@layerzerolabs/vm-tooling 0.2.7 → 0.2.8

package/dist/QTKMYYBJ.js

@@ -0,0 +1,20 @@
+import { getCombinationId } from './RT6XP6RO.js';
+import { findToolVersionsForCombination } from './7GBZAO4Q.js';
+import { init_esm_shims, __name } from './6AHA7PAZ.js';
+
+// src/display/formatters.ts
+init_esm_shims();
+function formatVersionCombination(context, combination, isDefault) {
+  const tools = Object.entries(findToolVersionsForCombination(context, combination)).filter(([_, version]) => version !== void 0).map(([tool, version]) => `${tool}:${version}`).join(", ");
+  const badges = [
+    isDefault ? "\u{1F3AF} Default" : null,
+    combination.stable ? "\u2705 Stable" : null,
+    combination.description
+  ].filter(Boolean).join(" ");
+  return `  ${getCombinationId(context, combination)}: ${tools} ${badges}`;
+}
+__name(formatVersionCombination, "formatVersionCombination");
+
+export { formatVersionCombination };
+//# sourceMappingURL=QTKMYYBJ.js.map
+//# sourceMappingURL=QTKMYYBJ.js.map

package/dist/QTKMYYBJ.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/display/formatters.ts"],"names":["formatVersionCombination","context","combination","isDefault","tools","Object","entries","findToolVersionsForCombination","filter","_","version","undefined","map","tool","join","badges","stable","description","Boolean","getCombinationId"],"mappings":";;;;;AAEA,cAAA,EAAA;AAMO,SAASA,wBAAAA,CACZC,OAAAA,EACAC,WAAAA,EACAC,SAAAA,EAAmB;AAEnB,EAAA,MAAMC,KAAAA,GAAQC,MAAAA,CAAOC,OAAAA,CAAQC,8BAAAA,CAA+BN,OAAAA,EAASC,WAAAA,CAAAA,CAAAA,CAChEM,MAAAA,CAAO,CAAC,CAACC,CAAAA,EAAGC,OAAAA,CAAAA,KAAaA,OAAAA,KAAYC,MAAAA,CAAAA,CACrCC,GAAAA,CAAI,CAAC,CAACC,IAAAA,EAAMH,OAAAA,CAAAA,KAAa,CAAA,EAAGG,IAAAA,CAAAA,CAAAA,EAAQH,OAAAA,CAAAA,CAAS,CAAA,CAC7CI,KAAK,IAAA,CAAA;AAEV,EAAA,MAAMC,MAAAA,GAAS;AACXZ,IAAAA,SAAAA,GAAY,mBAAA,GAAe,IAAA;AAC3BD,IAAAA,WAAAA,CAAYc,SAAS,eAAA,GAAa,IAAA;IAClCd,WAAAA,CAAYe;IAEXT,MAAAA,CAAOU,OAAAA,CAAAA,CACPJ,IAAAA,CAAK,GAAA,CAAA;AAEV,EAAA,OAAO,CAAA,EAAA,EAAKK,iBAAiBlB,OAAAA,EAASC,WAAAA,CAAAA,CAAAA,EAAAA,EAAiBE,KAAAA,IAASW,MAAAA,CAAAA,CAAAA;AACpE;AAnBgBf,MAAAA,CAAAA,wBAAAA,EAAAA,0BAAAA,CAAAA","file":"QTKMYYBJ.js","sourcesContent":["import type { VersionCombination } from '../config';\nimport type { ChainContext } from '../context';\nimport { getCombinationId } from '../utils';\nimport { findToolVersionsForCombination } from '../utils/finder';\n\n/**\n * Format version combinations for display\n */\nexport function formatVersionCombination<TImageId extends string>(\n    context: ChainContext<TImageId>,\n    combination: VersionCombination<TImageId>,\n    isDefault?: boolean,\n): string {\n    const tools = Object.entries(findToolVersionsForCombination(context, combination))\n        .filter(([_, version]) => version !== undefined)\n        .map(([tool, version]) => `${tool}:${version}`)\n        .join(', ');\n\n    const badges = [\n        isDefault ? '🎯 Default' : null,\n        combination.stable ? '✅ Stable' : null,\n        combination.description,\n    ]\n        .filter(Boolean)\n        .join(' ');\n\n    return `  ${getCombinationId(context, combination)}: ${tools} ${badges}`;\n}\n"]}

package/dist/{4ZP6FU3S.js → R5CQAJPE.js}

@@ -1,5 +1,5 @@
-import { setCredentialFeature } from './ERGNNQ6N.js';
 import { getProfileName, parseKnownFiles, loadSsoSessionData, getSSOTokenFromFile, getSSOTokenFilepath } from './GHQS37WK.js';
+import { setCredentialFeature } from './ERGNNQ6N.js';
 import { ProviderError, CredentialsProviderError } from './UFZOOGMQ.js';
 import { init_esm_shims, __name } from './6AHA7PAZ.js';
 import { promises } from 'fs';
@@ -44,7 +44,7 @@ init_esm_shims();
 // ../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/getSsoOidcClient.js
 init_esm_shims();
 var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => {
-  const { SSOOIDCClient } = await import('./HSLJBWIL.js');
+  const { SSOOIDCClient } = await import('./MQNCJPBY.js');
   const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {
     region: ssoRegion ?? init.clientConfig?.region,
     logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger
@@ -54,7 +54,7 @@ var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => {
 
 // ../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/getNewSsoOidcToken.js
 var getNewSsoOidcToken = /* @__PURE__ */ __name(async (ssoToken, ssoRegion, init = {}) => {
-  const { CreateTokenCommand } = await import('./HSLJBWIL.js');
+  const { CreateTokenCommand } = await import('./MQNCJPBY.js');
   const ssoOidcClient = await getSsoOidcClient(ssoRegion, init);
   return ssoOidcClient.send(new CreateTokenCommand({
     clientId: ssoToken.clientId,
@@ -211,7 +211,7 @@ var resolveSSOCredentials = /* @__PURE__ */ __name(async ({ ssoStartUrl, ssoSess
     });
   }
   const { accessToken } = token;
-  const { SSOClient, GetRoleCredentialsCommand } = await import('./QBBWWA5T.js');
+  const { SSOClient, GetRoleCredentialsCommand } = await import('./LQNTMID2.js');
   const sso = ssoClient || new SSOClient(Object.assign({}, clientConfig ?? {}, {
     logger: clientConfig?.logger ?? parentClientConfig?.logger,
     region: clientConfig?.region ?? ssoRegion
@@ -346,5 +346,5 @@ var fromSSO = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig
 init_esm_shims();
 
 export { fromSSO, isSsoProfile, validateSsoProfile };
-//# sourceMappingURL=4ZP6FU3S.js.map
-//# sourceMappingURL=4ZP6FU3S.js.map
+//# sourceMappingURL=R5CQAJPE.js.map
+//# sourceMappingURL=R5CQAJPE.js.map

