@rawdash/connector-aws-cloudwatch 0.24.0 → 0.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -107,10 +107,11 @@ GetMetricData is batched at most 500 metrics per call with NextToken pagination;
107
107
  - The series name is derived from the query namespace/metric, so two queries against the same metric with different statistics or dimensions share one series name and are distinguished only by sample attributes.
108
108
  - Each query period must be a multiple of 60 seconds; sub-minute resolution is not supported.
109
109
  - A full sync uses lookbackMinutes; a latest sync uses a short window covering the last few periods.
110
+ - Each query's window is clamped to CloudWatch's resolution-based retention floor (period < 300s keeps 15 days, < 3600s keeps 63 days, otherwise 455 days), since GetMetricData returns no points older than the floor; truncation is logged.
110
111
 
111
112
  ## Links
112
113
 
113
- - [Rawdash docs](https://rawdash.dev/docs/connectors/)
114
+ - [Rawdash docs](https://rawdash.dev/docs/connectors)
114
115
  - [Amazon Web Services API docs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html)
115
116
  - [GitHub](https://github.com/rawdash/rawdash)
116
117
 
package/dist/index.js CHANGED
@@ -418,6 +418,17 @@ var awsAuthRefine = {
418
418
  };
419
419
 
420
420
  // ../../connector-shared/dist/index.js
421
+ var HttpClientError2 = class extends Error {
422
+ response;
423
+ constructor(message, response) {
424
+ super(message);
425
+ this.name = new.target.name;
426
+ this.response = response;
427
+ }
428
+ };
429
+ var TransientError2 = class extends HttpClientError2 {
430
+ kind = "transient";
431
+ };
421
432
  var HTTP_CLIENT_VERSION2 = "0.0.0";
422
433
  var DEFAULT_USER_AGENT2 = `rawdash-connector/${HTTP_CLIENT_VERSION2} (+https://rawdash.dev)`;
423
434
  function parseEpoch2(value, unit) {
@@ -509,7 +520,8 @@ var doc = defineConnectorDoc({
509
520
  "CloudWatch is too broad to mirror wholesale; only the metrics declared in `metricQueries` are synced; there is no automatic metric discovery.",
510
521
  "The series name is derived from the query namespace/metric, so two queries against the same metric with different statistics or dimensions share one series name and are distinguished only by sample attributes.",
511
522
  "Each query period must be a multiple of 60 seconds; sub-minute resolution is not supported.",
512
- "A full sync uses lookbackMinutes; a latest sync uses a short window covering the last few periods."
523
+ "A full sync uses lookbackMinutes; a latest sync uses a short window covering the last few periods.",
524
+ "Each query's window is clamped to CloudWatch's resolution-based retention floor (period < 300s keeps 15 days, < 3600s keeps 63 days, otherwise 455 days), since GetMetricData returns no points older than the floor; truncation is logged."
513
525
  ]
514
526
  });
515
527
  var metricDataResponseSchema = z2.object({
@@ -567,6 +579,24 @@ var CLOUDWATCH_API_VERSION = "2010-08-01";
567
579
  var MAX_QUERIES_PER_CALL = 500;
568
580
  var DEFAULT_LOOKBACK_MINUTES = 180;
569
581
  var MS_PER_MINUTE = 6e4;
582
+ var MS_PER_HOUR = 36e5;
583
+ var MS_PER_DAY = 864e5;
584
+ var RETENTION_FLOOR_SUB_MINUTE_MS = 3 * MS_PER_HOUR;
585
+ var RETENTION_FLOOR_HIGH_RES_MS = 15 * MS_PER_DAY;
586
+ var RETENTION_FLOOR_STANDARD_MS = 63 * MS_PER_DAY;
587
+ var RETENTION_FLOOR_LONG_TERM_MS = 455 * MS_PER_DAY;
588
+ function retentionFloorMs(periodSeconds) {
589
+ if (periodSeconds < 60) {
590
+ return RETENTION_FLOOR_SUB_MINUTE_MS;
591
+ }
592
+ if (periodSeconds < 300) {
593
+ return RETENTION_FLOOR_HIGH_RES_MS;
594
+ }
595
+ if (periodSeconds < 3600) {
596
+ return RETENTION_FLOOR_STANDARD_MS;
597
+ }
598
+ return RETENTION_FLOOR_LONG_TERM_MS;
599
+ }
570
600
  var id = "aws-cloudwatch";
571
601
  var cost = {
572
602
  warning: "CloudWatch GetMetricData is billed per metric requested on the paid tier; high-frequency syncs over many metrics add up."
@@ -607,7 +637,7 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseAWSConnector {
607
637
  ...this.settings.metricQueries.map((q) => q.periodSeconds),
608
638
  60
609
639
  );
610
- return { startMs: endMs - maxPeriod * 3 * 1e3, endMs };
640
+ return { startMs: endMs - maxPeriod * 5 * 1e3, endMs };
611
641
  }
612
642
  const lookback = this.settings.lookbackMinutes ?? DEFAULT_LOOKBACK_MINUTES;
613
643
  return { startMs: endMs - lookback * MS_PER_MINUTE, endMs };
@@ -645,50 +675,100 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseAWSConnector {
645
675
  if (queries.length === 0) {
646
676
  return { done: true };
647
677
  }
678
+ if (options.resources && options.resources.size > 0 && ![...names].some((name) => options.resources.has(name))) {
679
+ this.logger.info("resource skipped", {
680
+ resource: "metric_data",
681
+ reason: "no configured metric matches requested resources"
682
+ });
683
+ return { done: true };
684
+ }
648
685
  const queriesById = new Map(queries.map((q) => [q.id, q]));
649
686
  const { startMs, endMs } = this.computeWindow(options);
650
687
  const samples = [];
651
688
  const host = `${CLOUDWATCH_SERVICE}.${this.settings.region}.amazonaws.com`;
652
- for (let i = 0; i < queries.length; i += MAX_QUERIES_PER_CALL) {
653
- const chunk = queries.slice(i, i + MAX_QUERIES_PER_CALL);
654
- let nextToken;
655
- let page = 0;
656
- do {
657
- if (signal?.aborted) {
658
- return { done: false };
659
- }
660
- const body = this.buildGetMetricDataBody(
661
- chunk,
662
- startMs,
663
- endMs,
664
- nextToken
665
- );
666
- const signingCredentials = await this.resolveSigningCredentials(signal);
667
- const xml = await this.signedPost({
668
- host,
669
- service: CLOUDWATCH_SERVICE,
670
- body,
671
- signingCredentials,
689
+ const groupsByFloor = /* @__PURE__ */ new Map();
690
+ for (const query of queries) {
691
+ const floorMs = retentionFloorMs(query.periodSeconds);
692
+ const group = groupsByFloor.get(floorMs);
693
+ if (group) {
694
+ group.push(query);
695
+ } else {
696
+ groupsByFloor.set(floorMs, [query]);
697
+ }
698
+ }
699
+ let internalErrorSeen = false;
700
+ for (const [floorMs, group] of groupsByFloor) {
701
+ const earliestRetainedMs = endMs - floorMs;
702
+ const effectiveStartMs = Math.max(startMs, earliestRetainedMs);
703
+ if (effectiveStartMs > startMs) {
704
+ this.logger.warn("window truncated to retention floor", {
672
705
  resource: "metric_data",
673
- signal
706
+ retentionFloorMs: floorMs,
707
+ requestedStartMs: startMs,
708
+ effectiveStartMs,
709
+ queryIds: group.map((q) => q.id)
674
710
  });
675
- const parsed = parseGetMetricData(xml);
676
- for (const result of parsed.results) {
677
- const query = queriesById.get(result.id);
678
- if (query === void 0) {
679
- continue;
711
+ }
712
+ for (let i = 0; i < group.length; i += MAX_QUERIES_PER_CALL) {
713
+ const chunk = group.slice(i, i + MAX_QUERIES_PER_CALL);
714
+ let nextToken;
715
+ let page = 0;
716
+ do {
717
+ if (signal?.aborted) {
718
+ return { done: false };
680
719
  }
681
- this.collectSamples(samples, query, result);
682
- }
683
- nextToken = parsed.nextToken ?? void 0;
684
- page += 1;
685
- this.logger.info("fetched page", {
686
- resource: "metric_data",
687
- page,
688
- items: parsed.results.length,
689
- next: nextToken ?? null
690
- });
691
- } while (nextToken !== void 0);
720
+ const body = this.buildGetMetricDataBody(
721
+ chunk,
722
+ effectiveStartMs,
723
+ endMs,
724
+ nextToken
725
+ );
726
+ const signingCredentials = await this.resolveSigningCredentials(signal);
727
+ const xml = await this.signedPost({
728
+ host,
729
+ service: CLOUDWATCH_SERVICE,
730
+ body,
731
+ signingCredentials,
732
+ resource: "metric_data",
733
+ signal
734
+ });
735
+ const parsed = parseGetMetricData(xml);
736
+ for (const result of parsed.results) {
737
+ const query = queriesById.get(result.id);
738
+ if (query === void 0) {
739
+ continue;
740
+ }
741
+ if (result.statusCode === "Forbidden") {
742
+ this.logger.warn("metric result forbidden", {
743
+ resource: "metric_data",
744
+ queryId: query.id,
745
+ metric: `${query.namespace}/${query.metric}`
746
+ });
747
+ } else if (result.statusCode === "InternalError") {
748
+ internalErrorSeen = true;
749
+ this.logger.warn("metric result internal error", {
750
+ resource: "metric_data",
751
+ queryId: query.id,
752
+ metric: `${query.namespace}/${query.metric}`
753
+ });
754
+ }
755
+ this.collectSamples(samples, query, result);
756
+ }
757
+ nextToken = parsed.nextToken ?? void 0;
758
+ page += 1;
759
+ this.logger.info("fetched page", {
760
+ resource: "metric_data",
761
+ page,
762
+ items: parsed.results.length,
763
+ next: nextToken ?? null
764
+ });
765
+ } while (nextToken !== void 0);
766
+ }
767
+ }
768
+ if (internalErrorSeen) {
769
+ throw new TransientError2(
770
+ "GetMetricData returned InternalError for one or more series; rescheduling sync"
771
+ );
692
772
  }
693
773
  await storage.metrics(samples, { names: [...names] });
694
774
  this.logger.info("resource done", {
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../aws-shared/src/sigv4.ts","../../aws-shared/src/xml.ts","../../../connector-shared/src/errors.ts","../../../connector-shared/src/retry.ts","../../../connector-shared/src/version.ts","../../../connector-shared/src/request.ts","../../../connector-shared/src/rate-limit.ts","../../../connector-shared/src/map-concurrent.ts","../../../connector-shared/src/sanitize.ts","../../../connector-shared/src/epoch.ts","../../../connector-shared/src/pagination.ts","../../../connector-shared/src/logger.ts","../../aws-shared/src/base-aws-connector.ts","../../aws-shared/src/config.ts","../../../connector-shared/src/errors.ts","../../../connector-shared/src/retry.ts","../../../connector-shared/src/version.ts","../../../connector-shared/src/request.ts","../../../connector-shared/src/rate-limit.ts","../../../connector-shared/src/map-concurrent.ts","../../../connector-shared/src/sanitize.ts","../../../connector-shared/src/epoch.ts","../../../connector-shared/src/pagination.ts","../../../connector-shared/src/logger.ts","../src/aws-cloudwatch.ts","../src/index.ts"],"sourcesContent":["const encoder = new TextEncoder();\n\nconst ALGORITHM = 'AWS4-HMAC-SHA256';\n\nfunction u8(data: string): Uint8Array<ArrayBuffer> {\n return new Uint8Array(encoder.encode(data));\n}\n\nfunction toHex(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += bytes[i]!.toString(16).padStart(2, '0');\n }\n return hex;\n}\n\nexport async function sha256Hex(data: string): Promise<string> {\n const digest = await globalThis.crypto.subtle.digest('SHA-256', u8(data));\n return toHex(digest);\n}\n\nasync function hmac(key: BufferSource, data: string): Promise<ArrayBuffer> {\n const cryptoKey = await globalThis.crypto.subtle.importKey(\n 'raw',\n key,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n );\n return globalThis.crypto.subtle.sign('HMAC', cryptoKey, u8(data));\n}\n\nasync function deriveSigningKey(\n secretAccessKey: string,\n dateStamp: string,\n region: string,\n service: string,\n): Promise<ArrayBuffer> {\n const kDate = await hmac(u8(`AWS4${secretAccessKey}`), dateStamp);\n const kRegion = await hmac(kDate, region);\n const kService = await hmac(kRegion, service);\n return hmac(kService, 'aws4_request');\n}\n\nexport interface AmzDate {\n amzDate: string;\n dateStamp: string;\n}\n\nexport function formatAmzDate(date: Date): AmzDate {\n const amzDate = date.toISOString().replace(/[:-]|\\.\\d{3}/g, '');\n return { amzDate, dateStamp: amzDate.slice(0, 8) };\n}\n\nexport interface SignParams {\n method: string;\n host: string;\n path: string;\n query: string;\n headers: Record<string, string>;\n payloadHash: string;\n accessKeyId: string;\n secretAccessKey: string;\n region: string;\n service: string;\n amzDate: string;\n dateStamp: string;\n}\n\nexport async function createAuthorizationHeader(\n params: SignParams,\n): Promise<string> {\n const lowerHeaders: Record<string, string> = {};\n for (const [key, value] of Object.entries(params.headers)) {\n lowerHeaders[key.toLowerCase()] = value.trim().replace(/\\s+/g, ' ');\n }\n const sortedNames = Object.keys(lowerHeaders).sort();\n\n const canonicalHeaders = sortedNames\n .map((name) => `${name}:${lowerHeaders[name]}\\n`)\n .join('');\n const signedHeaders = sortedNames.join(';');\n\n const canonicalRequest = [\n params.method,\n params.path,\n params.query,\n canonicalHeaders,\n signedHeaders,\n params.payloadHash,\n ].join('\\n');\n\n const credentialScope = `${params.dateStamp}/${params.region}/${params.service}/aws4_request`;\n const stringToSign = [\n ALGORITHM,\n params.amzDate,\n credentialScope,\n await sha256Hex(canonicalRequest),\n ].join('\\n');\n\n const signingKey = await deriveSigningKey(\n params.secretAccessKey,\n params.dateStamp,\n params.region,\n params.service,\n );\n const signature = toHex(await hmac(signingKey, stringToSign));\n\n return (\n `${ALGORITHM} Credential=${params.accessKeyId}/${credentialScope}, ` +\n `SignedHeaders=${signedHeaders}, Signature=${signature}`\n );\n}\n","function decodeEntities(value: string): string {\n return value\n .replace(/&lt;/g, '<')\n .replace(/&gt;/g, '>')\n .replace(/&quot;/g, '\"')\n .replace(/&#39;/g, \"'\")\n .replace(/&apos;/g, \"'\")\n .replace(/&amp;/g, '&');\n}\n\nexport function firstInner(xml: string, tag: string): string | null {\n const escapedTag = tag.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&');\n const open = new RegExp(`<${escapedTag}(?:\\\\s[^>]*)?>`).exec(xml);\n if (!open) {\n return new RegExp(`<${escapedTag}\\\\s*/>`).test(xml) ? '' : null;\n }\n const start = open.index + open[0].length;\n const closeIdx = xml.indexOf(`</${tag}>`, start);\n if (closeIdx === -1) {\n return null;\n }\n return xml.slice(start, closeIdx);\n}\n\nexport function firstText(xml: string, tag: string): string | null {\n const inner = firstInner(xml, tag);\n return inner === null ? null : decodeEntities(inner).trim();\n}\n\nexport function topLevelMembers(xml: string): string[] {\n const results: string[] = [];\n const re = /<member(?:\\s[^>]*)?>|<\\/member>/g;\n let depth = 0;\n let contentStart = -1;\n let match: RegExpExecArray | null;\n while ((match = re.exec(xml)) !== null) {\n if (match[0].startsWith('</')) {\n depth--;\n if (depth === 0 && contentStart !== -1) {\n results.push(xml.slice(contentStart, match.index));\n contentStart = -1;\n }\n } else {\n if (depth === 0) {\n contentStart = match.index + match[0].length;\n }\n depth++;\n }\n }\n return results;\n}\n\nexport interface MetricDataResult {\n id: string;\n label: string;\n statusCode: string;\n timestamps: string[];\n values: number[];\n}\n\nexport interface GetMetricDataParsed {\n results: MetricDataResult[];\n nextToken: string | null;\n}\n\nexport function parseGetMetricData(xml: string): GetMetricDataParsed {\n const resultsBlock = firstInner(xml, 'MetricDataResults') ?? '';\n const results = topLevelMembers(resultsBlock).map((member) => {\n const tsBlock = firstInner(member, 'Timestamps') ?? '';\n const valBlock = firstInner(member, 'Values') ?? '';\n return {\n id: firstText(member, 'Id') ?? '',\n label: firstText(member, 'Label') ?? '',\n statusCode: firstText(member, 'StatusCode') ?? '',\n timestamps: topLevelMembers(tsBlock).map((t) => decodeEntities(t).trim()),\n values: topLevelMembers(valBlock).map((v) =>\n Number(decodeEntities(v).trim()),\n ),\n };\n });\n const nextToken = firstText(xml, 'NextToken');\n return { results, nextToken: nextToken === '' ? null : nextToken };\n}\n\nexport interface StsCredentials {\n accessKeyId: string;\n secretAccessKey: string;\n sessionToken: string;\n expiration: string;\n}\n\nexport function parseAssumeRole(xml: string): StsCredentials | null {\n const credBlock = firstInner(xml, 'Credentials');\n if (credBlock === null) {\n return null;\n }\n const accessKeyId = firstText(credBlock, 'AccessKeyId') ?? '';\n const secretAccessKey = firstText(credBlock, 'SecretAccessKey') ?? '';\n if (accessKeyId === '' || secretAccessKey === '') {\n return null;\n }\n return {\n accessKeyId,\n secretAccessKey,\n sessionToken: firstText(credBlock, 'SessionToken') ?? '',\n expiration: firstText(credBlock, 'Expiration') ?? '',\n };\n}\n\nexport function parseErrorCode(xml: string): string | null {\n return firstText(xml, 'Code');\n}\n","import type { HttpResponse } from './types';\n\nexport type HttpErrorKind =\n | 'transient'\n | 'rate_limit'\n | 'auth'\n | 'upstream_bug'\n | 'client_bug';\n\nexport abstract class HttpClientError extends Error {\n abstract readonly kind: HttpErrorKind;\n readonly response?: HttpResponse;\n\n constructor(message: string, response?: HttpResponse) {\n super(message);\n this.name = new.target.name;\n this.response = response;\n }\n}\n\nexport class TransientError extends HttpClientError {\n readonly kind = 'transient' as const;\n}\n\nexport class RateLimitError extends HttpClientError {\n readonly kind = 'rate_limit' as const;\n readonly retryAfter?: Date;\n\n constructor(message: string, response?: HttpResponse, retryAfter?: Date) {\n super(message, response);\n this.retryAfter = retryAfter;\n }\n}\n\nexport class AuthError extends HttpClientError {\n readonly kind = 'auth' as const;\n}\n\nexport class UpstreamBugError extends HttpClientError {\n readonly kind = 'upstream_bug' as const;\n}\n\nexport class ClientBugError extends HttpClientError {\n readonly kind = 'client_bug' as const;\n}\n\nexport function classifyStatus(status: number): HttpErrorKind {\n if (status === 429) {\n return 'rate_limit';\n }\n if (status === 401 || status === 403) {\n return 'auth';\n }\n if (status === 408) {\n return 'transient';\n }\n if (status >= 500) {\n return 'upstream_bug';\n }\n if (status >= 400) {\n return 'client_bug';\n }\n return 'client_bug';\n}\n\nexport function errorForStatus(\n message: string,\n response: HttpResponse,\n retryAfter?: Date,\n): HttpClientError {\n const kind = classifyStatus(response.status);\n switch (kind) {\n case 'rate_limit':\n return new RateLimitError(message, response, retryAfter);\n case 'auth':\n return new AuthError(message, response);\n case 'transient':\n return new TransientError(message, response);\n case 'upstream_bug':\n return new UpstreamBugError(message, response);\n case 'client_bug':\n return new ClientBugError(message, response);\n }\n}\n","import { HttpClientError, RateLimitError, TransientError } from './errors';\n\nexport interface RetryPolicy {\n maxAttempts?: number;\n initialDelayMs?: number;\n maxDelayMs?: number;\n retryOn?: (status: number | null, err?: Error) => boolean;\n}\n\nexport const defaultRetryOn = (status: number | null, err?: Error): boolean => {\n if (err instanceof RateLimitError) {\n return true;\n }\n if (err instanceof TransientError) {\n return true;\n }\n if (status === null) {\n return err instanceof Error && !