@opsimathically/nodenetproccalld 0.0.1

package/dist/index.js

@@ -0,0 +1,2400 @@
+#!/usr/bin/env node
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __defNormalProp = (obj, key2, value) => key2 in obj ? __defProp(obj, key2, { enumerable: true, configurable: true, writable: true, value }) : obj[key2] = value;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key2 of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key2) && key2 !== except)
+        __defProp(to, key2, { get: () => from[key2], enumerable: !(desc = __getOwnPropDesc(from, key2)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __publicField = (obj, key2, value) => __defNormalProp(obj, typeof key2 !== "symbol" ? key2 + "" : key2, value);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  ApiKeyAuthorizer: () => ApiKeyAuthorizer,
+  ConfigFileLoader: () => ConfigFileLoader,
+  ConfigValidator: () => ConfigValidator,
+  DaemonCli: () => DaemonCli,
+  DaemonProcess: () => DaemonProcess,
+  NetworkProcedureCallDaemon: () => NetworkProcedureCallDaemon,
+  TlsMaterialGenerator: () => TlsMaterialGenerator
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/classes/apikeyauthorizer/ApiKeyAuthorizer.class.ts
+var import_node_crypto = __toESM(require("crypto"));
+function SafeTimingEqual(params) {
+  const left_buffer = Buffer.from(params.left_value, "utf8");
+  const right_buffer = Buffer.from(params.right_value, "utf8");
+  if (left_buffer.length !== right_buffer.length) {
+    const left_digest = import_node_crypto.default.createHash("sha256").update(left_buffer).digest();
+    const right_digest = import_node_crypto.default.createHash("sha256").update(right_buffer).digest();
+    import_node_crypto.default.timingSafeEqual(left_digest, right_digest);
+    return false;
+  }
+  return import_node_crypto.default.timingSafeEqual(left_buffer, right_buffer);
+}
+__name(SafeTimingEqual, "SafeTimingEqual");
+var _ApiKeyAuthorizer = class _ApiKeyAuthorizer {
+  constructor(params) {
+    __publicField(this, "api_key_entries");
+    this.api_key_entries = [
+      ...params.api_key_entries
+    ];
+  }
+  async authenticate(params) {
+    for (const api_key_entry of this.api_key_entries) {
+      if (!api_key_entry.enabled) {
+        continue;
+      }
+      if (!SafeTimingEqual({
+        left_value: api_key_entry.api_key,
+        right_value: params.auth_callback_params.api_key
+      })) {
+        continue;
+      }
+      if (!this.matchesIdentityConstraints({
+        api_key_entry,
+        auth_callback_params: params.auth_callback_params
+      })) {
+        continue;
+      }
+      return {
+        state: "authenticated",
+        privileges: [
+          ...api_key_entry.privileges
+        ]
+      };
+    }
+    return "failed";
+  }
+  matchesIdentityConstraints(params) {
+    const constraints = params.api_key_entry.identity_constraints;
+    if (!constraints) {
+      return true;
+    }
+    if (constraints.remote_address_regex && !constraints.remote_address_regex.test(params.auth_callback_params.remote_address)) {
+      return false;
+    }
+    if (constraints.tls_peer_subject_regex && !this.matchOptionalValue({
+      regex: constraints.tls_peer_subject_regex,
+      value: params.auth_callback_params.tls_peer_subject
+    })) {
+      return false;
+    }
+    if (constraints.tls_peer_san_regex && !this.matchOptionalValue({
+      regex: constraints.tls_peer_san_regex,
+      value: params.auth_callback_params.tls_peer_san
+    })) {
+      return false;
+    }
+    if (constraints.tls_peer_fingerprint256_regex && !this.matchOptionalValue({
+      regex: constraints.tls_peer_fingerprint256_regex,
+      value: params.auth_callback_params.tls_peer_fingerprint256
+    })) {
+      return false;
+    }
+    if (constraints.tls_peer_serial_number_regex && !this.matchOptionalValue({
+      regex: constraints.tls_peer_serial_number_regex,
+      value: params.auth_callback_params.tls_peer_serial_number
+    })) {
+      return false;
+    }
+    return true;
+  }
+  matchOptionalValue(params) {
+    if (!params.value) {
+      return false;
+    }
+    return params.regex.test(params.value);
+  }
+};
+__name(_ApiKeyAuthorizer, "ApiKeyAuthorizer");
+var ApiKeyAuthorizer = _ApiKeyAuthorizer;
+
+// src/classes/configfileloader/ConfigFileLoader.class.ts
+var import_node_fs = __toESM(require("fs"));
+var import_node_path = __toESM(require("path"));
+
+// node_modules/json5/dist/index.mjs
+var Space_Separator = /[\u1680\u2000-\u200A\u202F\u205F\u3000]/;
+var ID_Start = /[\xAA\xB5\xBA\xC0-\xD6\xD8-\xF6\xF8-\u02C1\u02C6-\u02D1\u02E0-\u02E4\u02EC\u02EE\u0370-\u0374\u0376\u0377\u037A-\u037D\u037F\u0386\u0388-\u038A\u038C\u038E-\u03A1\u03A3-\u03F5\u03F7-\u0481\u048A-\u052F\u0531-\u0556\u0559\u0561-\u0587\u05D0-\u05EA\u05F0-\u05F2\u0620-\u064A\u066E\u066F\u0671-\u06D3\u06D5\u06E5\u06E6\u06EE\u06EF\u06FA-\u06FC\u06FF\u0710\u0712-\u072F\u074D-\u07A5\u07B1\u07CA-\u07EA\u07F4\u07F5\u07FA\u0800-\u0815\u081A\u0824\u0828\u0840-\u0858\u0860-\u086A\u08A0-\u08B4\u08B6-\u08BD\u0904-\u0939\u093D\u0950\u0958-\u0961\u0971-\u0980\u0985-\u098C\u098F\u0990\u0993-\u09A8\u09AA-\u09B0\u09B2\u09B6-\u09B9\u09BD\u09CE\u09DC\u09DD\u09DF-\u09E1\u09F0\u09F1\u09FC\u0A05-\u0A0A\u0A0F\u0A10\u0A13-\u0A28\u0A2A-\u0A30\u0A32\u0A33\u0A35\u0A36\u0A38\u0A39\u0A59-\u0A5C\u0A5E\u0A72-\u0A74\u0A85-\u0A8D\u0A8F-\u0A91\u0A93-\u0AA8\u0AAA-\u0AB0\u0AB2\u0AB3\u0AB5-\u0AB9\u0ABD\u0AD0\u0AE0\u0AE1\u0AF9\u0B05-\u0B0C\u0B0F\u0B10\u0B13-\u0B28\u0B2A-\u0B30\u0B32\u0B33\u0B35-\u0B39\u0B3D\u0B5C\u0B5D\u0B5F-\u0B61\u0B71\u0B83\u0B85-\u0B8A\u0B8E-\u0B90\u0B92-\u0B95\u0B99\u0B9A\u0B9C\u0B9E\u0B9F\u0BA3\u0BA4\u0BA8-\u0BAA\u0BAE-\u0BB9\u0BD0\u0C05-\u0C0C\u0C0E-\u0C10\u0C12-\u0C28\u0C2A-\u0C39\u0C3D\u0C58-\u0C5A\u0C60\u0C61\u0C80\u0C85-\u0C8C\u0C8E-\u0C90\u0C92-\u0CA8\u0CAA-\u0CB3\u0CB5-\u0CB9\u0CBD\u0CDE\u0CE0\u0CE1\u0CF1\u0CF2\u0D05-\u0D0C\u0D0E-\u0D10\u0D12-\u0D3A\u0D3D\u0D4E\u0D54-\u0D56\u0D5F-\u0D61\u0D7A-\u0D7F\u0D85-\u0D96\u0D9A-\u0DB1\u0DB3-\u0DBB\u0DBD\u0DC0-\u0DC6\u0E01-\u0E30\u0E32\u0E33\u0E40-\u0E46\u0E81\u0E82\u0E84\u0E87\u0E88\u0E8A\u0E8D\u0E94-\u0E97\u0E99-\u0E9F\u0EA1-\u0EA3\u0EA5\u0EA7\u0EAA\u0EAB\u0EAD-\u0EB0\u0EB2\u0EB3\u0EBD\u0EC0-\u0EC4\u0EC6\u0EDC-\u0EDF\u0F00\u0F40-\u0F47\u0F49-\u0F6C\u0F88-\u0F8C\u1000-\u102A\u103F\u1050-\u1055\u105A-\u105D\u1061\u1065\u1066\u106E-\u1070\u1075-\u1081\u108E\u10A0-\u10C5\u10C7\u10CD\u10D0-\u10FA\u10FC-\u1248\u124A-\u124D\u1250-\u1256\u1258\u125A-\u125D\u1260-\u1288\u128A-\u128D\u1290-\u12B0\u12B2-\u12B5\u12B8-\u12BE\u12C0\u12C2-\u12C5\u12C8-\u12D6\u12D8-\u1310\u1312-\u1315\u1318-\u135A\u1380-\u138F\u13A0-\u13F5\u13F8-\u13FD\u1401-\u166C\u166F-\u167F\u1681-\u169A\u16A0-\u16EA\u16EE-\u16F8\u1700-\u170C\u170E-\u1711\u1720-\u1731\u1740-\u1751\u1760-\u176C\u176E-\u1770\u1780-\u17B3\u17D7\u17DC\u1820-\u1877\u1880-\u1884\u1887-\u18A8\u18AA\u18B0-\u18F5\u1900-\u191E\u1950-\u196D\u1970-\u1974\u1980-\u19AB\u19B0-\u19C9\u1A00-\u1A16\u1A20-\u1A54\u1AA7\u1B05-\u1B33\u1B45-\u1B4B\u1B83-\u1BA0\u1BAE\u1BAF\u1BBA-\u1BE5\u1C00-\u1C23\u1C4D-\u1C4F\u1C5A-\u1C7D\u1C80-\u1C88\u1CE9-\u1CEC\u1CEE-\u1CF1\u1CF5\u1CF6\u1D00-\u1DBF\u1E00-\u1F15\u1F18-\u1F1D\u1F20-\u1F45\u1F48-\u1F4D\u1F50-\u1F57\u1F59\u1F5B\u1F5D\u1F5F-\u1F7D\u1F80-\u1FB4\u1FB6-\u1FBC\u1FBE\u1FC2-\u1FC4\u1FC6-\u1FCC\u1FD0-\u1FD3\u1FD6-\u1FDB\u1FE0-\u1FEC\u1FF2-\u1FF4\u1FF6-\u1FFC\u2071\u207F\u2090-\u209C\u2102\u2107\u210A-\u2113\u2115\u2119-\u211D\u2124\u2126\u2128\u212A-\u212D\u212F-\u2139\u213C-\u213F\u2145-\u2149\u214E\u2160-\u2188\u2C00-\u2C2E\u2C30-\u2C5E\u2C60-\u2CE4\u2CEB-\u2CEE\u2CF2\u2CF3\u2D00-\u2D25\u2D27\u2D2D\u2D30-\u2D67\u2D6F\u2D80-\u2D96\u2DA0-\u2DA6\u2DA8-\u2DAE\u2DB0-\u2DB6\u2DB8-\u2DBE\u2DC0-\u2DC6\u2DC8-\u2DCE\u2DD0-\u2DD6\u2DD8-\u2DDE\u2E2F\u3005-\u3007\u3021-\u3029\u3031-\u3035\u3038-\u303C\u3041-\u3096\u309D-\u309F\u30A1-\u30FA\u30FC-\u30FF\u3105-\u312E\u3131-\u318E\u31A0-\u31BA\u31F0-\u31FF\u3400-\u4DB5\u4E00-\u9FEA\uA000-\uA48C\uA4D0-\uA4FD\uA500-\uA60C\uA610-\uA61F\uA62A\uA62B\uA640-\uA66E\uA67F-\uA69D\uA6A0-\uA6EF\uA717-\uA71F\uA722-\uA788\uA78B-\uA7AE\uA7B0-\uA7B7\uA7F7-\uA801\uA803-\uA805\uA807-\uA80A\uA80C-\uA822\uA840-\uA873\uA882-\uA8B3\uA8F2-\uA8F7\uA8FB\uA8FD\uA90A-\uA925\uA930-\uA946\uA960-\uA97C\uA984-\uA9B2\uA9CF\uA9E0-\uA9E4\uA9E6-\uA9EF\uA9FA-\uA9FE\uAA00-\uAA28\uAA40-\uAA42\uAA44-\uAA4B\uAA60-\uAA76\uAA7A\uAA7E-\uAAAF\uAAB1\uAAB5\uAAB6\uAAB9-\uAABD\uAAC0\uAAC2\uAADB-\uAADD\uAAE0-\uAAEA\uAAF2-\uAAF4\uAB01-\uAB06\uAB09-\uAB0E\uAB11-\uAB16\uAB20-\uAB26\uAB28-\uAB2E\uAB30-\uAB5A\uAB5C-\uAB65\uAB70-\uABE2\uAC00-\uD7A3\uD7B0-\uD7C6\uD7CB-\uD7FB\uF900-\uFA6D\uFA70-\uFAD9\uFB00-\uFB06\uFB13-\uFB17\uFB1D\uFB1F-\uFB28\uFB2A-\uFB36\uFB38-\uFB3C\uFB3E\uFB40\uFB41\uFB43\uFB44\uFB46-\uFBB1\uFBD3-\uFD3D\uFD50-\uFD8F\uFD92-\uFDC7\uFDF0-\uFDFB\uFE70-\uFE74\uFE76-\uFEFC\uFF21-\uFF3A\uFF41-\uFF5A\uFF66-\uFFBE\uFFC2-\uFFC7\uFFCA-\uFFCF\uFFD2-\uFFD7\uFFDA-\uFFDC]|\uD800[\uDC00-\uDC0B\uDC0D-\uDC26\uDC28-\uDC3A\uDC3C\uDC3D\uDC3F-\uDC4D\uDC50-\uDC5D\uDC80-\uDCFA\uDD40-\uDD74\uDE80-\uDE9C\uDEA0-\uDED0\uDF00-\uDF1F\uDF2D-\uDF4A\uDF50-\uDF75\uDF80-\uDF9D\uDFA0-\uDFC3\uDFC8-\uDFCF\uDFD1-\uDFD5]|\uD801[\uDC00-\uDC9D\uDCB0-\uDCD3\uDCD8-\uDCFB\uDD00-\uDD27\uDD30-\uDD63\uDE00-\uDF36\uDF40-\uDF55\uDF60-\uDF67]|\uD802[\uDC00-\uDC05\uDC08\uDC0A-\uDC35\uDC37\uDC38\uDC3C\uDC3F-\uDC55\uDC60-\uDC76\uDC80-\uDC9E\uDCE0-\uDCF2\uDCF4\uDCF5\uDD00-\uDD15\uDD20-\uDD39\uDD80-\uDDB7\uDDBE\uDDBF\uDE00\uDE10-\uDE13\uDE15-\uDE17\uDE19-\uDE33\uDE60-\uDE7C\uDE80-\uDE9C\uDEC0-\uDEC7\uDEC9-\uDEE4\uDF00-\uDF35\uDF40-\uDF55\uDF60-\uDF72\uDF80-\uDF91]|\uD803[\uDC00-\uDC48\uDC80-\uDCB2\uDCC0-\uDCF2]|\uD804[\uDC03-\uDC37\uDC83-\uDCAF\uDCD0-\uDCE8\uDD03-\uDD26\uDD50-\uDD72\uDD76\uDD83-\uDDB2\uDDC1-\uDDC4\uDDDA\uDDDC\uDE00-\uDE11\uDE13-\uDE2B\uDE80-\uDE86\uDE88\uDE8A-\uDE8D\uDE8F-\uDE9D\uDE9F-\uDEA8\uDEB0-\uDEDE\uDF05-\uDF0C\uDF0F\uDF10\uDF13-\uDF28\uDF2A-\uDF30\uDF32\uDF33\uDF35-\uDF39\uDF3D\uDF50\uDF5D-\uDF61]|\uD805[\uDC00-\uDC34\uDC47-\uDC4A\uDC80-\uDCAF\uDCC4\uDCC5\uDCC7\uDD80-\uDDAE\uDDD8-\uDDDB\uDE00-\uDE2F\uDE44\uDE80-\uDEAA\uDF00-\uDF19]|\uD806[\uDCA0-\uDCDF\uDCFF\uDE00\uDE0B-\uDE32\uDE3A\uDE50\uDE5C-\uDE83\uDE86-\uDE89\uDEC0-\uDEF8]|\uD807[\uDC00-\uDC08\uDC0A-\uDC2E\uDC40\uDC72-\uDC8F\uDD00-\uDD06\uDD08\uDD09\uDD0B-\uDD30\uDD46]|\uD808[\uDC00-\uDF99]|\uD809[\uDC00-\uDC6E\uDC80-\uDD43]|[\uD80C\uD81C-\uD820\uD840-\uD868\uD86A-\uD86C\uD86F-\uD872\uD874-\uD879][\uDC00-\uDFFF]|\uD80D[\uDC00-\uDC2E]|\uD811[\uDC00-\uDE46]|\uD81A[\uDC00-\uDE38\uDE40-\uDE5E\uDED0-\uDEED\uDF00-\uDF2F\uDF40-\uDF43\uDF63-\uDF77\uDF7D-\uDF8F]|\uD81B[\uDF00-\uDF44\uDF50\uDF93-\uDF9F\uDFE0\uDFE1]|\uD821[\uDC00-\uDFEC]|\uD822[\uDC00-\uDEF2]|\uD82C[\uDC00-\uDD1E\uDD70-\uDEFB]|\uD82F[\uDC00-\uDC6A\uDC70-\uDC7C\uDC80-\uDC88\uDC90-\uDC99]|\uD835[\uDC00-\uDC54\uDC56-\uDC9C\uDC9E\uDC9F\uDCA2\uDCA5\uDCA6\uDCA9-\uDCAC\uDCAE-\uDCB9\uDCBB\uDCBD-\uDCC3\uDCC5-\uDD05\uDD07-\uDD0A\uDD0D-\uDD14\uDD16-\uDD1C\uDD1E-\uDD39\uDD3B-\uDD3E\uDD40-\uDD44\uDD46\uDD4A-\uDD50\uDD52-\uDEA5\uDEA8-\uDEC0\uDEC2-\uDEDA\uDEDC-\uDEFA\uDEFC-\uDF14\uDF16-\uDF34\uDF36-\uDF4E\uDF50-\uDF6E\uDF70-\uDF88\uDF8A-\uDFA8\uDFAA-\uDFC2\uDFC4-\uDFCB]|\uD83A[\uDC00-\uDCC4\uDD00-\uDD43]|\uD83B[\uDE00-\uDE03\uDE05-\uDE1F\uDE21\uDE22\uDE24\uDE27\uDE29-\uDE32\uDE34-\uDE37\uDE39\uDE3B\uDE42\uDE47\uDE49\uDE4B\uDE4D-\uDE4F\uDE51\uDE52\uDE54\uDE57\uDE59\uDE5B\uDE5D\uDE5F\uDE61\uDE62\uDE64\uDE67-\uDE6A\uDE6C-\uDE72\uDE74-\uDE77\uDE79-\uDE7C\uDE7E\uDE80-\uDE89\uDE8B-\uDE9B\uDEA1-\uDEA3\uDEA5-\uDEA9\uDEAB-\uDEBB]|\uD869[\uDC00-\uDED6\uDF00-\uDFFF]|\uD86D[\uDC00-\uDF34\uDF40-\uDFFF]|\uD86E[\uDC00-\uDC1D\uDC20-\uDFFF]|\uD873[\uDC00-\uDEA1\uDEB0-\uDFFF]|\uD87A[\uDC00-\uDFE0]|\uD87E[\uDC00-\uDE1D]/;
