@kibibit/configit 1.0.0-beta.26 → 1.0.0-beta.27

package/lib/src/vault/vault-integration.js

@@ -0,0 +1,211 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VaultIntegration = void 0;
+const decorators_1 = require("./decorators");
+const secret_refresh_manager_1 = require("./secret-refresh-manager");
+const vault_cache_1 = require("./vault-cache");
+const vault_provider_1 = require("./vault-provider");
+class VaultIntegration {
+    constructor(config) {
+        this.initialized = false;
+        this.errors = [];
+        this.config = config;
+        this.provider = new vault_provider_1.VaultProvider(config);
+        this.cache = new vault_cache_1.VaultCache();
+        const refreshBuffer = config.refreshBuffer || 300;
+        this.refreshManager = new secret_refresh_manager_1.SecretRefreshManager(this.provider, this.cache, refreshBuffer);
+    }
+    async initialize() {
+        if (this.initialized) {
+            return;
+        }
+        try {
+            await this.provider.initialize();
+            this.initialized = true;
+        }
+        catch (error) {
+            const errorMessage = (error === null || error === void 0 ? void 0 : error.message) || 'Unknown error';
+            this.recordError('', this.sanitizeError(errorMessage), false);
+            throw error;
+        }
+    }
+    async loadSecrets(configOrClass) {
+        var _a;
+        if (!this.initialized) {
+            throw new Error('VaultIntegration not initialized. Call initialize() first.');
+        }
+        const isClass = typeof configOrClass === 'function';
+        const targetClass = isClass ? configOrClass : configOrClass.constructor;
+        const targetInstance = isClass ? null : configOrClass;
+        const vaultMetadata = (0, decorators_1.getAllVaultMetadata)(targetClass);
+        if (Object.keys(vaultMetadata).length === 0) {
+            return;
+        }
+        const pathGroups = this.groupByFullPath(vaultMetadata);
+        for (const [fullPath, properties] of pathGroups.entries()) {
+            try {
+                const secret = await this.provider.read(fullPath);
+                for (const property of properties) {
+                    const propertyWithDefaults = Object.assign(Object.assign({}, property), { refreshBuffer: (_a = property.refreshBuffer) !== null && _a !== void 0 ? _a : this.config.refreshBuffer });
+                    this.cache.set(property.propertyName, fullPath, secret, propertyWithDefaults);
+                    if (targetInstance) {
+                        const key = property.key || property.propertyName;
+                        const value = secret.data[key];
+                        targetInstance[property.propertyName] = value;
+                    }
+                    if (secret.leaseDuration > 0) {
+                        this.refreshManager.scheduleRefresh(property.propertyName, propertyWithDefaults, targetInstance);
+                    }
+                }
+            }
+            catch (error) {
+                const errorMessage = (error === null || error === void 0 ? void 0 : error.message) || 'Unknown error';
+                const sanitizedError = this.sanitizeError(errorMessage);
+                this.recordError(fullPath, sanitizedError, this.isRetryableError(error));
+                const fallback = this.config.fallback;
+                if ((fallback === null || fallback === void 0 ? void 0 : fallback.required) !== false) {
+                    throw new Error(`Failed to load required secret from ${this.sanitizePath(fullPath)}: ${sanitizedError}`);
+                }
+                console.warn(`Failed to load optional secret from ${this.sanitizePath(fullPath)}: ${sanitizedError}`);
+            }
+        }
+    }
+    getSecret(propertyName) {
+        return this.cache.get(propertyName);
+    }
+    isInitialized() {
+        return this.initialized;
+    }
+    getHealth() {
+        const refreshStatus = this.refreshManager.getRefreshStatus();
+        const lastRefreshTime = refreshStatus.length > 0 ?
+            Math.max(...refreshStatus.map((s) => s.lastRefresh)) :
+            0;
+        return {
+            connected: this.initialized && this.provider.isAuthenticated(),
+            authenticated: this.provider.isAuthenticated(),
+            cacheSize: this.cache.size(),
+            refreshQueueSize: refreshStatus.filter((s) => s.scheduled).length,
+            lastRefreshTime,
+            errors: this.errors.slice(-10)
+        };
+    }
+    getHealthDetails() {
+        const refreshStatus = this.refreshManager.getRefreshStatus();
+        return {
+            connected: this.initialized && this.provider.isAuthenticated(),
+            authenticated: this.provider.isAuthenticated(),
+            cacheSize: this.cache.size(),
+            refreshQueueSize: refreshStatus.filter((s) => s.scheduled).length,
+            lastRefreshTime: refreshStatus.length > 0 ?