package/dist/{4ZP6FU3S.js.map → R5CQAJPE.js.map}

@@ -1 +1 @@
-{"version":3,"sources":["../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/index.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/fromSSO.js","../../../node_modules/.pnpm/@smithy+property-provider@4.2.5/node_modules/@smithy/property-provider/dist-es/TokenProviderError.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/isSsoProfile.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/resolveSSOCredentials.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/fromSso.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/constants.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/getNewSsoOidcToken.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/getSsoOidcClient.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenExpiry.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenKey.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/writeSSOTokenToFile.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/validateSsoProfile.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/types.js"],"names":["TokenProviderError","ProviderError","name","message","options","Object","setPrototypeOf","prototype","isSsoProfile","arg","sso_start_url","sso_account_id","sso_session","sso_region","sso_role_name","EXPIRE_WINDOW_MS","REFRESH_MESSAGE","getSsoOidcClient","ssoRegion","init","SSOOIDCClient","ssoOidcClient","assign","clientConfig","region","logger","parentClientConfig","getNewSsoOidcToken","ssoToken","CreateTokenCommand","send","clientId","clientSecret","refreshToken","grantType","validateTokenExpiry","token","expiration","getTime","Date","now","validateTokenKey","key","value","forRefresh","writeFile","fsPromises","writeSSOTokenToFile","id","tokenFilepath","getSSOTokenFilepath","tokenString","JSON","stringify","lastRefreshAttemptTime","fromSso","_init","callerClientConfig","debug","profiles","parseKnownFiles","profileName","getProfileName","profile","ssoSessionName","ssoSessions","loadSsoSessionData","ssoSession","ssoSessionRequiredKey","getSSOTokenFromFile","e","accessToken","expiresAt","existingToken","setTime","newSsoOidcToken","expiresIn","newTokenExpiration","toISOString","error","SHOULD_FAIL_CREDENTIAL_CHAIN","resolveSSOCredentials","ssoStartUrl","ssoAccountId","ssoRoleName","ssoClient","refreshMessage","_token","getSsoTokenProvider","CredentialsProviderError","tryNextLink","SSOClient","GetRoleCredentialsCommand","sso","ssoResp","accountId","roleName","roleCredentials","accessKeyId","secretAccessKey","sessionToken","credentialScope","credentials","setCredentialFeature","validateSsoProfile","keys","join","fromSSO","session","conflictMsg"],"mappings":";;;;;;;AAAA,cAAA,EAAA;;;ACAA,cAAA,EAAA;;;ACAA,cAAA,EAAA;AACO,IAAMA,kBAAAA,GAAN,MAAMA,mBAAAA,SAA2BC,aAAAA,CAAAA;EADxC;;;EAEIC,IAAAA,GAAO,oBAAA;EACP,WAAA,CAAYC,OAAAA,EAASC,UAAU,IAAA,EAAM;AACjC,IAAA,KAAA,CAAMD,SAASC,OAAAA,CAAAA;AACfC,IAAAA,MAAAA,CAAOC,cAAAA,CAAe,IAAA,EAAMN,mBAAAA,CAAmBO,SAAS,CAAA;AAC5D,EAAA;AACJ,CAAA;;;ACPA,cAAA,EAAA;AAAO,IAAMC,YAAAA,2BAAgBC,GAAAA,KAAQA,GAAAA,KAChC,OAAOA,GAAAA,CAAIC,aAAAA,KAAkB,QAAA,IAC1B,OAAOD,GAAAA,CAAIE,cAAAA,KAAmB,YAC9B,OAAOF,GAAAA,CAAIG,WAAAA,KAAgB,QAAA,IAC3B,OAAOH,GAAAA,CAAII,eAAe,QAAA,IAC1B,OAAOJ,GAAAA,CAAIK,aAAAA,KAAkB,QAAA,CAAA,EALT,cAAA;;;ACA5B,cAAA,EAAA;;;ACAA,cAAA,EAAA;;;ACAA,cAAA,EAAA;AAAO,IAAMC,gBAAAA,GAAmB,IAAI,EAAA,GAAK,GAAA;AAClC,IAAMC,eAAAA,GAAkB,CAAA,+EAAA,CAAA;;;ACD/B,cAAA,EAAA;;;ACAA,cAAA,EAAA;AAAO,IAAMC,gBAAAA,mBAAmB,MAAA,CAAA,OAAOC,SAAAA,EAAWC,IAAAA,GAAO,EAAC,KAAC;AACvD,EAAA,MAAM,EAAEC,aAAAA,EAAa,GAAK,MAAM,OAAO,eAAA,CAAA;AACvC,EAAA,MAAMC,aAAAA,GAAgB,IAAID,aAAAA,CAAcf,MAAAA,CAAOiB,MAAAA,CAAO,EAAC,EAAGH,IAAAA,CAAKI,YAAAA,IAAgB,EAAC,EAAG;IAC/EC,MAAAA,EAAQN,SAAAA,IAAaC,KAAKI,YAAAA,EAAcC,MAAAA;AACxCC,IAAAA,MAAAA,EAAQN,IAAAA,CAAKI,YAAAA,EAAcE,MAAAA,IAAUN,IAAAA,CAAKO,kBAAAA,EAAoBD;AAClE,GAAA,CAAA,CAAA;AACA,EAAA,OAAOJ,aAAAA;AACX,CAAA,EAPgC,kBAAA,CAAA;;;ADCzB,IAAMM,qCAAqB,MAAA,CAAA,OAAOC,QAAAA,EAAUV,SAAAA,EAAWC,IAAAA,GAAO,EAAC,KAAC;AACnE,EAAA,MAAM,EAAEU,kBAAAA,EAAkB,GAAK,MAAM,OAAO,eAAA,CAAA;AAC5C,EAAA,MAAMR,aAAAA,GAAgB,MAAMJ,gBAAAA,CAAiBC,SAAAA,EAAWC,IAAAA,CAAAA;AACxD,EAAA,OAAOE,aAAAA,CAAcS,IAAAA,CAAK,IAAID,kBAAAA,CAAmB;AAC7CE,IAAAA,QAAAA,EAAUH,QAAAA,CAASG,QAAAA;AACnBC,IAAAA,YAAAA,EAAcJ,QAAAA,CAASI,YAAAA;AACvBC,IAAAA,YAAAA,EAAcL,QAAAA,CAASK,YAAAA;IACvBC,SAAAA,EAAW;AACf,GAAA,CAAA,CAAA;AACJ,CAAA,EATkC,oBAAA,CAAA;;;AEDlC,cAAA,EAAA;AAEO,IAAMC,mBAAAA,2BAAuBC,KAAAA,KAAAA;AAChC,EAAA,IAAIA,KAAAA,CAAMC,cAAcD,KAAAA,CAAMC,UAAAA,CAAWC,SAAO,GAAKC,IAAAA,CAAKC,KAAG,EAAI;AAC7D,IAAA,MAAM,IAAIxC,kBAAAA,CAAmB,CAAA,kBAAA,EAAqBgB,eAAAA,IAAmB,KAAA,CAAA;AACzE,EAAA;AACJ,CAAA,EAJmC,qBAAA,CAAA;;;ACFnC,cAAA,EAAA;AAEO,IAAMyB,gBAAAA,mBAAmB,MAAA,CAAA,CAACC,GAAAA,EAAKC,KAAAA,EAAOC,aAAa,KAAA,KAAK;AAC3D,EAAA,IAAI,OAAOD,UAAU,WAAA,EAAa;AAC9B,IAAA,MAAM,IAAI3C,kBAAAA,CAAmB,CAAA,uBAAA,EAA0B0C,GAAAA,CAAAA,cAAAA,EAAoBE,UAAAA,GAAa,kBAAA,GAAqB,EAAA,CAAA,EAAA,EAAO5B,eAAAA,CAAAA,CAAAA,EAAmB,KAAA,CAAA;AAC3I,EAAA;AACJ,CAAA,EAJgC,kBAAA,CAAA;;;ACFhC,cAAA,EAAA;AAEA,IAAM,EAAE6B,WAAS,GAAKC,QAAAA;AACf,IAAMC,mBAAAA,mBAAsB,MAAA,CAAA,CAACC,EAAAA,EAAIpB,QAAAA,KAAAA;AACpC,EAAA,MAAMqB,aAAAA,GAAgBC,oBAAoBF,EAAAA,CAAAA;AAC1C,EAAA,MAAMG,WAAAA,GAAcC,IAAAA,CAAKC,SAAAA,CAAUzB,QAAAA,EAAU,MAAM,CAAA,CAAA;AACnD,EAAA,OAAOiB,SAAAA,CAAUI,eAAeE,WAAAA,CAAAA;AACpC,CAAA,EAJmC,qBAAA,CAAA;;;ANInC,IAAMG,sBAAAA,mBAAyB,IAAIf,IAAAA,CAAK,CAAA,CAAA;AACjC,IAAMgB,OAAAA,mBAAU,MAAA,CAAA,CAACC,KAAAA,GAAQ,EAAC,KAAM,OAAO,EAAEC,kBAAAA,EAAkB,GAAK,EAAC,KAAC;AACrE,EAAA,MAAMtC,IAAAA,GAAO;IACT,GAAGqC,KAAAA;IACH9B,kBAAAA,EAAoB;MAChB,GAAG+B,kBAAAA;AACH,MAAA,GAAGD,KAAAA,CAAM9B;AACb;AACJ,GAAA;AACAP,EAAAA,IAAAA,CAAKM,MAAAA,EAAQiC,MAAM,oCAAA,CAAA;AACnB,EAAA,MAAMC,QAAAA,GAAW,MAAMC,eAAAA,CAAgBzC,IAAAA,CAAAA;AACvC,EAAA,MAAM0C,cAAcC,cAAAA,CAAe;IAC/BC,OAAAA,EAAS5C,IAAAA,CAAK4C,WAAWN,kBAAAA,EAAoBM;GACjD,CAAA;AACA,EAAA,MAAMA,OAAAA,GAAUJ,SAASE,WAAAA,CAAAA;AACzB,EAAA,IAAI,CAACE,OAAAA,EAAS;AACV,IAAA,MAAM,IAAI/D,kBAAAA,CAAmB,CAAA,SAAA,EAAY6D,WAAAA,oDAA+D,KAAA,CAAA;EAC5G,CAAA,MAAA,IACS,CAACE,OAAAA,CAAQ,aAAA,CAAA,EAAgB;AAC9B,IAAA,MAAM,IAAI/D,kBAAAA,CAAmB,CAAA,SAAA,EAAY6D,WAAAA,CAAAA,6CAAAA,CAA0D,CAAA;AACvG,EAAA;AACA,EAAA,MAAMG,cAAAA,GAAiBD,QAAQ,aAAA,CAAA;AAC/B,EAAA,MAAME,WAAAA,GAAc,MAAMC,kBAAAA,CAAmB/C,IAAAA,CAAAA;AAC7C,EAAA,MAAMgD,UAAAA,GAAaF,YAAYD,cAAAA,CAAAA;AAC/B,EAAA,IAAI,CAACG,UAAAA,EAAY;AACb,IAAA,MAAM,IAAInE,kBAAAA,CAAmB,CAAA,aAAA,EAAgBgE,cAAAA,oDAAkE,KAAA,CAAA;AACnH,EAAA;AACA,EAAA,KAAA,MAAWI,qBAAAA,IAAyB;AAAC,IAAA,eAAA;AAAiB,IAAA;AAAe,GAAA,EAAA;AACjE,IAAA,IAAI,CAACD,UAAAA,CAAWC,qBAAAA,CAAAA,EAAwB;AACpC,MAAA,MAAM,IAAIpE,kBAAAA,CAAmB,CAAA,aAAA,EAAgBgE,cAAAA,CAAAA,gCAAAA,EAAiDI,qBAAAA,MAA2B,KAAA,CAAA;AAC7H,IAAA;AACJ,EAAA;AACA,EAAoBD,WAAW,eAAA;AAC/B,EAAA,MAAMjD,SAAAA,GAAYiD,WAAW,YAAA,CAAA;AAC7B,EAAA,IAAIvC,QAAAA;AACJ,EAAA,IAAI;AACAA,IAAAA,QAAAA,GAAW,MAAMyC,oBAAoBL,cAAAA,CAAAA;AACzC,EAAA,CAAA,CAAA,OACOM,CAAAA,EAAG;AACN,IAAA,MAAM,IAAItE,kBAAAA,CAAmB,CAAA,8CAAA,EAAiD6D,WAAAA,CAAAA,8BAAAA,EAA4C7C,eAAAA,IAAmB,KAAA,CAAA;AACjJ,EAAA;AACAyB,EAAAA,gBAAAA,CAAiB,aAAA,EAAeb,SAAS2C,WAAW,CAAA;AACpD9B,EAAAA,gBAAAA,CAAiB,WAAA,EAAab,SAAS4C,SAAS,CAAA;AAChD,EAAA,MAAM,EAAED,WAAAA,EAAaC,SAAAA,EAAS,GAAK5C,QAAAA;AACnC,EAAA,MAAM6C,aAAAA,GAAgB;IAAErC,KAAAA,EAAOmC,WAAAA;IAAalC,UAAAA,EAAY,IAAIE,KAAKiC,SAAAA;AAAW,GAAA;AAC5E,EAAA,IAAIC,cAAcpC,UAAAA,CAAWC,OAAAA,KAAYC,IAAAA,CAAKC,GAAAA,KAAQzB,gBAAAA,EAAkB;AACpE,IAAA,OAAO0D,aAAAA;AACX,EAAA;AACA,EAAA,IAAIlC,KAAKC,GAAAA,EAAG,GAAKc,uBAAuBhB,OAAAA,EAAO,GAAK,KAAK,GAAA,EAAM;AAC3DH,IAAAA,mBAAAA,CAAoBsC,aAAAA,CAAAA;AACpB,IAAA,OAAOA,aAAAA;AACX,EAAA;AACAhC,EAAAA,gBAAAA,CAAiB,UAAA,EAAYb,QAAAA,CAASG,QAAAA,EAAU,IAAA,CAAA;AAChDU,EAAAA,gBAAAA,CAAiB,cAAA,EAAgBb,QAAAA,CAASI,YAAAA,EAAc,IAAA,CAAA;AACxDS,EAAAA,gBAAAA,CAAiB,cAAA,EAAgBb,QAAAA,CAASK,YAAAA,EAAc,IAAA,CAAA;AACxD,EAAA,IAAI;AACAqB,IAAAA,sBAAAA,CAAuBoB,OAAAA,CAAQnC,IAAAA,CAAKC,GAAAA,EAAG,CAAA;AACvC,IAAA,MAAMmC,eAAAA,GAAkB,MAAMhD,kBAAAA,CAAmBC,QAAAA,EAAUV,WAAWC,IAAAA,CAAAA;AACtEsB,IAAAA,gBAAAA,CAAiB,aAAA,EAAekC,gBAAgBJ,WAAW,CAAA;AAC3D9B,IAAAA,gBAAAA,CAAiB,WAAA,EAAakC,gBAAgBC,SAAS,CAAA;AACvD,IAAA,MAAMC,kBAAAA,GAAqB,IAAItC,IAAAA,CAAKA,IAAAA,CAAKC,KAAG,GAAKmC,eAAAA,CAAgBC,YAAY,GAAA,CAAA;AAC7E,IAAA,IAAI;AACA,MAAA,MAAM7B,oBAAoBiB,cAAAA,EAAgB;QACtC,GAAGpC,QAAAA;AACH2C,QAAAA,WAAAA,EAAaI,eAAAA,CAAgBJ,WAAAA;AAC7BC,QAAAA,SAAAA,EAAWK,mBAAmBC,WAAAA,EAAW;AACzC7C,QAAAA,YAAAA,EAAc0C,eAAAA,CAAgB1C;OAClC,CAAA;AACJ,IAAA,CAAA,CAAA,OACO8C,KAAAA,EAAO;AACd,IAAA;AACA,IAAA,OAAO;AACH3C,MAAAA,KAAAA,EAAOuC,eAAAA,CAAgBJ,WAAAA;MACvBlC,UAAAA,EAAYwC;AAChB,KAAA;AACJ,EAAA,CAAA,CAAA,OACOE,KAAAA,EAAO;AACV5C,IAAAA,mBAAAA,CAAoBsC,aAAAA,CAAAA;AACpB,IAAA,OAAOA,aAAAA;AACX,EAAA;AACJ,CAAA,EA/EuB,SAAA,CAAA;;;ADJvB,IAAMO,4BAAAA,GAA+B,KAAA;AAC9B,IAAMC,qBAAAA,mBAAwB,MAAA,CAAA,OAAO,EAAEC,WAAAA,EAAaf,UAAAA,EAAYgB,YAAAA,EAAcjE,SAAAA,EAAWkE,WAAAA,EAAaC,SAAAA,EAAW9D,YAAAA,EAAcG,kBAAAA,EAAoBqC,OAAAA,EAAStC,QAAM,KAAG;AACxK,EAAA,IAAIW,KAAAA;AACJ,EAAA,MAAMkD,cAAAA,GAAiB,CAAA,6EAAA,CAAA;AACvB,EAAA,IAAInB,UAAAA,EAAY;AACZ,IAAA,IAAI;AACA,MAAA,MAAMoB,MAAAA,GAAS,MAAMC,OAAAA,CAAoB;AAAEzB,QAAAA;AAAQ,OAAA,CAAA,EAAA;AACnD3B,MAAAA,KAAAA,GAAQ;AACJmC,QAAAA,WAAAA,EAAagB,MAAAA,CAAOnD,KAAAA;AACpBoC,QAAAA,SAAAA,EAAW,IAAIjC,IAAAA,CAAKgD,MAAAA,CAAOlD,UAAU,EAAEyC,WAAAA;AAC3C,OAAA;AACJ,IAAA,CAAA,CAAA,OACOR,CAAAA,EAAG;AACN,MAAA,MAAM,IAAImB,wBAAAA,CAAyBnB,CAAAA,CAAEnE,OAAAA,EAAS;QAC1CuF,WAAAA,EAAaV,4BAAAA;AACbvD,QAAAA;OACJ,CAAA;AACJ,IAAA;EACJ,CAAA,MACK;AACD,IAAA,IAAI;AACAW,MAAAA,KAAAA,GAAQ,MAAMiC,oBAAoBa,WAAAA,CAAAA;AACtC,IAAA,CAAA,CAAA,OACOZ,CAAAA,EAAG;AACN,MAAA,MAAM,IAAImB,wBAAAA,CAAyB,CAAA,yDAAA,EAA4DH,cAAAA,CAAAA,CAAAA,EAAkB;QAC7GI,WAAAA,EAAaV,4BAAAA;AACbvD,QAAAA;OACJ,CAAA;AACJ,IAAA;AACJ,EAAA;AACA,EAAA,IAAI,IAAIc,IAAAA,CAAKH,KAAAA,CAAMoC,SAAS,CAAA,CAAElC,SAAO,GAAKC,IAAAA,CAAKC,GAAAA,EAAG,IAAM,CAAA,EAAG;AACvD,IAAA,MAAM,IAAIiD,wBAAAA,CAAyB,CAAA,0DAAA,EAA6DH,cAAAA,CAAAA,CAAAA,EAAkB;MAC9GI,WAAAA,EAAaV,4BAAAA;AACbvD,MAAAA;KACJ,CAAA;AACJ,EAAA;AACA,EAAA,MAAM,EAAE8C,aAAW,GAAKnC,KAAAA;AACxB,EAAA,MAAM,EAAEuD,SAAAA,EAAWC,yBAAAA,EAAyB,GAAK,MAAM,OAAO,eAAA,CAAA;AAC9D,EAAA,MAAMC,GAAAA,GAAMR,SAAAA,IACR,IAAIM,SAAAA,CAAUtF,MAAAA,CAAOiB,OAAO,EAAC,EAAGC,YAAAA,IAAgB,EAAC,EAAG;IAChDE,MAAAA,EAAQF,YAAAA,EAAcE,UAAUC,kBAAAA,EAAoBD,MAAAA;AACpDD,IAAAA,MAAAA,EAAQD,cAAcC,MAAAA,IAAUN;AACpC,GAAA,CAAA,CAAA;AACJ,EAAA,IAAI4E,OAAAA;AACJ,EAAA,IAAI;AACAA,IAAAA,OAAAA,GAAU,MAAMD,GAAAA,CAAI/D,IAAAA,CAAK,IAAI8D,yBAAAA,CAA0B;MACnDG,SAAAA,EAAWZ,YAAAA;MACXa,QAAAA,EAAUZ,WAAAA;AACVb,MAAAA;AACJ,KAAA,CAAA,CAAA;AACJ,EAAA,CAAA,CAAA,OACOD,CAAAA,EAAG;AACN,IAAA,MAAM,IAAImB,yBAAyBnB,CAAAA,EAAG;MAClCoB,WAAAA,EAAaV,4BAAAA;AACbvD,MAAAA;KACJ,CAAA;AACJ,EAAA;AACA,EAAA,MAAM,EAAEwE,eAAAA,EAAiB,EAAEC,WAAAA,EAAaC,eAAAA,EAAiBC,YAAAA,EAAc/D,UAAAA,EAAYgE,eAAAA,EAAiBN,SAAAA,EAAS,GAAK,EAAC,EAAC,GAAMD,OAAAA;AAC1H,EAAA,IAAI,CAACI,WAAAA,IAAe,CAACC,mBAAmB,CAACC,YAAAA,IAAgB,CAAC/D,UAAAA,EAAY;AAClE,IAAA,MAAM,IAAIoD,yBAAyB,8CAAA,EAAgD;MAC/EC,WAAAA,EAAaV,4BAAAA;AACbvD,MAAAA;KACJ,CAAA;AACJ,EAAA;AACA,EAAA,MAAM6E,WAAAA,GAAc;AAChBJ,IAAAA,WAAAA;AACAC,IAAAA,eAAAA;AACAC,IAAAA,YAAAA;IACA/D,UAAAA,EAAY,IAAIE,KAAKF,UAAAA,CAAAA;AACrB,IAAA,GAAIgE,eAAAA,IAAmB;AAAEA,MAAAA;AAAgB,KAAA;AACzC,IAAA,GAAIN,SAAAA,IAAa;AAAEA,MAAAA;AAAU;AACjC,GAAA;AACA,EAAA,IAAI5B,UAAAA,EAAY;AACZoC,IAAAA,oBAAAA,CAAqBD,WAAAA,EAAa,mBAAmB,GAAA,CAAA;EACzD,CAAA,MACK;AACDC,IAAAA,oBAAAA,CAAqBD,WAAAA,EAAa,0BAA0B,GAAA,CAAA;AAChE,EAAA;AACA,EAAA,OAAOA,WAAAA;AACX,CAAA,EA9EqC,uBAAA,CAAA;;;AQLrC,cAAA,EAAA;AACO,IAAME,kBAAAA,mBAAqB,MAAA,CAAA,CAACzC,OAAAA,EAAStC,MAAAA,KAAAA;AACxC,EAAA,MAAM,EAAEf,aAAAA,EAAeC,cAAAA,EAAgBE,UAAAA,EAAYC,eAAa,GAAKiD,OAAAA;AACrE,EAAA,IAAI,CAACrD,aAAAA,IAAiB,CAACC,kBAAkB,CAACE,UAAAA,IAAc,CAACC,aAAAA,EAAe;AACpE,IAAA,MAAM,IAAI2E,yBAAyB,CAAA,8IAAA,EACwBpF,MAAAA,CAAOoG,KAAK1C,OAAAA,CAAAA,CAAS2C,IAAAA,CAAK,IAAA,CAAA;AAA6F,kFAAA,CAAA,EAAA;MAAEhB,WAAAA,EAAa,KAAA;AAAOjE,MAAAA;KAAO,CAAA;AACnN,EAAA;AACA,EAAA,OAAOsC,OAAAA;AACX,CAAA,EAPkC,oBAAA;;;AXI3B,IAAM4C,OAAAA,mBAAU,MAAA,CAAA,CAACxF,IAAAA,GAAO,EAAC,KAAM,OAAO,EAAEsC,kBAAAA,EAAkB,GAAK,EAAC,KAAC;AACpEtC,EAAAA,IAAAA,CAAKM,MAAAA,EAAQiC,MAAM,4CAAA,CAAA;AACnB,EAAA,MAAM,EAAEwB,WAAAA,EAAaC,YAAAA,EAAcjE,SAAAA,EAAWkE,WAAAA,EAAajB,YAAU,GAAKhD,IAAAA;AAC1E,EAAA,MAAM,EAAEkE,WAAS,GAAKlE,IAAAA;AACtB,EAAA,MAAM0C,cAAcC,cAAAA,CAAe;IAC/BC,OAAAA,EAAS5C,IAAAA,CAAK4C,WAAWN,kBAAAA,EAAoBM;GACjD,CAAA;AACA,EAAA,IAAI,CAACmB,eAAe,CAACC,YAAAA,IAAgB,CAACjE,SAAAA,IAAa,CAACkE,WAAAA,IAAe,CAACjB,UAAAA,EAAY;AAC5E,IAAA,MAAMR,QAAAA,GAAW,MAAMC,eAAAA,CAAgBzC,IAAAA,CAAAA;AACvC,IAAA,MAAM4C,OAAAA,GAAUJ,SAASE,WAAAA,CAAAA;AACzB,IAAA,IAAI,CAACE,OAAAA,EAAS;AACV,MAAA,MAAM,IAAI0B,wBAAAA,CAAyB,CAAA,QAAA,EAAW5B,WAAAA,CAAAA,eAAAA,CAAAA,EAA8B;AAAEpC,QAAAA,MAAAA,EAAQN,IAAAA,CAAKM;OAAO,CAAA;AACtG,IAAA;AACA,IAAA,IAAI,CAACjB,YAAAA,CAAauD,OAAAA,CAAAA,EAAU;AACxB,MAAA,MAAM,IAAI0B,wBAAAA,CAAyB,CAAA,QAAA,EAAW5B,WAAAA,CAAAA,wCAAAA,CAAAA,EAAuD;AACjGpC,QAAAA,MAAAA,EAAQN,IAAAA,CAAKM;OACjB,CAAA;AACJ,IAAA;AACA,IAAA,IAAIsC,SAASnD,WAAAA,EAAa;AACtB,MAAA,MAAMqD,WAAAA,GAAc,MAAMC,kBAAAA,CAAmB/C,IAAAA,CAAAA;AAC7C,MAAA,MAAMyF,OAAAA,GAAU3C,WAAAA,CAAYF,OAAAA,CAAQnD,WAAW,CAAA;AAC/C,MAAA,MAAMiG,WAAAA,GAAc,CAAA,2BAAA,EAA8BhD,WAAAA,CAAAA,iBAAAA,EAA+BE,QAAQnD,WAAW,CAAA,CAAA;AACpG,MAAA,IAAIM,SAAAA,IAAaA,SAAAA,KAAc0F,OAAAA,CAAQ/F,UAAAA,EAAY;AAC/C,QAAA,MAAM,IAAI4E,wBAAAA,CAAyB,CAAA,sBAAA,CAAA,GAA2BoB,WAAAA,EAAa;UACvEnB,WAAAA,EAAa,KAAA;AACbjE,UAAAA,MAAAA,EAAQN,IAAAA,CAAKM;SACjB,CAAA;AACJ,MAAA;AACA,MAAA,IAAIyD,WAAAA,IAAeA,WAAAA,KAAgB0B,OAAAA,CAAQlG,aAAAA,EAAe;AACtD,QAAA,MAAM,IAAI+E,wBAAAA,CAAyB,CAAA,yBAAA,CAAA,GAA8BoB,WAAAA,EAAa;UAC1EnB,WAAAA,EAAa,KAAA;AACbjE,UAAAA,MAAAA,EAAQN,IAAAA,CAAKM;SACjB,CAAA;AACJ,MAAA;AACAsC,MAAAA,OAAAA,CAAQlD,aAAa+F,OAAAA,CAAQ/F,UAAAA;AAC7BkD,MAAAA,OAAAA,CAAQrD,gBAAgBkG,OAAAA,CAAQlG,aAAAA;AACpC,IAAA;AACA,IAAA,MAAM,EAAEA,aAAAA,EAAeC,cAAAA,EAAgBE,UAAAA,EAAYC,aAAAA,EAAeF,aAAW,GAAK4F,kBAAAA,CAAmBzC,OAAAA,EAAS5C,IAAAA,CAAKM,MAAM,CAAA;AACzH,IAAA,OAAOwD,qBAAAA,CAAsB;MACzBC,WAAAA,EAAaxE,aAAAA;MACbyD,UAAAA,EAAYvD,WAAAA;MACZuE,YAAAA,EAAcxE,cAAAA;MACdO,SAAAA,EAAWL,UAAAA;MACXuE,WAAAA,EAAatE,aAAAA;AACbuE,MAAAA,SAAAA;AACA9D,MAAAA,YAAAA,EAAcJ,IAAAA,CAAKI,YAAAA;AACnBG,MAAAA,kBAAAA,EAAoBP,IAAAA,CAAKO,kBAAAA;MACzBqC,OAAAA,EAASF;KACb,CAAA;AACJ,EAAA,CAAA,MAAA,IACS,CAACqB,WAAAA,IAAe,CAACC,gBAAgB,CAACjE,SAAAA,IAAa,CAACkE,WAAAA,EAAa;AAClE,IAAA,MAAM,IAAIK,yBAAyB,8HAAA,EAC8B;MAAEC,WAAAA,EAAa,KAAA;AAAOjE,MAAAA,MAAAA,EAAQN,IAAAA,CAAKM;KAAO,CAAA;EAC/G,CAAA,MACK;AACD,IAAA,OAAOwD,qBAAAA,CAAsB;AACzBC,MAAAA,WAAAA;AACAf,MAAAA,UAAAA;AACAgB,MAAAA,YAAAA;AACAjE,MAAAA,SAAAA;AACAkE,MAAAA,WAAAA;AACAC,MAAAA,SAAAA;AACA9D,MAAAA,YAAAA,EAAcJ,IAAAA,CAAKI,YAAAA;AACnBG,MAAAA,kBAAAA,EAAoBP,IAAAA,CAAKO,kBAAAA;MACzBqC,OAAAA,EAASF;KACb,CAAA;AACJ,EAAA;AACJ,CAAA,EAnEuB,SAAA;;;AYLvB,cAAA,EAAA","file":"4ZP6FU3S.js","sourcesContent":["export * from \"./fromSSO\";\nexport * from \"./isSsoProfile\";\nexport * from \"./types\";\nexport * from \"./validateSsoProfile\";\n","import { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getProfileName, loadSsoSessionData, parseKnownFiles } from \"@smithy/shared-ini-file-loader\";\nimport { isSsoProfile } from \"./isSsoProfile\";\nimport { resolveSSOCredentials } from \"./resolveSSOCredentials\";\nimport { validateSsoProfile } from \"./validateSsoProfile\";\nexport const fromSSO = (init = {}) => async ({ callerClientConfig } = {}) => {\n    init.logger?.debug(\"@aws-sdk/credential-provider-sso - fromSSO\");\n    const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;\n    const { ssoClient } = init;\n    const profileName = getProfileName({\n        profile: init.profile ?? callerClientConfig?.profile,\n    });\n    if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {\n        const profiles = await parseKnownFiles(init);\n        const profile = profiles[profileName];\n        if (!profile) {\n            throw new CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger });\n        }\n        if (!isSsoProfile(profile)) {\n            throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, {\n                logger: init.logger,\n            });\n        }\n        if (profile?.sso_session) {\n            const ssoSessions = await loadSsoSessionData(init);\n            const session = ssoSessions[profile.sso_session];\n            const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`;\n            if (ssoRegion && ssoRegion !