@p0security/cli 0.19.15 → 0.20.0

package/build/dist/commands/index.js

@@ -35,6 +35,7 @@ const login_1 = require("./login");
 const logout_1 = require("./logout");
 const ls_1 = require("./ls");
 const print_bearer_token_1 = require("./print-bearer-token");
+const rdp_1 = require("./rdp");
 const request_1 = require("./request");
 const scp_1 = require("./scp");
 const ssh_1 = require("./ssh");
@@ -55,6 +56,7 @@ const commands = [
     ssh_proxy_1.sshProxyCommand,
     ssh_resolve_1.sshResolveCommand,
     scp_1.scpCommand,
+    rdp_1.rdpCommand,
     kubeconfig_1.kubeconfigCommand,
     print_bearer_token_1.printBearerTokenCommand,
 ];

package/build/dist/commands/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAmD;AACnD,4CAAkD;AAClD,oDAAsD;AACtD,wCAA2C;AAC3C,mCAAuC;AACvC,+BAAmC;AACnC,mCAAuC;AACvC,6CAAiD;AACjD,mCAAuC;AACvC,qCAAyC;AACzC,6BAAiC;AACjC,6DAA+D;AAC/D,uCAA2C;AAC3C,+BAAmC;AACnC,+BAAmC;AACnC,2CAA8C;AAC9C,+CAAkD;AAClD,2CAAiC;AACjC,kDAA0B;AAC1B,2CAAwC;AAExC,MAAM,QAAQ,GAAG;IACf,gBAAU;IACV,oBAAY;IACZ,oBAAY;IACZ,sBAAa;IACb,cAAS;IACT,wBAAc;IACd,oBAAY;IACZ,gBAAU;IACV,2BAAe;IACf,+BAAiB;IACjB,gBAAU;IACV,8BAAiB;IACjB,4CAAuB;CACxB,CAAC;AAEF,MAAM,SAAS,GAAG,GAAS,EAAE;IAC3B,MAAM,EAAE,OAAO,EAAE,GAAG,uBAAa,CAAC;IAClC,MAAM,IAAI,GAAG,IAAA,eAAK,EAAC,IAAA,iBAAO,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE3D,6FAA6F;IAC7F,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,QAAQ,GAAG,CAAC,GAAoC,EAAE,EAAE;QACvD,IAAI,OAAO,GAAG,KAAK,UAAU,EAAE;YAC7B,gBAAgB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,IAAA,uBAAc,GAAE,CAAC,CAAC,CAAC;SAC3D;aAAM;YACL,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACtB,IAAA,cAAM,EAAC,KAAK,IAAA,uBAAc,GAAE,EAAE,CAAC,CAAC;SACjC;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEF,4DAA4D;AAC5D,MAAM,mBAAmB,GAAG,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;AAEzD,SAAe,uBAAuB,CAAC,IAA8B;;QACnE,MAAM,cAAc,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE;YACtC,OAAO;SACR;QAED,IAAI,mBAAmB,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE;YAChD,OAAO;SACR;aAAM;YACL,OAAO,MAAM,IAAA,sBAAY,EAAC,IAAI,CAAC,CAAC;SACjC;IACH,CAAC;CAAA;AAEM,MAAM,MAAM,GAAG,GAAS,EAAE;IAC/B,OAAA,QAAQ;SACL,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,SAAS,EAAE,CAAC;SACzC,UAAU,CAAC,uBAAuB,CAAC;SACnC,MAAM,EAAE;SACR,aAAa,CAAC,CAAC,CAAC;SAChB,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;QAC9B,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;SACf;aAAM;YACL,IAAA,cAAM,EAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACrB,IAAA,cAAM,EAAC,KAAK,OAAO,EAAE,CAAC,CAAC;YACvB,IAAA,cAAM,EAAC,KAAK,IAAA,uBAAc,GAAE,EAAE,CAAC,CAAC;SACjC;QACD,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC,CAAC,CAAA;EAAA,CAAC;AAfM,QAAA,MAAM,UAeZ"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAmD;AACnD,4CAAkD;AAClD,oDAAsD;AACtD,wCAA2C;AAC3C,mCAAuC;AACvC,+BAAmC;AACnC,mCAAuC;AACvC,6CAAiD;AACjD,mCAAuC;AACvC,qCAAyC;AACzC,6BAAiC;AACjC,6DAA+D;AAC/D,+BAAmC;AACnC,uCAA2C;AAC3C,+BAAmC;AACnC,+BAAmC;AACnC,2CAA8C;AAC9C,+CAAkD;AAClD,2CAAiC;AACjC,kDAA0B;AAC1B,2CAAwC;AAExC,MAAM,QAAQ,GAAG;IACf,gBAAU;IACV,oBAAY;IACZ,oBAAY;IACZ,sBAAa;IACb,cAAS;IACT,wBAAc;IACd,oBAAY;IACZ,gBAAU;IACV,2BAAe;IACf,+BAAiB;IACjB,gBAAU;IACV,gBAAU;IACV,8BAAiB;IACjB,4CAAuB;CACxB,CAAC;AAEF,MAAM,SAAS,GAAG,GAAS,EAAE;IAC3B,MAAM,EAAE,OAAO,EAAE,GAAG,uBAAa,CAAC;IAClC,MAAM,IAAI,GAAG,IAAA,eAAK,EAAC,IAAA,iBAAO,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE3D,6FAA6F;IAC7F,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,QAAQ,GAAG,CAAC,GAAoC,EAAE,EAAE;QACvD,IAAI,OAAO,GAAG,KAAK,UAAU,EAAE;YAC7B,gBAAgB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,IAAA,uBAAc,GAAE,CAAC,CAAC,CAAC;SAC3D;aAAM;YACL,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACtB,IAAA,cAAM,EAAC,KAAK,IAAA,uBAAc,GAAE,EAAE,CAAC,CAAC;SACjC;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEF,4DAA4D;AAC5D,MAAM,mBAAmB,GAAG,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;AAEzD,SAAe,uBAAuB,CAAC,IAA8B;;QACnE,MAAM,cAAc,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE;YACtC,OAAO;SACR;QAED,IAAI,mBAAmB,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE;YAChD,OAAO;SACR;aAAM;YACL,OAAO,MAAM,IAAA,sBAAY,EAAC,IAAI,CAAC,CAAC;SACjC;IACH,CAAC;CAAA;AAEM,MAAM,MAAM,GAAG,GAAS,EAAE;IAC/B,OAAA,QAAQ;SACL,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,SAAS,EAAE,CAAC;SACzC,UAAU,CAAC,uBAAuB,CAAC;SACnC,MAAM,EAAE;SACR,aAAa,CAAC,CAAC,CAAC;SAChB,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;QAC9B,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;SACf;aAAM;YACL,IAAA,cAAM,EAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACrB,IAAA,cAAM,EAAC,KAAK,OAAO,EAAE,CAAC,CAAC;YACvB,IAAA,cAAM,EAAC,KAAK,IAAA,uBAAc,GAAE,EAAE,CAAC,CAAC;SACjC;QACD,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC,CAAC,CAAA;EAAA,CAAC;AAfM,QAAA,MAAM,UAeZ"}

package/build/dist/commands/rdp.d.ts

@@ -0,0 +1,2 @@
+import yargs from "yargs";
+export declare const rdpCommand: (yargs: yargs.Argv<{}>) => yargs.Argv<{}>;

