@neon/env 0.0.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +178 -0
- package/README.md +96 -0
- package/dist/cli.d.ts +1 -0
- package/dist/cli.js +86 -0
- package/dist/cli.js.map +1 -0
- package/dist/config/dist/lib/neon-api.d.ts +375 -0
- package/dist/config/dist/lib/neon-api.d.ts.map +1 -0
- package/dist/config/dist/lib/types.d.ts +445 -0
- package/dist/config/dist/lib/types.d.ts.map +1 -0
- package/dist/config/dist/v1.d.ts +4 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.js +2 -0
- package/dist/lib/cli/commands.d.ts +64 -0
- package/dist/lib/cli/commands.d.ts.map +1 -0
- package/dist/lib/cli/commands.js +219 -0
- package/dist/lib/cli/commands.js.map +1 -0
- package/dist/lib/cli/resolve-context.d.ts +34 -0
- package/dist/lib/cli/resolve-context.d.ts.map +1 -0
- package/dist/lib/cli/resolve-context.js +88 -0
- package/dist/lib/cli/resolve-context.js.map +1 -0
- package/dist/lib/env.d.ts +420 -0
- package/dist/lib/env.d.ts.map +1 -0
- package/dist/lib/env.js +569 -0
- package/dist/lib/env.js.map +1 -0
- package/package.json +56 -17
|
@@ -0,0 +1,375 @@
|
|
|
1
|
+
import { BucketAccessLevel, ComputeSettings, CredentialPrincipalType, CredentialScope, DataApiAuthProvider, DataApiSettings, FunctionRuntime } from "./types.js";
|
|
2
|
+
|
|
3
|
+
//#region ../config/dist/lib/neon-api.d.ts
|
|
4
|
+
|
|
5
|
+
//#region src/lib/neon-api.d.ts
|
|
6
|
+
/**
|
|
7
|
+
* Snapshot of a Neon project field set we care about. Maps onto a subset of the upstream
|
|
8
|
+
* `@neondatabase/api-client` `Project` type. We do **not** widen this to the full upstream
|
|
9
|
+
* shape — keeping the surface narrow makes the in-memory fake practical to maintain.
|
|
10
|
+
*/
|
|
11
|
+
interface NeonProjectSnapshot {
|
|
12
|
+
id: string;
|
|
13
|
+
name: string;
|
|
14
|
+
regionId: string;
|
|
15
|
+
pgVersion: number;
|
|
16
|
+
orgId?: string;
|
|
17
|
+
defaultEndpointSettings?: ComputeSettings;
|
|
18
|
+
}
|
|
19
|
+
interface NeonBranchSnapshot {
|
|
20
|
+
id: string;
|
|
21
|
+
name: string;
|
|
22
|
+
parentId?: string;
|
|
23
|
+
isDefault: boolean;
|
|
24
|
+
/** Whether the branch is marked protected on Neon. */
|
|
25
|
+
protected: boolean;
|
|
26
|
+
expiresAt?: string;
|
|
27
|
+
}
|
|
28
|
+
interface NeonEndpointSnapshot {
|
|
29
|
+
id: string;
|
|
30
|
+
branchId: string;
|
|
31
|
+
type: "read_only" | "read_write";
|
|
32
|
+
autoscalingLimitMinCu: ComputeSettings["autoscalingLimitMinCu"];
|
|
33
|
+
autoscalingLimitMaxCu: ComputeSettings["autoscalingLimitMaxCu"];
|
|
34
|
+
suspendTimeout: ComputeSettings["suspendTimeout"];
|
|
35
|
+
}
|
|
36
|
+
interface CreateProjectInput {
|
|
37
|
+
name: string;
|
|
38
|
+
regionId: string;
|
|
39
|
+
pgVersion?: number;
|
|
40
|
+
orgId?: string;
|
|
41
|
+
defaultEndpointSettings?: ComputeSettings;
|
|
42
|
+
/**
|
|
43
|
+
* Optional name for the project's auto-created default branch. When omitted, Neon
|
|
44
|
+
* uses its own default (`main`).
|
|
45
|
+
*/
|
|
46
|
+
defaultBranchName?: string;
|
|
47
|
+
}
|
|
48
|
+
interface CreateBranchInput {
|
|
49
|
+
name: string;
|
|
50
|
+
parentId?: string;
|
|
51
|
+
expiresAt?: string;
|
|
52
|
+
/** When `true`, the branch is created with the `protected` flag set on Neon. */
|
|
53
|
+
protected?: boolean;
|
|
54
|
+
computeSettings?: ComputeSettings;
|
|
55
|
+
}
|
|
56
|
+
interface UpdateBranchInput {
|
|
57
|
+
name?: string;
|
|
58
|
+
expiresAt?: string | null;
|
|
59
|
+
/** When set, toggles the branch's `protected` flag on Neon. */
|
|
60
|
+
protected?: boolean;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* A role on a Neon branch (e.g. `neondb_owner`). Passwords are never returned by
|
|
64
|
+
* {@link NeonApi.listBranchRoles}; use {@link NeonApi.getConnectionUri} to fetch a URI
|
|
65
|
+
* with the role's password baked in.
|
|
66
|
+
*/
|
|
67
|
+
interface NeonRoleSnapshot {
|
|
68
|
+
name: string;
|
|
69
|
+
branchId: string;
|
|
70
|
+
/** Whether the role is system-protected (cannot be deleted). */
|
|
71
|
+
protected: boolean;
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* A database on a Neon branch (e.g. `neondb`).
|
|
75
|
+
*/
|
|
76
|
+
interface NeonDatabaseSnapshot {
|
|
77
|
+
name: string;
|
|
78
|
+
branchId: string;
|
|
79
|
+
/** The role that owns the database (one role can own multiple databases). */
|
|
80
|
+
ownerName: string;
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* Bits of a Neon Auth integration. The key fields are optional because the Neon API only
|
|
84
|
+
* includes them on create / rotate responses; `GET /auth` returns the public fields.
