@kirschbaum-development/sst-laravel 0.1.5 → 0.2.7

package/README.md

@@ -38,6 +38,21 @@ To get started quickly, you can use the `init` command:
 npx sst-laravel init
 ```
 
+Running `init` now also prompts you to install the SST Laravel Initial Setup AI skill. Accepting the prompt will automatically detect whether `laravel/boost` ≥ 2.0 is available via Composer; if so, the skill is copied into `.ai/skills/sst-laravel-initial-setup/SKILL.md` and `php artisan boost:update` is executed. Otherwise, the command falls back to `npx skills add` with the bundled skill file.
+
+## AI Skill for Guided Setup
+
+Projects that rely on AI copilots (like OpenCode) can import the `skills/laravel-initial-setup/SKILL.md` file from this package. The skill walks an assistant through:
+
+- Auditing prerequisites (Node, AWS CLI, credentials, `sst-laravel` CLI)
+- Bootstrapping your repo by running `npx sst-laravel init` before any config changes
+- Choosing the right environment strategy (`RemoteEnvVault`, SST Secrets, or `.env` files)
+- Inspecting/creating VPC resources through the AWS CLI
+- Iteratively editing `sst.config.ts` until your Laravel service is deployable
+- Producing clear summaries after every step plus follow-up tasks and cautions
+
+Point your assistant at that file to get a prescriptive, secure onboarding workflow tailored for SST Laravel.
+
 ## Usage
 
 To start using, you only need to import the component in your `sst.config.ts` file:
@@ -137,6 +152,8 @@ There are multiple ways to configure environment variables. If you want SST Lara
 
 The below configuration would copy a file named `.env.$STAGE` (e.g. `.env.production`) into the deployment containers as your `.env` file.
 
+### Environment File
+
 ```js
 const app = new LaravelService('MyLaravelApp', {
   // ...
@@ -161,6 +178,105 @@ const app = new LaravelService('MyLaravelApp', {
 });
 ```
 
+### SST Secrets
+
+You can also use SST Secrets to store your environment variables. This is a more secure way to store your environment variables.
+
+```js
+const APP_KEY = new sst.Secret("APP_KEY");
+const DB_PASSWORD = new sst.Secret("DB_PASSWORD");
+
+const app = new LaravelService('MyLaravelApp', {
+  link: [APP_KEY, DB_PASSWORD],
+});
+```
+
+This will automatically inject the environment variables into the `.env` file of your Laravel application. Read more about SST Secrets [here](https://sst.dev/docs/component/secret/).
+
+### AWS Secrets Manager (RemoteEnvVault)
+
+For a more robust environment variable management solution similar to Laravel Vapor, you can use the `RemoteEnvVault` component. This stores your environment variables in AWS Secrets Manager and provides CLI commands to push and pull secrets.
+
+```js
+import { RemoteEnvVault, LaravelService } from "@kirschbaum-development/sst-laravel";
+
+const env = new RemoteEnvVault("Env");
+const app = new LaravelService('MyLaravelApp', {
+  // ...
+  config: {
+    environment: {
+      secrets: env,
+    }
+  }
+});
+```
+
+The secrets are stored in AWS Secrets Manager at the path `/{app-name}/{stage}/env`.
+
+#### Large Environment Files
+
+Large environment files that exceed AWS Secrets Manager's 64KB limit are automatically handled. The CLI will:
+- Split large `.env` files into multiple chunks when pushing
+- Automatically merge all chunks when pulling or deploying
+
+This is completely transparent - you don't need to do anything special.
+
+#### Pushing Secrets
+
+To push your local `.env` file to AWS Secrets Manager:
+
+```bash
+# Push .env.production to the production stage
+npx sst-laravel env:push --stage production --input .env.production
+
+# Push .env to staging (interactive)
+npx sst-laravel env:push --stage staging
+```
+
+#### Pulling Secrets
+
+To pull secrets from AWS Secrets Manager to a local file:
+
+```bash
+# Pull from production to .env.production (default)
+npx sst-laravel env:pull --stage production
+
+# Pull from staging to a custom file
+npx sst-laravel env:pull --stage staging --output .env.local
+```
+
+#### Deploying with Secrets
+
+When using `RemoteEnvVault`, deploy using the `sst-laravel deploy` command which automatically fetches secrets before building:
+
+```bash
+npx sst-laravel deploy --stage production
+```
+
+#### Workflow Example
+
+```bash
+# 1. Initial setup - push your environment file
+npx sst-laravel env:push --stage production --input .env.production
+
+# 2. Deploy (secrets are automatically fetched)
+npx sst-laravel deploy --stage production
+
+# 3. Update secrets later
+npx sst-laravel env:pull --stage production  # Creates .env.production
+# Edit .env.production
+npx sst-laravel env:push --stage production --input .env.production
+npx sst-laravel deploy --stage production
+```
+
+You can also use a custom path for the secrets:
+
+```js
+const env = new RemoteEnvVault("Env", {
+  path: "/custom/path/env"
+});
+```
+
 ### Resources
 
 In SST, you can [link resources](https://sst.dev/docs/linking). If you link resources to your Laravel component, SST Laravel will automatically inject and configure environment variables using sensible defaults for all the linked resources.
@@ -266,7 +382,7 @@ php artisan migrate --force
 
 ## Deploying
 
-To deploy your application, you can use the `sst deploy` command. You must be authenticated with AWS in your terminal session to deploy.
+To deploy your application, you can use the `sst-laravel deploy` command. You must be authenticated with AWS in your terminal session to deploy.
 