+                Math.max(...refreshStatus.map((s) => s.lastRefresh)) :
+                0,
+            errors: this.errors.slice(-10),
+            refreshStatus
+        };
+    }
+    invalidateCache(vaultPath) {
+        this.cache.invalidate(vaultPath);
+        const properties = this.cache.getPropertiesForPath(vaultPath);
+        for (const propertyName of properties) {
+            this.refreshManager.cancelRefresh(propertyName);
+        }
+    }
+    invalidateProperty(propertyName) {
+        this.cache.invalidateProperty(propertyName);
+        this.refreshManager.cancelRefresh(propertyName);
+    }
+    shutdown() {
+        this.refreshManager.shutdown();
+        this.cache.clear();
+        this.initialized = false;
+    }
+    groupByPath(metadata) {
+        const groups = new Map();
+        for (const property of Object.values(metadata)) {
+            const path = property.path;
+            if (!groups.has(path)) {
+                groups.set(path, []);
+            }
+            groups.get(path).push(property);
+        }
+        return groups;
+    }
+    groupByFullPath(metadata) {
+        const groups = new Map();
+        for (const property of Object.values(metadata)) {
+            const fullPath = this.constructFullPath(property.path, property.engine);
+            if (!groups.has(fullPath)) {
+                groups.set(fullPath, []);
+            }
+            groups.get(fullPath).push(property);
+        }
+        return groups;
+    }
+    constructFullPath(path, engine) {
+        switch (engine) {
+            case 'kv1':
+            case 'kv-v1':
+                return `secret/${path}`;
+            case 'kv2':
+            case 'kv-v2':
+                return `secret/data/${path}`;
+            case 'database':
+                return path.startsWith('database/') ? path : `database/${path}`;
+            default:
+                return path;
+        }
+    }
+    recordError(path, error, retryable) {
+        this.errors.push({
+            timestamp: Date.now(),
+            path: this.sanitizePath(path),
+            error,
+            retryable
+        });
+        if (this.errors.length > 100) {
+            this.errors.shift();
+        }
+    }
+    isRetryableError(error) {
+        var _a;
+        const errorMessage = (error === null || error === void 0 ? void 0 : error.message) || '';
+        const errorCode = (error === null || error === void 0 ? void 0 : error.code) || '';
+        const statusCode = (error === null || error === void 0 ? void 0 : error.statusCode) || ((_a = error === null || error === void 0 ? void 0 : error.response) === null || _a === void 0 ? void 0 : _a.statusCode);
+        const retryablePatterns = ['ECONNREFUSED', 'ETIMEDOUT', 'ENOTFOUND', '5xx'];
+        for (const pattern of retryablePatterns) {
+            if (pattern.includes('xx') && statusCode) {
+                const codePrefix = parseInt(pattern[0]);
+                const statusPrefix = Math.floor(statusCode / 100);
+                if (statusPrefix === codePrefix) {
+                    return true;
+                }
+            }
+            else if (errorMessage.includes(pattern) || errorCode.includes(pattern)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    sanitizeError(message) {
+        const sensitivePatterns = [/password/i, /secret/i, /key/i, /token/i, /credential/i];
+        let sanitized = message;
+        sensitivePatterns.forEach((pattern) => {
+            sanitized = sanitized.replace(new RegExp(`${pattern.source}[:=]\\s*[^\\s,}]+`, 'gi'), `${pattern.source}: ***`);
+        });
+        return sanitized;
+    }
+    sanitizePath(path) {
+        const segments = path.split('/');
+        if (segments.length > 0) {
+            const lastSegment = segments[segments.length - 1];
+            const sensitivePatterns = [/password/i, /secret/i, /key/i, /token/i, /credential/i];
+            if (sensitivePatterns.some((pattern) => pattern.test(lastSegment))) {
+                segments[segments.length - 1] = '***';
+            }
+        }
+        return segments.join('/');
+    }
+}
+exports.VaultIntegration = VaultIntegration;
+//# sourceMappingURL=vault-integration.js.map

package/lib/src/vault/vault-integration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault-integration.js","sourceRoot":"","sources":["../../../src/vault/vault-integration.ts"],"names":[],"mappings":";;;AAKA,6CAAmD;AACnD,qEAAgE;AAOhE,+CAA2C;AAC3C,qDAAiD;AAKjD,MAAa,gBAAgB;IAQ3B,YAAY,MAA2B;QAJ/B,gBAAW,GAAG,KAAK,CAAC;QAEpB,WAAM,GAAkF,EAAE,CAAC;QAGjG,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,IAAI,8BAAa,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,wBAAU,EAAE,CAAC;QAC9B,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,GAAG,CAAC;QAClD,IAAI,CAAC,cAAc,GAAG,IAAI,6CAAoB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;IAC3F,CAAC;IAMD,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW,EAAE;YACpB,OAAO;SACR;QAED,IAAI;YACF,MAAM,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;YACjC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;SACzB;QAAC,OAAO,KAAU,EAAE;YACnB,MAAM,YAAY,GAAG,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,KAAI,eAAe,CAAC;YACvD,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC;YAC9D,MAAM,KAAK,CAAC;SACb;IACH,CAAC;IAMD,KAAK,CAAC,WAAW,CAAmB,aAAgC;;QAClE,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE;YACrB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;SAC/E;QAGD,MAAM,OAAO,GAAG,OAAO,aAAa,KAAK,UAAU,CAAC;QACpD,MAAM,WAAW,GAAG,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAE,aAAa,CAAC,WAA2B,CAAC;QACzF,