@neon/config 0.0.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. package/LICENSE.md +178 -0
  2. package/README.md +148 -0
  3. package/dist/index.d.ts +11 -0
  4. package/dist/index.js +10 -0
  5. package/dist/lib/auth.d.ts +67 -0
  6. package/dist/lib/auth.d.ts.map +1 -0
  7. package/dist/lib/auth.js +107 -0
  8. package/dist/lib/auth.js.map +1 -0
  9. package/dist/lib/credentials.d.ts +37 -0
  10. package/dist/lib/credentials.d.ts.map +1 -0
  11. package/dist/lib/credentials.js +30 -0
  12. package/dist/lib/credentials.js.map +1 -0
  13. package/dist/lib/define-config.d.ts +123 -0
  14. package/dist/lib/define-config.d.ts.map +1 -0
  15. package/dist/lib/define-config.js +168 -0
  16. package/dist/lib/define-config.js.map +1 -0
  17. package/dist/lib/diff.d.ts +120 -0
  18. package/dist/lib/diff.d.ts.map +1 -0
  19. package/dist/lib/diff.js +284 -0
  20. package/dist/lib/diff.js.map +1 -0
  21. package/dist/lib/duration.d.ts +68 -0
  22. package/dist/lib/duration.d.ts.map +1 -0
  23. package/dist/lib/duration.js +111 -0
  24. package/dist/lib/duration.js.map +1 -0
  25. package/dist/lib/errors.d.ts +140 -0
  26. package/dist/lib/errors.d.ts.map +1 -0
  27. package/dist/lib/errors.js +185 -0
  28. package/dist/lib/errors.js.map +1 -0
  29. package/dist/lib/loader.d.ts +44 -0
  30. package/dist/lib/loader.d.ts.map +1 -0
  31. package/dist/lib/loader.js +120 -0
  32. package/dist/lib/loader.js.map +1 -0
  33. package/dist/lib/neon-api-real.d.ts +92 -0
  34. package/dist/lib/neon-api-real.d.ts.map +1 -0
  35. package/dist/lib/neon-api-real.js +957 -0
  36. package/dist/lib/neon-api-real.js.map +1 -0
  37. package/dist/lib/neon-api.d.ts +373 -0
  38. package/dist/lib/neon-api.d.ts.map +1 -0
  39. package/dist/lib/neon-api.js +1 -0
  40. package/dist/lib/patterns.d.ts +43 -0
  41. package/dist/lib/patterns.d.ts.map +1 -0
  42. package/dist/lib/patterns.js +76 -0
  43. package/dist/lib/patterns.js.map +1 -0
  44. package/dist/lib/schema.d.ts +215 -0
  45. package/dist/lib/schema.d.ts.map +1 -0
  46. package/dist/lib/schema.js +284 -0
  47. package/dist/lib/schema.js.map +1 -0
  48. package/dist/lib/types.d.ts +546 -0
  49. package/dist/lib/types.d.ts.map +1 -0
  50. package/dist/lib/types.js +18 -0
  51. package/dist/lib/types.js.map +1 -0
  52. package/dist/lib/wrap-neon-error.d.ts +30 -0
  53. package/dist/lib/wrap-neon-error.d.ts.map +1 -0
  54. package/dist/lib/wrap-neon-error.js +139 -0
  55. package/dist/lib/wrap-neon-error.js.map +1 -0
  56. package/dist/v1.d.ts +211 -0
  57. package/dist/v1.d.ts.map +1 -0
  58. package/dist/v1.js +82 -0
  59. package/dist/v1.js.map +1 -0
  60. package/package.json +57 -18
@@ -0,0 +1,76 @@
1
+ //#region src/lib/patterns.ts
2
+ /**
3
+ * Branch-name pattern helpers. Patterns are GitHub-branch-protection style globs:
4
+ * `*` matches one or more characters within a name segment. `**` is not supported (branch
5
+ * names cannot contain `/` in Neon).
6
+ */
7
+ /** Returns `true` when the pattern contains an unescaped wildcard. */
8
+ function isWildcardPattern(pattern) {
9
+ return pattern.includes("*");
10
+ }
11
+ /**
12
+ * Returns `true` if `branchName` matches `pattern`. Anchors at both ends.
13
+ */
14
+ function matchPattern(pattern, branchName) {
15
+ return patternToRegex(pattern).test(branchName);
16
+ }
17
+ /**
18
+ * Substitute every `*` in `pattern` with `replacement`. When the pattern has no `*`, the
19
+ * replacement is appended with a `-` separator so the caller still gets a unique name.
20
+ *
21
+ * Pure function. The returned string is **not** validated — callers compose it from
22
+ * sources that already passed {@link validatePattern} (the pattern) and
23
+ * {@link normalizeGitBranch}-style sanitization (the replacement).
24
+ *
25
+ * @example
26
+ * fillPattern("preview-*", "andre-feature-a1b2c3") // → "preview-andre-feature-a1b2c3"
27
+ * fillPattern("feat-*-staging", "x") // → "feat-x-staging"
28
+ * fillPattern("specific", "x") // → "specific-x"
29
+ */
30
+ function fillPattern(pattern, replacement) {
31
+ if (!isWildcardPattern(pattern)) return `${pattern}-${replacement}`;
32
+ return pattern.replaceAll("*", replacement);
33
+ }
34
+ /**
35
+ * Validate a branch pattern. Pure — returns either `{ ok: true }` or `{ error: string }`.
36
+ *
37
+ * Rules:
38
+ * - Non-empty after trim, no leading/trailing whitespace.
39
+ * - Length <= 256 (Neon branch name max).
40
+ * - May contain `*`, ASCII letters/digits, and the punctuation Neon allows in branch names:
41
+ * `-`, `_`, `.`, `/`. Whitespace and regex meta-characters other than `*` are rejected.
42
+ */
43
+ function validatePattern(pattern) {
44
+ const trimmed = pattern.trim();
45
+ if (trimmed === "") return { error: "branch pattern is empty" };
46
+ if (trimmed !== pattern) return { error: `branch pattern has leading or trailing whitespace: ${JSON.stringify(pattern)}` };
47
+ if (trimmed.length > 256) return { error: `branch pattern exceeds 256 characters: ${trimmed.length} chars` };
48
+ if (!/^[A-Za-z0-9._\-*/]+$/.test(trimmed)) return { error: `branch pattern contains unsupported characters; allowed: letters, digits, '-', '_', '.', '/', '*' (got ${JSON.stringify(pattern)})` };
49
+ return { ok: true };
50
+ }
51
+ function patternToRegex(pattern) {
52
+ let body = "";
53
+ for (const ch of pattern) if (ch === "*") body += ".*";
54
+ else if (REGEX_META.has(ch)) body += `\\${ch}`;
55
+ else body += ch;
56
+ return new RegExp(`^${body}$`);
57
+ }
58
+ const REGEX_META = /* @__PURE__ */ new Set([
59
+ ".",
60
+ "+",
61
+ "?",
62
+ "^",
63
+ "$",
64
+ "(",
65
+ ")",
66
+ "[",
67
+ "]",
68
+ "{",
69
+ "}",
70
+ "|",
71
+ "\\"
72
+ ]);
73
+ //#endregion
74
+ export { fillPattern, isWildcardPattern, matchPattern, validatePattern };
75
+
76
+ //# sourceMappingURL=patterns.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"patterns.js","names":[],"sources":["../../src/lib/patterns.ts"],"sourcesContent":["/**\n * Branch-name pattern helpers. Patterns are GitHub-branch-protection style globs:\n * `*` matches one or more characters within a name segment. `**` is not supported (branch\n * names cannot contain `/` in Neon).\n */\n\n/** Returns `true` when the pattern contains an unescaped wildcard. */\nexport function isWildcardPattern(pattern: string): boolean {\n\treturn pattern.includes(\"*\");\n}\n\n/**\n * Returns `true` if `branchName` matches `pattern`. Anchors at both ends.\n */\nexport function matchPattern(pattern: string, branchName: string): boolean {\n\tconst regex = patternToRegex(pattern);\n\treturn regex.test(branchName);\n}\n\n/**\n * Substitute every `*` in `pattern` with `replacement`. When the pattern has no `*`, the\n * replacement is appended with a `-` separator so the caller still gets a unique name.\n *\n * Pure function. The returned string is **not** validated — callers compose it from\n * sources that already passed {@link validatePattern} (the pattern) and\n * {@link normalizeGitBranch}-style sanitization (the replacement).\n *\n * @example\n * fillPattern(\"preview-*\", \"andre-feature-a1b2c3\") // → \"preview-andre-feature-a1b2c3\"\n * fillPattern(\"feat-*-staging\", \"x\") // → \"feat-x-staging\"\n * fillPattern(\"specific\", \"x\") // → \"specific-x\"\n */\nexport function fillPattern(pattern: string, replacement: string): string {\n\tif (!isWildcardPattern(pattern)) return `${pattern}-${replacement}`;\n\treturn pattern.replaceAll(\"*\", replacement);\n}\n\n/**\n * Validate a branch pattern. Pure — returns either `{ ok: true }` or `{ error: string }`.\n *\n * Rules:\n * - Non-empty after trim, no leading/trailing whitespace.\n * - Length <= 256 (Neon branch name max).\n * - May contain `*`, ASCII letters/digits, and the punctuation Neon allows in branch names:\n * `-`, `_`, `.`, `/`. Whitespace and regex meta-characters other than `*` are rejected.