+var ID_Continue = /[\xAA\xB5\xBA\xC0-\xD6\xD8-\xF6\xF8-\u02C1\u02C6-\u02D1\u02E0-\u02E4\u02EC\u02EE\u0300-\u0374\u0376\u0377\u037A-\u037D\u037F\u0386\u0388-\u038A\u038C\u038E-\u03A1\u03A3-\u03F5\u03F7-\u0481\u0483-\u0487\u048A-\u052F\u0531-\u0556\u0559\u0561-\u0587\u0591-\u05BD\u05BF\u05C1\u05C2\u05C4\u05C5\u05C7\u05D0-\u05EA\u05F0-\u05F2\u0610-\u061A\u0620-\u0669\u066E-\u06D3\u06D5-\u06DC\u06DF-\u06E8\u06EA-\u06FC\u06FF\u0710-\u074A\u074D-\u07B1\u07C0-\u07F5\u07FA\u0800-\u082D\u0840-\u085B\u0860-\u086A\u08A0-\u08B4\u08B6-\u08BD\u08D4-\u08E1\u08E3-\u0963\u0966-\u096F\u0971-\u0983\u0985-\u098C\u098F\u0990\u0993-\u09A8\u09AA-\u09B0\u09B2\u09B6-\u09B9\u09BC-\u09C4\u09C7\u09C8\u09CB-\u09CE\u09D7\u09DC\u09DD\u09DF-\u09E3\u09E6-\u09F1\u09FC\u0A01-\u0A03\u0A05-\u0A0A\u0A0F\u0A10\u0A13-\u0A28\u0A2A-\u0A30\u0A32\u0A33\u0A35\u0A36\u0A38\u0A39\u0A3C\u0A3E-\u0A42\u0A47\u0A48\u0A4B-\u0A4D\u0A51\u0A59-\u0A5C\u0A5E\u0A66-\u0A75\u0A81-\u0A83\u0A85-\u0A8D\u0A8F-\u0A91\u0A93-\u0AA8\u0AAA-\u0AB0\u0AB2\u0AB3\u0AB5-\u0AB9\u0ABC-\u0AC5\u0AC7-\u0AC9\u0ACB-\u0ACD\u0AD0\u0AE0-\u0AE3\u0AE6-\u0AEF\u0AF9-\u0AFF\u0B01-\u0B03\u0B05-\u0B0C\u0B0F\u0B10\u0B13-\u0B28\u0B2A-\u0B30\u0B32\u0B33\u0B35-\u0B39\u0B3C-\u0B44\u0B47\u0B48\u0B4B-\u0B4D\u0B56\u0B57\u0B5C\u0B5D\u0B5F-\u0B63\u0B66-\u0B6F\u0B71\u0B82\u0B83\u0B85-\u0B8A\u0B8E-\u0B90\u0B92-\u0B95\u0B99\u0B9A\u0B9C\u0B9E\u0B9F\u0BA3\u0BA4\u0BA8-\u0BAA\u0BAE-\u0BB9\u0BBE-\u0BC2\u0BC6-\u0BC8\u0BCA-\u0BCD\u0BD0\u0BD7\u0BE6-\u0BEF\u0C00-\u0C03\u0C05-\u0C0C\u0C0E-\u0C10\u0C12-\u0C28\u0C2A-\u0C39\u0C3D-\u0C44\u0C46-\u0C48\u0C4A-\u0C4D\u0C55\u0C56\u0C58-\u0C5A\u0C60-\u0C63\u0C66-\u0C6F\u0C80-\u0C83\u0C85-\u0C8C\u0C8E-\u0C90\u0C92-\u0CA8\u0CAA-\u0CB3\u0CB5-\u0CB9\u0CBC-\u0CC4\u0CC6-\u0CC8\u0CCA-\u0CCD\u0CD5\u0CD6\u0CDE\u0CE0-\u0CE3\u0CE6-\u0CEF\u0CF1\u0CF2\u0D00-\u0D03\u0D05-\u0D0C\u0D0E-\u0D10\u0D12-\u0D44\u0D46-\u0D48\u0D4A-\u0D4E\u0D54-\u0D57\u0D5F-\u0D63\u0D66-\u0D6F\u0D7A-\u0D7F\u0D82\u0D83\u0D85-\u0D96\u0D9A-\u0DB1\u0DB3-\u0DBB\u0DBD\u0DC0-\u0DC6\u0DCA\u0DCF-\u0DD4\u0DD6\u0DD8-\u0DDF\u0DE6-\u0DEF\u0DF2\u0DF3\u0E01-\u0E3A\u0E40-\u0E4E\u0E50-\u0E59\u0E81\u0E82\u0E84\u0E87\u0E88\u0E8A\u0E8D\u0E94-\u0E97\u0E99-\u0E9F\u0EA1-\u0EA3\u0EA5\u0EA7\u0EAA\u0EAB\u0EAD-\u0EB9\u0EBB-\u0EBD\u0EC0-\u0EC4\u0EC6\u0EC8-\u0ECD\u0ED0-\u0ED9\u0EDC-\u0EDF\u0F00\u0F18\u0F19\u0F20-\u0F29\u0F35\u0F37\u0F39\u0F3E-\u0F47\u0F49-\u0F6C\u0F71-\u0F84\u0F86-\u0F97\u0F99-\u0FBC\u0FC6\u1000-\u1049\u1050-\u109D\u10A0-\u10C5\u10C7\u10CD\u10D0-\u10FA\u10FC-\u1248\u124A-\u124D\u1250-\u1256\u1258\u125A-\u125D\u1260-\u1288\u128A-\u128D\u1290-\u12B0\u12B2-\u12B5\u12B8-\u12BE\u12C0\u12C2-\u12C5\u12C8-\u12D6\u12D8-\u1310\u1312-\u1315\u1318-\u135A\u135D-\u135F\u1380-\u138F\u13A0-\u13F5\u13F8-\u13FD\u1401-\u166C\u166F-\u167F\u1681-\u169A\u16A0-\u16EA\u16EE-\u16F8\u1700-\u170C\u170E-\u1714\u1720-\u1734\u1740-\u1753\u1760-\u176C\u176E-\u1770\u1772\u1773\u1780-\u17D3\u17D7\u17DC\u17DD\u17E0-\u17E9\u180B-\u180D\u1810-\u1819\u1820-\u1877\u1880-\u18AA\u18B0-\u18F5\u1900-\u191E\u1920-\u192B\u1930-\u193B\u1946-\u196D\u1970-\u1974\u1980-\u19AB\u19B0-\u19C9\u19D0-\u19D9\u1A00-\u1A1B\u1A20-\u1A5E\u1A60-\u1A7C\u1A7F-\u1A89\u1A90-\u1A99\u1AA7\u1AB0-\u1ABD\u1B00-\u1B4B\u1B50-\u1B59\u1B6B-\u1B73\u1B80-\u1BF3\u1C00-\u1C37\u1C40-\u1C49\u1C4D-\u1C7D\u1C80-\u1C88\u1CD0-\u1CD2\u1CD4-\u1CF9\u1D00-\u1DF9\u1DFB-\u1F15\u1F18-\u1F1D\u1F20-\u1F45\u1F48-\u1F4D\u1F50-\u1F57\u1F59\u1F5B\u1F5D\u1F5F-\u1F7D\u1F80-\u1FB4\u1FB6-\u1FBC\u1FBE\u1FC2-\u1FC4\u1FC6-\u1FCC\u1FD0-\u1FD3\u1FD6-\u1FDB\u1FE0-\u1FEC\u1FF2-\u1FF4\u1FF6-\u1FFC\u203F\u2040\u2054\u2071\u207F\u2090-\u209C\u20D0-\u20DC\u20E1\u20E5-\u20F0\u2102\u2107\u210A-\u2113\u2115\u2119-\u211D\u2124\u2126\u2128\u212A-\u212D\u212F-\u2139\u213C-\u213F\u2145-\u2149\u214E\u2160-\u2188\u2C00-\u2C2E\u2C30-\u2C5E\u2C60-\u2CE4\u2CEB-\u2CF3\u2D00-\u2D25\u2D27\u2D2D\u2D30-\u2D67\u2D6F\u2D7F-\u2D96\u2DA0-\u2DA6\u2DA8-\u2DAE\u2DB0-\u2DB6\u2DB8-\u2DBE\u2DC0-\u2DC6\u2DC8-\u2DCE\u2DD0-\u2DD6\u2DD8-\u2DDE\u2DE0-\u2DFF\u2E2F\u3005-\u3007\u3021-\u302F\u3031-\u3035\u3038-\u303C\u3041-\u3096\u3099\u309A\u309D-\u309F\u30A1-\u30FA\u30FC-\u30FF\u3105-\u312E\u3131-\u318E\u31A0-\u31BA\u31F0-\u31FF\u3400-\u4DB5\u4E00-\u9FEA\uA000-\uA48C\uA4D0-\uA4FD\uA500-\uA60C\uA610-\uA62B\uA640-\uA66F\uA674-\uA67D\uA67F-\uA6F1\uA717-\uA71F\uA722-\uA788\uA78B-\uA7AE\uA7B0-\uA7B7\uA7F7-\uA827\uA840-\uA873\uA880-\uA8C5\uA8D0-\uA8D9\uA8E0-\uA8F7\uA8FB\uA8FD\uA900-\uA92D\uA930-\uA953\uA960-\uA97C\uA980-\uA9C0\uA9CF-\uA9D9\uA9E0-\uA9FE\uAA00-\uAA36\uAA40-\uAA4D\uAA50-\uAA59\uAA60-\uAA76\uAA7A-\uAAC2\uAADB-\uAADD\uAAE0-\uAAEF\uAAF2-\uAAF6\uAB01-\uAB06\uAB09-\uAB0E\uAB11-\uAB16\uAB20-\uAB26\uAB28-\uAB2E\uAB30-\uAB5A\uAB5C-\uAB65\uAB70-\uABEA\uABEC\uABED\uABF0-\uABF9\uAC00-\uD7A3\uD7B0-\uD7C6\uD7CB-\uD7FB\uF900-\uFA6D\uFA70-\uFAD9\uFB00-\uFB06\uFB13-\uFB17\uFB1D-\uFB28\uFB2A-\uFB36\uFB38-\uFB3C\uFB3E\uFB40\uFB41\uFB43\uFB44\uFB46-\uFBB1\uFBD3-\uFD3D\uFD50-\uFD8F\uFD92-\uFDC7\uFDF0-\uFDFB\uFE00-\uFE0F\uFE20-\uFE2F\uFE33\uFE34\uFE4D-\uFE4F\uFE70-\uFE74\uFE76-\uFEFC\uFF10-\uFF19\uFF21-\uFF3A\uFF3F\uFF41-\uFF5A\uFF66-\uFFBE\uFFC2-\uFFC7\uFFCA-\uFFCF\uFFD2-\uFFD7\uFFDA-\uFFDC]|\uD800[\uDC00-\uDC0B\uDC0D-\uDC26\uDC28-\uDC3A\uDC3C\uDC3D\uDC3F-\uDC4D\uDC50-\uDC5D\uDC80-\uDCFA\uDD40-\uDD74\uDDFD\uDE80-\uDE9C\uDEA0-\uDED0\uDEE0\uDF00-\uDF1F\uDF2D-\uDF4A\uDF50-\uDF7A\uDF80-\uDF9D\uDFA0-\uDFC3\uDFC8-\uDFCF\uDFD1-\uDFD5]|\uD801[\uDC00-\uDC9D\uDCA0-\uDCA9\uDCB0-\uDCD3\uDCD8-\uDCFB\uDD00-\uDD27\uDD30-\uDD63\uDE00-\uDF36\uDF40-\uDF55\uDF60-\uDF67]|\uD802[\uDC00-\uDC05\uDC08\uDC0A-\uDC35\uDC37\uDC38\uDC3C\uDC3F-\uDC55\uDC60-\uDC76\uDC80-\uDC9E\uDCE0-\uDCF2\uDCF4\uDCF5\uDD00-\uDD15\uDD20-\uDD39\uDD80-\uDDB7\uDDBE\uDDBF\uDE00-\uDE03\uDE05\uDE06\uDE0C-\uDE13\uDE15-\uDE17\uDE19-\uDE33\uDE38-\uDE3A\uDE3F\uDE60-\uDE7C\uDE80-\uDE9C\uDEC0-\uDEC7\uDEC9-\uDEE6\uDF00-\uDF35\uDF40-\uDF55\uDF60-\uDF72\uDF80-\uDF91]|\uD803[\uDC00-\uDC48\uDC80-\uDCB2\uDCC0-\uDCF2]|\uD804[\uDC00-\uDC46\uDC66-\uDC6F\uDC7F-\uDCBA\uDCD0-\uDCE8\uDCF0-\uDCF9\uDD00-\uDD34\uDD36-\uDD3F\uDD50-\uDD73\uDD76\uDD80-\uDDC4\uDDCA-\uDDCC\uDDD0-\uDDDA\uDDDC\uDE00-\uDE11\uDE13-\uDE37\uDE3E\uDE80-\uDE86\uDE88\uDE8A-\uDE8D\uDE8F-\uDE9D\uDE9F-\uDEA8\uDEB0-\uDEEA\uDEF0-\uDEF9\uDF00-\uDF03\uDF05-\uDF0C\uDF0F\uDF10\uDF13-\uDF28\uDF2A-\uDF30\uDF32\uDF33\uDF35-\uDF39\uDF3C-\uDF44\uDF47\uDF48\uDF4B-\uDF4D\uDF50\uDF57\uDF5D-\uDF63\uDF66-\uDF6C\uDF70-\uDF74]|\uD805[\uDC00-\uDC4A\uDC50-\uDC59\uDC80-\uDCC5\uDCC7\uDCD0-\uDCD9\uDD80-\uDDB5\uDDB8-\uDDC0\uDDD8-\uDDDD\uDE00-\uDE40\uDE44\uDE50-\uDE59\uDE80-\uDEB7\uDEC0-\uDEC9\uDF00-\uDF19\uDF1D-\uDF2B\uDF30-\uDF39]|\uD806[\uDCA0-\uDCE9\uDCFF\uDE00-\uDE3E\uDE47\uDE50-\uDE83\uDE86-\uDE99\uDEC0-\uDEF8]|\uD807[\uDC00-\uDC08\uDC0A-\uDC36\uDC38-\uDC40\uDC50-\uDC59\uDC72-\uDC8F\uDC92-\uDCA7\uDCA9-\uDCB6\uDD00-\uDD06\uDD08\uDD09\uDD0B-\uDD36\uDD3A\uDD3C\uDD3D\uDD3F-\uDD47\uDD50-\uDD59]|\uD808[\uDC00-\uDF99]|\uD809[\uDC00-\uDC6E\uDC80-\uDD43]|[\uD80C\uD81C-\uD820\uD840-\uD868\uD86A-\uD86C\uD86F-\uD872\uD874-\uD879][\uDC00-\uDFFF]|\uD80D[\uDC00-\uDC2E]|\uD811[\uDC00-\uDE46]|\uD81A[\uDC00-\uDE38\uDE40-\uDE5E\uDE60-\uDE69\uDED0-\uDEED\uDEF0-\uDEF4\uDF00-\uDF36\uDF40-\uDF43\uDF50-\uDF59\uDF63-\uDF77\uDF7D-\uDF8F]|\uD81B[\uDF00-\uDF44\uDF50-\uDF7E\uDF8F-\uDF9F\uDFE0\uDFE1]|\uD821[\uDC00-\uDFEC]|\uD822[\uDC00-\uDEF2]|\uD82C[\uDC00-\uDD1E\uDD70-\uDEFB]|\uD82F[\uDC00-\uDC6A\uDC70-\uDC7C\uDC80-\uDC88\uDC90-\uDC99\uDC9D\uDC9E]|\uD834[\uDD65-\uDD69\uDD6D-\uDD72\uDD7B-\uDD82\uDD85-\uDD8B\uDDAA-\uDDAD\uDE42-\uDE44]|\uD835[\uDC00-\uDC54\uDC56-\uDC9C\uDC9E\uDC9F\uDCA2\uDCA5\uDCA6\uDCA9-\uDCAC\uDCAE-\uDCB9\uDCBB\uDCBD-\uDCC3\uDCC5-\uDD05\uDD07-\uDD0A\uDD0D-\uDD14\uDD16-\uDD1C\uDD1E-\uDD39\uDD3B-\uDD3E\uDD40-\uDD44\uDD46\uDD4A-\uDD50\uDD52-\uDEA5\uDEA8-\uDEC0\uDEC2-\uDEDA\uDEDC-\uDEFA\uDEFC-\uDF14\uDF16-\uDF34\uDF36-\uDF4E\uDF50-\uDF6E\uDF70-\uDF88\uDF8A-\uDFA8\uDFAA-\uDFC2\uDFC4-\uDFCB\uDFCE-\uDFFF]|\uD836[\uDE00-\uDE36\uDE3B-\uDE6C\uDE75\uDE84\uDE9B-\uDE9F\uDEA1-\uDEAF]|\uD838[\uDC00-\uDC06\uDC08-\uDC18\uDC1B-\uDC21\uDC23\uDC24\uDC26-\uDC2A]|\uD83A[\uDC00-\uDCC4\uDCD0-\uDCD6\uDD00-\uDD4A\uDD50-\uDD59]|\uD83B[\uDE00-\uDE03\uDE05-\uDE1F\uDE21\uDE22\uDE24\uDE27\uDE29-\uDE32\uDE34-\uDE37\uDE39\uDE3B\uDE42\uDE47\uDE49\uDE4B\uDE4D-\uDE4F\uDE51\uDE52\uDE54\uDE57\uDE59\uDE5B\uDE5D\uDE5F\uDE61\uDE62\uDE64\uDE67-\uDE6A\uDE6C-\uDE72\uDE74-\uDE77\uDE79-\uDE7C\uDE7E\uDE80-\uDE89\uDE8B-\uDE9B\uDEA1-\uDEA3\uDEA5-\uDEA9\uDEAB-\uDEBB]|\uD869[\uDC00-\uDED6\uDF00-\uDFFF]|\uD86D[\uDC00-\uDF34\uDF40-\uDFFF]|\uD86E[\uDC00-\uDC1D\uDC20-\uDFFF]|\uD873[\uDC00-\uDEA1\uDEB0-\uDFFF]|\uD87A[\uDC00-\uDFE0]|\uD87E[\uDC00-\uDE1D]|\uDB40[\uDD00-\uDDEF]/;
+var unicode = {
+  Space_Separator,
+  ID_Start,
+  ID_Continue
+};
+var util = {
+  isSpaceSeparator(c2) {
+    return typeof c2 === "string" && unicode.Space_Separator.test(c2);
+  },
+  isIdStartChar(c2) {
+    return typeof c2 === "string" && (c2 >= "a" && c2 <= "z" || c2 >= "A" && c2 <= "Z" || c2 === "$" || c2 === "_" || unicode.ID_Start.test(c2));
+  },
+  isIdContinueChar(c2) {
+    return typeof c2 === "string" && (c2 >= "a" && c2 <= "z" || c2 >= "A" && c2 <= "Z" || c2 >= "0" && c2 <= "9" || c2 === "$" || c2 === "_" || c2 === "\u200C" || c2 === "\u200D" || unicode.ID_Continue.test(c2));
+  },
+  isDigit(c2) {
+    return typeof c2 === "string" && /[0-9]/.test(c2);
+  },
+  isHexDigit(c2) {
+    return typeof c2 === "string" && /[0-9A-Fa-f]/.test(c2);
+  }
+};
+var source;
+var parseState;
+var stack;
+var pos;
+var line;
+var column;
+var token;
+var key;
+var root;
+var parse = /* @__PURE__ */ __name(function parse2(text, reviver) {
+  source = String(text);
+  parseState = "start";
+  stack = [];
+  pos = 0;
+  line = 1;
+  column = 0;
+  token = void 0;
+  key = void 0;
+  root = void 0;
+  do {
+    token = lex();
+    parseStates[parseState]();
+  } while (token.type !== "eof");
+  if (typeof reviver === "function") {
+    return internalize({ "": root }, "", reviver);
+  }
+  return root;
+}, "parse");
+function internalize(holder, name, reviver) {
+  const value = holder[name];
+  if (value != null && typeof value === "object") {
+    if (Array.isArray(value)) {
+      for (let i = 0; i < value.length; i++) {
+        const key2 = String(i);
+        const replacement = internalize(value, key2, reviver);
+        if (replacement === void 0) {
+          delete value[key2];
+        } else {
+          Object.defineProperty(value, key2, {
+            value: replacement,
+            writable: true,
+            enumerable: true,
+            configurable: true