 ```bash
 npx sst-laravel deploy --stage {stage}
@@ -274,6 +390,8 @@ npx sst-laravel deploy --stage sandbox
 npx sst-laravel deploy --stage production
 ```
 
+> **Note:** If you're using `RemoteEnvVault` for secrets management, you should use `sst-laravel deploy` instead of `sst deploy` directly. This ensures secrets are fetched from AWS Secrets Manager before the Docker build.
+
 ## Accessing Containers
 
 Using the `sst-laravel` CLI tool, you can easily connect to your running ECS containers for debugging and troubleshooting.
@@ -316,10 +434,6 @@ To send logs to AWS CloudWatch, you need to set the `LOG_CHANNEL` environment va
 
 ## Troubleshooting
 
-**APP_URL**
-
-In case your specified environment file does not contain the `APP_URL` variable, SST Laravel will automatically add it to the environment file with the value of the `web.domain` property.
-
 **Load Balancer and trusted proxies**
 
 SST Laravel puts the container behind a load balancer, so you must configure your Laravel application to trust the load balancer's IP addresses. You can do this by configuring the trusted proxies in `bootstrap/app.php`. If you deployed your app and it's trying to load assets using HTTP instead of HTTPS, this is likely the issue.
@@ -327,12 +441,6 @@ SST Laravel puts the container behind a load balancer, so you must configure you
 ```php
 ->withMiddleware(function (Middleware $middleware) {
     $middleware->trustProxies(at: '*');
-    $middleware->trustProxies(headers: Request::HEADER_X_FORWARDED_FOR |
-        Request::HEADER_X_FORWARDED_HOST |
-        Request::HEADER_X_FORWARDED_PORT |
-        Request::HEADER_X_FORWARDED_PROTO |
-        Request::HEADER_X_FORWARDED_AWS_ELB
-    );
 })
 ```
 
@@ -345,12 +453,25 @@ In case you get the following error when running SST commands, run `npx sst-lara
    - node_modules/@kirschbaum-development/sst-laravel/laravel-sst.ts:6:26 Could not resolve "../../../.sst/platform/src/components/component.js"
 ```
 
+**CD: AWS credentials are not configured**
+
+If you are getting the following error when deploying (usually via CI/CD), the issue is usually that you have a `.env` or `.env.{stage}` that contains the `AWS_ACCESS_KEY_ID` and 
+`AWS_SECRET_ACCESS_KEY` keys. They should be removed from the environment file and you should be relying on the IAM role to give your app permissions to access AWS resources (which is more secure anyway).
+
+```
+✕  AWS credentials are not configured. Try configuring your profile in `~/.aws/config` and setting the `AWS_PROFILE` environment variable or specifying `providers.aws.profile` in your sst.config.ts
+   aws: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, failed to get API token, operation error ec2imds: getToken, http response error StatusCode: 400, request to EC2 IMDS failed
+```
+
+**APP_URL**
+
+In case your specified environment file does not contain the `APP_URL` variable, SST Laravel will automatically add it to the environment file with the value of the `web.domain` property.
+
 ***
 