\n */\nexport function validatePattern(\n\tpattern: string,\n): { ok: true } | { error: string } {\n\tconst trimmed = pattern.trim();\n\tif (trimmed === \"\") return { error: \"branch pattern is empty\" };\n\tif (trimmed !== pattern) {\n\t\treturn {\n\t\t\terror: `branch pattern has leading or trailing whitespace: ${JSON.stringify(pattern)}`,\n\t\t};\n\t}\n\tif (trimmed.length > 256) {\n\t\treturn {\n\t\t\terror: `branch pattern exceeds 256 characters: ${trimmed.length} chars`,\n\t\t};\n\t}\n\tif (!/^[A-Za-z0-9._\\-*/]+$/.test(trimmed)) {\n\t\treturn {\n\t\t\terror: `branch pattern contains unsupported characters; allowed: letters, digits, '-', '_', '.', '/', '*' (got ${JSON.stringify(pattern)})`,\n\t\t};\n\t}\n\treturn { ok: true };\n}\n\nfunction patternToRegex(pattern: string): RegExp {\n\tlet body = \"\";\n\tfor (const ch of pattern) {\n\t\tif (ch === \"*\") {\n\t\t\tbody += \".*\";\n\t\t} else if (REGEX_META.has(ch)) {\n\t\t\tbody += `\\\\${ch}`;\n\t\t} else {\n\t\t\tbody += ch;\n\t\t}\n\t}\n\treturn new RegExp(`^${body}$`);\n}\n\nconst REGEX_META = new Set([\n\t\".\",\n\t\"+\",\n\t\"?\",\n\t\"^\",\n\t\"$\",\n\t\"(\",\n\t\")\",\n\t\"[\",\n\t\"]\",\n\t\"{\",\n\t\"}\",\n\t\"|\",\n\t\"\\\\\",\n]);\n"],"mappings":";;;;;;;AAOA,SAAgB,kBAAkB,SAA0B;CAC3D,OAAO,QAAQ,SAAS,GAAG;AAC5B;;;;AAKA,SAAgB,aAAa,SAAiB,YAA6B;CAE1E,OADc,eAAe,OAClB,CAAC,CAAC,KAAK,UAAU;AAC7B;;;;;;;;;;;;;;AAeA,SAAgB,YAAY,SAAiB,aAA6B;CACzE,IAAI,CAAC,kBAAkB,OAAO,GAAG,OAAO,GAAG,QAAQ,GAAG;CACtD,OAAO,QAAQ,WAAW,KAAK,WAAW;AAC3C;;;;;;;;;;AAWA,SAAgB,gBACf,SACmC;CACnC,MAAM,UAAU,QAAQ,KAAK;CAC7B,IAAI,YAAY,IAAI,OAAO,EAAE,OAAO,0BAA0B;CAC9D,IAAI,YAAY,SACf,OAAO,EACN,OAAO,sDAAsD,KAAK,UAAU,OAAO,IACpF;CAED,IAAI,QAAQ,SAAS,KACpB,OAAO,EACN,OAAO,0CAA0C,QAAQ,OAAO,QACjE;CAED,IAAI,CAAC,uBAAuB,KAAK,OAAO,GACvC,OAAO,EACN,OAAO,0GAA0G,KAAK,UAAU,OAAO,EAAE,GAC1I;CAED,OAAO,EAAE,IAAI,KAAK;AACnB;AAEA,SAAS,eAAe,SAAyB;CAChD,IAAI,OAAO;CACX,KAAK,MAAM,MAAM,SAChB,IAAI,OAAO,KACV,QAAQ;MACF,IAAI,WAAW,IAAI,EAAE,GAC3B,QAAQ,KAAK;MAEb,QAAQ;CAGV,OAAO,IAAI,OAAO,IAAI,KAAK,EAAE;AAC9B;AAEA,MAAM,6BAAa,IAAI,IAAI;CAC1B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;AACD,CAAC"}
@@ -0,0 +1,215 @@
1
+ import { z } from "zod";
2
+
3
+ //#region src/lib/schema.d.ts
4
+
5
+ /**
6
+ * Zod schema for {@link import("./types.js").ComputeSettings}.
7
+ *
8
+ * - CU values must be one of: 0.25, 0.5, 1, 2, 4, 8
9
+ * - `suspendTimeout` can be:
10
+ * - `false` (never suspend)
11
+ * - duration string like "5m", "1h" (must be 60s-604800s when parsed)
12
+ * - number in seconds (60-604800, or -1/0 for special values)
13
+ * - `undefined` (use platform default)
14
+ *
15
+ * Cross-field invariants (min <= max) are enforced via `superRefine`.
16
+ */
17
+ declare const computeSettingsSchema: z.ZodObject<{
18
+ autoscalingLimitMinCu: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<0.25>, z.ZodLiteral<0.5>, z.ZodLiteral<1>, z.ZodLiteral<2>, z.ZodLiteral<4>, z.ZodLiteral<8>]>>;
19
+ autoscalingLimitMaxCu: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<0.25>, z.ZodLiteral<0.5>, z.ZodLiteral<1>, z.ZodLiteral<2>, z.ZodLiteral<4>, z.ZodLiteral<8>]>>;
20
+ suspendTimeout: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<false>, z.ZodString, z.ZodNumber]>>;
21
+ }, z.core.$strict>;
22
+ /** Object form of a service toggle (`{ enabled?: boolean }`). */
23
+ declare const serviceToggleSchema: z.ZodObject<{
24
+ enabled: z.ZodOptional<z.ZodBoolean>;
25
+ }, z.core.$strict>;
26
+ /** A service toggle as written in a policy: `boolean` or `{ enabled?: boolean }`. */
27
+ declare const serviceToggleInputSchema: z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
28
+ enabled: z.ZodOptional<z.ZodBoolean>;
29
+ }, z.core.$strict>]>;
30
+ /**
31
+ * Reusable Data API runtime settings (camelCase mirror of the Neon API `DataAPISettings`).
32
+ * `strictObject` so a typo / snake_case key fails loudly instead of being silently dropped.
33
+ */
34
+ declare const dataApiSettingsSchema: z.ZodObject<{
35
+ dbAggregatesEnabled: z.ZodOptional<z.ZodBoolean>;
36
+ dbAnonRole: z.ZodOptional<z.ZodString>;
37
+ dbExtraSearchPath: z.ZodOptional<z.ZodString>;
38
+ dbMaxRows: z.ZodOptional<z.ZodNumber>;
39
+ dbSchemas: z.ZodOptional<z.ZodArray<z.ZodString>>;
40
+ jwtRoleClaimKey: z.ZodOptional<z.ZodString>;
41
+ jwtCacheMaxLifetime: z.ZodOptional<z.ZodNumber>;
42
+ openapiMode: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"ignore-privileges">, z.ZodLiteral<"disabled">]>>;
43
+ serverCorsAllowedOrigins: z.ZodOptional<z.ZodString>;
44
+ serverTimingEnabled: z.ZodOptional<z.ZodBoolean>;
45
+ }, z.core.$strict>;
46
+ /**
47
+ * Object form of the `dataApi` toggle. A single `strictObject` plus a `superRefine` (rather
48
+ * than a discriminated union) so the `"neon"` default works without the discriminator being
49
+ * present, and so the "external-only field with authProvider neon" error points at the exact
50
+ * offending key — mirroring the `?: never` type-level guard at runtime.
51
+ */
52
+ declare const dataApiConfigSchema: z.ZodObject<{
53
+ enabled: z.ZodOptional<z.ZodBoolean>;
54
+ authProvider: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"neon">, z.ZodLiteral<"external">]>>;
55
+ jwksUrl: z.ZodOptional<z.ZodString>;
56
+ providerName: z.ZodOptional<z.ZodString>;
57
+ jwtAudience: z.ZodOptional<z.ZodString>;
58
+ settings: z.ZodOptional<z.ZodObject<{
59
+ dbAggregatesEnabled: z.ZodOptional<z.ZodBoolean>;
60
+ dbAnonRole: z.ZodOptional<z.ZodString>;
61
+ dbExtraSearchPath: z.ZodOptional<z.ZodString>;
62
+ dbMaxRows: z.ZodOptional<z.ZodNumber>;
63
+ dbSchemas: z.ZodOptional<z.ZodArray<z.ZodString>>;
64
+ jwtRoleClaimKey: z.ZodOptional<z.ZodString>;
65
+ jwtCacheMaxLifetime: z.ZodOptional<z.ZodNumber>;
66
+ openapiMode: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"ignore-privileges">, z.ZodLiteral<"disabled">]>>;
67
+ serverCorsAllowedOrigins: z.ZodOptional<z.ZodString>;
68
+ serverTimingEnabled: z.ZodOptional<z.ZodBoolean>;
69
+ }, z.core.$strict>>;
70
+ }, z.core.$strict>;
71
+ /** A `dataApi` toggle as written in a policy: `boolean` or {@link dataApiConfigSchema}. */
72
+ declare const dataApiInputSchema: z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
73
+ enabled: z.ZodOptional<z.ZodBoolean>;
74
+ authProvider: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"neon">, z.ZodLiteral<"external">]>>;
75
+ jwksUrl: z.ZodOptional<z.ZodString>;
76
+ providerName: z.ZodOptional<z.ZodString>;
77
+ jwtAudience: z.ZodOptional<z.ZodString>;
78
+ settings: z.ZodOptional<z.ZodObject<{
79
+ dbAggregatesEnabled: z.ZodOptional<z.ZodBoolean>;
80
+ dbAnonRole: z.ZodOptional<z.ZodString>;
81
+ dbExtraSearchPath: z.ZodOptional<z.ZodString>;
82
+ dbMaxRows: z.ZodOptional<z.ZodNumber>;
83
+ dbSchemas: z.ZodOptional<z.ZodArray<z.ZodString>>;
84
+ jwtRoleClaimKey: z.ZodOptional<z.ZodString>;
85
+ jwtCacheMaxLifetime: z.ZodOptional<z.ZodNumber>;
86
+ openapiMode: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"ignore-privileges">, z.ZodLiteral<"disabled">]>>;
87
+ serverCorsAllowedOrigins: z.ZodOptional<z.ZodString>;
88
+ serverTimingEnabled: z.ZodOptional<z.ZodBoolean>;
89
+ }, z.core.$strict>>;
90
+ }, z.core.$strict>]>;
91
+ declare const postgresConfigSchema: z.ZodObject<{
92
+ computeSettings: z.ZodOptional<z.ZodObject<{
93
+ autoscalingLimitMinCu: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<0.25>, z.ZodLiteral<0.5>, z.ZodLiteral<1>, z.ZodLiteral<2>, z.ZodLiteral<4>, z.ZodLiteral<8>]>>;
94
+ autoscalingLimitMaxCu: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<0.25>, z.ZodLiteral<0.5>, z.ZodLiteral<1>, z.ZodLiteral<2>, z.ZodLiteral<4>, z.ZodLiteral<8>]>>;
95
+ suspendTimeout: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<false>, z.ZodString, z.ZodNumber]>>;
96
+ }, z.core.$strict>>;
97
+ }, z.core.$strict>;
98
+ /**
99
+ * Static definition of a function (existence). The slug is the record key (validated by
100
+ * {@link functionSlugSchema}), so it is not a field here. Deploy tuning (`runtime`) lives
101
+ * in the `branch` closure, not here.