|
|
85
|
+
*/
|
|
86
|
+
interface NeonAuthSnapshot {
|
|
87
|
+
/** The Neon Auth project id (`auth_provider_project_id` on the Neon API). */
|
|
88
|
+
projectId: string;
|
|
89
|
+
/** Public client key (`pub_client_key`), only present on create / rotate responses. */
|
|
90
|
+
publishableClientKey?: string;
|
|
91
|
+
/** Secret server key (`secret_server_key`), only present on create / rotate responses. */
|
|
92
|
+
secretServerKey?: string;
|
|
93
|
+
/** JWKS URL for verifying tokens issued by Neon Auth. */
|
|
94
|
+
jwksUrl: string;
|
|
95
|
+
/** Optional base URL of the Neon Auth deployment. */
|
|
96
|
+
baseUrl?: string;
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* Public, fetchable bits of a Neon Data API integration on a specific branch — the subset of
|
|
100
|
+
* the Neon API `DataAPIReponse` we model. `settings` is only populated for SubZero-backed
|
|
101
|
+
* integrations (the API returns `null` otherwise), so it is used for settings-drift diffing
|
|
102
|
+
* when present and ignored when absent.
|
|
103
|
+
*/
|
|
104
|
+
interface NeonDataApiSnapshot {
|
|
105
|
+
/** REST endpoint URL. */
|
|
106
|
+
url: string;
|
|
107
|
+
/** Deployment status (e.g. `"ready"`), when reported. */
|
|
108
|
+
status?: string;
|
|
109
|
+
/** Current runtime settings (SubZero only); `null`/absent when not reported. */
|
|
110
|
+
settings?: DataApiSettings | null;
|
|
111
|
+
}
|
|
112
|
+
/**
|
|
113
|
+
* Input for {@link NeonApi.enableProjectBranchDataApi} — the create-time wiring for a Data
|
|
114
|
+
* API integration (the subset of the Neon API `DataAPICreateRequest` we expose; the
|
|
115
|
+
* `add_default_grants` / `skip_auth_schema` create flags are intentionally not modeled).
|
|
116
|
+
* `authProvider` is the friendly `"neon"` / `"external"` value (mapped to the API's
|
|
117
|
+
* `neon_auth` / `external` by the adapter).
|
|
118
|
+
*/
|
|
119
|
+
interface EnableDataApiInput {
|
|
120
|
+
authProvider?: DataApiAuthProvider;
|
|
121
|
+
jwksUrl?: string;
|
|
122
|
+
providerName?: string;
|
|
123
|
+
jwtAudience?: string;
|
|
124
|
+
settings?: DataApiSettings;
|
|
125
|
+
}
|
|
126
|
+
/**
|
|
127
|
+
* A branchable object-storage bucket (Preview). Backed by the Neon Platform
|
|
128
|
+
* branchable-storage service.
|
|
129
|
+
*/
|
|
130
|
+
interface NeonBucketSnapshot {
|
|
131
|
+
name: string;
|
|
132
|
+
accessLevel: BucketAccessLevel;
|
|
133
|
+
}
|
|
134
|
+
/**
|
|
135
|
+
* S3-compatible connection details for a branch's object storage (Preview) — the
|
|
136
|
+
* `BranchStorage` shape from `GET /projects/{id}/branches/{id}/storage`. Non-secret: it
|
|
137
|
+
* carries the endpoint/region/addressing the S3 SDK needs, while the access keys come from
|
|
138
|
+
* a minted {@link NeonCredentialSecret}. `forcePathStyle` is always `true` today (Neon's
|
|
139
|
+
* wildcard TLS cert puts the branch id in the subdomain, so the bucket must travel in the
|
|
140
|
+
* path).
|
|
141
|
+
*/
|
|
142
|
+
interface NeonBranchStorageSnapshot {
|
|
143
|
+
/** S3-compatible endpoint URL, e.g. `https://br-….storage.<suffix>`. */
|
|
144
|
+
s3Endpoint: string;
|
|
145
|
+
/** AWS region string, normalized server-side (e.g. `us-east-2`, `us-east-1`). */
|
|
146
|
+
region: string;
|
|
147
|
+
/** Whether the S3 client must use path-style addressing (always `true` today). */
|
|
148
|
+
forcePathStyle: boolean;
|
|
149
|
+
}
|
|
150
|
+
/**
|
|
151
|
+
* Input for creating a bucket on a branch.
|
|
152
|
+
*/
|
|
153
|
+
interface CreateBucketInput {
|
|
154
|
+
name: string;
|
|
155
|
+
accessLevel?: BucketAccessLevel;
|
|
156
|
+
}
|
|
157
|
+
/**
|
|
158
|
+
* A Neon Function on a branch (Preview). Mirrors the subset of the Functions API we model:
|
|
159
|
+
* the immutable `slug`, the display `name`, and the active deployment id when one exists.
|
|
160
|
+
*/
|
|
161
|
+
interface NeonFunctionSnapshot {
|
|
162
|
+
/** Opaque, stable function identifier. */
|
|
163
|
+
id: string;
|
|
164
|
+
/** Branch-unique slug (the invocation path segment). Immutable. */
|
|
165
|
+
slug: string;
|
|
166
|
+
/** Free-form display name. */
|
|
167
|
+
name: string;
|
|
168
|
+
/** URL at which the function is invoked. */
|
|
169
|
+
invocationUrl: string;
|
|
170
|
+
/** Id (platform version number) of the active deployment, when any code is deployed. */
|
|
171
|
+
activeDeploymentId?: number;
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Input for deploying code to a function. `bundle` is the already-built ZIP archive of the
|
|
175
|
+
* function source — building it (esbuild + zip) is an imperative step performed by the
|
|
176
|
+
* caller, not by the {@link NeonApi} adapter.
|
|
177
|
+
*/
|
|
178
|
+
interface DeployFunctionInput {
|
|
179
|
+
bundle: Uint8Array;
|
|
180
|
+
runtime: FunctionRuntime;
|
|
181
|
+
environment: Record<string, string>;
|
|
182
|
+
}
|
|
183
|
+
/**
|
|
184
|
+
* A function deployment (Preview).
|
|
185
|
+
*/
|
|
186
|
+
interface NeonFunctionDeploymentSnapshot {
|
|
187
|
+
/** The deployment id (monotonic per function). */
|
|
188
|
+
id: number;
|
|
189
|
+
status: "pending" | "building" | "completed" | "failed";
|
|
190
|
+
}
|
|
191
|
+
/**
|
|
192
|
+
* Input for {@link NeonApi.createCredential}. Mirrors the Neon API `CreateCredentialRequest`
|
|
193
|
+
* (`POST .../credentials`, `x-stability-level: beta`):
|
|
194
|
+
*
|
|
195
|
+
* - `scopes` — 1–16 capabilities the credential may exercise (derived from the policy's
|
|
196
|
+
* enabled Preview features, never hand-authored).