(err instanceof HttpClientError);\n }\n if (status === 408 || status === 429) {\n return true;\n }\n if (status >= 500) {\n return true;\n }\n return false;\n};\n\nexport function backoffDelayMs(\n attempt: number,\n policy: Required<Pick<RetryPolicy, 'initialDelayMs' | 'maxDelayMs'>>,\n): number {\n const base = policy.initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, policy.maxDelayMs);\n}\n\nexport function parseRetryAfter(\n headerValue: string | null,\n now: Date = new Date(),\n): Date | undefined {\n if (!headerValue) {\n return undefined;\n }\n const trimmed = headerValue.trim();\n if (/^\\d+$/.test(trimmed)) {\n return new Date(now.getTime() + Number(trimmed) * 1000);\n }\n const parsed = Date.parse(trimmed);\n if (Number.isNaN(parsed)) {\n return undefined;\n }\n return new Date(parsed);\n}\n\nexport function sleep(ms: number, signal?: AbortSignal): Promise<void> {\n if (signal?.aborted) {\n return Promise.reject(signal.reason ?? new Error('Aborted'));\n }\n return new Promise<void>((resolve, reject) => {\n const onAbort = () => {\n clearTimeout(timer);\n reject(signal!.reason ?? new Error('Aborted'));\n };\n const timer = setTimeout(() => {\n signal?.removeEventListener('abort', onAbort);\n resolve();\n }, ms);\n signal?.addEventListener('abort', onAbort, { once: true });\n });\n}\n","export const HTTP_CLIENT_VERSION = '0.0.0';\n\nexport const DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n\nexport function connectorUserAgent(connectorId: string): string {\n return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n}\n","import {\n AuthError,\n ClientBugError,\n HttpClientError,\n RateLimitError,\n TransientError,\n UpstreamBugError,\n errorForStatus,\n} from './errors';\nimport { defaultRetryOn, parseRetryAfter, sleep } from './retry';\nimport type { FetchLike, HttpMethod, HttpRequest, HttpResponse } from './types';\nimport { DEFAULT_USER_AGENT } from './version';\n\nconst DEFAULT_TIMEOUT_MS = 10_000;\nconst DEFAULT_MAX_ATTEMPTS = 3;\nconst DEFAULT_INITIAL_DELAY_MS = 1000;\nconst DEFAULT_MAX_DELAY_MS = 60_000;\nconst OBSERVER_TIMEOUT_MS = 250;\n\nexport interface RequestObservation {\n url: string;\n method: HttpMethod;\n status: number;\n resource: string;\n requestId: string;\n body: unknown;\n}\n\nexport type RequestObserver = (\n event: RequestObservation,\n) => void | Promise<void>;\n\nexport interface RequestOptions {\n fetch?: FetchLike;\n observer?: RequestObserver;\n resource: string;\n requestId?: string;\n}\n\nasync function notifyObserver(\n observer: RequestObserver,\n event: RequestObservation,\n): Promise<void> {\n let result: void | Promise<void>;\n try {\n result = observer(event);\n } catch (err) {\n console.warn('[connector-shared] request observer threw:', err);\n return;\n }\n if (!(result instanceof Promise)) {\n return;\n }\n const guarded = result.catch((err) => {\n console.warn('[connector-shared] request observer rejected:', err);\n });\n let timer: ReturnType<typeof setTimeout> | undefined;\n const timeout = new Promise<void>((resolve) => {\n timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);\n });\n try {\n await Promise.race([guarded, timeout]);\n } finally {\n if (timer) {\n clearTimeout(timer);\n }\n }\n}\n\nfunction newRequestId(): string {\n const c = (globalThis as { crypto?: { randomUUID?: () => string } }).crypto;\n if (c?.randomUUID) {\n return c.randomUUID();\n }\n return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;\n}\n\nfunction mergeHeaders(\n defaults: Record<string, string>,\n overrides: Record<string, string> | undefined,\n): Record<string, string> {\n const merged: Record<string, string> = {};\n for (const [k, v] of Object.entries(defaults)) {\n merged[k.toLowerCase()] = v;\n }\n if (overrides) {\n for (const [k, v] of Object.entries(overrides)) {\n merged[k.toLowerCase()] = v;\n }\n }\n return merged;\n}\n\nfunction linkTimeoutSignal(\n parent: AbortSignal | undefined,\n timeoutMs: number,\n): { signal: AbortSignal; cancel: () => void } {\n const controller = new AbortController();\n const onParentAbort = () => {\n controller.abort(parent?.reason);\n };\n if (parent) {\n if (parent.aborted) {\n controller.abort(parent.reason);\n } else {\n parent.addEventListener('abort', onParentAbort, { once: true });\n }\n }\n const timer = setTimeout(() => {\n controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n if (parent) {\n parent.removeEventListener('abort', onParentAbort);\n }\n },\n };\n}\n\nasync function readBody(res: Response, parseJson: boolean): Promise<unknown> {\n if (res.status === 204 || res.status === 205) {\n return null;\n }\n const contentType = res.headers.get('content-type') ?? '';\n if (parseJson && contentType.includes('application/json')) {\n const text = await res.text();\n if (text.length === 0) {\n return null;\n }\n return JSON.parse(text);\n }\n return res.text();\n}\n\nexport async function request<T = unknown>(\n req: HttpRequest,\n options: RequestOptions,\n): Promise<HttpResponse<T>> {\n const fetchImpl: FetchLike = options.fetch ?? (globalThis.fetch as FetchLike);\n const retry = req.retry ?? {};\n const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;\n const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;\n const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;\n const retryOn = retry.retryOn ?? defaultRetryOn;\n const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const parseJson = req.parseJson ?? true;\n\n const headers = mergeHeaders(\n {\n 'User-Agent': DEFAULT_USER_AGENT,\n Accept: 'application/json',\n },\n req.headers,\n );\n\n let lastErr: Error | undefined;\n\n for (let attempt = 0; attempt < maxAttempts; attempt++) {\n req.signal?.throwIfAborted();\n\n const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);\n let res: Response;\n try {\n res = await fetchImpl(req.url, {\n method: req.method ?? 'GET',\n headers,\n body: req.body as RequestInit['body'],\n signal,\n });\n } catch (err) {\n cancel();\n if (req.signal?.aborted) {\n throw req.signal.reason ?? err;\n }\n const error = err instanceof Error ? err : new Error(String(err));\n lastErr = error;\n if (attempt < maxAttempts - 1 && retryOn(null, error)) {\n const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n await sleep(delay, req.signal);\n continue;\n }\n throw new TransientError(error.message);\n }\n cancel();\n\n const body = await readBody(res, parseJson);\n const httpResponse: HttpResponse<T> = {\n status: res.status,\n headers: res.headers,\n body: body as T,\n };\n if (req.rateLimit) {\n const state = req.rateLimit.parse(res.headers);\n if (state) {\n httpResponse.rateLimitState = state;\n }\n }\n\n if (options.observer) {\n await notifyObserver(options.observer, {\n url: req.url,\n method: req.method ?? 'GET',\n status: res.status,\n resource: options.resource,\n requestId: options.requestId ?? newRequestId(),\n body,\n });\n }\n\n if (res.ok) {\n return httpResponse;\n }\n\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\n const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? 'GET'} ${req.url}`;\n const err = errorForStatus(message, httpResponse, retryAfter);\n\n if (\n attempt < maxAttempts - 1 &&\n retryOn(res.status, err) &&\n !(err instanceof AuthError) &&\n !(err instanceof ClientBugError)\n ) {\n lastErr = err;\n let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n if (err instanceof RateLimitError && retryAfter) {\n const wait = retryAfter.getTime() - Date.now();\n if (wait > 0) {\n delay = Math.min(wait, maxDelayMs);\n }\n }\n await sleep(delay, req.signal);\n continue;\n }\n\n throw err;\n }\n\n throw lastErr ?? new UpstreamBugError('Exhausted retry attempts');\n}\n\nfunction computeDelay(\n attempt: number,\n initialDelayMs: number,\n maxDelayMs: number,\n): number {\n const base = initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, maxDelayMs);\n}\n\nexport { HttpClientError };\n","export interface RateLimitState {\n remaining: number;\n resetAt: Date;\n}\n\nexport interface RateLimitPolicy {\n parse(headers: Headers): RateLimitState | null;\n}\n\nexport interface StandardRateLimitPolicyConfig {\n remainingHeader: string;\n resetHeader: string;\n resetUnit: 's' | 'ms';\n resetFallbackMs?: number;\n}\n\nexport function standardRateLimitPolicy(\n config: StandardRateLimitPolicyConfig,\n): RateLimitPolicy {\n const { remainingHeader, resetHeader, resetUnit, resetFallbackMs } = config;\n const multiplier = resetUnit === 's' ? 1000 : 1;\n return {\n parse(h) {\n const remainingRaw = h.get(remainingHeader);\n if (remainingRaw === null || remainingRaw.trim() === '') {\n return null;\n }\n const remaining = Number(remainingRaw);\n if (!Number.isFinite(remaining)) {\n return null;\n }\n const resetRaw = h.get(resetHeader);\n if (resetRaw === null) {\n if (resetFallbackMs === undefined) {\n return null;\n }\n return {\n remaining,\n resetAt: new Date(Date.now() + resetFallbackMs),\n };\n }\n if (resetRaw.trim() === '') {\n return null;\n }\n const reset = Number(resetRaw);\n if (!Number.isFinite(reset) || reset < 0) {\n return null;\n }\n const resetMs = reset * multiplier;\n if (!Number.isFinite(resetMs)) {\n return null;\n }\n return { remaining, resetAt: new Date(resetMs) };\n },\n };\n}\n","export async function mapWithConcurrency<T, R>(\n items: readonly T[],\n concurrency: number,\n fn: (item: T, index: number) => Promise<R>,\n): Promise<R[]> {\n const results = new Array<R>(items.length);\n if (items.length === 0) {\n return results;\n }\n const normalized = Number.isFinite(concurrency) ? Math.floor(concurrency) : 1;\n const limit = Math.max(1, Math.min(normalized, items.length));\n let next = 0;\n let failed = false;\n\n async function worker(): Promise<void> {\n while (!failed) {\n const i = next++;\n if (i >= items.length) {\n return;\n }\n try {\n results[i] = await fn(items[i]!, i);\n } catch (err) {\n failed = true;\n throw err;\n }\n }\n }\n\n const workers: Promise<void>[] = [];\n for (let w = 0; w < limit; w++) {\n workers.push(worker());\n }\n await Promise.all(workers);\n return results;\n}\n","export interface SanitizeAllowedUrlOptions {\n url: string | null;\n host: string;\n pathname: string;\n protocol?: 'https:' | 'http:';\n}\n\nexport function sanitizeAllowedUrl(\n options: SanitizeAllowedUrlOptions,\n): string | null {\n const { url, host, pathname, protocol = 'https:' } = options;\n if (url === null) {\n return null;\n }\n try {\n const u = new URL(url);\n if (u.protocol !== protocol || u.host !== host || u.pathname !== pathname) {\n return null;\n }\n return u.toString();\n } catch {\n return null;\n }\n}\n","export type EpochUnit = 'ms' | 's' | 'iso';\n\nexport function parseEpoch(\n value: number | string | null | undefined,\n unit: EpochUnit,\n): number | null {\n if (value === null || value === undefined) {\n return null;\n }\n if (unit === 'iso') {\n if (typeof value !== 'string') {\n return null;\n }\n const ms = new Date(value).getTime();\n return Number.isFinite(ms) ? ms : null;\n }\n if (typeof value === 'string' && value.trim() === '') {\n return null;\n }\n const n = typeof value === 'number' ? value : Number(value);\n if (!Number.isFinite(n)) {\n return null;\n }\n const result = unit === 's' ? n * 1000 : n;\n return Number.isFinite(result) ? result : null;\n}\n","import { request } from './request';\nimport type { HttpRequest } from './types';\n\nexport function parseLinkHeader(header: string | null): Record<string, string> {\n if (!header) {\n return {};\n }\n const result: Record<string, string> = {};\n for (const part of header.split(',')) {\n const match = part.match(/<([^>]+)>\\s*;\\s*rel=\"([^\"]+)\"/);\n if (match) {\n result[match[2]!] = match[1]!;\n }\n }\n return result;\n}\n\nexport async function* paginateLink<T>(\n initial: HttpRequest,\n parse: (body: unknown) => T[],\n options: { resource: string },\n): AsyncIterable<T> {\n let next: string | null = initial.url;\n while (next) {\n const res: Awaited<ReturnType<typeof request>> = await request(\n {\n ...initial,\n url: next,\n },\n { resource: options.resource },\n );\n for (const item of parse(res.body)) {\n yield item;\n }\n const links = parseLinkHeader(res.headers.get('link'));\n next = links['next'] ?? null;\n }\n}\n\nexport async function* paginateCursor<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; nextCursor: string | null },\n buildNext: (req: HttpRequest, cursor: string) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let req: HttpRequest = initial;\n while (true) {\n const res = await request(req, { resource: options.resource });\n const { items, nextCursor } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!nextCursor) {\n return;\n }\n req = buildNext(req, nextCursor);\n }\n}\n\nexport async function* paginatePage<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; hasMore: boolean },\n buildPage: (req: HttpRequest, page: number) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let page = 1;\n while (true) {\n const req = page === 1 ? initial : buildPage(initial, page);\n const res = await request(req, { resource: options.resource });\n const { items, hasMore } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!hasMore || items.length === 0) {\n return;\n }\n page++;\n }\n}\n","export type LogFields = Record<string, unknown>;\n\nexport interface ConnectorLogger {\n info(event: string, fields?: LogFields): void;\n warn(event: string, fields?: LogFields): void;\n}\n\nexport interface ConnectorLoggerOptions {\n scope: string;\n}\n\nconst MAX_VALUE_LEN = 120;\n\nfunction truncate(s: string, max = MAX_VALUE_LEN): string {\n if (s.length <= max) {\n return s;\n }\n return `${s.slice(0, max - 1)}…`;\n}\n\nfunction formatValue(value: unknown): string {\n if (value === null) {\n return 'null';\n }\n if (value === undefined) {\n return '';\n }\n if (typeof value === 'number' || typeof value === 'boolean') {\n return String(value);\n }\n if (typeof value === 'string') {\n const t = truncate(value);\n if (/[\\s\"=]/.test(t)) {\n return JSON.stringify(t);\n }\n return t;\n }\n if (typeof value === 'bigint') {\n return value.toString();\n }\n let json: string | undefined;\n try {\n json = JSON.stringify(value);\n } catch {\n json = undefined;\n }\n return truncate(json ?? String(value));\n}\n\nexport function formatLogFields(fields?: LogFields): string {\n if (!fields) {\n return '';\n }\n const parts: string[] = [];\n for (const [k, v] of Object.entries(fields)) {\n if (v === undefined) {\n continue;\n }\n parts.push(`${k}=${formatValue(v)}`);\n }\n return parts.length > 0 ? ` ${parts.join(' ')}` : '';\n}\n\nexport function formatLogLine(\n scope: string,\n event: string,\n fields?: LogFields,\n): string {\n return `[${scope}] ${event}${formatLogFields(fields)}`;\n}\n\nexport function createDefaultConnectorLogger(\n opts: ConnectorLoggerOptions,\n): ConnectorLogger {\n return {\n info(event, fields) {\n console.info(formatLogLine(opts.scope, event, fields));\n },\n warn(event, fields) {\n console.warn(formatLogLine(opts.scope, event, fields));\n },\n };\n}\n\nconst NOOP_LOGGER: ConnectorLogger = {\n info() {},\n warn() {},\n};\n\nexport function noopConnectorLogger(): ConnectorLogger {\n return NOOP_LOGGER;\n}\n","import {\n AuthError,\n type HttpClientError,\n type HttpResponse,\n RateLimitError,\n TransientError,\n connectorUserAgent,\n parseEpoch,\n} from '@rawdash/connector-shared';\nimport { BaseConnector, type CredentialsSchema } from '@rawdash/core';\n\nimport { createAuthorizationHeader, formatAmzDate, sha256Hex } from './sigv4';\nimport { type StsCredentials, parseAssumeRole, parseErrorCode } from './xml';\n\nexport interface BaseAWSSettings {\n region: string;\n roleArn?: string;\n externalId?: string;\n}\n\nexport const awsCredentialsSchema = {\n accessKeyId: {\n description: 'AWS access key ID',\n auth: 'optional' as const,\n },\n secretAccessKey: {\n description: 'AWS secret access key',\n auth: 'optional' as const,\n },\n} satisfies CredentialsSchema;\n\nexport type AwsCredentials = typeof awsCredentialsSchema;\n\nexport interface SigningCredentials {\n accessKeyId: string;\n secretAccessKey: string;\n sessionToken?: string;\n}\n\nconst STS_SERVICE = 'sts';\nconst STS_API_VERSION = '2011-06-15';\nconst ASSUMED_ROLE_TTL_BUFFER_MS = 60_000;\nconst ASSUME_ROLE_DURATION_SECONDS = 3600;\nconst FORM_CONTENT_TYPE = 'application/x-www-form-urlencoded; charset=utf-8';\n\nfunction readEnv(name: string): string | undefined {\n const env = (\n globalThis as {\n process?: { env?: Record<string, string | undefined> };\n }\n ).process?.env;\n return env?.[name];\n}\n\nexport abstract class BaseAWSConnector<\n TSettings extends BaseAWSSettings,\n> extends BaseConnector<TSettings, AwsCredentials> {\n override readonly credentials = awsCredentialsSchema;\n\n private assumedCreds: {\n value: SigningCredentials;\n expiresAt: number;\n } | null = null;\n\n protected baseCredentials(): SigningCredentials {\n const { accessKeyId, secretAccessKey } = this.creds;\n if (accessKeyId && secretAccessKey) {\n return { accessKeyId, secretAccessKey };\n }\n const envAccessKeyId = readEnv('AWS_ACCESS_KEY_ID');\n const envSecretAccessKey = readEnv('AWS_SECRET_ACCESS_KEY');\n if (envAccessKeyId && envSecretAccessKey) {\n return {\n accessKeyId: envAccessKeyId,\n secretAccessKey: envSecretAccessKey,\n sessionToken: readEnv('AWS_SESSION_TOKEN') || undefined,\n };\n }\n throw new AuthError(\n `${this.id}: no AWS credentials available — provide accessKeyId + secretAccessKey, or set them in the environment for role assumption`,\n );\n }\n\n protected async resolveSigningCredentials(\n signal?: AbortSignal,\n ): Promise<SigningCredentials> {\n if (this.settings.roleArn === undefined) {\n const { accessKeyId, secretAccessKey } = this.creds;\n if (!accessKeyId || !secretAccessKey) {\n throw new AuthError(\n `${this.id}: static-credential auth requires both accessKeyId and secretAccessKey`,\n );\n }\n return { accessKeyId, secretAccessKey };\n }\n\n if (this.assumedCreds && Date.now() < this.assumedCreds.expiresAt) {\n return this.assumedCreds.value;\n }\n return this.assumeRole(this.settings.roleArn, signal);\n }\n\n private async assumeRole(\n roleArn: string,\n signal?: AbortSignal,\n ): Promise<SigningCredentials> {\n const params = new URLSearchParams();\n params.set('Action', 'AssumeRole');\n params.set('Version', STS_API_VERSION);\n params.set('RoleArn', roleArn);\n params.set('RoleSessionName', `rawdash-${this.id}`);\n params.set('DurationSeconds', String(ASSUME_ROLE_DURATION_SECONDS));\n if (this.settings.externalId !== undefined) {\n params.set('ExternalId', this.settings.externalId);\n }\n\n const host = `sts.${this.settings.region}.amazonaws.com`;\n const xml = await this.signedPost({\n host,\n service: STS_SERVICE,\n body: params.toString(),\n signingCredentials: this.baseCredentials(),\n resource: 'assume_role',\n signal,\n });\n\n const parsed = parseAssumeRole(xml);\n if (parsed === null) {\n throw new AuthError(\n `${this.id}: STS AssumeRole returned no usable credentials`,\n );\n }\n this.cacheAssumedCredentials(parsed);\n return {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n sessionToken: parsed.sessionToken || undefined,\n };\n }\n\n private cacheAssumedCredentials(parsed: StsCredentials): void {\n const expirationMs = parseEpoch(parsed.expiration, 'iso');\n const expiresAt =\n expirationMs !== null\n ? expirationMs - ASSUMED_ROLE_TTL_BUFFER_MS\n : Date.now() + (ASSUME_ROLE_DURATION_SECONDS - 60) * 1000;\n this.assumedCreds = {\n value: {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n sessionToken: parsed.sessionToken || undefined,\n },\n expiresAt,\n };\n }\n\n protected async signedPost(args: {\n host: string;\n service: string;\n body: string;\n signingCredentials: SigningCredentials;\n resource: string;\n signal?: AbortSignal;\n }): Promise<string> {\n const { amzDate, dateStamp } = formatAmzDate(new Date());\n const payloadHash = await sha256Hex(args.body);\n\n const signedHeaders: Record<string, string> = {\n host: args.host,\n 'content-type': FORM_CONTENT_TYPE,\n 'x-amz-content-sha256': payloadHash,\n 'x-amz-date': amzDate,\n };\n if (args.signingCredentials.sessionToken !== undefined) {\n signedHeaders['x-amz-security-token'] =\n args.signingCredentials.sessionToken;\n }\n\n const authorization = await createAuthorizationHeader({\n method: 'POST',\n host: args.host,\n path: '/',\n query: '',\n headers: signedHeaders,\n payloadHash,\n accessKeyId: args.signingCredentials.accessKeyId,\n secretAccessKey: args.signingCredentials.secretAccessKey,\n region: this.settings.region,\n service: args.service,\n amzDate,\n dateStamp,\n });\n\n const sendHeaders: Record<string, string> = {\n 'content-type': FORM_CONTENT_TYPE,\n 'x-amz-content-sha256': payloadHash,\n 'x-amz-date': amzDate,\n 'user-agent': connectorUserAgent(this.id),\n Authorization: authorization,\n };\n if (args.signingCredentials.sessionToken !== undefined) {\n sendHeaders['x-amz-security-token'] =\n args.signingCredentials.sessionToken;\n }\n\n try {\n const res: HttpResponse<string> = await this.request<string>(\n {\n url: `https://${args.host}/`,\n method: 'POST',\n headers: sendHeaders,\n body: args.body,\n parseJson: false,\n signal: args.signal,\n },\n { resource: args.resource },\n );\n return res.body;\n } catch (err) {\n throw this.classifyAwsError(err);\n }\n }\n\n protected classifyAwsError(err: unknown): unknown {\n if (!