102
+ */
103
+ declare const functionDefSchema: z.ZodObject<{
104
+ name: z.ZodString;
105
+ source: z.ZodString;
106
+ env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
107
+ dev: z.ZodOptional<z.ZodObject<{
108
+ port: z.ZodOptional<z.ZodNumber>;
109
+ }, z.core.$strict>>;
110
+ }, z.core.$strict>;
111
+ /** Static definition of a bucket (existence). Name is the record key. */
112
+ declare const bucketDefSchema: z.ZodObject<{
113
+ access: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"private">, z.ZodLiteral<"public_read">]>>;
114
+ }, z.core.$strict>;
115
+ /** Static, beta Preview feature set: AI Gateway toggle + functions/buckets records. */
116
+ declare const previewInputSchema: z.ZodObject<{
117
+ aiGateway: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
118
+ enabled: z.ZodOptional<z.ZodBoolean>;
119
+ }, z.core.$strict>]>>;
120
+ functions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
121
+ name: z.ZodString;
122
+ source: z.ZodString;
123
+ env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
124
+ dev: z.ZodOptional<z.ZodObject<{
125
+ port: z.ZodOptional<z.ZodNumber>;
126
+ }, z.core.$strict>>;
127
+ }, z.core.$strict>>>;
128
+ buckets: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
129
+ access: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"private">, z.ZodLiteral<"public_read">]>>;
130
+ }, z.core.$strict>>>;
131
+ }, z.core.$strict>;
132
+ /** Per-function deploy tuning returned by the `branch` closure. */
133
+ declare const functionTuningSchema: z.ZodObject<{
134
+ runtime: z.ZodOptional<z.ZodLiteral<"nodejs24">>;
135
+ }, z.core.$strict>;
136
+ /**
137
+ * The object returned by the `branch` closure. Validated on every `resolveConfig` call so
138
+ * tuning errors point at the concrete branch target that triggered them.
139
+ */
140
+ declare const branchTuningSchema: z.ZodObject<{
141
+ parent: z.ZodOptional<z.ZodString>;
142
+ protected: z.ZodOptional<z.ZodBoolean>;
143
+ ttl: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
144
+ postgres: z.ZodOptional<z.ZodObject<{
145
+ computeSettings: z.ZodOptional<z.ZodObject<{
146
+ autoscalingLimitMinCu: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<0.25>, z.ZodLiteral<0.5>, z.ZodLiteral<1>, z.ZodLiteral<2>, z.ZodLiteral<4>, z.ZodLiteral<8>]>>;
147
+ autoscalingLimitMaxCu: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<0.25>, z.ZodLiteral<0.5>, z.ZodLiteral<1>, z.ZodLiteral<2>, z.ZodLiteral<4>, z.ZodLiteral<8>]>>;
148
+ suspendTimeout: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<false>, z.ZodString, z.ZodNumber]>>;
149
+ }, z.core.$strict>>;
150
+ }, z.core.$strict>>;
151
+ preview: z.ZodOptional<z.ZodObject<{
152
+ functions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
153
+ runtime: z.ZodOptional<z.ZodLiteral<"nodejs24">>;
154
+ }, z.core.$strict>>>;
155
+ }, z.core.$strict>>;
156
+ }, z.core.$strict>;
157
+ /**
158
+ * The top-level object accepted by `defineConfig`. The `branch` closure is validated
159
+ * structurally as a function here; its returned tuning is validated per-evaluation by
160
+ * {@link branchTuningSchema} inside `resolveConfig`.
161
+ */
162
+ declare const configInputSchema: z.ZodObject<{
163
+ auth: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
164
+ enabled: z.ZodOptional<z.ZodBoolean>;
165
+ }, z.core.$strict>]>>;
166
+ dataApi: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
167
+ enabled: z.ZodOptional<z.ZodBoolean>;
168
+ authProvider: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"neon">, z.ZodLiteral<"external">]>>;
169
+ jwksUrl: z.ZodOptional<z.ZodString>;
170
+ providerName: z.ZodOptional<z.ZodString>;
171
+ jwtAudience: z.ZodOptional<z.ZodString>;
172
+ settings: z.ZodOptional<z.ZodObject<{
173
+ dbAggregatesEnabled: z.ZodOptional<z.ZodBoolean>;
174
+ dbAnonRole: z.ZodOptional<z.ZodString>;
175
+ dbExtraSearchPath: z.ZodOptional<z.ZodString>;
176
+ dbMaxRows: z.ZodOptional<z.ZodNumber>;
177
+ dbSchemas: z.ZodOptional<z.ZodArray<z.ZodString>>;
178
+ jwtRoleClaimKey: z.ZodOptional<z.ZodString>;
179
+ jwtCacheMaxLifetime: z.ZodOptional<z.ZodNumber>;
180
+ openapiMode: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"ignore-privileges">, z.ZodLiteral<"disabled">]>>;
181
+ serverCorsAllowedOrigins: z.ZodOptional<z.ZodString>;
182
+ serverTimingEnabled: z.ZodOptional<z.ZodBoolean>;
183
+ }, z.core.$strict>>;
184
+ }, z.core.$strict>]>>;
185
+ preview: z.ZodOptional<z.ZodObject<{
186
+ aiGateway: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
187
+ enabled: z.ZodOptional<z.ZodBoolean>;
188
+ }, z.core.$strict>]>>;
189
+ functions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
190
+ name: z.ZodString;
191
+ source: z.ZodString;
192
+ env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
193
+ dev: z.ZodOptional<z.ZodObject<{
194
+ port: z.ZodOptional<z.ZodNumber>;
195
+ }, z.core.$strict>>;
196
+ }, z.core.$strict>>>;
197
+ buckets: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
198
+ access: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"private">, z.ZodLiteral<"public_read">]>>;
199
+ }, z.core.$strict>>>;
200
+ }, z.core.$strict>>;
201
+ branch: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => unknown, (...args: unknown[]) => unknown>>;
202
+ }, z.core.$strict>;
203
+ /**
204
+ * Convert the structured {@link z.ZodError} produced by `configSchema.safeParse` into the
205
+ * `string[]` shape used by {@link import("./errors.js").ConfigValidationError}.
206
+ *
207
+ * Issue paths are rendered as dot-separated property accesses (`postgres.computeSettings`)
208
+ * and unknown-key issues from `strictObject` are normalised so the message contains the
209
+ * substring "unknown key" — keeping pre-zod assertions in test suites and downstream tools
210
+ * stable.