package/build/dist/commands/rdp.js

@@ -0,0 +1,77 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rdpCommand = void 0;
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+const auth_1 = require("../drivers/auth");
+const stdio_1 = require("../drivers/stdio");
+const rdp_1 = require("../plugins/rdp");
+const util_1 = require("../util");
+const rdpCommand = (yargs) => yargs.command("rdp <destination>", "Connect to a Windows virtual machine via RDP", (yargs) => yargs
+    .positional("destination", {
+    type: "string",
+    demandOption: true,
+})
+    .option("reason", {
+    describe: "Reason access is needed",
+    type: "string",
+})
+    .option("debug", {
+    type: "boolean",
+    describe: "Print debug information.",
+    default: false,
+})
+    .option("configure", {
+    type: "boolean",
+    describe: "Configure the RDP session before connecting",
+    default: false,
+})
+    .usage("$0 rdp <destination>")
+    .epilogue(`Connect to a Windows virtual machine via RDP through Azure Bastion Host.
+
+Example:
+  $ ${(0, util_1.getAppName)()} rdp my-windows-vm --reason "Reason for access"`), rdpAction);
+exports.rdpCommand = rdpCommand;
+/**
+ * Connect to a Virtual Machine via RDP
+ *
+ * Implicitly requests access to the machine if not already granted.
+ * Implicitly logs the user into Azure if not already logged in.
+ *
+ * Supported RDP mechanisms:
+ * - Azure VM via Bastion Host with Entra ID authentication
+ */
+const rdpAction = (cmdArgs) => __awaiter(void 0, void 0, void 0, function* () {
+    // Entra ID authentication is only supported on Windows client machines.
+    // See: https://learn.microsoft.com/en-us/windows/client-management/client-tools/connect-to-remote-aadj-pc#connect-with-microsoft-entra-authentication
+    const os = (0, util_1.getOperatingSystem)();
+    if (os !== "win") {
+        (0, stdio_1.print2)("RDP session connections are only supported on Windows.");
+        process.exit(1);
+    }
+    const authn = yield (0, auth_1.authenticate)(cmdArgs);
+    yield (0, rdp_1.rdp)(authn, cmdArgs);
+    // Force exit to prevent hanging due to orphaned child processes
+    // Skip in tests to avoid killing the test runner
+    if (process.env.NODE_ENV !== "unit") {
+        process.exit(0);
+    }
+});
+//# sourceMappingURL=rdp.js.map

package/build/dist/commands/rdp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rdp.js","sourceRoot":"","sources":["../../../src/commands/rdp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,4CAA0C;AAC1C,wCAAqC;AAErC,kCAAyD;AAGlD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,mBAAmB,EACnB,8CAA8C,EAC9C,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;IACpC,OAAO,EAAE,KAAK;CACf,CAAC;KACD,MAAM,CAAC,WAAW,EAAE;IACnB,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,KAAK;CACf,CAAC;KACD,KAAK,CAAC,sBAAsB,CAAC;KAC7B,QAAQ,CACP;;;MAGJ,IAAA,iBAAU,GAAE,iDAAiD,CAC1D,EAEL,SAAS,CACV,CAAC;AAjCS,QAAA,UAAU,cAiCnB;AAEJ;;;;;;;;GAQG;AACH,MAAM,SAAS,GAAG,CAAO,OAAiD,EAAE,EAAE;IAC5E,wEAAwE;IACxE,sJAAsJ;IACtJ,MAAM,EAAE,GAAG,IAAA,yBAAkB,GAAE,CAAC;IAChC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,IAAA,cAAM,EAAC,wDAAwD,CAAC,CAAC;QACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACjB;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,IAAA,SAAG,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAE1B,gEAAgE;IAChE,iDAAiD;IACjD,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE;QACnC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACjB;AACH,CAAC,CAAA,CAAC"}

package/build/dist/common/install.js

@@ -25,8 +25,8 @@ You should have received a copy of the GNU General Public License along with @p0
 **/
 const stdio_1 = require("../drivers/stdio");
 const types_1 = require("../types");
+const util_1 = require("../util");
 const lodash_1 = require("lodash");
-const node_child_process_1 = require("node:child_process");
 const node_os_1 = __importDefault(require("node:os"));
 const typescript_1 = require("typescript");
 const which_1 = __importDefault(require("which"));
@@ -91,7 +91,9 @@ const guidedInstall = (platform, item, installData) => __awaiter(void 0, void 0,
     (0, stdio_1.print2)(`Executing:\n${combined}`);
     (0, stdio_1.print2)("");
     yield new Promise((resolve, reject) => {
-        const child = (0, node_child_process_1.spawn)("bash", ["-c", combined], { stdio: "inherit" });
+        const child = (0, util_1.spawnWithCleanEnv)("bash", ["-c", combined], {
+            stdio: "inherit",
+        });
         child.on("exit", (code) => {
             if (code === 0)
                 resolve();