(err instanceof Error) || !('kind' in err)) {\n return err;\n }\n const httpErr = err as HttpClientError;\n const body =\n typeof httpErr.response?.body === 'string' ? httpErr.response.body : '';\n const code = parseErrorCode(body) ?? '';\n const status = httpErr.response?.status ?? 0;\n\n if (\n /throttl|RequestLimitExceeded|TooManyRequests|LimitExceeded/i.test(code)\n ) {\n return new RateLimitError(httpErr.message, httpErr.response);\n }\n if (\n /AccessDenied|UnrecognizedClient|InvalidClientTokenId|SignatureDoesNotMatch|AuthFailure|InvalidAccessKeyId|Forbidden/i.test(\n code,\n )\n ) {\n return new AuthError(httpErr.message, httpErr.response);\n }\n if (status >= 500) {\n return new TransientError(httpErr.message, httpErr.response);\n }\n return err;\n }\n}\n","import { z } from 'zod';\n\nexport const awsAuthConfigShape = {\n region: z\n .string()\n .regex(\n /^[a-z0-9-]+$/,\n 'region must look like an AWS region, e.g. us-east-1',\n )\n .meta({\n label: 'AWS Region',\n description:\n 'The AWS region whose service endpoint you want to call, e.g. us-east-1.',\n placeholder: 'us-east-1',\n }),\n accessKeyId: z.object({ $secret: z.string() }).optional().meta({\n label: 'Access Key ID',\n description:\n 'AWS access key ID for an IAM principal with permission to call the relevant service. Use together with the secret access key for static-credential auth.',\n secret: true,\n }),\n secretAccessKey: z.object({ $secret: z.string() }).optional().meta({\n label: 'Secret Access Key',\n description: 'AWS secret access key paired with the access key ID above.',\n secret: true,\n }),\n roleArn: z\n .string()\n .regex(\n /^arn:aws:iam::\\d{12}:role\\/.+/,\n 'roleArn must be a full IAM role ARN, e.g. arn:aws:iam::123456789012:role/rawdash',\n )\n .optional()\n .meta({\n label: 'Role ARN',\n description:\n 'IAM role to assume via STS instead of using static keys. The base credentials (the access key above, or the ambient AWS environment) must be allowed to sts:AssumeRole this role.',\n placeholder: 'arn:aws:iam::123456789012:role/rawdash',\n }),\n externalId: z.string().min(1).optional().meta({\n label: 'External ID',\n description:\n 'External ID required by the trust policy of the role being assumed. Only used with Role ARN.',\n }),\n} as const;\n\nexport interface AwsAuthConfig {\n region: string;\n accessKeyId?: { $secret: string };\n secretAccessKey?: { $secret: string };\n roleArn?: string;\n externalId?: string;\n}\n\nexport const awsAuthRefine = {\n predicate: (val: AwsAuthConfig): boolean => {\n const hasRole = val.roleArn !== undefined;\n const hasStatic =\n val.accessKeyId !== undefined && val.secretAccessKey !== undefined;\n if (val.externalId !== undefined && !hasRole) {\n return false;\n }\n return hasRole || hasStatic;\n },\n message:\n 'Provide either accessKeyId + secretAccessKey (static credentials) or roleArn (role assumption). externalId requires roleArn.',\n} as const;\n","import type { HttpResponse } from './types';\n\nexport type HttpErrorKind =\n | 'transient'\n | 'rate_limit'\n | 'auth'\n | 'upstream_bug'\n | 'client_bug';\n\nexport abstract class HttpClientError extends Error {\n abstract readonly kind: HttpErrorKind;\n readonly response?: HttpResponse;\n\n constructor(message: string, response?: HttpResponse) {\n super(message);\n this.name = new.target.name;\n this.response = response;\n }\n}\n\nexport class TransientError extends HttpClientError {\n readonly kind = 'transient' as const;\n}\n\nexport class RateLimitError extends HttpClientError {\n readonly kind = 'rate_limit' as const;\n readonly retryAfter?: Date;\n\n constructor(message: string, response?: HttpResponse, retryAfter?: Date) {\n super(message, response);\n this.retryAfter = retryAfter;\n }\n}\n\nexport class AuthError extends HttpClientError {\n readonly kind = 'auth' as const;\n}\n\nexport class UpstreamBugError extends HttpClientError {\n readonly kind = 'upstream_bug' as const;\n}\n\nexport class ClientBugError extends HttpClientError {\n readonly kind = 'client_bug' as const;\n}\n\nexport function classifyStatus(status: number): HttpErrorKind {\n if (status === 429) {\n return 'rate_limit';\n }\n if (status === 401 || status === 403) {\n return 'auth';\n }\n if (status === 408) {\n return 'transient';\n }\n if (status >= 500) {\n return 'upstream_bug';\n }\n if (status >= 400) {\n return 'client_bug';\n }\n return 'client_bug';\n}\n\nexport function errorForStatus(\n message: string,\n response: HttpResponse,\n retryAfter?: Date,\n): HttpClientError {\n const kind = classifyStatus(response.status);\n switch (kind) {\n case 'rate_limit':\n return new RateLimitError(message, response, retryAfter);\n case 'auth':\n return new AuthError(message, response);\n case 'transient':\n return new TransientError(message, response);\n case 'upstream_bug':\n return new UpstreamBugError(message, response);\n case 'client_bug':\n return new ClientBugError(message, response);\n }\n}\n","import { HttpClientError, RateLimitError, TransientError } from './errors';\n\nexport interface RetryPolicy {\n maxAttempts?: number;\n initialDelayMs?: number;\n maxDelayMs?: number;\n retryOn?: (status: number | null, err?: Error) => boolean;\n}\n\nexport const defaultRetryOn = (status: number | null, err?: Error): boolean => {\n if (err instanceof RateLimitError) {\n return true;\n }\n if (err instanceof TransientError) {\n return true;\n }\n if (status === null) {\n return err instanceof Error && !(err instanceof HttpClientError);\n }\n if (status === 408 || status === 429) {\n return true;\n }\n if (status >= 500) {\n return true;\n }\n return false;\n};\n\nexport function backoffDelayMs(\n attempt: number,\n policy: Required<Pick<RetryPolicy, 'initialDelayMs' | 'maxDelayMs'>>,\n): number {\n const base = policy.initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, policy.maxDelayMs);\n}\n\nexport function parseRetryAfter(\n headerValue: string | null,\n now: Date = new Date(),\n): Date | undefined {\n if (!headerValue) {\n return undefined;\n }\n const trimmed = headerValue.trim();\n if (/^\\d+$/.test(trimmed)) {\n return new Date(now.getTime() + Number(trimmed) * 1000);\n }\n const parsed = Date.parse(trimmed);\n if (Number.isNaN(parsed)) {\n return undefined;\n }\n return new Date(parsed);\n}\n\nexport function sleep(ms: number, signal?: AbortSignal): Promise<void> {\n if (signal?.aborted) {\n return Promise.reject(signal.reason ?? new Error('Aborted'));\n }\n return new Promise<void>((resolve, reject) => {\n const onAbort = () => {\n clearTimeout(timer);\n reject(signal!.reason ?? new Error('Aborted'));\n };\n const timer = setTimeout(() => {\n signal?.removeEventListener('abort', onAbort);\n resolve();\n }, ms);\n signal?.addEventListener('abort', onAbort, { once: true });\n });\n}\n","export const HTTP_CLIENT_VERSION = '0.0.0';\n\nexport const DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n\nexport function connectorUserAgent(connectorId: string): string {\n return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n}\n","import {\n AuthError,\n ClientBugError,\n HttpClientError,\n RateLimitError,\n TransientError,\n UpstreamBugError,\n errorForStatus,\n} from './errors';\nimport { defaultRetryOn, parseRetryAfter, sleep } from './retry';\nimport type { FetchLike, HttpMethod, HttpRequest, HttpResponse } from './types';\nimport { DEFAULT_USER_AGENT } from './version';\n\nconst DEFAULT_TIMEOUT_MS = 10_000;\nconst DEFAULT_MAX_ATTEMPTS = 3;\nconst DEFAULT_INITIAL_DELAY_MS = 1000;\nconst DEFAULT_MAX_DELAY_MS = 60_000;\nconst OBSERVER_TIMEOUT_MS = 250;\n\nexport interface RequestObservation {\n url: string;\n method: HttpMethod;\n status: number;\n resource: string;\n requestId: string;\n body: unknown;\n}\n\nexport type RequestObserver = (\n event: RequestObservation,\n) => void | Promise<void>;\n\nexport interface RequestOptions {\n fetch?: FetchLike;\n observer?: RequestObserver;\n resource: string;\n requestId?: string;\n}\n\nasync function notifyObserver(\n observer: RequestObserver,\n event: RequestObservation,\n): Promise<void> {\n let result: void | Promise<void>;\n try {\n result = observer(event);\n } catch (err) {\n console.warn('[connector-shared] request observer threw:', err);\n return;\n }\n if (!(result instanceof Promise)) {\n return;\n }\n const guarded = result.catch((err) => {\n console.warn('[connector-shared] request observer rejected:', err);\n });\n let timer: ReturnType<typeof setTimeout> | undefined;\n const timeout = new Promise<void>((resolve) => {\n timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);\n });\n try {\n await Promise.race([guarded, timeout]);\n } finally {\n if (timer) {\n clearTimeout(timer);\n }\n }\n}\n\nfunction newRequestId(): string {\n const c = (globalThis as { crypto?: { randomUUID?: () => string } }).crypto;\n if (c?.randomUUID) {\n return c.randomUUID();\n }\n return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;\n}\n\nfunction mergeHeaders(\n defaults: Record<string, string>,\n overrides: Record<string, string> | undefined,\n): Record<string, string> {\n const merged: Record<string, string> = {};\n for (const [k, v] of Object.entries(defaults)) {\n merged[k.toLowerCase()] = v;\n }\n if (overrides) {\n for (const [k, v] of Object.entries(overrides)) {\n merged[k.toLowerCase()] = v;\n }\n }\n return merged;\n}\n\nfunction linkTimeoutSignal(\n parent: AbortSignal | undefined,\n timeoutMs: number,\n): { signal: AbortSignal; cancel: () => void } {\n const controller = new AbortController();\n const onParentAbort = () => {\n controller.abort(parent?.reason);\n };\n if (parent) {\n if (parent.aborted) {\n controller.abort(parent.reason);\n } else {\n parent.addEventListener('abort', onParentAbort, { once: true });\n }\n }\n const timer = setTimeout(() => {\n controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n if (parent) {\n parent.removeEventListener('abort', onParentAbort);\n }\n },\n };\n}\n\nasync function readBody(res: Response, parseJson: boolean): Promise<unknown> {\n if (res.status === 204 || res.status === 205) {\n return null;\n }\n const contentType = res.headers.get('content-type') ?? '';\n if (parseJson && contentType.includes('application/json')) {\n const text = await res.text();\n if (text.length === 0) {\n return null;\n }\n return JSON.parse(text);\n }\n return res.text();\n}\n\nexport async function request<T = unknown>(\n req: HttpRequest,\n options: RequestOptions,\n): Promise<HttpResponse<T>> {\n const fetchImpl: FetchLike = options.fetch ?? (globalThis.fetch as FetchLike);\n const retry = req.retry ?? {};\n const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;\n const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;\n const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;\n const retryOn = retry.retryOn ?? defaultRetryOn;\n const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const parseJson = req.parseJson ?? true;\n\n const headers = mergeHeaders(\n {\n 'User-Agent': DEFAULT_USER_AGENT,\n Accept: 'application/json',\n },\n req.headers,\n );\n\n let lastErr: Error | undefined;\n\n for (let attempt = 0; attempt < maxAttempts; attempt++) {\n req.signal?.throwIfAborted();\n\n const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);\n let res: Response;\n try {\n res = await fetchImpl(req.url, {\n method: req.method ?? 'GET',\n headers,\n body: req.body as RequestInit['body'],\n signal,\n });\n } catch (err) {\n cancel();\n if (req.signal?.aborted) {\n throw req.signal.reason ?? err;\n }\n const error = err instanceof Error ? err : new Error(String(err));\n lastErr = error;\n if (attempt < maxAttempts - 1 && retryOn(null, error)) {\n const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n await sleep(delay, req.signal);\n continue;\n }\n throw new TransientError(error.message);\n }\n cancel();\n\n const body = await readBody(res, parseJson);\n const httpResponse: HttpResponse<T> = {\n status: res.status,\n headers: res.headers,\n body: body as T,\n };\n if (req.rateLimit) {\n const state = req.rateLimit.parse(res.headers);\n if (state) {\n httpResponse.rateLimitState = state;\n }\n }\n\n if (options.observer) {\n await notifyObserver(options.observer, {\n url: req.url,\n method: req.method ?? 'GET',\n status: res.status,\n resource: options.resource,\n requestId: options.requestId ?? newRequestId(),\n body,\n });\n }\n\n if (res.ok) {\n return httpResponse;\n }\n\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\n const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? 'GET'} ${req.url}`;\n const err = errorForStatus(message, httpResponse, retryAfter);\n\n if (\n attempt < maxAttempts - 1 &&\n retryOn(res.status, err) &&\n !(err instanceof AuthError) &&\n !(err instanceof ClientBugError)\n ) {\n lastErr = err;\n let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n if (err instanceof RateLimitError && retryAfter) {\n const wait = retryAfter.getTime() - Date.now();\n if (wait > 0) {\n delay = Math.min(wait, maxDelayMs);\n }\n }\n await sleep(delay, req.signal);\n continue;\n }\n\n throw err;\n }\n\n throw lastErr ?? new UpstreamBugError('Exhausted retry attempts');\n}\n\nfunction computeDelay(\n attempt: number,\n initialDelayMs: number,\n maxDelayMs: number,\n): number {\n const base = initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, maxDelayMs);\n}\n\nexport { HttpClientError };\n","export interface RateLimitState {\n remaining: number;\n resetAt: Date;\n}\n\nexport interface RateLimitPolicy {\n parse(headers: Headers): RateLimitState | null;\n}\n\nexport interface StandardRateLimitPolicyConfig {\n remainingHeader: string;\n resetHeader: string;\n resetUnit: 's' | 'ms';\n resetFallbackMs?: number;\n}\n\nexport function standardRateLimitPolicy(\n config: StandardRateLimitPolicyConfig,\n): RateLimitPolicy {\n const { remainingHeader, resetHeader, resetUnit, resetFallbackMs } = config;\n const multiplier = resetUnit === 's' ? 1000 : 1;\n return {\n parse(h) {\n const remainingRaw = h.get(remainingHeader);\n if (remainingRaw === null || remainingRaw.trim() === '') {\n return null;\n }\n const remaining = Number(remainingRaw);\n if (!Number.isFinite(remaining)) {\n return null;\n }\n const resetRaw = h.get(resetHeader);\n if (resetRaw === null) {\n if (resetFallbackMs === undefined) {\n return null;\n }\n return {\n remaining,\n resetAt: new Date(Date.now() + resetFallbackMs),\n };\n }\n if (resetRaw.trim() === '') {\n return null;\n }\n const reset = Number(resetRaw);\n if (!Number.isFinite(reset) || reset < 0) {\n return null;\n }\n const resetMs = reset * multiplier;\n if (!Number.isFinite(resetMs)) {\n return null;\n }\n return { remaining, resetAt: new Date(resetMs) };\n },\n };\n}\n","export async function mapWithConcurrency<T, R>(\n items: readonly T[],\n concurrency: number,\n fn: (item: T, index: number) => Promise<R>,\n): Promise<R[]> {\n const results = new Array<R>(items.length);\n if (items.length === 0) {\n return results;\n }\n const normalized = Number.isFinite(concurrency) ? Math.floor(concurrency) : 1;\n const limit = Math.max(1, Math.min(normalized, items.length));\n let next = 0;\n let failed = false;\n\n async function worker(): Promise<void> {\n while (!failed) {\n const i = next++;\n if (i >= items.length) {\n return;\n }\n try {\n results[i] = await fn(items[i]!, i);\n } catch (err) {\n failed = true;\n throw err;\n }\n }\n }\n\n const workers: Promise<void>[] = [];\n for (let w = 0; w < limit; w++) {\n workers.push(worker());\n }\n await Promise.all(workers);\n return results;\n}\n","export interface SanitizeAllowedUrlOptions {\n url: string | null;\n host: string;\n pathname: string;\n protocol?: 'https:' | 'http:';\n}\n\nexport function sanitizeAllowedUrl(\n options: SanitizeAllowedUrlOptions,\n): string | null {\n const { url, host, pathname, protocol = 'https:' } = options;\n if (url === null) {\n return null;\n }\n try {\n const u = new URL(url);\n if (u.protocol !== protocol || u.host !== host || u.pathname !== pathname) {\n return null;\n }\n return u.toString();\n } catch {\n return null;\n }\n}\n","export type EpochUnit = 'ms' | 's' | 'iso';\n\nexport function parseEpoch(\n value: number | string | null | undefined,\n unit: EpochUnit,\n): number | null {\n if (value === null || value === undefined) {\n return null;\n }\n if (unit === 'iso') {\n if (typeof value !== 'string') {\n return null;\n }\n const ms = new Date(value).getTime();\n return Number.isFinite(ms) ? ms : null;\n }\n if (typeof value === 'string' && value.trim() === '') {\n return null;\n }\n const n = typeof value === 'number' ? value : Number(value);\n if (!Number.isFinite(n)) {\n return null;\n }\n const result = unit === 's' ? n * 1000 : n;\n return Number.isFinite(result) ? result : null;\n}\n","import { request } from './request';\nimport type { HttpRequest } from './types';\n\nexport function parseLinkHeader(header: string | null): Record<string, string> {\n if (!header) {\n return {};\n }\n const result: Record<string, string> = {};\n for (const part of header.split(',')) {\n const match = part.match(/<([^>]+)>\\s*;\\s*rel=\"([^\"]+)\"/);\n if (match) {\n result[match[2]!] = match[1]!;\n }\n }\n return result;\n}\n\nexport async function* paginateLink<T>(\n initial: HttpRequest,\n parse: (body: unknown) => T[],\n options: { resource: string },\n): AsyncIterable<T> {\n let next: string | null = initial.url;\n while (next) {\n const res: Awaited<ReturnType<typeof request>> = await request(\n {\n ...initial,\n url: next,\n },\n { resource: options.resource },\n );\n for (const item of parse(res.body)) {\n yield item;\n }\n const links = parseLinkHeader(res.headers.get('link'));\n next = links['next'] ?? null;\n }\n}\n\nexport async function* paginateCursor<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; nextCursor: string | null },\n buildNext: (req: HttpRequest, cursor: string) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let req: HttpRequest = initial;\n while (true) {\n const res = await request(req, { resource: options.resource });\n const { items, nextCursor } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!nextCursor) {\n return;\n }\n req = buildNext(req, nextCursor);\n }\n}\n\nexport async function* paginatePage<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; hasMore: boolean },\n buildPage: (req: HttpRequest, page: number) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let page = 1;\n while (true) {\n const req = page === 1 ? initial : buildPage(initial, page);\n const res = await request(req, { resource: options.resource });\n const { items, hasMore } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!hasMore || items.length === 0) {\n return;\n }\n page++;\n }\n}\n","export type LogFields = Record<string, unknown>;\n\nexport interface ConnectorLogger {\n info(event: string, fields?: LogFields): void;\n warn(event: string, fields?: LogFields): void;\n}\n\nexport interface ConnectorLoggerOptions {\n scope: string;\n}\n\nconst MAX_VALUE_LEN = 120;\n\nfunction truncate(s: string, max = MAX_VALUE_LEN): string {\n if (s.length <= max) {\n return s;\n }\n return `${s.slice(0, max - 1)}…`;\n}\n\nfunction formatValue(value: unknown): string {\n if (value === null) {\n return 'null';\n }\n if (value === undefined) {\n return '';\n }\n if (typeof value === 'number' || typeof value === 'boolean') {\n return String(value);\n }\n if (typeof value === 'string') {\n const t = truncate(value);\n if (/[\\s\"=]/.test(t)) {\n return JSON.stringify(t);\n }\n return t;\n }\n if (typeof value === 'bigint') {\n return value.toString();\n }\n let json: string | undefined;\n try {\n json = JSON.stringify(value);\n } catch {\n json = undefined;\n }\n return truncate(json ?? String(value));\n}\n\nexport function formatLogFields(fields?: LogFields): string {\n if (!fields) {\n return '';\n }\n const parts: string[] = [];\n for (const [k, v] of Object.entries(fields)) {\n