211
+ */
212
+ declare function formatZodIssues(error: z.ZodError): string[];
213
+ //#endregion
214
+ export { branchTuningSchema, bucketDefSchema, computeSettingsSchema, configInputSchema, dataApiConfigSchema, dataApiInputSchema, dataApiSettingsSchema, formatZodIssues, functionDefSchema, functionTuningSchema, postgresConfigSchema, previewInputSchema, serviceToggleInputSchema, serviceToggleSchema };
215
+ //# sourceMappingURL=schema.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"schema.d.ts","names":[],"sources":["../../src/lib/schema.ts"],"mappings":";;;;;;AAgBA;;;;;;;;;;cAAa,uBAAqB,CAAA,CAAA;;;;;;cAiDrB,qBAAmB,CAAA,CAAA;;;;cAKnB,0BAAwB,CAAA,CAAA,mBAAA,CAAA,CAAA,YAAA,CAAA,CAAA;;;;;AAtDH;AAiDlC;AAEE,cAYW,qBAZX,EAYgC,CAAA,CAAA,SAZhC,CAAA;;;;WAF8B,eAAA,YAAA,CAAA;EAAA,SAAA,eAAA,WAAA,YAAA,CAAA,CAAA;EAKnB,eAAA,eAGX,YAAA,CAAA;EAAA,mBAAA,eAAA,YAAA,CAAA;aAHmC,eAAA,WAAA,CAAA,SAAA,aAAA,CAAA,mBAAA,CAAA,cAAA,CAAA,UAAA,CAAA,CAAA,CAAA,CAAA;;;;;;AAAA;AASrC;;;cA4Ba,qBAAmB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;cA0BnB,oBAAkB,CAAA,CAAA,mBAAA,CAAA,CAAA,YAAA,CAAA,CAAA;;;SAtDG,eAAA,YAAA,CAAA;EAAA,YAAA,eAAA,YAAA,CAAA;EA4BrB,WAAA,eAuBV,YAAA,CAAA;EAAA,QAAA,eAAA,YAAA,CAAA;;;;;;;;;;;;;cAKU,sBAAoB,CAAA,CAAA;;;;;;;;;;;;cA6EpB,mBAAiB,CAAA,CAAA;;;;;;;;;cAQjB,iBAAe,CAAA,CAAA;;;;cAOf,oBAAkB,CAAA,CAAA;;IAxHC,OAAA,eAAA,aAAA,CAAA;EAAA,CAAA,gBAAA,CAAA,CAAA,CAAA,CAAA;EA0BnB,SAAA,eAAgE,YAAA,YAAA,aAAA,CAAA;IAAA,IAAA,aAAA;IAA9C,MAAA,aAAA;;;;;;;;;;;cAqGlB,sBAAoB,CAAA,CAAA;;;;;;;cAapB,oBAAkB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;AAlHA,cAgJlB,iBAhJkB,EAgJD,CAAA,CAAA,SAhJC,CAAA;MAAA,eAAA,WAAA,CAAA,SAAA,aAAA,aAAA,CAAA;IAAA,OAAA,eAAA,aAAA,CAAA;EAElB,CAAA,gBAAA,CAAA,CAAA,CAAA,CAAA;EAEX,OAAA,eAAA,WAAA,CAAA,SAAA,aAAA,aAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;MAF+B,GAAA,eAAA,YAAA,YAAA,aAAA,CAAA,CAAA;MAAA,GAAA,eAAA,YAAA,CAAA;QA6EpB,IAAA,eAKX,YAAA,CAAA;MAAA,CAAA,gBAAA,CAAA,CAAA;;;;;;;;;;;;;;AAL4B;AAQ9B;;iBA4IgB,eAAA,QAAuB,CAAA,CAAE"}
@@ -0,0 +1,284 @@
1
+ import { parseBranchTtl, parseSuspendTimeout } from "./duration.js";
2
+ import { isWildcardPattern, validatePattern } from "./patterns.js";
3
+ import { z } from "zod";
4
+ //#region src/lib/schema.ts
5
+ /**
6
+ * Zod schema for {@link import("./types.js").ComputeSettings}.
7
+ *
8
+ * - CU values must be one of: 0.25, 0.5, 1, 2, 4, 8
9
+ * - `suspendTimeout` can be:
10
+ * - `false` (never suspend)
11
+ * - duration string like "5m", "1h" (must be 60s-604800s when parsed)
12
+ * - number in seconds (60-604800, or -1/0 for special values)
13
+ * - `undefined` (use platform default)
14
+ *
15
+ * Cross-field invariants (min <= max) are enforced via `superRefine`.
16
+ */
17
+ const computeSettingsSchema = z.strictObject({
18
+ autoscalingLimitMinCu: z.union([
19
+ z.literal(.25),
20
+ z.literal(.5),
21
+ z.literal(1),
22
+ z.literal(2),
23
+ z.literal(4),
24
+ z.literal(8)
25
+ ]).optional(),
26
+ autoscalingLimitMaxCu: z.union([
27
+ z.literal(.25),
28
+ z.literal(.5),
29
+ z.literal(1),
30
+ z.literal(2),
31
+ z.literal(4),
32
+ z.literal(8)
33
+ ]).optional(),
34
+ suspendTimeout: z.union([
35
+ z.literal(false),
36
+ z.string(),
37
+ z.number()
38
+ ]).optional().superRefine((value, ctx) => {
39
+ if (value === void 0) return;
40
+ const result = parseSuspendTimeout(value);
41
+ if ("error" in result) ctx.addIssue({
42
+ code: "custom",
43
+ message: result.error
44
+ });
45
+ })
46
+ }).superRefine((settings, ctx) => {
47
+ const { autoscalingLimitMinCu: min, autoscalingLimitMaxCu: max } = settings;
48
+ if (min !== void 0 && max !== void 0 && min > max) ctx.addIssue({
49
+ code: "custom",
50
+ path: ["autoscalingLimitMinCu"],
51
+ message: `autoscalingLimitMinCu (${min}) must be <= autoscalingLimitMaxCu (${max})`
52
+ });
53
+ });
54
+ /** Object form of a service toggle (`{ enabled?: boolean }`). */
55
+ const serviceToggleSchema = z.strictObject({ enabled: z.boolean().optional() });
56
+ /** A service toggle as written in a policy: `boolean` or `{ enabled?: boolean }`. */
57
+ const serviceToggleInputSchema = z.union([z.boolean(), serviceToggleSchema]);
58
+ /**
59
+ * Reusable Data API runtime settings (camelCase mirror of the Neon API `DataAPISettings`).
60
+ * `strictObject` so a typo / snake_case key fails loudly instead of being silently dropped.
61
+ */
62
+ const dataApiSettingsSchema = z.strictObject({
63
+ dbAggregatesEnabled: z.boolean().optional(),
64
+ dbAnonRole: z.string().optional(),
65
+ dbExtraSearchPath: z.string().optional(),
66
+ dbMaxRows: z.number().int().optional(),
67
+ dbSchemas: z.array(z.string()).optional(),
68
+ jwtRoleClaimKey: z.string().optional(),
69
+ jwtCacheMaxLifetime: z.number().int().optional(),
70
+ openapiMode: z.union([z.literal("ignore-privileges"), z.literal("disabled")]).optional(),
71
+ serverCorsAllowedOrigins: z.string().optional(),
72
+ serverTimingEnabled: z.boolean().optional()
73
+ });
74
+ /** Names of the external-IdP-only fields, forbidden when `authProvider` is `"neon"`. */
75
+ const DATA_API_EXTERNAL_ONLY_KEYS = [
76
+ "jwksUrl",
77
+ "providerName",
78
+ "jwtAudience"
79
+ ];
80
+ /**
81
+ * Object form of the `dataApi` toggle. A single `strictObject` plus a `superRefine` (rather
82
+ * than a discriminated union) so the `"neon"` default works without the discriminator being
83
+ * present, and so the "external-only field with authProvider neon" error points at the exact
84
+ * offending key — mirroring the `?: never` type-level guard at runtime.
85
+ */
86
+ const dataApiConfigSchema = z.strictObject({
87
+ enabled: z.boolean().optional(),
88
+ authProvider: z.union([z.literal("neon"), z.literal("external")]).optional(),
89
+ jwksUrl: z.string().optional(),
90
+ providerName: z.string().optional(),
91
+ jwtAudience: z.string().optional(),
92
+ settings: dataApiSettingsSchema.optional()
93
+ }).superRefine((cfg, ctx) => {
94
+ if ((cfg.authProvider ?? "neon") !== "neon") return;
95
+ for (const key of DATA_API_EXTERNAL_ONLY_KEYS) if (cfg[key] !== void 0) ctx.addIssue({
96
+ code: "custom",
97
+ path: [key],
98
+ message: `${key} is only allowed with authProvider: "external" — Neon supplies it for authProvider: "neon".`
99
+ });
100
+ });
101
+ /** A `dataApi` toggle as written in a policy: `boolean` or {@link dataApiConfigSchema}. */
102
+ const dataApiInputSchema = z.union([z.boolean(), dataApiConfigSchema]);
103
+ const postgresConfigSchema = z.strictObject({ computeSettings: computeSettingsSchema.optional() });
104
+ /**
105
+ * Branch-unique function slug. Mirrors the Neon Functions API path-segment rule
106
+ * (`platform/internal/platform/functions/name.go`): 1–20 lowercase letters and digits.
107
+ * Used as the **key schema** of the `preview.functions` record, so a bad slug fails
108
+ * validation with a path pointing at the offending key and duplicate slugs are impossible
109
+ * by construction (object keys are unique).
110
+ */
111
+ const functionSlugSchema = z.string().regex(/^[a-z0-9]{1,20}$/, "function slug must be 1-20 lowercase letters and digits (no hyphens or other characters)");
112
+ /** Bucket name: 1–255 chars. Used as the key schema of the `preview.buckets` record. */
113
+ const bucketNameSchema = z.string().min(1).max(255);
114
+ /**
115
+ * A single function environment-variable value. Must be a defined string: a `process.env.X`
116
+ * that is unset evaluates to `undefined`, and the bare `z.string()` message for that case
117
+ * (`Invalid input: expected string, received undefined`) gives no hint that an env var is the
118
+ * culprit. The custom `error` replaces *only* the `undefined` case with a message that names
119
+ * the offending function + env key (read from the issue path) and how to fix it; any other
120
+ * wrong type keeps zod's default (`expected string, received number`, …).
121
+ */
122
+ const functionEnvValueSchema = z.string({ error: (issue) => {
123
+ if (issue.input !== void 0) return void 0;
124
+ const path = issue.path ?? [];
125
+ const key = path.length > 0 ? String(path[path.length - 1]) : void 0;
126
+ const functionsIndex = path.indexOf("functions");
127
+ const slug = functionsIndex >= 0 && functionsIndex + 1 < path.length ? String(path[functionsIndex + 1]) : void 0;
128
+ return `${slug !== void 0 && key !== void 0 ? `Environment variable "${key}" for function "${slug}"` : key !== void 0 ? `Environment variable "${key}"` : "An environment variable"} is undefined — its value (typically a \`process.env.*\`) is unset. Set it (e.g. add it to your .env) or provide a fallback like \`process.env.X ?? ""\`.`;
129
+ } });
130
+ /**
131
+ * Per-function environment map. Every value must be a defined string (see
132
+ * {@link functionEnvValueSchema}): a `process.env.X` that is unset surfaces as `undefined` and
133
+ * is rejected here (rather than silently shipping `undefined` into the deployment).