+          });
+        }
+      }
+    } else {
+      for (const key2 in value) {
+        const replacement = internalize(value, key2, reviver);
+        if (replacement === void 0) {
+          delete value[key2];
+        } else {
+          Object.defineProperty(value, key2, {
+            value: replacement,
+            writable: true,
+            enumerable: true,
+            configurable: true
+          });
+        }
+      }
+    }
+  }
+  return reviver.call(holder, name, value);
+}
+__name(internalize, "internalize");
+var lexState;
+var buffer;
+var doubleQuote;
+var sign;
+var c;
+function lex() {
+  lexState = "default";
+  buffer = "";
+  doubleQuote = false;
+  sign = 1;
+  for (; ; ) {
+    c = peek();
+    const token2 = lexStates[lexState]();
+    if (token2) {
+      return token2;
+    }
+  }
+}
+__name(lex, "lex");
+function peek() {
+  if (source[pos]) {
+    return String.fromCodePoint(source.codePointAt(pos));
+  }
+}
+__name(peek, "peek");
+function read() {
+  const c2 = peek();
+  if (c2 === "\n") {
+    line++;
+    column = 0;
+  } else if (c2) {
+    column += c2.length;
+  } else {
+    column++;
+  }
+  if (c2) {
+    pos += c2.length;
+  }
+  return c2;
+}
+__name(read, "read");
+var lexStates = {
+  default() {
+    switch (c) {
+      case "	":
+      case "\v":
+      case "\f":
+      case " ":
+      case "\xA0":
+      case "\uFEFF":
+      case "\n":
+      case "\r":
+      case "\u2028":
+      case "\u2029":
+        read();
+        return;
+      case "/":
+        read();
+        lexState = "comment";
+        return;
+      case void 0:
+        read();
+        return newToken("eof");
+    }
+    if (util.isSpaceSeparator(c)) {
+      read();
+      return;
+    }
+    return lexStates[parseState]();
+  },
+  comment() {
+    switch (c) {
+      case "*":
+        read();
+        lexState = "multiLineComment";
+        return;
+      case "/":
+        read();
+        lexState = "singleLineComment";
+        return;
+    }
+    throw invalidChar(read());
+  },
+  multiLineComment() {
+    switch (c) {
+      case "*":
+        read();
+        lexState = "multiLineCommentAsterisk";
+        return;
+      case void 0:
+        throw invalidChar(read());
+    }
+    read();
+  },
+  multiLineCommentAsterisk() {
+    switch (c) {
+      case "*":
+        read();
+        return;
+      case "/":
+        read();
+        lexState = "default";
+        return;
+      case void 0:
+        throw invalidChar(read());
+    }
+    read();
+    lexState = "multiLineComment";
+  },
+  singleLineComment() {
+    switch (c) {
+      case "\n":
+      case "\r":
+      case "\u2028":
+      case "\u2029":
+        read();
+        lexState = "default";
+        return;
+      case void 0:
+        read();
+        return newToken("eof");
+    }
+    read();
+  },
+  value() {
+    switch (c) {
+      case "{":
+      case "[":
+        return newToken("punctuator", read());
+      case "n":
+        read();
+        literal("ull");
+        return newToken("null", null);
+      case "t":
+        read();
+        literal("rue");
+        return newToken("boolean", true);
+      case "f":
+        read();
+        literal("alse");
+        return newToken("boolean", false);
+      case "-":
+      case "+":
+        if (read() === "-") {
+          sign = -1;
+        }
+        lexState = "sign";
+        return;
+      case ".":
+        buffer = read();
+        lexState = "decimalPointLeading";
+        return;
+      case "0":
+        buffer = read();
+        lexState = "zero";
+        return;
+      case "1":
+      case "2":
+      case "3":
+      case "4":
+      case "5":
+      case "6":
+      case "7":
+      case "8":
+      case "9":
+        buffer = read();
+        lexState = "decimalInteger";
+        return;
+      case "I":
+        read();
+        literal("nfinity");
+        return newToken("numeric", Infinity);
+      case "N":
+        read();
+        literal("aN");
+        return newToken("numeric", NaN);
+      case '"':
+      case "'":
+        doubleQuote = read() === '"';
+        buffer = "";
+        lexState = "string";
+        return;
+    }
+    throw invalidChar(read());
+  },
+  identifierNameStartEscape() {
+    if (c !== "u") {
+      throw invalidChar(read());
+    }
+    read();
+    const u = unicodeEscape();
+    switch (u) {
+      case "$":
+      case "_":
+        break;
+      default:
+        if (!util.isIdStartChar(u)) {
+          throw invalidIdentifier();
+        }
+        break;
+    }
+    buffer += u;
+    lexState = "identifierName";
+  },
+  identifierName() {
+    switch (c) {
+      case "$":
+      case "_":
+      case "\u200C":
+      case "\u200D":
+        buffer += read();
+        return;
+      case "\\":
+        read();
+        lexState = "identifierNameEscape";
+        return;
+    }
+    if (util.isIdContinueChar(c)) {
+      buffer += read();
+      return;
+    }
+    return newToken("identifier", buffer);
+  },
+  identifierNameEscape() {
+    if (c !== "u") {
+      throw invalidChar(read());
+    }
+    read();
+    const u = unicodeEscape();
+    switch (u) {
+      case "$":
+      case "_":
+      case "\u200C":
+      case "\u200D":
+        break;
+      default:
+        if (!util.isIdContinueChar(u)) {
+          throw invalidIdentifier();
+        }
+        break;
+    }
+    buffer += u;
+    lexState = "identifierName";
+  },
+  sign() {
+    switch (c) {
+      case ".":
+        buffer = read();
+        lexState = "decimalPointLeading";
+        return;
+      case "0":
+        buffer = read();
+        lexState = "zero";
+        return;
+      case "1":
+      case "2":
+      case "3":
+      case "4":
+      case "5":
+      case "6":
+      case "7":
+      case "8":
+      case "9":
+        buffer = read();
+        lexState = "decimalInteger";
+        return;
+      case "I":
+        read();
+        literal("nfinity");
+        return newToken("numeric", sign * Infinity);
+      case "N":
+        read();
+        literal("aN");
+        return newToken("numeric", NaN);
+    }
+    throw invalidChar(read());
+  },
+  zero() {
+    switch (c) {
+      case ".":
+        buffer += read();
+        lexState = "decimalPoint";
+        return;
+      case "e":
+      case "E":
+        buffer += read();
+        lexState = "decimalExponent";
+        return;
+      case "x":
+      case "X":
+        buffer += read();
+        lexState = "hexadecimal";
+        return;
+    }
+    return newToken("numeric", sign * 0);
+  },
+  decimalInteger() {
+    switch (c) {
+      case ".":
+        buffer += read();
+        lexState = "decimalPoint";
+        return;
+      case "e":
+      case "E":
+        buffer += read();
+        lexState = "decimalExponent";
+        return;
+    }
+    if (util.isDigit(c)) {
+      buffer += read();
+      return;
+    }
+    return newToken("numeric", sign * Number(buffer));
+  },
+  decimalPointLeading() {
+    if (util.isDigit(c)) {
+      buffer += read();
+      lexState = "decimalFraction";
+      return;
+    }
+    throw invalidChar(read());
+  },
+  decimalPoint() {
+    switch (c) {
+      case "e":
+      case "E":
+        buffer += read();
+        lexState = "decimalExponent";
+        return;
+    }
+    if (util.isDigit(c)) {
+      buffer += read();
+      lexState = "decimalFraction";
+      return;
+    }
+    return newToken("numeric", sign * Number(buffer));
+  },
+  decimalFraction() {
+    switch (c) {
+      case "e":
+      case "E":
+        buffer += read();
+        lexState = "decimalExponent";
+        return;
+    }
+    if (util.isDigit(c)) {
+      buffer += read();
+      return;
+    }
+    return newToken("numeric", sign * Number(buffer));
+  },
+  decimalExponent() {
+    switch (c) {
+      case "+":
+      case "-":
+        buffer += read();
+        lexState = "decimalExponentSign";
+        return;
+    }
+    if (util.isDigit(c)) {
+      buffer += read();
+      lexState = "decimalExponentInteger";
+      return;
+    }
+    throw invalidChar(read());
+  },
+  decimalExponentSign() {
+    if (util.isDigit(c)) {
+      buffer += read();
+      lexState = "decimalExponentInteger";
+      return;
+    }
+    throw invalidChar(read());
+  },
+  decimalExponentInteger() {
+    if (util.isDigit(c)) {
+      buffer += read();
+      return;
+    }
+    return newToken("numeric", sign * Number(buffer));
+  },
+  hexadecimal() {
+    if (util.isHexDigit(c)) {
+      buffer += read();
+      lexState = "hexadecimalInteger";
+      return;
+    }
+    throw invalidChar(read());
+  },
+  hexadecimalInteger() {
+    if (util.isHexDigit(c)) {
+      buffer += read();
+      return;
+    }
+    return newToken("numeric", sign * Number(buffer));
+  },
+  string() {
+    switch (c) {
+      case "\\":
+        read();
+        buffer += escape();
+        return;
+      case '"':
+        if (doubleQuote) {
+          read();
+          return newToken("string", buffer);
+        }
+        buffer += read();
+        return;
+      case "'":
+        if (!doubleQuote) {
+          read();
+          return newToken("string", buffer);
+        }
+        buffer += read();
+        return;
+      case "\n":
+      case "\r":
+        throw invalidChar(read());
+      case "\u2028":
+      case "\u2029":
+        separatorChar(c);
+        break;
+      case void 0:
+        throw invalidChar(read());
+    }
+    buffer += read();
+  },
+  start() {
+    switch (c) {
+      case "{":
+      case "[":
+        return newToken("punctuator", read());
+    }
+    lexState = "value";
+  },
+  beforePropertyName() {
+    switch (c) {
+      case "$":
+      case "_":
+        buffer = read();
+        lexState = "identifierName";
+        return;
+      case "\\":
+        read();
+        lexState = "identifierNameStartEscape";
+        return;
+      case "}":
+        return newToken("punctuator", read());
+      case '"':
+      case "'":
+        doubleQuote = read() === '"';
+        lexState = "string";
+        return;
+    }
+    if (util.isIdStartChar(c)) {
+      buffer += read();
+      lexState = "identifierName";
+      return;
+    }
+    throw invalidChar(read());
+  },
+  afterPropertyName() {
+    if (c === ":") {
+      return newToken("punctuator", read());
+    }
+    throw invalidChar(read());
+  },
+  beforePropertyValue() {
+    lexState = "value";
+  },
+  afterPropertyValue() {
+    switch (c) {
+      case ",":
+      case "}":
+        return newToken("punctuator", read());
+    }
+    throw invalidChar(read());
+  },
+  beforeArrayValue() {
+    if (c === "]") {
+      return newToken("punctuator", read());
+    }
+    lexState = "value";
+  },
+  afterArrayValue() {
+    switch (c) {
+      case ",":
+      case "]":
+        return newToken("punctuator", read());
+    }
+    throw invalidChar(read());
+  },
+  end() {
+    throw invalidChar(read());
+  }
+};
+function newToken(type, value) {