if (v === undefined) {\n continue;\n }\n parts.push(`${k}=${formatValue(v)}`);\n }\n return parts.length > 0 ? ` ${parts.join(' ')}` : '';\n}\n\nexport function formatLogLine(\n scope: string,\n event: string,\n fields?: LogFields,\n): string {\n return `[${scope}] ${event}${formatLogFields(fields)}`;\n}\n\nexport function createDefaultConnectorLogger(\n opts: ConnectorLoggerOptions,\n): ConnectorLogger {\n return {\n info(event, fields) {\n console.info(formatLogLine(opts.scope, event, fields));\n },\n warn(event, fields) {\n console.warn(formatLogLine(opts.scope, event, fields));\n },\n };\n}\n\nconst NOOP_LOGGER: ConnectorLogger = {\n info() {},\n warn() {},\n};\n\nexport function noopConnectorLogger(): ConnectorLogger {\n return NOOP_LOGGER;\n}\n","import {\n BaseAWSConnector,\n type BaseAWSSettings,\n awsAuthConfigShape,\n awsAuthRefine,\n parseGetMetricData,\n} from '@rawdash/connector-aws-shared';\nimport { parseEpoch } from '@rawdash/connector-shared';\nimport {\n type ConnectorContext,\n type ConnectorCost,\n type ConnectorDoc,\n type JSONValue,\n type MetricSample,\n type StorageHandle,\n type SyncOptions,\n type SyncResult,\n defineConfigFields,\n defineConnectorDoc,\n defineResources,\n schemasFromResources,\n} from '@rawdash/core';\nimport { z } from 'zod';\n\nconst metricQuerySchema = z.object({\n id: z\n .string()\n .regex(\n /^[a-z][a-zA-Z0-9_]*$/,\n 'CloudWatch query id must start with a lowercase letter and contain only letters, digits, and underscores',\n ),\n namespace: z.string().min(1),\n metric: z.string().min(1),\n stat: z.string().min(1),\n periodSeconds: z\n .number()\n .int()\n .min(60)\n .refine((n) => n % 60 === 0, {\n message: 'periodSeconds must be a multiple of 60 (1 minute)',\n }),\n dimensions: z.record(z.string(), z.string()).optional(),\n});\n\nexport const configFields = defineConfigFields(\n z\n .object({\n ...awsAuthConfigShape,\n metricQueries: z.array(metricQuerySchema).nonempty().meta({\n label: 'Metric queries',\n description:\n 'CloudWatch is too broad to mirror wholesale; declare the specific metrics to pull. Each query needs an id, namespace, metric name, statistic, and period (seconds, multiple of 60), with optional dimensions.',\n }),\n lookbackMinutes: z.number().int().positive().max(40_320).optional().meta({\n label: 'Lookback (minutes)',\n description:\n 'How far back to pull data points on a full sync when the host does not supply a since bound. Defaults to 180.',\n placeholder: '180',\n }),\n })\n .refine(awsAuthRefine.predicate, { message: awsAuthRefine.message })\n .refine(\n (cfg) =>\n new Set(cfg.metricQueries.map((q) => q.id)).size ===\n cfg.metricQueries.length,\n {\n path: ['metricQueries'],\n message: 'Each metric query id must be unique',\n },\n ),\n);\n\nexport const doc: ConnectorDoc = defineConnectorDoc({\n displayName: 'AWS CloudWatch',\n category: 'infrastructure',\n brandColor: '#FF4F8B',\n tagline:\n 'Pull declared CloudWatch metric time series (any namespace, statistic, and period) into a single metric series per query.',\n rateLimit:\n 'GetMetricData is batched at most 500 metrics per call with NextToken pagination; throttling (Throttling / RequestLimitExceeded / TooManyRequests) is retried with backoff.',\n vendor: {\n name: 'Amazon Web Services',\n domain: 'aws.amazon.com',\n apiDocs:\n 'https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html',\n website: 'https://aws.amazon.com/cloudwatch/',\n },\n auth: {\n summary:\n 'Authenticate with either static IAM access keys or an assumed IAM role (STS). The principal needs cloudwatch:GetMetricData on the target region.',\n setup: [\n 'Create an IAM user or role with a policy granting `cloudwatch:GetMetricData`.',\n 'For static credentials, generate an access key ID and secret access key for that IAM user and store them as secrets.',\n 'For role assumption, set `roleArn` to the role to assume (and `externalId` if its trust policy requires one); the base credentials must be allowed to `sts:AssumeRole` it.',\n 'Set `region` to the AWS region whose CloudWatch endpoint holds the metrics, e.g. `us-east-1`.',\n 'Reference the keys from config, e.g. `accessKeyId: secret(\"AWS_ACCESS_KEY_ID\")` and `secretAccessKey: secret(\"AWS_SECRET_ACCESS_KEY\")`.',\n ],\n },\n limitations: [\n 'CloudWatch is too broad to mirror wholesale; only the metrics declared in `metricQueries` are synced; there is no automatic metric discovery.',\n 'The series name is derived from the query namespace/metric, so two queries against the same metric with different statistics or dimensions share one series name and are distinguished only by sample attributes.',\n 'Each query period must be a multiple of 60 seconds; sub-minute resolution is not supported.',\n 'A full sync uses lookbackMinutes; a latest sync uses a short window covering the last few periods.',\n ],\n});\n\nexport interface CloudWatchMetricQuery {\n id: string;\n namespace: string;\n metric: string;\n stat: string;\n periodSeconds: number;\n dimensions?: Record<string, string>;\n}\n\nexport interface CloudWatchSettings extends BaseAWSSettings {\n metricQueries: CloudWatchMetricQuery[];\n lookbackMinutes?: number;\n}\n\nconst metricDataResponseSchema = z.object({\n MetricDataResults: z.array(\n z.object({\n Id: z.string(),\n Label: z.string(),\n Timestamps: z.array(z.iso.datetime()),\n Values: z.array(z.number()),\n StatusCode: z.enum([\n 'Complete',\n 'InternalError',\n 'PartialData',\n 'Forbidden',\n ]),\n }),\n ),\n NextToken: z.string().optional(),\n});\n\nexport const awsCloudwatchResources = defineResources({\n '<namespace>/<metric>': {\n shape: 'metric',\n dynamic: true,\n description:\n 'One metric series per declared metric query. The series name is the query namespace/metric (e.g. `AWS/EC2/CPUUtilization`), so the actual keys depend on the configured `metricQueries`. Each sample carries the query statistic, period, query id, the upstream status code, and label as attributes.',\n endpoint: 'POST / (GetMetricData)',\n granularity: 'Per query period (periodSeconds, a multiple of 60)',\n notes:\n 'Each sync replaces the full set of samples for the metric names it owns (idempotent).',\n dimensions: [\n {\n name: 'stat',\n description:\n 'The CloudWatch statistic requested for the query, e.g. Average, Sum, or p99.',\n },\n {\n name: 'period',\n description: 'The aggregation period in seconds for the data points.',\n },\n {\n name: 'queryId',\n description:\n 'The configured id of the metric query that produced the sample.',\n },\n {\n name: 'statusCode',\n description:\n 'GetMetricData result status for the series (Complete, PartialData, InternalError, or Forbidden).',\n },\n {\n name: 'label',\n description:\n 'The human-readable label CloudWatch returned for the series.',\n },\n ],\n responses: { metric_data: metricDataResponseSchema },\n },\n});\n\nconst CLOUDWATCH_SERVICE = 'monitoring';\nconst CLOUDWATCH_API_VERSION = '2010-08-01';\nconst MAX_QUERIES_PER_CALL = 500;\nconst DEFAULT_LOOKBACK_MINUTES = 180;\nconst MS_PER_MINUTE = 60_000;\n\nexport const id = 'aws-cloudwatch';\n\nexport const cost: ConnectorCost = {\n warning:\n 'CloudWatch GetMetricData is billed per metric requested on the paid tier; high-frequency syncs over many metrics add up.',\n};\n\nexport class CloudWatchConnector extends BaseAWSConnector<CloudWatchSettings> {\n static readonly id = id;\n\n static readonly resources = awsCloudwatchResources;\n\n static readonly schemas = schemasFromResources(awsCloudwatchResources);\n\n static readonly cost = cost;\n\n static create(input: unknown, ctx?: ConnectorContext): CloudWatchConnector {\n const parsed = configFields.parse(input);\n return new CloudWatchConnector(\n {\n region: parsed.region,\n roleArn: parsed.roleArn,\n externalId: parsed.externalId,\n metricQueries: parsed.metricQueries,\n lookbackMinutes: parsed.lookbackMinutes,\n },\n {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n },\n ctx,\n );\n }\n\n readonly id = id;\n\n private computeWindow(options: SyncOptions): {\n startMs: number;\n endMs: number;\n } {\n const endMs = Date.now();\n if (options.since) {\n const sinceMs = parseEpoch(options.since, 'iso');\n if (sinceMs !== null) {\n return { startMs: Math.min(sinceMs, endMs), endMs };\n }\n }\n if (options.mode === 'latest') {\n const maxPeriod = Math.max(\n ...this.settings.metricQueries.map((q) => q.periodSeconds),\n 60,\n );\n return { startMs: endMs - maxPeriod * 3 * 1000, endMs };\n }\n const lookback = this.settings.lookbackMinutes ?? DEFAULT_LOOKBACK_MINUTES;\n return { startMs: endMs - lookback * MS_PER_MINUTE, endMs };\n }\n\n private buildGetMetricDataBody(\n queries: CloudWatchMetricQuery[],\n startMs: number,\n endMs: number,\n nextToken: string | undefined,\n ): string {\n const params = new URLSearchParams();\n params.set('Action', 'GetMetricData');\n params.set('Version', CLOUDWATCH_API_VERSION);\n params.set('StartTime', new Date(startMs).toISOString());\n params.set('EndTime', new Date(endMs).toISOString());\n params.set('ScanBy', 'TimestampAscending');\n if (nextToken !== undefined) {\n params.set('NextToken', nextToken);\n }\n\n queries.forEach((query, index) => {\n const prefix = `MetricDataQueries.member.${index + 1}`;\n params.set(`${prefix}.Id`, query.id);\n params.set(`${prefix}.ReturnData`, 'true');\n params.set(`${prefix}.MetricStat.Metric.Namespace`, query.namespace);\n params.set(`${prefix}.MetricStat.Metric.MetricName`, query.metric);\n params.set(`${prefix}.MetricStat.Period`, String(query.periodSeconds));\n params.set(`${prefix}.MetricStat.Stat`, query.stat);\n const dimensions = Object.entries(query.dimensions ?? {});\n dimensions.forEach(([name, value], dimIndex) => {\n const dimPrefix = `${prefix}.MetricStat.Metric.Dimensions.member.${dimIndex + 1}`;\n params.set(`${dimPrefix}.Name`, name);\n params.set(`${dimPrefix}.Value`, value);\n });\n });\n\n return params.toString();\n }\n\n async sync(\n options: SyncOptions,\n storage: StorageHandle,\n signal?: AbortSignal,\n ): Promise<SyncResult> {\n const queries = this.settings.metricQueries;\n const names = new Set(queries.map((q) => `${q.namespace}/${q.metric}`));\n\n if (queries.length === 0) {\n return { done: true };\n }\n\n const queriesById = new Map(queries.map((q) => [q.id, q]));\n const { startMs, endMs } = this.computeWindow(options);\n\n const samples: MetricSample[] = [];\n const host = `${CLOUDWATCH_SERVICE}.${this.settings.region}.amazonaws.com`;\n\n for (let i = 0; i < queries.length; i += MAX_QUERIES_PER_CALL) {\n const chunk = queries.slice(i, i + MAX_QUERIES_PER_CALL);\n let nextToken: string | undefined;\n let page = 0;\n do {\n if (signal?.aborted) {\n return { done: false };\n }\n const body = this.buildGetMetricDataBody(\n chunk,\n startMs,\n endMs,\n nextToken,\n );\n const signingCredentials = await this.resolveSigningCredentials(signal);\n const xml = await this.signedPost({\n host,\n service: CLOUDWATCH_SERVICE,\n body,\n signingCredentials,\n resource: 'metric_data',\n signal,\n });\n const parsed = parseGetMetricData(xml);\n for (const result of parsed.results) {\n const query = queriesById.get(result.id);\n if (query === undefined) {\n continue;\n }\n this.collectSamples(samples, query, result);\n }\n nextToken = parsed.nextToken ?? undefined;\n page += 1;\n this.logger.info('fetched page', {\n resource: 'metric_data',\n page,\n items: parsed.results.length,\n next: nextToken ?? null,\n });\n } while (nextToken !== undefined);\n }\n\n await storage.metrics(samples, { names: [...names] });\n this.logger.info('resource done', {\n resource: 'metric_data',\n items: samples.length,\n });\n return { done: true };\n }\n\n private collectSamples(\n samples: MetricSample[],\n query: CloudWatchMetricQuery,\n result: {\n timestamps: string[];\n values: number[];\n statusCode: string;\n label: string;\n },\n ): void {\n const name = `${query.namespace}/${query.metric}`;\n const baseAttributes: Record<string, JSONValue> = {\n ...(query.dimensions ?? {}),\n stat: query.stat,\n period: query.periodSeconds,\n queryId: query.id,\n statusCode: result.statusCode,\n label: result.label,\n };\n const count = Math.min(result.timestamps.length, result.values.length);\n for (let i = 0; i < count; i++) {\n const ts = parseEpoch(result.timestamps[i]!, 'iso');\n const value = result.values[i]!;\n if (ts === null || !Number.isFinite(value)) {\n continue;\n }\n samples.push({ name, ts, value, attributes: { ...baseAttributes } });\n }\n }\n}\n","import { CloudWatchConnector } from './aws-cloudwatch';\n\nexport {\n CloudWatchConnector,\n configFields,\n cost,\n doc,\n id,\n awsCloudwatchResources as resources,\n} from './aws-cloudwatch';\nexport type {\n CloudWatchMetricQuery,\n CloudWatchSettings,\n} from './aws-cloudwatch';\nexport default CloudWatchConnector;\n"],"mappings":";AYSA,SAAS,qBAA6C;ACTtD,SAAS,SAAS;AbAlB,IAAM,UAAU,IAAI,YAAY;AAEhC,IAAM,YAAY;AAElB,SAAS,GAAG,MAAuC;AACjD,SAAO,IAAI,WAAW,QAAQ,OAAO,IAAI,CAAC;AAC5C;AAEA,SAAS,MAAM,QAA6B;AAC1C,QAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,WAAO,MAAM,CAAC,EAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;EAC/C;AACA,SAAO;AACT;AAEA,eAAsB,UAAU,MAA+B;AAC7D,QAAM,SAAS,MAAM,WAAW,OAAO,OAAO,OAAO,WAAW,GAAG,IAAI,CAAC;AACxE,SAAO,MAAM,MAAM;AACrB;AAEA,eAAe,KAAK,KAAmB,MAAoC;AACzE,QAAM,YAAY,MAAM,WAAW,OAAO,OAAO;IAC/C;IACA;IACA,EAAE,MAAM,QAAQ,MAAM,UAAU;IAChC;IACA,CAAC,MAAM;EACT;AACA,SAAO,WAAW,OAAO,OAAO,KAAK,QAAQ,WAAW,GAAG,IAAI,CAAC;AAClE;AAEA,eAAe,iBACb,iBACA,WACA,QACA,SACsB;AACtB,QAAM,QAAQ,MAAM,KAAK,GAAG,OAAO,eAAe,EAAE,GAAG,SAAS;AAChE,QAAM,UAAU,MAAM,KAAK,OAAO,MAAM;AACxC,QAAM,WAAW,MAAM,KAAK,SAAS,OAAO;AAC5C,SAAO,KAAK,UAAU,cAAc;AACtC;AAOO,SAAS,cAAc,MAAqB;AACjD,QAAM,UAAU,KAAK,YAAY,EAAE,QAAQ,iBAAiB,EAAE;AAC9D,SAAO,EAAE,SAAS,WAAW,QAAQ,MAAM,GAAG,CAAC,EAAE;AACnD;AAiBA,eAAsB,0BACpB,QACiB;AACjB,QAAM,eAAuC,CAAC;AAC9C,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,OAAO,GAAG;AACzD,iBAAa,IAAI,YAAY,CAAC,IAAI,MAAM,KAAK,EAAE,QAAQ,QAAQ,GAAG;EACpE;AACA,QAAM,cAAc,OAAO,KAAK,YAAY,EAAE,KAAK;AAEnD,QAAM,mBAAmB,YACtB,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,aAAa,IAAI,CAAC;CAAI,EAC/C,KAAK,EAAE;AACV,QAAM,gBAAgB,YAAY,KAAK,GAAG;AAE1C,QAAM,mBAAmB;IACvB,OAAO;IACP,OAAO;IACP,OAAO;IACP;IACA;IACA,OAAO;EACT,EAAE,KAAK,IAAI;AAEX,QAAM,kBAAkB,GAAG,OAAO,SAAS,IAAI,OAAO,MAAM,IAAI,OAAO,OAAO;AAC9E,QAAM,eAAe;IACnB;IACA,OAAO;IACP;IACA,MAAM,UAAU,gBAAgB;EAClC,EAAE,KAAK,IAAI;AAEX,QAAM,aAAa,MAAM;IACvB,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;EACT;AACA,QAAM,YAAY,MAAM,MAAM,KAAK,YAAY,YAAY,CAAC;AAE5D,SACE,GAAG,SAAS,eAAe,OAAO,WAAW,IAAI,eAAe,mBAC/C,aAAa,eAAe,SAAS;AAE1D;ACjHA,SAAS,eAAe,OAAuB;AAC7C,SAAO,MACJ,QAAQ,SAAS,GAAG,EACpB,QAAQ,SAAS,GAAG,EACpB,QAAQ,WAAW,GAAG,EACtB,QAAQ,UAAU,GAAG,EACrB,QAAQ,WAAW,GAAG,EACtB,QAAQ,UAAU,GAAG;AAC1B;AAEO,SAAS,WAAW,KAAa,KAA4B;AAClE,QAAM,aAAa,IAAI,QAAQ,uBAAuB,MAAM;AAC5D,QAAM,OAAO,IAAI,OAAO,IAAI,UAAU,gBAAgB,EAAE,KAAK,GAAG;AAChE,MAAI,CAAC,MAAM;AACT,WAAO,IAAI,OAAO,IAAI,UAAU,QAAQ,EAAE,KAAK,GAAG,IAAI,KAAK;EAC7D;AACA,QAAM,QAAQ,KAAK,QAAQ,KAAK,CAAC,EAAE;AACnC,QAAM,WAAW,IAAI,QAAQ,KAAK,GAAG,KAAK,KAAK;AAC/C,MAAI,aAAa,IAAI;AACnB,WAAO;EACT;AACA,SAAO,IAAI,MAAM,OAAO,QAAQ;AAClC;AAEO,SAAS,UAAU,KAAa,KAA4B;AACjE,QAAM,QAAQ,WAAW,KAAK,GAAG;AACjC,SAAO,UAAU,OAAO,OAAO,eAAe,KAAK,EAAE,KAAK;AAC5D;AAEO,SAAS,gBAAgB,KAAuB;AACrD,QAAM,UAAoB,CAAC;AAC3B,QAAM,KAAK;AACX,MAAI,QAAQ;AACZ,MAAI,eAAe;AACnB,MAAI;AACJ,UAAQ,QAAQ,GAAG,KAAK,GAAG,OAAO,MAAM;AACtC,QAAI,MAAM,CAAC,EAAE,WAAW,IAAI,GAAG;AAC7B;AACA,UAAI,UAAU,KAAK,iBAAiB,IAAI;AACtC,gBAAQ,KAAK,IAAI,MAAM,cAAc,MAAM,KAAK,CAAC;AACjD,uBAAe;MACjB;IACF,OAAO;AACL,UAAI,UAAU,GAAG;AACf,uBAAe,MAAM,QAAQ,MAAM,CAAC,EAAE;MACxC;AACA;IACF;EACF;AACA,SAAO;AACT;AAeO,SAAS,mBAAmB,KAAkC;AACnE,QAAM,eAAe,WAAW,KAAK,mBAAmB,KAAK;AAC7D,QAAM,UAAU,gBAAgB,YAAY,EAAE,IAAI,CAAC,WAAW;AAC5D,UAAM,UAAU,WAAW,QAAQ,YAAY,KAAK;AACpD,UAAM,WAAW,WAAW,QAAQ,QAAQ,KAAK;AACjD,WAAO;MACL,IAAI,UAAU,QAAQ,IAAI,KAAK;MAC/B,OAAO,UAAU,QAAQ,OAAO,KAAK;MACrC,YAAY,UAAU,QAAQ,YAAY,KAAK;MAC/C,YAAY,gBAAgB,OAAO,EAAE,IAAI,CAAC,MAAM,eAAe,CAAC,EAAE,KAAK,CAAC;MACxE,QAAQ,gBAAgB,QAAQ,EAAE;QAAI,CAAC,MACrC,OAAO,eAAe,CAAC,EAAE,KAAK,CAAC;MACjC;IACF;EACF,CAAC;AACD,QAAM,YAAY,UAAU,KAAK,WAAW;AAC5C,SAAO,EAAE,SAAS,WAAW,cAAc,KAAK,OAAO,UAAU;AACnE;AASO,SAAS,gBAAgB,KAAoC;AAClE,QAAM,YAAY,WAAW,KAAK,aAAa;AAC/C,MAAI,cAAc,MAAM;AACtB,WAAO;EACT;AACA,QAAM,cAAc,UAAU,WAAW,aAAa,KAAK;AAC3D,QAAM,kBAAkB,UAAU,WAAW,iBAAiB,KAAK;AACnE,MAAI,gBAAgB,MAAM,oBAAoB,IAAI;AAChD,WAAO;EACT;AACA,SAAO;IACL;IACA;IACA,cAAc,UAAU,WAAW,cAAc,KAAK;IACtD,YAAY,UAAU,WAAW,YAAY,KAAK;EACpD;AACF;AAEO,SAAS,eAAe,KAA4B;AACzD,SAAO,UAAU,KAAK,MAAM;AAC9B;ACtGO,IAAe,kBAAf,cAAuC,MAAM;EAEzC;EAET,YAAY,SAAiB,UAAyB;AACpD,UAAM,OAAO;AACb,SAAK,OAAO,WAAW;AACvB,SAAK,WAAW;EAClB;AACF;AAEO,IAAM,iBAAN,cAA6B,gBAAgB;EACzC,OAAO;AAClB;AAEO,IAAM,iBAAN,cAA6B,gBAAgB;EACzC,OAAO;EACP;EAET,YAAY,SAAiB,UAAyB,YAAmB;AACvE,UAAM,SAAS,QAAQ;AACvB,SAAK,aAAa;EACpB;AACF;AAEO,IAAM,YAAN,cAAwB,gBAAgB;EACpC,OAAO;AAClB;AEpCO,IAAM,sBAAsB;AAE5B,IAAM,qBAAqB,qBAAqB,mBAAmB;AAEnE,SAAS,mBAAmB,aAA6B;AAC9D,SAAO,qBAAqB,WAAW,IAAI,mBAAmB;AAChE;AKJO,SAAS,WACd,OACA,MACe;AACf,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;EACT;AACA,MAAI,SAAS,OAAO;AAClB,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;IACT;AACA,UAAM,KAAK,IAAI,KAAK,KAAK,EAAE,QAAQ;AACnC,WAAO,OAAO,SAAS,EAAE,IAAI,KAAK;EACpC;AACA,MAAI,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAI;AACpD,WAAO;EACT;AACA,QAAM,IAAI,OAAO,UAAU,WAAW,QAAQ,OAAO,KAAK;AAC1D,MAAI,CAAC,OAAO,SAAS,CAAC,GAAG;AACvB,WAAO;EACT;AACA,QAAM,SAAS,SAAS,MAAM,IAAI,MAAO;AACzC,SAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAC5C;AGLO,IAAM,uBAAuB;EAClC,aAAa;IACX,aAAa;IACb,MAAM;EACR;EACA,iBAAiB;IACf,aAAa;IACb,MAAM;EACR;AACF;AAUA,IAAM,cAAc;AACpB,IAAM,kBAAkB;AACxB,IAAM,6BAA6B;AACnC,IAAM,+BAA+B;AACrC,IAAM,oBAAoB;AAE1B,SAAS,QAAQ,MAAkC;AACjD,QAAM,MACJ,WAGA,SAAS;AACX,SAAO,MAAM,IAAI;AACnB;AAEO,IAAe,mBAAf,cAEG,cAAyC;EAC/B,cAAc;EAExB,eAGG;EAED,kBAAsC;AAC9C,UAAM,EAAE,aAAa,gBAAgB,IAAI,KAAK;AAC9C,QAAI,eAAe,iBAAiB;AAClC,aAAO,EAAE,aAAa,gBAAgB;IACxC;AACA,UAAM,iBAAiB,QAAQ,mBAAmB;AAClD,UAAM,qBAAqB,QAAQ,uBAAuB;AAC1D,QAAI,kBAAkB,oBAAoB;AACxC,aAAO;QACL,aAAa;QACb,iBAAiB;QACjB,cAAc,QAAQ,mBAAmB,KAAK;MAChD;IACF;AACA,UAAM,IAAI;MACR,GAAG,KAAK,EAAE;IACZ;EACF;EAEA,MAAgB,0BACd,QAC6B;AAC7B,QAAI,KAAK,SAAS,YAAY,QAAW;AACvC,YAAM,EAAE,aAAa,gBAAgB,IAAI,KAAK;AAC9C,UAAI,CAAC,eAAe,CAAC,iBAAiB;AACpC,cAAM,IAAI;UACR,GAAG,KAAK,EAAE;QACZ;MACF;AACA,aAAO,EAAE,aAAa,gBAAgB;IACxC;AAEA,QAAI,KAAK,gBAAgB,KAAK,IAAI,IAAI,KAAK,aAAa,WAAW;AACjE,aAAO,KAAK,aAAa;IAC3B;AACA,WAAO,KAAK,WAAW,KAAK,SAAS,SAAS,MAAM;EACtD;EAEA,MAAc,WACZ,SACA,QAC6B;AAC7B,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,UAAU,YAAY;AACjC,WAAO,IAAI,WAAW,eAAe;AACrC,WAAO,IAAI,WAAW,OAAO;AAC7B,WAAO,IAAI,mBAAmB,WAAW,KAAK,EAAE,EAAE;AAClD,WAAO,IAAI,mBAAmB,OAAO,4BAA4B,CAAC;AAClE,QAAI,KAAK,SAAS,eAAe,QAAW;AAC1C,aAAO,IAAI,cAAc,KAAK,SAAS,UAAU;IACnD;AAEA,UAAM,OAAO,OAAO,KAAK,SAAS,MAAM;AACxC,UAAM,MAAM,MAAM,KAAK,WAAW;MAChC;MACA,SAAS;MACT,MAAM,OAAO,SAAS;MACtB,oBAAoB,KAAK,gBAAgB;MACzC,UAAU;MACV;IACF,CAAC;AAED,UAAM,SAAS,gBAAgB,GAAG;AAClC,QAAI,WAAW,MAAM;AACnB,YAAM,IAAI;QACR,GAAG,KAAK,EAAE;MACZ;IACF;AACA,SAAK,wBAAwB,MAAM;AACnC,WAAO;MACL,aAAa,OAAO;MACpB,iBAAiB,OAAO;MACxB,cAAc,OAAO,gBAAgB;IACvC;EACF;EAEQ,wBAAwB,QAA8B;AAC5D,UAAM,eAAe,WAAW,OAAO,YAAY,KAAK;AACxD,UAAM,YACJ,iBAAiB,OACb,eAAe,6BACf,KAAK,IAAI,KAAK,+BAA+B,MAAM;AACzD,SAAK,eAAe;MAClB,OAAO;QACL,aAAa,OAAO;QACpB,iBAAiB,OAAO;QACxB,cAAc,OAAO,gBAAgB;MACvC;MACA;IACF;EACF;EAEA,MAAgB,WAAW,MAOP;AAClB,UAAM,EAAE,SAAS,UAAU,IAAI,cAAc,oBAAI,KAAK,CAAC;AACvD,UAAM,cAAc,MAAM,UAAU,KAAK,IAAI;AAE7C,UAAM,gBAAwC;MAC5C,MAAM,KAAK;MACX,gBAAgB;MAChB,wBAAwB;MACxB,cAAc;IAChB;AACA,QAAI,KAAK,mBAAmB,iBAAiB,QAAW;AACtD,oBAAc,sBAAsB,IAClC,KAAK,mBAAmB;IAC5B;AAEA,UAAM,gBAAgB,MAAM,0BAA0B;MACpD,QAAQ;MACR,MAAM,KAAK;MACX,MAAM;MACN,OAAO;MACP,SAAS;MACT;MACA,aAAa,KAAK,mBAAmB;MACrC,iBAAiB,KAAK,mBAAmB;MACzC,QAAQ,KAAK,SAAS;MACtB,SAAS,KAAK;MACd;MACA;IACF,CAAC;AAED,UAAM,cAAsC;MAC1C,gBAAgB;MAChB,wBAAwB;MACxB,cAAc;MACd,cAAc,mBAAmB,KAAK,EAAE;MACxC,eAAe;IACjB;AACA,QAAI,KAAK,mBAAmB,iBAAiB,QAAW;AACtD,kBAAY,sBAAsB,IAChC,KAAK,mBAAmB;IAC5B;AAEA,QAAI;AACF,YAAM,MAA4B,MAAM,KAAK;QAC3C;UACE,KAAK,WAAW,KAAK,IAAI;UACzB,QAAQ;UACR,SAAS;UACT,MAAM,KAAK;UACX,WAAW;UACX,QAAQ,KAAK;QACf;