|
|
197
|
+
* - `principalType` — `user` (developer/app) or `function` (a deployed function).
|
|
198
|
+
* - `functionId` — required when `principalType === "function"`.
|
|
199
|
+
* - `name` — optional free-form label echoed back on the response.
|
|
200
|
+
*/
|
|
201
|
+
interface CreateCredentialInput {
|
|
202
|
+
scopes: CredentialScope[];
|
|
203
|
+
principalType: CredentialPrincipalType;
|
|
204
|
+
functionId?: string;
|
|
205
|
+
name?: string;
|
|
206
|
+
}
|
|
207
|
+
/**
|
|
208
|
+
* The secret-bearing result of {@link NeonApi.createCredential} — the Neon API
|
|
209
|
+
* `CreateCredentialResponse`. `apiToken` and `s3SecretAccessKey` are returned **exactly
|
|
210
|
+
* once** (they are not stored server-side), so the caller must persist them immediately;
|
|
211
|
+
* they can never be re-fetched (the list endpoint returns metadata only). `tokenIdShort`
|
|
212
|
+
* is the public identifier embedded in `apiToken` (`nt_live_<tokenIdShort>_…`) and doubles
|
|
213
|
+
* as the S3 access-key id.
|
|
214
|
+
*/
|
|
215
|
+
interface NeonCredentialSecret {
|
|
216
|
+
tokenId: string;
|
|
217
|
+
tokenIdShort: string;
|
|
218
|
+
name?: string;
|
|
219
|
+
/** Bearer token (`nt_live_…`); returned once. Used for AI Gateway / Functions invoke. */
|
|
220
|
+
apiToken: string;
|
|
221
|
+
/** 64-char hex S3 secret access key; returned once. Paired with `tokenIdShort` as the access-key id. */
|
|
222
|
+
s3SecretAccessKey: string;
|
|
223
|
+
scopes: CredentialScope[];
|
|
224
|
+
branchId: string;
|
|
225
|
+
createdAt: string;
|
|
226
|
+
/** When the credential expires; absent means it never expires. */
|
|
227
|
+
expiresAt?: string;
|
|
228
|
+
}
|
|
229
|
+
/**
|
|
230
|
+
* Secret-free metadata for an issued credential — the Neon API `CredentialMeta` returned by
|
|
231
|
+
* {@link NeonApi.listCredentials}. Never includes `apiToken` / `s3SecretAccessKey`.
|
|
232
|
+
*/
|
|
233
|
+
interface NeonCredentialMeta {
|
|
234
|
+
tokenId: string;
|
|
235
|
+
tokenIdShort: string;
|
|
236
|
+
name?: string;
|
|
237
|
+
scopes: CredentialScope[];
|
|
238
|
+
principalType: CredentialPrincipalType;
|
|
239
|
+
functionId?: string;
|
|
240
|
+
branchId?: string;
|
|
241
|
+
createdAt: string;
|
|
242
|
+
lastUsedAt?: string;
|
|
243
|
+
revokedAt?: string;
|
|
244
|
+
expiresAt?: string;
|
|
245
|
+
}
|
|
246
|
+
/**
|
|
247
|
+
* Parameters accepted by {@link NeonApi.getConnectionUri}. `branchId` and `endpointId`
|
|
248
|
+
* are optional — when omitted, the API uses the project's default branch and that
|
|
249
|
+
* branch's read-write endpoint, respectively.
|
|
250
|
+
*/
|
|
251
|
+
interface GetConnectionUriInput {
|
|
252
|
+
branchId?: string;
|
|
253
|
+
endpointId?: string;
|
|
254
|
+
databaseName: string;
|
|
255
|
+
roleName: string;
|
|
256
|
+
/** When `true`, returns the pooled (PgBouncer) URI instead of the direct URI. */
|
|
257
|
+
pooled?: boolean;
|
|
258
|
+
}
|
|
259
|
+
/**
|
|
260
|
+
* Narrow façade over the Neon management API. `pullConfig`, `pushConfig`, and `fetchEnv`
|
|
261
|
+
* depend on this interface — *not* on `@neondatabase/api-client` directly — which lets us
|
|
262
|
+
* inject a real in-memory fake during tests without resorting to module mocks.
|
|
263
|
+
*/
|
|
264
|
+
interface NeonApi {
|
|
265
|
+
listProjects(filter: {
|
|
266
|
+
orgId?: string;
|
|
267
|
+
}): Promise<NeonProjectSnapshot[]>;
|
|
268
|
+
getProject(projectId: string): Promise<NeonProjectSnapshot>;
|
|
269
|
+
createProject(input: CreateProjectInput): Promise<NeonProjectSnapshot>;
|
|
270
|
+
updateProject(projectId: string, input: {
|
|
271
|
+
name?: string;
|
|
272
|
+
defaultEndpointSettings?: ComputeSettings;
|
|
273
|
+
}): Promise<NeonProjectSnapshot>;
|
|
274
|
+
listBranches(projectId: string): Promise<NeonBranchSnapshot[]>;
|
|
275
|
+
createBranch(projectId: string, input: CreateBranchInput): Promise<{
|
|
276
|
+
branch: NeonBranchSnapshot;
|
|
277
|
+
endpoints: NeonEndpointSnapshot[];
|
|
278
|
+
}>;
|
|
279
|
+
updateBranch(projectId: string, branchId: string, input: UpdateBranchInput): Promise<NeonBranchSnapshot>;
|
|
280
|
+
listEndpoints(projectId: string): Promise<NeonEndpointSnapshot[]>;
|
|
281
|
+
updateEndpoint(projectId: string, endpointId: string, settings: ComputeSettings): Promise<NeonEndpointSnapshot>;
|
|
282
|
+
/** List roles on a branch. Used by {@link fetchEnv} to auto-pick the role when only one exists. */
|
|
283
|
+
listBranchRoles(projectId: string, branchId: string): Promise<NeonRoleSnapshot[]>;
|
|
284
|
+
/** List databases on a branch. Used by {@link fetchEnv} to auto-pick the database when only one exists. */
|
|
285
|
+
listBranchDatabases(projectId: string, branchId: string): Promise<NeonDatabaseSnapshot[]>;
|
|
286
|
+
/**
|
|
287
|
+
* Fetch a Postgres connection URI for the given role + database on a branch.
|
|
288
|
+
* Returns the same string the Neon Console shows under "Connection Details".