== session.sso_region) {\n                throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, {\n                    tryNextLink: false,\n                    logger: init.logger,\n                });\n            }\n            if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {\n                throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, {\n                    tryNextLink: false,\n                    logger: init.logger,\n                });\n            }\n            profile.sso_region = session.sso_region;\n            profile.sso_start_url = session.sso_start_url;\n        }\n        const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile, init.logger);\n        return resolveSSOCredentials({\n            ssoStartUrl: sso_start_url,\n            ssoSession: sso_session,\n            ssoAccountId: sso_account_id,\n            ssoRegion: sso_region,\n            ssoRoleName: sso_role_name,\n            ssoClient: ssoClient,\n            clientConfig: init.clientConfig,\n            parentClientConfig: init.parentClientConfig,\n            profile: profileName,\n        });\n    }\n    else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {\n        throw new CredentialsProviderError(\"Incomplete configuration. The fromSSO() argument hash must include \" +\n            '\"ssoStartUrl\", \"ssoAccountId\", \"ssoRegion\", \"ssoRoleName\"', { tryNextLink: false, logger: init.logger });\n    }\n    else {\n        return resolveSSOCredentials({\n            ssoStartUrl,\n            ssoSession,\n            ssoAccountId,\n            ssoRegion,\n            ssoRoleName,\n            ssoClient,\n            clientConfig: init.clientConfig,\n            parentClientConfig: init.parentClientConfig,\n            profile: profileName,\n        });\n    }\n};\n","import { ProviderError } from \"./ProviderError\";\nexport class TokenProviderError extends ProviderError {\n    name = \"TokenProviderError\";\n    constructor(message, options = true) {\n        super(message, options);\n        Object.setPrototypeOf(this, TokenProviderError.prototype);\n    }\n}\n","export const isSsoProfile = (arg) => arg &&\n    (typeof arg.sso_start_url === \"string\" ||\n        typeof arg.sso_account_id === \"string\" ||\n        typeof arg.sso_session === \"string\" ||\n        typeof arg.sso_region === \"string\" ||\n        typeof arg.sso_role_name === \"string\");\n","import { setCredentialFeature } from \"@aws-sdk/core/client\";\nimport { fromSso as getSsoTokenProvider } from \"@aws-sdk/token-providers\";\nimport { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getSSOTokenFromFile } from \"@smithy/shared-ini-file-loader\";\nconst SHOULD_FAIL_CREDENTIAL_CHAIN = false;\nexport const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, parentClientConfig, profile, logger, }) => {\n    let token;\n    const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;\n    if (ssoSession) {\n        try {\n            const _token = await getSsoTokenProvider({ profile })();\n            token = {\n                accessToken: _token.token,\n                expiresAt: new Date(_token.expiration).toISOString(),\n            };\n        }\n        catch (e) {\n            throw new CredentialsProviderError(e.message, {\n                tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n                logger,\n            });\n        }\n    }\n    else {\n        try {\n            token = await getSSOTokenFromFile(ssoStartUrl);\n        }\n        catch (e) {\n            throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, {\n                tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n                logger,\n            });\n        }\n    }\n    if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {\n        throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, {\n            tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n            logger,\n        });\n    }\n    const { accessToken } = token;\n    const { SSOClient, GetRoleCredentialsCommand } = await import(\"./loadSso\");\n    const sso = ssoClient ||\n        new SSOClient(Object.assign({}, clientConfig ?? {}, {\n            logger: clientConfig?.logger ?? parentClientConfig?.logger,\n            region: clientConfig?.region ?? ssoRegion,\n        }));\n    let ssoResp;\n    try {\n        ssoResp = await sso.send(new GetRoleCredentialsCommand({\n            accountId: ssoAccountId,\n            roleName: ssoRoleName,\n            accessToken,\n        }));\n    }\n    catch (e) {\n        throw new CredentialsProviderError(e, {\n            tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n            logger,\n        });\n    }\n    const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {}, } = ssoResp;\n    if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {\n        throw new CredentialsProviderError(\"SSO returns an invalid temporary credential.\", {\n            tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n            logger,\n        });\n    }\n    const credentials = {\n        accessKeyId,\n        secretAccessKey,\n        sessionToken,\n        expiration: new Date(expiration),\n        ...(credentialScope && { credentialScope }),\n        ...(accountId && { accountId }),\n    };\n    if (ssoSession) {\n        setCredentialFeature(credentials, \"CREDENTIALS_SSO\", \"s\");\n    }\n    else {\n        setCredentialFeature(credentials, \"CREDENTIALS_SSO_LEGACY\", \"u\");\n    }\n    return credentials;\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { getProfileName, getSSOTokenFromFile, loadSsoSessionData, parseKnownFiles, } from \"@smithy/shared-ini-file-loader\";\nimport { EXPIRE_WINDOW_MS, REFRESH_MESSAGE } from \"./constants\";\nimport { getNewSsoOidcToken } from \"./getNewSsoOidcToken\";\nimport { validateTokenExpiry } from \"./validateTokenExpiry\";\nimport { validateTokenKey } from \"./validateTokenKey\";\nimport { writeSSOTokenToFile } from \"./writeSSOTokenToFile\";\nconst lastRefreshAttemptTime = new Date(0);\nexport const fromSso = (_init = {}) => async ({ callerClientConfig } = {}) => {\n    const init = {\n        ..._init,\n        parentClientConfig: {\n            ...callerClientConfig,\n            ..._init.parentClientConfig,\n        },\n    };\n    init.logger?.debug(\"@aws-sdk/token-providers - fromSso\");\n    const profiles = await parseKnownFiles(init);\n    const profileName = getProfileName({\n        profile: init.profile ?? callerClientConfig?.profile,\n    });\n    const profile = profiles[profileName];\n    if (!profile) {\n        throw new TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);\n    }\n    else if (!profile[\"sso_session\"]) {\n        throw new TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);\n    }\n    const ssoSessionName = profile[\"sso_session\"];\n    const ssoSessions = await loadSsoSessionData(init);\n    const ssoSession = ssoSessions[ssoSessionName];\n    if (!ssoSession) {\n        throw new TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false);\n    }\n    for (const ssoSessionRequiredKey of [\"sso_start_url\", \"sso_region\"]) {\n        if (!ssoSession[ssoSessionRequiredKey]) {\n            throw new TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false);\n        }\n    }\n    const ssoStartUrl = ssoSession[\"sso_start_url\"];\n    const ssoRegion = ssoSession[\"sso_region\"];\n    let ssoToken;\n    try {\n        ssoToken = await getSSOTokenFromFile(ssoSessionName);\n    }\n    catch (e) {\n        throw new TokenProviderError(`The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, false);\n    }\n    validateTokenKey(\"accessToken\", ssoToken.accessToken);\n    validateTokenKey(\"expiresAt\", ssoToken.expiresAt);\n    const { accessToken, expiresAt } = ssoToken;\n    const existingToken = { token: accessToken, expiration: new Date(expiresAt) };\n    if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) {\n        return existingToken;\n    }\n    if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1000) {\n        validateTokenExpiry(existingToken);\n        return existingToken;\n    }\n    validateTokenKey(\"clientId\", ssoToken.clientId, true);\n    validateTokenKey(\"clientSecret\", ssoToken.clientSecret, true);\n    validateTokenKey(\"refreshToken\", ssoToken.refreshToken, true);\n    try {\n        lastRefreshAttemptTime.setTime(Date.now());\n        const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init);\n        validateTokenKey(\"accessToken\", newSsoOidcToken.accessToken);\n        validateTokenKey(\"expiresIn\", newSsoOidcToken.expiresIn);\n        const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1000);\n        try {\n            await writeSSOTokenToFile(ssoSessionName, {\n                ...ssoToken,\n                accessToken: newSsoOidcToken.accessToken,\n                expiresAt: newTokenExpiration.toISOString(),\n                refreshToken: newSsoOidcToken.refreshToken,\n            });\n        }\n        catch (error) {\n        }\n        return {\n            token: newSsoOidcToken.accessToken,\n            expiration: newTokenExpiration,\n        };\n    }\n    catch (error) {\n        validateTokenExpiry(existingToken);\n        return existingToken;\n    }\n};\n","export const EXPIRE_WINDOW_MS = 5 * 60 * 1000;\nexport const REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;\n","import { getSsoOidcClient } from \"./getSsoOidcClient\";\nexport const getNewSsoOidcToken = async (ssoToken, ssoRegion, init = {}) => {\n    const { CreateTokenCommand } = await import(\"@aws-sdk/nested-clients/sso-oidc\");\n    const ssoOidcClient = await getSsoOidcClient(ssoRegion, init);\n    return ssoOidcClient.send(new CreateTokenCommand({\n        clientId: ssoToken.clientId,\n        clientSecret: ssoToken.clientSecret,\n        refreshToken: ssoToken.refreshToken,\n        grantType: \"refresh_token\",\n    }));\n};\n","export const getSsoOidcClient = async (ssoRegion, init = {}) => {\n    const { SSOOIDCClient } = await import(\"@aws-sdk/nested-clients/sso-oidc\");\n    const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {\n        region: ssoRegion ?? init.clientConfig?.region,\n        logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger,\n    }));\n    return ssoOidcClient;\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { REFRESH_MESSAGE } from \"./constants\";\nexport const validateTokenExpiry = (token) => {\n    if (token.expiration && token.expiration.getTime() < Date.now()) {\n        throw new TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);\n    }\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { REFRESH_MESSAGE } from \"./constants\";\nexport const validateTokenKey = (key, value, forRefresh = false) => {\n    if (typeof value === \"undefined\") {\n        throw new TokenProviderError(`Value not present for '${key}' in SSO Token${forRefresh ? \". Cannot refresh\" : \"\"}. ${REFRESH_MESSAGE}`, false);\n    }\n};\n","import { getSSOTokenFilepath } from \"@smithy/shared-ini-file-loader\";\nimport { promises as fsPromises } from \"fs\";\nconst { writeFile } = fsPromises;\nexport const writeSSOTokenToFile = (id, ssoToken) => {\n    const tokenFilepath = getSSOTokenFilepath(id);\n    const tokenString = JSON.stringify(ssoToken, null, 2);\n    return writeFile(tokenFilepath, tokenString);\n};\n","import { CredentialsProviderError } from \"@smithy/property-provider\";\nexport const validateSsoProfile = (profile, logger) => {\n    const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;\n    if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {\n        throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters \"sso_account_id\", ` +\n            `\"sso_region\", \"sso_role_name\", \"sso_start_url\". Got ${Object.keys(profile).join(\", \")}\\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, { tryNextLink: false, logger });\n    }\n    return profile;\n};\n","export {};\n"]}