QACA,EAAE,UAAU,KAAK,SAAS;MAC5B;AACA,aAAO,IAAI;IACb,SAAS,KAAK;AACZ,YAAM,KAAK,iBAAiB,GAAG;IACjC;EACF;EAEU,iBAAiB,KAAuB;AAChD,QAAI,EAAE,eAAe,UAAU,EAAE,UAAU,MAAM;AAC/C,aAAO;IACT;AACA,UAAM,UAAU;AAChB,UAAM,OACJ,OAAO,QAAQ,UAAU,SAAS,WAAW,QAAQ,SAAS,OAAO;AACvE,UAAM,OAAO,eAAe,IAAI,KAAK;AACrC,UAAM,SAAS,QAAQ,UAAU,UAAU;AAE3C,QACE,8DAA8D,KAAK,IAAI,GACvE;AACA,aAAO,IAAI,eAAe,QAAQ,SAAS,QAAQ,QAAQ;IAC7D;AACA,QACE,uHAAuH;MACrH;IACF,GACA;AACA,aAAO,IAAI,UAAU,QAAQ,SAAS,QAAQ,QAAQ;IACxD;AACA,QAAI,UAAU,KAAK;AACjB,aAAO,IAAI,eAAe,QAAQ,SAAS,QAAQ,QAAQ;IAC7D;AACA,WAAO;EACT;AACF;ACxPO,IAAM,qBAAqB;EAChC,QAAQ,EACL,OAAO,EACP;IACC;IACA;EACF,EACC,KAAK;IACJ,OAAO;IACP,aACE;IACF,aAAa;EACf,CAAC;EACH,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK;IAC7D,OAAO;IACP,aACE;IACF,QAAQ;EACV,CAAC;EACD,iBAAiB,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK;IACjE,OAAO;IACP,aAAa;IACb,QAAQ;EACV,CAAC;EACD,SAAS,EACN,OAAO,EACP;IACC;IACA;EACF,EACC,SAAS,EACT,KAAK;IACJ,OAAO;IACP,aACE;IACF,aAAa;EACf,CAAC;EACH,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK;IAC5C,OAAO;IACP,aACE;EACJ,CAAC;AACH;AAUO,IAAM,gBAAgB;EAC3B,WAAW,CAAC,QAAgC;AAC1C,UAAM,UAAU,IAAI,YAAY;AAChC,UAAM,YACJ,IAAI,gBAAgB,UAAa,IAAI,oBAAoB;AAC3D,QAAI,IAAI,eAAe,UAAa,CAAC,SAAS;AAC5C,aAAO;IACT;AACA,WAAO,WAAW;EACpB;EACA,SACE;AACJ;;;AGlEO,IAAMA,uBAAsB;AAE5B,IAAMC,sBAAqB,qBAAqBD,oBAAmB;AKAnE,SAASE,YACd,OACA,MACe;AACf,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;EACT;AACA,MAAI,SAAS,OAAO;AAClB,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;IACT;AACA,UAAM,KAAK,IAAI,KAAK,KAAK,EAAE,QAAQ;AACnC,WAAO,OAAO,SAAS,EAAE,IAAI,KAAK;EACpC;AACA,MAAI,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAI;AACpD,WAAO;EACT;AACA,QAAM,IAAI,OAAO,UAAU,WAAW,QAAQ,OAAO,KAAK;AAC1D,MAAI,CAAC,OAAO,SAAS,CAAC,GAAG;AACvB,WAAO;EACT;AACA,QAAM,SAAS,SAAS,MAAM,IAAI,MAAO;AACzC,SAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAC5C;;;AGjBA;AAAA,EASE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,KAAAC,UAAS;AAElB,IAAM,oBAAoBA,GAAE,OAAO;AAAA,EACjC,IAAIA,GACD,OAAO,EACP;AAAA,IACC;AAAA,IACA;AAAA,EACF;AAAA,EACF,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACxB,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,eAAeA,GACZ,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,OAAO,CAAC,MAAM,IAAI,OAAO,GAAG;AAAA,IAC3B,SAAS;AAAA,EACX,CAAC;AAAA,EACH,YAAYA,GAAE,OAAOA,GAAE,OAAO,GAAGA,GAAE,OAAO,CAAC,EAAE,SAAS;AACxD,CAAC;AAEM,IAAM,eAAe;AAAA,EAC1BA,GACG,OAAO;AAAA,IACN,GAAG;AAAA,IACH,eAAeA,GAAE,MAAM,iBAAiB,EAAE,SAAS,EAAE,KAAK;AAAA,MACxD,OAAO;AAAA,MACP,aACE;AAAA,IACJ,CAAC;AAAA,IACD,iBAAiBA,GAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,KAAM,EAAE,SAAS,EAAE,KAAK;AAAA,MACvE,OAAO;AAAA,MACP,aACE;AAAA,MACF,aAAa;AAAA,IACf,CAAC;AAAA,EACH,CAAC,EACA,OAAO,cAAc,WAAW,EAAE,SAAS,cAAc,QAAQ,CAAC,EAClE;AAAA,IACC,CAAC,QACC,IAAI,IAAI,IAAI,cAAc,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,SAC5C,IAAI,cAAc;AAAA,IACpB;AAAA,MACE,MAAM,CAAC,eAAe;AAAA,MACtB,SAAS;AAAA,IACX;AAAA,EACF;AACJ;AAEO,IAAM,MAAoB,mBAAmB;AAAA,EAClD,aAAa;AAAA,EACb,UAAU;AAAA,EACV,YAAY;AAAA,EACZ,SACE;AAAA,EACF,WACE;AAAA,EACF,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,SACE;AAAA,IACF,SAAS;AAAA,EACX;AAAA,EACA,MAAM;AAAA,IACJ,SACE;AAAA,IACF,OAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EACA,aAAa;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF,CAAC;AAgBD,IAAM,2BAA2BA,GAAE,OAAO;AAAA,EACxC,mBAAmBA,GAAE;AAAA,IACnBA,GAAE,OAAO;AAAA,MACP,IAAIA,GAAE,OAAO;AAAA,MACb,OAAOA,GAAE,OAAO;AAAA,MAChB,YAAYA,GAAE,MAAMA,GAAE,IAAI,SAAS,CAAC;AAAA,MACpC,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC;AAAA,MAC1B,YAAYA,GAAE,KAAK;AAAA,QACjB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA,EACA,WAAWA,GAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAEM,IAAM,yBAAyB,gBAAgB;AAAA,EACpD,wBAAwB;AAAA,IACtB,OAAO;AAAA,IACP,SAAS;AAAA,IACT,aACE;AAAA,IACF,UAAU;AAAA,IACV,aAAa;AAAA,IACb,OACE;AAAA,IACF,YAAY;AAAA,MACV;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,IACF;AAAA,IACA,WAAW,EAAE,aAAa,yBAAyB;AAAA,EACrD;AACF,CAAC;AAED,IAAM,qBAAqB;AAC3B,IAAM,yBAAyB;AAC/B,IAAM,uBAAuB;AAC7B,IAAM,2BAA2B;AACjC,IAAM,gBAAgB;AAEf,IAAM,KAAK;AAEX,IAAM,OAAsB;AAAA,EACjC,SACE;AACJ;AAEO,IAAM,sBAAN,MAAM,6BAA4B,iBAAqC;AAAA,EAC5E,OAAgB,KAAK;AAAA,EAErB,OAAgB,YAAY;AAAA,EAE5B,OAAgB,UAAU,qBAAqB,sBAAsB;AAAA,EAErE,OAAgB,OAAO;AAAA,EAEvB,OAAO,OAAO,OAAgB,KAA6C;AACzE,UAAM,SAAS,aAAa,MAAM,KAAK;AACvC,WAAO,IAAI;AAAA,MACT;AAAA,QACE,QAAQ,OAAO;AAAA,QACf,SAAS,OAAO;AAAA,QAChB,YAAY,OAAO;AAAA,QACnB,eAAe,OAAO;AAAA,QACtB,iBAAiB,OAAO;AAAA,MAC1B;AAAA,MACA;AAAA,QACE,aAAa,OAAO;AAAA,QACpB,iBAAiB,OAAO;AAAA,MAC1B;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAES,KAAK;AAAA,EAEN,cAAc,SAGpB;AACA,UAAM,QAAQ,KAAK,IAAI;AACvB,QAAI,QAAQ,OAAO;AACjB,YAAM,UAAUC,YAAW,QAAQ,OAAO,KAAK;AAC/C,UAAI,YAAY,MAAM;AACpB,eAAO,EAAE,SAAS,KAAK,IAAI,SAAS,KAAK,GAAG,MAAM;AAAA,MACpD;AAAA,IACF;AACA,QAAI,QAAQ,SAAS,UAAU;AAC7B,YAAM,YAAY,KAAK;AAAA,QACrB,GAAG,KAAK,SAAS,cAAc,IAAI,CAAC,MAAM,EAAE,aAAa;AAAA,QACzD;AAAA,MACF;AACA,aAAO,EAAE,SAAS,QAAQ,YAAY,IAAI,KAAM,MAAM;AAAA,IACxD;AACA,UAAM,WAAW,KAAK,SAAS,mBAAmB;AAClD,WAAO,EAAE,SAAS,QAAQ,WAAW,eAAe,MAAM;AAAA,EAC5D;AAAA,EAEQ,uBACN,SACA,SACA,OACA,WACQ;AACR,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,UAAU,eAAe;AACpC,WAAO,IAAI,WAAW,sBAAsB;AAC5C,WAAO,IAAI,aAAa,IAAI,KAAK,OAAO,EAAE,YAAY,CAAC;AACvD,WAAO,IAAI,WAAW,IAAI,KAAK,KAAK,EAAE,YAAY,CAAC;AACnD,WAAO,IAAI,UAAU,oBAAoB;AACzC,QAAI,cAAc,QAAW;AAC3B,aAAO,IAAI,aAAa,SAAS;AAAA,IACnC;AAEA,YAAQ,QAAQ,CAAC,OAAO,UAAU;AAChC,YAAM,SAAS,4BAA4B,QAAQ,CAAC;AACpD,aAAO,IAAI,GAAG,MAAM,OAAO,MAAM,EAAE;AACnC,aAAO,IAAI,GAAG,MAAM,eAAe,MAAM;AACzC,aAAO,IAAI,GAAG,MAAM,gCAAgC,MAAM,SAAS;AACnE,aAAO,IAAI,GAAG,MAAM,iCAAiC,MAAM,MAAM;AACjE,aAAO,IAAI,GAAG,MAAM,sBAAsB,OAAO,MAAM,aAAa,CAAC;AACrE,aAAO,IAAI,GAAG,MAAM,oBAAoB,MAAM,IAAI;AAClD,YAAM,aAAa,OAAO,QAAQ,MAAM,cAAc,CAAC,CAAC;AACxD,iBAAW,QAAQ,CAAC,CAAC,MAAM,KAAK,GAAG,aAAa;AAC9C,cAAM,YAAY,GAAG,MAAM,wCAAwC,WAAW,CAAC;AAC/E,eAAO,IAAI,GAAG,SAAS,SAAS,IAAI;AACpC,eAAO,IAAI,GAAG,SAAS,UAAU,KAAK;AAAA,MACxC,CAAC;AAAA,IACH,CAAC;AAED,WAAO,OAAO,SAAS;AAAA,EACzB;AAAA,EAEA,MAAM,KACJ,SACA,SACA,QACqB;AACrB,UAAM,UAAU,KAAK,SAAS;AAC9B,UAAM,QAAQ,IAAI,IAAI,QAAQ,IAAI,CAAC,MAAM,GAAG,EAAE,SAAS,IAAI,EAAE,MAAM,EAAE,CAAC;AAEtE,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,EAAE,MAAM,KAAK;AAAA,IACtB;AAEA,UAAM,cAAc,IAAI,IAAI,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AACzD,UAAM,EAAE,SAAS,MAAM,IAAI,KAAK,cAAc,OAAO;AAErD,UAAM,UAA0B,CAAC;AACjC,UAAM,OAAO,GAAG,kBAAkB,IAAI,KAAK,SAAS,MAAM;AAE1D,aAAS,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK,sBAAsB;AAC7D,YAAM,QAAQ,QAAQ,MAAM,GAAG,IAAI,oBAAoB;AACvD,UAAI;AACJ,UAAI,OAAO;AACX,SAAG;AACD,YAAI,QAAQ,SAAS;AACnB,iBAAO,EAAE,MAAM,MAAM;AAAA,QACvB;AACA,cAAM,OAAO,KAAK;AAAA,UAChB;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AACA,cAAM,qBAAqB,MAAM,KAAK,0BAA0B,MAAM;AACtE,cAAM,MAAM,MAAM,KAAK,WAAW;AAAA,UAChC;AAAA,UACA,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,UAAU;AAAA,UACV;AAAA,QACF,CAAC;AACD,cAAM,SAAS,mBAAmB,GAAG;AACrC,mBAAW,UAAU,OAAO,SAAS;AACnC,gBAAM,QAAQ,YAAY,IAAI,OAAO,EAAE;AACvC,cAAI,UAAU,QAAW;AACvB;AAAA,UACF;AACA,eAAK,eAAe,SAAS,OAAO,MAAM;AAAA,QAC5C;AACA,oBAAY,OAAO,aAAa;AAChC,gBAAQ;AACR,aAAK,OAAO,KAAK,gBAAgB;AAAA,UAC/B,UAAU;AAAA,UACV;AAAA,UACA,OAAO,OAAO,QAAQ;AAAA,UACtB,MAAM,aAAa;AAAA,QACrB,CAAC;AAAA,MACH,SAAS,cAAc;AAAA,IACzB;AAEA,UAAM,QAAQ,QAAQ,SAAS,EAAE,OAAO,CAAC,GAAG,KAAK,EAAE,CAAC;AACpD,SAAK,OAAO,KAAK,iBAAiB;AAAA,MAChC,UAAU;AAAA,MACV,OAAO,QAAQ;AAAA,IACjB,CAAC;AACD,WAAO,EAAE,MAAM,KAAK;AAAA,EACtB;AAAA,EAEQ,eACN,SACA,OACA,QAMM;AACN,UAAM,OAAO,GAAG,MAAM,SAAS,IAAI,MAAM,MAAM;AAC/C,UAAM,iBAA4C;AAAA,MAChD,GAAI,MAAM,cAAc,CAAC;AAAA,MACzB,MAAM,MAAM;AAAA,MACZ,QAAQ,MAAM;AAAA,MACd,SAAS,MAAM;AAAA,MACf,YAAY,OAAO;AAAA,MACnB,OAAO,OAAO;AAAA,IAChB;AACA,UAAM,QAAQ,KAAK,IAAI,OAAO,WAAW,QAAQ,OAAO,OAAO,MAAM;AACrE,aAAS,IAAI,GAAG,IAAI,OAAO,KAAK;AAC9B,YAAM,KAAKA,YAAW,OAAO,WAAW,CAAC,GAAI,KAAK;AAClD,YAAM,QAAQ,OAAO,OAAO,CAAC;AAC7B,UAAI,OAAO,QAAQ,CAAC,OAAO,SAAS,KAAK,GAAG;AAC1C;AAAA,MACF;AACA,cAAQ,KAAK,EAAE,MAAM,IAAI,OAAO,YAAY,EAAE,GAAG,eAAe,EAAE,CAAC;AAAA,IACrE;AAAA,EACF;AACF;;;ACxWA,IAAO,gBAAQ;","names":["HTTP_CLIENT_VERSION","DEFAULT_USER_AGENT","parseEpoch","z","parseEpoch"]}
1
+ {"version":3,"sources":["../../aws-shared/src/sigv4.ts","../../aws-shared/src/xml.ts","../../../connector-shared/src/errors.ts","../../../connector-shared/src/retry.ts","../../../connector-shared/src/version.ts","../../../connector-shared/src/request.ts","../../../connector-shared/src/rate-limit.ts","../../../connector-shared/src/map-concurrent.ts","../../../connector-shared/src/sanitize.ts","../../../connector-shared/src/epoch.ts","../../../connector-shared/src/pagination.ts","../../../connector-shared/src/logger.ts","../../aws-shared/src/base-aws-connector.ts","../../aws-shared/src/config.ts","../../../connector-shared/src/errors.ts","../../../connector-shared/src/retry.ts","../../../connector-shared/src/version.ts","../../../connector-shared/src/request.ts","../../../connector-shared/src/rate-limit.ts","../../../connector-shared/src/map-concurrent.ts","../../../connector-shared/src/sanitize.ts","../../../connector-shared/src/epoch.ts","../../../connector-shared/src/pagination.ts","../../../connector-shared/src/logger.ts","../src/aws-cloudwatch.ts","../src/index.ts"],"sourcesContent":["const encoder = new TextEncoder();\n\nconst ALGORITHM = 'AWS4-HMAC-SHA256';\n\nfunction u8(data: string): Uint8Array<ArrayBuffer> {\n return new Uint8Array(encoder.encode(data));\n}\n\nfunction toHex(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += bytes[i]!.toString(16).padStart(2, '0');\n }\n return hex;\n}\n\nexport async function sha256Hex(data: string): Promise<string> {\n const digest = await globalThis.crypto.subtle.digest('SHA-256', u8(data));\n return toHex(digest);\n}\n\nasync function hmac(key: BufferSource, data: string): Promise<ArrayBuffer> {\n const cryptoKey = await globalThis.crypto.subtle.importKey(\n 'raw',\n key,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n );\n return globalThis.crypto.subtle.sign('HMAC', cryptoKey, u8(data));\n}\n\nasync function deriveSigningKey(\n secretAccessKey: string,\n dateStamp: string,\n region: string,\n service: string,\n): Promise<ArrayBuffer> {\n const kDate = await hmac(u8(`AWS4${secretAccessKey}`), dateStamp);\n const kRegion = await hmac(kDate, region);\n const kService = await hmac(kRegion, service);\n return hmac(kService, 'aws4_request');\n}\n\nexport interface AmzDate {\n amzDate: string;\n dateStamp: string;\n}\n\nexport function formatAmzDate(date: Date): AmzDate {\n const amzDate = date.toISOString().replace(/[:-]|\\.\\d{3}/g, '');\n return { amzDate, dateStamp: amzDate.slice(0, 8) };\n}\n\nexport interface SignParams {\n method: string;\n host: string;\n path: string;\n query: string;\n headers: Record<string, string>;\n payloadHash: string;\n accessKeyId: string;\n secretAccessKey: string;\n region: string;\n service: string;\n amzDate: string;\n dateStamp: string;\n}\n\nexport async function createAuthorizationHeader(\n params: SignParams,\n): Promise<string> {\n const lowerHeaders: Record<string, string> = {};\n for (const [key, value] of Object.entries(params.headers)) {\n lowerHeaders[key.toLowerCase()] = value.trim().replace(/\\s+/g, ' ');\n }\n const sortedNames = Object.keys(lowerHeaders).sort();\n\n const canonicalHeaders = sortedNames\n .map((name) => `${name}:${lowerHeaders[name]}\\n`)\n .join('');\n const signedHeaders = sortedNames.join(';');\n\n const canonicalRequest = [\n params.method,\n params.path,\n params.query,\n canonicalHeaders,\n signedHeaders,\n params.payloadHash,\n ].join('\\n');\n\n const credentialScope = `${params.dateStamp}/${params.region}/${params.service}/aws4_request`;\n const stringToSign = [\n ALGORITHM,\n params.amzDate,\n credentialScope,\n await sha256Hex(canonicalRequest),\n ].join('\\n');\n\n const signingKey = await deriveSigningKey(\n params.secretAccessKey,\n params.dateStamp,\n params.region,\n params.service,\n );\n const signature = toHex(await hmac(signingKey, stringToSign));\n\n return (\n `${ALGORITHM} Credential=${params.accessKeyId}/${credentialScope}, ` +\n `SignedHeaders=${signedHeaders}, Signature=${signature}`\n );\n}\n","function decodeEntities(value: string): string {\n return value\n .replace(/&lt;/g, '<')\n .replace(/&gt;/g, '>')\n .replace(/&quot;/g, '\"')\n .replace(/&#39;/g, \"'\")\n .replace(/&apos;/g, \"'\")\n .replace(/&amp;/g, '&');\n}\n\nexport function firstInner(xml: string, tag: string): string | null {\n const escapedTag = tag.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&');\n const open = new RegExp(`<${escapedTag}(?:\\\\s[^>]*)?>`).exec(xml);\n if (!open) {\n return new RegExp(`<${escapedTag}\\\\s*/>`).test(xml) ? '' : null;\n }\n const start = open.index + open[0].length;\n const closeIdx = xml.indexOf(`</${tag}>`, start);\n if (closeIdx === -1) {\n return null;\n }\n return xml.slice(start, closeIdx);\n}\n\nexport function firstText(xml: string, tag: string): string | null {\n const inner = firstInner(xml, tag);\n return inner === null ? null : decodeEntities(inner).trim();\n}\n\nexport function topLevelMembers(xml: string): string[] {\n const results: string[] = [];\n const re = /<member(?:\\s[^>]*)?>|<\\/member>/g;\n let depth = 0;\n let contentStart = -1;\n let match: RegExpExecArray | null;\n while ((match = re.exec(xml)) !== null) {\n if (match[0].startsWith('</')) {\n depth--;\n if (depth === 0 && contentStart !== -1) {\n results.push(xml.slice(contentStart, match.index));\n contentStart = -1;\n }\n } else {\n if (depth === 0) {\n contentStart = match.index + match[0].length;\n }\n depth++;\n }\n }\n return results;\n}\n\nexport interface MetricDataResult {\n id: string;\n label: string;\n statusCode: string;\n timestamps: string[];\n values: number[];\n}\n\nexport interface GetMetricDataParsed {\n results: MetricDataResult[];\n nextToken: string | null;\n}\n\nexport function parseGetMetricData(xml: string): GetMetricDataParsed {\n const resultsBlock = firstInner(xml, 'MetricDataResults') ?? '';\n const results = topLevelMembers(resultsBlock).map((member) => {\n const tsBlock = firstInner(member, 'Timestamps') ?? '';\n const valBlock = firstInner(member, 'Values') ?? '';\n return {\n id: firstText(member, 'Id') ?? '',\n label: firstText(member, 'Label') ?? '',\n statusCode: firstText(member, 'StatusCode') ?? '',\n timestamps: topLevelMembers(tsBlock).map((t) => decodeEntities(t).trim()),\n values: topLevelMembers(valBlock).map((v) =>\n Number(decodeEntities(v).trim()),\n ),\n };\n });\n const nextToken = firstText(xml, 'NextToken');\n return { results, nextToken: nextToken === '' ? null : nextToken };\n}\n\nexport interface StsCredentials {\n accessKeyId: string;\n secretAccessKey: string;\n sessionToken: string;\n expiration: string;\n}\n\nexport function parseAssumeRole(xml: string): StsCredentials | null {\n const credBlock = firstInner(xml, 'Credentials');\n if (credBlock === null) {\n return null;\n }\n const accessKeyId = firstText(credBlock, 'AccessKeyId') ?? '';\n const secretAccessKey = firstText(credBlock, 'SecretAccessKey') ?? '';\n if (accessKeyId === '' || secretAccessKey === '') {\n return null;\n }\n return {\n accessKeyId,\n secretAccessKey,\n sessionToken: firstText(credBlock, 'SessionToken') ?? '',\n expiration: firstText(credBlock, 'Expiration') ?? '',\n };\n}\n\nexport function parseErrorCode(xml: string): string | null {\n return firstText(xml, 'Code');\n}\n","import type { HttpResponse } from './types';\n\nexport type HttpErrorKind =\n | 'transient'\n | 'rate_limit'\n | 'auth'\n | 'upstream_bug'\n | 'client_bug';\n\nexport abstract class HttpClientError extends Error {\n abstract readonly kind: HttpErrorKind;\n readonly response?: HttpResponse;\n\n constructor(message: string, response?: HttpResponse) {\n super(message);\n this.name = new.target.name;\n this.response = response;\n }\n}\n\nexport class TransientError extends HttpClientError {\n readonly kind = 'transient' as const;\n}\n\nexport class RateLimitError extends HttpClientError {\n readonly kind = 'rate_limit' as const;\n readonly retryAfter?: Date;\n\n constructor(message: string, response?: HttpResponse, retryAfter?: Date) {\n super(message, response);\n this.retryAfter = retryAfter;\n }\n}\n\nexport class AuthError extends HttpClientError {\n readonly kind = 'auth' as const;\n}\n\nexport class UpstreamBugError extends HttpClientError {\n readonly kind = 'upstream_bug' as const;\n}\n\nexport class ClientBugError extends HttpClientError {\n readonly kind = 'client_bug' as const;\n}\n\nexport function classifyStatus(status: number): HttpErrorKind {\n if (status === 429) {\n return 'rate_limit';\n }\n if (status === 401 || status === 403) {\n return 'auth';\n }\n if (status === 408) {\n return 'transient';\n }\n if (status >= 500) {\n return 'upstream_bug';\n }\n if (status >= 400) {\n return 'client_bug';\n }\n return 'client_bug';\n}\n\nexport function errorForStatus(\n message: string,\n response: HttpResponse,\n retryAfter?: Date,\n): HttpClientError {\n const kind = classifyStatus(response.status);\n switch (kind) {\n case 'rate_limit':\n return new RateLimitError(message, response, retryAfter);\n case 'auth':\n return new AuthError(message, response);\n case 'transient':\n return new TransientError(message, response);\n case 'upstream_bug':\n return new UpstreamBugError(message, response);\n case 'client_bug':\n return new ClientBugError(message, response);\n }\n}\n","import { HttpClientError, RateLimitError, TransientError } from './errors';\n\nexport interface RetryPolicy {\n maxAttempts?: number;\n initialDelayMs?: number;\n maxDelayMs?: number;\n retryOn?: (status: number | null, err?: Error) => boolean;\n}\n\nexport const defaultRetryOn = (status: number | null, err?: Error): boolean => {\n if (err instanceof RateLimitError) {\n return true;\n }\n if (err instanceof TransientError) {\n return true;\n }\n if (status === null) {\n return err instanceof Error && !(err instanceof HttpClientError);\n }\n if (status === 408 || status === 429) {\n return true;\n }\n if (status >= 500) {\n return true;\n }\n return false;\n};\n\nexport function backoffDelayMs(\n attempt: number,\n policy: Required<Pick<RetryPolicy, 'initialDelayMs' | 'maxDelayMs'>>,\n): number {\n const base = policy.initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, policy.maxDelayMs);\n}\n\nexport function parseRetryAfter(\n headerValue: string | null,\n now: Date = new Date(),\n): Date | undefined {\n if (!headerValue) {\n return undefined;\n }\n const trimmed = headerValue.trim();\n if (/^\\d+$/.test(trimmed)) {\n return new Date(now.getTime() + Number(trimmed) * 1000);\n }\n const parsed = Date.parse(trimmed);\n if (Number.isNaN(parsed)) {\n return undefined;\n }\n return new Date(parsed);\n}\n\nexport function sleep(ms: number, signal?: AbortSignal): Promise<void> {\n if (signal?.aborted) {\n return Promise.reject(signal.reason ?? new Error('Aborted'));\n }\n return new Promise<void>((resolve, reject) => {\n const onAbort = () => {\n clearTimeout(timer);\n reject(signal!.reason ?? new Error('Aborted'));\n };\n const timer = setTimeout(() => {\n signal?.removeEventListener('abort', onAbort);\n resolve();\n }, ms);\n signal?.addEventListener('abort', onAbort, { once: true });\n });\n}\n","export const HTTP_CLIENT_VERSION = '0.0.0';\n\nexport const DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n\nexport function connectorUserAgent(connectorId: string): string {\n return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n}\n","import {\n AuthError,\n ClientBugError,\n HttpClientError,\n RateLimitError,\n TransientError,\n UpstreamBugError,\n errorForStatus,\n} from './errors';\nimport { defaultRetryOn, parseRetryAfter, sleep } from './retry';\nimport type { FetchLike, HttpMethod, HttpRequest, HttpResponse } from './types';\nimport { DEFAULT_USER_AGENT } from './version';\n\nconst DEFAULT_TIMEOUT_MS = 10_000;\nconst DEFAULT_MAX_ATTEMPTS = 3;\nconst DEFAULT_INITIAL_DELAY_MS = 1000;\nconst DEFAULT_MAX_DELAY_MS = 60_000;\nconst OBSERVER_TIMEOUT_MS = 250;\n\nexport interface RequestObservation {\n url: string;\n method: HttpMethod;\n status: number;\n resource: string;\n requestId: string;\n body: unknown;\n}\n\nexport type RequestObserver = (\n event: RequestObservation,\n) => void | Promise<void>;\n\nexport interface RequestOptions {\n fetch?: FetchLike;\n observer?: RequestObserver;\n resource: string;\n requestId?: string;\n}\n\nasync function notifyObserver(\n observer: RequestObserver,\n event: RequestObservation,\n): Promise<void> {\n let result: void | Promise<void>;\n try {\n result = observer(event);\n } catch (err) {\n console.warn('[connector-shared] request observer threw:', err);\n return;\n }\n if (!