+  return {
+    type,
+    value,
+    line,
+    column
+  };
+}
+__name(newToken, "newToken");
+function literal(s) {
+  for (const c2 of s) {
+    const p = peek();
+    if (p !== c2) {
+      throw invalidChar(read());
+    }
+    read();
+  }
+}
+__name(literal, "literal");
+function escape() {
+  const c2 = peek();
+  switch (c2) {
+    case "b":
+      read();
+      return "\b";
+    case "f":
+      read();
+      return "\f";
+    case "n":
+      read();
+      return "\n";
+    case "r":
+      read();
+      return "\r";
+    case "t":
+      read();
+      return "	";
+    case "v":
+      read();
+      return "\v";
+    case "0":
+      read();
+      if (util.isDigit(peek())) {
+        throw invalidChar(read());
+      }
+      return "\0";
+    case "x":
+      read();
+      return hexEscape();
+    case "u":
+      read();
+      return unicodeEscape();
+    case "\n":
+    case "\u2028":
+    case "\u2029":
+      read();
+      return "";
+    case "\r":
+      read();
+      if (peek() === "\n") {
+        read();
+      }
+      return "";
+    case "1":
+    case "2":
+    case "3":
+    case "4":
+    case "5":
+    case "6":
+    case "7":
+    case "8":
+    case "9":
+      throw invalidChar(read());
+    case void 0:
+      throw invalidChar(read());
+  }
+  return read();
+}
+__name(escape, "escape");
+function hexEscape() {
+  let buffer2 = "";
+  let c2 = peek();
+  if (!util.isHexDigit(c2)) {
+    throw invalidChar(read());
+  }
+  buffer2 += read();
+  c2 = peek();
+  if (!util.isHexDigit(c2)) {
+    throw invalidChar(read());
+  }
+  buffer2 += read();
+  return String.fromCodePoint(parseInt(buffer2, 16));
+}
+__name(hexEscape, "hexEscape");
+function unicodeEscape() {
+  let buffer2 = "";
+  let count = 4;
+  while (count-- > 0) {
+    const c2 = peek();
+    if (!util.isHexDigit(c2)) {
+      throw invalidChar(read());
+    }
+    buffer2 += read();
+  }
+  return String.fromCodePoint(parseInt(buffer2, 16));
+}
+__name(unicodeEscape, "unicodeEscape");
+var parseStates = {
+  start() {
+    if (token.type === "eof") {
+      throw invalidEOF();
+    }
+    push();
+  },
+  beforePropertyName() {
+    switch (token.type) {
+      case "identifier":
+      case "string":
+        key = token.value;
+        parseState = "afterPropertyName";
+        return;
+      case "punctuator":
+        pop();
+        return;
+      case "eof":
+        throw invalidEOF();
+    }
+  },
+  afterPropertyName() {
+    if (token.type === "eof") {
+      throw invalidEOF();
+    }
+    parseState = "beforePropertyValue";
+  },
+  beforePropertyValue() {
+    if (token.type === "eof") {
+      throw invalidEOF();
+    }
+    push();
+  },
+  beforeArrayValue() {
+    if (token.type === "eof") {
+      throw invalidEOF();
+    }
+    if (token.type === "punctuator" && token.value === "]") {
+      pop();
+      return;
+    }
+    push();
+  },
+  afterPropertyValue() {
+    if (token.type === "eof") {
+      throw invalidEOF();
+    }
+    switch (token.value) {
+      case ",":
+        parseState = "beforePropertyName";
+        return;
+      case "}":
+        pop();
+    }
+  },
+  afterArrayValue() {
+    if (token.type === "eof") {
+      throw invalidEOF();
+    }
+    switch (token.value) {
+      case ",":
+        parseState = "beforeArrayValue";
+        return;
+      case "]":
+        pop();
+    }
+  },
+  end() {
+  }
+};
+function push() {
+  let value;
+  switch (token.type) {
+    case "punctuator":
+      switch (token.value) {
+        case "{":
+          value = {};
+          break;
+        case "[":
+          value = [];
+          break;
+      }
+      break;
+    case "null":
+    case "boolean":
+    case "numeric":
+    case "string":
+      value = token.value;
+      break;
+  }
+  if (root === void 0) {
+    root = value;
+  } else {
+    const parent = stack[stack.length - 1];
+    if (Array.isArray(parent)) {
+      parent.push(value);
+    } else {
+      Object.defineProperty(parent, key, {
+        value,
+        writable: true,
+        enumerable: true,
+        configurable: true
+      });
+    }
+  }
+  if (value !== null && typeof value === "object") {
+    stack.push(value);
+    if (Array.isArray(value)) {
+      parseState = "beforeArrayValue";
+    } else {
+      parseState = "beforePropertyName";
+    }
+  } else {
+    const current = stack[stack.length - 1];
+    if (current == null) {
+      parseState = "end";
+    } else if (Array.isArray(current)) {
+      parseState = "afterArrayValue";
+    } else {
+      parseState = "afterPropertyValue";
+    }
+  }
+}
+__name(push, "push");
+function pop() {
+  stack.pop();
+  const current = stack[stack.length - 1];
+  if (current == null) {
+    parseState = "end";
+  } else if (Array.isArray(current)) {
+    parseState = "afterArrayValue";
+  } else {
+    parseState = "afterPropertyValue";
+  }
+}
+__name(pop, "pop");
+function invalidChar(c2) {
+  if (c2 === void 0) {
+    return syntaxError(`JSON5: invalid end of input at ${line}:${column}`);
+  }
+  return syntaxError(`JSON5: invalid character '${formatChar(c2)}' at ${line}:${column}`);
+}
+__name(invalidChar, "invalidChar");
+function invalidEOF() {
+  return syntaxError(`JSON5: invalid end of input at ${line}:${column}`);
+}
+__name(invalidEOF, "invalidEOF");
+function invalidIdentifier() {
+  column -= 5;
+  return syntaxError(`JSON5: invalid identifier character at ${line}:${column}`);
+}
+__name(invalidIdentifier, "invalidIdentifier");
+function separatorChar(c2) {
+  console.warn(`JSON5: '${formatChar(c2)}' in strings is not valid ECMAScript; consider escaping`);
+}
+__name(separatorChar, "separatorChar");
+function formatChar(c2) {
+  const replacements = {
+    "'": "\\'",
+    '"': '\\"',
+    "\\": "\\\\",
+    "\b": "\\b",
+    "\f": "\\f",
+    "\n": "\\n",
+    "\r": "\\r",
+    "	": "\\t",
+    "\v": "\\v",
+    "\0": "\\0",
+    "\u2028": "\\u2028",
+    "\u2029": "\\u2029"
+  };
+  if (replacements[c2]) {
+    return replacements[c2];
+  }
+  if (c2 < " ") {
+    const hexString = c2.charCodeAt(0).toString(16);
+    return "\\x" + ("00" + hexString).substring(hexString.length);
+  }
+  return c2;
+}
+__name(formatChar, "formatChar");
+function syntaxError(message) {
+  const err = new SyntaxError(message);
+  err.lineNumber = line;
+  err.columnNumber = column;
+  return err;
+}
+__name(syntaxError, "syntaxError");
+var stringify = /* @__PURE__ */ __name(function stringify2(value, replacer, space) {
+  const stack2 = [];
+  let indent = "";
+  let propertyList;
+  let replacerFunc;
+  let gap = "";
+  let quote;
+  if (replacer != null && typeof replacer === "object" && !Array.isArray(replacer)) {
+    space = replacer.space;
+    quote = replacer.quote;
+    replacer = replacer.replacer;
+  }
+  if (typeof replacer === "function") {
+    replacerFunc = replacer;
+  } else if (Array.isArray(replacer)) {
+    propertyList = [];
+    for (const v of replacer) {
+      let item;
+      if (typeof v === "string") {
+        item = v;
+      } else if (typeof v === "number" || v instanceof String || v instanceof Number) {
+        item = String(v);
+      }
+      if (item !== void 0 && propertyList.indexOf(item) < 0) {
+        propertyList.push(item);
+      }
+    }
+  }
+  if (space instanceof Number) {
+    space = Number(space);
+  } else if (space instanceof String) {
+    space = String(space);
+  }
+  if (typeof space === "number") {
+    if (space > 0) {
+      space = Math.min(10, Math.floor(space));
+      gap = "          ".substr(0, space);
+    }
+  } else if (typeof space === "string") {
+    gap = space.substr(0, 10);
+  }
+  return serializeProperty("", { "": value });
+  function serializeProperty(key2, holder) {
+    let value2 = holder[key2];
+    if (value2 != null) {
+      if (typeof value2.toJSON5 === "function") {
+        value2 = value2.toJSON5(key2);
+      } else if (typeof value2.toJSON === "function") {
+        value2 = value2.toJSON(key2);
+      }
+    }
+    if (replacerFunc) {
+      value2 = replacerFunc.call(holder, key2, value2);
+    }
+    if (value2 instanceof Number) {
+      value2 = Number(value2);
+    } else if (value2 instanceof String) {
+      value2 = String(value2);
+    } else if (value2 instanceof Boolean) {
+      value2 = value2.valueOf();
+    }
+    switch (value2) {
+      case null:
+        return "null";
+      case true:
+        return "true";
+      case false:
+        return "false";
+    }
+    if (typeof value2 === "string") {
+      return quoteString(value2, false);
+    }
+    if (typeof value2 === "number") {
+      return String(value2);
+    }
+    if (typeof value2 === "object") {
+      return Array.isArray(value2) ? serializeArray(value2) : serializeObject(value2);
+    }
+    return void 0;
+  }
+  __name(serializeProperty, "serializeProperty");
+  function quoteString(value2) {
+    const quotes = {
+      "'": 0.1,
+      '"': 0.2
+    };
+    const replacements = {
+      "'": "\\'",
+      '"': '\\"',
+      "\\": "\\\\",
+      "\b": "\\b",
+      "\f": "\\f",
+      "\n": "\\n",
+      "\r": "\\r",
+      "	": "\\t",
+      "\v": "\\v",
+      "\0": "\\0",
+      "\u2028": "\\u2028",
+      "\u2029": "\\u2029"
+    };
+    let product = "";
+    for (let i = 0; i < value2.length; i++) {
+      const c2 = value2[i];
+      switch (c2) {
+        case "'":
+        case '"':
+          quotes[c2]++;
+          product += c2;
+          continue;
+        case "\0":
+          if (util.isDigit(value2[i + 1])) {
+            product += "\\x00";
+            continue;
+          }
+      }
+      if (replacements[c2]) {
+        product += replacements[c2];
+        continue;
+      }
+      if (c2 < " ") {
+        let hexString = c2.charCodeAt(0).toString(16);
+        product += "\\x" + ("00" + hexString).substring(hexString.length);
+        continue;
+      }
+      product += c2;
+    }
+    const quoteChar = quote || Object.keys(quotes).reduce((a, b) => quotes[a] < quotes[b] ? a : b);
+    product = product.replace(new RegExp(quoteChar, "g"), replacements[quoteChar]);
+    return quoteChar + product + quoteChar;
+  }
+  __name(quoteString, "quoteString");
+  function serializeObject(value2) {
+    if (stack2.indexOf(value2) >= 0) {
+      throw TypeError("Converting circular structure to JSON5");
+    }
+    stack2.push(value2);
+    let stepback = indent;
+    indent = indent + gap;
+    let keys = propertyList || Object.keys(value2);
+    let partial = [];
+    for (const key2 of keys) {
+      const propertyString = serializeProperty(key2, value2);
+      if (propertyString !== void 0) {
+        let member = serializeKey(key2) + ":";
+        if (gap !== "") {
+          member += " ";
+        }
+        member += propertyString;
+        partial.push(member);
+      }
+    }
+    let final;
+    if (partial.length === 0) {
+      final = "{}";
+    } else {
+      let properties;
+      if (gap === "") {
+        properties = partial.join(",");