package/build/dist/common/install.js.map

@@ -1 +1 @@
-{"version":3,"file":"install.js","sourceRoot":"","sources":["../../../src/common/install.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAAkD;AAClD,oCAA+B;AAC/B,mCAAiC;AACjC,2DAA2C;AAC3C,sDAAyB;AACzB,2CAAiC;AACjC,kDAA0B;AAEb,QAAA,kBAAkB,GAAG,CAAC,QAAQ,CAAU,CAAC;AAGzC,QAAA,QAAQ,GAAG,CAAC,KAAK,CAAU,CAAC;AAG5B,QAAA,aAAa,GAAG,CAAC,MAAM,CAAU,CAAC;AAQlC,QAAA,UAAU,GAA+C;IACpE,GAAG,EAAE;QACH,KAAK,EAAE,YAAY;QACnB,QAAQ,EAAE;YACR,MAAM,EAAE;gBACN,oEAAoE;gBACpE,4CAA4C;gBAC5C,mBAAmB;aACpB;SACF;KACF;CACF,CAAC;AAEW,QAAA,eAAe,GAC1B;IACE,IAAI,EAAE;QACJ,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE;YACR,MAAM,EAAE;gBACN,iGAAiG;aAClG;SACF;KACF;CACF,CAAC;AAEJ,MAAM,cAAc,GAAG,CAIrB,SAAuB,EACvB,eAAkB,EAClB,EAAE;IACF,IAAA,cAAM,EAAC,mEAAmE,CAAC,CAAC;IAC5E,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE;QAC5B,IAAA,cAAM,EAAC,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,IAAI,GAAG,CAAC,CAAC;KACxD;IACD,IAAA,cAAM,EAAC,EAAE,CAAC,CAAC;AACb,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,GAAS,EAAE;IAClC,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC;IACpD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;QACzC;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,UAAU;YAChB,OAAO,EACL,oEAAoE;SACvE;KACF,CAAC,CAAC;IACH,IAAA,cAAM,EAAC,EAAE,CAAC,CAAC;IACX,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAA,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAyB,YAA0B,EAAE,EAAE;IAC9E,OAAA,IAAA,gBAAO,EACL,MAAM,OAAO,CAAC,GAAG,CACf,YAAY,CAAC,GAAG,CAAC,CAAO,IAAI,EAAE,EAAE,kDAC9B,OAAA,CAAC,MAAM,IAAA,eAAK,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAA,GAAA,CACnE,CACF,CACF,CAAA;EAAA,CAAC;AAEJ,MAAM,oBAAoB,GAAG,CAI3B,QAA2B,EAC3B,IAAO,EACP,WAAc,EACd,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAA,cAAM,EAAC,cAAc,KAAK,iCAAiC,CAAC,CAAC;IAC7D,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,EAAE;QACxC,IAAA,cAAM,EAAC,KAAK,OAAO,EAAE,CAAC,CAAC;KACxB;IACD,IAAA,cAAM,EAAC,EAAE,CAAC,CAAC,CAAC,6EAA6E;AAC3F,CAAC,CAAC;AAEK,MAAM,aAAa,GAAG,CAI3B,QAA2B,EAC3B,IAAO,EACP,WAAc,EACd,EAAE;IACF,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEtD,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAE3C,IAAA,cAAM,EAAC,eAAe,QAAQ,EAAE,CAAC,CAAC;IAClC,IAAA,cAAM,EAAC,EAAE,CAAC,CAAC;IAEX,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,KAAK,GAAG,IAAA,0BAAK,EAAC,MAAM,EAAE,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QACpE,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,IAAI,KAAK,CAAC;gBAAE,OAAO,EAAE,CAAC;;gBACrB,MAAM,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC1B,MAAM,CACJ,mDAAmD,KAAK,CAAC,OAAO,EAAE,CACnE,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,cAAM,EAAC,EAAE,CAAC,CAAC;AACb,CAAC,CAAA,CAAC;AA7BW,QAAA,aAAa,iBA6BxB;AAEK,MAAM,aAAa,GAAG,CAI3B,YAA0B,EAC1B,WAAc,EACI,EAAE;;IACpB,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,YAAY,CAAC,CAAC;IAEvD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE;QAC1B,OAAO,IAAI,CAAC;KACb;IAED,MAAM,QAAQ,GAAG,iBAAE,CAAC,QAAQ,EAAE,CAAC;IAE/B,cAAc,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAEvC,IAAI,CAAC,IAAA,WAAG,EAAC,0BAAkB,CAAC,CAAC,QAAQ,CAAC,EAAE;QACtC,MAAM,CACJ,+DAA+D,QAAQ,IAAI;YAC3E,kFAAkF,CACnF,CAAC;KACH;IAED,MAAM,WAAW,GAAG,CAAC,CAAC,CAAA,MAAA,gBAAG,CAAC,gBAAgB,gEAAI,CAAA,IAAI,CAAC,MAAM,gBAAgB,EAAE,CAAC,CAAC;IAE7E,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE;QAC5B,IAAI,WAAW;YAAE,MAAM,IAAA,qBAAa,EAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;;YAC7D,oBAAoB,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;KACxD;IAED,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,YAAY,CAAC,CAAC;IAEvD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE;QAC1B,IAAA,cAAM,EAAC,qCAAqC,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;KACb;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAA,CAAC;AAtCW,QAAA,aAAa,iBAsCxB"}
+{"version":3,"file":"install.js","sourceRoot":"","sources":["../../../src/common/install.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAAkD;AAClD,oCAA+B;AAC/B,kCAA4C;AAC5C,mCAAiC;AACjC,sDAAyB;AACzB,2CAAiC;AACjC,kDAA0B;AAEb,QAAA,kBAAkB,GAAG,CAAC,QAAQ,CAAU,CAAC;AAGzC,QAAA,QAAQ,GAAG,CAAC,KAAK,CAAU,CAAC;AAG5B,QAAA,aAAa,GAAG,CAAC,MAAM,CAAU,CAAC;AAQlC,QAAA,UAAU,GAA+C;IACpE,GAAG,EAAE;QACH,KAAK,EAAE,YAAY;QACnB,QAAQ,EAAE;YACR,MAAM,EAAE;gBACN,oEAAoE;gBACpE,4CAA4C;gBAC5C,mBAAmB;aACpB;SACF;KACF;CACF,CAAC;AAEW,QAAA,eAAe,GAC1B;IACE,IAAI,EAAE;QACJ,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE;YACR,MAAM,EAAE;gBACN,iGAAiG;aAClG;SACF;KACF;CACF,CAAC;AAEJ,MAAM,cAAc,GAAG,CAIrB,SAAuB,EACvB,eAAkB,EAClB,EAAE;IACF,IAAA,cAAM,EAAC,mEAAmE,CAAC,CAAC;IAC5E,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE;QAC5B,IAAA,cAAM,EAAC,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,IAAI,GAAG,CAAC,CAAC;KACxD;IACD,IAAA,cAAM,EAAC,EAAE,CAAC,CAAC;AACb,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,GAAS,EAAE;IAClC,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC;IACpD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;QACzC;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,UAAU;YAChB,OAAO,EACL,oEAAoE;SACvE;KACF,CAAC,CAAC;IACH,IAAA,cAAM,EAAC,EAAE,CAAC,CAAC;IACX,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAA,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAyB,YAA0B,EAAE,EAAE;IAC9E,OAAA,IAAA,gBAAO,EACL,MAAM,OAAO,CAAC,GAAG,CACf,YAAY,CAAC,GAAG,CAAC,CAAO,IAAI,EAAE,EAAE,kDAC9B,OAAA,CAAC,MAAM,IAAA,eAAK,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAA,GAAA,CACnE,CACF,CACF,CAAA;EAAA,CAAC;AAEJ,MAAM,oBAAoB,GAAG,CAI3B,QAA2B,EAC3B,IAAO,EACP,WAAc,EACd,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAA,cAAM,EAAC,cAAc,KAAK,iCAAiC,CAAC,CAAC;IAC7D,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,EAAE;QACxC,IAAA,cAAM,EAAC,KAAK,OAAO,EAAE,CAAC,CAAC;KACxB;IACD,IAAA,cAAM,EAAC,EAAE,CAAC,CAAC,CAAC,6EAA6E;AAC3F,CAAC,CAAC;AAEK,MAAM,aAAa,GAAG,CAI3B,QAA2B,EAC3B,IAAO,EACP,WAAc,EACd,EAAE;IACF,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEtD,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAE3C,IAAA,cAAM,EAAC,eAAe,QAAQ,EAAE,CAAC,CAAC;IAClC,IAAA,cAAM,EAAC,EAAE,CAAC,CAAC;IAEX,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,KAAK,GAAG,IAAA,wBAAiB,EAAC,MAAM,EAAE,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE;YACxD,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,IAAI,KAAK,CAAC;gBAAE,OAAO,EAAE,CAAC;;gBACrB,MAAM,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC1B,MAAM,CACJ,mDAAmD,KAAK,CAAC,OAAO,EAAE,CACnE,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,cAAM,EAAC,EAAE,CAAC,CAAC;AACb,CAAC,CAAA,CAAC;AA/BW,QAAA,aAAa,iBA+BxB;AAEK,MAAM,aAAa,GAAG,CAI3B,YAA0B,EAC1B,WAAc,EACI,EAAE;;IACpB,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,YAAY,CAAC,CAAC;IAEvD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE;QAC1B,OAAO,IAAI,CAAC;KACb;IAED,MAAM,QAAQ,GAAG,iBAAE,CAAC,QAAQ,EAAE,CAAC;IAE/B,cAAc,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAEvC,IAAI,CAAC,IAAA,WAAG,EAAC,0BAAkB,CAAC,CAAC,QAAQ,CAAC,EAAE;QACtC,MAAM,CACJ,+DAA+D,QAAQ,IAAI;YAC3E,kFAAkF,CACnF,CAAC;KACH;IAED,MAAM,WAAW,GAAG,CAAC,CAAC,CAAA,MAAA,gBAAG,CAAC,gBAAgB,gEAAI,CAAA,IAAI,CAAC,MAAM,gBAAgB,EAAE,CAAC,CAAC;IAE7E,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE;QAC5B,IAAI,WAAW;YAAE,MAAM,IAAA,qBAAa,EAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;;YAC7D,oBAAoB,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;KACxD;IAED,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,YAAY,CAAC,CAAC;IAEvD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE;QAC1B,IAAA,cAAM,EAAC,qCAAqC,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;KACb;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAA,CAAC;AAtCW,QAAA,aAAa,iBAsCxB"}

package/build/dist/common/subprocess.js

@@ -21,7 +21,7 @@ This file is part of @p0security/cli
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
 const stdio_1 = require("../drivers/stdio");
-const node_child_process_1 = require("node:child_process");
+const util_1 = require("../util");
 /** Spawns a subprocess with given command, args, and options.
  * May write content to its standard input.
  * Stdout and stderr of the subprocess is printed to stderr in debug mode.
@@ -32,7 +32,7 @@ const node_child_process_1 = require("node:child_process");
 const asyncSpawn = ({ debug }, command, args, options, writeStdin) => __awaiter(void 0, void 0, void 0, function* () {
     return new Promise((resolve, reject) => {
         var _a;
-        const child = (0, node_child_process_1.spawn)(command, args, options);
+        const child = (0, util_1.spawnWithCleanEnv)(command, args, options);
         child.on("error", (error) => {
             if (debug) {
                 (0, stdio_1.print2)("Process error: " + error.message);