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,aAAa,CAAC;QAGtD,MAAM,aAAa,GAAG,IAAA,gCAAmB,EAAC,WAAW,CAAC,CAAC;QAEvD,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;YAC3C,OAAO;SACR;QAGD,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QAGvD,KAAK,MAAM,CAAE,QAAQ,EAAE,UAAU,CAAE,IAAI,UAAU,CAAC,OAAO,EAAE,EAAE;YAC3D,IAAI;gBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAGlD,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE;oBAEjC,MAAM,oBAAoB,mCACrB,QAAQ,KAEX,aAAa,EAAE,MAAA,QAAQ,CAAC,aAAa,mCAAI,IAAI,CAAC,MAAM,CAAC,aAAa,GACnE,CAAC;oBAEF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,oBAAoB,CAAC,CAAC;oBAG9E,IAAI,cAAc,EAAE;wBAClB,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,IAAI,QAAQ,CAAC,YAAY,CAAC;wBAClD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;wBAC9B,cAAsB,CAAC,QAAQ,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC;qBACxD;oBAGD,IAAI,MAAM,CAAC,aAAa,GAAG,CAAC,EAAE;wBAC5B,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,QAAQ,CAAC,YAAY,EAAE,oBAAoB,EAAE,cAAc,CAAC,CAAC;qBAClG;iBACF;aACF;YAAC,OAAO,KAAU,EAAE;gBACnB,MAAM,YAAY,GAAG,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,KAAI,eAAe,CAAC;gBACvD,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACxD,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,cAAc,EAAE,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC;gBAGzE,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACtC,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,QAAQ,MAAK,KAAK,EAAE;oBAEhC,MAAM,IAAI,KAAK,CAAC,uCAAwC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAE,KAAM,cAAe,EAAE,CAAC,CAAC;iBAC9G;gBAGD,OAAO,CAAC,IAAI,CAAC,uCAAwC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAE,KAAM,cAAe,EAAE,CAAC,CAAC;aAC3G;SACF;IACH,CAAC;IAMD,SAAS,CAAC,YAAoB;QAC5B,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACtC,CAAC;IAKD,aAAa;QACX,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAKD,SAAS;QACP,MAAM,aAAa,GAAG,IAAI,CAAC,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAC7D,MAAM,eAAe,GAAG,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAChD,IAAI,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;YACtD,CAAC,CAAC;QAEJ,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE;YAC9D,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE;YAC9C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;YAC5B,gBAAgB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM;YACjE,eAAe;YACf,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;SAC/B,CAAC;IACJ,CAAC;IAKD,gBAAgB;QACd,MAAM,aAAa,GAAG,IAAI,CAAC,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAE7D,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE;YAC9D,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE;YAC9C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;YAC5B,gBAAgB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM;YACjE,eAAe,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACzC,IAAI,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;gBACtD,CAAC;YACH,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC9B,aAAa;SACd,CAAC;IACJ,CAAC;IAKD,eAAe,CAAC,SAAiB;QAC/B,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAEjC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAC9D,KAAK,MAAM,YAAY,IAAI,UAAU,EAAE;YACrC,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;SACjD;IACH,CAAC;IAKD,kBAAkB,CAAC,YAAoB;QACrC,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;QAC5C,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;IAClD,CAAC;IAKD,QAAQ;QACN,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;IAKO,WAAW,CAAC,QAA+C;QACjE,MAAM,MAAM,GAAG,IAAI,GAAG,EAAmC,CAAC;QAE1D,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;YAC9C,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;YAC3B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;gBACrB,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;aACtB;YACD,MAAM,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;SAClC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAKO,eAAe,CAAC,QAA+C;QACrE,MAAM,MAAM,GAAG,IAAI,GAAG,EAAmC,CAAC;QAE1D,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;YAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;YACxE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE;gBACzB,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;aAC1B;YACD,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;SACtC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAKO,iBAAiB,CAAC,IAAY,EAAE,MAAc;QACpD,QAAQ,MAAM,EAAE;YACd,KAAK,KAAK,CAAC;YACX,KAAK,OAAO;gBACV,OAAO,UAAW,IAAK,EAAE,CAAC;YAC5B,KAAK,KAAK,CAAC;YACX,KAAK,OAAO;gBACV,OAAO,eAAgB,IAAK,EAAE,CAAC;YACjC,KAAK,UAAU;gBACb,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,YAAa,IAAK,EAAE,CAAC;YACpE;gBACE,OAAO,IAAI,CAAC;SACf;IACH,CAAC;IAKO,WAAW,CAAC,IAAY,EAAE,KAAa,EAAE,SAAkB;QACjE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;YAC7B,KAAK;YACL,SAAS;SACV,CAAC,CAAC;QAGH,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,GAAG,EAAE;YAC5B,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;SACrB;IACH,CAAC;IAKO,gBAAgB,CAAC,KAAU;;QACjC,MAAM,YAAY,GAAG,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,KAAI,EAAE,CAAC;QAC1C,MAAM,SAAS,GAAG,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,KAAI,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,UAAU,MAAI,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,0CAAE,UAAU,CAAA,CAAC;QAEpE,MAAM,iBAAiB,GAAG,CAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,KAAK,CAAE,CAAC;QAE9E,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE;YACvC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,UAAU,EAAE;gBACxC,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC;gBAClD,IAAI,YAAY,KAAK,UAAU,EAAE;oBAC/B,OAAO,IAAI,CAAC;iBACb;aACF;iBAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE;gBACxE,OAAO,IAAI,CAAC;aACb;SACF;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAKO,aAAa,CAAC,OAAe;QACnC,MAAM,iBAAiB,GAAG,CAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAE,CAAC;QACtF,IAAI,SAAS,GAAG,OAAO,CAAC;QAExB,iBAAiB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YACpC,SAAS,GAAG,SAAS,CAAC,OAAO,CAC3B,IAAI,MAAM,CAAC,GAAI,OAAO,CAAC,MAAO,mBAAmB,EAAE,IAAI,CAAC,EACxD,GAAI,OAAO,CAAC,MAAO,OAAO,CAC3B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,OAAO,SAAS,CAAC;IACnB,CAAC;IAKO,YAAY,CAAC,IAAY;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;YACvB,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAClD,MAAM,iBAAiB,GAAG,CAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAE,CAAC;YACtF,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE;gBAClE,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC;aACvC;SACF;QACD,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;CACF;AAxTD,4CAwTC"}

package/lib/src/vault/vault-provider.d.ts

@@ -0,0 +1,37 @@
+import { IVaultConfigOptions, IVaultSecret, VaultEngineType } from './types';
+export declare class VaultProvider {
+    private client;
+    private config;
+    private currentToken;
+    private tokenExpiry;
+    private retryPolicy;
+    private isConnected;
+    constructor(config: IVaultConfigOptions);
+    initialize(): Promise<void>;
+    connect(): Promise<void>;
+    disconnect(): Promise<void>;
+    connected(): boolean;
+    isTokenExpired(): boolean;
+    ensureAuthenticated(): Promise<void>;
+    readSecret(path: string, engine?: VaultEngineType): Promise<IVaultSecret>;
+    private validateTLS;
+    private authenticate;
+    private normalizeAuthConfig;
+    private authenticateWithMethod;
+    private authenticateGCP;
+    private signJwtWithGoogleIAM;
+    private authenticateAWS;
+    private authenticateAppRole;
+    private authenticateToken;
+    read(path: string): Promise<IVaultSecret>;
+    renewLease(leaseId: string, increment?: number): Promise<void>;
+    private normalizeSecretResponse;
+    private executeWithRetry;
+    private isRetryableError;
+    private calculateBackoff;
+    private sleep;
+    private sanitizePath;
+    getToken(): string | null;
+    isAuthenticated(): boolean;
+}
+//# sourceMappingURL=vault-provider.d.ts.map

package/lib/src/vault/vault-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault-provider.d.ts","sourceRoot":"","sources":["../../../src/vault/vault-provider.ts"],"names":[],"mappings":"AAQA,OAAO,EAOL,mBAAmB,EACnB,YAAY,EAEZ,eAAe,EAChB,MAAM,SAAS,CAAC;AAKjB,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAM;IACpB,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,WAAW,CAAK;IACxB,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,mBAAmB;IAiBjC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAmC3B,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAOxB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IASjC,SAAS,IAAI,OAAO;IAOpB,cAAc,IAAI,OAAO;IAYnB,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC;IAYpC,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,GAAE,eAAuB,GAAG,OAAO,CAAC,YAAY,CAAC;IA2BtF,OAAO,CAAC,WAAW;YAoBL,YAAY;IA8B1B,OAAO,CAAC,mBAAmB;YA2Bb,sBAAsB;YAuBtB,eAAe;YAkEf,oBAAoB;IAiClC,OAAO,CAAC,eAAe;YAaT,mBAAmB;YA6BnB,iBAAiB;IAmBzB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAezC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAYpE,OAAO,CAAC,uBAAuB;YAgBjB,gBAAgB;IA+B9B,OAAO,CAAC,gBAAgB;IAyBxB,OAAO,CAAC,gBAAgB;IAwBxB,OAAO,CAAC,KAAK;IAOb,OAAO,CAAC,YAAY;IAiBpB,QAAQ,IAAI,MAAM,GAAG,IAAI;IAOzB,eAAe,IAAI,OAAO;CAG3B"}

package/lib/src/vault/vault-provider.js

@@ -0,0 +1,354 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VaultProvider = void 0;
+const google_auth_library_1 = require("google-auth-library");
+const node_vault_1 = __importDefault(require("node-vault"));
+class VaultProvider {
+    constructor(config) {
+        this.currentToken = null;
+        this.tokenExpiry = 0;
+        this.isConnected = false;
+        this.config = config;
+        this.retryPolicy = config.retry || {
+            maxAttempts: 3,
+            backoff: {
+                strategy: 'exponential',
+                initial: 1000,
+                max: 10000,
+                multiplier: 2
+            },
+            retryableErrors: ['ECONNREFUSED', 'ETIMEDOUT', 'ENOTFOUND', '5xx']
+        };
+    }
+    async initialize() {
+        this.validateTLS();
+        const vaultOptions = {
+            endpoint: this.config.endpoint,
+            apiVersion: 'v1'
+        };
+        if (this.config.tls) {
+            vaultOptions.requestOptions = Object.assign(Object.assign({}, vaultOptions.requestOptions), { rejectUnauthorized: this.config.tls.verifyCertificate !== false });
+            if (this.config.tls.caCert) {
+                vaultOptions.requestOptions = Object.assign(Object.assign({}, vaultOptions.requestOptions), { ca: this.config.tls.caCert });
+            }
+        }
+        this.client = (0, node_vault_1.default)(vaultOptions);
+        await this.authenticate();
+        this.isConnected = true;
+    }
+    async connect() {
+        await this.initialize();
+    }
+    async disconnect() {
+        this.currentToken = null;
+        this.tokenExpiry = 0;
+        this.isConnected = false;
+    }
+    connected() {
+        return this.isConnected && this.currentToken !== null;
+    }
+    isTokenExpired() {
+        if (this.tokenExpiry === 0) {
+            return false;
+        }
+        return Date.now() >= (this.tokenExpiry - 5000);
+    }
+    async ensureAuthenticated() {
+        if (!this.isConnected) {