+        final = "{" + properties + "}";
+      } else {
+        let separator = ",\n" + indent;
+        properties = partial.join(separator);
+        final = "{\n" + indent + properties + ",\n" + stepback + "}";
+      }
+    }
+    stack2.pop();
+    indent = stepback;
+    return final;
+  }
+  __name(serializeObject, "serializeObject");
+  function serializeKey(key2) {
+    if (key2.length === 0) {
+      return quoteString(key2, true);
+    }
+    const firstChar = String.fromCodePoint(key2.codePointAt(0));
+    if (!util.isIdStartChar(firstChar)) {
+      return quoteString(key2, true);
+    }
+    for (let i = firstChar.length; i < key2.length; i++) {
+      if (!util.isIdContinueChar(String.fromCodePoint(key2.codePointAt(i)))) {
+        return quoteString(key2, true);
+      }
+    }
+    return key2;
+  }
+  __name(serializeKey, "serializeKey");
+  function serializeArray(value2) {
+    if (stack2.indexOf(value2) >= 0) {
+      throw TypeError("Converting circular structure to JSON5");
+    }
+    stack2.push(value2);
+    let stepback = indent;
+    indent = indent + gap;
+    let partial = [];
+    for (let i = 0; i < value2.length; i++) {
+      const propertyString = serializeProperty(String(i), value2);
+      partial.push(propertyString !== void 0 ? propertyString : "null");
+    }
+    let final;
+    if (partial.length === 0) {
+      final = "[]";
+    } else {
+      if (gap === "") {
+        let properties = partial.join(",");
+        final = "[" + properties + "]";
+      } else {
+        let separator = ",\n" + indent;
+        let properties = partial.join(separator);
+        final = "[\n" + indent + properties + ",\n" + stepback + "]";
+      }
+    }
+    stack2.pop();
+    indent = stepback;
+    return final;
+  }
+  __name(serializeArray, "serializeArray");
+}, "stringify");
+var JSON5 = {
+  parse,
+  stringify
+};
+var lib = JSON5;
+var dist_default = lib;
+
+// src/classes/configvalidator/ConfigValidator.class.ts
+var import_zod = require("zod");
+var privilege_name_list = [
+  "invoke_functions",
+  "define_functions",
+  "undefine_functions",
+  "define_constants",
+  "undefine_constants",
+  "define_dependencies",
+  "undefine_dependencies",
+  "admin_privileges",
+  "all_privileges"
+];
+var tls_min_version_list = [
+  "TLSv1.2",
+  "TLSv1.3"
+];
+var worker_runtime_options_schema = import_zod.z.object({
+  call_timeout_ms: import_zod.z.number().int().positive().optional(),
+  control_timeout_ms: import_zod.z.number().int().positive().optional(),
+  start_timeout_ms: import_zod.z.number().int().positive().optional(),
+  stop_timeout_ms: import_zod.z.number().int().positive().optional(),
+  restart_on_failure: import_zod.z.boolean().optional(),
+  max_restarts_per_worker: import_zod.z.number().int().nonnegative().optional(),
+  max_pending_calls_per_worker: import_zod.z.number().int().positive().optional(),
+  restart_base_delay_ms: import_zod.z.number().int().positive().optional(),
+  restart_max_delay_ms: import_zod.z.number().int().positive().optional(),
+  restart_jitter_ms: import_zod.z.number().int().nonnegative().optional()
+}).strict();
+var rate_limiter_schema = import_zod.z.object({
+  enabled: import_zod.z.boolean().optional(),
+  tokens_per_interval: import_zod.z.number().int().positive().optional(),
+  interval_ms: import_zod.z.number().int().positive().optional(),
+  burst_tokens: import_zod.z.number().int().positive().optional(),
+  disconnect_on_limit: import_zod.z.boolean().optional()
+}).strict();
+var abuse_controls_schema = import_zod.z.object({
+  connection_controls: import_zod.z.object({
+    max_concurrent_sockets: import_zod.z.number().int().positive().optional(),
+    max_concurrent_handshakes: import_zod.z.number().int().positive().optional(),
+    max_unauthenticated_sessions: import_zod.z.number().int().positive().optional(),
+    global_connection_window_ms: import_zod.z.number().int().positive().optional(),
+    global_max_new_connections_per_window: import_zod.z.number().int().positive().optional(),
+    per_ip_max_new_connections_per_window: import_zod.z.number().int().positive().optional(),
+    tls_handshake_timeout_ms: import_zod.z.number().int().positive().optional(),
+    auth_message_timeout_ms: import_zod.z.number().int().positive().optional(),
+    max_pre_auth_frame_bytes: import_zod.z.number().int().positive().optional(),
+    max_post_auth_frame_bytes: import_zod.z.number().int().positive().optional()
+  }).strict().optional(),
+  auth_controls: import_zod.z.object({
+    pending_auth_window_ms: import_zod.z.number().int().positive().optional(),
+    max_pending_auth_attempts_per_ip_per_window: import_zod.z.number().int().positive().optional(),
+    failed_auth_window_ms: import_zod.z.number().int().positive().optional(),
+    max_failed_auth_per_ip_per_window: import_zod.z.number().int().positive().optional(),
+    max_failed_auth_per_api_key_per_window: import_zod.z.number().int().positive().optional(),
+    block_duration_ms: import_zod.z.number().int().positive().optional(),
+    enable_blocklist: import_zod.z.boolean().optional()
+  }).strict().optional(),
+  request_controls: import_zod.z.object({
+    max_in_flight_requests_per_connection: import_zod.z.number().int().positive().optional(),
+    per_connection: rate_limiter_schema.optional(),
+    per_api_key: rate_limiter_schema.optional(),
+    per_ip: rate_limiter_schema.optional()
+  }).strict().optional(),
+  observability: import_zod.z.object({
+    enable_console_log: import_zod.z.boolean().optional()
+  }).strict().optional()
+}).strict();
+var daemon_server_config_schema = import_zod.z.object({
+  information: import_zod.z.object({
+    server_name: import_zod.z.string().min(1)
+  }).strict(),
+  network: import_zod.z.object({
+    bind_addr: import_zod.z.string().min(1),
+    tcp_listen_port: import_zod.z.number().int().positive().max(65535)
+  }).strict(),
+  tls_mtls: import_zod.z.object({
+    key_file: import_zod.z.string().min(1),
+    cert_file: import_zod.z.string().min(1),
+    ca_file: import_zod.z.string().min(1),
+    crl_file: import_zod.z.string().min(1).optional(),
+    min_version: import_zod.z.enum(tls_min_version_list).optional(),
+    cipher_suites: import_zod.z.string().min(1).optional(),
+    handshake_timeout_ms: import_zod.z.number().int().positive().optional(),
+    request_timeout_ms: import_zod.z.number().int().positive().optional(),
+    max_frame_bytes: import_zod.z.number().int().positive().optional()
+  }).strict(),
+  workerprocedurecall: import_zod.z.object({
+    count: import_zod.z.number().int().positive(),
+    constructor_options: worker_runtime_options_schema.optional(),
+    start_options: worker_runtime_options_schema.optional()
+  }).strict(),
+  abuse_controls: abuse_controls_schema.optional(),
+  observability: import_zod.z.object({
+    enable_console_log: import_zod.z.boolean().optional(),
+    log_worker_events: import_zod.z.boolean().optional(),
+    metrics_log_interval_ms: import_zod.z.number().int().positive().optional()
+  }).strict().optional()
+}).strict();
+var daemon_api_key_config_schema = import_zod.z.object({
+  api_keys: import_zod.z.array(import_zod.z.object({
+    key_id: import_zod.z.string().min(1),
+    api_key: import_zod.z.string().min(1),
+    privileges: import_zod.z.array(import_zod.z.enum(privilege_name_list)).min(1),
+    enabled: import_zod.z.boolean().optional(),
+    identity_constraints: import_zod.z.object({
+      remote_address_regex: import_zod.z.string().min(1).optional(),
+      tls_peer_subject_regex: import_zod.z.string().min(1).optional(),
+      tls_peer_san_regex: import_zod.z.string().min(1).optional(),
+      tls_peer_fingerprint256_regex: import_zod.z.string().min(1).optional(),
+      tls_peer_serial_number_regex: import_zod.z.string().min(1).optional()
+    }).strict().optional()
+  }).strict()).min(1)
+}).strict();
+function BuildZodErrorMessage(params) {
+  const message_lines = params.error.issues.map((issue) => {
+    const issue_path = issue.path.length > 0 ? issue.path.join(".") : "<root>";
+    return `${issue_path}: ${issue.message}`;
+  });
+  return `${params.prefix}
+${message_lines.join("\n")}`;
+}
+__name(BuildZodErrorMessage, "BuildZodErrorMessage");
+function CompileRegex(params) {
+  try {
+    return new RegExp(params.source);
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : String(error);
+    throw new Error(`Invalid regex for ${params.label}: ${error_message}`);
+  }
+}
+__name(CompileRegex, "CompileRegex");
+var _ConfigValidator = class _ConfigValidator {
+  validateServerConfig(params) {
+    const parse_result = daemon_server_config_schema.safeParse(params.server_config_raw);
+    if (!parse_result.success) {
+      throw new Error(BuildZodErrorMessage({
+        prefix: "Invalid server config.",
+        error: parse_result.error
+      }));
+    }
+    return parse_result.data;
+  }
+  validateApiKeysConfig(params) {
+    const parse_result = daemon_api_key_config_schema.safeParse(params.api_keys_config_raw);
+    if (!parse_result.success) {
+      throw new Error(BuildZodErrorMessage({
+        prefix: "Invalid api-keys config.",
+        error: parse_result.error
+      }));
+    }
+    this.assertUniqueApiKeys({
+      api_keys: parse_result.data.api_keys
+    });
+    this.assertUniqueKeyIds({
+      api_keys: parse_result.data.api_keys
+    });
+    return parse_result.data;
+  }
+  toRuntimeApiKeysConfig(params) {
+    return params.api_keys_config.api_keys.map((api_key_entry) => {
+      const compiled_identity_constraints = this.compileIdentityConstraints({
+        api_key_entry
+      });
+      const runtime_entry = {
+        key_id: api_key_entry.key_id,
+        api_key: api_key_entry.api_key,
+        privileges: [
+          ...api_key_entry.privileges
+        ],
+        enabled: api_key_entry.enabled ?? true,
+        identity_constraints: compiled_identity_constraints
+      };
+      return runtime_entry;
+    });
+  }
+  compileIdentityConstraints(params) {
+    const constraints = params.api_key_entry.identity_constraints;
+    if (!constraints) {
+      return void 0;
+    }
+    const compiled_constraints = {};
+    if (constraints.remote_address_regex) {
+      compiled_constraints.remote_address_regex = CompileRegex({
+        source: constraints.remote_address_regex,
+        label: `api_keys[${params.api_key_entry.key_id}].identity_constraints.remote_address_regex`
+      });
+    }
+    if (constraints.tls_peer_subject_regex) {
+      compiled_constraints.tls_peer_subject_regex = CompileRegex({
+        source: constraints.tls_peer_subject_regex,
+        label: `api_keys[${params.api_key_entry.key_id}].identity_constraints.tls_peer_subject_regex`
+      });
+    }
+    if (constraints.tls_peer_san_regex) {
+      compiled_constraints.tls_peer_san_regex = CompileRegex({
+        source: constraints.tls_peer_san_regex,
+        label: `api_keys[${params.api_key_entry.key_id}].identity_constraints.tls_peer_san_regex`
+      });
+    }
