async () =>
|
|
220
|
+
new Response(
|
|
221
|
+
JSON.stringify({ __type: "NotAuthorizedException", message: "nope" }),
|
|
222
|
+
{ status: 400 },
|
|
223
|
+
),
|
|
224
|
+
),
|
|
225
|
+
);
|
|
226
|
+
const { mintMachineTokens, CognitoAuthError } = await importModule();
|
|
227
|
+
await expect(mintMachineTokens(CONFIG)).rejects.toBeInstanceOf(
|
|
228
|
+
CognitoAuthError,
|
|
229
|
+
);
|
|
230
|
+
});
|
|
231
|
+
|
|
232
|
+
it("throws when no creds are present", async () => {
|
|
233
|
+
const { mintMachineTokens, CognitoAuthError } = await importModule();
|
|
234
|
+
await expect(mintMachineTokens(CONFIG)).rejects.toBeInstanceOf(
|
|
235
|
+
CognitoAuthError,
|
|
236
|
+
);
|
|
237
|
+
});
|
|
238
|
+
});
|
|
239
|
+
|
|
240
|
+
// ---------------------------------------------------------------------------
|
|
241
|
+
// getValidMachineTokens — cache vs re-mint
|
|
242
|
+
// ---------------------------------------------------------------------------
|
|
243
|
+
|
|
244
|
+
describe("getValidMachineTokens", () => {
|
|
245
|
+
it("returns the cache when valid without touching the network", async () => {
|
|
246
|
+
writeCreds();
|
|
247
|
+
const { fetchMock } = stubMintFetch();
|
|
248
|
+
const { saveCachedTokens, getValidMachineTokens } = await importModule();
|
|
249
|
+
const cached = {
|
|
250
|
+
accessToken: fakeJwt({ token_use: "access", client_id: CONFIG.clientId }),
|
|
251
|
+
idToken: fakeJwt({ token_use: "id" }),
|
|
252
|
+
refreshToken: "",
|
|
253
|
+
expiresAt: Date.now() + 30 * 60 * 1000,
|
|
254
|
+
tokenType: "Bearer" as const,
|
|
255
|
+
};
|
|
256
|
+
saveCachedTokens(cached);
|
|
257
|
+
|
|
258
|
+
const tokens = await getValidMachineTokens(CONFIG);
|
|
259
|
+
expect(tokens).toEqual(cached);
|
|
260
|
+
expect(fetchMock).not.toHaveBeenCalled();
|
|
261
|
+
});
|
|
262
|
+
|
|
263
|
+
it("re-mints when the cache is expiring", async () => {
|
|
264
|
+
writeCreds();
|
|
265
|
+
const { fetchMock } = stubMintFetch();
|
|
266
|
+
const { saveCachedTokens, getValidMachineTokens } = await importModule();
|
|
267
|
+
saveCachedTokens({
|
|
268
|
+
accessToken: fakeJwt({ token_use: "access", client_id: CONFIG.clientId }),
|
|
269
|
+
idToken: fakeJwt({ token_use: "id" }),
|
|
270
|
+
refreshToken: "",
|
|
271
|
+
expiresAt: Date.now() + 10 * 1000,
|
|
272
|
+
tokenType: "Bearer",
|
|
273
|
+
});
|
|
274
|
+
|
|
275
|
+
await getValidMachineTokens(CONFIG);
|
|
276
|
+
expect(fetchMock).toHaveBeenCalledTimes(1);
|
|
277
|
+
});
|
|
278
|
+
|
|
279
|
+
it("re-mints when the cached token targets a different app client", async () => {
|
|
280
|
+
writeCreds();
|
|
281
|
+
const { fetchMock } = stubMintFetch();
|
|
282
|
+
const { saveCachedTokens, getValidMachineTokens } = await importModule();
|
|
283
|
+
saveCachedTokens({
|
|
284
|
+
accessToken: fakeJwt({ token_use: "access", client_id: "other-client" }),
|
|
285
|
+
idToken: fakeJwt({ token_use: "id" }),
|
|
286
|
+
refreshToken: "",
|
|
287
|
+
expiresAt: Date.now() + 30 * 60 * 1000,
|
|
288
|
+
tokenType: "Bearer",
|
|
289
|
+
});
|
|
290
|
+
|
|
291
|
+
await getValidMachineTokens(CONFIG);
|
|
292
|
+
expect(fetchMock).toHaveBeenCalledTimes(1);
|
|
293
|
+
});
|
|
294
|
+
});
|
|
295
|
+
|
|
296
|
+
// ---------------------------------------------------------------------------
|
|
297
|
+
// getValidAccessToken — machine-mode short circuit
|
|
298
|
+
// ---------------------------------------------------------------------------
|
|
299
|
+
|
|
300
|
+
describe("getValidAccessToken in machine mode", () => {
|
|
301
|
+
it("mints via machine creds instead of refreshing or opening a browser", async () => {
|
|
302
|
+
writeCreds();
|
|
303
|
+
const { calls } = stubMintFetch();
|
|
304
|
+
const { getValidAccessToken } = await importModule();
|
|
305
|
+
|
|
306
|
+
const token = await getValidAccessToken(CONFIG, { interactive: false });
|
|
307
|
+
|
|
308
|
+
expect(calls).toHaveLength(1);
|
|
309
|
+
const claims = JSON.parse(
|
|
310
|
+
Buffer.from(token.split(".")[1], "base64url").toString(),
|
|
311
|
+
);
|
|
312
|
+
expect(claims.token_use).toBe("access");
|
|
313
|
+
});
|
|
314
|
+
});
|