+{"version":3,"sources":["../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/index.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/fromSSO.js","../../../node_modules/.pnpm/@smithy+property-provider@4.2.5/node_modules/@smithy/property-provider/dist-es/TokenProviderError.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/isSsoProfile.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/resolveSSOCredentials.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/fromSso.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/constants.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/getNewSsoOidcToken.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/getSsoOidcClient.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenExpiry.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenKey.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/writeSSOTokenToFile.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/validateSsoProfile.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/types.js"],"names":["TokenProviderError","ProviderError","name","message","options","Object","setPrototypeOf","prototype","isSsoProfile","arg","sso_start_url","sso_account_id","sso_session","sso_region","sso_role_name","EXPIRE_WINDOW_MS","REFRESH_MESSAGE","getSsoOidcClient","ssoRegion","init","SSOOIDCClient","ssoOidcClient","assign","clientConfig","region","logger","parentClientConfig","getNewSsoOidcToken","ssoToken","CreateTokenCommand","send","clientId","clientSecret","refreshToken","grantType","validateTokenExpiry","token","expiration","getTime","Date","now","validateTokenKey","key","value","forRefresh","writeFile","fsPromises","writeSSOTokenToFile","id","tokenFilepath","getSSOTokenFilepath","tokenString","JSON","stringify","lastRefreshAttemptTime","fromSso","_init","callerClientConfig","debug","profiles","parseKnownFiles","profileName","getProfileName","profile","ssoSessionName","ssoSessions","loadSsoSessionData","ssoSession","ssoSessionRequiredKey","getSSOTokenFromFile","e","accessToken","expiresAt","existingToken","setTime","newSsoOidcToken","expiresIn","newTokenExpiration","toISOString","error","SHOULD_FAIL_CREDENTIAL_CHAIN","resolveSSOCredentials","ssoStartUrl","ssoAccountId","ssoRoleName","ssoClient","refreshMessage","_token","getSsoTokenProvider","CredentialsProviderError","tryNextLink","SSOClient","GetRoleCredentialsCommand","sso","ssoResp","accountId","roleName","roleCredentials","accessKeyId","secretAccessKey","sessionToken","credentialScope","credentials","setCredentialFeature","validateSsoProfile","keys","join","fromSSO","session","conflictMsg"],"mappings":";;;;;;;AAAA,cAAA,EAAA;;;ACAA,cAAA,EAAA;;;ACAA,cAAA,EAAA;AACO,IAAMA,kBAAAA,GAAN,MAAMA,mBAAAA,SAA2BC,aAAAA,CAAAA;EADxC;;;EAEIC,IAAAA,GAAO,oBAAA;EACP,WAAA,CAAYC,OAAAA,EAASC,UAAU,IAAA,EAAM;AACjC,IAAA,KAAA,CAAMD,SAASC,OAAAA,CAAAA;AACfC,IAAAA,MAAAA,CAAOC,cAAAA,CAAe,IAAA,EAAMN,mBAAAA,CAAmBO,SAAS,CAAA;AAC5D,EAAA;AACJ,CAAA;;;ACPA,cAAA,EAAA;AAAO,IAAMC,YAAAA,2BAAgBC,GAAAA,KAAQA,GAAAA,KAChC,OAAOA,GAAAA,CAAIC,aAAAA,KAAkB,QAAA,IAC1B,OAAOD,GAAAA,CAAIE,cAAAA,KAAmB,YAC9B,OAAOF,GAAAA,CAAIG,WAAAA,KAAgB,QAAA,IAC3B,OAAOH,GAAAA,CAAII,eAAe,QAAA,IAC1B,OAAOJ,GAAAA,CAAIK,aAAAA,KAAkB,QAAA,CAAA,EALT,cAAA;;;ACA5B,cAAA,EAAA;;;ACAA,cAAA,EAAA;;;ACAA,cAAA,EAAA;AAAO,IAAMC,gBAAAA,GAAmB,IAAI,EAAA,GAAK,GAAA;AAClC,IAAMC,eAAAA,GAAkB,CAAA,+EAAA,CAAA;;;ACD/B,cAAA,EAAA;;;ACAA,cAAA,EAAA;AAAO,IAAMC,gBAAAA,mBAAmB,MAAA,CAAA,OAAOC,SAAAA,EAAWC,IAAAA,GAAO,EAAC,KAAC;AACvD,EAAA,MAAM,EAAEC,aAAAA,EAAa,GAAK,MAAM,OAAO,eAAA,CAAA;AACvC,EAAA,MAAMC,aAAAA,GAAgB,IAAID,aAAAA,CAAcf,MAAAA,CAAOiB,MAAAA,CAAO,EAAC,EAAGH,IAAAA,CAAKI,YAAAA,IAAgB,EAAC,EAAG;IAC/EC,MAAAA,EAAQN,SAAAA,IAAaC,KAAKI,YAAAA,EAAcC,MAAAA;AACxCC,IAAAA,MAAAA,EAAQN,IAAAA,CAAKI,YAAAA,EAAcE,MAAAA,IAAUN,IAAAA,CAAKO,kBAAAA,EAAoBD;AAClE,GAAA,CAAA,CAAA;AACA,EAAA,OAAOJ,aAAAA;AACX,CAAA,EAPgC,kBAAA,CAAA;;;ADCzB,IAAMM,qCAAqB,MAAA,CAAA,OAAOC,QAAAA,EAAUV,SAAAA,EAAWC,IAAAA,GAAO,EAAC,KAAC;AACnE,EAAA,MAAM,EAAEU,kBAAAA,EAAkB,GAAK,MAAM,OAAO,eAAA,CAAA;AAC5C,EAAA,MAAMR,aAAAA,GAAgB,MAAMJ,gBAAAA,CAAiBC,SAAAA,EAAWC,IAAAA,CAAAA;AACxD,EAAA,OAAOE,aAAAA,CAAcS,IAAAA,CAAK,IAAID,kBAAAA,CAAmB;AAC7CE,IAAAA,QAAAA,EAAUH,QAAAA,CAASG,QAAAA;AACnBC,IAAAA,YAAAA,EAAcJ,QAAAA,CAASI,YAAAA;AACvBC,IAAAA,YAAAA,EAAcL,QAAAA,CAASK,YAAAA;IACvBC,SAAAA,EAAW;AACf,GAAA,CAAA,CAAA;AACJ,CAAA,EATkC,oBAAA,CAAA;;;AEDlC,cAAA,EAAA;AAEO,IAAMC,mBAAAA,2BAAuBC,KAAAA,KAAAA;AAChC,EAAA,IAAIA,KAAAA,CAAMC,cAAcD,KAAAA,CAAMC,UAAAA,CAAWC,SAAO,GAAKC,IAAAA,CAAKC,KAAG,EAAI;AAC7D,IAAA,MAAM,IAAIxC,kBAAAA,CAAmB,CAAA,kBAAA,EAAqBgB,eAAAA,IAAmB,KAAA,CAAA;AACzE,EAAA;AACJ,CAAA,EAJmC,qBAAA,CAAA;;;ACFnC,cAAA,EAAA;AAEO,IAAMyB,gBAAAA,mBAAmB,MAAA,CAAA,CAACC,GAAAA,EAAKC,KAAAA,EAAOC,aAAa,KAAA,KAAK;AAC3D,EAAA,IAAI,OAAOD,UAAU,WAAA,EAAa;AAC9B,IAAA,MAAM,IAAI3C,kBAAAA,CAAmB,CAAA,uBAAA,EAA0B0C,GAAAA,CAAAA,cAAAA,EAAoBE,UAAAA,GAAa,kBAAA,GAAqB,EAAA,CAAA,EAAA,EAAO5B,eAAAA,CAAAA,CAAAA,EAAmB,KAAA,CAAA;AAC3I,EAAA;AACJ,CAAA,EAJgC,kBAAA,CAAA;;;ACFhC,cAAA,EAAA;AAEA,IAAM,EAAE6B,WAAS,GAAKC,QAAAA;AACf,IAAMC,mBAAAA,mBAAsB,MAAA,CAAA,CAACC,EAAAA,EAAIpB,QAAAA,KAAAA;AACpC,EAAA,MAAMqB,aAAAA,GAAgBC,oBAAoBF,EAAAA,CAAAA;AAC1C,EAAA,MAAMG,WAAAA,GAAcC,IAAAA,CAAKC,SAAAA,CAAUzB,QAAAA,EAAU,MAAM,CAAA,CAAA;AACnD,EAAA,OAAOiB,SAAAA,CAAUI,eAAeE,WAAAA,CAAAA;AACpC,CAAA,EAJmC,qBAAA,CAAA;;;ANInC,IAAMG,sBAAAA,mBAAyB,IAAIf,IAAAA,CAAK,CAAA,CAAA;AACjC,IAAMgB,OAAAA,mBAAU,MAAA,CAAA,CAACC,KAAAA,GAAQ,EAAC,KAAM,OAAO,EAAEC,kBAAAA,EAAkB,GAAK,EAAC,KAAC;AACrE,EAAA,MAAMtC,IAAAA,GAAO;IACT,GAAGqC,KAAAA;IACH9B,kBAAAA,EAAoB;MAChB,GAAG+B,kBAAAA;AACH,MAAA,GAAGD,KAAAA,CAAM9B;AACb;AACJ,GAAA;AACAP,EAAAA,IAAAA,CAAKM,MAAAA,EAAQiC,MAAM,oCAAA,CAAA;AACnB,EAAA,MAAMC,QAAAA,GAAW,MAAMC,eAAAA,CAAgBzC,IAAAA,CAAAA;AACvC,EAAA,MAAM0C,cAAcC,cAAAA,CAAe;IAC/BC,OAAAA,EAAS5C,IAAAA,CAAK4C,WAAWN,kBAAAA,EAAoBM;GACjD,CAAA;AACA,EAAA,MAAMA,OAAAA,GAAUJ,SAASE,WAAAA,CAAAA;AACzB,EAAA,IAAI,CAACE,OAAAA,EAAS;AACV,IAAA,MAAM,IAAI/D,kBAAAA,CAAmB,CAAA,SAAA,EAAY6D,WAAAA,oDAA+D,KAAA,CAAA;EAC5G,CAAA,MAAA,IACS,CAACE,OAAAA,CAAQ,aAAA,CAAA,EAAgB;AAC9B,IAAA,MAAM,IAAI/D,kBAAAA,CAAmB,CAAA,SAAA,EAAY6D,WAAAA,CAAAA,6CAAAA,CAA0D,CAAA;AACvG,EAAA;AACA,EAAA,MAAMG,cAAAA,GAAiBD,QAAQ,aAAA,CAAA;AAC/B,EAAA,MAAME,WAAAA,GAAc,MAAMC,kBAAAA,CAAmB/C,IAAAA,CAAAA;AAC7C,EAAA,MAAMgD,UAAAA,GAAaF,YAAYD,cAAAA,CAAAA;AAC/B,EAAA,IAAI,CAACG,UAAAA,EAAY;AACb,IAAA,MAAM,IAAInE,kBAAAA,CAAmB,CAAA,aAAA,EAAgBgE,cAAAA,oDAAkE,KAAA,CAAA;AACnH,EAAA;AACA,EAAA,KAAA,MAAWI,qBAAAA,IAAyB;AAAC,IAAA,eAAA;AAAiB,IAAA;AAAe,GAAA,EAAA;AACjE,IAAA,IAAI,CAACD,UAAAA,CAAWC,qBAAAA,CAAAA,EAAwB;AACpC,MAAA,MAAM,IAAIpE,kBAAAA,CAAmB,CAAA,aAAA,EAAgBgE,cAAAA,CAAAA,gCAAAA,EAAiDI,qBAAAA,MAA2B,KAAA,CAAA;AAC7H,IAAA;AACJ,EAAA;AACA,EAAoBD,WAAW,eAAA;AAC/B,EAAA,MAAMjD,SAAAA,GAAYiD,WAAW,YAAA,CAAA;AAC7B,EAAA,IAAIvC,QAAAA;AACJ,EAAA,IAAI;AACAA,IAAAA,QAAAA,GAAW,MAAMyC,oBAAoBL,cAAAA,CAAAA;AACzC,EAAA,CAAA,CAAA,OACOM,CAAAA,EAAG;AACN,IAAA,MAAM,IAAItE,kBAAAA,CAAmB,CAAA,8CAAA,EAAiD6D,WAAAA,CAAAA,8BAAAA,EAA4C7C,eAAAA,IAAmB,KAAA,CAAA;AACjJ,EAAA;AACAyB,EAAAA,gBAAAA,CAAiB,aAAA,EAAeb,SAAS2C,WAAW,CAAA;AACpD9B,EAAAA,gBAAAA,CAAiB,WAAA,EAAab,SAAS4C,SAAS,CAAA;AAChD,EAAA,MAAM,EAAED,WAAAA,EAAaC,SAAAA,EAAS,GAAK5C,QAAAA;AACnC,EAAA,MAAM6C,aAAAA,GAAgB;IAAErC,KAAAA,EAAOmC,WAAAA;IAAalC,UAAAA,EAAY,IAAIE,KAAKiC,SAAAA;AAAW,GAAA;AAC5E,EAAA,IAAIC,cAAcpC,UAAAA,CAAWC,OAAAA,KAAYC,IAAAA,CAAKC,GAAAA,KAAQzB,gBAAAA,EAAkB;AACpE,IAAA,OAAO0D,aAAAA;AACX,EAAA;AACA,EAAA,IAAIlC,KAAKC,GAAAA,EAAG,GAAKc,uBAAuBhB,OAAAA,EAAO,GAAK,KAAK,GAAA,EAAM;AAC3DH,IAAAA,mBAAAA,CAAoBsC,aAAAA,CAAAA;AACpB,IAAA,OAAOA,aAAAA;AACX,EAAA;AACAhC,EAAAA,gBAAAA,CAAiB,UAAA,EAAYb,QAAAA,CAASG,QAAAA,EAAU,IAAA,CAAA;AAChDU,EAAAA,gBAAAA,CAAiB,cAAA,EAAgBb,QAAAA,CAASI,YAAAA,EAAc,IAAA,CAAA;AACxDS,EAAAA,gBAAAA,CAAiB,cAAA,EAAgBb,QAAAA,CAASK,YAAAA,EAAc,IAAA,CAAA;AACxD,EAAA,IAAI;AACAqB,IAAAA,sBAAAA,CAAuBoB,OAAAA,CAAQnC,IAAAA,CAAKC,GAAAA,EAAG,CAAA;AACvC,IAAA,MAAMmC,eAAAA,GAAkB,MAAMhD,kBAAAA,CAAmBC,QAAAA,EAAUV,WAAWC,IAAAA,CAAAA;AACtEsB,IAAAA,gBAAAA,CAAiB,aAAA,EAAekC,gBAAgBJ,WAAW,CAAA;AAC3D9B,IAAAA,gBAAAA,CAAiB,WAAA,EAAakC,gBAAgBC,SAAS,CAAA;AACvD,IAAA,MAAMC,kBAAAA,GAAqB,IAAItC,IAAAA,CAAKA,IAAAA,CAAKC,KAAG,GAAKmC,eAAAA,CAAgBC,YAAY,GAAA,CAAA;AAC7E,IAAA,IAAI;AACA,MAAA,MAAM7B,oBAAoBiB,cAAAA,EAAgB;QACtC,GAAGpC,QAAAA;AACH2C,QAAAA,WAAAA,EAAaI,eAAAA,CAAgBJ,WAAAA;AAC7BC,QAAAA,SAAAA,EAAWK,mBAAmBC,WAAAA,EAAW;AACzC7C,QAAAA,YAAAA,EAAc0C,eAAAA,CAAgB1C;OAClC,CAAA;AACJ,IAAA,CAAA,CAAA,OACO8C,KAAAA,EAAO;AACd,IAAA;AACA,IAAA,OAAO;AACH3C,MAAAA,KAAAA,EAAOuC,eAAAA,CAAgBJ,WAAAA;MACvBlC,UAAAA,EAAYwC;AAChB,KAAA;AACJ,EAAA,CAAA,CAAA,OACOE,KAAAA,EAAO;AACV5C,IAAAA,mBAAAA,CAAoBsC,aAAAA,CAAAA;AACpB,IAAA,OAAOA,aAAAA;AACX,EAAA;AACJ,CAAA,EA/EuB,SAAA,CAAA;;;ADJvB,IAAMO,4BAAAA,GAA+B,KAAA;AAC9B,IAAMC,qBAAAA,mBAAwB,MAAA,CAAA,OAAO,EAAEC,WAAAA,EAAaf,UAAAA,EAAYgB,YAAAA,EAAcjE,SAAAA,EAAWkE,WAAAA,EAAaC,SAAAA,EAAW9D,YAAAA,EAAcG,kBAAAA,EAAoBqC,OAAAA,EAAStC,QAAM,KAAG;AACxK,EAAA,IAAIW,KAAAA;AACJ,EAAA,MAAMkD,cAAAA,GAAiB,CAAA,6EAAA,CAAA;AACvB,EAAA,IAAInB,UAAAA,EAAY;AACZ,IAAA,IAAI;AACA,MAAA,MAAMoB,MAAAA,GAAS,MAAMC,OAAAA,CAAoB;AAAEzB,QAAAA;AAAQ,OAAA,CAAA,EAAA;AACnD3B,MAAAA,KAAAA,GAAQ;AACJmC,QAAAA,WAAAA,EAAagB,MAAAA,CAAOnD,KAAAA;AACpBoC,QAAAA,SAAAA,EAAW,IAAIjC,IAAAA,CAAKgD,MAAAA,CAAOlD,UAAU,EAAEyC,WAAAA;AAC3C,OAAA;AACJ,IAAA,CAAA,CAAA,OACOR,CAAAA,EAAG;AACN,MAAA,MAAM,IAAImB,wBAAAA,CAAyBnB,CAAAA,CAAEnE,OAAAA,EAAS;QAC1CuF,WAAAA,EAAaV,4BAAAA;AACbvD,QAAAA;OACJ,CAAA;AACJ,IAAA;EACJ,CAAA,MACK;AACD,IAAA,IAAI;AACAW,MAAAA,KAAAA,GAAQ,MAAMiC,oBAAoBa,WAAAA,CAAAA;AACtC,IAAA,CAAA,CAAA,OACOZ,CAAAA,EAAG;AACN,MAAA,MAAM,IAAImB,wBAAAA,CAAyB,CAAA,yDAAA,EAA4DH,cAAAA,CAAAA,CAAAA,EAAkB;QAC7GI,WAAAA,EAAaV,4BAAAA;AACbvD,QAAAA;OACJ,CAAA;AACJ,IAAA;AACJ,EAAA;AACA,EAAA,IAAI,IAAIc,IAAAA,CAAKH,KAAAA,CAAMoC,SAAS,CAAA,CAAElC,SAAO,GAAKC,IAAAA,CAAKC,GAAAA,EAAG,IAAM,CAAA,EAAG;AACvD,IAAA,MAAM,IAAIiD,wBAAAA,CAAyB,CAAA,0DAAA,EAA6DH,cAAAA,CAAAA,CAAAA,EAAkB;MAC9GI,WAAAA,EAAaV,4BAAAA;AACbvD,MAAAA;KACJ,CAAA;AACJ,EAAA;AACA,EAAA,MAAM,EAAE8C,aAAW,GAAKnC,KAAAA;AACxB,EAAA,MAAM,EAAEuD,SAAAA,EAAWC,yBAAAA,EAAyB,GAAK,MAAM,OAAO,eAAA,CAAA;AAC9D,EAAA,MAAMC,GAAAA,GAAMR,SAAAA,IACR,IAAIM,SAAAA,CAAUtF,MAAAA,CAAOiB,OAAO,EAAC,EAAGC,YAAAA,IAAgB,EAAC,EAAG;IAChDE,MAAAA,EAAQF,YAAAA,EAAcE,UAAUC,kBAAAA,EAAoBD,MAAAA;AACpDD,IAAAA,MAAAA,EAAQD,cAAcC,MAAAA,IAAUN;AACpC,GAAA,CAAA,CAAA;AACJ,EAAA,IAAI4E,OAAAA;AACJ,EAAA,IAAI;AACAA,IAAAA,OAAAA,GAAU,MAAMD,GAAAA,CAAI/D,IAAAA,CAAK,IAAI8D,yBAAAA,CAA0B;MACnDG,SAAAA,EAAWZ,YAAAA;MACXa,QAAAA,EAAUZ,WAAAA;AACVb,MAAAA;AACJ,KAAA,CAAA,CAAA;AACJ,EAAA,CAAA,CAAA,OACOD,CAAAA,EAAG;AACN,IAAA,MAAM,IAAImB,yBAAyBnB,CAAAA,EAAG;MAClCoB,WAAAA,EAAaV,4BAAAA;AACbvD,MAAAA;KACJ,CAAA;AACJ,EAAA;AACA,EAAA,MAAM,EAAEwE,eAAAA,EAAiB,EAAEC,WAAAA,EAAaC,eAAAA,EAAiBC,YAAAA,EAAc/D,UAAAA,EAAYgE,eAAAA,EAAiBN,SAAAA,EAAS,GAAK,EAAC,EAAC,GAAMD,OAAAA;AAC1H,EAAA,IAAI,CAACI,WAAAA,IAAe,CAACC,mBAAmB,CAACC,YAAAA,IAAgB,CAAC/D,UAAAA,EAAY;AAClE,IAAA,MAAM,IAAIoD,yBAAyB,8CAAA,EAAgD;MAC/EC,WAAAA,EAAaV,4BAAAA;AACbvD,MAAAA;KACJ,CAAA;AACJ,EAAA;AACA,EAAA,MAAM6E,WAAAA,GAAc;AAChBJ,IAAAA,WAAAA;AACAC,IAAAA,eAAAA;AACAC,IAAAA,YAAAA;IACA/D,UAAAA,EAAY,IAAIE,KAAKF,UAAAA,CAAAA;AACrB,IAAA,GAAIgE,eAAAA,IAAmB;AAAEA,MAAAA;AAAgB,KAAA;AACzC,IAAA,GAAIN,SAAAA,IAAa;AAAEA,MAAAA;AAAU;AACjC,GAAA;AACA,EAAA,IAAI5B,UAAAA,EAAY;AACZoC,IAAAA,oBAAAA,CAAqBD,WAAAA,EAAa,mBAAmB,GAAA,CAAA;EACzD,CAAA,MACK;AACDC,IAAAA,oBAAAA,CAAqBD,WAAAA,EAAa,0BAA0B,GAAA,CAAA;AAChE,EAAA;AACA,EAAA,OAAOA,WAAAA;AACX,CAAA,EA9EqC,uBAAA,CAAA;;;AQLrC,cAAA,EAAA;AACO,IAAME,kBAAAA,mBAAqB,MAAA,CAAA,CAACzC,OAAAA,EAAStC,MAAAA,KAAAA;AACxC,EAAA,MAAM,EAAEf,aAAAA,EAAeC,cAAAA,EAAgBE,UAAAA,EAAYC,eAAa,GAAKiD,OAAAA;AACrE,EAAA,IAAI,CAACrD,aAAAA,IAAiB,CAACC,kBAAkB,CAACE,UAAAA,IAAc,CAACC,aAAAA,EAAe;AACpE,IAAA,MAAM,IAAI2E,yBAAyB,CAAA,8IAAA,EACwBpF,MAAAA,CAAOoG,KAAK1C,OAAAA,CAAAA,CAAS2C,IAAAA,CAAK,IAAA,CAAA;AAA6F,kFAAA,CAAA,EAAA;MAAEhB,WAAAA,EAAa,KAAA;AAAOjE,MAAAA;KAAO,CAAA;AACnN,EAAA;AACA,EAAA,OAAOsC,OAAAA;AACX,CAAA,EAPkC,oBAAA;;;AXI3B,IAAM4C,OAAAA,mBAAU,MAAA,CAAA,CAACxF,IAAAA,GAAO,EAAC,KAAM,OAAO,EAAEsC,kBAAAA,EAAkB,GAAK,EAAC,KAAC;AACpEtC,EAAAA,IAAAA,CAAKM,MAAAA,EAAQiC,MAAM,4CAAA,CAAA;AACnB,EAAA,MAAM,EAAEwB,WAAAA,EAAaC,YAAAA,EAAcjE,SAAAA,EAAWkE,WAAAA,EAAajB,YAAU,GAAKhD,IAAAA;AAC1E,EAAA,MAAM,EAAEkE,WAAS,GAAKlE,IAAAA;AACtB,EAAA,MAAM0C,cAAcC,cAAAA,CAAe;IAC/BC,OAAAA,EAAS5C,IAAAA,CAAK4C,WAAWN,kBAAAA,EAAoBM;GACjD,CAAA;AACA,EAAA,IAAI,CAACmB,eAAe,CAACC,YAAAA,IAAgB,CAACjE,SAAAA,IAAa,CAACkE,WAAAA,IAAe,CAACjB,UAAAA,EAAY;AAC5E,IAAA,MAAMR,QAAAA,GAAW,MAAMC,eAAAA,CAAgBzC,IAAAA,CAAAA;AACvC,IAAA,MAAM4C,OAAAA,GAAUJ,SAASE,WAAAA,CAAAA;AACzB,IAAA,IAAI,CAACE,OAAAA,EAAS;AACV,MAAA,MAAM,IAAI0B,wBAAAA,CAAyB,CAAA,QAAA,EAAW5B,WAAAA,CAAAA,eAAAA,CAAAA,EAA8B;AAAEpC,QAAAA,MAAAA,EAAQN,IAAAA,CAAKM;OAAO,CAAA;AACtG,IAAA;AACA,IAAA,IAAI,CAACjB,YAAAA,CAAauD,OAAAA,CAAAA,EAAU;AACxB,MAAA,MAAM,IAAI0B,wBAAAA,CAAyB,CAAA,QAAA,EAAW5B,WAAAA,CAAAA,wCAAAA,CAAAA,EAAuD;AACjGpC,QAAAA,MAAAA,EAAQN,IAAAA,CAAKM;OACjB,CAAA;AACJ,IAAA;AACA,IAAA,IAAIsC,SAASnD,WAAAA,EAAa;AACtB,MAAA,MAAMqD,WAAAA,GAAc,MAAMC,kBAAAA,CAAmB/C,IAAAA,CAAAA;AAC7C,MAAA,MAAMyF,OAAAA,GAAU3C,WAAAA,CAAYF,OAAAA,CAAQnD,WAAW,CAAA;AAC/C,MAAA,MAAMiG,WAAAA,GAAc,CAAA,2BAAA,EAA8BhD,WAAAA,CAAAA,iBAAAA,EAA+BE,QAAQnD,WAAW,CAAA,CAAA;AACpG,MAAA,IAAIM,SAAAA,IAAaA,SAAAA,KAAc0F,OAAAA,CAAQ/F,UAAAA,EAAY;AAC/C,QAAA,MAAM,IAAI4E,wBAAAA,CAAyB,CAAA,sBAAA,CAAA,GAA2BoB,WAAAA,EAAa;UACvEnB,WAAAA,EAAa,KAAA;AACbjE,UAAAA,MAAAA,EAAQN,IAAAA,CAAKM;SACjB,CAAA;AACJ,MAAA;AACA,MAAA,IAAIyD,WAAAA,IAAeA,WAAAA,KAAgB0B,OAAAA,CAAQlG,aAAAA,EAAe;AACtD,QAAA,MAAM,IAAI+E,wBAAAA,CAAyB,CAAA,yBAAA,CAAA,GAA8BoB,WAAAA,EAAa;UAC1EnB,WAAAA,EAAa,KAAA;AACbjE,UAAAA,MAAAA,EAAQN,IAAAA,CAAKM;SACjB,CAAA;AACJ,MAAA;AACAsC,MAAAA,OAAAA,CAAQlD,aAAa+F,OAAAA,CAAQ/F,UAAAA;AAC7BkD,MAAAA,OAAAA,CAAQrD,gBAAgBkG,OAAAA,CAAQlG,aAAAA;AACpC,IAAA;AACA,IAAA,MAAM,EAAEA,aAAAA,EAAeC,cAAAA,EAAgBE,UAAAA,EAAYC,aAAAA,EAAeF,aAAW,GAAK4F,kBAAAA,CAAmBzC,OAAAA,EAAS5C,IAAAA,CAAKM,MAAM,CAAA;AACzH,IAAA,OAAOwD,qBAAAA,CAAsB;MACzBC,WAAAA,EAAaxE,aAAAA;MACbyD,UAAAA,EAAYvD,WAAAA;MACZuE,YAAAA,EAAcxE,cAAAA;MACdO,SAAAA,EAAWL,UAAAA;MACXuE,WAAAA,EAAatE,aAAAA;AACbuE,MAAAA,SAAAA;AACA9D,MAAAA,YAAAA,EAAcJ,IAAAA,CAAKI,YAAAA;AACnBG,MAAAA,kBAAAA,EAAoBP,IAAAA,CAAKO,kBAAAA;MACzBqC,OAAAA,EAASF;KACb,CAAA;AACJ,EAAA,CAAA,MAAA,IACS,CAACqB,WAAAA,IAAe,CAACC,gBAAgB,CAACjE,SAAAA,IAAa,CAACkE,WAAAA,EAAa;AAClE,IAAA,MAAM,IAAIK,yBAAyB,8HAAA,EAC8B;MAAEC,WAAAA,EAAa,KAAA;AAAOjE,MAAAA,MAAAA,EAAQN,IAAAA,CAAKM;KAAO,CAAA;EAC/G,CAAA,MACK;AACD,IAAA,OAAOwD,qBAAAA,CAAsB;AACzBC,MAAAA,WAAAA;AACAf,MAAAA,UAAAA;AACAgB,MAAAA,YAAAA;AACAjE,MAAAA,SAAAA;AACAkE,MAAAA,WAAAA;AACAC,MAAAA,SAAAA;AACA9D,MAAAA,YAAAA,EAAcJ,IAAAA,CAAKI,YAAAA;AACnBG,MAAAA,kBAAAA,EAAoBP,IAAAA,CAAKO,kBAAAA;MACzBqC,OAAAA,EAASF;KACb,CAAA;AACJ,EAAA;AACJ,CAAA,EAnEuB,SAAA;;;AYLvB,cAAA,EAAA","file":"R5CQAJPE.js","sourcesContent":["export * from \"./fromSSO\";\nexport * from \"./isSsoProfile\";\nexport * from \"./types\";\nexport * from \"./validateSsoProfile\";\n","import { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getProfileName, loadSsoSessionData, parseKnownFiles } from \"@smithy/shared-ini-file-loader\";\nimport { isSsoProfile } from \"./isSsoProfile\";\nimport { resolveSSOCredentials } from \"./resolveSSOCredentials\";\nimport { validateSsoProfile } from \"./validateSsoProfile\";\nexport const fromSSO = (init = {}) => async ({ callerClientConfig } = {}) => {\n    init.logger?.debug(\"@aws-sdk/credential-provider-sso - fromSSO\");\n    const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;\n    const { ssoClient } = init;\n    const profileName = getProfileName({\n        profile: init.profile ?? callerClientConfig?.profile,\n    });\n    if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {\n        const profiles = await parseKnownFiles(init);\n        const profile = profiles[profileName];\n        if (!profile) {\n            throw new CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger });\n        }\n        if (!isSsoProfile(profile)) {\n            throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, {\n                logger: init.logger,\n            });\n        }\n        if (profile?.sso_session) {\n            const ssoSessions = await loadSsoSessionData(init);\n            const session = ssoSessions[profile.sso_session];\n            const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`;\n            if (ssoRegion && ssoRegion !