134
+ */
135
+ const functionEnvSchema = z.record(z.string(), functionEnvValueSchema);
136
+ /**
137
+ * TCP port for a function's local dev server. Excludes 0 (which means "any port" to the OS
138
+ * — `neon dev` expresses "pick one for me" by omitting `port`, not by passing 0).
139
+ */
140
+ const devPortSchema = z.number().int().min(1).max(65535);
141
+ /**
142
+ * Local-dev settings for a function (`neon dev` only; never affects deploy). `port` is bound
143
+ * exactly when set (and `neon dev` fails if it is taken), or a free port is found when omitted.
144
+ */
145
+ const functionDevConfigSchema = z.strictObject({ port: devPortSchema.optional() });
146
+ const runtimeSchema = z.literal("nodejs24");
147
+ /**
148
+ * Static definition of a function (existence). The slug is the record key (validated by
149
+ * {@link functionSlugSchema}), so it is not a field here. Deploy tuning (`runtime`) lives
150
+ * in the `branch` closure, not here.
151
+ */
152
+ const functionDefSchema = z.strictObject({
153
+ name: z.string().min(1).max(255),
154
+ source: z.string().min(1),
155
+ env: functionEnvSchema.optional(),
156
+ dev: functionDevConfigSchema.optional()
157
+ });
158
+ /** Static definition of a bucket (existence). Name is the record key. */
159
+ const bucketDefSchema = z.strictObject({ access: z.union([z.literal("private"), z.literal("public_read")]).optional() });
160
+ /** Static, beta Preview feature set: AI Gateway toggle + functions/buckets records. */
161
+ const previewInputSchema = z.strictObject({
162
+ aiGateway: serviceToggleInputSchema.optional(),
163
+ functions: z.record(functionSlugSchema, functionDefSchema).optional(),
164
+ buckets: z.record(bucketNameSchema, bucketDefSchema).optional()
165
+ });
166
+ /** Per-function deploy tuning returned by the `branch` closure. */
167
+ const functionTuningSchema = z.strictObject({ runtime: runtimeSchema.optional() });
168
+ /** Per-branch Preview tuning. Keys must be slugs declared in the static `preview`. */
169
+ const previewTuningSchema = z.strictObject({ functions: z.record(functionSlugSchema, functionTuningSchema).optional() });
170
+ /**
171
+ * The object returned by the `branch` closure. Validated on every `resolveConfig` call so
172
+ * tuning errors point at the concrete branch target that triggered them.
173
+ */
174
+ const branchTuningSchema = z.strictObject({
175
+ parent: z.string().optional(),
176
+ protected: z.boolean().optional(),
177
+ ttl: z.union([z.string(), z.number()]).optional().superRefine((value, ctx) => {
178
+ if (value === void 0) return;
179
+ const result = parseBranchTtl(value);
180
+ if ("error" in result) ctx.addIssue({
181
+ code: "custom",
182
+ message: result.error
183
+ });
184
+ }),
185
+ postgres: postgresConfigSchema.optional(),
186
+ preview: previewTuningSchema.optional()
187
+ }).superRefine((cfg, ctx) => {
188
+ validateParentReference({
189
+ ctx,
190
+ path: ["parent"],
191
+ parent: cfg.parent
192
+ });
193
+ });
194
+ /**
195
+ * The top-level object accepted by `defineConfig`. The `branch` closure is validated
196
+ * structurally as a function here; its returned tuning is validated per-evaluation by
197
+ * {@link branchTuningSchema} inside `resolveConfig`.
198
+ */
199
+ const configInputSchema = z.strictObject({
200
+ auth: serviceToggleInputSchema.optional(),
201
+ dataApi: dataApiInputSchema.optional(),
202
+ preview: previewInputSchema.optional(),
203
+ branch: z.custom((value) => typeof value === "function", { message: "branch must be a function: `branch: (branch) => ({ … })`" }).optional()
204
+ }).superRefine((cfg, ctx) => {
205
+ if (!isToggleEnabledValue(cfg.dataApi)) return;
206
+ if (dataApiAuthProviderValue(cfg.dataApi) !== "neon") return;
207
+ if (!isToggleEnabledValue(cfg.auth)) ctx.addIssue({
208
+ code: "custom",
209
+ path: ["auth"],
210
+ message: "dataApi with authProvider \"neon\" requires Neon Auth — set `auth: true` (or `auth: { enabled: true }`), or use `dataApi.authProvider: \"external\"` with your own `jwksUrl`."
211
+ });
212
+ });
213
+ /**
214
+ * Whether a parsed `auth` / `dataApi` toggle value is enabled: a present object (or `true`)
215
+ * is on unless `enabled` is explicitly `false`. Mirrors `isServiceEnabled` in
216
+ * `define-config.ts`, operating on the already-validated runtime value.
217
+ */
218
+ function isToggleEnabledValue(value) {
219
+ if (value === void 0 || value === null) return false;
220
+ if (typeof value === "boolean") return value;
221
+ if (typeof value === "object") return value.enabled !== false;
222
+ return false;
223
+ }
224
+ /** Read the (defaulted) `authProvider` from a parsed `dataApi` value. */
225
+ function dataApiAuthProviderValue(value) {
226
+ if (value !== null && typeof value === "object") {
227
+ if (value.authProvider === "external") return "external";
228
+ }
229
+ return "neon";
230
+ }
231
+ function validateParentReference(args) {
232
+ const { ctx, path, parent } = args;
233
+ if (parent === void 0) return;
234
+ const patternCheck = validatePattern(parent);
235
+ if ("error" in patternCheck) ctx.addIssue({
236
+ code: "custom",
237
+ path,
238
+ message: patternCheck.error
239
+ });
240
+ else if (isWildcardPattern(parent)) ctx.addIssue({
241
+ code: "custom",
242
+ path,
243
+ message: `parent must be a concrete branch name (no wildcards), got "${parent}"`
244
+ });
245
+ }
246
+ /**
247
+ * Convert the structured {@link z.ZodError} produced by `configSchema.safeParse` into the
248
+ * `string[]` shape used by {@link import("./errors.js").ConfigValidationError}.
249
+ *
250
+ * Issue paths are rendered as dot-separated property accesses (`postgres.computeSettings`)
251
+ * and unknown-key issues from `strictObject` are normalised so the message contains the
252
+ * substring "unknown key" — keeping pre-zod assertions in test suites and downstream tools
253
+ * stable.
254
+ */
255
+ function formatZodIssues(error) {
256
+ return error.issues.map((issue) => {
257
+ const path = renderPath(issue.path);
258
+ const message = normaliseIssueMessage(issue);
259
+ return path ? `${path}: ${message}` : message;
260
+ });
261
+ }
262
+ function renderPath(path) {
263
+ let out = "";
264
+ for (const segment of path) if (typeof segment === "number") out += `[${segment}]`;
265
+ else if (out === "") out += String(segment);
266
+ else out += `.${String(segment)}`;
267
+ return out;
268
+ }
269
+ function normaliseIssueMessage(issue) {
270
+ if (issue.code === "unrecognized_keys") {
271
+ const keys = issue.keys ?? [];
272
+ const formatted = keys.map((k) => JSON.stringify(k)).join(", ");
273
+ return `unknown key${keys.length === 1 ? "" : "s"}: ${formatted}`;
274
+ }
275
+ if (issue.code === "invalid_key") {
276
+ const reasons = issue.issues.map((nested) => nested.message).filter((message) => message.length > 0);
277
+ if (reasons.length > 0) return reasons.join("; ");
278
+ }
279
+ return issue.message;
280
+ }
281
+ //#endregion
282
+ export { branchTuningSchema, bucketDefSchema, computeSettingsSchema, configInputSchema, dataApiConfigSchema, dataApiInputSchema, dataApiSettingsSchema, formatZodIssues, functionDefSchema, functionTuningSchema, postgresConfigSchema, previewInputSchema, serviceToggleInputSchema, serviceToggleSchema };