+            throw new Error('Not connected to Vault');
+        }
+        if (this.isTokenExpired()) {
+            await this.authenticate();
+        }
+    }
+    async readSecret(path, engine = 'kv2') {
+        await this.ensureAuthenticated();
+        let fullPath;
+        switch (engine) {
+            case 'kv1':
+            case 'kv-v1':
+                fullPath = `secret/${path}`;
+                break;
+            case 'kv2':
+            case 'kv-v2':
+                fullPath = `secret/data/${path}`;
+                break;
+            case 'database':
+                fullPath = path.startsWith('database/') ? path : `database/${path}`;
+                break;
+            default:
+                fullPath = path;
+        }
+        return this.read(fullPath);
+    }
+    validateTLS() {
+        const tlsConfig = this.config.tls || { enabled: true, verifyCertificate: true };
+        const endpoint = this.config.endpoint.toLowerCase();
+        if (tlsConfig.enabled !== false) {
+            if (!endpoint.startsWith('https://') && !endpoint.startsWith('http://127.0.0.1') && !endpoint.startsWith('http://localhost')) {
+                throw new Error('TLS is required for Vault communication. Use HTTPS endpoint or set tls.enabled=false for local development only.');
+            }
+        }
+        if (endpoint.startsWith('http://')) {
+            console.warn('WARNING: Using HTTP for Vault connection. This should only be used for local development.');
+        }
+    }
+    async authenticate() {
+        const methods = this.normalizeAuthConfig();
+        if (methods.length === 0) {
+            throw new Error('No authentication methods configured');
+        }
+        const errors = [];
+        for (const method of methods) {
+            try {
+                await this.authenticateWithMethod(method);
+                return;
+            }
+            catch (error) {
+                errors.push(error);
+            }
+        }
+        const errorMessages = errors.map((e) => e.message).join('; ');
+        throw new Error(`All authentication methods failed: ${errorMessages}`);
+    }
+    normalizeAuthConfig() {
+        const auth = this.config.auth;
+        if (!auth) {
+            return [];
+        }
+        if ('methods' in auth && Array.isArray(auth.methods)) {
+            return auth.methods;
+        }
+        if ('method' in auth) {
+            const simpleAuth = auth;
+            return [{
+                    type: simpleAuth.method,
+                    config: auth
+                }];
+        }
+        return [];
+    }
+    async authenticateWithMethod(method) {
+        switch (method.type) {
+            case 'gcp':
+                await this.authenticateGCP(method.config);
+                break;
+            case 'aws':
+                await this.authenticateAWS(method.config);
+                break;
+            case 'approle':
+                await this.authenticateAppRole(method.config);
+                break;
+            case 'token':
+                await this.authenticateToken(method.config);
+                break;
+            default:
+                throw new Error(`Unsupported authentication method: ${method.type}`);
+        }
+    }
+    async authenticateGCP(config) {
+        var _a;
+        const { role, serviceAccountKeyFile, serviceAccountEmail } = config;
+        if (!role) {
+            throw new Error('GCP IAM authentication requires a role name');
+        }
+        try {
+            const auth = new google_auth_library_1.GoogleAuth({
+                keyFile: serviceAccountKeyFile,
+                scopes: ['https://www.googleapis.com/auth/cloud-platform']
+            });
+            const credentials = await auth.getCredentials();
+            const saEmail = serviceAccountEmail || credentials.client_email;
+            if (!saEmail) {
+                throw new Error('Could not determine service account email');
+            }
+            const now = Math.floor(Date.now() / 1000);
+            const expiry = config.jwtExpiration || 900;
+            const jwtClaims = {
+                aud: `vault/${role}`,
+                sub: saEmail,
+                iat: now,
+                exp: now + expiry
+            };
+            const signedJwt = await this.signJwtWithGoogleIAM(auth, saEmail, jwtClaims);
+            const response = await this.client.write('auth/gcp/login', {
+                role,
+                jwt: signedJwt
+            });
+            if (!((_a = response === null || response === void 0 ? void 0 : response.auth) === null || _a === void 0 ? void 0 : _a.client_token)) {
+                throw new Error('GCP IAM authentication failed: No token received');
+            }
+            this.currentToken = response.auth.client_token;
+            this.client.token = this.currentToken;
+            const tokenTTL = response.auth.lease_duration || 0;
+            if (tokenTTL > 0) {
+                this.tokenExpiry = Date.now() + (tokenTTL * 1000);
+            }
+        }
+        catch (error) {
+            const message = error.message || 'Unknown GCP auth error';
+            throw new Error(`GCP IAM authentication failed: ${message}`);
+        }
+    }
+    async signJwtWithGoogleIAM(auth, serviceAccountEmail, claims) {
+        const client = await auth.getClient();
+        const payload = JSON.stringify(claims);
+        const iamUrl = `https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${serviceAccountEmail}:signJwt`;
+        const response = await client.request({
+            url: iamUrl,