package/build/dist/common/subprocess.js.map

@@ -1 +1 @@
-{"version":3,"file":"subprocess.js","sourceRoot":"","sources":["../../../src/common/subprocess.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAA0C;AAC1C,2DAAqE;AAMrE;;;;;;+DAM+D;AACxD,MAAM,UAAU,GAAG,CACxB,EAAE,KAAK,EAAkB,EACzB,OAAe,EACf,IAA4B,EAC5B,OAAkC,EAClC,UAAmB,EACnB,EAAE;IACF,OAAA,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;;QACtC,MAAM,KAAK,GAAG,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAE5C,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAY,EAAE,EAAE;YACjC,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;aAC3C;YACD,OAAO,MAAM,CAAC,kBAAkB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,IAAI,UAAU,EAAE;YACd,IAAI,CAAC,KAAK,CAAC,KAAK;gBAAE,OAAO,MAAM,CAAC,4BAA4B,CAAC,CAAC;YAC9D,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;SAC/B;QAED,gCAAgC;QAChC,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC;YACd,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC;aACb;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC;YACd,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;aAChC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,2BAA2B,GAAG,IAAI,CAAC,CAAC;aAC5C;YACD,IAAI,IAAI,KAAK,CAAC,EAAE;gBACd,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC;aACvB;YACD,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,IAAI,UAAU,EAAE;YACd,MAAA,KAAK,CAAC,KAAK,0CAAE,GAAG,EAAE,CAAC;SACpB;IACH,CAAC,CAAC,CAAA;EAAA,CAAC;AAvDQ,QAAA,UAAU,cAuDlB"}
+{"version":3,"file":"subprocess.js","sourceRoot":"","sources":["../../../src/common/subprocess.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAA0C;AAC1C,kCAA4C;AAO5C;;;;;;+DAM+D;AACxD,MAAM,UAAU,GAAG,CACxB,EAAE,KAAK,EAAkB,EACzB,OAAe,EACf,IAA4B,EAC5B,OAAkC,EAClC,UAAmB,EACnB,EAAE;IACF,OAAA,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;;QACtC,MAAM,KAAK,GAAG,IAAA,wBAAiB,EAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAExD,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAY,EAAE,EAAE;YACjC,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;aAC3C;YACD,OAAO,MAAM,CAAC,kBAAkB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,IAAI,UAAU,EAAE;YACd,IAAI,CAAC,KAAK,CAAC,KAAK;gBAAE,OAAO,MAAM,CAAC,4BAA4B,CAAC,CAAC;YAC9D,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;SAC/B;QAED,gCAAgC;QAChC,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC;YACd,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC;aACb;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC;YACd,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;aAChC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,2BAA2B,GAAG,IAAI,CAAC,CAAC;aAC5C;YACD,IAAI,IAAI,KAAK,CAAC,EAAE;gBACd,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC;aACvB;YACD,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,IAAI,UAAU,EAAE;YACd,MAAA,KAAK,CAAC,KAAK,0CAAE,GAAG,EAAE,CAAC;SACpB;IACH,CAAC,CAAC,CAAA;EAAA,CAAC;AAvDQ,QAAA,UAAU,cAuDlB"}

package/build/dist/fips-diagnose.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Run comprehensive FIPS diagnostics to test TLS configuration and connectivity
+ *
+ * This function checks:
+ * - Environment variables and Node.js versions
+ * - FIPS mode status
+ * - Available TLS ciphers with FIPS configuration
+ * - Actual HTTPS connectivity using FIPS-compliant settings
+ */
+export declare const runFipsDiagnostics: () => Promise<void>;

package/build/dist/fips-diagnose.js

@@ -0,0 +1,93 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runFipsDiagnostics = void 0;
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+const stdio_1 = require("./drivers/stdio");
+const node_crypto_1 = __importDefault(require("node:crypto"));
+const node_os_1 = __importDefault(require("node:os"));
+const node_tls_1 = __importDefault(require("node:tls"));
+/**
+ * Run comprehensive FIPS diagnostics to test TLS configuration and connectivity
+ *
+ * This function checks:
+ * - Environment variables and Node.js versions
+ * - FIPS mode status
+ * - Available TLS ciphers with FIPS configuration
+ * - Actual HTTPS connectivity using FIPS-compliant settings
+ */
+const runFipsDiagnostics = () => __awaiter(void 0, void 0, void 0, function* () {
+    (0, stdio_1.print2)("=== Environment ===");
+    (0, stdio_1.print2)(`Node: ${process.versions.node}`);
+    (0, stdio_1.print2)(`OpenSSL: ${process.versions.openssl}`);
+    const vars = process.config.variables;
+    (0, stdio_1.print2)(`openssl_is_fips: ${vars.openssl_is_fips}`);
+    (0, stdio_1.print2)(`node_shared_openssl: ${vars.node_shared_openssl}`);
+    (0, stdio_1.print2)(`node_use_openssl: ${vars.node_use_openssl}`);
+    try {
+        (0, stdio_1.print2)(`crypto.getFips(): ${node_crypto_1.default.getFips()}`);
+    }
+    catch (error) {
+        (0, stdio_1.print2)(`crypto.getFips(): Error - ${String(error)}`);
+    }
+    (0, stdio_1.print2)(`NODE_OPTIONS: ${process.env.NODE_OPTIONS || "(unset)"}`);
+    (0, stdio_1.print2)(`OPENSSL_CONF: ${process.env.OPENSSL_CONF || "(unset)"}`);
+    (0, stdio_1.print2)(`OPENSSL_MODULES: ${process.env.OPENSSL_MODULES || "(unset)"}`);
+    (0, stdio_1.print2)(`Platform: ${node_os_1.default.platform()} ${node_os_1.default.release()}`);
+    (0, stdio_1.print2)("\n=== TLS & FIPS Validation ===");
+    // Test TLS 1.2 support
+    try {
+        node_tls_1.default.createSecureContext({
+            minVersion: "TLSv1.2",
+            maxVersion: "TLSv1.2",
+        });
+        (0, stdio_1.print2)(`✅ TLS 1.2 context created successfully`);
+    }
+    catch (e) {
+        (0, stdio_1.print2)(`❌ TLS 1.2 context failed: ${(e === null || e === void 0 ? void 0 : e.message) || e}`);
+    }
+    // Test TLS 1.3 support (cipher suites are handled differently)
+    try {
+        const _ctx13 = node_tls_1.default.createSecureContext({
+            minVersion: "TLSv1.3",
+            maxVersion: "TLSv1.3",
+            // Note: TLS 1.3 cipher suites can't be controlled via 'ciphers' property
+        });
+        (0, stdio_1.print2)(`✅ TLS 1.3 context created successfully`);
+    }
+    catch (e) {
+        (0, stdio_1.print2)(`❌ TLS 1.3 context failed: ${(e === null || e === void 0 ? void 0 : e.message) || e}`);
+    }
+    // Test generic FIPS-enabled context (no version restrictions)
+    try {
+        const _ctxDefault = node_tls_1.default.createSecureContext({
+        // Let FIPS mode handle algorithm selection
+        });
+        (0, stdio_1.print2)(`✅ Default FIPS context created successfully`);
+    }
+    catch (e) {
+        (0, stdio_1.print2)(`❌ Default FIPS context failed: ${(e === null || e === void 0 ? void 0 : e.message) || e}`);
+    }
+});
+exports.runFipsDiagnostics = runFipsDiagnostics;
+//# sourceMappingURL=fips-diagnose.js.map

package/build/dist/fips-diagnose.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fips-diagnose.js","sourceRoot":"","sources":["../../src/fips-diagnose.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAyC;AACzC,8DAAiC;AACjC,sDAAyB;AACzB,wDAA2B;AAE3B;;;;;;;;GAQG;AACI,MAAM,kBAAkB,GAAG,GAAwB,EAAE;IAC1D,IAAA,cAAM,EAAC,qBAAqB,CAAC,CAAC;IAC9B,IAAA,cAAM,EAAC,SAAS,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,IAAA,cAAM,EAAC,YAAY,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IAE/C,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,SAAgB,CAAC;IAC7C,IAAA,cAAM,EAAC,oBAAoB,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;IACnD,IAAA,cAAM,EAAC,wBAAwB,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAC;IAC3D,IAAA,cAAM,EAAC,qBAAqB,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAErD,IAAI;QACF,IAAA,cAAM,EAAC,qBAAqB,qBAAM,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;KACjD;IAAC,OAAO,KAAK,EAAE;QACd,IAAA,cAAM,EAAC,6BAA6B,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;KACtD;IAED,IAAA,cAAM,EAAC,iBAAiB,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,SAAS,EAAE,CAAC,CAAC;IACjE,IAAA,cAAM,EAAC,iBAAiB,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,SAAS,EAAE,CAAC,CAAC;IACjE,IAAA,cAAM,EAAC,oBAAoB,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,SAAS,EAAE,CAAC,CAAC;IACvE,IAAA,cAAM,EAAC,aAAa,iBAAE,CAAC,QAAQ,EAAE,IAAI,iBAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAErD,IAAA,cAAM,EAAC,iCAAiC,CAAC,CAAC;IAE1C,uBAAuB;IACvB,IAAI;QACF,kBAAG,CAAC,mBAAmB,CAAC;YACtB,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QACH,IAAA,cAAM,EAAC,wCAAwC,CAAC,CAAC;KAClD;IAAC,OAAO,CAAM,EAAE;QACf,IAAA,cAAM,EAAC,6BAA6B,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,KAAI,CAAC,EAAE,CAAC,CAAC;KACxD;IAED,+DAA+D;IAC/D,IAAI;QACF,MAAM,MAAM,GAAG,kBAAG,CAAC,mBAAmB,CAAC;YACrC,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,SAAS;YACrB,yEAAyE;SAC1E,CAAC,CAAC;QACH,IAAA,cAAM,EAAC,wCAAwC,CAAC,CAAC;KAClD;IAAC,OAAO,CAAM,EAAE;QACf,IAAA,cAAM,EAAC,6BAA6B,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,KAAI,CAAC,EAAE,CAAC,CAAC;KACxD;IAED,8DAA8D;IAC9D,IAAI;QACF,MAAM,WAAW,GAAG,kBAAG,CAAC,mBAAmB,CAAC;QAC1C,2CAA2C;SAC5C,CAAC,CAAC;QACH,IAAA,cAAM,EAAC,6CAA6C,CAAC,CAAC;KACvD;IAAC,OAAO,CAAM,EAAE;QACf,IAAA,cAAM,EAAC,kCAAkC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,KAAI,CAAC,EAAE,CAAC,CAAC;KAC7D;AACH,CAAC,CAAA,CAAC;AAvDW,QAAA,kBAAkB,sBAuD7B"}