283
+
284
+ //# sourceMappingURL=schema.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"schema.js","names":[],"sources":["../../src/lib/schema.ts"],"sourcesContent":["import { z } from \"zod\";\nimport { parseBranchTtl, parseSuspendTimeout } from \"./duration.js\";\nimport { isWildcardPattern, validatePattern } from \"./patterns.js\";\n\n/**\n * Zod schema for {@link import(\"./types.js\").ComputeSettings}.\n *\n * - CU values must be one of: 0.25, 0.5, 1, 2, 4, 8\n * - `suspendTimeout` can be:\n * - `false` (never suspend)\n * - duration string like \"5m\", \"1h\" (must be 60s-604800s when parsed)\n * - number in seconds (60-604800, or -1/0 for special values)\n * - `undefined` (use platform default)\n *\n * Cross-field invariants (min <= max) are enforced via `superRefine`.\n */\nexport const computeSettingsSchema = z\n\t.strictObject({\n\t\tautoscalingLimitMinCu: z\n\t\t\t.union([\n\t\t\t\tz.literal(0.25),\n\t\t\t\tz.literal(0.5),\n\t\t\t\tz.literal(1),\n\t\t\t\tz.literal(2),\n\t\t\t\tz.literal(4),\n\t\t\t\tz.literal(8),\n\t\t\t])\n\t\t\t.optional(),\n\t\tautoscalingLimitMaxCu: z\n\t\t\t.union([\n\t\t\t\tz.literal(0.25),\n\t\t\t\tz.literal(0.5),\n\t\t\t\tz.literal(1),\n\t\t\t\tz.literal(2),\n\t\t\t\tz.literal(4),\n\t\t\t\tz.literal(8),\n\t\t\t])\n\t\t\t.optional(),\n\t\tsuspendTimeout: z\n\t\t\t.union([z.literal(false), z.string(), z.number()])\n\t\t\t.optional()\n\t\t\t.superRefine((value, ctx) => {\n\t\t\t\tif (value === undefined) return; // undefined is valid (use platform default)\n\t\t\t\tconst result = parseSuspendTimeout(value);\n\t\t\t\tif (\"error\" in result) {\n\t\t\t\t\tctx.addIssue({\n\t\t\t\t\t\tcode: \"custom\",\n\t\t\t\t\t\tmessage: result.error,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t}),\n\t})\n\t.superRefine((settings, ctx) => {\n\t\tconst { autoscalingLimitMinCu: min, autoscalingLimitMaxCu: max } =\n\t\t\tsettings;\n\t\tif (min !== undefined && max !== undefined && min > max) {\n\t\t\tctx.addIssue({\n\t\t\t\tcode: \"custom\",\n\t\t\t\tpath: [\"autoscalingLimitMinCu\"],\n\t\t\t\tmessage: `autoscalingLimitMinCu (${min}) must be <= autoscalingLimitMaxCu (${max})`,\n\t\t\t});\n\t\t}\n\t});\n\n/** Object form of a service toggle (`{ enabled?: boolean }`). */\nexport const serviceToggleSchema = z.strictObject({\n\tenabled: z.boolean().optional(),\n});\n\n/** A service toggle as written in a policy: `boolean` or `{ enabled?: boolean }`. */\nexport const serviceToggleInputSchema = z.union([\n\tz.boolean(),\n\tserviceToggleSchema,\n]);\n\n/**\n * Reusable Data API runtime settings (camelCase mirror of the Neon API `DataAPISettings`).\n * `strictObject` so a typo / snake_case key fails loudly instead of being silently dropped.\n */\nexport const dataApiSettingsSchema = z.strictObject({\n\tdbAggregatesEnabled: z.boolean().optional(),\n\tdbAnonRole: z.string().optional(),\n\tdbExtraSearchPath: z.string().optional(),\n\tdbMaxRows: z.number().int().optional(),\n\tdbSchemas: z.array(z.string()).optional(),\n\tjwtRoleClaimKey: z.string().optional(),\n\tjwtCacheMaxLifetime: z.number().int().optional(),\n\topenapiMode: z\n\t\t.union([z.literal(\"ignore-privileges\"), z.literal(\"disabled\")])\n\t\t.optional(),\n\tserverCorsAllowedOrigins: z.string().optional(),\n\tserverTimingEnabled: z.boolean().optional(),\n});\n\n/** Names of the external-IdP-only fields, forbidden when `authProvider` is `\"neon\"`. */\nconst DATA_API_EXTERNAL_ONLY_KEYS = [\n\t\"jwksUrl\",\n\t\"providerName\",\n\t\"jwtAudience\",\n] as const;\n\n/**\n * Object form of the `dataApi` toggle. A single `strictObject` plus a `superRefine` (rather\n * than a discriminated union) so the `\"neon\"` default works without the discriminator being\n * present, and so the \"external-only field with authProvider neon\" error points at the exact\n * offending key — mirroring the `?: never` type-level guard at runtime.\n */\nexport const dataApiConfigSchema = z\n\t.strictObject({\n\t\tenabled: z.boolean().optional(),\n\t\tauthProvider: z\n\t\t\t.union([z.literal(\"neon\"), z.literal(\"external\")])\n\t\t\t.optional(),\n\t\tjwksUrl: z.string().optional(),\n\t\tproviderName: z.string().optional(),\n\t\tjwtAudience: z.string().optional(),\n\t\tsettings: dataApiSettingsSchema.optional(),\n\t})\n\t.superRefine((cfg, ctx) => {\n\t\tconst provider = cfg.authProvider ?? \"neon\";\n\t\tif (provider !== \"neon\") return;\n\t\tfor (const key of DATA_API_EXTERNAL_ONLY_KEYS) {\n\t\t\tif (cfg[key] !== undefined) {\n\t\t\t\tctx.addIssue({\n\t\t\t\t\tcode: \"custom\",\n\t\t\t\t\tpath: [key],\n\t\t\t\t\tmessage: `${key} is only allowed with authProvider: \"external\" — Neon supplies it for authProvider: \"neon\".`,\n\t\t\t\t});\n\t\t\t}\n\t\t}\n\t});\n\n/** A `dataApi` toggle as written in a policy: `boolean` or {@link dataApiConfigSchema}. */\nexport const dataApiInputSchema = z.union([z.boolean(), dataApiConfigSchema]);\n\nexport const postgresConfigSchema = z.strictObject({\n\tcomputeSettings: computeSettingsSchema.optional(),\n});\n\n/**\n * Branch-unique function slug. Mirrors the Neon Functions API path-segment rule\n * (`platform/internal/platform/functions/name.go`): 1–20 lowercase letters and digits.\n * Used as the **key schema** of the `preview.functions` record, so a bad slug fails\n * validation with a path pointing at the offending key and duplicate slugs are impossible\n * by construction (object keys are unique).\n */\nconst functionSlugSchema = z\n\t.string()\n\t.regex(\n\t\t/^[a-z0-9]{1,20}$/,\n\t\t\"function slug must be 1-20 lowercase letters and digits (no hyphens or other characters)\",\n\t);\n\n/** Bucket name: 1–255 chars. Used as the key schema of the `preview.buckets` record. */\nconst bucketNameSchema = z.string().min(1).max(255);\n\n/**\n * A single function environment-variable value. Must be a defined string: a `process.env.X`\n * that is unset evaluates to `undefined`, and the bare `z.string()` message for that case\n * (`Invalid input: expected string, received undefined`) gives no hint that an env var is the\n * culprit. The custom `error` replaces *only* the `undefined` case with a message that names\n * the offending function + env key (read from the issue path) and how to fix it; any other\n * wrong type keeps zod's default (`expected string, received number`, …).\n */\nconst functionEnvValueSchema = z.string({\n\terror: (issue) => {\n\t\tif (issue.input !== undefined) return undefined;\n\t\tconst path = issue.path ?? [];\n\t\tconst key = path.length > 0 ? String(path[path.length - 1]) : undefined;\n\t\tconst functionsIndex = path.indexOf(\"functions\");\n\t\tconst slug =\n\t\t\tfunctionsIndex >= 0 && functionsIndex + 1 < path.length\n\t\t\t\t? String(path[functionsIndex + 1])\n\t\t\t\t: undefined;\n\t\tconst subject =\n\t\t\tslug !== undefined && key !== undefined\n\t\t\t\t? `Environment variable \"${key}\" for function \"${slug}\"`\n\t\t\t\t: key !== undefined\n\t\t\t\t\t? `Environment variable \"${key}\"`\n\t\t\t\t\t: \"An environment variable\";\n\t\treturn `${subject} is undefined — its value (typically a \\`process.env.