+            method: 'POST',
+            data: { payload }
+        });
+        const signedJwt = response.data.signedJwt;
+        if (!signedJwt) {
+            throw new Error('Failed to sign JWT with Google IAM');
+        }
+        return signedJwt;
+    }
+    authenticateAWS(_config) {
+        throw new Error('AWS IAM authentication not yet implemented. Use AppRole or Token for now.');
+    }
+    async authenticateAppRole(config) {
+        var _a;
+        if (!config.roleId || !config.secretId) {
+            throw new Error('AppRole authentication requires roleId and secretId');
+        }
+        const mountPath = config.mountPath || 'approle';
+        const response = await this.client.approleLogin({
+            role_id: config.roleId,
+            secret_id: config.secretId,
+            mount_point: mountPath
+        });
+        if (!((_a = response === null || response === void 0 ? void 0 : response.auth) === null || _a === void 0 ? void 0 : _a.client_token)) {
+            throw new Error('AppRole authentication failed: No token received');
+        }
+        this.currentToken = response.auth.client_token;
+        this.client.token = this.currentToken;
+        const tokenTTL = response.auth.lease_duration || 0;
+        if (tokenTTL > 0) {
+            this.tokenExpiry = Date.now() + (tokenTTL * 1000);
+        }
+    }
+    async authenticateToken(config) {
+        if (!config.token) {
+            throw new Error('Token authentication requires a token');
+        }
+        this.currentToken = config.token;
+        this.client.token = this.currentToken;
+        try {
+            await this.client.tokenLookupSelf();
+        }
+        catch (error) {
+            throw new Error(`Token authentication failed: Invalid token`);
+        }
+    }
+    async read(path) {
+        return this.executeWithRetry(async () => {
+            const response = await this.client.read(path);
+            if (!response) {
+                throw new Error(`Secret not found at path: ${this.sanitizePath(path)}`);
+            }
+            return this.normalizeSecretResponse(response);
+        });
+    }
+    async renewLease(leaseId, increment) {
+        return this.executeWithRetry(async () => {
+            await this.client.write('sys/leases/renew', {
+                lease_id: leaseId,
+                increment: increment
+            });
+        });
+    }
+    normalizeSecretResponse(response) {
+        var _a, _b;
+        const data = ((_a = response.data) === null || _a === void 0 ? void 0 : _a.data) || response.data || {};
+        return {
+            data,
+            leaseId: response.lease_id,
+            leaseDuration: response.lease_duration || 0,
+            renewable: response.renewable || false,
+            metadata: (_b = response.data) === null || _b === void 0 ? void 0 : _b.metadata
+        };
+    }
+    async executeWithRetry(operation) {
+        let lastError = null;
+        for (let attempt = 1; attempt <= this.retryPolicy.maxAttempts; attempt++) {
+            try {
+                return await operation();
+            }
+            catch (error) {
+                lastError = error;
+                if (!this.isRetryableError(error)) {
+                    throw error;
+                }
+                if (attempt === this.retryPolicy.maxAttempts) {
+                    break;
+                }
+                const delay = this.calculateBackoff(attempt);
+                await this.sleep(delay);
+            }
+        }
+        throw lastError || new Error('Operation failed after retries');
+    }
+    isRetryableError(error) {
+        var _a;
+        const errorMessage = error.message || '';
+        const errorCode = error.code || '';
+        const statusCode = error.statusCode || ((_a = error.response) === null || _a === void 0 ? void 0 : _a.statusCode);
+        for (const pattern of this.retryPolicy.retryableErrors) {
+            if (pattern.includes('xx') && statusCode) {
+                const codePrefix = parseInt(pattern[0]);
+                const statusPrefix = Math.floor(statusCode / 100);
+                if (statusPrefix === codePrefix) {
+                    return true;
+                }
+            }
+            else if (errorMessage.includes(pattern) || errorCode.includes(pattern)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    calculateBackoff(attempt) {
+        const { strategy, initial, max, multiplier } = this.retryPolicy.backoff;
+        let delay;
+        switch (strategy) {
+            case 'exponential':
+                delay = initial * Math.pow(multiplier, attempt - 1);
+                break;
+            case 'linear':
+                delay = initial * attempt;
+                break;
+            case 'fixed':
+            default:
+                delay = initial;
+                break;
+        }
+        return Math.min(delay, max);
+    }
+    sleep(ms) {
+        return new Promise((resolve) => setTimeout(resolve, ms));
+    }
+    sanitizePath(path) {
+        const segments = path.split('/');
+        if (segments.length > 0) {
+            const lastSegment = segments[segments.length - 1];
+            const sensitivePatterns = [/password/i, /secret/i, /key/i, /token/i, /credential/i];
+            if (sensitivePatterns.some((pattern) => pattern.test(lastSegment))) {
+                segments[segments.length - 1] = '***';
+            }
+        }
+        return segments.join('/');
+    }
+    getToken() {
+        return this.currentToken;
+    }
+    isAuthenticated() {
+        return this.currentToken !== null;