|
|
289
|
+
*/
|
|
290
|
+
getConnectionUri(projectId: string, input: GetConnectionUriInput): Promise<{
|
|
291
|
+
uri: string;
|
|
292
|
+
}>;
|
|
293
|
+
/**
|
|
294
|
+
* Fetch the Neon Auth integration attached to a specific branch. Returns `null` when
|
|
295
|
+
* no integration is enabled — used by `fetchEnv` to decide whether the `env.auth`
|
|
296
|
+
* namespace can be populated.
|
|
297
|
+
*/
|
|
298
|
+
getNeonAuth(projectId: string, branchId: string): Promise<NeonAuthSnapshot | null>;
|
|
299
|
+
/**
|
|
300
|
+
* Enable the Neon Auth integration on a specific branch. Idempotent: if an integration
|
|
301
|
+
* is already enabled, the existing snapshot is returned unchanged. Used by
|
|
302
|
+
* `pushConfig` and `branch` to honour branch policy `auth: {}` / `auth.enabled: true`.
|
|
303
|
+
*/
|
|
304
|
+
enableNeonAuth(projectId: string, branchId: string, input?: {
|
|
305
|
+
databaseName?: string;
|
|
306
|
+
}): Promise<NeonAuthSnapshot>;
|
|
307
|
+
/**
|
|
308
|
+
* Fetch the Neon Data API integration attached to a specific branch + database.
|
|
309
|
+
* Returns `null` when no integration is enabled — used by `fetchEnv` to decide
|
|
310
|
+
* whether the `env.dataApi` namespace can be populated.
|
|
311
|
+
*/
|
|
312
|
+
getNeonDataApi(projectId: string, branchId: string, databaseName: string): Promise<NeonDataApiSnapshot | null>;
|
|
313
|
+
/**
|
|
314
|
+
* Enable the Neon Data API integration on a specific branch + database. Idempotent:
|
|
315
|
+
* if an integration is already enabled, the existing snapshot is returned unchanged.
|
|
316
|
+
* Used by `pushConfig` to honour branch policy `dataApi: {}` / `dataApi: { … }`. The
|
|
317
|
+
* optional {@link EnableDataApiInput} carries the create-time auth wiring + initial
|
|
318
|
+
* settings; omit it for an all-defaults, Neon-Auth integration.
|
|
319
|
+
*/
|
|
320
|
+
enableProjectBranchDataApi(projectId: string, branchId: string, databaseName: string, input?: EnableDataApiInput): Promise<NeonDataApiSnapshot>;
|
|
321
|
+
/**
|
|
322
|
+
* Update the runtime {@link DataApiSettings} of an already-enabled Data API integration
|
|
323
|
+
* (the Neon API `PATCH .../data-api/{db}`; always refreshes the schema cache). Only
|
|
324
|
+
* `settings` are mutable post-create — the auth provider / JWKS wiring is fixed at
|
|
325
|
+
* enable time. Used by `pushConfig` to reconcile settings drift under `updateExisting`.
|
|
326
|
+
*/
|
|
327
|
+
updateProjectBranchDataApi(projectId: string, branchId: string, databaseName: string, settings: DataApiSettings): Promise<NeonDataApiSnapshot>;
|
|
328
|
+
/** List branchable object-storage buckets visible on a branch. */
|
|
329
|
+
listBranchBuckets(projectId: string, branchId: string): Promise<NeonBucketSnapshot[]>;
|
|
330
|
+
/** Create a bucket on a branch. Used by `pushConfig` to honour `preview.buckets`. */
|
|
331
|
+
createBranchBucket(projectId: string, branchId: string, input: CreateBucketInput): Promise<NeonBucketSnapshot>;
|
|
332
|
+
/** Delete a bucket from a branch. */
|
|
333
|
+
deleteBranchBucket(projectId: string, branchId: string, bucketName: string): Promise<void>;
|
|
334
|
+
/**
|
|
335
|
+
* Fetch the branch's S3-compatible object-storage connection details (endpoint, region,
|
|
336
|
+
* path-style). Returns `null` when storage is not enabled for the branch (the API's 404
|
|
337
|
+
* `BranchStorageNotEnabled`). Used by `fetchEnv` to populate the `AWS_*` storage env
|
|
338
|
+
* alongside the minted credential's access keys.
|
|
339
|
+
*/
|
|
340
|
+
getProjectBranchStorage(projectId: string, branchId: string): Promise<NeonBranchStorageSnapshot | null>;
|
|
341
|
+
/** List functions on a branch. */
|
|
342
|
+
listBranchFunctions(projectId: string, branchId: string): Promise<NeonFunctionSnapshot[]>;
|
|
343
|
+
/** Delete a function (by slug) from a branch. */
|
|
344
|
+
deleteBranchFunction(projectId: string, branchId: string, slug: string): Promise<void>;
|
|
345
|
+
/**
|
|
346
|
+
* Deploy a built bundle to a function, creating the function if it does not yet exist —
|
|
347
|
+
* Neon has no separate create endpoint, so the first deployment to a slug creates the
|
|
348
|
+
* function. The newest deployment becomes active. The `bundle` is built (esbuild + zip)
|
|
349
|
+
* by the caller and passed in as bytes.
|
|
350
|
+
*/
|
|
351
|
+
deployBranchFunction(projectId: string, branchId: string, slug: string, input: DeployFunctionInput): Promise<NeonFunctionDeploymentSnapshot>;
|
|
352
|
+
/**
|
|
353
|
+
* Mint a new scoped service credential on a branch (`POST .../credentials`). The
|
|
354
|
+
* returned {@link NeonCredentialSecret} carries `apiToken` + `s3SecretAccessKey`
|
|
355
|
+
* **once** — persist them immediately. Used by `fetchEnv` / `env pull` to issue the
|
|
356
|
+
* unified credential for the branch's enabled Preview features (object storage, AI
|
|
357
|
+
* Gateway, Functions).
|
|
358
|
+
*/
|
|
359
|
+
createCredential(projectId: string, branchId: string, input: CreateCredentialInput): Promise<NeonCredentialSecret>;
|
|
360
|
+
/**
|
|
361
|
+
* List the secret-free metadata for credentials issued on a branch
|
|
362
|
+
* (`GET .../credentials`). Used to report issued credentials (e.g. `config status`)
|
|
363
|
+
* and to verify a persisted credential still exists / isn't revoked.