*\\`) is unset. Set it (e.g. add it to your .env) or provide a fallback like \\`process.env.X ?? \"\"\\`.`;\n\t},\n});\n\n/**\n * Per-function environment map. Every value must be a defined string (see\n * {@link functionEnvValueSchema}): a `process.env.X` that is unset surfaces as `undefined` and\n * is rejected here (rather than silently shipping `undefined` into the deployment).\n */\nconst functionEnvSchema = z.record(z.string(), functionEnvValueSchema);\n\n/**\n * TCP port for a function's local dev server. Excludes 0 (which means \"any port\" to the OS\n * — `neon dev` expresses \"pick one for me\" by omitting `port`, not by passing 0).\n */\nconst devPortSchema = z.number().int().min(1).max(65535);\n\n/**\n * Local-dev settings for a function (`neon dev` only; never affects deploy). `port` is bound\n * exactly when set (and `neon dev` fails if it is taken), or a free port is found when omitted.\n */\nconst functionDevConfigSchema = z.strictObject({\n\tport: devPortSchema.optional(),\n});\n\nconst runtimeSchema = z.literal(\"nodejs24\");\n\n/**\n * Static definition of a function (existence). The slug is the record key (validated by\n * {@link functionSlugSchema}), so it is not a field here. Deploy tuning (`runtime`) lives\n * in the `branch` closure, not here.\n */\nexport const functionDefSchema = z.strictObject({\n\tname: z.string().min(1).max(255),\n\tsource: z.string().min(1),\n\tenv: functionEnvSchema.optional(),\n\tdev: functionDevConfigSchema.optional(),\n});\n\n/** Static definition of a bucket (existence). Name is the record key. */\nexport const bucketDefSchema = z.strictObject({\n\taccess: z\n\t\t.union([z.literal(\"private\"), z.literal(\"public_read\")])\n\t\t.optional(),\n});\n\n/** Static, beta Preview feature set: AI Gateway toggle + functions/buckets records. */\nexport const previewInputSchema = z.strictObject({\n\taiGateway: serviceToggleInputSchema.optional(),\n\tfunctions: z.record(functionSlugSchema, functionDefSchema).optional(),\n\tbuckets: z.record(bucketNameSchema, bucketDefSchema).optional(),\n});\n\n/** Per-function deploy tuning returned by the `branch` closure. */\nexport const functionTuningSchema = z.strictObject({\n\truntime: runtimeSchema.optional(),\n});\n\n/** Per-branch Preview tuning. Keys must be slugs declared in the static `preview`. */\nconst previewTuningSchema = z.strictObject({\n\tfunctions: z.record(functionSlugSchema, functionTuningSchema).optional(),\n});\n\n/**\n * The object returned by the `branch` closure. Validated on every `resolveConfig` call so\n * tuning errors point at the concrete branch target that triggered them.\n */\nexport const branchTuningSchema = z\n\t.strictObject({\n\t\tparent: z.string().optional(),\n\t\tprotected: z.boolean().optional(),\n\t\tttl: z\n\t\t\t.union([z.string(), z.number()])\n\t\t\t.optional()\n\t\t\t.superRefine((value, ctx) => {\n\t\t\t\tif (value === undefined) return;\n\t\t\t\tconst result = parseBranchTtl(value);\n\t\t\t\tif (\"error\" in result) {\n\t\t\t\t\tctx.addIssue({ code: \"custom\", message: result.error });\n\t\t\t\t}\n\t\t\t}),\n\t\tpostgres: postgresConfigSchema.optional(),\n\t\tpreview: previewTuningSchema.optional(),\n\t})\n\t.superRefine((cfg, ctx) => {\n\t\tvalidateParentReference({\n\t\t\tctx,\n\t\t\tpath: [\"parent\"],\n\t\t\tparent: cfg.parent,\n\t\t});\n\t});\n\n/**\n * The top-level object accepted by `defineConfig`. The `branch` closure is validated\n * structurally as a function here; its returned tuning is validated per-evaluation by\n * {@link branchTuningSchema} inside `resolveConfig`.\n */\nexport const configInputSchema = z\n\t.strictObject({\n\t\tauth: serviceToggleInputSchema.optional(),\n\t\tdataApi: dataApiInputSchema.optional(),\n\t\tpreview: previewInputSchema.optional(),\n\t\tbranch: z\n\t\t\t.custom<(...args: unknown[]) => unknown>(\n\t\t\t\t(value) => typeof value === \"function\",\n\t\t\t\t{\n\t\t\t\t\tmessage:\n\t\t\t\t\t\t\"branch must be a function: `branch: (branch) => ({ … })`\",\n\t\t\t\t},\n\t\t\t)\n\t\t\t.optional(),\n\t})\n\t.superRefine((cfg, ctx) => {\n\t\t// A Data API verified by Neon Auth (`authProvider: \"neon\"`, the default) needs Neon\n\t\t// Auth enabled on the same branch so the tokens it verifies actually exist. Enforce\n\t\t// the same invariant the `defineConfig` type-level check expresses, at runtime.\n\t\tif (!isToggleEnabledValue(cfg.dataApi)) return;\n\t\tif (dataApiAuthProviderValue(cfg.dataApi) !== \"neon\") return;\n\t\tif (!isToggleEnabledValue(cfg.auth)) {\n\t\t\tctx.addIssue({\n\t\t\t\tcode: \"custom\",\n\t\t\t\tpath: [\"auth\"],\n\t\t\t\tmessage:\n\t\t\t\t\t'dataApi with authProvider \"neon\" requires Neon Auth — set `auth: true` (or `auth: { enabled: true }`), or use `dataApi.authProvider: \"external\"` with your own `jwksUrl`.',\n\t\t\t});\n\t\t}\n\t});\n\n/**\n * Whether a parsed `auth` / `dataApi` toggle value is enabled: a present object (or `true`)\n * is on unless `enabled` is explicitly `false`. Mirrors `isServiceEnabled` in\n * `define-config.ts`, operating on the already-validated runtime value.\n */\nfunction isToggleEnabledValue(value: unknown): boolean {\n\tif (value === undefined || value === null) return false;\n\tif (typeof value === \"boolean\") return value;\n\tif (typeof value === \"object\") {\n\t\treturn (value as { enabled?: unknown }).enabled !== false;\n\t}\n\treturn false;\n}\n\n/** Read the (defaulted) `authProvider` from a parsed `dataApi` value. */\nfunction dataApiAuthProviderValue(value: unknown): \"neon\" | \"external\" {\n\tif (value !== null && typeof value === \"object\") {\n\t\tconst provider = (value as { authProvider?: unknown }).authProvider;\n\t\tif (provider === \"external\") return \"external\";\n\t}\n\treturn \"neon\";\n}\n\nfunction validateParentReference(args: {\n\tctx: z.RefinementCtx;\n\tpath: (string | number)[];\n\tparent: string | undefined;\n}): void {\n\tconst { ctx, path, parent } = args;\n\tif (parent === undefined) return;\n\n\tconst patternCheck = validatePattern(parent);\n\tif (\"error\" in patternCheck) {\n\t\tctx.addIssue({ code: \"custom\", path, message: patternCheck.error });\n\t} else if (isWildcardPattern(parent)) {\n\t\tctx.addIssue({\n\t\t\tcode: \"custom\",\n\t\t\tpath,\n\t\t\tmessage: `parent must be a concrete branch name (no wildcards), got \"${parent}\"`,\n\t\t});\n\t}\n}\n\n/**\n * Convert the structured {@link z.ZodError} produced by `configSchema.safeParse` into the\n * `string[]` shape used by {@link import(\"./errors.js\").ConfigValidationError}.\n *\n * Issue paths are rendered as dot-separated property accesses (`postgres.computeSettings`)\n * and unknown-key issues from `strictObject` are normalised so the message contains the\n * substring \"unknown key\" — keeping pre-zod assertions in test suites and downstream tools\n * stable.\n */\nexport function formatZodIssues(error: z.ZodError): string[] {\n\treturn error.issues.map((issue) => {\n\t\tconst path = renderPath(issue.path);\n\t\tconst message = normaliseIssueMessage(issue);\n\t\treturn path ? `${path}: ${message}` : message;\n\t});\n}\n\nfunction renderPath(path: ReadonlyArray<PropertyKey>): string {\n\tlet out = \"\";\n\tfor (const segment of path) {\n\t\tif (typeof segment === \"number\") out += `[${segment}]`;\n\t\telse if (out === \"\") out += String(segment);\n\t\telse out += `.