(result instanceof Promise)) {\n return;\n }\n const guarded = result.catch((err) => {\n console.warn('[connector-shared] request observer rejected:', err);\n });\n let timer: ReturnType<typeof setTimeout> | undefined;\n const timeout = new Promise<void>((resolve) => {\n timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);\n });\n try {\n await Promise.race([guarded, timeout]);\n } finally {\n if (timer) {\n clearTimeout(timer);\n }\n }\n}\n\nfunction newRequestId(): string {\n const c = (globalThis as { crypto?: { randomUUID?: () => string } }).crypto;\n if (c?.randomUUID) {\n return c.randomUUID();\n }\n return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;\n}\n\nfunction mergeHeaders(\n defaults: Record<string, string>,\n overrides: Record<string, string> | undefined,\n): Record<string, string> {\n const merged: Record<string, string> = {};\n for (const [k, v] of Object.entries(defaults)) {\n merged[k.toLowerCase()] = v;\n }\n if (overrides) {\n for (const [k, v] of Object.entries(overrides)) {\n merged[k.toLowerCase()] = v;\n }\n }\n return merged;\n}\n\nfunction linkTimeoutSignal(\n parent: AbortSignal | undefined,\n timeoutMs: number,\n): { signal: AbortSignal; cancel: () => void } {\n const controller = new AbortController();\n const onParentAbort = () => {\n controller.abort(parent?.reason);\n };\n if (parent) {\n if (parent.aborted) {\n controller.abort(parent.reason);\n } else {\n parent.addEventListener('abort', onParentAbort, { once: true });\n }\n }\n const timer = setTimeout(() => {\n controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n if (parent) {\n parent.removeEventListener('abort', onParentAbort);\n }\n },\n };\n}\n\nasync function readBody(res: Response, parseJson: boolean): Promise<unknown> {\n if (res.status === 204 || res.status === 205) {\n return null;\n }\n const contentType = res.headers.get('content-type') ?? '';\n if (parseJson && contentType.includes('application/json')) {\n const text = await res.text();\n if (text.length === 0) {\n return null;\n }\n return JSON.parse(text);\n }\n return res.text();\n}\n\nexport async function request<T = unknown>(\n req: HttpRequest,\n options: RequestOptions,\n): Promise<HttpResponse<T>> {\n const fetchImpl: FetchLike = options.fetch ?? (globalThis.fetch as FetchLike);\n const retry = req.retry ?? {};\n const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;\n const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;\n const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;\n const retryOn = retry.retryOn ?? defaultRetryOn;\n const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const parseJson = req.parseJson ?? true;\n\n const headers = mergeHeaders(\n {\n 'User-Agent': DEFAULT_USER_AGENT,\n Accept: 'application/json',\n },\n req.headers,\n );\n\n let lastErr: Error | undefined;\n\n for (let attempt = 0; attempt < maxAttempts; attempt++) {\n req.signal?.throwIfAborted();\n\n const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);\n let res: Response;\n try {\n res = await fetchImpl(req.url, {\n method: req.method ?? 'GET',\n headers,\n body: req.body as RequestInit['body'],\n signal,\n });\n } catch (err) {\n cancel();\n if (req.signal?.aborted) {\n throw req.signal.reason ?? err;\n }\n const error = err instanceof Error ? err : new Error(String(err));\n lastErr = error;\n if (attempt < maxAttempts - 1 && retryOn(null, error)) {\n const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n await sleep(delay, req.signal);\n continue;\n }\n throw new TransientError(error.message);\n }\n cancel();\n\n const body = await readBody(res, parseJson);\n const httpResponse: HttpResponse<T> = {\n status: res.status,\n headers: res.headers,\n body: body as T,\n };\n if (req.rateLimit) {\n const state = req.rateLimit.parse(res.headers);\n if (state) {\n httpResponse.rateLimitState = state;\n }\n }\n\n if (options.observer) {\n await notifyObserver(options.observer, {\n url: req.url,\n method: req.method ?? 'GET',\n status: res.status,\n resource: options.resource,\n requestId: options.requestId ?? newRequestId(),\n body,\n });\n }\n\n if (res.ok) {\n return httpResponse;\n }\n\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\n const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? 'GET'} ${req.url}`;\n const err = errorForStatus(message, httpResponse, retryAfter);\n\n if (\n attempt < maxAttempts - 1 &&\n retryOn(res.status, err) &&\n !(err instanceof AuthError) &&\n !(err instanceof ClientBugError)\n ) {\n lastErr = err;\n let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n if (err instanceof RateLimitError && retryAfter) {\n const wait = retryAfter.getTime() - Date.now();\n if (wait > 0) {\n delay = Math.min(wait, maxDelayMs);\n }\n }\n await sleep(delay, req.signal);\n continue;\n }\n\n throw err;\n }\n\n throw lastErr ?? new UpstreamBugError('Exhausted retry attempts');\n}\n\nfunction computeDelay(\n attempt: number,\n initialDelayMs: number,\n maxDelayMs: number,\n): number {\n const base = initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, maxDelayMs);\n}\n\nexport { HttpClientError };\n","export interface RateLimitState {\n remaining: number;\n resetAt: Date;\n}\n\nexport interface RateLimitPolicy {\n parse(headers: Headers): RateLimitState | null;\n}\n\nexport interface StandardRateLimitPolicyConfig {\n remainingHeader: string;\n resetHeader: string;\n resetUnit: 's' | 'ms';\n resetFallbackMs?: number;\n}\n\nexport function standardRateLimitPolicy(\n config: StandardRateLimitPolicyConfig,\n): RateLimitPolicy {\n const { remainingHeader, resetHeader, resetUnit, resetFallbackMs } = config;\n const multiplier = resetUnit === 's' ? 1000 : 1;\n return {\n parse(h) {\n const remainingRaw = h.get(remainingHeader);\n if (remainingRaw === null || remainingRaw.trim() === '') {\n return null;\n }\n const remaining = Number(remainingRaw);\n if (!Number.isFinite(remaining)) {\n return null;\n }\n const resetRaw = h.get(resetHeader);\n if (resetRaw === null) {\n if (resetFallbackMs === undefined) {\n return null;\n }\n return {\n remaining,\n resetAt: new Date(Date.now() + resetFallbackMs),\n };\n }\n if (resetRaw.trim() === '') {\n return null;\n }\n const reset = Number(resetRaw);\n if (!Number.isFinite(reset) || reset < 0) {\n return null;\n }\n const resetMs = reset * multiplier;\n if (!Number.isFinite(resetMs)) {\n return null;\n }\n return { remaining, resetAt: new Date(resetMs) };\n },\n };\n}\n","export async function mapWithConcurrency<T, R>(\n items: readonly T[],\n concurrency: number,\n fn: (item: T, index: number) => Promise<R>,\n): Promise<R[]> {\n const results = new Array<R>(items.length);\n if (items.length === 0) {\n return results;\n }\n const normalized = Number.isFinite(concurrency) ? Math.floor(concurrency) : 1;\n const limit = Math.max(1, Math.min(normalized, items.length));\n let next = 0;\n let failed = false;\n\n async function worker(): Promise<void> {\n while (!failed) {\n const i = next++;\n if (i >= items.length) {\n return;\n }\n try {\n results[i] = await fn(items[i]!, i);\n } catch (err) {\n failed = true;\n throw err;\n }\n }\n }\n\n const workers: Promise<void>[] = [];\n for (let w = 0; w < limit; w++) {\n workers.push(worker());\n }\n await Promise.all(workers);\n return results;\n}\n","export interface SanitizeAllowedUrlOptions {\n url: string | null;\n host: string;\n pathname: string;\n protocol?: 'https:' | 'http:';\n}\n\nexport function sanitizeAllowedUrl(\n options: SanitizeAllowedUrlOptions,\n): string | null {\n const { url, host, pathname, protocol = 'https:' } = options;\n if (url === null) {\n return null;\n }\n try {\n const u = new URL(url);\n if (u.protocol !== protocol || u.host !== host || u.pathname !== pathname) {\n return null;\n }\n return u.toString();\n } catch {\n return null;\n }\n}\n","export type EpochUnit = 'ms' | 's' | 'iso';\n\nexport function parseEpoch(\n value: number | string | null | undefined,\n unit: EpochUnit,\n): number | null {\n if (value === null || value === undefined) {\n return null;\n }\n if (unit === 'iso') {\n if (typeof value !== 'string') {\n return null;\n }\n const ms = new Date(value).getTime();\n return Number.isFinite(ms) ? ms : null;\n }\n if (typeof value === 'string' && value.trim() === '') {\n return null;\n }\n const n = typeof value === 'number' ? value : Number(value);\n if (!Number.isFinite(n)) {\n return null;\n }\n const result = unit === 's' ? n * 1000 : n;\n return Number.isFinite(result) ? result : null;\n}\n","import { request } from './request';\nimport type { HttpRequest } from './types';\n\nexport function parseLinkHeader(header: string | null): Record<string, string> {\n if (!header) {\n return {};\n }\n const result: Record<string, string> = {};\n for (const part of header.split(',')) {\n const match = part.match(/<([^>]+)>\\s*;\\s*rel=\"([^\"]+)\"/);\n if (match) {\n result[match[2]!] = match[1]!;\n }\n }\n return result;\n}\n\nexport async function* paginateLink<T>(\n initial: HttpRequest,\n parse: (body: unknown) => T[],\n options: { resource: string },\n): AsyncIterable<T> {\n let next: string | null = initial.url;\n while (next) {\n const res: Awaited<ReturnType<typeof request>> = await request(\n {\n ...initial,\n url: next,\n },\n { resource: options.resource },\n );\n for (const item of parse(res.body)) {\n yield item;\n }\n const links = parseLinkHeader(res.headers.get('link'));\n next = links['next'] ?? null;\n }\n}\n\nexport async function* paginateCursor<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; nextCursor: string | null },\n buildNext: (req: HttpRequest, cursor: string) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let req: HttpRequest = initial;\n while (true) {\n const res = await request(req, { resource: options.resource });\n const { items, nextCursor } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!nextCursor) {\n return;\n }\n req = buildNext(req, nextCursor);\n }\n}\n\nexport async function* paginatePage<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; hasMore: boolean },\n buildPage: (req: HttpRequest, page: number) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let page = 1;\n while (true) {\n const req = page === 1 ? initial : buildPage(initial, page);\n const res = await request(req, { resource: options.resource });\n const { items, hasMore } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!hasMore || items.length === 0) {\n return;\n }\n page++;\n }\n}\n","export type LogFields = Record<string, unknown>;\n\nexport interface ConnectorLogger {\n info(event: string, fields?: LogFields): void;\n warn(event: string, fields?: LogFields): void;\n}\n\nexport interface ConnectorLoggerOptions {\n scope: string;\n}\n\nconst MAX_VALUE_LEN = 120;\n\nfunction truncate(s: string, max = MAX_VALUE_LEN): string {\n if (s.length <= max) {\n return s;\n }\n return `${s.slice(0, max - 1)}…`;\n}\n\nfunction formatValue(value: unknown): string {\n if (value === null) {\n return 'null';\n }\n if (value === undefined) {\n return '';\n }\n if (typeof value === 'number' || typeof value === 'boolean') {\n return String(value);\n }\n if (typeof value === 'string') {\n const t = truncate(value);\n if (/[\\s\"=]/.test(t)) {\n return JSON.stringify(t);\n }\n return t;\n }\n if (typeof value === 'bigint') {\n return value.toString();\n }\n let json: string | undefined;\n try {\n json = JSON.stringify(value);\n } catch {\n json = undefined;\n }\n return truncate(json ?? String(value));\n}\n\nexport function formatLogFields(fields?: LogFields): string {\n if (!fields) {\n return '';\n }\n const parts: string[] = [];\n for (const [k, v] of Object.entries(fields)) {\n if (v === undefined) {\n continue;\n }\n parts.push(`${k}=${formatValue(v)}`);\n }\n return parts.length > 0 ? ` ${parts.join(' ')}` : '';\n}\n\nexport function formatLogLine(\n scope: string,\n event: string,\n fields?: LogFields,\n): string {\n return `[${scope}] ${event}${formatLogFields(fields)}`;\n}\n\nexport function createDefaultConnectorLogger(\n opts: ConnectorLoggerOptions,\n): ConnectorLogger {\n return {\n info(event, fields) {\n console.info(formatLogLine(opts.scope, event, fields));\n },\n warn(event, fields) {\n console.warn(formatLogLine(opts.scope, event, fields));\n },\n };\n}\n\nconst NOOP_LOGGER: ConnectorLogger = {\n info() {},\n warn() {},\n};\n\nexport function noopConnectorLogger(): ConnectorLogger {\n return NOOP_LOGGER;\n}\n","import {\n AuthError,\n type HttpClientError,\n type HttpResponse,\n RateLimitError,\n TransientError,\n connectorUserAgent,\n parseEpoch,\n} from '@rawdash/connector-shared';\nimport { BaseConnector, type CredentialsSchema } from '@rawdash/core';\n\nimport { createAuthorizationHeader, formatAmzDate, sha256Hex } from './sigv4';\nimport { type StsCredentials, parseAssumeRole, parseErrorCode } from './xml';\n\nexport interface BaseAWSSettings {\n region: string;\n roleArn?: string;\n externalId?: string;\n}\n\nexport const awsCredentialsSchema = {\n accessKeyId: {\n description: 'AWS access key ID',\n auth: 'optional' as const,\n },\n secretAccessKey: {\n description: 'AWS secret access key',\n auth: 'optional' as const,\n },\n} satisfies CredentialsSchema;\n\nexport type AwsCredentials = typeof awsCredentialsSchema;\n\nexport interface SigningCredentials {\n accessKeyId: string;\n secretAccessKey: string;\n sessionToken?: string;\n}\n\nconst STS_SERVICE = 'sts';\nconst STS_API_VERSION = '2011-06-15';\nconst ASSUMED_ROLE_TTL_BUFFER_MS = 60_000;\nconst ASSUME_ROLE_DURATION_SECONDS = 3600;\nconst FORM_CONTENT_TYPE = 'application/x-www-form-urlencoded; charset=utf-8';\n\nfunction readEnv(name: string): string | undefined {\n const env = (\n globalThis as {\n process?: { env?: Record<string, string | undefined> };\n }\n ).process?.env;\n return env?.[name];\n}\n\nexport abstract class BaseAWSConnector<\n TSettings extends BaseAWSSettings,\n> extends BaseConnector<TSettings, AwsCredentials> {\n override readonly credentials = awsCredentialsSchema;\n\n private assumedCreds: {\n value: SigningCredentials;\n expiresAt: number;\n } | null = null;\n\n protected baseCredentials(): SigningCredentials {\n const { accessKeyId, secretAccessKey } = this.creds;\n if (accessKeyId && secretAccessKey) {\n return { accessKeyId, secretAccessKey };\n }\n const envAccessKeyId = readEnv('AWS_ACCESS_KEY_ID');\n const envSecretAccessKey = readEnv('AWS_SECRET_ACCESS_KEY');\n if (envAccessKeyId && envSecretAccessKey) {\n return {\n accessKeyId: envAccessKeyId,\n secretAccessKey: envSecretAccessKey,\n sessionToken: readEnv('AWS_SESSION_TOKEN') || undefined,\n };\n }\n throw new AuthError(\n `${this.id}: no AWS credentials available — provide accessKeyId + secretAccessKey, or set them in the environment for role assumption`,\n );\n }\n\n protected async resolveSigningCredentials(\n signal?: AbortSignal,\n ): Promise<SigningCredentials> {\n if (this.settings.roleArn === undefined) {\n const { accessKeyId, secretAccessKey } = this.creds;\n if (!accessKeyId || !secretAccessKey) {\n throw new AuthError(\n `${this.id}: static-credential auth requires both accessKeyId and secretAccessKey`,\n );\n }\n return { accessKeyId, secretAccessKey };\n }\n\n if (this.assumedCreds && Date.now() < this.assumedCreds.expiresAt) {\n return this.assumedCreds.value;\n }\n return this.assumeRole(this.settings.roleArn, signal);\n }\n\n private async assumeRole(\n roleArn: string,\n signal?: AbortSignal,\n ): Promise<SigningCredentials> {\n const params = new URLSearchParams();\n params.set('Action', 'AssumeRole');\n params.set('Version', STS_API_VERSION);\n params.set('RoleArn', roleArn);\n params.set('RoleSessionName', `rawdash-${this.id}`);\n params.set('DurationSeconds', String(ASSUME_ROLE_DURATION_SECONDS));\n if (this.settings.externalId !== undefined) {\n params.set('ExternalId', this.settings.externalId);\n }\n\n const host = `sts.${this.settings.region}.amazonaws.com`;\n const xml = await this.signedPost({\n host,\n service: STS_SERVICE,\n body: params.toString(),\n signingCredentials: this.baseCredentials(),\n resource: 'assume_role',\n signal,\n });\n\n const parsed = parseAssumeRole(xml);\n if (parsed === null) {\n throw new AuthError(\n `${this.id}: STS AssumeRole returned no usable credentials`,\n );\n }\n this.cacheAssumedCredentials(parsed);\n return {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n sessionToken: parsed.sessionToken || undefined,\n };\n }\n\n private cacheAssumedCredentials(parsed: StsCredentials): void {\n const expirationMs = parseEpoch(parsed.expiration, 'iso');\n const expiresAt =\n expirationMs !== null\n ? expirationMs - ASSUMED_ROLE_TTL_BUFFER_MS\n : Date.now() + (ASSUME_ROLE_DURATION_SECONDS - 60) * 1000;\n this.assumedCreds = {\n value: {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n sessionToken: parsed.sessionToken || undefined,\n },\n expiresAt,\n };\n }\n\n protected async signedPost(args: {\n host: string;\n service: string;\n body: string;\n signingCredentials: SigningCredentials;\n resource: string;\n signal?: AbortSignal;\n }): Promise<string> {\n const { amzDate, dateStamp } = formatAmzDate(new Date());\n const payloadHash = await sha256Hex(args.body);\n\n const signedHeaders: Record<string, string> = {\n host: args.host,\n 'content-type': FORM_CONTENT_TYPE,\n 'x-amz-content-sha256': payloadHash,\n 'x-amz-date': amzDate,\n };\n if (args.signingCredentials.sessionToken !== undefined) {\n signedHeaders['x-amz-security-token'] =\n args.signingCredentials.sessionToken;\n }\n\n const authorization = await createAuthorizationHeader({\n method: 'POST',\n host: args.host,\n path: '/',\n query: '',\n headers: signedHeaders,\n payloadHash,\n accessKeyId: args.signingCredentials.accessKeyId,\n secretAccessKey: args.signingCredentials.secretAccessKey,\n region: this.settings.region,\n service: args.service,\n amzDate,\n dateStamp,\n });\n\n const sendHeaders: Record<string, string> = {\n 'content-type': FORM_CONTENT_TYPE,\n 'x-amz-content-sha256': payloadHash,\n 'x-amz-date': amzDate,\n 'user-agent': connectorUserAgent(this.id),\n Authorization: authorization,\n };\n if (args.signingCredentials.sessionToken !== undefined) {\n sendHeaders['x-amz-security-token'] =\n args.signingCredentials.sessionToken;\n }\n\n try {\n const res: HttpResponse<string> = await this.request<string>(\n {\n url: `https://${args.host}/`,\n method: 'POST',\n headers: sendHeaders,\n body: args.body,\n parseJson: false,\n signal: args.signal,\n },\n { resource: args.resource },\n );\n return res.body;\n } catch (err) {\n throw this.classifyAwsError(err);\n }\n }\n\n protected classifyAwsError(err: unknown): unknown {\n if (!(err instanceof Error) || !('kind' in err)) {\n return err;\n }\n const httpErr = err as HttpClientError;\n const body =\n typeof httpErr.response?.body === 'string' ? httpErr.response.body : '';\n const code = parseErrorCode(body) ?? '';\n const status = httpErr.response?.status ?? 