package/build/dist/index.js

@@ -18,6 +18,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.main = void 0;
 // Tracing initialization must happen before any other imports
@@ -30,6 +33,34 @@ const stdio_1 = require("./drivers/stdio");
 const api_1 = require("@opentelemetry/api");
 const node_sea_1 = require("node:sea");
 const lodash_1 = require("lodash");
+const node_crypto_1 = __importDefault(require("node:crypto"));
+const fips_diagnose_1 = require("./fips-diagnose");
+const util_1 = require("./util");
+/**
+ * Enable FIPS mode and verify it's working
+ */
+const enableFipsMode = () => __awaiter(void 0, void 0, void 0, function* () {
+    try {
+        node_crypto_1.default.setFips(true);
+        const fipsEnabled = node_crypto_1.default.getFips();
+        if (!fipsEnabled) {
+            (0, stdio_1.print2)(`Failed to enable FIPS mode`);
+            process.exit(1);
+        }
+        // Run diagnostics if --debug flag is present
+        if (process.argv.includes("--debug")) {
+            yield (0, fips_diagnose_1.runFipsDiagnostics)();
+        }
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        (0, stdio_1.print2)(`Failed to enable FIPS mode: ${errorMessage}`);
+        process.exit(1);
+    }
+});
+// Set up FIPS configuration when running as a Single Executable Application
+if ((0, node_sea_1.isSea)() && (0, util_1.getOperatingSystem)() === "mac")
+    void enableFipsMode();
 // The tracer version number is the version of the manual P0 CLI instrumentation.
 // It is not the version of the P0 CLI itself or the version of the OpenTelemetry library.
 // Change this when the manual instrumentation adds / removes spans, attributes, etc.

package/build/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;AAEH,8DAA8D;AAC9D,sEAAsE;AACtE,qEAA+D;AAC/D,IAAA,8BAAY,GAAE,CAAC;AAEf,yCAAoC;AACpC,6CAA8C;AAC9C,2CAAyC;AACzC,4CAA2C;AAC3C,uCAAiC;AACjC,mCAA8B;AAG9B,iFAAiF;AACjF,0FAA0F;AAC1F,qFAAqF;AACrF,MAAM,MAAM,GAAG,WAAK,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAE1C,MAAM,IAAI,GAAG,GAAS,EAAE;IAC7B,MAAM,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,CAAO,IAAI,EAAE,EAAE;QAClD,IAAI;YACF,MAAM,GAAG,EAAE,CAAC;SACb;QAAC,OAAO,KAAU,EAAE;YACnB,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC5B,MAAM,KAAK,CAAC;SACb;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC,CAAA,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AAXW,QAAA,IAAI,QAWf;AAEF,MAAM,GAAG,GAAG,GAAS,EAAE;IACrB,qFAAqF;IACrF,IAAI;QACF,MAAM,IAAA,mBAAU,GAAE,CAAC;KACpB;IAAC,OAAO,KAAK,EAAE;QACd,wEAAwE;QACxE,2EAA2E;QAC3E,4CAA4C;QAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,MAAM,KAAK,CAAC;SACb;QACD,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE;YAC5C,MAAM,KAAK,CAAC;SACb;KACF;IAED,MAAM,GAAG,GAAG,MAAM,IAAA,iBAAM,GAAE,CAAC;IAC3B,gEAAgE;IAChE,KAAM,GAAG,CAAC,KAAK,EAAU,CAAC,KAAK,CAAC,aAAI,CAAC,CAAC;AACxC,CAAC,CAAA,CAAC;AAEF,qGAAqG;AACrG,0DAA0D;AAC1D,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,KAAK,EAAE,EAAE;IACxC,IAAA,cAAM,EAAC,sBAAsB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,EAAE;IAC1C,IAAA,cAAM,EAAC,uBAAuB,GAAG,CAAC,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,IAAA,gBAAK,GAAE,EAAE;IACtC,KAAK,IAAA,YAAI,GAAE,CAAC;CACb"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;AAEH,8DAA8D;AAC9D,sEAAsE;AACtE,qEAA+D;AAC/D,IAAA,8BAAY,GAAE,CAAC;AAEf,yCAAoC;AACpC,6CAA8C;AAC9C,2CAAyC;AACzC,4CAA2C;AAC3C,uCAAiC;AACjC,mCAA8B;AAC9B,8DAAiC;AACjC,mDAAqD;AACrD,iCAA4C;AAE5C;;GAEG;AACH,MAAM,cAAc,GAAG,GAAS,EAAE;IAChC,IAAI;QACF,qBAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACrB,MAAM,WAAW,GAAG,qBAAM,CAAC,OAAO,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,EAAE;YAChB,IAAA,cAAM,EAAC,4BAA4B,CAAC,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;SACjB;QAED,6CAA6C;QAC7C,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;YACpC,MAAM,IAAA,kCAAkB,GAAE,CAAC;SAC5B;KACF;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,IAAA,cAAM,EAAC,+BAA+B,YAAY,EAAE,CAAC,CAAC;QACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACjB;AACH,CAAC,CAAA,CAAC;AAEF,4EAA4E;AAC5E,IAAI,IAAA,gBAAK,GAAE,IAAI,IAAA,yBAAkB,GAAE,KAAK,KAAK;IAAE,KAAK,cAAc,EAAE,CAAC;AAErE,iFAAiF;AACjF,0FAA0F;AAC1F,qFAAqF;AACrF,MAAM,MAAM,GAAG,WAAK,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAE1C,MAAM,IAAI,GAAG,GAAS,EAAE;IAC7B,MAAM,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,CAAO,IAAI,EAAE,EAAE;QAClD,IAAI;YACF,MAAM,GAAG,EAAE,CAAC;SACb;QAAC,OAAO,KAAU,EAAE;YACnB,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC5B,MAAM,KAAK,CAAC;SACb;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC,CAAA,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AAXW,QAAA,IAAI,QAWf;AAEF,MAAM,GAAG,GAAG,GAAS,EAAE;IACrB,qFAAqF;IACrF,IAAI;QACF,MAAM,IAAA,mBAAU,GAAE,CAAC;KACpB;IAAC,OAAO,KAAK,EAAE;QACd,wEAAwE;QACxE,2EAA2E;QAC3E,4CAA4C;QAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,MAAM,KAAK,CAAC;SACb;QACD,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE;YAC5C,MAAM,KAAK,CAAC;SACb;KACF;IAED,MAAM,GAAG,GAAG,MAAM,IAAA,iBAAM,GAAE,CAAC;IAC3B,gEAAgE;IAChE,KAAM,GAAG,CAAC,KAAK,EAAU,CAAC,KAAK,CAAC,aAAI,CAAC,CAAC;AACxC,CAAC,CAAA,CAAC;AAEF,qGAAqG;AACrG,0DAA0D;AAC1D,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,KAAK,EAAE,EAAE;IACxC,IAAA,cAAM,EAAC,sBAAsB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,EAAE;IAC1C,IAAA,cAAM,EAAC,uBAAuB,GAAG,CAAC,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,IAAA,gBAAK,GAAE,EAAE;IACtC,KAAK,IAAA,YAAI,GAAE,CAAC;CACb"}