 ### Roadmap
 
-* Support for [SST Secrets](https://sst.dev/docs/component/secret/);
-* Extend base Docker images;
+* Ability to extend base Docker images;
 * Add support for Inertia SSR;
 * Add support for Octane with FrankedPHP;
 * Add support for Laravel Reverb;
@@ -363,7 +484,7 @@ If you discover any security related issues, please email security@kirschbaumdev
 
 ## Sponsorship
 
-Development of this package is developed and sponsored by Kirschbaum Development Group, a developer driven company focused on problem solving, team building, and community. Learn more [about us](https://kirschbaumdevelopment.com) or [join us](https://careers.kirschbaumdevelopment.com)!
+Development of this package is sponsored by Kirschbaum Development Group, a developer driven company focused on problem solving, team building, and community. Learn more [about us](https://kirschbaumdevelopment.com) or [join us](https://careers.kirschbaumdevelopment.com)!
 
 ## License
 

package/dist/bin/cli.js

@@ -8,6 +8,8 @@ import { sshCommand } from './commands/ssh.js';
 import { logsCommand } from './commands/logs.js';
 import { githubIamCommand } from './commands/github-iam.js';
 import { installCommand } from './commands/install.js';
+import { envPullCommand } from './commands/env-pull.js';
+import { envPushCommand } from './commands/env-push.js';
 import { getPackageRoot } from './utils/sst-config.js';
 const packageJsonPath = path.join(getPackageRoot(), 'package.json');
 const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
@@ -23,5 +25,7 @@ program.addCommand(sshCommand);
 program.addCommand(logsCommand);
 program.addCommand(githubIamCommand);
 program.addCommand(installCommand);
+program.addCommand(envPullCommand);
+program.addCommand(envPushCommand);
 program.parse();
 //# sourceMappingURL=cli.js.map

package/dist/bin/cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../bin/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,cAAc,CAAC,CAAC;AACpE,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC;AAC1E,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC;AAEpC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,aAAa,CAAC;KACnB,WAAW,CAAC,uCAAuC,CAAC;KACpD,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;AAChC,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AAClC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;AAC/B,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;AAChC,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;AACrC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;AAEnC,OAAO,CAAC,KAAK,EAAE,CAAC"}
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../bin/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,cAAc,CAAC,CAAC;AACpE,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC;AAC1E,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC;AAEpC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,aAAa,CAAC;KACnB,WAAW,CAAC,uCAAuC,CAAC;KACpD,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;AAChC,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AAClC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;AAC/B,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;AAChC,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;AACrC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;AACnC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;AACnC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;AAEnC,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/bin/commands/deploy.js