|
|
364
|
+
*/
|
|
365
|
+
listCredentials(projectId: string, branchId: string): Promise<NeonCredentialMeta[]>;
|
|
366
|
+
/**
|
|
367
|
+
* Revoke (soft-delete) a credential by its `tokenId` (`DELETE .../credentials/{id}`).
|
|
368
|
+
* Idempotent.
|
|
369
|
+
*/
|
|
370
|
+
revokeCredential(projectId: string, branchId: string, tokenId: string): Promise<void>;
|
|
371
|
+
}
|
|
372
|
+
//#endregion
|
|
373
|
+
//#endregion
|
|
374
|
+
export { CreateBranchInput, CreateBucketInput, CreateCredentialInput, CreateProjectInput, DeployFunctionInput, EnableDataApiInput, GetConnectionUriInput, NeonApi, NeonAuthSnapshot, NeonBranchSnapshot, NeonBranchStorageSnapshot, NeonBucketSnapshot, NeonCredentialMeta, NeonCredentialSecret, NeonDataApiSnapshot, NeonDatabaseSnapshot, NeonEndpointSnapshot, NeonFunctionDeploymentSnapshot, NeonFunctionSnapshot, NeonProjectSnapshot, NeonRoleSnapshot, UpdateBranchInput };
|
|
375
|
+
//# sourceMappingURL=neon-api.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"neon-api.d.ts","names":["BucketAccessLevel","ComputeSettings","CredentialPrincipalType","CredentialScope","DataApiAuthProvider","DataApiSettings","FunctionRuntime","NeonProjectSnapshot","NeonBranchSnapshot","NeonEndpointSnapshot","CreateProjectInput","CreateBranchInput","UpdateBranchInput","NeonRoleSnapshot","NeonDatabaseSnapshot","NeonAuthSnapshot","NeonDataApiSnapshot","EnableDataApiInput","NeonBucketSnapshot","NeonBranchStorageSnapshot","CreateBucketInput","NeonFunctionSnapshot","DeployFunctionInput","Uint8Array","Record","NeonFunctionDeploymentSnapshot","CreateCredentialInput","NeonCredentialSecret","NeonCredentialMeta","GetConnectionUriInput","NeonApi","Promise"],"sources":["../../../../../config/dist/lib/neon-api.d.ts"],"sourcesContent":["import { BucketAccessLevel, ComputeSettings, CredentialPrincipalType, CredentialScope, DataApiAuthProvider, DataApiSettings, FunctionRuntime } from \"./types.js\";\n\n//#region src/lib/neon-api.d.ts\n\n/**\n * Snapshot of a Neon project field set we care about. Maps onto a subset of the upstream\n * `@neondatabase/api-client` `Project` type. We do **not** widen this to the full upstream\n * shape — keeping the surface narrow makes the in-memory fake practical to maintain.\n */\ninterface NeonProjectSnapshot {\n id: string;\n name: string;\n regionId: string;\n pgVersion: number;\n orgId?: string;\n defaultEndpointSettings?: ComputeSettings;\n}\ninterface NeonBranchSnapshot {\n id: string;\n name: string;\n parentId?: string;\n isDefault: boolean;\n /** Whether the branch is marked protected on Neon. */\n protected: boolean;\n expiresAt?: string;\n}\ninterface NeonEndpointSnapshot {\n id: string;\n branchId: string;\n type: \"read_only\" | \"read_write\";\n autoscalingLimitMinCu: ComputeSettings[\"autoscalingLimitMinCu\"];\n autoscalingLimitMaxCu: ComputeSettings[\"autoscalingLimitMaxCu\"];\n suspendTimeout: ComputeSettings[\"suspendTimeout\"];\n}\ninterface CreateProjectInput {\n name: string;\n regionId: string;\n pgVersion?: number;\n orgId?: string;\n defaultEndpointSettings?: ComputeSettings;\n /**\n * Optional name for the project's auto-created default branch. When omitted, Neon\n * uses its own default (`main`).\n */\n defaultBranchName?: string;\n}\ninterface CreateBranchInput {\n name: string;\n parentId?: string;\n expiresAt?: string;\n /** When `true`, the branch is created with the `protected` flag set on Neon. */\n protected?: boolean;\n computeSettings?: ComputeSettings;\n}\ninterface UpdateBranchInput {\n name?: string;\n expiresAt?: string | null;\n /** When set, toggles the branch's `protected` flag on Neon. */\n protected?: boolean;\n}\n/**\n * A role on a Neon branch (e.g. `neondb_owner`). Passwords are never returned by\n * {@link NeonApi.listBranchRoles}; use {@link NeonApi.getConnectionUri} to fetch a URI\n * with the role's password baked in.\n */\ninterface NeonRoleSnapshot {\n name: string;\n branchId: string;\n /** Whether the role is system-protected (cannot be deleted). */\n protected: boolean;\n}\n/**\n * A database on a Neon branch (e.g. `neondb`).\n */\ninterface NeonDatabaseSnapshot {\n name: string;\n branchId: string;\n /** The role that owns the database (one role can own multiple databases). */\n ownerName: string;\n}\n/**\n * Bits of a Neon Auth integration. The key fields are optional because the Neon API only\n * includes them on create / rotate responses; `GET /auth` returns the public fields.\n */\ninterface NeonAuthSnapshot {\n /** The Neon Auth project id (`auth_provider_project_id` on the Neon API). */\n projectId: string;\n /** Public client key (`pub_client_key`), only present on create / rotate responses. */\n publishableClientKey?: string;\n /** Secret server key (`secret_server_key`), only present on create / rotate responses. */\n secretServerKey?: string;\n /** JWKS URL for verifying tokens issued by Neon Auth. */\n jwksUrl: string;\n /** Optional base URL of the Neon Auth deployment. */\n baseUrl?: string;\n}\n/**\n * Public, fetchable bits of a Neon Data API integration on a specific branch — the subset of\n * the Neon API `DataAPIReponse` we model. `settings` is only populated for SubZero-backed\n * integrations (the API returns `null` otherwise), so it is used for settings-drift diffing\n * when present and ignored when absent.