+    if (constraints.tls_peer_fingerprint256_regex) {
+      compiled_constraints.tls_peer_fingerprint256_regex = CompileRegex({
+        source: constraints.tls_peer_fingerprint256_regex,
+        label: `api_keys[${params.api_key_entry.key_id}].identity_constraints.tls_peer_fingerprint256_regex`
+      });
+    }
+    if (constraints.tls_peer_serial_number_regex) {
+      compiled_constraints.tls_peer_serial_number_regex = CompileRegex({
+        source: constraints.tls_peer_serial_number_regex,
+        label: `api_keys[${params.api_key_entry.key_id}].identity_constraints.tls_peer_serial_number_regex`
+      });
+    }
+    return compiled_constraints;
+  }
+  assertUniqueApiKeys(params) {
+    const seen_api_keys = /* @__PURE__ */ new Set();
+    for (const api_key_entry of params.api_keys) {
+      if (seen_api_keys.has(api_key_entry.api_key)) {
+        throw new Error(`Duplicate api_key found in api-keys config: ${api_key_entry.api_key}`);
+      }
+      seen_api_keys.add(api_key_entry.api_key);
+    }
+  }
+  assertUniqueKeyIds(params) {
+    const seen_key_ids = /* @__PURE__ */ new Set();
+    for (const api_key_entry of params.api_keys) {
+      if (seen_key_ids.has(api_key_entry.key_id)) {
+        throw new Error(`Duplicate key_id found in api-keys config: ${api_key_entry.key_id}`);
+      }
+      seen_key_ids.add(api_key_entry.key_id);
+    }
+  }
+};
+__name(_ConfigValidator, "ConfigValidator");
+var ConfigValidator = _ConfigValidator;
+
+// src/classes/configfileloader/ConfigFileLoader.class.ts
+function ReadUtf8File(params) {
+  try {
+    return import_node_fs.default.readFileSync(params.file_path, "utf8");
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : String(error);
+    throw new Error(`Unable to read file "${params.file_path}": ${error_message}`);
+  }
+}
+__name(ReadUtf8File, "ReadUtf8File");
+function ResolvePath(params) {
+  if (import_node_path.default.isAbsolute(params.file_path)) {
+    return params.file_path;
+  }
+  return import_node_path.default.resolve(params.base_dir, params.file_path);
+}
+__name(ResolvePath, "ResolvePath");
+function ParseJson5(params) {
+  try {
+    return dist_default.parse(params.content);
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : String(error);
+    throw new Error(`Invalid JSON5 in "${params.source_path}": ${error_message}`);
+  }
+}
+__name(ParseJson5, "ParseJson5");
+var _ConfigFileLoader = class _ConfigFileLoader {
+  constructor(params) {
+    __publicField(this, "config_validator");
+    this.config_validator = params?.config_validator ?? new ConfigValidator();
+  }
+  loadDaemonConfig(params) {
+    const server_config_path = ResolvePath({
+      file_path: params.config_paths.server_config_path,
+      base_dir: process.cwd()
+    });
+    const api_keys_config_path = ResolvePath({
+      file_path: params.config_paths.api_keys_config_path,
+      base_dir: process.cwd()
+    });
+    const server_config_raw = this.readJson5File({
+      file_path: server_config_path
+    });
+    const api_keys_config_raw = this.readJson5File({
+      file_path: api_keys_config_path
+    });
+    const server_config = this.config_validator.validateServerConfig({
+      server_config_raw
+    });
+    const api_keys_config = this.config_validator.validateApiKeysConfig({
+      api_keys_config_raw
+    });
+    const runtime_tls_mtls = this.resolveTlsMaterial({
+      tls_file_config: server_config.tls_mtls,
+      config_file_dir: import_node_path.default.dirname(server_config_path)
+    });
+    const runtime_api_keys = this.config_validator.toRuntimeApiKeysConfig({
+      api_keys_config
+    });
+    return {
+      server_config: {
+        ...server_config,
+        tls_mtls: runtime_tls_mtls
+      },
+      api_keys_config: {
+        api_keys: runtime_api_keys
+      }
+    };
+  }
+  readJson5File(params) {
+    const file_content = ReadUtf8File({
+      file_path: params.file_path
+    });
+    return ParseJson5({
+      content: file_content,
+      source_path: params.file_path
+    });
+  }
+  resolveTlsMaterial(params) {
+    const key_pem = this.readPemFile({
+      pem_path: params.tls_file_config.key_file,
+      config_file_dir: params.config_file_dir,
+      label: "tls_mtls.key_file"
+    });
+    const cert_pem = this.readPemFile({
+      pem_path: params.tls_file_config.cert_file,
+      config_file_dir: params.config_file_dir,
+      label: "tls_mtls.cert_file"
+    });
+    const ca_pem = this.readPemFile({
+      pem_path: params.tls_file_config.ca_file,
+      config_file_dir: params.config_file_dir,
+      label: "tls_mtls.ca_file"
+    });
+    const crl_pem = params.tls_file_config.crl_file ? this.readPemFile({
+      pem_path: params.tls_file_config.crl_file,
+      config_file_dir: params.config_file_dir,
+      label: "tls_mtls.crl_file"
+    }) : void 0;
+    return {
+      key_pem,
+      cert_pem,
+      ca_pem,
+      crl_pem,
+      min_version: params.tls_file_config.min_version,
+      cipher_suites: params.tls_file_config.cipher_suites,
+      handshake_timeout_ms: params.tls_file_config.handshake_timeout_ms,
+      request_timeout_ms: params.tls_file_config.request_timeout_ms,
+      max_frame_bytes: params.tls_file_config.max_frame_bytes
+    };
+  }
+  readPemFile(params) {
+    const absolute_file_path = ResolvePath({
+      file_path: params.pem_path,
+      base_dir: params.config_file_dir
+    });
+    const pem_content = ReadUtf8File({
+      file_path: absolute_file_path
+    }).trim();
+    if (!pem_content.includes("BEGIN")) {
+      throw new Error(`File "${absolute_file_path}" for ${params.label} does not look like a PEM file.`);
+    }
+    return `${pem_content}
+`;
+  }
+};
+__name(_ConfigFileLoader, "ConfigFileLoader");
+var ConfigFileLoader = _ConfigFileLoader;
+
+// src/classes/daemoncli/DaemonCli.class.ts
+var default_server_config_path = "./config/server.config.json5";
+var default_api_keys_config_path = "./config/api_keys.config.json5";
+var default_tls_output_dir = "./config/certs";
+var default_ca_common_name = "nodenetproccalld-local-ca";
+var default_server_common_name = "localhost";
+var default_client_common_name = "nodenetproccalld-client";
+var default_tls_valid_days = 825;
+var _DaemonCli = class _DaemonCli {
+  parseOptions() {
+    const options = {
+      server_config_path: default_server_config_path,
+      api_keys_config_path: default_api_keys_config_path,
+      help: false,
+      tls_generation: {
+        enabled: false,
+        output_dir: default_tls_output_dir,
+        overwrite: false,
+        ca_common_name: default_ca_common_name,
+        server_common_name: default_server_common_name,
+        client_common_name: default_client_common_name,
+        valid_days: default_tls_valid_days
+      }
+    };
+    const argv = process.argv.slice(2);
+    for (let index = 0; index < argv.length; index += 1) {
+      const token2 = argv[index];
+      if (token2 === "--help" || token2 === "-h") {
+        options.help = true;
+        continue;
+      }
+      if (token2 === "--server-config") {
+        const next_value = argv[index + 1];
+        if (!next_value) {
+          throw new Error("Missing value for --server-config");
+        }
+        options.server_config_path = next_value;
+        index += 1;
+        continue;
+      }
+      if (token2 === "--api-keys-config") {
+        const next_value = argv[index + 1];
+        if (!next_value) {
+          throw new Error("Missing value for --api-keys-config");
+        }
+        options.api_keys_config_path = next_value;
+        index += 1;
+        continue;
+      }
+      if (token2 === "--generate-tls-material") {
+        options.tls_generation.enabled = true;
+        continue;
+      }
+      if (token2 === "--tls-output-dir") {
+        const next_value = argv[index + 1];
+        if (!next_value) {
+          throw new Error("Missing value for --tls-output-dir");
+        }
+        options.tls_generation.output_dir = next_value;
+        index += 1;
+        continue;
+      }
+      if (token2 === "--tls-overwrite") {
+        options.tls_generation.overwrite = true;
+        continue;
+      }
+      if (token2 === "--tls-ca-cn") {
+        const next_value = argv[index + 1];
+        if (!next_value) {
+          throw new Error("Missing value for --tls-ca-cn");
+        }
+        options.tls_generation.ca_common_name = next_value;
+        index += 1;
+        continue;
+      }
+      if (token2 === "--tls-server-cn") {
+        const next_value = argv[index + 1];
+        if (!next_value) {
+          throw new Error("Missing value for --tls-server-cn");
+        }
+        options.tls_generation.server_common_name = next_value;
+        index += 1;
+        continue;
+      }
+      if (token2 === "--tls-client-cn") {
+        const next_value = argv[index + 1];
+        if (!next_value) {
+          throw new Error("Missing value for --tls-client-cn");
+        }
+        options.tls_generation.client_common_name = next_value;
+        index += 1;
+        continue;
+      }
+      if (token2 === "--tls-valid-days") {
+        const next_value = argv[index + 1];
+        if (!next_value) {
+          throw new Error("Missing value for --tls-valid-days");
+        }
+        const valid_days = Number(next_value);
+        if (!Number.isInteger(valid_days) || valid_days <= 0) {
+          throw new Error("--tls-valid-days must be a positive integer.");
+        }
+        options.tls_generation.valid_days = valid_days;
+        index += 1;
+        continue;
+      }
+      throw new Error(`Unknown argument: ${token2}`);
+    }
+    return options;
+  }
+  printHelp() {
+    const help_text = [
+      "nodenetproccalld",
+      "",
+      "Usage:",
+      "  node dist/index.js [options]",
+      "",
+      "Options:",
+      "  --server-config <path>      Path to server JSON5 config file.",
+      "                              Default: ./config/server.config.json5",
+      "  --api-keys-config <path>    Path to api keys JSON5 config file.",
+      "                              Default: ./config/api_keys.config.json5",
+      "  --generate-tls-material     Generate CA/server/client TLS material and exit.",
+      "  --tls-output-dir <path>     Output directory for generated TLS files.",
+      "                              Default: ./config/certs",
+      "  --tls-overwrite             Overwrite existing TLS files in output dir.",
+      "  --tls-ca-cn <value>         CA certificate common name.",
+      "                              Default: nodenetproccalld-local-ca",
+      "  --tls-server-cn <value>     Server certificate common name.",
+      "                              Default: localhost",
+      "  --tls-client-cn <value>     Client certificate common name.",
+      "                              Default: nodenetproccalld-client",
+      "  --tls-valid-days <number>   Certificate validity in days.",
+      "                              Default: 825",
+      "  -h, --help                  Show this help message."