@@ -1,16 +1,62 @@
 import { Command } from 'commander';
 import { spawn } from 'child_process';
-import { validateDeployment } from '../utils/sst-config.js';
+import * as fs from 'fs';
+import * as path from 'path';
+import { validateDeployment, findSstConfig, extractSstProjectName, extractSecretsConfig, getPackageRoot } from '../utils/sst-config.js';
+import { pullSecrets, getSecretPath, getSecretInfo, toEnvFileContent } from '../utils/secrets-manager.js';
 export const deployCommand = new Command('deploy')
     .description('Deploy the application using SST')
     .requiredOption('-s, --stage <stage>', 'SST stage name')
     .action(async (options) => {
     try {
         validateDeployment(options.stage);
+        const configPath = findSstConfig();
+        if (configPath) {
+            const appName = extractSstProjectName(configPath);
+            const secretsConfig = extractSecretsConfig(configPath);
+            if (appName && secretsConfig) {
+                console.log('RemoteEnvVault detected, fetching secrets from AWS Secrets Manager...');
+                // Determine the secret path
+                const secretPath = secretsConfig.path || getSecretPath(appName, options.stage);
+                try {
+                    // Get info about the secret structure first
+                    const secretInfo = await getSecretInfo(secretPath);
+                    if (!secretInfo) {
+                        console.warn(`Warning: No secrets found at ${secretPath}`);
+                        console.log('Continuing with deployment without secrets...');
+                    }
+                    else {
+                        if (secretInfo.chunked) {
+                            console.log(`Found ${secretInfo.totalKeys} variables in ${secretInfo.chunks} chunks`);
+                        }
+                        const secrets = await pullSecrets(secretPath);
+                        if (secrets) {
+                            // Ensure the .sst/laravel/deploy directory exists
+                            const deployDir = path.join(process.cwd(), '.sst', 'laravel', 'deploy');
+                            fs.mkdirSync(deployDir, { recursive: true });
+                            // Write secrets to .env file
+                            const envFilePath = path.join(deployDir, '.env');
+                            const envContent = toEnvFileContent(secrets);
+                            fs.writeFileSync(envFilePath, envContent + '\n');
+                            fs.chmodSync(envFilePath, 0o755);
+                            console.log(`Fetched ${Object.keys(secrets).length} variables from ${secretPath}`);
+                        }
+                    }
+                }
+                catch (error) {
+                    console.error(`Warning: Failed to fetch secrets from ${secretPath}:`, error.message);
+                    console.log('Continuing with deployment without secrets...');
+                }
+            }
+        }
         const deployProcess = spawn('npx', ['sst', 'deploy', '--stage', options.stage], {
             cwd: process.cwd(),
             stdio: 'inherit',
-            shell: true
+            shell: true,
+            env: {
+                ...process.env,
+                SST_LARAVEL_PACKAGE_ROOT: getPackageRoot(),
+            },
         });
         await new Promise((resolve, reject) => {
             deployProcess.on('exit', (code) => {

package/dist/bin/commands/deploy.js.map

@@ -1 +1 @@
-{"version":3,"file":"deploy.js","sourceRoot":"","sources":["../../../bin/commands/deploy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAE5D,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,kCAAkC,CAAC;KAC/C,cAAc,CAAC,qBAAqB,EAAE,gBAAgB,CAAC;KACvD,MAAM,CAAC,KAAK,EAAE,OAA0B,EAAE,EAAE;IAC3C,IAAI,CAAC;QACH,kBAAkB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAElC,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC9E,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAChC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,OAAO,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,IAAI,EAAE,CAAC,CAAC,CAAC;gBAC5D,CAAC;YACH,CAAC,CAAC,CAAC;YACH,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC"}
+{"version":3,"file":"deploy.js","sourceRoot":"","sources":["../../../bin/commands/deploy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACtC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxI,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE1G,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,kCAAkC,CAAC;KAC/C,cAAc,CAAC,qBAAqB,EAAE,gBAAgB,CAAC;KACvD,MAAM,CAAC,KAAK,EAAE,OAA0B,EAAE,EAAE;IAC3C,IAAI,CAAC;QACH,kBAAkB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAElC,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;QACnC,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,aAAa,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;YAEvD,IAAI,OAAO,IAAI,aAAa,EAAE,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,uEAAuE,CAAC,CAAC;gBAErF,4BAA4B;gBAC5B,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,IAAI,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;gBAE/E,IAAI,CAAC;oBACH,4CAA4C;oBAC5C,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;oBAEnD,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,OAAO,CAAC,IAAI,CAAC,gCAAgC,UAAU,EAAE,CAAC,CAAC;wBAC3D,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;oBAC/D,CAAC;yBAAM,CAAC;wBACN,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;4BACvB,OAAO,CAAC,GAAG,CAAC,SAAS,UAAU,CAAC,SAAS,iBAAiB,UAAU,CAAC,MAAM,SAAS,CAAC,CAAC;wBACxF,CAAC;wBAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC;wBAE9C,IAAI,OAAO,EAAE,CAAC;4BACZ,kDAAkD;4BAClD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;4BACxE,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;4BAE7C,6BAA6B;4BAC7B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;4BACjD,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;4BAC7C,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,UAAU,GAAG,IAAI,CAAC,CAAC;4BACjD,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;4BAEjC,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,mBAAmB,UAAU,EAAE,CAAC,CAAC;wBACrF,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,KAAK,CAAC,yCAAyC,UAAU,GAAG,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;oBAChG,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC9E,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,IAAI;YACX,GAAG,EAAE;gBACH,GAAG,OAAO,CAAC,GAAG;gBACd,wBAAwB,EAAE,cAAc,EAAE;aAC3C;SACF,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAChC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,OAAO,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,IAAI,EAAE,CAAC,CAAC,CAAC;gBAC5D,CAAC;YACH,CAAC,CAAC,CAAC;YACH,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC"}