0;\n\n if (\n /throttl|RequestLimitExceeded|TooManyRequests|LimitExceeded/i.test(code)\n ) {\n return new RateLimitError(httpErr.message, httpErr.response);\n }\n if (\n /AccessDenied|UnrecognizedClient|InvalidClientTokenId|SignatureDoesNotMatch|AuthFailure|InvalidAccessKeyId|Forbidden/i.test(\n code,\n )\n ) {\n return new AuthError(httpErr.message, httpErr.response);\n }\n if (status >= 500) {\n return new TransientError(httpErr.message, httpErr.response);\n }\n return err;\n }\n}\n","import { z } from 'zod';\n\nexport const awsAuthConfigShape = {\n region: z\n .string()\n .regex(\n /^[a-z0-9-]+$/,\n 'region must look like an AWS region, e.g. us-east-1',\n )\n .meta({\n label: 'AWS Region',\n description:\n 'The AWS region whose service endpoint you want to call, e.g. us-east-1.',\n placeholder: 'us-east-1',\n }),\n accessKeyId: z.object({ $secret: z.string() }).optional().meta({\n label: 'Access Key ID',\n description:\n 'AWS access key ID for an IAM principal with permission to call the relevant service. Use together with the secret access key for static-credential auth.',\n secret: true,\n }),\n secretAccessKey: z.object({ $secret: z.string() }).optional().meta({\n label: 'Secret Access Key',\n description: 'AWS secret access key paired with the access key ID above.',\n secret: true,\n }),\n roleArn: z\n .string()\n .regex(\n /^arn:aws:iam::\\d{12}:role\\/.+/,\n 'roleArn must be a full IAM role ARN, e.g. arn:aws:iam::123456789012:role/rawdash',\n )\n .optional()\n .meta({\n label: 'Role ARN',\n description:\n 'IAM role to assume via STS instead of using static keys. The base credentials (the access key above, or the ambient AWS environment) must be allowed to sts:AssumeRole this role.',\n placeholder: 'arn:aws:iam::123456789012:role/rawdash',\n }),\n externalId: z.string().min(1).optional().meta({\n label: 'External ID',\n description:\n 'External ID required by the trust policy of the role being assumed. Only used with Role ARN.',\n }),\n} as const;\n\nexport interface AwsAuthConfig {\n region: string;\n accessKeyId?: { $secret: string };\n secretAccessKey?: { $secret: string };\n roleArn?: string;\n externalId?: string;\n}\n\nexport const awsAuthRefine = {\n predicate: (val: AwsAuthConfig): boolean => {\n const hasRole = val.roleArn !== undefined;\n const hasStatic =\n val.accessKeyId !== undefined && val.secretAccessKey !== undefined;\n if (val.externalId !== undefined && !hasRole) {\n return false;\n }\n return hasRole || hasStatic;\n },\n message:\n 'Provide either accessKeyId + secretAccessKey (static credentials) or roleArn (role assumption). externalId requires roleArn.',\n} as const;\n","import type { HttpResponse } from './types';\n\nexport type HttpErrorKind =\n | 'transient'\n | 'rate_limit'\n | 'auth'\n | 'upstream_bug'\n | 'client_bug';\n\nexport abstract class HttpClientError extends Error {\n abstract readonly kind: HttpErrorKind;\n readonly response?: HttpResponse;\n\n constructor(message: string, response?: HttpResponse) {\n super(message);\n this.name = new.target.name;\n this.response = response;\n }\n}\n\nexport class TransientError extends HttpClientError {\n readonly kind = 'transient' as const;\n}\n\nexport class RateLimitError extends HttpClientError {\n readonly kind = 'rate_limit' as const;\n readonly retryAfter?: Date;\n\n constructor(message: string, response?: HttpResponse, retryAfter?: Date) {\n super(message, response);\n this.retryAfter = retryAfter;\n }\n}\n\nexport class AuthError extends HttpClientError {\n readonly kind = 'auth' as const;\n}\n\nexport class UpstreamBugError extends HttpClientError {\n readonly kind = 'upstream_bug' as const;\n}\n\nexport class ClientBugError extends HttpClientError {\n readonly kind = 'client_bug' as const;\n}\n\nexport function classifyStatus(status: number): HttpErrorKind {\n if (status === 429) {\n return 'rate_limit';\n }\n if (status === 401 || status === 403) {\n return 'auth';\n }\n if (status === 408) {\n return 'transient';\n }\n if (status >= 500) {\n return 'upstream_bug';\n }\n if (status >= 400) {\n return 'client_bug';\n }\n return 'client_bug';\n}\n\nexport function errorForStatus(\n message: string,\n response: HttpResponse,\n retryAfter?: Date,\n): HttpClientError {\n const kind = classifyStatus(response.status);\n switch (kind) {\n case 'rate_limit':\n return new RateLimitError(message, response, retryAfter);\n case 'auth':\n return new AuthError(message, response);\n case 'transient':\n return new TransientError(message, response);\n case 'upstream_bug':\n return new UpstreamBugError(message, response);\n case 'client_bug':\n return new ClientBugError(message, response);\n }\n}\n","import { HttpClientError, RateLimitError, TransientError } from './errors';\n\nexport interface RetryPolicy {\n maxAttempts?: number;\n initialDelayMs?: number;\n maxDelayMs?: number;\n retryOn?: (status: number | null, err?: Error) => boolean;\n}\n\nexport const defaultRetryOn = (status: number | null, err?: Error): boolean => {\n if (err instanceof RateLimitError) {\n return true;\n }\n if (err instanceof TransientError) {\n return true;\n }\n if (status === null) {\n return err instanceof Error && !(err instanceof HttpClientError);\n }\n if (status === 408 || status === 429) {\n return true;\n }\n if (status >= 500) {\n return true;\n }\n return false;\n};\n\nexport function backoffDelayMs(\n attempt: number,\n policy: Required<Pick<RetryPolicy, 'initialDelayMs' | 'maxDelayMs'>>,\n): number {\n const base = policy.initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, policy.maxDelayMs);\n}\n\nexport function parseRetryAfter(\n headerValue: string | null,\n now: Date = new Date(),\n): Date | undefined {\n if (!headerValue) {\n return undefined;\n }\n const trimmed = headerValue.trim();\n if (/^\\d+$/.test(trimmed)) {\n return new Date(now.getTime() + Number(trimmed) * 1000);\n }\n const parsed = Date.parse(trimmed);\n if (Number.isNaN(parsed)) {\n return undefined;\n }\n return new Date(parsed);\n}\n\nexport function sleep(ms: number, signal?: AbortSignal): Promise<void> {\n if (signal?.aborted) {\n return Promise.reject(signal.reason ?? new Error('Aborted'));\n }\n return new Promise<void>((resolve, reject) => {\n const onAbort = () => {\n clearTimeout(timer);\n reject(signal!.reason ?? new Error('Aborted'));\n };\n const timer = setTimeout(() => {\n signal?.removeEventListener('abort', onAbort);\n resolve();\n }, ms);\n signal?.addEventListener('abort', onAbort, { once: true });\n });\n}\n","export const HTTP_CLIENT_VERSION = '0.0.0';\n\nexport const DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n\nexport function connectorUserAgent(connectorId: string): string {\n return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n}\n","import {\n AuthError,\n ClientBugError,\n HttpClientError,\n RateLimitError,\n TransientError,\n UpstreamBugError,\n errorForStatus,\n} from './errors';\nimport { defaultRetryOn, parseRetryAfter, sleep } from './retry';\nimport type { FetchLike, HttpMethod, HttpRequest, HttpResponse } from './types';\nimport { DEFAULT_USER_AGENT } from './version';\n\nconst DEFAULT_TIMEOUT_MS = 10_000;\nconst DEFAULT_MAX_ATTEMPTS = 3;\nconst DEFAULT_INITIAL_DELAY_MS = 1000;\nconst DEFAULT_MAX_DELAY_MS = 60_000;\nconst OBSERVER_TIMEOUT_MS = 250;\n\nexport interface RequestObservation {\n url: string;\n method: HttpMethod;\n status: number;\n resource: string;\n requestId: string;\n body: unknown;\n}\n\nexport type RequestObserver = (\n event: RequestObservation,\n) => void | Promise<void>;\n\nexport interface RequestOptions {\n fetch?: FetchLike;\n observer?: RequestObserver;\n resource: string;\n requestId?: string;\n}\n\nasync function notifyObserver(\n observer: RequestObserver,\n event: RequestObservation,\n): Promise<void> {\n let result: void | Promise<void>;\n try {\n result = observer(event);\n } catch (err) {\n console.warn('[connector-shared] request observer threw:', err);\n return;\n }\n if (!(result instanceof Promise)) {\n return;\n }\n const guarded = result.catch((err) => {\n console.warn('[connector-shared] request observer rejected:', err);\n });\n let timer: ReturnType<typeof setTimeout> | undefined;\n const timeout = new Promise<void>((resolve) => {\n timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);\n });\n try {\n await Promise.race([guarded, timeout]);\n } finally {\n if (timer) {\n clearTimeout(timer);\n }\n }\n}\n\nfunction newRequestId(): string {\n const c = (globalThis as { crypto?: { randomUUID?: () => string } }).crypto;\n if (c?.randomUUID) {\n return c.randomUUID();\n }\n return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;\n}\n\nfunction mergeHeaders(\n defaults: Record<string, string>,\n overrides: Record<string, string> | undefined,\n): Record<string, string> {\n const merged: Record<string, string> = {};\n for (const [k, v] of Object.entries(defaults)) {\n merged[k.toLowerCase()] = v;\n }\n if (overrides) {\n for (const [k, v] of Object.entries(overrides)) {\n merged[k.toLowerCase()] = v;\n }\n }\n return merged;\n}\n\nfunction linkTimeoutSignal(\n parent: AbortSignal | undefined,\n timeoutMs: number,\n): { signal: AbortSignal; cancel: () => void } {\n const controller = new AbortController();\n const onParentAbort = () => {\n controller.abort(parent?.reason);\n };\n if (parent) {\n if (parent.aborted) {\n controller.abort(parent.reason);\n } else {\n parent.addEventListener('abort', onParentAbort, { once: true });\n }\n }\n const timer = setTimeout(() => {\n controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n if (parent) {\n parent.removeEventListener('abort', onParentAbort);\n }\n },\n };\n}\n\nasync function readBody(res: Response, parseJson: boolean): Promise<unknown> {\n if (res.status === 204 || res.status === 205) {\n return null;\n }\n const contentType = res.headers.get('content-type') ?? '';\n if (parseJson && contentType.includes('application/json')) {\n const text = await res.text();\n if (text.length === 0) {\n return null;\n }\n return JSON.parse(text);\n }\n return res.text();\n}\n\nexport async function request<T = unknown>(\n req: HttpRequest,\n options: RequestOptions,\n): Promise<HttpResponse<T>> {\n const fetchImpl: FetchLike = options.fetch ?? (globalThis.fetch as FetchLike);\n const retry = req.retry ?? {};\n const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;\n const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;\n const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;\n const retryOn = retry.retryOn ?? defaultRetryOn;\n const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const parseJson = req.parseJson ?? true;\n\n const headers = mergeHeaders(\n {\n 'User-Agent': DEFAULT_USER_AGENT,\n Accept: 'application/json',\n },\n req.headers,\n );\n\n let lastErr: Error | undefined;\n\n for (let attempt = 0; attempt < maxAttempts; attempt++) {\n req.signal?.throwIfAborted();\n\n const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);\n let res: Response;\n try {\n res = await fetchImpl(req.url, {\n method: req.method ?? 'GET',\n headers,\n body: req.body as RequestInit['body'],\n signal,\n });\n } catch (err) {\n cancel();\n if (req.signal?.aborted) {\n throw req.signal.reason ?? err;\n }\n const error = err instanceof Error ? err : new Error(String(err));\n lastErr = error;\n if (attempt < maxAttempts - 1 && retryOn(null, error)) {\n const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n await sleep(delay, req.signal);\n continue;\n }\n throw new TransientError(error.message);\n }\n cancel();\n\n const body = await readBody(res, parseJson);\n const httpResponse: HttpResponse<T> = {\n status: res.status,\n headers: res.headers,\n body: body as T,\n };\n if (req.rateLimit) {\n const state = req.rateLimit.parse(res.headers);\n if (state) {\n httpResponse.rateLimitState = state;\n }\n }\n\n if (options.observer) {\n await notifyObserver(options.observer, {\n url: req.url,\n method: req.method ?? 'GET',\n status: res.status,\n resource: options.resource,\n requestId: options.requestId ?? newRequestId(),\n body,\n });\n }\n\n if (res.ok) {\n return httpResponse;\n }\n\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\n const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? 'GET'} ${req.url}`;\n const err = errorForStatus(message, httpResponse, retryAfter);\n\n if (\n attempt < maxAttempts - 1 &&\n retryOn(res.status, err) &&\n !(err instanceof AuthError) &&\n !(err instanceof ClientBugError)\n ) {\n lastErr = err;\n let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n if (err instanceof RateLimitError && retryAfter) {\n const wait = retryAfter.getTime() - Date.now();\n if (wait > 0) {\n delay = Math.min(wait, maxDelayMs);\n }\n }\n await sleep(delay, req.signal);\n continue;\n }\n\n throw err;\n }\n\n throw lastErr ?? new UpstreamBugError('Exhausted retry attempts');\n}\n\nfunction computeDelay(\n attempt: number,\n initialDelayMs: number,\n maxDelayMs: number,\n): number {\n const base = initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, maxDelayMs);\n}\n\nexport { HttpClientError };\n","export interface RateLimitState {\n remaining: number;\n resetAt: Date;\n}\n\nexport interface RateLimitPolicy {\n parse(headers: Headers): RateLimitState | null;\n}\n\nexport interface StandardRateLimitPolicyConfig {\n remainingHeader: string;\n resetHeader: string;\n resetUnit: 's' | 'ms';\n resetFallbackMs?: number;\n}\n\nexport function standardRateLimitPolicy(\n config: StandardRateLimitPolicyConfig,\n): RateLimitPolicy {\n const { remainingHeader, resetHeader, resetUnit, resetFallbackMs } = config;\n const multiplier = resetUnit === 's' ? 1000 : 1;\n return {\n parse(h) {\n const remainingRaw = h.get(remainingHeader);\n if (remainingRaw === null || remainingRaw.trim() === '') {\n return null;\n }\n const remaining = Number(remainingRaw);\n if (!Number.isFinite(remaining)) {\n return null;\n }\n const resetRaw = h.get(resetHeader);\n if (resetRaw === null) {\n if (resetFallbackMs === undefined) {\n return null;\n }\n return {\n remaining,\n resetAt: new Date(Date.now() + resetFallbackMs),\n };\n }\n if (resetRaw.trim() === '') {\n return null;\n }\n const reset = Number(resetRaw);\n if (!Number.isFinite(reset) || reset < 0) {\n return null;\n }\n const resetMs = reset * multiplier;\n if (!Number.isFinite(resetMs)) {\n return null;\n }\n return { remaining, resetAt: new Date(resetMs) };\n },\n };\n}\n","export async function mapWithConcurrency<T, R>(\n items: readonly T[],\n concurrency: number,\n fn: (item: T, index: number) => Promise<R>,\n): Promise<R[]> {\n const results = new Array<R>(items.length);\n if (items.length === 0) {\n return results;\n }\n const normalized = Number.isFinite(concurrency) ? Math.floor(concurrency) : 1;\n const limit = Math.max(1, Math.min(normalized, items.length));\n let next = 0;\n let failed = false;\n\n async function worker(): Promise<void> {\n while (!failed) {\n const i = next++;\n if (i >= items.length) {\n return;\n }\n try {\n results[i] = await fn(items[i]!, i);\n } catch (err) {\n failed = true;\n throw err;\n }\n }\n }\n\n const workers: Promise<void>[] = [];\n for (let w = 0; w < limit; w++) {\n workers.push(worker());\n }\n await Promise.all(workers);\n return results;\n}\n","export interface SanitizeAllowedUrlOptions {\n url: string | null;\n host: string;\n pathname: string;\n protocol?: 'https:' | 'http:';\n}\n\nexport function sanitizeAllowedUrl(\n options: SanitizeAllowedUrlOptions,\n): string | null {\n const { url, host, pathname, protocol = 'https:' } = options;\n if (url === null) {\n return null;\n }\n try {\n const u = new URL(url);\n if (u.protocol !== protocol || u.host !== host || u.pathname !== pathname) {\n return null;\n }\n return u.toString();\n } catch {\n return null;\n }\n}\n","export type EpochUnit = 'ms' | 's' | 'iso';\n\nexport function parseEpoch(\n value: number | string | null | undefined,\n unit: EpochUnit,\n): number | null {\n if (value === null || value === undefined) {\n return null;\n }\n if (unit === 'iso') {\n if (typeof value !== 'string') {\n return null;\n }\n const ms = new Date(value).getTime();\n return Number.isFinite(ms) ? ms : null;\n }\n if (typeof value === 'string' && value.trim() === '') {\n return null;\n }\n const n = typeof value === 'number' ? value : Number(value);\n if (!Number.isFinite(n)) {\n return null;\n }\n const result = unit === 's' ? n * 1000 : n;\n return Number.isFinite(result) ? result : null;\n}\n","import { request } from './request';\nimport type { HttpRequest } from './types';\n\nexport function parseLinkHeader(header: string | null): Record<string, string> {\n if (!header) {\n return {};\n }\n const result: Record<string, string> = {};\n for (const part of header.split(',')) {\n const match = part.match(/<([^>]+)>\\s*;\\s*rel=\"([^\"]+)\"/);\n if (match) {\n result[match[2]!] = match[1]!;\n }\n }\n return result;\n}\n\nexport async function* paginateLink<T>(\n initial: HttpRequest,\n parse: (body: unknown) => T[],\n options: { resource: string },\n): AsyncIterable<T> {\n let next: string | null = initial.url;\n while (next) {\n const res: Awaited<ReturnType<typeof request>> = await request(\n {\n ...initial,\n url: next,\n },\n { resource: options.resource },\n );\n for (const item of parse(res.body)) {\n yield item;\n }\n const links = parseLinkHeader(res.headers.get('link'));\n next = links['next'] ?? null;\n }\n}\n\nexport async function* paginateCursor<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; nextCursor: string | null },\n buildNext: (req: HttpRequest, cursor: string) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let req: HttpRequest = initial;\n while (true) {\n const res = await request(req, { resource: options.resource });\n const { items, nextCursor } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!nextCursor) {\n return;\n }\n req = buildNext(req, nextCursor);\n }\n}\n\nexport async function* paginatePage<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; hasMore: boolean },\n buildPage: (req: HttpRequest, page: number) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let page = 1;\n while (true) {\n const req = page === 1 ? initial : buildPage(initial, page);\n const res = await request(req, { resource: options.resource });\n const { items, hasMore } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!hasMore || items.length === 0) {\n return;\n }\n page++;\n }\n}\n","export type LogFields = Record<string, unknown>;\n\nexport interface ConnectorLogger {\n info(event: string, fields?: LogFields): void;\n warn(event: string, fields?: LogFields): void;\n}\n\nexport interface ConnectorLoggerOptions {\n scope: string;\n}\n\nconst MAX_VALUE_LEN = 120;\n\nfunction truncate(s: string, max = MAX_VALUE_LEN): string {\n if (s.length <= max) {\n return s;\n }\n return `${s.slice(0, max - 1)}…`;\n}\n\nfunction formatValue(value: unknown): string {\n if (value === null) {\n return 'null';\n }\n if (value === undefined) {\n return '';\n }\n if (typeof value === 'number' || typeof value === 'boolean') {\n return String(value);\n }\n if (typeof value === 'string') {\n const t = truncate(value);\n if (/[\\s\"=]/.test(t)) {\n return JSON.stringify(t);\n }\n return t;\n }\n if (typeof value === 'bigint') {\n return value.toString();\n }\n let json: string | undefined;\n try {\n json = JSON.stringify(value);\n } catch {\n json = undefined;\n }\n return truncate(json ?? String(value));\n}\n\nexport function formatLogFields(fields?: LogFields): string {\n if (!fields) {\n return '';\n }\n const parts: string[] = [];\n for (const [k, v] of Object.entries(fields)) {\n if (v === undefined) {\n continue;\n }\n parts.push(`${k}=${formatValue(v)}`);\n }\n return parts.length > 0 ? ` ${parts.join(' ')}` : '';\n}\n\nexport function formatLogLine(\n scope: string,\n event: string,\n fields?: LogFields,\n): string {\n return `[${scope}] ${event}${formatLogFields(fields)}`;\n}\n\nexport function createDefaultConnectorLogger(\n opts: ConnectorLoggerOptions,\n): ConnectorLogger {\n return {\n info(event, fields) {\n console.info(formatLogLine(opts.scope, event, fields));\n },\n warn(event, fields) {\n console.warn(formatLogLine(opts.scope, event, fields));\n },\n };\n}\n\nconst NOOP_LOGGER: ConnectorLogger = {\n info() {},\n warn() {},\n};\n\nexport function noopConnectorLogger(): ConnectorLogger {\n return NOOP_LOGGER;\n}\n","import {\n BaseAWSConnector,\n type BaseAWSSettings,\n awsAuthConfigShape,\n awsAuthRefine,\n parseGetMetricData,\n} from '@rawdash/connector-aws-shared';\nimport { TransientError, parseEpoch } from '@rawdash/connector-shared';\nimport {\n type