+    ].join("\n");
+    console.log(help_text);
+  }
+};
+__name(_DaemonCli, "DaemonCli");
+var DaemonCli = _DaemonCli;
+
+// src/classes/networkprocedurecalldaemon/NetworkProcedureCallDaemon.class.ts
+var import_networkprocedurecall = require("@opsimathically/networkprocedurecall");
+var import_workerprocedurecall = require("@opsimathically/workerprocedurecall");
+function ToIsoTimestamp() {
+  return (/* @__PURE__ */ new Date()).toISOString();
+}
+__name(ToIsoTimestamp, "ToIsoTimestamp");
+var _NetworkProcedureCallDaemon = class _NetworkProcedureCallDaemon {
+  constructor(params) {
+    __publicField(this, "config_paths");
+    __publicField(this, "config_file_loader");
+    __publicField(this, "lifecycle_state", "stopped");
+    __publicField(this, "daemon_config", null);
+    __publicField(this, "workerprocedurecall", null);
+    __publicField(this, "networkprocedurecall", null);
+    __publicField(this, "api_key_authorizer", null);
+    __publicField(this, "worker_event_listener_id", null);
+    __publicField(this, "metrics_log_interval_handle", null);
+    this.config_paths = params.config_paths;
+    this.config_file_loader = params.config_file_loader ?? new ConfigFileLoader();
+  }
+  async start() {
+    if (this.lifecycle_state === "running") {
+      throw new Error("Daemon is already running.");
+    }
+    if (this.lifecycle_state === "starting") {
+      throw new Error("Daemon startup is already in progress.");
+    }
+    if (this.lifecycle_state === "stopping") {
+      throw new Error("Daemon stop is in progress. Wait for stop to complete.");
+    }
+    this.lifecycle_state = "starting";
+    try {
+      this.daemon_config = this.config_file_loader.loadDaemonConfig({
+        config_paths: this.config_paths
+      });
+      this.api_key_authorizer = new ApiKeyAuthorizer({
+        api_key_entries: this.daemon_config.api_keys_config.api_keys
+      });
+      const constructor_options = this.daemon_config.server_config.workerprocedurecall.constructor_options;
+      this.workerprocedurecall = constructor_options ? new import_workerprocedurecall.WorkerProcedureCall(constructor_options) : new import_workerprocedurecall.WorkerProcedureCall();
+      const log_worker_events = this.daemon_config.server_config.observability?.log_worker_events ?? true;
+      if (log_worker_events) {
+        this.worker_event_listener_id = this.workerprocedurecall.onWorkerEvent({
+          listener: /* @__PURE__ */ __name((worker_event) => {
+            this.logWorkerEvent({
+              worker_event
+            });
+          }, "listener")
+        });
+      }
+      await this.workerprocedurecall.startWorkers({
+        count: this.daemon_config.server_config.workerprocedurecall.count,
+        ...this.daemon_config.server_config.workerprocedurecall.start_options ?? {}
+      });
+      const networkprocedurecall_workerprocedurecall = this.workerprocedurecall;
+      this.networkprocedurecall = new import_networkprocedurecall.NetworkProcedureCall({
+        workerprocedurecall: networkprocedurecall_workerprocedurecall
+      });
+      const auth_callback = this.createAuthCallback();
+      const start_params = this.buildServerStartParams({
+        auth_callback
+      });
+      await this.networkprocedurecall.start(start_params);
+      this.startMetricsLogging();
+      this.lifecycle_state = "running";
+      this.logMessage({
+        severity: "info",
+        message: `Daemon started: ${start_params.information.server_name} on ${start_params.network.bind_addr}:${start_params.network.tcp_listen_port}`
+      });
+    } catch (error) {
+      this.lifecycle_state = "stopped";
+      await this.stopBestEffort();
+      throw error;
+    }
+  }
+  async stop() {
+    if (this.lifecycle_state === "stopped") {
+      return;
+    }
+    if (this.lifecycle_state === "stopping") {
+      return;
+    }
+    this.lifecycle_state = "stopping";
+    await this.stopBestEffort();
+    this.lifecycle_state = "stopped";
+    this.logMessage({
+      severity: "info",
+      message: "Daemon stopped."
+    });
+  }
+  getRuntimeSnapshot() {
+    return {
+      lifecycle_state: this.lifecycle_state,
+      server_name: this.daemon_config?.server_config.information.server_name,
+      bind_addr: this.daemon_config?.server_config.network.bind_addr,
+      tcp_listen_port: this.daemon_config?.server_config.network.tcp_listen_port,
+      worker_health_states: this.workerprocedurecall?.getWorkerHealthStates(),
+      abuse_metrics: this.networkprocedurecall?.getAbuseMetrics()
+    };
+  }
+  createAuthCallback() {
+    return async (auth_callback_params) => {
+      const authorizer = this.requireApiKeyAuthorizer();
+      return await authorizer.authenticate({
+        auth_callback_params
+      });
+    };
+  }
+  buildServerStartParams(params) {
+    const daemon_config = this.requireDaemonConfig();
+    const abuse_controls_from_file = daemon_config.server_config.abuse_controls;
+    const enable_console_log = daemon_config.server_config.observability?.enable_console_log;
+    let merged_abuse_controls = abuse_controls_from_file;
+    if (enable_console_log !== void 0) {
+      merged_abuse_controls = {
+        ...abuse_controls_from_file ?? {},
+        observability: {
+          ...abuse_controls_from_file?.observability ?? {},
+          enable_console_log
+        }
+      };
+    }
+    return {
+      information: {
+        server_name: daemon_config.server_config.information.server_name
+      },
+      network: {
+        bind_addr: daemon_config.server_config.network.bind_addr,
+        tcp_listen_port: daemon_config.server_config.network.tcp_listen_port
+      },
+      tls_mtls: {
+        ...daemon_config.server_config.tls_mtls
+      },
+      abuse_controls: merged_abuse_controls,
+      auth_callback: params.auth_callback
+    };
+  }
+  startMetricsLogging() {
+    this.clearMetricsLoggingInterval();
+    const daemon_config = this.requireDaemonConfig();
+    const metrics_log_interval_ms = daemon_config.server_config.observability?.metrics_log_interval_ms;
+    if (!metrics_log_interval_ms) {
+      return;
+    }
+    this.metrics_log_interval_handle = setInterval(() => {
+      if (!this.networkprocedurecall || !this.workerprocedurecall) {
+        return;
+      }
+      const abuse_metrics = this.networkprocedurecall.getAbuseMetrics();
+      const worker_health_states = this.workerprocedurecall.getWorkerHealthStates();
+      this.logMessage({
+        severity: "info",
+        message: `runtime_metrics abuse=${JSON.stringify(abuse_metrics)} worker_health=${JSON.stringify(worker_health_states)}`
+      });
+    }, metrics_log_interval_ms);
+    this.metrics_log_interval_handle.unref();
+  }
+  clearMetricsLoggingInterval() {
+    if (this.metrics_log_interval_handle) {
+      clearInterval(this.metrics_log_interval_handle);
+      this.metrics_log_interval_handle = null;
+    }
+  }
+  async stopBestEffort() {
+    this.clearMetricsLoggingInterval();
+    const stop_errors = [];
+    if (this.networkprocedurecall) {
+      try {
+        await this.networkprocedurecall.stop();
+      } catch (error) {
+        stop_errors.push(error);
+      }
+      this.networkprocedurecall = null;
+    }
+    if (this.workerprocedurecall && this.worker_event_listener_id !== null) {
+      try {
+        this.workerprocedurecall.offWorkerEvent({
+          listener_id: this.worker_event_listener_id
+        });
+      } catch (error) {
+        stop_errors.push(error);
+      }
+      this.worker_event_listener_id = null;
+    }
+    if (this.workerprocedurecall) {
+      try {
+        await this.workerprocedurecall.stopWorkers();
+      } catch (error) {
+        stop_errors.push(error);
+      }
+      this.workerprocedurecall = null;
+    }
+    this.api_key_authorizer = null;
+    this.daemon_config = null;
+    if (stop_errors.length > 0) {
+      const first_error = stop_errors[0];
+      throw first_error;
+    }
+  }
+  requireDaemonConfig() {
+    if (!this.daemon_config) {
+      throw new Error("Daemon config is not initialized.");
+    }
+    return this.daemon_config;
+  }
+  requireApiKeyAuthorizer() {
+    if (!this.api_key_authorizer) {
+      throw new Error("ApiKeyAuthorizer is not initialized.");
+    }
+    return this.api_key_authorizer;
+  }
+  logWorkerEvent(params) {
+    this.logMessage({
+      severity: params.worker_event.severity,
+      message: `worker_event ${JSON.stringify(params.worker_event)}`
+    });
+  }
+  logMessage(params) {
+    const output_message = `[${ToIsoTimestamp()}] [${params.severity}] ${params.message}`;
+    if (params.severity === "error") {
+      console.error(output_message);
+      return;
+    }
+    if (params.severity === "warn") {
+      console.warn(output_message);
+      return;
+    }
+    console.log(output_message);
+  }
+};
+__name(_NetworkProcedureCallDaemon, "NetworkProcedureCallDaemon");
+var NetworkProcedureCallDaemon = _NetworkProcedureCallDaemon;
+
+// src/classes/daemonprocess/DaemonProcess.class.ts
+var _DaemonProcess = class _DaemonProcess {
+  constructor(params) {
+    __publicField(this, "daemon");
+    __publicField(this, "is_running", false);
+    __publicField(this, "stop_in_progress", false);
+    __publicField(this, "stop_resolve", null);
+    __publicField(this, "stop_waiter");
+    __publicField(this, "handleSignal", /* @__PURE__ */ __name((signal) => {
+      void this.requestStop({
+        reason: `Received ${signal}.`
+      });
+    }, "handleSignal"));
+    __publicField(this, "handleUncaughtException", /* @__PURE__ */ __name((error) => {
+      console.error(`Uncaught exception: ${error.stack ?? error.message}`);
+      process.exitCode = 1;
+      void this.requestStop({
+        reason: "Stopping daemon after uncaught exception."