package/dist/bin/commands/env-pull.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare const envPullCommand: Command;

package/dist/bin/commands/env-pull.js

@@ -0,0 +1,81 @@
+import { Command } from 'commander';
+import * as fs from 'fs';
+import * as path from 'path';
+import { select, confirm } from '@inquirer/prompts';
+import { findSstConfig, extractSstProjectName } from '../utils/sst-config.js';
+import { pullSecrets, getSecretPath, getSecretInfo, toEnvFileContent, listAvailableStages } from '../utils/secrets-manager.js';
+export const envPullCommand = new Command('env:pull')
+    .description('Pull environment variables from AWS Secrets Manager')
+    .option('-s, --stage <stage>', 'SST stage name')
+    .option('-o, --output <file>', 'Output file path (default: .env.{stage})')
+    .option('-f, --force', 'Overwrite existing file without confirmation')
+    .action(async (options) => {
+    try {
+        const configPath = findSstConfig();
+        if (!configPath) {
+            console.error('Error: Could not find sst.config.ts or sst.config.js in current directory.');
+            process.exit(1);
+        }
+        const appName = extractSstProjectName(configPath);
+        if (!appName) {
+            console.error('Error: Could not extract app name from SST config.');
+            process.exit(1);
+        }
+        // Determine stage
+        let stage = options.stage;
+        if (!stage) {
+            const availableStages = await listAvailableStages(appName);
+            if (availableStages.length === 0) {
+                console.log('No stages found in AWS Secrets Manager for this app.');
+                console.log('Run this command again with the --stage <stage> flag to create the environment file.');
+                process.exit(1);
+            }
+            stage = await select({
+                message: 'Select the stage to pull from:',
+                choices: availableStages.map(s => ({ name: s, value: s })),
+            });
+        }
+        const secretPath = getSecretPath(appName, stage);
+        const outputFile = options.output || `.env.${stage}`;
+        const outputPath = path.resolve(process.cwd(), outputFile);
+        console.log(`Pulling environment variables from: ${secretPath}`);
+        // Get info about the secret structure
+        const secretInfo = await getSecretInfo(secretPath);
+        if (!secretInfo) {
+            console.error(`Error: No secrets found at ${secretPath}`);
+            console.log('');
+            console.log('To create secrets for this environment, run:');
+            console.log(`  sst-laravel env:push --stage ${stage} --input .env.example`);
+            process.exit(1);
+        }
+        if (secretInfo.chunked) {
+            console.log(`Found ${secretInfo.totalKeys} variables in ${secretInfo.chunks} chunks`);
+        }
+        // Check if output file exists
+        if (fs.existsSync(outputPath) && !options.force) {
+            const shouldOverwrite = await confirm({
+                message: `File ${outputFile} already exists. Overwrite?`,
+                default: false,
+            });
+            if (!shouldOverwrite) {
+                console.log('Aborted.');
+                process.exit(0);
+            }
+        }
+        // Pull secrets from AWS
+        const secrets = await pullSecrets(secretPath);
+        if (!secrets) {
+            console.error(`Error: Failed to pull secrets from ${secretPath}`);
+            process.exit(1);
+        }
+        // Convert to .env format and write
+        const envContent = toEnvFileContent(secrets);
+        fs.writeFileSync(outputPath, envContent + '\n');
+        console.log(`Successfully pulled ${Object.keys(secrets).length} variables to ${outputFile}`);
+    }
+    catch (error) {
+        console.error('Error:', error.message);
+        process.exit(1);
+    }
+});
+//# sourceMappingURL=env-pull.js.map