+    }
+}
+exports.VaultProvider = VaultProvider;
+//# sourceMappingURL=vault-provider.js.map

package/lib/src/vault/vault-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault-provider.js","sourceRoot":"","sources":["../../../src/vault/vault-provider.ts"],"names":[],"mappings":";;;;;;AAKA,6DAAiD;AACjD,4DAAiD;AAkBjD,MAAa,aAAa;IAQxB,YAAY,MAA2B;QAL/B,iBAAY,GAAkB,IAAI,CAAC;QACnC,gBAAW,GAAG,CAAC,CAAC;QAEhB,gBAAW,GAAG,KAAK,CAAC;QAG1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,KAAK,IAAI;YACjC,WAAW,EAAE,CAAC;YACd,OAAO,EAAE;gBACP,QAAQ,EAAE,aAAa;gBACvB,OAAO,EAAE,IAAI;gBACb,GAAG,EAAE,KAAK;gBACV,UAAU,EAAE,CAAC;aACd;YACD,eAAe,EAAE,CAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,KAAK,CAAE;SACrE,CAAC;IACJ,CAAC;IAKD,KAAK,CAAC,UAAU;QAEd,IAAI,CAAC,WAAW,EAAE,CAAC;QAGnB,MAAM,YAAY,GAAiB;YACjC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC9B,UAAU,EAAE,IAAI;SACjB,CAAC;QAGF,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE;YACnB,YAAY,CAAC,cAAc,mCACtB,YAAY,CAAC,cAAc,KAC9B,kBAAkB,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,iBAAiB,KAAK,KAAK,GAChE,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE;gBAC1B,YAAY,CAAC,cAAc,mCACtB,YAAY,CAAC,cAAc,KAC9B,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,GAC3B,CAAC;aACH;SACF;QAED,IAAI,CAAC,MAAM,GAAG,IAAA,oBAAK,EAAC,YAAY,CAAC,CAAC;QAGlC,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAKD,KAAK,CAAC,OAAO;QACX,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;IAC1B,CAAC;IAKD,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,WAAW,GAAG,CAAC,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;IAKD,SAAS;QACP,OAAO,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC;IACxD,CAAC;IAKD,cAAc;QACZ,IAAI,IAAI,CAAC,WAAW,KAAK,CAAC,EAAE;YAE1B,OAAO,KAAK,CAAC;SACd;QAED,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IACjD,CAAC;IAKD,KAAK,CAAC,mBAAmB;QACvB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE;YACrB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;SAC3C;QACD,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE;YACzB,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;SAC3B;IACH,CAAC;IAKD,KAAK,CAAC,UAAU,CAAC,IAAY,EAAE,SAA0B,KAAK;QAC5D,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAGjC,IAAI,QAAgB,CAAC;QACrB,QAAQ,MAAM,EAAE;YACd,KAAK,KAAK,CAAC;YACX,KAAK,OAAO;gBACV,QAAQ,GAAG,UAAW,IAAK,EAAE,CAAC;gBAC9B,MAAM;YACR,KAAK,KAAK,CAAC;YACX,KAAK,OAAO;gBACV,QAAQ,GAAG,eAAgB,IAAK,EAAE,CAAC;gBACnC,MAAM;YACR,KAAK,UAAU;gBACb,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,YAAa,IAAK,EAAE,CAAC;gBACtE,MAAM;YACR;gBACE,QAAQ,GAAG,IAAI,CAAC;SACnB;QAED,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC7B,CAAC;IAKO,WAAW;QACjB,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAC;QAChF,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAGpD,IAAI,SAAS,CAAC,OAAO,KAAK,KAAK,EAAE;YAC/B,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;gBAC5H,MAAM,IAAI,KAAK,CAAC,kHAAkH,CAAC,CAAC;aACrI;SACF;QAGD,IAAI,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;YAClC,OAAO,CAAC,IAAI,CAAC,2FAA2F,CAAC,CAAC;SAC3G;IACH,CAAC;IAKO,KAAK,CAAC,YAAY;QAExB,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAE3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;YACxB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;SACzD;QAED,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;YAC5B,IAAI;gBACF,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;gBAE1C,OAAO;aACR;YAAC,OAAO,KAAK,EAAE;gBACd,MAAM,CAAC,IAAI,CAAC,KAAc,CAAC,CAAC;aAE7B;SACF;QAGD,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,sCAAuC,aAAc,EAAE,CAAC,CAAC;IAC3E,CAAC;IAMO,mBAAmB;QACzB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;QAE9B,IAAI,CAAC,IAAI,EAAE;YACT,OAAO,EAAE,CAAC;SACX;QAGD,IAAI,SAAS,IAAI,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;YACpD,OAAO,IAAI,CAAC,OAAO,CAAC;SACrB;QAGD,IAAI,QAAQ,IAAI,IAAI,EAAE;YACpB,MAAM,UAAU,GAAG,IAA0B,CAAC;YAC9C,OAAO,CAAE;oBACP,IAAI,EAAE,UAAU,CAAC,MAA6C;oBAC9D,MAAM,EAAE,IAAI;iBACb,CAAE,CAAC;SACL;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;IAKO,KAAK,CAAC,sBAAsB,CAAC,MAAwB;QAC3D,QAAQ,MAAM,CAAC,IAAI,EAAE;YACnB,KAAK,KAAK;gBACR,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,MAAwB,CAAC,CAAC;gBAC5D,MAAM;YACR,KAAK,KAAK;gBACR,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,MAAwB,CAAC,CAAC;gBAC5D,MAAM;YACR,KAAK,SAAS;gBACZ,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,MAA4B,CAAC,CAAC;gBACpE,MAAM;YACR,KAAK,OAAO;gBACV,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,MAA0B,CAAC,CAAC;gBAChE,MAAM;YACR;gBACE,MAAM,IAAI,KAAK,CAAC,sCAAuC,MAAM,CAAC,IAAK,EAAE,CAAC,CAAC;SAC1E;IACH,CAAC;IAMO,KAAK,CAAC,eAAe,CAAC,MAAsB;;QAClD,MAAM,EAAE,IAAI,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,GAAG,MAAM,CAAC;QAEpE,IAAI,CAAC,IAAI,EAAE;YACT,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;SAChE;QAED,IAAI;YAEF,MAAM,IAAI,GAAG,IAAI,gCAAU,CAAC;gBAC1B,OAAO,EAAE,qBAAqB;gBAC9B,MAAM,EAAE,CAAE,gDAAgD,CAAE;aAC7D,CAAC,CAAC;YAGH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,MAAM,OAAO,GAAG,mBAAmB,IAAI,WAAW,CAAC,YAAY,CAAC;YAEhE,IAAI,CAAC,OAAO,EAAE;gBACZ,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;aAC9D;YAGD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAE1C,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,IAAI,GAAG,CAAC;YAE3C,MAAM,SAAS,GAAG;gBAChB,GAAG,EAAE,SAAU,IAAK,EAAE;gBACtB,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,GAAG;gBACR,GAAG,EAAE,GAAG,GAAG,MAAM;aAClB,CAAC;YAIF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;YAG5E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE;gBACzD,IAAI;gBACJ,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;YAEH,IAAI,CAAC,CAAA,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