== session.sso_region) {\n                throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, {\n                    tryNextLink: false,\n                    logger: init.logger,\n                });\n            }\n            if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {\n                throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, {\n                    tryNextLink: false,\n                    logger: init.logger,\n                });\n            }\n            profile.sso_region = session.sso_region;\n            profile.sso_start_url = session.sso_start_url;\n        }\n        const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile, init.logger);\n        return resolveSSOCredentials({\n            ssoStartUrl: sso_start_url,\n            ssoSession: sso_session,\n            ssoAccountId: sso_account_id,\n            ssoRegion: sso_region,\n            ssoRoleName: sso_role_name,\n            ssoClient: ssoClient,\n            clientConfig: init.clientConfig,\n            parentClientConfig: init.parentClientConfig,\n            profile: profileName,\n        });\n    }\n    else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {\n        throw new CredentialsProviderError(\"Incomplete configuration. The fromSSO() argument hash must include \" +\n            '\"ssoStartUrl\", \"ssoAccountId\", \"ssoRegion\", \"ssoRoleName\"', { tryNextLink: false, logger: init.logger });\n    }\n    else {\n        return resolveSSOCredentials({\n            ssoStartUrl,\n            ssoSession,\n            ssoAccountId,\n            ssoRegion,\n            ssoRoleName,\n            ssoClient,\n            clientConfig: init.clientConfig,\n            parentClientConfig: init.parentClientConfig,\n            profile: profileName,\n        });\n    }\n};\n","import { ProviderError } from \"./ProviderError\";\nexport class TokenProviderError extends ProviderError {\n    name = \"TokenProviderError\";\n    constructor(message, options = true) {\n        super(message, options);\n        Object.setPrototypeOf(this, TokenProviderError.prototype);\n    }\n}\n","export const isSsoProfile = (arg) => arg &&\n    (typeof arg.sso_start_url === \"string\" ||\n        typeof arg.sso_account_id === \"string\" ||\n        typeof arg.sso_session === \"string\" ||\n        typeof arg.sso_region === \"string\" ||\n        typeof arg.sso_role_name === \"string\");\n","import { setCredentialFeature } from \"@aws-sdk/core/client\";\nimport { fromSso as getSsoTokenProvider } from \"@aws-sdk/token-providers\";\nimport { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getSSOTokenFromFile } from \"@smithy/shared-ini-file-loader\";\nconst SHOULD_FAIL_CREDENTIAL_CHAIN = false;\nexport const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, parentClientConfig, profile, logger, }) => {\n    let token;\n    const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;\n    if (ssoSession) {\n        try {\n            const _token = await getSsoTokenProvider({ profile })();\n            token = {\n                accessToken: _token.token,\n                expiresAt: new Date(_token.expiration).toISOString(),\n            };\n        }\n        catch (e) {\n            throw new CredentialsProviderError(e.message, {\n                tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n                logger,\n            });\n        }\n    }\n    else {\n        try {\n            token = await getSSOTokenFromFile(ssoStartUrl);\n        }\n        catch (e) {\n            throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, {\n                tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n                logger,\n            });\n        }\n    }\n    if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {\n        throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, {\n            tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n            logger,\n        });\n    }\n    const { accessToken } = token;\n    const { SSOClient, GetRoleCredentialsCommand } = await import(\"./loadSso\");\n    const sso = ssoClient ||\n        new SSOClient(Object.assign({}, clientConfig ?? {}, {\n            logger: clientConfig?.logger ?? parentClientConfig?.logger,\n            region: clientConfig?.region ?? ssoRegion,\n        }));\n    let ssoResp;\n    try {\n        ssoResp = await sso.send(new GetRoleCredentialsCommand({\n            accountId: ssoAccountId,\n            roleName: ssoRoleName,\n            accessToken,\n        }));\n    }\n    catch (e) {\n        throw new CredentialsProviderError(e, {\n            tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n            logger,\n        });\n    }\n    const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {}, } = ssoResp;\n    if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {\n        throw new CredentialsProviderError(\"SSO returns an invalid temporary credential.\", {\n            tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n            logger,\n        });\n    }\n    const credentials = {\n        accessKeyId,\n        secretAccessKey,\n        sessionToken,\n        expiration: new Date(expiration),\n        ...(credentialScope && { credentialScope }),\n        ...(accountId && { accountId }),\n    };\n    if (ssoSession) {\n        setCredentialFeature(credentials, \"CREDENTIALS_SSO\", \"s\");\n    }\n    else {\n        setCredentialFeature(credentials, \"CREDENTIALS_SSO_LEGACY\", \"u\");\n    }\n    return credentials;\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { getProfileName, getSSOTokenFromFile, loadSsoSessionData, parseKnownFiles, } from \"@smithy/shared-ini-file-loader\";\nimport { EXPIRE_WINDOW_MS, REFRESH_MESSAGE } from \"./constants\";\nimport { getNewSsoOidcToken } from \"./getNewSsoOidcToken\";\nimport { validateTokenExpiry } from \"./validateTokenExpiry\";\nimport { validateTokenKey } from \"./validateTokenKey\";\nimport { writeSSOTokenToFile } from \"./writeSSOTokenToFile\";\nconst lastRefreshAttemptTime = new Date(0);\nexport const fromSso = (_init = {}) => async ({ callerClientConfig } = {}) => {\n    const init = {\n        ..._init,\n        parentClientConfig: {\n            ...callerClientConfig,\n            ..._init.parentClientConfig,\n        },\n    };\n    init.logger?.debug(\"@aws-sdk/token-providers - fromSso\");\n    const profiles = await parseKnownFiles(init);\n    const profileName = getProfileName({\n        profile: init.profile ?? callerClientConfig?.profile,\n    });\n    const profile = profiles[profileName];\n    if (!profile) {\n        throw new TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);\n    }\n    else if (!profile[\"sso_session\"]) {\n        throw new TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);\n    }\n    const ssoSessionName = profile[\"sso_session\"];\n    const ssoSessions = await loadSsoSessionData(init);\n    const ssoSession = ssoSessions[ssoSessionName];\n    if (!ssoSession) {\n        throw new TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false);\n    }\n    for (const ssoSessionRequiredKey of [\"sso_start_url\", \"sso_region\"]) {\n        if (!ssoSession[ssoSessionRequiredKey]) {\n            throw new TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false);\n        }\n    }\n    const ssoStartUrl = ssoSession[\"sso_start_url\"];\n    const ssoRegion = ssoSession[\"sso_region\"];\n    let ssoToken;\n    try {\n        ssoToken = await getSSOTokenFromFile(ssoSessionName);\n    }\n    catch (e) {\n        throw new TokenProviderError(`The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, false);\n    }\n    validateTokenKey(\"accessToken\", ssoToken.accessToken);\n    validateTokenKey(\"expiresAt\", ssoToken.expiresAt);\n    const { accessToken, expiresAt } = ssoToken;\n    const existingToken = { token: accessToken, expiration: new Date(expiresAt) };\n    if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) {\n        return existingToken;\n    }\n    if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1000) {\n        validateTokenExpiry(existingToken);\n        return existingToken;\n    }\n    validateTokenKey(\"clientId\", ssoToken.clientId, true);\n    validateTokenKey(\"clientSecret\", ssoToken.clientSecret, true);\n    validateTokenKey(\"refreshToken\", ssoToken.refreshToken, true);\n    try {\n        lastRefreshAttemptTime.setTime(Date.now());\n        const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init);\n        validateTokenKey(\"accessToken\", newSsoOidcToken.accessToken);\n        validateTokenKey(\"expiresIn\", newSsoOidcToken.expiresIn);\n        const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1000);\n        try {\n            await writeSSOTokenToFile(ssoSessionName, {\n                ...ssoToken,\n                accessToken: newSsoOidcToken.accessToken,\n                expiresAt: newTokenExpiration.toISOString(),\n                refreshToken: newSsoOidcToken.refreshToken,\n            });\n        }\n        catch (error) {\n        }\n        return {\n            token: newSsoOidcToken.accessToken,\n            expiration: newTokenExpiration,\n        };\n    }\n    catch (error) {\n        validateTokenExpiry(existingToken);\n        return existingToken;\n    }\n};\n","export const EXPIRE_WINDOW_MS = 5 * 60 * 1000;\nexport const REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;\n","import { getSsoOidcClient } from \"./getSsoOidcClient\";\nexport const getNewSsoOidcToken = async (ssoToken, ssoRegion, init = {}) => {\n    const { CreateTokenCommand } = await import(\"@aws-sdk/nested-clients/sso-oidc\");\n    const ssoOidcClient = await getSsoOidcClient(ssoRegion, init);\n    return ssoOidcClient.send(new CreateTokenCommand({\n        clientId: ssoToken.clientId,\n        clientSecret: ssoToken.clientSecret,\n        refreshToken: ssoToken.refreshToken,\n        grantType: \"refresh_token\",\n    }));\n};\n","export const getSsoOidcClient = async (ssoRegion, init = {}) => {\n    const { SSOOIDCClient } = await import(\"@aws-sdk/nested-clients/sso-oidc\");\n    const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {\n        region: ssoRegion ?? init.clientConfig?.region,\n        logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger,\n    }));\n    return ssoOidcClient;\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { REFRESH_MESSAGE } from \"./constants\";\nexport const validateTokenExpiry = (token) => {\n    if (token.expiration && token.expiration.getTime() < Date.now()) {\n        throw new TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);\n    }\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { REFRESH_MESSAGE } from \"./constants\";\nexport const validateTokenKey = (key, value, forRefresh = false) => {\n    if (typeof value === \"undefined\") {\n        throw new TokenProviderError(`Value not present for '${key}' in SSO Token${forRefresh ? \". Cannot refresh\" : \"\"}. ${REFRESH_MESSAGE}`, false);\n    }\n};\n","import { getSSOTokenFilepath } from \"@smithy/shared-ini-file-loader\";\nimport { promises as fsPromises } from \"fs\";\nconst { writeFile } = fsPromises;\nexport const writeSSOTokenToFile = (id, ssoToken) => {\n    const tokenFilepath = getSSOTokenFilepath(id);\n    const tokenString = JSON.stringify(ssoToken, null, 2);\n    return writeFile(tokenFilepath, tokenString);\n};\n","import { CredentialsProviderError } from \"@smithy/property-provider\";\nexport const validateSsoProfile = (profile, logger) => {\n    const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;\n    if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {\n        throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters \"sso_account_id\", ` +\n            `\"sso_region\", \"sso_role_name\", \"sso_start_url\". Got ${Object.keys(profile).join(\", \")}\\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, { tryNextLink: false, logger });\n    }\n    return profile;\n};\n","export {};\n"]}