package/build/dist/plugins/azure/auth.d.ts

@@ -1,8 +1,13 @@
+import { AzureRdpRequest } from "../../types/rdp";
 import { AzureSshRequest } from "./types";
 export declare const AUTHORIZATION_FAILED_PATTERN: RegExp;
 export declare const USER_NOT_IN_CACHE_PATTERN: RegExp;
 export declare const NASCENT_ACCESS_GRANT_MESSAGE = "If access was recently granted, please try again in a few minutes.";
 export declare const ABORT_AUTHORIZATION_FAILED_MESSAGE: string;
+export declare const azCommandArgs: (args: string[]) => {
+    command: string;
+    args: string[];
+};
 export declare const azLoginCommand: (tenantId: string) => {
     command: string;
     args: string[];
@@ -23,7 +28,7 @@ export declare const azAccountShowUserPrincipalName: () => {
  * Attempts to set the Azure subscription for the current ssh session request. If
  * the user is not logged in, this function will attempt to log in.
  */
-export declare const azSetSubscription: (request: AzureSshRequest, options?: {
+export declare const azSetSubscription: (request: AzureRdpRequest["permission"]["resource"] | AzureSshRequest, options: {
     debug?: boolean;
     forceLogout?: boolean;
 }) => Promise<string>;

package/build/dist/plugins/azure/auth.js

@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.azSetSubscription = exports.azAccountShowUserPrincipalName = exports.azAccountSetCommand = exports.azAccountClearCommand = exports.azLoginCommand = exports.ABORT_AUTHORIZATION_FAILED_MESSAGE = exports.NASCENT_ACCESS_GRANT_MESSAGE = exports.USER_NOT_IN_CACHE_PATTERN = exports.AUTHORIZATION_FAILED_PATTERN = void 0;
+exports.azSetSubscription = exports.azAccountShowUserPrincipalName = exports.azAccountSetCommand = exports.azAccountClearCommand = exports.azLoginCommand = exports.azCommandArgs = exports.ABORT_AUTHORIZATION_FAILED_MESSAGE = exports.NASCENT_ACCESS_GRANT_MESSAGE = exports.USER_NOT_IN_CACHE_PATTERN = exports.AUTHORIZATION_FAILED_PATTERN = void 0;
 /** Copyright © 2024-present P0 Security
 
 This file is part of @p0security/cli
@@ -30,31 +30,31 @@ exports.AUTHORIZATION_FAILED_PATTERN = /The client '.+' with object id '.+' does
 exports.USER_NOT_IN_CACHE_PATTERN = /Exception in handling client: User '.+' does not exist in MSAL token cache./;
 exports.NASCENT_ACCESS_GRANT_MESSAGE = "If access was recently granted, please try again in a few minutes.";
 exports.ABORT_AUTHORIZATION_FAILED_MESSAGE = `Your Microsoft Token Cache is out of date. Run 'az account clear' and 'az login' to refresh your credentials. ${(0, config_1.getContactMessage)()}`;
-const azLoginCommand = (tenantId) => ({
-    command: "az",
-    args: [
-        "login",
-        "--scope",
-        "https://management.core.windows.net//.default",
-        "--tenant",
-        tenantId,
-    ],
-});
+const azCommandArgs = (args) => {
+    const isWindows = (0, util_1.getOperatingSystem)() === "win";
+    // On Windows, when installing the Azure CLI, the main az file is
+    // a .cmd (shell script) file rather than a .exe (binary executable) file,
+    // so when calling spawn, it cannot be located except via cmd.exe
+    // Unlike in MacOS, the underlying Windows OS API that spawn uses doesn't
+    // resolve .CMD files by default
+    return isWindows
+        ? { command: "cmd.exe", args: ["/d", "/s", "/c", "az", ...args] }
+        : { command: "az", args };
+};
+exports.azCommandArgs = azCommandArgs;
+const azLoginCommand = (tenantId) => (0, exports.azCommandArgs)([
+    "login",
+    "--scope",
+    "https://management.core.windows.net//.default",
+    "--tenant",
+    tenantId,
+]);
 exports.azLoginCommand = azLoginCommand;
-const azAccountClearCommand = () => ({
-    command: "az",
-    args: ["account", "clear"],
-});
+const azAccountClearCommand = () => (0, exports.azCommandArgs)(["account", "clear"]);
 exports.azAccountClearCommand = azAccountClearCommand;
-const azAccountSetCommand = (subscriptionId) => ({
-    command: "az",
-    args: ["account", "set", "--subscription", subscriptionId],
-});
+const azAccountSetCommand = (subscriptionId) => (0, exports.azCommandArgs)(["account", "set", "--subscription", subscriptionId]);
 exports.azAccountSetCommand = azAccountSetCommand;
-const azAccountShowUserPrincipalName = () => ({
-    command: "az",
-    args: ["account", "show", "--query", "user.name", "-o", "tsv"],
-});
+const azAccountShowUserPrincipalName = () => (0, exports.azCommandArgs)(["account", "show", "--query", "user.name", "-o", "tsv"]);
 exports.azAccountShowUserPrincipalName = azAccountShowUserPrincipalName;
 const performAccountClear = ({ debug }) => __awaiter(void 0, void 0, void 0, function* () {
     try {
@@ -151,7 +151,7 @@ const getUserPrincipalName = ({ debug }) => __awaiter(void 0, void 0, void 0, fu
  * Attempts to set the Azure subscription for the current ssh session request. If
  * the user is not logged in, this function will attempt to log in.
  */
-const azSetSubscription = (request, options = {}) => __awaiter(void 0, void 0, void 0, function* () {
+const azSetSubscription = (request, options) => __awaiter(void 0, void 0, void 0, function* () {
     const { debug, forceLogout } = options;
     if (debug)
         (0, stdio_1.print2)("Forming Azure connection...");
@@ -160,7 +160,7 @@ const azSetSubscription = (request, options = {}) => __awaiter(void 0, void 0, v
     if (forceLogout)
         yield performAccountClear({ debug });
     yield performSetAccount(request, Object.assign(Object.assign({}, options), { attempts: 2 }));
-    return yield getUserPrincipalName(options);
+    return yield getUserPrincipalName({ debug });
 });
 exports.azSetSubscription = azSetSubscription;
 //# sourceMappingURL=auth.js.map