,0CAAE,YAAY,CAAA,EAAE;gBACjC,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;aACrE;YAED,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC;YAC/C,IAAI,CAAC,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC;YAGtC,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,CAAC;YACnD,IAAI,QAAQ,GAAG,CAAC,EAAE;gBAChB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;aACnD;SACF;QAAC,OAAO,KAAU,EAAE;YACnB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,wBAAwB,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,kCAAmC,OAAQ,EAAE,CAAC,CAAC;SAChE;IACH,CAAC;IAMO,KAAK,CAAC,oBAAoB,CAChC,IAAgB,EAChB,mBAA2B,EAC3B,MAAc;QAEd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QAGtC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAGvC,MAAM,MAAM,GAAG,uEAAwE,mBAAoB,UAAU,CAAC;QAEtH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;YACpC,GAAG,EAAE,MAAM;YACX,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,OAAO,EAAE;SAClB,CAAC,CAAC;QAGH,MAAM,SAAS,GAAI,QAAQ,CAAC,IAAY,CAAC,SAAS,CAAC;QAEnD,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;SACvD;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAMO,eAAe,CAAC,OAAuB;QAO7C,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;IAC/F,CAAC;IAKO,KAAK,CAAC,mBAAmB,CAAC,MAA0B;;QAC1D,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;SACxE;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,SAAS,CAAC;QAChD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAC9C,OAAO,EAAE,MAAM,CAAC,MAAM;YACtB,SAAS,EAAE,MAAM,CAAC,QAAQ;YAC1B,WAAW,EAAE,SAAS;SACvB,CAAC,CAAC;QAEH,IAAI,CAAC,CAAA,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,0CAAE,YAAY,CAAA,EAAE;YACjC,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;SACrE;QAED,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC;QAC/C,IAAI,CAAC,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC;QAGtC,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,CAAC;QACnD,IAAI,QAAQ,GAAG,CAAC,EAAE;YAChB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;SACnD;IACH,CAAC;IAKO,KAAK,CAAC,iBAAiB,CAAC,MAAwB;QACtD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACjB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC1D;QAED,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC;QACjC,IAAI,CAAC,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC;QAGtC,IAAI;YACF,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;SACrC;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;SAC/D;IACH,CAAC;IAKD,KAAK,CAAC,IAAI,CAAC,IAAY;QACrB,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,IAAI,EAAE;YACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE9C,IAAI,CAAC,QAAQ,EAAE;gBACb,MAAM,IAAI,KAAK,CAAC,6BAA8B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAE,EAAE,CAAC,CAAC;aAC3E;YAED,OAAO,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC;IAKD,KAAK,CAAC,UAAU,CAAC,OAAe,EAAE,SAAkB;QAClD,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,IAAI,EAAE;YACtC,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE;gBAC1C,QAAQ,EAAE,OAAO;gBACjB,SAAS,EAAE,SAAS;aACrB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAKO,uBAAuB,CAAC,QAA8B;;QAE5D,MAAM,IAAI,GAAG,CAAA,MAAA,QAAQ,CAAC,IAAI,0CAAE,IAAI,KAAI,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC;QAExD,OAAO;YACL,IAAI;YACJ,OAAO,EAAE,QAAQ,CAAC,QAAQ;YAC1B,aAAa,EAAE,QAAQ,CAAC,cAAc,IAAI,CAAC;YAC3C,SAAS,EAAE,QAAQ,CAAC,SAAS,IAAI,KAAK;YACtC,QAAQ,EAAE,MAAA,QAAQ,CAAC,IAAI,0CAAE,QAAQ;SAClC,CAAC;IACJ,CAAC;IAKO,KAAK,CAAC,gBAAgB,CAAI,SAA2B;QAC3D,IAAI,SAAS,GAAiB,IAAI,CAAC;QAEnC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,OAAO,EAAE,EAAE;YACxE,IAAI;gBACF,OAAO,MAAM,SAAS,EAAE,CAAC;aAC1B;YAAC,OAAO,KAAU,EAAE;gBACnB,SAAS,GAAG,KAAK,CAAC;gBAGlB,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE;oBACjC,MAAM,KAAK,CAAC;iBACb;gBAGD,IAAI,OAAO,KAAK,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE;oBAC5C,MAAM;iBACP;gBAGD,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBAC7C,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;aACzB;SACF;QAED,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACjE,CAAC;IAKO,gBAAgB,CAAC,KAAU;;QACjC,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,KAAI,MAAA,KAAK,CAAC,QAAQ,0CAAE,UAAU,CAAA,CAAC;QAGlE,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE;YACtD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,UAAU,EAAE;gBAExC,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC;gBAClD,IAAI,YAAY,KAAK,UAAU,EAAE;oBAC/B,OAAO,IAAI,CAAC;iBACb;aACF;iBAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE;gBACxE,OAAO,IAAI,CAAC;aACb;SACF;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAKO,gBAAgB,CAAC,OAAe;QACtC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC;QAExE,IAAI,KAAa,CAAC;QAElB,QAAQ,QAAQ,EAAE;YAChB,KAAK,aAAa;gBAChB,KAAK,GAAG,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC;gBACpD,MAAM;YACR,KAAK,QAAQ;gBACX,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC;gBAC1B,MAAM;YACR,KAAK,OAAO,CAAC;YACb;gBACE,KAAK,GAAG,OAAO,CAAC;gBAChB,MAAM;SACT;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC9B,CAAC;IAKO,KAAK,CAAC,EAAU;QACtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;IAKO,YAAY,CAAC,IAAY;QAE/B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;YACvB,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAElD,MAAM,iBAAiB,GAAG,CAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAE,CAAC;YACtF,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE;gBAClE,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC;aACvC;SACF;QACD,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAKD,QAAQ;QACN,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAKD,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC;IACpC,CAAC;CACF;AAviBD,sCAuiBC"}