package/dist/ROMZWOXP.js

@@ -0,0 +1,21 @@
+import { init_esm_shims, __name } from './6AHA7PAZ.js';
+import * as semver from 'semver';
+
+// src/utils/version.ts
+init_esm_shims();
+function versionsSatisfied(current, expected) {
+  return semver.satisfies(current, expected);
+}
+__name(versionsSatisfied, "versionsSatisfied");
+function findSemVersionFromString(input) {
+  const version = input.match(/^(solana-cli|anchor-cli|aptos)\s+(([0-9]+\.?){3}).*?/m)?.[2];
+  if (!version) {
+    throw new Error(`Invalid semver version: ${input}`);
+  }
+  return version;
+}
+__name(findSemVersionFromString, "findSemVersionFromString");
+
+export { findSemVersionFromString, versionsSatisfied };
+//# sourceMappingURL=ROMZWOXP.js.map
+//# sourceMappingURL=ROMZWOXP.js.map

package/dist/ROMZWOXP.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils/version.ts"],"names":["versionsSatisfied","current","expected","satisfies","findSemVersionFromString","input","version","match","Error"],"mappings":";;;;AAAA,cAAA,EAAA;AAKO,SAASA,iBAAAA,CAAkBC,SAAiBC,QAAAA,EAAgB;AAC/D,EAAA,OAAcC,MAAAA,CAAAA,SAAAA,CAAUF,SAASC,QAAAA,CAAAA;AACrC;AAFgBF,MAAAA,CAAAA,iBAAAA,EAAAA,mBAAAA,CAAAA;AAOT,SAASI,yBAAyBC,KAAAA,EAAa;AAClD,EAAA,MAAMC,OAAAA,GAAUD,KAAAA,CAAME,KAAAA,CAAM,uDAAA,IAA2D,CAAA,CAAA;AAEvF,EAAA,IAAI,CAACD,OAAAA,EAAS;AACV,IAAA,MAAM,IAAIE,KAAAA,CAAM,CAAA,wBAAA,EAA2BH,KAAAA,CAAAA,CAAO,CAAA;AACtD,EAAA;AAEA,EAAA,OAAOC,OAAAA;AACX;AARgBF,MAAAA,CAAAA,wBAAAA,EAAAA,0BAAAA,CAAAA","file":"ROMZWOXP.js","sourcesContent":["import * as semver from 'semver';\n\n/**\n * Check if current version satisfies expected version using semver\n */\nexport function versionsSatisfied(current: string, expected: string): boolean {\n    return semver.satisfies(current, expected);\n}\n\n/**\n * Find semantic version from string output\n */\nexport function findSemVersionFromString(input: string): string {\n    const version = input.match(/^(solana-cli|anchor-cli|aptos)\\s+(([0-9]+\\.?){3}).*?/m)?.[2];\n\n    if (!version) {\n        throw new Error(`Invalid semver version: ${input}`);\n    }\n\n    return version;\n}\n"]}

package/dist/RT6XP6RO.js

@@ -0,0 +1,10 @@
+import { findToolVersionsForCombination } from './7GBZAO4Q.js';
+import { init_esm_shims, __name } from './6AHA7PAZ.js';
+
+// src/utils.ts
+init_esm_shims();
+var getCombinationId = /* @__PURE__ */ __name((context, combination) => Object.entries(findToolVersionsForCombination(context, combination)).toSorted().flat().join("-"), "getCombinationId");
+
+export { getCombinationId };
+//# sourceMappingURL=RT6XP6RO.js.map
+//# sourceMappingURL=RT6XP6RO.js.map

package/dist/RT6XP6RO.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils.ts"],"names":["getCombinationId","context","combination","Object","entries","findToolVersionsForCombination","toSorted","flat","join"],"mappings":";;;;AAEA,cAAA,EAAA;AAEO,IAAMA,mCAAmB,MAAA,CAAA,CAC5BC,OAAAA,EACAC,WAAAA,KAEAC,MAAAA,CAAOC,QAAQC,8BAAAA,CAA+BJ,OAAAA,EAASC,WAAAA,CAAAA,EAClDI,QAAAA,EAAQ,CACRC,MAAI,CACJC,IAAAA,CAAK,GAAA,CAAA,EAPkB,kBAAA","file":"RT6XP6RO.js","sourcesContent":["import type { VersionCombination } from './config';\nimport type { ChainContext } from './context';\nimport { findToolVersionsForCombination } from './utils/finder';\n\nexport const getCombinationId = <TImageId extends string>(\n    context: ChainContext<TImageId>,\n    combination: VersionCombination<TImageId>,\n): string =>\n    Object.entries(findToolVersionsForCombination(context, combination))\n        .toSorted()\n        .flat()\n        .join('-');\n"]}

package/dist/TC4EVJWZ.js

@@ -0,0 +1,96 @@
+import { getImageTag, getImageUri } from './FQHJEYC5.js';
+import { init_esm_shims, __name } from './6AHA7PAZ.js';
+import { execFile } from 'child_process';
+import { promisify } from 'util';
+import * as z from 'zod';
+
+// src/test.ts
+init_esm_shims();
+var TEST_TIMEOUT = 15 * 6e4;
+var COMMAND_TIMEOUT = 5 * 6e4;
+var slsaSchema = z.object({
+  SLSA: z.object({})
+});
+var provenanceSchema = z.object({
+  ["linux/amd64"]: slsaSchema,
+  ["linux/arm64"]: slsaSchema
+});
+var runCommand = /* @__PURE__ */ __name(async (command, args) => (await promisify(execFile)(command, args, {
+  timeout: COMMAND_TIMEOUT,
+  killSignal: "SIGKILL"
+})).stdout.trim(), "runCommand");
+var testTools = /* @__PURE__ */ __name(({ describe, expect, it }, images, versionCombinations, versionCommands) => {
+  describe("Docker image IDs", () => {
+    for (const [name, image] of Object.entries(images)) {
+      it(`has an image ID of ${name}`, () => {
+        expect([
+          image.name,
+          getImageTag(image, "-")
+        ].join(":")).toBe(name);
+      });
+    }
+  });
+  describe("Tool versions", () => {
+    for (const literalImage of Object.values(images)) {
+      const image = literalImage;
+      if (image.unreleased) {
+        continue;
+      }
+      describe(getImageTag(image), () => {
+        for (const [tool, expectedVersion] of Object.entries(image.versions)) {
+          it(`should have ${tool} of version ${expectedVersion}`, async () => {
+            if (!(versionCommands[tool] instanceof Array)) {
+              throw new Error("Missing version command");
+            }
+            const uri = getImageUri(image, "_");
+            await runCommand("docker", [
+              "pull",
+              uri
+            ]);
+            const version = await runCommand("docker", [
+              "run",
+              "--rm",
+              "--privileged",
+              uri,
+              ...versionCommands[tool]
+            ]);
+            expect(version).toContain(expectedVersion);
+          }, TEST_TIMEOUT);
+        }
+      });
+    }
+  });
+  describe("Version combinations", () => {
+    for (const [id, combination] of Object.entries(versionCombinations)) {
+      describe(id, () => {
+        for (const image of Object.values(combination.images)) {
+          it(`has a released image for ${image}`, () => {
+            expect(images[image]?.unreleased).toBeFalsy();
+          });
+        }
+      });
+    }
+  });
+  describe("Docker image manifests", () => {
+    for (const [id, image] of Object.entries(images)) {
+      if (image.unreleased) {
+        continue;
+      }
+      it(`has a valid manifest for ${id}`, async () => {
+        const { stdout } = await promisify(execFile)("docker", [
+          "buildx",
+          "imagetools",
+          "inspect",
+          "--format",
+          "{{ json .Provenance }}",
+          getImageUri(image, "_")
+        ]);
+        expect(provenanceSchema.safeParse(JSON.parse(stdout)).success).toBe(true);
+      });
+    }
+  });
+}, "testTools");
+
+export { testTools };
+//# sourceMappingURL=TC4EVJWZ.js.map
+//# sourceMappingURL=TC4EVJWZ.js.map

package/dist/TC4EVJWZ.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/test.ts"],"names":["TEST_TIMEOUT","COMMAND_TIMEOUT","slsaSchema","object","SLSA","provenanceSchema","runCommand","command","args","promisify","execFile","timeout","killSignal","stdout","trim","testTools","describe","expect","it","images","versionCombinations","versionCommands","name","image","Object","entries","getImageTag","join","toBe","literalImage","values","unreleased","tool","expectedVersion","versions","Array","Error","uri","getImageUri","version","toContain","id","combination","toBeFalsy","safeParse","JSON","parse","success"],"mappings":";;;;;;;AAAA,cAAA,EAAA;AASA,IAAMA,eAAe,EAAA,GAAK,GAAA;AAC1B,IAAMC,kBAAkB,CAAA,GAAI,GAAA;AAE5B,IAAMC,aAAeC,CAAAA,CAAAA,MAAAA,CAAO;EACxBC,IAAAA,EAAQD,CAAAA,CAAAA,MAAAA,CAAO,EAAC;AACpB,CAAA,CAAA;AAGA,IAAME,mBAAqBF,CAAAA,CAAAA,MAAAA,CAAO;AAC9B,EAAA,CAAC,aAAA,GAAgBD,UAAAA;AACjB,EAAA,CAAC,aAAA,GAAgBA;AACrB,CAAA,CAAA;AAEA,IAAMI,UAAAA,iCAAoBC,OAAAA,EAAiBC,IAAAA,KAAAA,CAEnC,MAAMC,SAAAA,CAAUC,QAAAA,CAAAA,CAAUH,OAAAA,EAASC,IAAAA,EAAM;EACrCG,OAAAA,EAASV,eAAAA;EACTW,UAAAA,EAAY;AAChB,CAAA,CAAA,EACFC,MAAAA,CAAOC,IAAAA,EAAI,EANE,YAAA,CAAA;AAQZ,IAAMC,SAAAA,2BACT,EAAEC,QAAAA,EAAUC,QAAQC,EAAAA,EAAE,EACtBC,MAAAA,EACAC,mBAAAA,EACAC,eAAAA,KAAAA;AAEAL,EAAAA,QAAAA,CAAS,oBAAoB,MAAA;AACzB,IAAA,KAAA,MAAW,CAACM,IAAAA,EAAMC,KAAAA,KAAUC,MAAAA,CAAOC,OAAAA,CAAQN,MAAAA,CAAAA,EAAS;AAChDD,MAAAA,EAAAA,CAAG,CAAA,mBAAA,EAAsBI,IAAAA,CAAAA,CAAAA,EAAQ,MAAA;AAC7BL,QAAAA,MAAAA,CAAO;UAACM,KAAAA,CAAMD,IAAAA;AAAMI,UAAAA,WAAAA,CAAYH,OAAO,GAAA;AAAMI,SAAAA,CAAAA,IAAAA,CAAK,GAAA,CAAA,CAAA,CAAMC,IAAAA,CAAKN,IAAAA,CAAAA;MACjE,CAAA,CAAA;AACJ,IAAA;EACJ,CAAA,CAAA;AAEAN,EAAAA,QAAAA,CAAS,iBAAiB,MAAA;AACtB,IAAA,KAAA,MAAWa,YAAAA,IAAgBL,MAAAA,CAAOM,MAAAA,CAAOX,MAAAA,CAAAA,EAAS;AAC9C,MAAA,MAAMI,KAAAA,GAAeM,YAAAA;AAErB,MAAA,IAAIN,MAAMQ,UAAAA,EAAY;AAClB,QAAA;AACJ,MAAA;AAEAf,MAAAA,QAAAA,CAASU,WAAAA,CAAYH,KAAAA,CAAAA,EAAQ,MAAA;AACzB,QAAA,KAAA,MAAW,CAACS,MAAMC,eAAAA,CAAAA,IAAoBT,OAAOC,OAAAA,CAAQF,KAAAA,CAAMW,QAAQ,CAAA,EAAG;AAClEhB,UAAAA,EAAAA,CACI,CAAA,YAAA,EAAec,IAAAA,CAAAA,YAAAA,EAAmBC,eAAAA,IAClC,YAAA;AACI,YAAA,IAAI,EAAEZ,eAAAA,CAAgBW,IAAAA,CAAAA,YAAiBG,KAAAA,CAAAA,EAAQ;AAC3C,cAAA,MAAM,IAAIC,MAAM,yBAAA,CAAA;AACpB,YAAA;AAGA,YAAA,MAAMC,GAAAA,GAAMC,WAAAA,CAAYf,KAAAA,EAAO,GAAA,CAAA;AAC/B,YAAA,MAAMjB,WAAW,QAAA,EAAU;AAAC,cAAA,MAAA;AAAQ+B,cAAAA;AAAI,aAAA,CAAA;AAExC,YAAA,MAAME,OAAAA,GAAU,MAAMjC,UAAAA,CAAW,QAAA,EAAU;AACvC,cAAA,KAAA;AACA,cAAA,MAAA;AACA,cAAA,cAAA;AACA+B,cAAAA,GAAAA;AACGhB,cAAAA,GAAAA,eAAAA,CAAgBW,IAAAA;AACtB,aAAA,CAAA;AAEDf,YAAAA,MAAAA,CAAOsB,OAAAA,CAAAA,CAASC,SAAAA,CAAUP,eAAAA,CAAAA;AAC9B,UAAA,CAAA,EACAjC,YAAAA,CAAAA;AAER,QAAA;MACJ,CAAA,CAAA;AACJ,IAAA;EACJ,CAAA,CAAA;AAEAgB,EAAAA,QAAAA,CAAS,wBAAwB,MAAA;AAC7B,IAAA,KAAA,MAAW,CAACyB,EAAAA,EAAIC,WAAAA,KAAgBlB,MAAAA,CAAOC,OAAAA,CAAQL,mBAAAA,CAAAA,EAAsB;AACjEJ,MAAAA,QAAAA,CAASyB,IAAI,MAAA;AACT,QAAA,KAAA,MAAWlB,KAAAA,IAASC,MAAAA,CAAOM,MAAAA,CAAOY,WAAAA,CAAYvB,MAAM,CAAA,EAAG;AACnDD,UAAAA,EAAAA,CAAG,CAAA,yBAAA,EAA4BK,KAAAA,CAAAA,CAAAA,EAAS,MAAA;AACpCN,YAAAA,MAAAA,CAAOE,MAAAA,CAAOI,KAAAA,CAAAA,EAAQQ,UAAAA,EAAYY,SAAAA,EAAS;UAC/C,CAAA,CAAA;AACJ,QAAA;MACJ,CAAA,CAAA;AACJ,IAAA;EACJ,CAAA,CAAA;AAEA3B,EAAAA,QAAAA,CAAS,0BAA0B,MAAA;AAC/B,IAAA,KAAA,MAAW,CAACyB,EAAAA,EAAIlB,KAAAA,KAAUC,MAAAA,CAAOC,OAAAA,CAAQN,MAAAA,CAAAA,EAAS;AAC9C,MAAA,IAAII,MAAMQ,UAAAA,EAAY;AAClB,QAAA;AACJ,MAAA;AAEAb,MAAAA,EAAAA,CAAG,CAAA,yBAAA,EAA4BuB,EAAAA,CAAAA,CAAAA,EAAM,YAAA;AACjC,QAAA,MAAM,EAAE5B,MAAAA,EAAM,GAAK,MAAMJ,SAAAA,CAAUC,QAAAA,EAAU,QAAA,EAAU;AACnD,UAAA,QAAA;AACA,UAAA,YAAA;AACA,UAAA,SAAA;AACA,UAAA,UAAA;AACA,UAAA,wBAAA;AACA4B,UAAAA,WAAAA,CAAYf,OAAO,GAAA;AACtB,SAAA,CAAA;AAEDN,QAAAA,MAAAA,CAAOZ,gBAAAA,CAAiBuC,SAAAA,CAAUC,IAAAA,CAAKC,KAAAA,CAAMjC,MAAAA,CAAAA,CAAAA,CAASkC,OAAO,CAAA,CAAEnB,IAAAA,CAAK,IAAA,CAAA;MACxE,CAAA,CAAA;AACJ,IAAA;EACJ,CAAA,CAAA;AACJ,CAAA,EApFyB,WAAA","file":"TC4EVJWZ.js","sourcesContent":["import { execFile } from 'node:child_process';\nimport { promisify } from 'node:util';\nimport type * as vitest from 'vitest';\nimport * as z from 'zod';\n\nimport type { VersionCombination } from './config';\nimport { type Image } from './config';\nimport { getImageTag, getImageUri } from './utils/docker';\n\nconst TEST_TIMEOUT = 15 * 60_000;\nconst COMMAND_TIMEOUT = 5 * 60_000;\n\nconst slsaSchema = z.object({\n    SLSA: z.object({}),\n});\n\n// TODO Require provenance by GitHub Actions.\nconst provenanceSchema = z.object({\n    ['linux/amd64']: slsaSchema,\n    ['linux/arm64']: slsaSchema,\n});\n\nconst runCommand = async (command: string, args: string[]): Promise<string> =>\n    (\n        await promisify(execFile)(command, args, {\n            timeout: COMMAND_TIMEOUT,\n            killSignal: 'SIGKILL', // Force kill if timeout\n        })\n    ).stdout.trim();\n\nexport const testTools = (\n    { describe, expect, it }: typeof vitest,\n    images: Record<string, Image>,\n    versionCombinations: VersionCombination<string>[],\n    versionCommands: Record<string, string[]>,\n): void => {\n    describe('Docker image IDs', () => {\n        for (const [name, image] of Object.entries(images)) {\n            it(`has an image ID of ${name}`, () => {\n                expect([image.name, getImageTag(image, '-')].join(':')).toBe(name);\n            });\n        }\n    });\n\n    describe('Tool versions', () => {\n        for (const literalImage of Object.values(images)) {\n            const image: Image = literalImage;\n\n            if (image.unreleased) {\n                continue;\n            }\n\n            describe(getImageTag(image), () => {\n                for (const [tool, expectedVersion] of Object.entries(image.versions)) {\n                    it(\n                        `should have ${tool} of version ${expectedVersion}`,\n                        async () => {\n                            if (!(versionCommands[tool] instanceof Array)) {\n                                throw new Error('Missing version command');\n                            }\n\n                            // TODO Migrate to hyphened image tags.\n                            const uri = getImageUri(image, '_');\n                            await runCommand('docker', ['pull', uri]);\n\n                            const version = await runCommand('docker', [\n                                'run',\n                                '--rm',\n                                '--privileged',\n                                uri,\n                                ...versionCommands[tool],\n                            ]);\n\n                            expect(version).toContain(expectedVersion);\n                        },\n                        TEST_TIMEOUT,\n                    );\n                }\n            });\n        }\n    });\n\n    describe('Version combinations', () => {\n        for (const [id, combination] of Object.entries(versionCombinations)) {\n            describe(id, () => {\n                for (const image of Object.values(combination.images)) {\n                    it(`has a released image for ${image}`, () => {\n                        expect(images[image]?.unreleased).toBeFalsy();\n                    });\n                }\n            });\n        }\n    });\n\n    describe('Docker image manifests', () => {\n        for (const [id, image] of Object.entries(images)) {\n            if (image.unreleased) {\n                continue;\n            }\n\n            it(`has a valid manifest for ${id}`, async () => {\n                const { stdout } = await promisify(execFile)('docker', [\n                    'buildx',\n                    'imagetools',\n                    'inspect',\n                    '--format',\n                    '{{ json .Provenance }}',\n                    getImageUri(image, '_'),\n                ]);\n\n                expect(provenanceSchema.safeParse(JSON.parse(stdout)).success).toBe(true);\n            });\n        }\n    });\n};\n"]}

package/dist/{DJEOCSEX.js → TKT5HVBW.js}

@@ -1,9 +1,13 @@
 import { stringifyError } from './7XVJ6B7B.js';
+import { versionsSatisfied } from './ROMZWOXP.js';
+import { resolveTypeVersions } from './UTB7ZC7B.js';
+import { getImageUriForTool, getVolumeName } from './FQHJEYC5.js';
+import { AWS_REGION, AWS_ACCOUNT_ID } from './ODGKXOOP.js';
+import { findToolByName } from './7GBZAO4Q.js';
 import { lockMany } from './BAPGOHFS.js';
-import { resolveTypeVersions } from './5CA2MJIS.js';
-import { getImageUriForTool, getVolumeName } from './NMDQTUBH.js';
-import { AWS_REGION, AWS_ACCOUNT_ID, findToolByName, getChainTypeForTool, tools, versionsSatisfied } from './NJHTTAZO.js';
 import { init_esm_shims, __name } from './6AHA7PAZ.js';
+import { uniqBy } from 'es-toolkit';
+import os from 'os';
 import path from 'path';
 import process from 'process';
 import { $ } from 'zx';
@@ -11,20 +15,31 @@ import { getFullyQualifiedRepoRootPath } from '@layerzerolabs/common-node-utils'
 