package/dist/bin/commands/env-pull.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-pull.js","sourceRoot":"","sources":["../../../bin/commands/env-pull.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAE/H,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,OAAO,CAAC,UAAU,CAAC;KAClD,WAAW,CAAC,qDAAqD,CAAC;KAClE,MAAM,CAAC,qBAAqB,EAAE,gBAAgB,CAAC;KAC/C,MAAM,CAAC,qBAAqB,EAAE,0CAA0C,CAAC;KACzE,MAAM,CAAC,aAAa,EAAE,8CAA8C,CAAC;KACrE,MAAM,CAAC,KAAK,EAAE,OAA6D,EAAE,EAAE;IAC9E,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;QAEnC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAC;YAC5F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;QAElD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACpE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,kBAAkB;QAClB,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,eAAe,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAE3D,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;gBACpE,OAAO,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAC;gBACpG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,KAAK,GAAG,MAAM,MAAM,CAAC;gBACnB,OAAO,EAAE,gCAAgC;gBACzC,OAAO,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;aAC3D,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,IAAI,QAAQ,KAAK,EAAE,CAAC;QACrD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;QAE3D,OAAO,CAAC,GAAG,CAAC,uCAAuC,UAAU,EAAE,CAAC,CAAC;QAEjE,sCAAsC;QACtC,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;QAEnD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,8BAA8B,UAAU,EAAE,CAAC,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,kCAAkC,KAAK,uBAAuB,CAAC,CAAC;YAC5E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,SAAS,UAAU,CAAC,SAAS,iBAAiB,UAAU,CAAC,MAAM,SAAS,CAAC,CAAC;QACxF,CAAC;QAED,8BAA8B;QAC9B,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YAChD,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC;gBACpC,OAAO,EAAE,QAAQ,UAAU,6BAA6B;gBACxD,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;YAEH,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAC;YAClE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,mCAAmC;QACnC,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC7C,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI,CAAC,CAAC;QAEhD,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,iBAAiB,UAAU,EAAE,CAAC,CAAC;IAC/F,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC"}

package/dist/bin/commands/env-push.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare const envPushCommand: Command;

package/dist/bin/commands/env-push.js

@@ -0,0 +1,93 @@
+import { Command } from 'commander';
+import * as fs from 'fs';
+import * as path from 'path';
+import { select, confirm } from '@inquirer/prompts';
+import { findSstConfig, extractSstProjectName } from '../utils/sst-config.js';
+import { pushSecrets, getSecretInfo, getSecretPath, parseEnvFile, needsChunking, listAvailableStages } from '../utils/secrets-manager.js';
+export const envPushCommand = new Command('env:push')
+    .description('Push environment variables to AWS Secrets Manager')
+    .option('-s, --stage <stage>', 'SST stage name')
+    .option('-i, --input <file>', 'Input file path (default: .env)')
+    .option('-f, --force', 'Push without confirmation')
+    .action(async (options) => {
+    try {
+        const configPath = findSstConfig();
+        if (!configPath) {
+            console.error('Error: Could not find sst.config.ts or sst.config.js in current directory.');
+            process.exit(1);
+        }
+        const appName = extractSstProjectName(configPath);
+        if (!appName) {
+            console.error('Error: Could not extract app name from SST config.');
+            process.exit(1);
+        }
+        // Determine stage
+        let stage = options.stage;
+        if (!stage) {
+            const availableStages = await listAvailableStages(appName);
+            if (availableStages.length === 0) {
+                console.log('No stages found in AWS Secrets Manager for this app.');
+                console.log('Run this command again with the --stage <stage> flag so the environment file can be created.');
+                process.exit(1);
+            }
+            stage = await select({
+                message: 'Select the stage to push to:',
+                choices: availableStages.map(s => ({ name: s, value: s })),
+            });
+        }
+        const inputFile = options.input || '.env';
+        const inputPath = path.resolve(process.cwd(), inputFile);
+        // Check if input file exists
+        if (!fs.existsSync(inputPath)) {
+            console.error(`Error: Input file ${inputFile} not found.`);
+            process.exit(1);
+        }
+        const secretPath = getSecretPath(appName, stage);
+        // Parse the .env file
+        const content = fs.readFileSync(inputPath, 'utf-8');
+        const vars = parseEnvFile(content);
+        const varCount = Object.keys(vars).length;
+        if (varCount === 0) {
+            console.error('Error: No variables found in the input file.');
+            process.exit(1);
+        }
+        console.log(`Found ${varCount} variables in ${inputFile}`);
+        console.log(`Target: ${secretPath}`);
+        // Check if chunking will be needed
+        if (needsChunking(vars)) {
+            console.log(`\nNote: Environment file exceeds AWS Secrets Manager limit and will be split into multiple chunks.`);
+        }
+        // Check if secrets already exist
+        const existingInfo = await getSecretInfo(secretPath);
+        if (existingInfo && !options.force) {
+            if (existingInfo.chunked) {
+                console.log(`\nWarning: ${existingInfo.totalKeys} variables already exist at this path (in ${existingInfo.chunks} chunks).`);
+            }
+            else {
+                console.log(`\nWarning: ${existingInfo.totalKeys} variables already exist at this path.`);
+            }
+            const shouldOverwrite = await confirm({
+                message: 'Do you want to overwrite the existing secrets?',
+                default: false,
+            });
+            if (!shouldOverwrite) {
+                console.log('Aborted.');
+                process.exit(0);
+            }
+        }
+        // Push secrets to AWS
+        console.log('\nPushing secrets to AWS Secrets Manager...');
+        const result = await pushSecrets(secretPath, vars);
+        if (result.chunked) {
+            console.log(`Successfully pushed ${varCount} variables to ${secretPath} (split into ${result.chunks} chunks)`);
+        }
+        else {
+            console.log(`Successfully pushed ${varCount} variables to ${secretPath}`);
+        }
+    }
+    catch (error) {
+        console.error('Error:', error.message);
+        process.exit(1);
+    }
+});
+//# sourceMappingURL=env-push.js.map