${String(segment)}`;\n\t}\n\treturn out;\n}\n\nfunction normaliseIssueMessage(issue: z.core.$ZodIssue): string {\n\tif (issue.code === \"unrecognized_keys\") {\n\t\tconst keys = issue.keys ?? [];\n\t\tconst formatted = keys.map((k) => JSON.stringify(k)).join(\", \");\n\t\treturn `unknown key${keys.length === 1 ? \"\" : \"s\"}: ${formatted}`;\n\t}\n\tif (issue.code === \"invalid_key\") {\n\t\t// A record *key* that fails its key schema (e.g. a bad function slug) surfaces in\n\t\t// zod as a single `invalid_key` issue whose own `message` is the generic, useless\n\t\t// \"Invalid key in record\". The actual reason — the function-slug regex rule, say —\n\t\t// lives in the nested key-schema `issues`. Hoist those so the user sees *why* the\n\t\t// key was rejected (the offending key itself is already in the issue `path`).\n\t\tconst reasons = issue.issues\n\t\t\t.map((nested) => nested.message)\n\t\t\t.filter((message) => message.length > 0);\n\t\tif (reasons.length > 0) return reasons.join(\"; \");\n\t}\n\treturn issue.message;\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAgBA,MAAa,wBAAwB,EACnC,aAAa;CACb,uBAAuB,EACrB,MAAM;EACN,EAAE,QAAQ,GAAI;EACd,EAAE,QAAQ,EAAG;EACb,EAAE,QAAQ,CAAC;EACX,EAAE,QAAQ,CAAC;EACX,EAAE,QAAQ,CAAC;EACX,EAAE,QAAQ,CAAC;CACZ,CAAC,CAAC,CACD,SAAS;CACX,uBAAuB,EACrB,MAAM;EACN,EAAE,QAAQ,GAAI;EACd,EAAE,QAAQ,EAAG;EACb,EAAE,QAAQ,CAAC;EACX,EAAE,QAAQ,CAAC;EACX,EAAE,QAAQ,CAAC;EACX,EAAE,QAAQ,CAAC;CACZ,CAAC,CAAC,CACD,SAAS;CACX,gBAAgB,EACd,MAAM;EAAC,EAAE,QAAQ,KAAK;EAAG,EAAE,OAAO;EAAG,EAAE,OAAO;CAAC,CAAC,CAAC,CACjD,SAAS,CAAC,CACV,aAAa,OAAO,QAAQ;EAC5B,IAAI,UAAU,KAAA,GAAW;EACzB,MAAM,SAAS,oBAAoB,KAAK;EACxC,IAAI,WAAW,QACd,IAAI,SAAS;GACZ,MAAM;GACN,SAAS,OAAO;EACjB,CAAC;CAEH,CAAC;AACH,CAAC,CAAC,CACD,aAAa,UAAU,QAAQ;CAC/B,MAAM,EAAE,uBAAuB,KAAK,uBAAuB,QAC1D;CACD,IAAI,QAAQ,KAAA,KAAa,QAAQ,KAAA,KAAa,MAAM,KACnD,IAAI,SAAS;EACZ,MAAM;EACN,MAAM,CAAC,uBAAuB;EAC9B,SAAS,0BAA0B,IAAI,sCAAsC,IAAI;CAClF,CAAC;AAEH,CAAC;;AAGF,MAAa,sBAAsB,EAAE,aAAa,EACjD,SAAS,EAAE,QAAQ,CAAC,CAAC,SAAS,EAC/B,CAAC;;AAGD,MAAa,2BAA2B,EAAE,MAAM,CAC/C,EAAE,QAAQ,GACV,mBACD,CAAC;;;;;AAMD,MAAa,wBAAwB,EAAE,aAAa;CACnD,qBAAqB,EAAE,QAAQ,CAAC,CAAC,SAAS;CAC1C,YAAY,EAAE,OAAO,CAAC,CAAC,SAAS;CAChC,mBAAmB,EAAE,OAAO,CAAC,CAAC,SAAS;CACvC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS;CACrC,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,SAAS;CACxC,iBAAiB,EAAE,OAAO,CAAC,CAAC,SAAS;CACrC,qBAAqB,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS;CAC/C,aAAa,EACX,MAAM,CAAC,EAAE,QAAQ,mBAAmB,GAAG,EAAE,QAAQ,UAAU,CAAC,CAAC,CAAC,CAC9D,SAAS;CACX,0BAA0B,EAAE,OAAO,CAAC,CAAC,SAAS;CAC9C,qBAAqB,EAAE,QAAQ,CAAC,CAAC,SAAS;AAC3C,CAAC;;AAGD,MAAM,8BAA8B;CACnC;CACA;CACA;AACD;;;;;;;AAQA,MAAa,sBAAsB,EACjC,aAAa;CACb,SAAS,EAAE,QAAQ,CAAC,CAAC,SAAS;CAC9B,cAAc,EACZ,MAAM,CAAC,EAAE,QAAQ,MAAM,GAAG,EAAE,QAAQ,UAAU,CAAC,CAAC,CAAC,CACjD,SAAS;CACX,SAAS,EAAE,OAAO,CAAC,CAAC,SAAS;CAC7B,cAAc,EAAE,OAAO,CAAC,CAAC,SAAS;CAClC,aAAa,EAAE,OAAO,CAAC,CAAC,SAAS;CACjC,UAAU,sBAAsB,SAAS;AAC1C,CAAC,CAAC,CACD,aAAa,KAAK,QAAQ;CAE1B,KADiB,IAAI,gBAAgB,YACpB,QAAQ;CACzB,KAAK,MAAM,OAAO,6BACjB,IAAI,IAAI,SAAS,KAAA,GAChB,IAAI,SAAS;EACZ,MAAM;EACN,MAAM,CAAC,GAAG;EACV,SAAS,GAAG,IAAI;CACjB,CAAC;AAGJ,CAAC;;AAGF,MAAa,qBAAqB,EAAE,MAAM,CAAC,EAAE,QAAQ,GAAG,mBAAmB,CAAC;AAE5E,MAAa,uBAAuB,EAAE,aAAa,EAClD,iBAAiB,sBAAsB,SAAS,EACjD,CAAC;;;;;;;;AASD,MAAM,qBAAqB,EACzB,OAAO,CAAC,CACR,MACA,oBACA,0FACD;;AAGD,MAAM,mBAAmB,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG;;;;;;;;;AAUlD,MAAM,yBAAyB,EAAE,OAAO,EACvC,QAAQ,UAAU;CACjB,IAAI,MAAM,UAAU,KAAA,GAAW,OAAO,KAAA;CACtC,MAAM,OAAO,MAAM,QAAQ,CAAC;CAC5B,MAAM,MAAM,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,IAAI,KAAA;CAC9D,MAAM,iBAAiB,KAAK,QAAQ,WAAW;CAC/C,MAAM,OACL,kBAAkB,KAAK,iBAAiB,IAAI,KAAK,SAC9C,OAAO,KAAK,iBAAiB,EAAE,IAC/B,KAAA;CAOJ,OAAO,GALN,SAAS,KAAA,KAAa,QAAQ,KAAA,IAC3B,yBAAyB,IAAI,kBAAkB,KAAK,KACpD,QAAQ,KAAA,IACP,yBAAyB,IAAI,KAC7B,0BACa;AACnB,EACD,CAAC;;;;;;AAOD,MAAM,oBAAoB,EAAE,OAAO,EAAE,OAAO,GAAG,sBAAsB;;;;;AAMrE,MAAM,gBAAgB,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK;;;;;AAMvD,MAAM,0BAA0B,EAAE,aAAa,EAC9C,MAAM,cAAc,SAAS,EAC9B,CAAC;AAED,MAAM,gBAAgB,EAAE,QAAQ,UAAU;;;;;;AAO1C,MAAa,oBAAoB,EAAE,aAAa;CAC/C,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG;CAC/B,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC;CACxB,KAAK,kBAAkB,SAAS;CAChC,KAAK,wBAAwB,SAAS;AACvC,CAAC;;AAGD,MAAa,kBAAkB,EAAE,aAAa,EAC7C,QAAQ,EACN,MAAM,CAAC,EAAE,QAAQ,SAAS,GAAG,EAAE,QAAQ,aAAa,CAAC,CAAC,CAAC,CACvD,SAAS,EACZ,CAAC;;AAGD,MAAa,qBAAqB,EAAE,aAAa;CAChD,WAAW,yBAAyB,SAAS;CAC7C,WAAW,EAAE,OAAO,oBAAoB,iBAAiB,CAAC,CAAC,SAAS;CACpE,SAAS,EAAE,OAAO,kBAAkB,eAAe,CAAC,CAAC,SAAS;AAC/D,CAAC;;AAGD,MAAa,uBAAuB,EAAE,aAAa,EAClD,SAAS,cAAc,SAAS,EACjC,CAAC;;AAGD,MAAM,sBAAsB,EAAE,aAAa,EAC1C,WAAW,EAAE,OAAO,oBAAoB,oBAAoB,CAAC,CAAC,SAAS,EACxE,CAAC;;;;;AAMD,MAAa,qBAAqB,EAChC,aAAa;CACb,QAAQ,EAAE,OAAO,CAAC,CAAC,SAAS;CAC5B,WAAW,EAAE,QAAQ,CAAC,CAAC,SAAS;CAChC,KAAK,EACH,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,CAC/B,SAAS,CAAC,CACV,aAAa,OAAO,QAAQ;EAC5B,IAAI,UAAU,KAAA,GAAW;EACzB,MAAM,SAAS,eAAe,KAAK;EACnC,IAAI,WAAW,QACd,IAAI,SAAS;GAAE,MAAM;GAAU,SAAS,OAAO;EAAM,CAAC;CAExD,CAAC;CACF,UAAU,qBAAqB,SAAS;CACxC,SAAS,oBAAoB,SAAS;AACvC,CAAC,CAAC,CACD,aAAa,KAAK,QAAQ;CAC1B,wBAAwB;EACvB;EACA,MAAM,CAAC,QAAQ;EACf,QAAQ,IAAI;CACb,CAAC;AACF,CAAC;;;;;;AAOF,MAAa,oBAAoB,EAC/B,aAAa;CACb,MAAM,yBAAyB,SAAS;CACxC,SAAS,mBAAmB,SAAS;CACrC,SAAS,mBAAmB,SAAS;CACrC,QAAQ,EACN,QACC,UAAU,OAAO,UAAU,YAC5B,EACC,SACC,2DACF,CACD,CAAC,CACA,SAAS;AACZ,CAAC,CAAC,CACD,aAAa,KAAK,QAAQ;CAI1B,IAAI,CAAC,qBAAqB,IAAI,OAAO,GAAG;CACxC,IAAI,yBAAyB,IAAI,OAAO,MAAM,QAAQ;CACtD,IAAI,CAAC,qBAAqB,IAAI,IAAI,GACjC,IAAI,SAAS;EACZ,MAAM;EACN,MAAM,CAAC,MAAM;EACb,SACC;CACF,CAAC;AAEH,CAAC;;;;;;AAOF,SAAS,qBAAqB,OAAyB;CACtD,IAAI,UAAU,KAAA,KAAa,UAAU,MAAM,OAAO;CAClD,IAAI,OAAO,UAAU,WAAW,OAAO;CACvC,IAAI,OAAO,UAAU,UACpB,OAAQ,MAAgC,YAAY;CAErD,OAAO;AACR;;AAGA,SAAS,yBAAyB,OAAqC;CACtE,IAAI,UAAU,QAAQ,OAAO,UAAU;MACpB,MAAqC,iBACtC,YAAY,OAAO;CAAA;CAErC,OAAO;AACR;AAEA,SAAS,wBAAwB,MAIxB;CACR,MAAM,EAAE,KAAK,MAAM,WAAW;CAC9B,IAAI,WAAW,KAAA,GAAW;CAE1B,MAAM,eAAe,gBAAgB,MAAM;CAC3C,IAAI,WAAW,cACd,IAAI,SAAS;EAAE,MAAM;EAAU;EAAM,SAAS,aAAa;CAAM,CAAC;MAC5D,IAAI,kBAAkB,MAAM,GAClC,IAAI,SAAS;EACZ,MAAM;EACN;EACA,SAAS,8DAA8D,OAAO;CAC/E,CAAC;AAEH;;;;;;;;;;AAWA,SAAgB,gBAAgB,OAA6B;CAC5D,OAAO,MAAM,OAAO,KAAK,UAAU;EAClC,MAAM,OAAO,WAAW,MAAM,IAAI;EAClC,MAAM,UAAU,sBAAsB,KAAK;EAC3C,OAAO,OAAO,GAAG,KAAK,IAAI,YAAY;CACvC,CAAC;AACF;AAEA,SAAS,WAAW,MAA0C;CAC7D,IAAI,MAAM;CACV,KAAK,MAAM,WAAW,MACrB,IAAI,OAAO,YAAY,UAAU,OAAO,IAAI,QAAQ;MAC/C,IAAI,QAAQ,IAAI,OAAO,OAAO,OAAO;MACrC,OAAO,IAAI,OAAO,OAAO;CAE/B,OAAO;AACR;AAEA,SAAS,sBAAsB,OAAiC;CAC/D,IAAI,MAAM,SAAS,qBAAqB;EACvC,MAAM,OAAO,MAAM,QAAQ,CAAC;EAC5B,MAAM,YAAY,KAAK,KAAK,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;EAC9D,OAAO,cAAc,KAAK,WAAW,IAAI,KAAK,IAAI,IAAI;CACvD;CACA,IAAI,MAAM,SAAS,eAAe;EAMjC,MAAM,UAAU,MAAM,OACpB,KAAK,WAAW,OAAO,OAAO,CAAC,CAC/B,QAAQ,YAAY,QAAQ,SAAS,CAAC;EACxC,IAAI,QAAQ,SAAS,GAAG,OAAO,QAAQ,KAAK,IAAI;CACjD;CACA,OAAO,MAAM;AACd"}