 // src/core/tool-executor.ts
 init_esm_shims();
+var getHostUserIds = /* @__PURE__ */ __name(() => {
+  const userInfo = os.userInfo();
+  if (userInfo.uid === -1 || userInfo.gid === -1) {
+    return void 0;
+  }
+  return {
+    uid: userInfo.uid,
+    gid: userInfo.gid
+  };
+}, "getHostUserIds");
 $.verbose = true;
 $.stdio = [
   "inherit",
   "pipe",
   process.stderr
 ];
-var mergeVolumes = /* @__PURE__ */ __name((defaultVolumes, userVolumes) => {
-  const paths = new Set(userVolumes.map((volume) => volume.containerPath));
-  return [
-    ...userVolumes,
-    ...defaultVolumes.filter((volume) => !paths.has(volume.containerPath))
-  ];
-}, "mergeVolumes");
-async function ensureDockerImage(imageUri) {
+var mergeVolumes = /* @__PURE__ */ __name((defaultVolumes, userVolumes) => uniqBy([
+  ...userVolumes,
+  ...defaultVolumes
+], (volume) => volume.containerPath), "mergeVolumes");
+var resolveVolumePaths = /* @__PURE__ */ __name((volumes, workspaceRoot) => volumes.map((volume) => volume.type === "host" ? {
+  ...volume,
+  hostPath: path.resolve(workspaceRoot, volume.hostPath.replace(/^~/, os.homedir()))
+} : volume), "resolveVolumePaths");
+var ensureDockerImage = /* @__PURE__ */ __name(async (imageUri) => {
   let output;
   try {
     output = await $`docker image ls ${imageUri}`.nothrow();
@@ -48,22 +63,13 @@ async function ensureDockerImage(imageUri) {
     ].join("\n"));
   }
   console.info(`\u2705 Successfully pulled: ${imageUri}`);
-}
-__name(ensureDockerImage, "ensureDockerImage");
-async function executeToolCommand(command, args, { cwd, volumes: userVolumes, customEntrypoint: entrypoint, env: customEnvVars, script, publish, versions = {} }) {
-  const tool = findToolByName(command);
-  const type = getChainTypeForTool(command);
-  if (!type) {
-    throw new Error([
-      `Tool '${command}' not found or no type configuration available.`,
-      `Available tools: ${tools.map(({ name }) => name).join(", ")}`,
-      `Try: lz-tool --list-versions to see all available tools`
-    ].join("\n"));
-  }
+}, "ensureDockerImage");
+async function executeToolCommand(context, toolName, args, { cwd, volumes: userVolumes, customEntrypoint: entrypoint, env: customEnvVars, script, publish, versions = {} }) {
+  const tool = findToolByName(context, toolName);
   const defaultVolumes = tool.defaultVolumes ?? [];
   const volumes = mergeVolumes(defaultVolumes, userVolumes);
   if (defaultVolumes.length > 0) {
-    console.info(`\u{1F4E6} Using ${defaultVolumes.length} default cache volume(s) for ${command}`);
+    console.info(`\u{1F4E6} Using ${defaultVolumes.length} default cache volume(s) for ${tool.name}`);
     if (userVolumes.length > 0) {
       const overrides = userVolumes.filter((uv) => defaultVolumes.some((dv) => dv.containerPath === uv.containerPath));
       if (overrides.length > 0) {
@@ -71,11 +77,11 @@ async function executeToolCommand(command, args, { cwd, volumes: userVolumes, cu
       }
     }
   }
-  const resolvedVersion = resolveTypeVersions(type, versions)[command];
+  const resolvedVersion = resolveTypeVersions(context, versions)[tool.name];
   if (!resolvedVersion) {
-    throw new Error(`No version resolved for tool ${command}`);
+    throw new Error(`No version resolved for tool ${tool.name}`);
   }
-  console.info(`\u{1F527} ${command} version: ${resolvedVersion}`);
+  console.info(`\u{1F527} ${tool.name} version: ${resolvedVersion}`);
   if (tool.getSecondaryVersion) {
     try {
       const secondaryVersion = tool.getSecondaryVersion({
@@ -88,17 +94,46 @@ async function executeToolCommand(command, args, { cwd, volumes: userVolumes, cu
       console.warn("Could not validate secondary version:", stringifyError(error));
     }
   }
-  const imageURI = getImageUriForTool(tool.name, resolvedVersion);
+  const imageUri = getImageUriForTool(context, tool.name, resolvedVersion);
   const workspaceRoot = await getFullyQualifiedRepoRootPath();
   const relativePath = path.relative(workspaceRoot, cwd);
-  await ensureDockerImage(imageURI);
+  await ensureDockerImage(imageUri);
   if (entrypoint?.trim()) {
     console.info(`\u{1F527} Using custom entrypoint: ${entrypoint}`);
   }
-  const envArgs = customEnvVars.map((envVar) => [
+  const defaultEnv = tool.defaultEnv ?? [];
+  const hasDockerSocketMount = volumes.some((v) => v.type === "host" && v.containerPath === "/var/run/docker.sock");
+  const dockerSocketEnv = hasDockerSocketMount ? [
+    {
+      name: "HOST_CWD",
+      value: cwd
+    },
+    {
+      name: "HOST_WORKSPACE_ROOT",
+      value: workspaceRoot
+    }
+  ] : [];
+  const envArgs = uniqBy([
+    ...customEnvVars,
+    ...dockerSocketEnv,
+    ...defaultEnv
+  ], ({ name }) => name).flatMap(({ name, value }) => [
+    "-e",
+    `${name}=${value}`
+  ]);
+  const hostUserIds = getHostUserIds();
+  const userIdEnvArgs = hostUserIds && tool.name === "stellar" ? [
+    "-e",
+    `LOCAL_UID=${hostUserIds.uid}`,
     "-e",
-    `${envVar.name}=${envVar.value}`
-  ]).flat();
+    `LOCAL_GID=${hostUserIds.gid}`
+  ] : [];
+  if (hostUserIds && tool.name === "stellar") {
+    console.info(`\u{1F464} Running container as UID:GID ${hostUserIds.uid}:${hostUserIds.gid}`);
+  }
+  if (defaultEnv.length > 0) {
+    console.info(`\u{1F30D} Using ${defaultEnv.length} default environment variable(s) for ${tool.name}`);
+  }
   if (customEnvVars.length > 0) {
     console.info(`\u{1F30D} Using ${customEnvVars.length} custom environment variable(s)`);
   }
@@ -123,6 +158,7 @@ async function executeToolCommand(command, args, { cwd, volumes: userVolumes, cu
     ] : [],
     "--rm",
     ...envArgs,
+    ...userIdEnvArgs,
     "-v",
     `${workspaceRoot}:/workspace`,
     "-w",
@@ -131,20 +167,26 @@ async function executeToolCommand(command, args, { cwd, volumes: userVolumes, cu
       "-p",
       publish.trim()
     ] : [],
-    ...volumes.map(getVolumeName).flatMap((volume) => [
+    ...resolveVolumePaths(volumes, workspaceRoot).flatMap((volume) => [
       "-v",
-      volume
+      getVolumeName(volume)
     ]),
     ...entrypoint ? [
       "--entrypoint",
       entrypoint
     ] : [],
-    imageURI,
+    imageUri,
     ...finalArgs
   ];
   const output = await lockMany(volumes.flatMap((volume) => volume.type === "isolate" && volume.locked ? [
     volume.name
-  ] : []), () => $`docker ${dockerArgs}`.nothrow());
+  ] : []), async () => {
+    const label = `\u23F1\uFE0F ${finalArgs.join(" ")}`;
+    console.time(label);
+    const result = await $`docker ${dockerArgs}`.nothrow();
+    console.timeEnd(label);
+    return result;
+  });
   if (output.exitCode) {
     throw new Error(`Failed to run Docker container (exit code: ${output.exitCode})`);
   }
@@ -153,5 +195,5 @@ async function executeToolCommand(command, args, { cwd, volumes: userVolumes, cu
 __name(executeToolCommand, "executeToolCommand");
 
 export { executeToolCommand };
-//# sourceMappingURL=DJEOCSEX.js.map
-//# sourceMappingURL=DJEOCSEX.js.map
+//# sourceMappingURL=TKT5HVBW.js.map
+//# sourceMappingURL=TKT5HVBW.js.map