\n */\ninterface NeonDataApiSnapshot {\n /** REST endpoint URL. */\n url: string;\n /** Deployment status (e.g. `\"ready\"`), when reported. */\n status?: string;\n /** Current runtime settings (SubZero only); `null`/absent when not reported. */\n settings?: DataApiSettings | null;\n}\n/**\n * Input for {@link NeonApi.enableProjectBranchDataApi} — the create-time wiring for a Data\n * API integration (the subset of the Neon API `DataAPICreateRequest` we expose; the\n * `add_default_grants` / `skip_auth_schema` create flags are intentionally not modeled).\n * `authProvider` is the friendly `\"neon\"` / `\"external\"` value (mapped to the API's\n * `neon_auth` / `external` by the adapter).\n */\ninterface EnableDataApiInput {\n authProvider?: DataApiAuthProvider;\n jwksUrl?: string;\n providerName?: string;\n jwtAudience?: string;\n settings?: DataApiSettings;\n}\n/**\n * A branchable object-storage bucket (Preview). Backed by the Neon Platform\n * branchable-storage service.\n */\ninterface NeonBucketSnapshot {\n name: string;\n accessLevel: BucketAccessLevel;\n}\n/**\n * S3-compatible connection details for a branch's object storage (Preview) — the\n * `BranchStorage` shape from `GET /projects/{id}/branches/{id}/storage`. Non-secret: it\n * carries the endpoint/region/addressing the S3 SDK needs, while the access keys come from\n * a minted {@link NeonCredentialSecret}. `forcePathStyle` is always `true` today (Neon's\n * wildcard TLS cert puts the branch id in the subdomain, so the bucket must travel in the\n * path).\n */\ninterface NeonBranchStorageSnapshot {\n /** S3-compatible endpoint URL, e.g. `https://br-….storage.<suffix>`. */\n s3Endpoint: string;\n /** AWS region string, normalized server-side (e.g. `us-east-2`, `us-east-1`). */\n region: string;\n /** Whether the S3 client must use path-style addressing (always `true` today). */\n forcePathStyle: boolean;\n}\n/**\n * Input for creating a bucket on a branch.\n */\ninterface CreateBucketInput {\n name: string;\n accessLevel?: BucketAccessLevel;\n}\n/**\n * A Neon Function on a branch (Preview). Mirrors the subset of the Functions API we model:\n * the immutable `slug`, the display `name`, and the active deployment id when one exists.\n */\ninterface NeonFunctionSnapshot {\n /** Opaque, stable function identifier. */\n id: string;\n /** Branch-unique slug (the invocation path segment). Immutable. */\n slug: string;\n /** Free-form display name. */\n name: string;\n /** URL at which the function is invoked. */\n invocationUrl: string;\n /** Id (platform version number) of the active deployment, when any code is deployed. */\n activeDeploymentId?: number;\n}\n/**\n * Input for deploying code to a function. `bundle` is the already-built ZIP archive of the\n * function source — building it (esbuild + zip) is an imperative step performed by the\n * caller, not by the {@link NeonApi} adapter.\n */\ninterface DeployFunctionInput {\n bundle: Uint8Array;\n runtime: FunctionRuntime;\n environment: Record<string, string>;\n}\n/**\n * A function deployment (Preview).\n */\ninterface NeonFunctionDeploymentSnapshot {\n /** The deployment id (monotonic per function). */\n id: number;\n status: \"pending\" | \"building\" | \"completed\" | \"failed\";\n}\n/**\n * Input for {@link NeonApi.createCredential}. Mirrors the Neon API `CreateCredentialRequest`\n * (`POST .../credentials`, `x-stability-level: beta`):\n *\n * - `scopes` — 1–16 capabilities the credential may exercise (derived from the policy's\n * enabled Preview features, never hand-authored).\n * - `principalType` — `user` (developer/app) or `function` (a deployed function).\n * - `functionId` — required when `principalType === \"function\"`.\n * - `name` — optional free-form label echoed back on the response.\n */\ninterface CreateCredentialInput {\n scopes: CredentialScope[];\n principalType: CredentialPrincipalType;\n functionId?: string;\n name?: string;\n}\n/**\n * The secret-bearing result of {@link NeonApi.createCredential} — the Neon API\n * `CreateCredentialResponse`. `apiToken` and `s3SecretAccessKey` are returned **exactly\n * once** (they are not stored server-side), so the caller must persist them immediately;\n * they can never be re-fetched (the list endpoint returns metadata only). `tokenIdShort`\n * is the public identifier embedded in `apiToken` (`nt_live_<tokenIdShort>_…`) and doubles\n * as the S3 access-key id.\n */\ninterface NeonCredentialSecret {\n tokenId: string;\n tokenIdShort: string;\n name?: string;\n /** Bearer token (`nt_live_…`); returned once. Used for AI Gateway / Functions invoke. */\n apiToken: string;\n /** 64-char hex S3 secret access key; returned once. Paired with `tokenIdShort` as the access-key id. */\n s3SecretAccessKey: string;\n scopes: CredentialScope[];\n branchId: string;\n createdAt: string;\n /** When the credential expires; absent means it never expires. */\n expiresAt?: string;\n}\n/**\n * Secret-free metadata for an issued credential — the Neon API `CredentialMeta` returned by\n * {@link NeonApi.listCredentials}. Never includes `apiToken` / `s3SecretAccessKey`.