package/build/dist/plugins/azure/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../../src/plugins/azure/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAyD;AACzD,+CAA6C;AAC7C,qCAAkC;AAGlC,MAAM,8BAA8B,GAClC,+DAA+D,CAAC;AAClE,MAAM,gCAAgC,GAAG,+BAA+B,CAAC;AACzE,MAAM,+BAA+B,GACnC,6FAA6F,CAAC;AACnF,QAAA,4BAA4B,GACvC,iMAAiM,CAAC;AACvL,QAAA,yBAAyB,GACpC,6EAA6E,CAAC;AACnE,QAAA,4BAA4B,GACvC,oEAAoE,CAAC;AAC1D,QAAA,kCAAkC,GAAG,iHAAiH,IAAA,0BAAiB,GAAE,EAAE,CAAC;AAElL,MAAM,cAAc,GAAG,CAAC,QAAgB,EAAE,EAAE,CAAC,CAAC;IACnD,OAAO,EAAE,IAAI;IACb,IAAI,EAAE;QACJ,OAAO;QACP,SAAS;QACT,+CAA+C;QAC/C,UAAU;QACV,QAAQ;KACT;CACF,CAAC,CAAC;AATU,QAAA,cAAc,kBASxB;AAEI,MAAM,qBAAqB,GAAG,GAAG,EAAE,CAAC,CAAC;IAC1C,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;CAC3B,CAAC,CAAC;AAHU,QAAA,qBAAqB,yBAG/B;AAEI,MAAM,mBAAmB,GAAG,CAAC,cAAsB,EAAE,EAAE,CAAC,CAAC;IAC9D,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,cAAc,CAAC;CAC3D,CAAC,CAAC;AAHU,QAAA,mBAAmB,uBAG7B;AAEI,MAAM,8BAA8B,GAAG,GAAG,EAAE,CAAC,CAAC;IACnD,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,CAAC;CAC/D,CAAC,CAAC;AAHU,QAAA,8BAA8B,kCAGxC;AAEH,MAAM,mBAAmB,GAAG,CAAO,EAAE,KAAK,EAAuB,EAAE,EAAE;IACnE,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAChD,IAAA,6BAAqB,GAAE,CAAC;QAC1B,MAAM,YAAY,GAAG,MAAM,IAAA,WAAI,EAAC,WAAW,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5E,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAC5B,IAAA,cAAM,EAAC,YAAY,CAAC,MAAM,CAAC,CAAC;SAC7B;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,EAAE;YACT,iDAAiD;YACjD,IAAA,cAAM,EAAC,2BAA2B,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;SACnD;KACF;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,YAAY,GAAG,CACnB,WAAmB,EACnB,EAAE,KAAK,EAAuB,EAC9B,EAAE;IACF,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAC9C,IAAA,sBAAc,EAAC,WAAW,CAAC,CAAC;QAC9B,MAAM,WAAW,GAAG,MAAM,IAAA,WAAI,EAAC,UAAU,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzE,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;YACjC,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC3B,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;SAC5B;QAED,OAAO,WAAW,CAAC,MAAM,CAAC;KAC3B;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,8BAA8B,CAAC,CAAC;YACvC,IAAA,cAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SACtB;QAED,IAAI,gCAAgC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YACvD,MAAM,6BAA6B,WAAW,MAAM,oCAA4B,IAAI,IAAA,0BAAiB,GAAE,EAAE,CAAC;SAC3G;QAED,IAAI,+BAA+B,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YACtD,MAAM,4CAA4C,CAAC;SACpD;QAED,MAAM,KAAK,CAAC;KACb;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,OAAwD,EACxD,OAA8C,EAC9C,EAAE;;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAA,OAAO,CAAC,QAAQ,mCAAI,CAAC,CAAC;IACvC,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,gBAAgB,EAAE,GACxD,IAAA,2BAAmB,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC9C,MAAM,gBAAgB,GAAG,MAAM,IAAA,WAAI,EAAC,eAAe,EAAE,gBAAgB,EAAE;YACrE,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,sCAAsC,CAAC,CAAC;YAC/C,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAChC,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;SACjC;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,4CAA4C,CAAC,CAAC;YACrD,IAAA,cAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SACtB;QAED,IAAI,QAAQ,IAAI,CAAC,EAAE;YACjB,IAAA,cAAM,EACJ,iDAAiD,OAAO,CAAC,QAAQ,YAAY,CAC9E,CAAC;YACF,MAAM,KAAK,CAAC;SACb;QAED,IAAI,8BAA8B,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YACrD,MAAM,mBAAmB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;YACrC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAClE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC;gBAC1C,MAAM,gBAAgB,OAAO,CAAC,cAAc,eAAe,oCAA4B,EAAE,CAAC;YAC5F,MAAM,iBAAiB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,GAAG,CAAC,EAAE,CAAC,CAAC;YACpE,OAAO;SACR;QACD,MAAM,KAAK,CAAC;KACb;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,oBAAoB,GAAG,CAAO,EAAE,KAAK,EAAuB,EAAE,EAAE;IACpE,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,sCAA8B,GAAE,CAAC;QAC3D,MAAM,iBAAiB,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,8BAA8B,CAAC,CAAC;YACvC,IAAA,cAAM,EAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACjC,IAAA,cAAM,EAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;SAClC;QACD,OAAO,iBAAiB,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;KACxC;IAAC,OAAO,KAAU,EAAE;QACnB,MAAM,wCAAwC,KAAK,GAAG,CAAC;KACxD;AACH,CAAC,CAAA,CAAC;AAEF;;;GAGG;AACI,MAAM,iBAAiB,GAAG,CAC/B,OAAwB,EACxB,UAAsD,EAAE,EACxD,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IACvC,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,6BAA6B,CAAC,CAAC;IAEjD,qEAAqE;IACrE,kDAAkD;IAClD,IAAI,WAAW;QAAE,MAAM,mBAAmB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAEtD,MAAM,iBAAiB,CAAC,OAAO,kCAAO,OAAO,KAAE,QAAQ,EAAE,CAAC,IAAG,CAAC;IAE9D,OAAO,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC7C,CAAC,CAAA,CAAC;AAdW,QAAA,iBAAiB,qBAc5B"}
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../../src/plugins/azure/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAyD;AACzD,+CAA6C;AAE7C,qCAAsD;AAGtD,MAAM,8BAA8B,GAClC,+DAA+D,CAAC;AAClE,MAAM,gCAAgC,GAAG,+BAA+B,CAAC;AACzE,MAAM,+BAA+B,GACnC,6FAA6F,CAAC;AACnF,QAAA,4BAA4B,GACvC,iMAAiM,CAAC;AACvL,QAAA,yBAAyB,GACpC,6EAA6E,CAAC;AACnE,QAAA,4BAA4B,GACvC,oEAAoE,CAAC;AAC1D,QAAA,kCAAkC,GAAG,iHAAiH,IAAA,0BAAiB,GAAE,EAAE,CAAC;AAElL,MAAM,aAAa,GAAG,CAAC,IAAc,EAAE,EAAE;IAC9C,MAAM,SAAS,GAAG,IAAA,yBAAkB,GAAE,KAAK,KAAK,CAAC;IAEjD,iEAAiE;IACjE,0EAA0E;IAC1E,iEAAiE;IACjE,yEAAyE;IACzE,gCAAgC;IAChC,OAAO,SAAS;QACd,CAAC,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,EAAE;QACjE,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AAC9B,CAAC,CAAC;AAXW,QAAA,aAAa,iBAWxB;AAEK,MAAM,cAAc,GAAG,CAAC,QAAgB,EAAE,EAAE,CACjD,IAAA,qBAAa,EAAC;IACZ,OAAO;IACP,SAAS;IACT,+CAA+C;IAC/C,UAAU;IACV,QAAQ;CACT,CAAC,CAAC;AAPQ,QAAA,cAAc,kBAOtB;AAEE,MAAM,qBAAqB,GAAG,GAAG,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;AAAlE,QAAA,qBAAqB,yBAA6C;AAExE,MAAM,mBAAmB,GAAG,CAAC,cAAsB,EAAE,EAAE,CAC5D,IAAA,qBAAa,EAAC,CAAC,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC;AADzD,QAAA,mBAAmB,uBACsC;AAE/D,MAAM,8BAA8B,GAAG,GAAG,EAAE,CACjD,IAAA,qBAAa,EAAC,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;AAD7D,QAAA,8BAA8B,kCAC+B;AAE1E,MAAM,mBAAmB,GAAG,CAAO,EAAE,KAAK,EAAuB,EAAE,EAAE;IACnE,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAChD,IAAA,6BAAqB,GAAE,CAAC;QAC1B,MAAM,YAAY,GAAG,MAAM,IAAA,WAAI,EAAC,WAAW,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5E,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAC5B,IAAA,cAAM,EAAC,YAAY,CAAC,MAAM,CAAC,CAAC;SAC7B;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,EAAE;YACT,iDAAiD;YACjD,IAAA,cAAM,EAAC,2BAA2B,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;SACnD;KACF;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,YAAY,GAAG,CACnB,WAAmB,EACnB,EAAE,KAAK,EAAuB,EAC9B,EAAE;IACF,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAC9C,IAAA,sBAAc,EAAC,WAAW,CAAC,CAAC;QAC9B,MAAM,WAAW,GAAG,MAAM,IAAA,WAAI,EAAC,UAAU,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzE,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;YACjC,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC3B,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;SAC5B;QAED,OAAO,WAAW,CAAC,MAAM,CAAC;KAC3B;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,8BAA8B,CAAC,CAAC;YACvC,IAAA,cAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SACtB;QAED,IAAI,gCAAgC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YACvD,MAAM,6BAA6B,WAAW,MAAM,oCAA4B,IAAI,IAAA,0BAAiB,GAAE,EAAE,CAAC;SAC3G;QAED,IAAI,+BAA+B,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YACtD,MAAM,4CAA4C,CAAC;SACpD;QAED,MAAM,KAAK,CAAC;KACb;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,OAAwD,EACxD,OAA8C,EAC9C,EAAE;;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAA,OAAO,CAAC,QAAQ,mCAAI,CAAC,CAAC;IACvC,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,gBAAgB,EAAE,GACxD,IAAA,2BAAmB,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC9C,MAAM,gBAAgB,GAAG,MAAM,IAAA,WAAI,EAAC,eAAe,EAAE,gBAAgB,EAAE;YACrE,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,sCAAsC,CAAC,CAAC;YAC/C,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAChC,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;SACjC;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,4CAA4C,CAAC,CAAC;YACrD,IAAA,cAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SACtB;QAED,IAAI,QAAQ,IAAI,CAAC,EAAE;YACjB,IAAA,cAAM,EACJ,iDAAiD,OAAO,CAAC,QAAQ,YAAY,CAC9E,CAAC;YACF,MAAM,KAAK,CAAC;SACb;QAED,IAAI,8BAA8B,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YACrD,MAAM,mBAAmB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;YACrC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAClE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC;gBAC1C,MAAM,gBAAgB,OAAO,CAAC,cAAc,eAAe,oCAA4B,EAAE,CAAC;YAC5F,MAAM,iBAAiB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,GAAG,CAAC,EAAE,CAAC,CAAC;YACpE,OAAO;SACR;QACD,MAAM,KAAK,CAAC;KACb;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,oBAAoB,GAAG,CAAO,EAAE,KAAK,EAAuB,EAAE,EAAE;IACpE,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,sCAA8B,GAAE,CAAC;QAC3D,MAAM,iBAAiB,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,8BAA8B,CAAC,CAAC;YACvC,IAAA,cAAM,EAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACjC,IAAA,cAAM,EAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;SAClC;QACD,OAAO,iBAAiB,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;KACxC;IAAC,OAAO,KAAU,EAAE;QACnB,MAAM,wCAAwC,KAAK,GAAG,CAAC;KACxD;AACH,CAAC,CAAA,CAAC;AAEF;;;GAGG;AACI,MAAM,iBAAiB,GAAG,CAC/B,OAAoE,EACpE,OAAmD,EACnD,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IACvC,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,6BAA6B,CAAC,CAAC;IAEjD,qEAAqE;IACrE,kDAAkD;IAClD,IAAI,WAAW;QAAE,MAAM,mBAAmB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAEtD,MAAM,iBAAiB,CAAC,OAAO,kCAAO,OAAO,KAAE,QAAQ,EAAE,CAAC,IAAG,CAAC;IAE9D,OAAO,MAAM,oBAAoB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AAC/C,CAAC,CAAA,CAAC;AAdW,QAAA,iBAAiB,qBAc5B"}