package/dist/TKT5HVBW.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/core/tool-executor.ts"],"names":["getHostUserIds","userInfo","os","uid","gid","undefined","$","verbose","stdio","process","stderr","mergeVolumes","defaultVolumes","userVolumes","uniqBy","volume","containerPath","resolveVolumePaths","volumes","workspaceRoot","map","type","hostPath","path","resolve","replace","homedir","ensureDockerImage","imageUri","output","nothrow","stdout","includes","console","info","error","Error","stringifyError","exitCode","AWS_REGION","AWS_ACCOUNT_ID","join","executeToolCommand","context","toolName","args","cwd","customEntrypoint","entrypoint","env","customEnvVars","script","publish","versions","tool","findToolByName","length","name","overrides","filter","uv","some","dv","resolvedVersion","resolveTypeVersions","getSecondaryVersion","secondaryVersion","versionsSatisfied","warn","getImageUriForTool","getFullyQualifiedRepoRootPath","relativePath","relative","trim","defaultEnv","hasDockerSocketMount","v","dockerSocketEnv","value","envArgs","flatMap","hostUserIds","userIdEnvArgs","finalArgs","dockerArgs","privileged","getVolumeName","lockMany","locked","label","time","result","timeEnd"],"mappings":";;;;;;;;;;;;;;;;AAAA,cAAA,EAAA;AAuBA,IAAMA,iCAAiB,MAAA,CAAA,MAAA;AAEnB,EAAA,MAAMC,QAAAA,GAAWC,GAAGD,QAAAA,EAAQ;AAC5B,EAAA,IAAIA,QAAAA,CAASE,GAAAA,KAAQ,EAAA,IAAMF,QAAAA,CAASG,QAAQ,EAAA,EAAI;AAC5C,IAAA,OAAOC,MAAAA;AACX,EAAA;AACA,EAAA,OAAO;AAAEF,IAAAA,GAAAA,EAAKF,QAAAA,CAASE,GAAAA;AAAKC,IAAAA,GAAAA,EAAKH,QAAAA,CAASG;AAAI,GAAA;AAClD,CAAA,EAPuB,gBAAA,CAAA;AAUvBE,CAAAA,CAAEC,OAAAA,GAAU,IAAA;AACZD,CAAAA,CAAEE,KAAAA,GAAQ;AAAC,EAAA,SAAA;AAAW,EAAA,MAAA;EAAQC,OAAAA,CAAQC;;AAMtC,IAAMC,YAAAA,mBAAe,MAAA,CAAA,CACjBC,cAAAA,EACAC,WAAAA,KACkBC,MAAAA,CAAO;AAAID,EAAAA,GAAAA,WAAAA;AAAgBD,EAAAA,GAAAA;GAAiB,CAACG,MAAAA,KAAWA,MAAAA,CAAOC,aAAa,CAAA,EAH7E,cAAA,CAAA;AAWrB,IAAMC,kBAAAA,mBAAqB,MAAA,CAAA,CAACC,OAAAA,EAA0BC,aAAAA,KAClDD,OAAAA,CAAQE,IAAI,CAACL,MAAAA,KACTA,MAAAA,CAAOM,IAAAA,KAAS,MAAA,GACV;EACI,GAAGN,MAAAA;EACHO,QAAAA,EAAUC,IAAAA,CAAKC,OAAAA,CACXL,aAAAA,EACAJ,MAAAA,CAAOO,QAAAA,CAASG,QAAQ,IAAA,EAAMvB,EAAAA,CAAGwB,OAAAA,EAAO,CAAA;AAEhD,CAAA,GACAX,MAAAA,CAAAA,EAVa,oBAAA,CAAA;AAa3B,IAAMY,iBAAAA,iCAA2BC,QAAAA,KAAAA;AAC7B,EAAA,IAAIC,MAAAA;AAEJ,EAAA,IAAI;AAEAA,IAAAA,MAAAA,GAAS,MAAMvB,CAAAA,CAAAA,gBAAAA,EAAoBsB,QAAAA,CAAAA,CAAAA,CAAWE,OAAAA,EAAO;AAErD,IAAA,IAAID,MAAAA,CAAOE,MAAAA,CAAOC,QAAAA,CAASJ,QAAAA,CAAAA,EAAW;AAClCK,MAAAA,OAAAA,CAAQC,IAAAA,CAAK,CAAA,kCAAA,EAAgCN,QAAAA,CAAAA,CAAU,CAAA;AACvD,MAAA;AACJ,IAAA;AAEAK,IAAAA,OAAAA,CAAQC,IAAAA,CAAK,4CAAqCN,QAAAA,CAAAA;AAClDC,IAAAA,MAAAA,GAAS,MAAMvB,CAAAA,CAAAA,YAAAA,EAAgBsB,QAAAA,CAAAA,CAAAA,CAAWE,OAAAA,EAAO;AACrD,EAAA,CAAA,CAAA,OAASK,KAAAA,EAAgB;AACrB,IAAA,MAAM,IAAIC,MAAM,CAAA,4BAAA,EAA+BR,QAAAA,KAAaS,cAAAA,CAAeF,KAAAA,CAAAA,CAAAA,CAAQ,CAAA;AACvF,EAAA;AAEA,EAAA,IAAIN,OAAOS,QAAAA,EAAU;AACjB,IAAA,MAAM,IAAIF,KAAAA,CACN;AACI,MAAA,6BAAA;AACA,MAAA,CAAA,eAAA,EAAkBR,QAAAA,CAAAA,cAAAA,CAAAA;AAClB,MAAA,EAAA;AACA,MAAA,sBAAA;AACA,MAAA,CAAA,gEAAA,EAAmEW,UAAAA,CAAAA,gDAAAA,EACfC,cAAAA,CAAAA,SAAAA,EAA0BD,UAAAA,CAAAA,cAAAA,CAAAA;AAC9E,MAAA;AACFE,KAAAA,CAAAA,IAAAA,CAAK,IAAA,CAAA,CAAA;AAEf,EAAA;AAEAR,EAAAA,OAAAA,CAAQC,IAAAA,CAAK,CAAA,4BAAA,EAA0BN,QAAAA,CAAAA,CAAU,CAAA;AACrD,CAAA,EAjC0B,mBAAA,CAAA;AAgD1B,eAAsBc,mBAClBC,OAAAA,EACAC,QAAAA,EACAC,IAAAA,EACA,EACIC,KACA5B,OAAAA,EAASL,WAAAA,EACTkC,gBAAAA,EAAkBC,UAAAA,EAClBC,KAAKC,aAAAA,EACLC,MAAAA,EACAC,SACAC,QAAAA,GAAW,IAAE,EACa;AAE9B,EAAA,MAAMC,IAAAA,GAAOC,cAAAA,CAAeZ,OAAAA,EAASC,QAAAA,CAAAA;AAGrC,EAAA,MAAMhC,cAAAA,GAAiB0C,IAAAA,CAAK1C,cAAAA,IAAkB,EAAA;AAC9C,EAAA,MAAMM,OAAAA,GAAUP,YAAAA,CAAaC,cAAAA,EAAgBC,WAAAA,CAAAA;AAE7C,EAAA,IAAID,cAAAA,CAAe4C,SAAS,CAAA,EAAG;AAC3BvB,IAAAA,OAAAA,CAAQC,KAAK,CAAA,gBAAA,EAAYtB,cAAAA,CAAe4C,MAAM,CAAA,6BAAA,EAAgCF,IAAAA,CAAKG,IAAI,CAAA,CAAE,CAAA;AACzF,IAAA,IAAI5C,WAAAA,CAAY2C,SAAS,CAAA,EAAG;AACxB,MAAA,MAAME,SAAAA,GAAY7C,WAAAA,CAAY8C,MAAAA,CAAO,CAACC,EAAAA,KAClChD,cAAAA,CAAeiD,IAAAA,CAAK,CAACC,EAAAA,KAAOA,EAAAA,CAAG9C,aAAAA,KAAkB4C,EAAAA,CAAG5C,aAAa,CAAA,CAAA;AAErE,MAAA,IAAI0C,SAAAA,CAAUF,SAAS,CAAA,EAAG;AACtBvB,QAAAA,OAAAA,CAAQC,IAAAA,CAAK,CAAA,gCAAA,EAA4BwB,SAAAA,CAAUF,MAAM,CAAA,kBAAA,CAAoB,CAAA;AACjF,MAAA;AACJ,IAAA;AACJ,EAAA;AAGA,EAAA,MAAMO,kBAAkBC,mBAAAA,CAAoBrB,OAAAA,EAASU,QAAAA,CAAAA,CAAUC,KAAKG,IAAI,CAAA;AAExE,EAAA,IAAI,CAACM,eAAAA,EAAiB;AAClB,IAAA,MAAM,IAAI3B,KAAAA,CAAM,CAAA,6BAAA,EAAgCkB,IAAAA,CAAKG,IAAI,CAAA,CAAE,CAAA;AAC/D,EAAA;AAEAxB,EAAAA,OAAAA,CAAQC,KAAK,CAAA,UAAA,EAAMoB,IAAAA,CAAKG,IAAI,CAAA,UAAA,EAAaM,eAAAA,CAAAA,CAAiB,CAAA;AAG1D,EAAA,IAAIT,KAAKW,mBAAAA,EAAqB;AAC1B,IAAA,IAAI;AACA,MAAA,MAAMC,gBAAAA,GAAmBZ,KAAKW,mBAAAA,CAAoB;AAAEnB,QAAAA;OAAI,CAAA;AAExD,MAAA,IAAI,CAACqB,iBAAAA,CAAkBD,gBAAAA,EAAkBH,eAAAA,CAAAA,EAAkB;AACvD9B,QAAAA,OAAAA,CAAQmC,IAAAA,CACJ,CAAA,sCAAA,EAAyCF,gBAAAA,CAAAA,iCAAAA,EAAoDH,eAAAA,CAAAA,CAAAA,CAAkB,CAAA;AAEvH,MAAA;AACJ,IAAA,CAAA,CAAA,OAAS5B,KAAAA,EAAO;AAEZF,MAAAA,OAAAA,CAAQmC,IAAAA,CAAK,uCAAA,EAAyC/B,cAAAA,CAAeF,KAAAA,CAAAA,CAAAA;AACzE,IAAA;AACJ,EAAA;AAGA,EAAA,MAAMP,QAAAA,GAAWyC,kBAAAA,CAAmB1B,OAAAA,EAASW,IAAAA,CAAKG,MAAMM,eAAAA,CAAAA;AACxD,EAAA,MAAM5C,aAAAA,GAAgB,MAAMmD,6BAAAA,EAAAA;AAC5B,EAAA,MAAMC,YAAAA,GAAehD,IAAAA,CAAKiD,QAAAA,CAASrD,aAAAA,EAAe2B,GAAAA,CAAAA;AAElD,EAAA,MAAMnB,kBAAkBC,QAAAA,CAAAA;AAExB,EAAA,IAAIoB,UAAAA,EAAYyB,MAAAA,EAAQ;AACpBxC,IAAAA,OAAAA,CAAQC,IAAAA,CAAK,CAAA,mCAAA,EAA+Bc,UAAAA,CAAAA,CAAY,CAAA;AAC5D,EAAA;AAGA,EAAA,MAAM0B,UAAAA,GAAapB,IAAAA,CAAKoB,UAAAA,IAAc,EAAA;AAItC,EAAA,MAAMC,oBAAAA,GAAuBzD,OAAAA,CAAQ2C,IAAAA,CACjC,CAACe,CAAAA,KAAMA,EAAEvD,IAAAA,KAAS,MAAA,IAAUuD,CAAAA,CAAE5D,aAAAA,KAAkB,sBAAA,CAAA;AAEpD,EAAA,MAAM6D,kBAAyCF,oBAAAA,GACzC;AACI,IAAA;MAAElB,IAAAA,EAAM,UAAA;MAAYqB,KAAAA,EAAOhC;AAAI,KAAA;AAC/B,IAAA;MAAEW,IAAAA,EAAM,qBAAA;MAAuBqB,KAAAA,EAAO3D;AAAc;MAExD,EAAA;AAEN,EAAA,MAAM4D,UAAUjE,MAAAA,CACZ;AAAIoC,IAAAA,GAAAA,aAAAA;AAAkB2B,IAAAA,GAAAA,eAAAA;AAAoBH,IAAAA,GAAAA;KAC1C,CAAC,EAAEjB,IAAAA,EAAI,KAAOA,IAAAA,CAAAA,CAChBuB,QAAQ,CAAC,EAAEvB,IAAAA,EAAMqB,KAAAA,EAAK,KAAO;AAAC,IAAA,IAAA;IAAM,CAAA,EAAGrB,IAAAA,IAAQqB,KAAAA,CAAAA;AAAQ,GAAA,CAAA;AAKzD,EAAA,MAAMG,cAAcjF,cAAAA,EAAAA;AACpB,EAAA,MAAMkF,aAAAA,GACFD,WAAAA,IAAe3B,IAAAA,CAAKG,IAAAA,KAAS,SAAA,GACvB;AAAC,IAAA,IAAA;AAAM,IAAA,CAAA,UAAA,EAAawB,YAAY9E,GAAG,CAAA,CAAA;AAAI,IAAA,IAAA;AAAM,IAAA,CAAA,UAAA,EAAa8E,YAAY7E,GAAG,CAAA;MACzE,EAAA;AAEV,EAAA,IAAI6E,WAAAA,IAAe3B,IAAAA,CAAKG,IAAAA,KAAS,SAAA,EAAW;AACxCxB,IAAAA,OAAAA,CAAQC,KAAK,CAAA,uCAAA,EAAmC+C,WAAAA,CAAY9E,GAAG,CAAA,CAAA,EAAI8E,WAAAA,CAAY7E,GAAG,CAAA,CAAE,CAAA;AACxF,EAAA;AAEA,EAAA,IAAIsE,UAAAA,CAAWlB,SAAS,CAAA,EAAG;AACvBvB,IAAAA,OAAAA,CAAQC,KACJ,CAAA,gBAAA,EAAYwC,UAAAA,CAAWlB,MAAM,CAAA,qCAAA,EAAwCF,IAAAA,CAAKG,IAAI,CAAA,CAAE,CAAA;AAExF,EAAA;AACA,EAAA,IAAIP,aAAAA,CAAcM,SAAS,CAAA,EAAG;AAC1BvB,IAAAA,OAAAA,CAAQC,IAAAA,CAAK,CAAA,gBAAA,EAAYgB,aAAAA,CAAcM,MAAM,CAAA,+BAAA,CAAiC,CAAA;AAClF,EAAA;AAGA,EAAA,IAAI2B,SAAAA;AACJ,EAAA,IAAIhC,MAAAA,IAAUA,MAAAA,CAAOsB,IAAAA,EAAI,KAAO,EAAA,EAAI;AAChCxC,IAAAA,OAAAA,CAAQC,IAAAA,CAAK,CAAA,mCAAA,EAA+BiB,MAAAA,CAAAA,CAAQ,CAAA;AACpDgC,IAAAA,SAAAA,GAAY;AAAC,MAAA,MAAA;AAAQ,MAAA,IAAA;AAAMhC,MAAAA;;EAC/B,CAAA,MAAO;AACHgC,IAAAA,SAAAA,GAAYnC,eAAe3C,MAAAA,GAAY;MAACiD,IAAAA,CAAKG,IAAAA;AAASZ,MAAAA,GAAAA;AAAQA,KAAAA,GAAAA,IAAAA;AAClE,EAAA;AAGA,EAAA,MAAMuC,UAAAA,GAAa;AACf,IAAA,KAAA;AACI9B,IAAAA,GAAAA,IAAAA,CAAK+B,UAAAA,GAAa;AAAC,MAAA;QAAkB,EAAA;AACzC,IAAA,MAAA;AACGN,IAAAA,GAAAA,OAAAA;AACAG,IAAAA,GAAAA,aAAAA;AACH,IAAA,IAAA;AACA,IAAA,CAAA,EAAG/D,aAAAA,CAAAA,WAAAA,CAAAA;AACH,IAAA,IAAA;AACA,IAAA,CAAA,WAAA,EAAcoD,YAAAA,CAAAA,CAAAA;OACVnB,OAAAA,GAAU;AAAC,MAAA,IAAA;AAAMA,MAAAA,OAAAA,CAAQqB,IAAAA;QAAU,EAAA;AACpCxD,IAAAA,GAAAA,kBAAAA,CAAmBC,OAAAA,EAASC,aAAAA,CAAAA,CAAe6D,OAAAA,CAAQ,CAACjE,MAAAA,KAAW;AAC9D,MAAA,IAAA;AACAuE,MAAAA,aAAAA,CAAcvE,MAAAA;AACjB,KAAA,CAAA;OACGiC,UAAAA,GAAa;AAAC,MAAA,cAAA;AAAgBA,MAAAA;QAAc,EAAA;AAChDpB,IAAAA,QAAAA;AACGuD,IAAAA,GAAAA;;AAGP,EAAA,MAAMtD,MAAAA,GAAS,MAAM0D,QAAAA,CACjBrE,OAAAA,CAAQ8D,OAAAA,CAAQ,CAACjE,MAAAA,KACbA,MAAAA,CAAOM,IAAAA,KAAS,SAAA,IAAaN,MAAAA,CAAOyE,MAAAA,GAAS;IAACzE,MAAAA,CAAO0C;MAAQ,EAAE,GAEnE,YAAA;AACI,IAAA,MAAMgC,KAAAA,GAAQ,CAAA,aAAA,EAAMN,SAAAA,CAAU1C,IAAAA,CAAK,GAAA,CAAA,CAAA,CAAA;AACnCR,IAAAA,OAAAA,CAAQyD,KAAKD,KAAAA,CAAAA;AACb,IAAA,MAAME,MAAAA,GAAS,MAAMrF,CAAAA,CAAAA,OAAAA,EAAW8E,UAAAA,GAAatD,OAAAA,EAAO;AACpDG,IAAAA,OAAAA,CAAQ2D,QAAQH,KAAAA,CAAAA;AAEhB,IAAA,OAAOE,MAAAA;EACX,CAAA,CAAA;AAGJ,EAAA,IAAI9D,OAAOS,QAAAA,EAAU;AACjB,IAAA,MAAM,IAAIF,KAAAA,CAAM,CAAA,2CAAA,EAA8CP,MAAAA,CAAOS,QAAQ,CAAA,CAAA,CAAG,CAAA;AACpF,EAAA;AAEA,EAAA,OAAOT,MAAAA;AACX;AA/JsBa,MAAAA,CAAAA,kBAAAA,EAAAA,oBAAAA,CAAAA","file":"TKT5HVBW.js","sourcesContent":["import { uniqBy } from 'es-toolkit';\nimport os from 'node:os';\nimport path from 'node:path';\nimport process from 'node:process';\nimport { $, type ProcessOutput } from 'zx';\n\nimport { getFullyQualifiedRepoRootPath } from '@layerzerolabs/common-node-utils';\n\nimport { AWS_ACCOUNT_ID, AWS_REGION } from '../config';\nimport type { ChainContext } from '../context';\nimport type { EnvironmentVariable, VolumeMapping } from '../types';\nimport { getImageUriForTool, getVolumeName } from '../utils/docker';\nimport { stringifyError } from '../utils/error';\nimport { findToolByName } from '../utils/finder';\nimport { versionsSatisfied } from '../utils/version';\nimport { lockMany } from './lock';\nimport { resolveTypeVersions } from './version-resolver';\n\n/**\n * Get the current user's UID and GID for Docker container user matching.\n * This prevents permission issues when containers write to bind-mounted directories.\n * On Windows, returns undefined as UID/GID matching is not needed.\n */\nconst getHostUserIds = (): { uid: number; gid: number } | undefined => {\n    // os.userInfo() returns uid/gid on POSIX systems, -1 on Windows\n    const userInfo = os.userInfo();\n    if (userInfo.uid === -1 || userInfo.gid === -1) {\n        return undefined;\n    }\n    return { uid: userInfo.uid, gid: userInfo.gid };\n};\n\n// Configure zx to inherit stdio by default (moved from original setup)\n$.verbose = true;\n$.stdio = ['inherit', 'pipe', process.stderr];\n\n/**\n * Merge default volumes with user-specified volumes\n * User volumes take precedence when containerPath conflicts\n */\nconst mergeVolumes = (\n    defaultVolumes: readonly VolumeMapping[],\n    userVolumes: readonly VolumeMapping[],\n): VolumeMapping[] => uniqBy([...userVolumes, ...defaultVolumes], (volume) => volume.containerPath);\n\n/**\n * Resolve host paths in volumes to absolute paths\n * - Paths starting with ~ are resolved to home directory\n * - Relative paths (starting with . or no prefix) are resolved to workspace root\n * - Absolute paths are left unchanged\n */\nconst resolveVolumePaths = (volumes: VolumeMapping[], workspaceRoot: string): VolumeMapping[] =>\n    volumes.map((volume) =>\n        volume.type === 'host'\n            ? {\n                  ...volume,\n                  hostPath: path.resolve(\n                      workspaceRoot,\n                      volume.hostPath.replace(/^~/, os.homedir()),\n                  ),\n              }\n            : volume,\n    );\n\nconst ensureDockerImage = async (imageUri: string): Promise<void> => {\n    let output: ProcessOutput;\n\n    try {\n        // Check local images first.\n        output = await $`docker image ls ${imageUri}`.nothrow();\n\n        if (output.stdout.includes(imageUri)) {\n            console.info(`✅ Using cached Docker image: ${imageUri}`);\n            return;\n        }\n\n        console.info('📥 Pulling Docker image from ECR:', imageUri);\n        output = await $`docker pull ${imageUri}`.nothrow();\n    } catch (error: unknown) {\n        throw new Error(`Failed to pull Docker image ${imageUri}: ${stringifyError(error)}`);\n    }\n\n    if (output.exitCode) {\n        throw new Error(\n            [\n                'Docker image not available:',\n                `  - ECR image: ${imageUri} (pull failed)`,\n                '',\n                '💡 Solutions:',\n                `  1. Authenticate with ECR: aws ecr get-login-password --region ${AWS_REGION} | ` +\n                    `docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com`,\n                '  2. Check if the image tag exists in ECR.',\n            ].join('\\n'),\n        );\n    }\n\n    console.info(`✅ Successfully pulled: ${imageUri}`);\n};\n\nexport interface ToolCommandExecutionOptions {\n    cwd: string;\n    volumes: readonly VolumeMapping[];\n    customEntrypoint?: string;\n    env: EnvironmentVariable[];\n    script?: string;\n    publish?: string;\n    versions?: Record<string, string>;\n}\n\n/**\n * Enhanced tool command execution using the new version compatibility matrix system\n */\nexport async function executeToolCommand<TImageId extends string>(\n    context: ChainContext<TImageId>,\n    toolName: string,\n    args: string[],\n    {\n        cwd,\n        volumes: userVolumes,\n        customEntrypoint: entrypoint,\n        env: customEnvVars,\n        script,\n        publish,\n        versions = {},\n    }: ToolCommandExecutionOptions,\n): Promise<ProcessOutput> {\n    const tool = findToolByName(context, toolName);\n\n    // Merge default volumes with user-specified volumes\n    const defaultVolumes = tool.defaultVolumes ?? [];\n    const volumes = mergeVolumes(defaultVolumes, userVolumes);\n\n    if (defaultVolumes.length > 0) {\n        console.info(`📦 Using ${defaultVolumes.length} default cache volume(s) for ${tool.name}`);\n        if (userVolumes.length > 0) {\n            const overrides = userVolumes.filter((uv) =>\n                defaultVolumes.some((dv) => dv.containerPath === uv.containerPath),\n            );\n            if (overrides.length > 0) {\n                console.info(`🔧 User volumes override ${overrides.length} default volume(s)`);\n            }\n        }\n    }\n\n    // Get the resolved version for the current tool.\n    const resolvedVersion = resolveTypeVersions(context, versions)[tool.name];\n\n    if (!resolvedVersion) {\n        throw new Error(`No version resolved for tool ${tool.name}`);\n    }\n\n    console.info(`🔧 ${tool.name} version: ${resolvedVersion}`);\n\n    // Check secondary version validation if available\n    if (tool.getSecondaryVersion) {\n        try {\n            const secondaryVersion = tool.getSecondaryVersion({ cwd });\n\n            if (!versionsSatisfied(secondaryVersion, resolvedVersion)) {\n                console.warn(\n                    `Warning: Local configuration version (${secondaryVersion}) differs from resolved version (${resolvedVersion})`,\n                );\n            }\n        } catch (error) {\n            // Secondary version check failed, but continue with resolved version\n            console.warn('Could not validate secondary version:', stringifyError(error));\n        }\n    }\n\n    // Use Docker image with merged volumes\n    const imageUri = getImageUriForTool(context, tool.name, resolvedVersion);\n    const workspaceRoot = await getFullyQualifiedRepoRootPath();\n    const relativePath = path.relative(workspaceRoot, cwd);\n\n    await ensureDockerImage(imageUri);\n\n    if (entrypoint?.trim()) {\n        console.info(`🔧 Using custom entrypoint: ${entrypoint}`);\n    }\n\n    // Merge default env vars with custom env vars (custom takes precedence)\n    const defaultEnv = tool.defaultEnv ?? [];\n\n    // Check if Docker socket is mounted (for tools that spawn Docker containers like anchor --verifiable)\n    // If so, inject HOST_CWD and HOST_WORKSPACE_ROOT so the inner container knows the host paths\n    const hasDockerSocketMount = volumes.some(\n        (v) => v.type === 'host' && v.containerPath === '/var/run/docker.sock',\n    );\n    const dockerSocketEnv: EnvironmentVariable[] = hasDockerSocketMount\n        ? [\n              { name: 'HOST_CWD', value: cwd },\n              { name: 'HOST_WORKSPACE_ROOT', value: workspaceRoot },\n          ]\n        : [];\n\n    const envArgs = uniqBy(\n        [...customEnvVars, ...dockerSocketEnv, ...defaultEnv],\n        ({ name }) => name,\n    ).flatMap(({ name, value }) => ['-e', `${name}=${value}`]);\n\n    // Add host user UID/GID for permission matching on Linux/macOS\n    // This prevents artifacts created in containers from having root ownership\n    // Currently only used for stellar which has an entrypoint that handles UID/GID\n    const hostUserIds = getHostUserIds();\n    const userIdEnvArgs =\n        hostUserIds && tool.name === 'stellar'\n            ? ['-e', `LOCAL_UID=${hostUserIds.uid}`, '-e', `LOCAL_GID=${hostUserIds.gid}`]\n            : [];\n\n    if (hostUserIds && tool.name === 'stellar') {\n        console.info(`👤 Running container as UID:GID ${hostUserIds.uid}:${hostUserIds.gid}`);\n    }\n\n    if (defaultEnv.length > 0) {\n        console.info(\n            `🌍 Using ${defaultEnv.length} default environment variable(s) for ${tool.name}`,\n        );\n    }\n    if (customEnvVars.length > 0) {\n        console.info(`🌍 Using ${customEnvVars.length} custom environment variable(s)`);\n    }\n\n    // Handle custom script execution\n    let finalArgs: string[];\n    if (script && script.trim() !== '') {\n        console.info(`📜 Executing custom script: ${script}`);\n        finalArgs = ['bash', '-c', script];\n    } else {\n        finalArgs = entrypoint === undefined ? [tool.name, ...args] : args;\n    }\n\n    // Build the Docker command with proper argument separation\n    const dockerArgs = [\n        'run',\n        ...(tool.privileged ? ['--privileged'] : []),\n        '--rm',\n        ...envArgs,\n        ...userIdEnvArgs,\n        '-v',\n        `${workspaceRoot}:/workspace`,\n        '-w',\n        `/workspace/${relativePath}`,\n        ...(publish ? ['-p', publish.trim()] : []),\n        ...resolveVolumePaths(volumes, workspaceRoot).flatMap((volume) => [\n            '-v',\n            getVolumeName(volume),\n        ]),\n        ...(entrypoint ? ['--entrypoint', entrypoint] : []),\n        imageUri,\n        ...finalArgs,\n    ];\n\n    const output = await lockMany(\n        volumes.flatMap((volume) =>\n            volume.type === 'isolate' && volume.locked ? [volume.name] : [],\n        ),\n        async () => {\n            const label = `⏱️ ${finalArgs.join(' ')}`;\n            console.time(label);\n            const result = await $`docker ${dockerArgs}`.nothrow();\n            console.timeEnd(label);\n\n            return result;\n        },\n    );\n\n    if (output.exitCode) {\n        throw new Error(`Failed to run Docker container (exit code: ${output.exitCode})`);\n    }\n\n    return output;\n}\n"]}