+      });
+    }, "handleUncaughtException"));
+    __publicField(this, "handleUnhandledRejection", /* @__PURE__ */ __name((error) => {
+      const error_message = error instanceof Error ? error.stack ?? error.message : String(error);
+      console.error(`Unhandled rejection: ${error_message}`);
+      process.exitCode = 1;
+      void this.requestStop({
+        reason: "Stopping daemon after unhandled rejection."
+      });
+    }, "handleUnhandledRejection"));
+    this.daemon = new NetworkProcedureCallDaemon({
+      config_paths: params.config_paths
+    });
+    this.stop_waiter = new Promise((resolve) => {
+      this.stop_resolve = resolve;
+    });
+  }
+  async run() {
+    if (this.is_running) {
+      throw new Error("DaemonProcess is already running.");
+    }
+    this.is_running = true;
+    this.attachProcessHandlers();
+    try {
+      await this.daemon.start();
+    } catch (error) {
+      this.detachProcessHandlers();
+      this.is_running = false;
+      throw error;
+    }
+    await this.stop_waiter;
+  }
+  attachProcessHandlers() {
+    process.on("SIGINT", this.handleSignal);
+    process.on("SIGTERM", this.handleSignal);
+    process.on("uncaughtException", this.handleUncaughtException);
+    process.on("unhandledRejection", this.handleUnhandledRejection);
+  }
+  detachProcessHandlers() {
+    process.off("SIGINT", this.handleSignal);
+    process.off("SIGTERM", this.handleSignal);
+    process.off("uncaughtException", this.handleUncaughtException);
+    process.off("unhandledRejection", this.handleUnhandledRejection);
+  }
+  async requestStop(params) {
+    if (!this.is_running || this.stop_in_progress) {
+      return;
+    }
+    this.stop_in_progress = true;
+    console.log(params.reason);
+    try {
+      await this.daemon.stop();
+    } catch (error) {
+      const error_message = error instanceof Error ? error.stack ?? error.message : String(error);
+      console.error(`Error while stopping daemon: ${error_message}`);
+      process.exitCode = 1;
+    } finally {
+      this.detachProcessHandlers();
+      this.is_running = false;
+      this.stop_in_progress = false;
+      if (this.stop_resolve) {
+        this.stop_resolve();
+      }
+    }
+  }
+};
+__name(_DaemonProcess, "DaemonProcess");
+var DaemonProcess = _DaemonProcess;
+
+// src/classes/tlsmaterialgenerator/TlsMaterialGenerator.class.ts
+var import_node_child_process = require("child_process");
+var import_node_fs2 = __toESM(require("fs"));
+var import_node_path2 = __toESM(require("path"));
+function EnsurePositiveInteger(params) {
+  if (!Number.isInteger(params.value) || params.value <= 0) {
+    throw new Error(`${params.label} must be a positive integer.`);
+  }
+}
+__name(EnsurePositiveInteger, "EnsurePositiveInteger");
+function MakeDirRecursive(params) {
+  import_node_fs2.default.mkdirSync(params.dir_path, {
+    recursive: true
+  });
+}
+__name(MakeDirRecursive, "MakeDirRecursive");
+function WriteTextFile(params) {
+  import_node_fs2.default.writeFileSync(params.file_path, params.content, "utf8");
+}
+__name(WriteTextFile, "WriteTextFile");
+var _TlsMaterialGenerator = class _TlsMaterialGenerator {
+  generateTlsMaterial(params) {
+    const options = params.tls_generation_options;
+    EnsurePositiveInteger({
+      value: options.valid_days,
+      label: "tls_generation.valid_days"
+    });
+    const output_dir = import_node_path2.default.resolve(process.cwd(), options.output_dir);
+    MakeDirRecursive({
+      dir_path: output_dir
+    });
+    this.assertOpenSslAvailable();
+    const tls_files = this.buildTlsFileMap({
+      output_dir
+    });
+    this.assertTargetFilesAreWritable({
+      tls_files,
+      overwrite: options.overwrite
+    });
+    try {
+      this.generateCa({
+        tls_files,
+        valid_days: options.valid_days,
+        ca_common_name: options.ca_common_name
+      });
+      this.generateServerCertificate({
+        tls_files,
+        valid_days: options.valid_days,
+        server_common_name: options.server_common_name
+      });
+      this.generateClientCertificate({
+        tls_files,
+        valid_days: options.valid_days,
+        client_common_name: options.client_common_name
+      });
+      this.cleanupIntermediateFiles({
+        tls_files
+      });
+    } catch (error) {
+      throw new Error(`Failed to generate TLS material in "${output_dir}": ${this.getErrorMessage({
+        error
+      })}`);
+    }
+    return {
+      output_dir,
+      ca_key_path: tls_files.ca_key_path,
+      ca_cert_path: tls_files.ca_cert_path,
+      server_key_path: tls_files.server_key_path,
+      server_cert_path: tls_files.server_cert_path,
+      client_key_path: tls_files.client_key_path,
+      client_cert_path: tls_files.client_cert_path
+    };
+  }
+  assertOpenSslAvailable() {
+    try {
+      (0, import_node_child_process.execFileSync)("openssl", [
+        "version"
+      ], {
+        stdio: "ignore"
+      });
+    } catch {
+      throw new Error("openssl command is required but was not found. Please install openssl and retry.");
+    }
+  }
+  buildTlsFileMap(params) {
+    return {
+      ca_key_path: import_node_path2.default.join(params.output_dir, "ca.key.pem"),
+      ca_cert_path: import_node_path2.default.join(params.output_dir, "ca.cert.pem"),
+      server_key_path: import_node_path2.default.join(params.output_dir, "server.key.pem"),
+      server_csr_path: import_node_path2.default.join(params.output_dir, "server.csr.pem"),
+      server_cert_path: import_node_path2.default.join(params.output_dir, "server.cert.pem"),
+      server_ext_path: import_node_path2.default.join(params.output_dir, "server.ext"),
+      client_key_path: import_node_path2.default.join(params.output_dir, "client.key.pem"),
+      client_csr_path: import_node_path2.default.join(params.output_dir, "client.csr.pem"),
+      client_cert_path: import_node_path2.default.join(params.output_dir, "client.cert.pem"),
+      client_ext_path: import_node_path2.default.join(params.output_dir, "client.ext"),
+      ca_serial_path: import_node_path2.default.join(params.output_dir, "ca.cert.srl")
+    };
+  }
+  assertTargetFilesAreWritable(params) {
+    const target_paths = [
+      params.tls_files.ca_key_path,
+      params.tls_files.ca_cert_path,
+      params.tls_files.server_key_path,
+      params.tls_files.server_cert_path,
+      params.tls_files.client_key_path,
+      params.tls_files.client_cert_path
+    ];
+    if (!params.overwrite) {
+      for (const target_path of target_paths) {
+        if (import_node_fs2.default.existsSync(target_path)) {
+          throw new Error(`Refusing to overwrite existing file "${target_path}". Use --tls-overwrite to replace existing material.`);
+        }
+      }
+      return;
+    }
+    for (const target_path of target_paths) {
+      import_node_fs2.default.rmSync(target_path, {
+        force: true
+      });
+    }
+    import_node_fs2.default.rmSync(params.tls_files.ca_serial_path, {
+      force: true
+    });
+  }
+  generateCa(params) {
+    this.runOpenSslCommand({
+      args: [
+        "req",
+        "-x509",
+        "-newkey",
+        "rsa:4096",
+        "-sha256",
+        "-nodes",
+        "-keyout",
+        params.tls_files.ca_key_path,
+        "-out",
+        params.tls_files.ca_cert_path,
+        "-days",
+        String(params.valid_days),
+        "-subj",
+        `/CN=${params.ca_common_name}`
+      ]
+    });
+  }
+  generateServerCertificate(params) {
+    WriteTextFile({
+      file_path: params.tls_files.server_ext_path,
+      content: [
+        "subjectAltName=DNS:localhost,IP:127.0.0.1",
+        "extendedKeyUsage=serverAuth",
+        "keyUsage=digitalSignature,keyEncipherment"
+      ].join("\n")
+    });
+    this.runOpenSslCommand({
+      args: [
+        "req",
+        "-new",
+        "-newkey",
+        "rsa:4096",
+        "-sha256",
+        "-nodes",
+        "-keyout",
+        params.tls_files.server_key_path,
+        "-out",
+        params.tls_files.server_csr_path,
+        "-subj",
+        `/CN=${params.server_common_name}`
+      ]
+    });
+    this.runOpenSslCommand({
+      args: [
+        "x509",
+        "-req",
+        "-in",
+        params.tls_files.server_csr_path,
+        "-CA",
+        params.tls_files.ca_cert_path,
+        "-CAkey",
+        params.tls_files.ca_key_path,
+        "-CAserial",
+        params.tls_files.ca_serial_path,
+        "-CAcreateserial",
+        "-out",
+        params.tls_files.server_cert_path,
+        "-days",
+        String(params.valid_days),
+        "-sha256",
+        "-extfile",
+        params.tls_files.server_ext_path
+      ]
+    });
+  }
+  generateClientCertificate(params) {
+    const client_uri = `spiffe://nodenetproccalld/${params.client_common_name.replace(/[^a-zA-Z0-9_.-]/g, "_").toLowerCase()}`;
+    WriteTextFile({
+      file_path: params.tls_files.client_ext_path,
+      content: [
+        "extendedKeyUsage=clientAuth",
+        "keyUsage=digitalSignature,keyEncipherment",
+        `subjectAltName=URI:${client_uri}`
+      ].join("\n")
+    });
+    this.runOpenSslCommand({
+      args: [
+        "req",
+        "-new",
+        "-newkey",
+        "rsa:4096",
+        "-sha256",
+        "-nodes",
+        "-keyout",
+        params.tls_files.client_key_path,
+        "-out",
+        params.tls_files.client_csr_path,
+        "-subj",
+        `/CN=${params.client_common_name}`
+      ]
+    });
+    this.runOpenSslCommand({
+      args: [
+        "x509",
+        "-req",
+        "-in",
+        params.tls_files.client_csr_path,
+        "-CA",
+        params.tls_files.ca_cert_path,
+        "-CAkey",
+        params.tls_files.ca_key_path,
+        "-CAserial",
+        params.tls_files.ca_serial_path,
+        "-out",
+        params.tls_files.client_cert_path,
+        "-days",
+        String(params.valid_days),
+        "-sha256",
+        "-extfile",
+        params.tls_files.client_ext_path
+      ]
+    });
+  }
+  cleanupIntermediateFiles(params) {
+    import_node_fs2.default.rmSync(params.tls_files.server_csr_path, {
+      force: true
+    });
+    import_node_fs2.default.rmSync(params.tls_files.client_csr_path, {
+      force: true
+    });
+    import_node_fs2.default.rmSync(params.tls_files.server_ext_path, {
+      force: true
+    });
+    import_node_fs2.default.rmSync(params.tls_files.client_ext_path, {
+      force: true
+    });
+    import_node_fs2.default.rmSync(params.tls_files.ca_serial_path, {
+      force: true
+    });
+  }
+  runOpenSslCommand(params) {
+    (0, import_node_child_process.execFileSync)("openssl", params.args, {
+      stdio: "ignore"
+    });
+  }
+  getErrorMessage(params) {
+    if (params.error instanceof Error) {
+      return params.error.message;
+    }
+    return String(params.error);
+  }
+};
+__name(_TlsMaterialGenerator, "TlsMaterialGenerator");
+var TlsMaterialGenerator = _TlsMaterialGenerator;
+
+// src/index.ts
+async function StartDaemonFromCli() {
+  const daemon_cli = new DaemonCli();
+  const cli_options = daemon_cli.parseOptions();
+  if (cli_options.help) {
+    daemon_cli.printHelp();
+    return;
+  }
+  if (cli_options.tls_generation.enabled) {
+    const tls_material_generator = new TlsMaterialGenerator();
+    const generated_tls_material = tls_material_generator.generateTlsMaterial({
+      tls_generation_options: cli_options.tls_generation
+    });
+    console.log("TLS material generated successfully.");
+    console.log(`Output directory: ${generated_tls_material.output_dir}`);
+    console.log(`CA cert: ${generated_tls_material.ca_cert_path}`);
+    console.log(`Server cert: ${generated_tls_material.server_cert_path}`);
+    console.log(`Server key: ${generated_tls_material.server_key_path}`);
+    console.log(`Client cert: ${generated_tls_material.client_cert_path}`);
+    console.log(`Client key: ${generated_tls_material.client_key_path}`);
+    console.log("");
+    console.log("If using default config, set tls_mtls key_file/cert_file/ca_file in config/server.config.json5 to these files.");
+    return;
+  }
+  const daemon_process = new DaemonProcess({
+    config_paths: {
+      server_config_path: cli_options.server_config_path,
+      api_keys_config_path: cli_options.api_keys_config_path
+    }
+  });
+  await daemon_process.run();
+}
+__name(StartDaemonFromCli, "StartDaemonFromCli");
+if (require.main === module) {
+  void StartDaemonFromCli().catch((error) => {
+    const error_message = error instanceof Error ? error.stack ?? error.message : String(error);
+    console.error(`Daemon startup failed: ${error_message}`);
+    process.exitCode = 1;
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ApiKeyAuthorizer,
+  ConfigFileLoader,
+  ConfigValidator,
+  DaemonCli,
+  DaemonProcess,
+  NetworkProcedureCallDaemon,
+  TlsMaterialGenerator
+});
+//# sourceMappingURL=index.js.map