package/build/dist/plugins/azure/rdp.d.ts

@@ -0,0 +1,13 @@
+import { AzureRdpRequest } from "../../types/rdp";
+import { PermissionRequest } from "../../types/request";
+export declare const azureRdpProvider: {
+    setup: (request: PermissionRequest<AzureRdpRequest>, options: {
+        debug?: boolean;
+    }) => Promise<{
+        entraIdUserEmail: string;
+    }>;
+    spawnConnection: (request: PermissionRequest<AzureRdpRequest>, options: {
+        configure?: boolean;
+        debug?: boolean;
+    }) => Promise<void>;
+};

package/build/dist/plugins/azure/rdp.js

@@ -0,0 +1,74 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.azureRdpProvider = void 0;
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+const stdio_1 = require("../../drivers/stdio");
+const util_1 = require("../../util");
+const auth_1 = require("./auth");
+const azBastionRdpCommand = (request, options) => {
+    const { configure, debug } = options;
+    const { bastionName, bastionRg, instanceId } = request.permission.resource;
+    return (0, auth_1.azCommandArgs)([
+        "network",
+        "bastion",
+        "rdp",
+        "--name",
+        bastionName,
+        "--resource-group",
+        bastionRg,
+        "--target-resource-id",
+        instanceId,
+        "--auth-type",
+        "aad",
+        ...(configure ? ["--configure"] : []),
+        ...(debug ? ["--debug"] : []),
+    ]);
+};
+exports.azureRdpProvider = {
+    setup: (request, options) => __awaiter(void 0, void 0, void 0, function* () {
+        const entraIdUserEmail = yield (0, auth_1.azSetSubscription)(request.permission.resource, options);
+        return { entraIdUserEmail };
+    }),
+    spawnConnection: (request, options) => __awaiter(void 0, void 0, void 0, function* () {
+        const { debug } = options;
+        if (debug) {
+            (0, stdio_1.print2)("Creating Azure Bastion RDP connection...");
+        }
+        try {
+            const { command, args } = azBastionRdpCommand(request, options);
+            if (debug) {
+                (0, stdio_1.print2)(`Executing: ${command} ${args.join(" ")}`);
+            }
+            yield (0, util_1.exec)(command, args, { check: true });
+        }
+        catch (error) {
+            if (debug) {
+                (0, stdio_1.print2)(`Azure Bastion RDP command failed: ${error.message}`);
+                if (error.stderr) {
+                    (0, stdio_1.print2)("Error details:");
+                    (0, stdio_1.print2)(error.stderr);
+                }
+            }
+            throw new Error(`Failed to create Azure Bastion RDP connection: ${error.message}`);
+        }
+    }),
+};
+//# sourceMappingURL=rdp.js.map

package/build/dist/plugins/azure/rdp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rdp.js","sourceRoot":"","sources":["../../../../src/plugins/azure/rdp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,+CAA6C;AAG7C,qCAAkC;AAClC,iCAA0D;AAE1D,MAAM,mBAAmB,GAAG,CAC1B,OAA2C,EAC3C,OAAiD,EACjD,EAAE;IACF,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IACrC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;IAC3E,OAAO,IAAA,oBAAa,EAAC;QACnB,SAAS;QACT,SAAS;QACT,KAAK;QACL,QAAQ;QACR,WAAW;QACX,kBAAkB;QAClB,SAAS;QACT,sBAAsB;QACtB,UAAU;QACV,aAAa;QACb,KAAK;QACL,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9B,CAAC,CAAC;AACL,CAAC,CAAC;AAEW,QAAA,gBAAgB,GAAG;IAC9B,KAAK,EAAE,CACL,OAA2C,EAC3C,OAA4B,EAC5B,EAAE;QACF,MAAM,gBAAgB,GAAG,MAAM,IAAA,wBAAiB,EAC9C,OAAO,CAAC,UAAU,CAAC,QAAQ,EAC3B,OAAO,CACR,CAAC;QACF,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC9B,CAAC,CAAA;IAED,eAAe,EAAE,CACf,OAA2C,EAC3C,OAGC,EACD,EAAE;QACF,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;QAE1B,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,0CAA0C,CAAC,CAAC;SACpD;QAED,IAAI;YACF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAEhE,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,cAAc,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;aACnD;YAED,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;SAC5C;QAAC,OAAO,KAAU,EAAE;YACnB,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,qCAAqC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7D,IAAI,KAAK,CAAC,MAAM,EAAE;oBAChB,IAAA,cAAM,EAAC,gBAAgB,CAAC,CAAC;oBACzB,IAAA,cAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;iBACtB;aACF;YACD,MAAM,IAAI,KAAK,CACb,kDAAkD,KAAK,CAAC,OAAO,EAAE,CAClE,CAAC;SACH;IACH,CAAC,CAAA;CACF,CAAC"}

package/build/dist/plugins/azure/tunnel.js

@@ -24,7 +24,6 @@ const retry_1 = require("../../common/retry");
 const stdio_1 = require("../../drivers/stdio");
 const util_1 = require("../../util");
 const auth_1 = require("./auth");
-const node_child_process_1 = require("node:child_process");
 const TUNNEL_READY_STRING = "Tunnel is ready";
 // Ignore these debug messages from the tunnel process; they are far too noisy and spam the terminal with useless info
 // anytime the SSH/SCP session has network activity.
@@ -73,7 +72,9 @@ const spawnBastionTunnelInBackground = (request, port, options) => {
             (0, stdio_1.print2)("Spawning Azure Bastion tunnel process...");
         // Spawn the process in detached mode so that it is in its own process group; this lets us kill it and all
         // descendent processes together.
-        const child = (0, node_child_process_1.spawn)(command, args, { detached: true });
+        const child = (0, util_1.spawnWithCleanEnv)(command, args, {
+            detached: true,
+        });
         child.on("exit", (code) => {
             processExited = true;
             if (code === 0) {