\n */\ninterface NeonCredentialMeta {\n tokenId: string;\n tokenIdShort: string;\n name?: string;\n scopes: CredentialScope[];\n principalType: CredentialPrincipalType;\n functionId?: string;\n branchId?: string;\n createdAt: string;\n lastUsedAt?: string;\n revokedAt?: string;\n expiresAt?: string;\n}\n/**\n * Parameters accepted by {@link NeonApi.getConnectionUri}. `branchId` and `endpointId`\n * are optional — when omitted, the API uses the project's default branch and that\n * branch's read-write endpoint, respectively.\n */\ninterface GetConnectionUriInput {\n branchId?: string;\n endpointId?: string;\n databaseName: string;\n roleName: string;\n /** When `true`, returns the pooled (PgBouncer) URI instead of the direct URI. */\n pooled?: boolean;\n}\n/**\n * Narrow façade over the Neon management API. `pullConfig`, `pushConfig`, and `fetchEnv`\n * depend on this interface — *not* on `@neondatabase/api-client` directly — which lets us\n * inject a real in-memory fake during tests without resorting to module mocks.\n */\ninterface NeonApi {\n listProjects(filter: {\n orgId?: string;\n }): Promise<NeonProjectSnapshot[]>;\n getProject(projectId: string): Promise<NeonProjectSnapshot>;\n createProject(input: CreateProjectInput): Promise<NeonProjectSnapshot>;\n updateProject(projectId: string, input: {\n name?: string;\n defaultEndpointSettings?: ComputeSettings;\n }): Promise<NeonProjectSnapshot>;\n listBranches(projectId: string): Promise<NeonBranchSnapshot[]>;\n createBranch(projectId: string, input: CreateBranchInput): Promise<{\n branch: NeonBranchSnapshot;\n endpoints: NeonEndpointSnapshot[];\n }>;\n updateBranch(projectId: string, branchId: string, input: UpdateBranchInput): Promise<NeonBranchSnapshot>;\n listEndpoints(projectId: string): Promise<NeonEndpointSnapshot[]>;\n updateEndpoint(projectId: string, endpointId: string, settings: ComputeSettings): Promise<NeonEndpointSnapshot>;\n /** List roles on a branch. Used by {@link fetchEnv} to auto-pick the role when only one exists. */\n listBranchRoles(projectId: string, branchId: string): Promise<NeonRoleSnapshot[]>;\n /** List databases on a branch. Used by {@link fetchEnv} to auto-pick the database when only one exists. */\n listBranchDatabases(projectId: string, branchId: string): Promise<NeonDatabaseSnapshot[]>;\n /**\n * Fetch a Postgres connection URI for the given role + database on a branch.\n * Returns the same string the Neon Console shows under \"Connection Details\".\n */\n getConnectionUri(projectId: string, input: GetConnectionUriInput): Promise<{\n uri: string;\n }>;\n /**\n * Fetch the Neon Auth integration attached to a specific branch. Returns `null` when\n * no integration is enabled — used by `fetchEnv` to decide whether the `env.auth`\n * namespace can be populated.\n */\n getNeonAuth(projectId: string, branchId: string): Promise<NeonAuthSnapshot | null>;\n /**\n * Enable the Neon Auth integration on a specific branch. Idempotent: if an integration\n * is already enabled, the existing snapshot is returned unchanged. Used by\n * `pushConfig` and `branch` to honour branch policy `auth: {}` / `auth.enabled: true`.\n */\n enableNeonAuth(projectId: string, branchId: string, input?: {\n databaseName?: string;\n }): Promise<NeonAuthSnapshot>;\n /**\n * Fetch the Neon Data API integration attached to a specific branch + database.\n * Returns `null` when no integration is enabled — used by `fetchEnv` to decide\n * whether the `env.dataApi` namespace can be populated.\n */\n getNeonDataApi(projectId: string, branchId: string, databaseName: string): Promise<NeonDataApiSnapshot | null>;\n /**\n * Enable the Neon Data API integration on a specific branch + database. Idempotent:\n * if an integration is already enabled, the existing snapshot is returned unchanged.\n * Used by `pushConfig` to honour branch policy `dataApi: {}` / `dataApi: { … }`. The\n * optional {@link EnableDataApiInput} carries the create-time auth wiring + initial\n * settings; omit it for an all-defaults, Neon-Auth integration.\n */\n enableProjectBranchDataApi(projectId: string, branchId: string, databaseName: string, input?: EnableDataApiInput): Promise<NeonDataApiSnapshot>;\n /**\n * Update the runtime {@link DataApiSettings} of an already-enabled Data API integration\n * (the Neon API `PATCH .../data-api/{db}`; always refreshes the schema cache). Only\n * `settings` are mutable post-create — the auth provider / JWKS wiring is fixed at\n * enable time. Used by `pushConfig` to reconcile settings drift under `updateExisting`.\n */\n updateProjectBranchDataApi(projectId: string, branchId: string, databaseName: string, settings: DataApiSettings): Promise<NeonDataApiSnapshot>;\n /** List branchable object-storage buckets visible on a branch. */\n listBranchBuckets(projectId: string, branchId: string): Promise<NeonBucketSnapshot[]>;\n /** Create a bucket on a branch. Used by `pushConfig` to honour `preview.buckets`. */\n createBranchBucket(projectId: string, branchId: string, input: CreateBucketInput): Promise<NeonBucketSnapshot>;\n /** Delete a bucket from a branch. */\n deleteBranchBucket(projectId: string, branchId: string, bucketName: string): Promise<void>;\n /**\n * Fetch the branch's S3-compatible object-storage connection details (endpoint, region,\n * path-style). Returns `null` when storage is not enabled for the branch (the API's 404\n * `BranchStorageNotEnabled`). Used by `fetchEnv` to populate the `AWS_*` storage env\n * alongside the minted credential's access keys.