package/dist/bin/commands/env-push.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-push.js","sourceRoot":"","sources":["../../../bin/commands/env-push.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAE1I,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,OAAO,CAAC,UAAU,CAAC;KAClD,WAAW,CAAC,mDAAmD,CAAC;KAChE,MAAM,CAAC,qBAAqB,EAAE,gBAAgB,CAAC;KAC/C,MAAM,CAAC,oBAAoB,EAAE,iCAAiC,CAAC;KAC/D,MAAM,CAAC,aAAa,EAAE,2BAA2B,CAAC;KAClD,MAAM,CAAC,KAAK,EAAE,OAA4D,EAAE,EAAE;IAC7E,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;QAEnC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAC;YAC5F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;QAElD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACpE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,kBAAkB;QAClB,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,eAAe,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAE3D,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;gBACpE,OAAO,CAAC,GAAG,CAAC,8FAA8F,CAAC,CAAC;gBAC5G,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,KAAK,GAAG,MAAM,MAAM,CAAC;gBACnB,OAAO,EAAE,8BAA8B;gBACvC,OAAO,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;aAC3D,CAAC,CAAC;QACL,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,MAAM,CAAC;QAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;QAEzD,6BAA6B;QAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,KAAK,CAAC,qBAAqB,SAAS,aAAa,CAAC,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAEjD,sBAAsB;QACtB,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QAE1C,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,SAAS,QAAQ,iBAAiB,SAAS,EAAE,CAAC,CAAC;QAC3D,OAAO,CAAC,GAAG,CAAC,WAAW,UAAU,EAAE,CAAC,CAAC;QAErC,mCAAmC;QACnC,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,oGAAoG,CAAC,CAAC;QACpH,CAAC;QAED,iCAAiC;QACjC,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;QAErD,IAAI,YAAY,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnC,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,cAAc,YAAY,CAAC,SAAS,6CAA6C,YAAY,CAAC,MAAM,WAAW,CAAC,CAAC;YAC/H,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,cAAc,YAAY,CAAC,SAAS,wCAAwC,CAAC,CAAC;YAC5F,CAAC;YAED,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC;gBACpC,OAAO,EAAE,gDAAgD;gBACzD,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;YAEH,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAEnD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,uBAAuB,QAAQ,iBAAiB,UAAU,gBAAgB,MAAM,CAAC,MAAM,UAAU,CAAC,CAAC;QACjH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,uBAAuB,QAAQ,iBAAiB,UAAU,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC"}