\n */\n getProjectBranchStorage(projectId: string, branchId: string): Promise<NeonBranchStorageSnapshot | null>;\n /** List functions on a branch. */\n listBranchFunctions(projectId: string, branchId: string): Promise<NeonFunctionSnapshot[]>;\n /** Delete a function (by slug) from a branch. */\n deleteBranchFunction(projectId: string, branchId: string, slug: string): Promise<void>;\n /**\n * Deploy a built bundle to a function, creating the function if it does not yet exist —\n * Neon has no separate create endpoint, so the first deployment to a slug creates the\n * function. The newest deployment becomes active. The `bundle` is built (esbuild + zip)\n * by the caller and passed in as bytes.\n */\n deployBranchFunction(projectId: string, branchId: string, slug: string, input: DeployFunctionInput): Promise<NeonFunctionDeploymentSnapshot>;\n /**\n * Mint a new scoped service credential on a branch (`POST .../credentials`). The\n * returned {@link NeonCredentialSecret} carries `apiToken` + `s3SecretAccessKey`\n * **once** — persist them immediately. Used by `fetchEnv` / `env pull` to issue the\n * unified credential for the branch's enabled Preview features (object storage, AI\n * Gateway, Functions).\n */\n createCredential(projectId: string, branchId: string, input: CreateCredentialInput): Promise<NeonCredentialSecret>;\n /**\n * List the secret-free metadata for credentials issued on a branch\n * (`GET .../credentials`). Used to report issued credentials (e.g. `config status`)\n * and to verify a persisted credential still exists / isn't revoked.\n */\n listCredentials(projectId: string, branchId: string): Promise<NeonCredentialMeta[]>;\n /**\n * Revoke (soft-delete) a credential by its `tokenId` (`DELETE .../credentials/{id}`).\n * Idempotent.\n */\n revokeCredential(projectId: string, branchId: string, tokenId: string): Promise<void>;\n}\n//#endregion\nexport { CreateBranchInput, CreateBucketInput, CreateCredentialInput, CreateProjectInput, DeployFunctionInput, EnableDataApiInput, GetConnectionUriInput, NeonApi, NeonAuthSnapshot, NeonBranchSnapshot, NeonBranchStorageSnapshot, NeonBucketSnapshot, NeonCredentialMeta, NeonCredentialSecret, NeonDataApiSnapshot, NeonDatabaseSnapshot, NeonEndpointSnapshot, NeonFunctionDeploymentSnapshot, NeonFunctionSnapshot, NeonProjectSnapshot, NeonRoleSnapshot, UpdateBranchInput };\n//# sourceMappingURL=neon-api.d.ts.map"],"mappings":";;;;;AAe2C;AAEf;;;;UARlBO,mBAAAA,CAuBQN;EAAe,EAAA,EAAA,MAAA;EAAA,IAEvBS,EAAAA,MAAAA;EAKiC,QAOjCC,EAAAA,MAAAA;EAMyB,SAEzBC,EAAAA,MAAAA;EAAiB,KAWjBC,CAAAA,EAAAA,MAAAA;EAAgB,uBAShBC,CAAAA,EA3DkBb,eA2DE;AAAA;AAUJ,UAnEhBO,kBAAAA,CAqFmB;EAMD,EASlBS,EAAAA,MAAAA;EAAkB,IAAA,EAAA,MAAA;UACXb,CAAAA,EAAAA,MAAAA;WAIJC,EAAAA,OAAAA;EAAe;EAAA,SAMlBa,EAAAA,OAAAA;EAEsB,SAUtBC,CAAAA,EAAAA,MAAAA;AAAyB;AAaF,UA/HvBV,oBAAAA,CAqIoB;EAAA,EAiBpBa,EAAAA,MAAAA;EAAmB,QAAA,EAAA,MAAA;QACnBC,WAAAA,GAAAA,YAAAA;uBACCjB,EApJcL,eAoJdK,CAAAA,uBAAAA,CAAAA;uBACIkB,EApJUvB,eAoJVuB,CAAAA,uBAAAA,CAAAA;EAAM,cAAA,EAnJHvB,eAmJG,CAAA,gBAAA,CAAA;AAAA;AAKmB,UAtJ9BS,kBAAAA,CAqKqB;EAAA,IAAA,EAAA,MAAA;UACrBP,EAAAA,MAAAA;WACOD,CAAAA,EAAAA,MAAAA;EAAuB,KAAA,CAAA,EAAA,MAAA;EAAA,uBAY9ByB,CAAAA,EA9KkB1B,eAsLlBE;EAAe;;;;EAee,iBAAA,CAAA,EAAA,MAAA;AAAA;AAaT,UA3MrBQ,iBAAAA,CAwNO;EAAA,IAAA,EAAA,MAAA;UAGHJ,CAAAA,EAAAA,MAAAA;WAARwB,CAAAA,EAAAA,MAAAA;;WAC2BA,CAAAA,EAAAA,OAAAA;iBACVrB,CAAAA,EAvNHT,eAuNGS;;UArNbE,iBAAAA,CAqNkCmB;OAGd9B,EAAAA,MAAAA;WAChBM,CAAAA,EAAAA,MAAAA,GAAAA,IAAAA;;WAC6BC,CAAAA,EAAAA,OAAAA;;;;;;;UA/MjCK,gBAAAA,CAoN6EL;QAARuB,MAAAA;UACnCtB,EAAAA,MAAAA;;WACsBR,EAAAA,OAAAA;;;;;UA7MxDa,oBAAAA,CAiN0DA;QAARiB,MAAAA;UAKfF,EAAAA,MAAAA;;WAQed,EAAAA,MAAAA;;;;;;UApNlDA,gBAAAA,CA0OsFE;;WAAqBc,EAAAA,MAAAA;;sBAOOf,CAAAA,EAAAA,MAAAA;;iBAE1DE,CAAAA,EAAAA,MAAAA;;SAEDE,EAAAA,MAAAA;;SAAoBW,CAAAA,EAAAA,MAAAA;;;;;;;;UAnO3Ef,mBAAAA,CAuPqGS;;OAQhDC,MAAAA;;QAAwBK,CAAAA,EAAAA,MAAAA;;UAM/BA,CAAAA,EA/P3C1B,eA+P2C0B,GAAAA,IAAAA;;AAKyB;;;;;;;UA3PvEd,kBAAAA;iBACOb;;;;aAIJC;;;;;;UAMHa,kBAAAA;;eAEKlB;;;;;;;;;;UAULmB,yBAAAA;;;;;;;;;;;UAWAC,iBAAAA;;gBAEMpB;;;;;;UAMNqB,oBAAAA;;;;;;;;;;;;;;;;;UAiBAC,mBAAAA;UACAC;WACCjB;eACIkB;;;;;UAKLC,8BAAAA;;;;;;;;;;;;;;;UAeAC,qBAAAA;UACAvB;iBACOD;;;;;;;;;;;;UAYPyB,oBAAAA;;;;;;;;UAQAxB;;;;;;;;;;UAUAyB,kBAAAA;;;;UAIAzB;iBACOD;;;;;;;;;;;;;UAaP2B,qBAAAA;;;;;;;;;;;;;UAaAC,OAAAA;;;MAGJC,QAAQxB;iCACmBwB,QAAQxB;uBAClBG,qBAAqBqB,QAAQxB;;;8BAGtBN;MACxB8B,QAAQxB;mCACqBwB,QAAQvB;yCACFG,oBAAoBoB;YACjDvB;eACGC;;2DAE4CG,oBAAoBmB,QAAQvB;oCACnDuB,QAAQtB;kEACsBR,kBAAkB8B,QAAQtB;;wDAEpCsB,QAAQlB;;4DAEJkB,QAAQjB;;;;;6CAKvBe,wBAAwBE;;;;;;;;oDAQjBA,QAAQhB;;;;;;;;MAQtDgB,QAAQhB;;;;;;6EAM+DgB,QAAQf;;;;;;;;gGAQWC,qBAAqBc,QAAQf;;;;;;;kGAO3BX,kBAAkB0B,QAAQf;;0DAElEe,QAAQb;;iEAEDE,oBAAoBW,QAAQb;;+EAEda;;;;;;;gEAOfA,QAAQZ;;4DAEZY,QAAQV;;2EAEOU;;;;;;;iFAOMT,sBAAsBS,QAAQN;;;;;;;;+DAQhDC,wBAAwBK,QAAQJ;;;;;;wDAMvCI,QAAQH;;;;;0EAKUG"}
|