ConnectorContext,\n type ConnectorCost,\n type ConnectorDoc,\n type JSONValue,\n type MetricSample,\n type StorageHandle,\n type SyncOptions,\n type SyncResult,\n defineConfigFields,\n defineConnectorDoc,\n defineResources,\n schemasFromResources,\n} from '@rawdash/core';\nimport { z } from 'zod';\n\nconst metricQuerySchema = z.object({\n id: z\n .string()\n .regex(\n /^[a-z][a-zA-Z0-9_]*$/,\n 'CloudWatch query id must start with a lowercase letter and contain only letters, digits, and underscores',\n ),\n namespace: z.string().min(1),\n metric: z.string().min(1),\n stat: z.string().min(1),\n periodSeconds: z\n .number()\n .int()\n .min(60)\n .refine((n) => n % 60 === 0, {\n message: 'periodSeconds must be a multiple of 60 (1 minute)',\n }),\n dimensions: z.record(z.string(), z.string()).optional(),\n});\n\nexport const configFields = defineConfigFields(\n z\n .object({\n ...awsAuthConfigShape,\n metricQueries: z.array(metricQuerySchema).nonempty().meta({\n label: 'Metric queries',\n description:\n 'CloudWatch is too broad to mirror wholesale; declare the specific metrics to pull. Each query needs an id, namespace, metric name, statistic, and period (seconds, multiple of 60), with optional dimensions.',\n }),\n lookbackMinutes: z.number().int().positive().max(40_320).optional().meta({\n label: 'Lookback (minutes)',\n description:\n 'How far back to pull data points on a full sync when the host does not supply a since bound. Defaults to 180.',\n placeholder: '180',\n }),\n })\n .refine(awsAuthRefine.predicate, { message: awsAuthRefine.message })\n .refine(\n (cfg) =>\n new Set(cfg.metricQueries.map((q) => q.id)).size ===\n cfg.metricQueries.length,\n {\n path: ['metricQueries'],\n message: 'Each metric query id must be unique',\n },\n ),\n);\n\nexport const doc: ConnectorDoc = defineConnectorDoc({\n displayName: 'AWS CloudWatch',\n category: 'infrastructure',\n brandColor: '#FF4F8B',\n tagline:\n 'Pull declared CloudWatch metric time series (any namespace, statistic, and period) into a single metric series per query.',\n rateLimit:\n 'GetMetricData is batched at most 500 metrics per call with NextToken pagination; throttling (Throttling / RequestLimitExceeded / TooManyRequests) is retried with backoff.',\n vendor: {\n name: 'Amazon Web Services',\n domain: 'aws.amazon.com',\n apiDocs:\n 'https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html',\n website: 'https://aws.amazon.com/cloudwatch/',\n },\n auth: {\n summary:\n 'Authenticate with either static IAM access keys or an assumed IAM role (STS). The principal needs cloudwatch:GetMetricData on the target region.',\n setup: [\n 'Create an IAM user or role with a policy granting `cloudwatch:GetMetricData`.',\n 'For static credentials, generate an access key ID and secret access key for that IAM user and store them as secrets.',\n 'For role assumption, set `roleArn` to the role to assume (and `externalId` if its trust policy requires one); the base credentials must be allowed to `sts:AssumeRole` it.',\n 'Set `region` to the AWS region whose CloudWatch endpoint holds the metrics, e.g. `us-east-1`.',\n 'Reference the keys from config, e.g. `accessKeyId: secret(\"AWS_ACCESS_KEY_ID\")` and `secretAccessKey: secret(\"AWS_SECRET_ACCESS_KEY\")`.',\n ],\n },\n limitations: [\n 'CloudWatch is too broad to mirror wholesale; only the metrics declared in `metricQueries` are synced; there is no automatic metric discovery.',\n 'The series name is derived from the query namespace/metric, so two queries against the same metric with different statistics or dimensions share one series name and are distinguished only by sample attributes.',\n 'Each query period must be a multiple of 60 seconds; sub-minute resolution is not supported.',\n 'A full sync uses lookbackMinutes; a latest sync uses a short window covering the last few periods.',\n \"Each query's window is clamped to CloudWatch's resolution-based retention floor (period < 300s keeps 15 days, < 3600s keeps 63 days, otherwise 455 days), since GetMetricData returns no points older than the floor; truncation is logged.\",\n ],\n});\n\nexport interface CloudWatchMetricQuery {\n id: string;\n namespace: string;\n metric: string;\n stat: string;\n periodSeconds: number;\n dimensions?: Record<string, string>;\n}\n\nexport interface CloudWatchSettings extends BaseAWSSettings {\n metricQueries: CloudWatchMetricQuery[];\n lookbackMinutes?: number;\n}\n\nconst metricDataResponseSchema = z.object({\n MetricDataResults: z.array(\n z.object({\n Id: z.string(),\n Label: z.string(),\n Timestamps: z.array(z.iso.datetime()),\n Values: z.array(z.number()),\n StatusCode: z.enum([\n 'Complete',\n 'InternalError',\n 'PartialData',\n 'Forbidden',\n ]),\n }),\n ),\n NextToken: z.string().optional(),\n});\n\nexport const awsCloudwatchResources = defineResources({\n '<namespace>/<metric>': {\n shape: 'metric',\n dynamic: true,\n description:\n 'One metric series per declared metric query. The series name is the query namespace/metric (e.g. `AWS/EC2/CPUUtilization`), so the actual keys depend on the configured `metricQueries`. Each sample carries the query statistic, period, query id, the upstream status code, and label as attributes.',\n endpoint: 'POST / (GetMetricData)',\n granularity: 'Per query period (periodSeconds, a multiple of 60)',\n notes:\n 'Each sync replaces the full set of samples for the metric names it owns (idempotent).',\n dimensions: [\n {\n name: 'stat',\n description:\n 'The CloudWatch statistic requested for the query, e.g. Average, Sum, or p99.',\n },\n {\n name: 'period',\n description: 'The aggregation period in seconds for the data points.',\n },\n {\n name: 'queryId',\n description:\n 'The configured id of the metric query that produced the sample.',\n },\n {\n name: 'statusCode',\n description:\n 'GetMetricData result status for the series (Complete, PartialData, InternalError, or Forbidden).',\n },\n {\n name: 'label',\n description:\n 'The human-readable label CloudWatch returned for the series.',\n },\n ],\n responses: { metric_data: metricDataResponseSchema },\n },\n});\n\nconst CLOUDWATCH_SERVICE = 'monitoring';\nconst CLOUDWATCH_API_VERSION = '2010-08-01';\nconst MAX_QUERIES_PER_CALL = 500;\nconst DEFAULT_LOOKBACK_MINUTES = 180;\nconst MS_PER_MINUTE = 60_000;\nconst MS_PER_HOUR = 3_600_000;\nconst MS_PER_DAY = 86_400_000;\n\nconst RETENTION_FLOOR_SUB_MINUTE_MS = 3 * MS_PER_HOUR;\nconst RETENTION_FLOOR_HIGH_RES_MS = 15 * MS_PER_DAY;\nconst RETENTION_FLOOR_STANDARD_MS = 63 * MS_PER_DAY;\nconst RETENTION_FLOOR_LONG_TERM_MS = 455 * MS_PER_DAY;\n\nfunction retentionFloorMs(periodSeconds: number): number {\n if (periodSeconds < 60) {\n return RETENTION_FLOOR_SUB_MINUTE_MS;\n }\n if (periodSeconds < 300) {\n return RETENTION_FLOOR_HIGH_RES_MS;\n }\n if (periodSeconds < 3600) {\n return RETENTION_FLOOR_STANDARD_MS;\n }\n return RETENTION_FLOOR_LONG_TERM_MS;\n}\n\nexport const id = 'aws-cloudwatch';\n\nexport const cost: ConnectorCost = {\n warning:\n 'CloudWatch GetMetricData is billed per metric requested on the paid tier; high-frequency syncs over many metrics add up.',\n};\n\nexport class CloudWatchConnector extends BaseAWSConnector<CloudWatchSettings> {\n static readonly id = id;\n\n static readonly resources = awsCloudwatchResources;\n\n static readonly schemas = schemasFromResources(awsCloudwatchResources);\n\n static readonly cost = cost;\n\n static create(input: unknown, ctx?: ConnectorContext): CloudWatchConnector {\n const parsed = configFields.parse(input);\n return new CloudWatchConnector(\n {\n region: parsed.region,\n roleArn: parsed.roleArn,\n externalId: parsed.externalId,\n metricQueries: parsed.metricQueries,\n lookbackMinutes: parsed.lookbackMinutes,\n },\n {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n },\n ctx,\n );\n }\n\n readonly id = id;\n\n private computeWindow(options: SyncOptions): {\n startMs: number;\n endMs: number;\n } {\n const endMs = Date.now();\n if (options.since) {\n const sinceMs = parseEpoch(options.since, 'iso');\n if (sinceMs !== null) {\n return { startMs: Math.min(sinceMs, endMs), endMs };\n }\n }\n if (options.mode === 'latest') {\n const maxPeriod = Math.max(\n ...this.settings.metricQueries.map((q) => q.periodSeconds),\n 60,\n );\n return { startMs: endMs - maxPeriod * 5 * 1000, endMs };\n }\n const lookback = this.settings.lookbackMinutes ?? DEFAULT_LOOKBACK_MINUTES;\n return { startMs: endMs - lookback * MS_PER_MINUTE, endMs };\n }\n\n private buildGetMetricDataBody(\n queries: CloudWatchMetricQuery[],\n startMs: number,\n endMs: number,\n nextToken: string | undefined,\n ): string {\n const params = new URLSearchParams();\n params.set('Action', 'GetMetricData');\n params.set('Version', CLOUDWATCH_API_VERSION);\n params.set('StartTime', new Date(startMs).toISOString());\n params.set('EndTime', new Date(endMs).toISOString());\n params.set('ScanBy', 'TimestampAscending');\n if (nextToken !== undefined) {\n params.set('NextToken', nextToken);\n }\n\n queries.forEach((query, index) => {\n const prefix = `MetricDataQueries.member.${index + 1}`;\n params.set(`${prefix}.Id`, query.id);\n params.set(`${prefix}.ReturnData`, 'true');\n params.set(`${prefix}.MetricStat.Metric.Namespace`, query.namespace);\n params.set(`${prefix}.MetricStat.Metric.MetricName`, query.metric);\n params.set(`${prefix}.MetricStat.Period`, String(query.periodSeconds));\n params.set(`${prefix}.MetricStat.Stat`, query.stat);\n const dimensions = Object.entries(query.dimensions ?? {});\n dimensions.forEach(([name, value], dimIndex) => {\n const dimPrefix = `${prefix}.MetricStat.Metric.Dimensions.member.${dimIndex + 1}`;\n params.set(`${dimPrefix}.Name`, name);\n params.set(`${dimPrefix}.Value`, value);\n });\n });\n\n return params.toString();\n }\n\n async sync(\n options: SyncOptions,\n storage: StorageHandle,\n signal?: AbortSignal,\n ): Promise<SyncResult> {\n const queries = this.settings.metricQueries;\n const names = new Set(queries.map((q) => `${q.namespace}/${q.metric}`));\n\n if (queries.length === 0) {\n return { done: true };\n }\n\n if (\n options.resources &&\n options.resources.size > 0 &&\n ![...names].some((name) => options.resources!.has(name))\n ) {\n this.logger.info('resource skipped', {\n resource: 'metric_data',\n reason: 'no configured metric matches requested resources',\n });\n return { done: true };\n }\n\n const queriesById = new Map(queries.map((q) => [q.id, q]));\n const { startMs, endMs } = this.computeWindow(options);\n\n const samples: MetricSample[] = [];\n const host = `${CLOUDWATCH_SERVICE}.${this.settings.region}.amazonaws.com`;\n\n const groupsByFloor = new Map<number, CloudWatchMetricQuery[]>();\n for (const query of queries) {\n const floorMs = retentionFloorMs(query.periodSeconds);\n const group = groupsByFloor.get(floorMs);\n if (group) {\n group.push(query);\n } else {\n groupsByFloor.set(floorMs, [query]);\n }\n }\n\n let internalErrorSeen = false;\n\n for (const [floorMs, group] of groupsByFloor) {\n const earliestRetainedMs = endMs - floorMs;\n const effectiveStartMs = Math.max(startMs, earliestRetainedMs);\n if (effectiveStartMs > startMs) {\n this.logger.warn('window truncated to retention floor', {\n resource: 'metric_data',\n retentionFloorMs: floorMs,\n requestedStartMs: startMs,\n effectiveStartMs,\n queryIds: group.map((q) => q.id),\n });\n }\n\n for (let i = 0; i < group.length; i += MAX_QUERIES_PER_CALL) {\n const chunk = group.slice(i, i + MAX_QUERIES_PER_CALL);\n let nextToken: string | undefined;\n let page = 0;\n do {\n if (signal?.aborted) {\n return { done: false };\n }\n const body = this.buildGetMetricDataBody(\n chunk,\n effectiveStartMs,\n endMs,\n nextToken,\n );\n const signingCredentials =\n await this.resolveSigningCredentials(signal);\n const xml = await this.signedPost({\n host,\n service: CLOUDWATCH_SERVICE,\n body,\n signingCredentials,\n resource: 'metric_data',\n signal,\n });\n const parsed = parseGetMetricData(xml);\n for (const result of parsed.results) {\n const query = queriesById.get(result.id);\n if (query === undefined) {\n continue;\n }\n if (result.statusCode === 'Forbidden') {\n this.logger.warn('metric result forbidden', {\n resource: 'metric_data',\n queryId: query.id,\n metric: `${query.namespace}/${query.metric}`,\n });\n } else if (result.statusCode === 'InternalError') {\n internalErrorSeen = true;\n this.logger.warn('metric result internal error', {\n resource: 'metric_data',\n queryId: query.id,\n metric: `${query.namespace}/${query.metric}`,\n });\n }\n this.collectSamples(samples, query, result);\n }\n nextToken = parsed.nextToken ?? undefined;\n page += 1;\n this.logger.info('fetched page', {\n resource: 'metric_data',\n page,\n items: parsed.results.length,\n next: nextToken ?? null,\n });\n } while (nextToken !== undefined);\n }\n }\n\n if (internalErrorSeen) {\n throw new TransientError(\n 'GetMetricData returned InternalError for one or more series; rescheduling sync',\n );\n }\n\n await storage.metrics(samples, { names: [...names] });\n this.logger.info('resource done', {\n resource: 'metric_data',\n items: samples.length,\n });\n return { done: true };\n }\n\n private collectSamples(\n samples: MetricSample[],\n query: CloudWatchMetricQuery,\n result: {\n timestamps: string[];\n values: number[];\n statusCode: string;\n label: string;\n },\n ): void {\n const name = `${query.namespace}/${query.metric}`;\n const baseAttributes: Record<string, JSONValue> = {\n ...(query.dimensions ?? {}),\n stat: query.stat,\n period: query.periodSeconds,\n queryId: query.id,\n statusCode: result.statusCode,\n label: result.label,\n };\n const count = Math.min(result.timestamps.length, result.values.length);\n for (let i = 0; i < count; i++) {\n const ts = parseEpoch(result.timestamps[i]!, 'iso');\n const value = result.values[i]!;\n if (ts === null || !Number.isFinite(value)) {\n continue;\n }\n samples.push({ name, ts, value, attributes: { ...baseAttributes } });\n }\n }\n}\n","import { CloudWatchConnector } from './aws-cloudwatch';\n\nexport {\n CloudWatchConnector,\n configFields,\n cost,\n doc,\n id,\n awsCloudwatchResources as resources,\n} from './aws-cloudwatch';\nexport type {\n CloudWatchMetricQuery,\n CloudWatchSettings,\n} from './aws-cloudwatch';\nexport default CloudWatchConnector;\n"],"mappings":";AYSA,SAAS,qBAA6C;ACTtD,SAAS,SAAS;AbAlB,IAAM,UAAU,IAAI,YAAY;AAEhC,IAAM,YAAY;AAElB,SAAS,GAAG,MAAuC;AACjD,SAAO,IAAI,WAAW,QAAQ,OAAO,IAAI,CAAC;AAC5C;AAEA,SAAS,MAAM,QAA6B;AAC1C,QAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,WAAO,MAAM,CAAC,EAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;EAC/C;AACA,SAAO;AACT;AAEA,eAAsB,UAAU,MAA+B;AAC7D,QAAM,SAAS,MAAM,WAAW,OAAO,OAAO,OAAO,WAAW,GAAG,IAAI,CAAC;AACxE,SAAO,MAAM,MAAM;AACrB;AAEA,eAAe,KAAK,KAAmB,MAAoC;AACzE,QAAM,YAAY,MAAM,WAAW,OAAO,OAAO;IAC/C;IACA;IACA,EAAE,MAAM,QAAQ,MAAM,UAAU;IAChC;IACA,CAAC,MAAM;EACT;AACA,SAAO,WAAW,OAAO,OAAO,KAAK,QAAQ,WAAW,GAAG,IAAI,CAAC;AAClE;AAEA,eAAe,iBACb,iBACA,WACA,QACA,SACsB;AACtB,QAAM,QAAQ,MAAM,KAAK,GAAG,OAAO,eAAe,EAAE,GAAG,SAAS;AAChE,QAAM,UAAU,MAAM,KAAK,OAAO,MAAM;AACxC,QAAM,WAAW,MAAM,KAAK,SAAS,OAAO;AAC5C,SAAO,KAAK,UAAU,cAAc;AACtC;AAOO,SAAS,cAAc,MAAqB;AACjD,QAAM,UAAU,KAAK,YAAY,EAAE,QAAQ,iBAAiB,EAAE;AAC9D,SAAO,EAAE,SAAS,WAAW,QAAQ,MAAM,GAAG,CAAC,EAAE;AACnD;AAiBA,eAAsB,0BACpB,QACiB;AACjB,QAAM,eAAuC,CAAC;AAC9C,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,OAAO,GAAG;AACzD,iBAAa,IAAI,YAAY,CAAC,IAAI,MAAM,KAAK,EAAE,QAAQ,QAAQ,GAAG;EACpE;AACA,QAAM,cAAc,OAAO,KAAK,YAAY,EAAE,KAAK;AAEnD,QAAM,mBAAmB,YACtB,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,aAAa,IAAI,CAAC;CAAI,EAC/C,KAAK,EAAE;AACV,QAAM,gBAAgB,YAAY,KAAK,GAAG;AAE1C,QAAM,mBAAmB;IACvB,OAAO;IACP,OAAO;IACP,OAAO;IACP;IACA;IACA,OAAO;EACT,EAAE,KAAK,IAAI;AAEX,QAAM,kBAAkB,GAAG,OAAO,SAAS,IAAI,OAAO,MAAM,IAAI,OAAO,OAAO;AAC9E,QAAM,eAAe;IACnB;IACA,OAAO;IACP;IACA,MAAM,UAAU,gBAAgB;EAClC,EAAE,KAAK,IAAI;AAEX,QAAM,aAAa,MAAM;IACvB,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;EACT;AACA,QAAM,YAAY,MAAM,MAAM,KAAK,YAAY,YAAY,CAAC;AAE5D,SACE,GAAG,SAAS,eAAe,OAAO,WAAW,IAAI,eAAe,mBAC/C,aAAa,eAAe,SAAS;AAE1D;ACjHA,SAAS,eAAe,OAAuB;AAC7C,SAAO,MACJ,QAAQ,SAAS,GAAG,EACpB,QAAQ,SAAS,GAAG,EACpB,QAAQ,WAAW,GAAG,EACtB,QAAQ,UAAU,GAAG,EACrB,QAAQ,WAAW,GAAG,EACtB,QAAQ,UAAU,GAAG;AAC1B;AAEO,SAAS,WAAW,KAAa,KAA4B;AAClE,QAAM,aAAa,IAAI,QAAQ,uBAAuB,MAAM;AAC5D,QAAM,OAAO,IAAI,OAAO,IAAI,UAAU,gBAAgB,EAAE,KAAK,GAAG;AAChE,MAAI,CAAC,MAAM;AACT,WAAO,IAAI,OAAO,IAAI,UAAU,QAAQ,EAAE,KAAK,GAAG,IAAI,KAAK;EAC7D;AACA,QAAM,QAAQ,KAAK,QAAQ,KAAK,CAAC,EAAE;AACnC,QAAM,WAAW,IAAI,QAAQ,KAAK,GAAG,KAAK,KAAK;AAC/C,MAAI,aAAa,IAAI;AACnB,WAAO;EACT;AACA,SAAO,IAAI,MAAM,OAAO,QAAQ;AAClC;AAEO,SAAS,UAAU,KAAa,KAA4B;AACjE,QAAM,QAAQ,WAAW,KAAK,GAAG;AACjC,SAAO,UAAU,OAAO,OAAO,eAAe,KAAK,EAAE,KAAK;AAC5D;AAEO,SAAS,gBAAgB,KAAuB;AACrD,QAAM,UAAoB,CAAC;AAC3B,QAAM,KAAK;AACX,MAAI,QAAQ;AACZ,MAAI,eAAe;AACnB,MAAI;AACJ,UAAQ,QAAQ,GAAG,KAAK,GAAG,OAAO,MAAM;AACtC,QAAI,MAAM,CAAC,EAAE,WAAW,IAAI,GAAG;AAC7B;AACA,UAAI,UAAU,KAAK,iBAAiB,IAAI;AACtC,gBAAQ,KAAK,IAAI,MAAM,cAAc,MAAM,KAAK,CAAC;AACjD,uBAAe;MACjB;IACF,OAAO;AACL,UAAI,UAAU,GAAG;AACf,uBAAe,MAAM,QAAQ,MAAM,CAAC,EAAE;MACxC;AACA;IACF;EACF;AACA,SAAO;AACT;AAeO,SAAS,mBAAmB,KAAkC;AACnE,QAAM,eAAe,WAAW,KAAK,mBAAmB,KAAK;AAC7D,QAAM,UAAU,gBAAgB,YAAY,EAAE,IAAI,CAAC,WAAW;AAC5D,UAAM,UAAU,WAAW,QAAQ,YAAY,KAAK;AACpD,UAAM,WAAW,WAAW,QAAQ,QAAQ,KAAK;AACjD,WAAO;MACL,IAAI,UAAU,QAAQ,IAAI,KAAK;MAC/B,OAAO,UAAU,QAAQ,OAAO,KAAK;MACrC,YAAY,UAAU,QAAQ,YAAY,KAAK;MAC/C,YAAY,gBAAgB,OAAO,EAAE,IAAI,CAAC,MAAM,eAAe,CAAC,EAAE,KAAK,CAAC;MACxE,QAAQ,gBAAgB,QAAQ,EAAE;QAAI,CAAC,MACrC,OAAO,eAAe,CAAC,EAAE,KAAK,CAAC;MACjC;IACF;EACF,CAAC;AACD,QAAM,YAAY,UAAU,KAAK,WAAW;AAC5C,SAAO,EAAE,SAAS,WAAW,cAAc,KAAK,OAAO,UAAU;AACnE;AASO,SAAS,gBAAgB,KAAoC;AAClE,QAAM,YAAY,WAAW,KAAK,aAAa;AAC/C,MAAI,cAAc,MAAM;AACtB,WAAO;EACT;AACA,QAAM,cAAc,UAAU,WAAW,aAAa,KAAK;AAC3D,QAAM,kBAAkB,UAAU,WAAW,iBAAiB,KAAK;AACnE,MAAI,gBAAgB,MAAM,oBAAoB,IAAI;AAChD,WAAO;EACT;AACA,SAAO;IACL;IACA;IACA,cAAc,UAAU,WAAW,cAAc,KAAK;IACtD,YAAY,UAAU,WAAW,YAAY,KAAK;EACpD;AACF;AAEO,SAAS,eAAe,KAA4B;AACzD,SAAO,UAAU,KAAK,MAAM;AAC9B;ACtGO,IAAe,kBAAf,cAAuC,MAAM;EAEzC;EAET,YAAY,SAAiB,UAAyB;AACpD,UAAM,OAAO;AACb,SAAK,OAAO,WAAW;AACvB,SAAK,WAAW;EAClB;AACF;AAEO,IAAM,iBAAN,cAA6B,gBAAgB;EACzC,OAAO;AAClB;AAEO,IAAM,iBAAN,cAA6B,gBAAgB;EACzC,OAAO;EACP;EAET,YAAY,SAAiB,UAAyB,YAAmB;AACvE,UAAM,SAAS,QAAQ;AACvB,SAAK,aAAa;EACpB;AACF;AAEO,IAAM,YAAN,cAAwB,gBAAgB;EACpC,OAAO;AAClB;AEpCO,IAAM,sBAAsB;AAE5B,IAAM,qBAAqB,qBAAqB,mBAAmB;AAEnE,SAAS,mBAAmB,aAA6B;AAC9D,SAAO,qBAAqB,WAAW,IAAI,mBAAmB;AAChE;AKJO,SAAS,WACd,OACA,MACe;AACf,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;EACT;AACA,MAAI,SAAS,OAAO;AAClB,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;IACT;AACA,UAAM,KAAK,IAAI,KAAK,KAAK,EAAE,QAAQ;AACnC,WAAO,OAAO,SAAS,EAAE,IAAI,KAAK;EACpC;AACA,MAAI,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAI;AACpD,WAAO;EACT;AACA,QAAM,IAAI,OAAO,UAAU,WAAW,QAAQ,OAAO,KAAK;AAC1D,MAAI,CAAC,OAAO,SAAS,CAAC,GAAG;AACvB,WAAO;EACT;AACA,QAAM,SAAS,SAAS,MAAM,IAAI,MAAO;AACzC,SAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAC5C;AGLO,IAAM,uBAAuB;EAClC,aAAa;IACX,aAAa;IACb,MAAM;EACR;EACA,iBAAiB;IACf,aAAa;IACb,MAAM;EACR;AACF;AAUA,IAAM,cAAc;AACpB,IAAM,kBAAkB;AACxB,IAAM,6BAA6B;AACnC,IAAM,+BAA+B;AACrC,IAAM,oBAAoB;AAE1B,SAAS,QAAQ,MAAkC;AACjD,QAAM,MACJ,WAGA,SAAS;AACX,SAAO,MAAM,IAAI;AACnB;AAEO,IAAe,mBAAf,cAEG,cAAyC;EAC/B,cAAc;EAExB,eAGG;EAED,kBAAsC;AAC9C,UAAM,EAAE,aAAa,gBAAgB,IAAI,KAAK;AAC9C,QAAI,eAAe,iBAAiB;AAClC,aAAO,EAAE,aAAa,gBAAgB;IACxC;AACA,UAAM,iBAAiB,QAAQ,mBAAmB;AAClD,UAAM,qBAAqB,QAAQ,uBAAuB;AAC1D,QAAI,kBAAkB,oBAAoB;AACxC,aAAO;QACL,aAAa;QACb,iBAAiB;QACjB,cAAc,QAAQ,mBAAmB,KAAK;MAChD;IACF;AACA,UAAM,IAAI;MACR,GAAG,KAAK,EAAE;IACZ;EACF;EAEA,MAAgB,0BACd,QAC6B;AAC7B,QAAI,KAAK,SAAS,YAAY,QAAW;AACvC,YAAM,EAAE,aAAa,gBAAgB,IAAI,KAAK;AAC9C,UAAI,CAAC,eAAe,CAAC,iBAAiB;AACpC,cAAM,IAAI;UACR,GAAG,KAAK,EAAE;QACZ;MACF;AACA,aAAO,EAAE,aAAa,gBAAgB;IACxC;AAEA,QAAI,KAAK,gBAAgB,KAAK,IAAI,IAAI,KAAK,aAAa,WAAW;AACjE,aAAO,KAAK,aAAa;IAC3B;AACA,WAAO,KAAK,WAAW,KAAK,SAAS,SAAS,MAAM;EACtD;EAEA,MAAc,WACZ,SACA,QAC6B;AAC7B,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,UAAU,YAAY;AACjC,WAAO,IAAI,WAAW,eAAe;AACrC,WAAO,IAAI,WAAW,OAAO;AAC7B,WAAO,IAAI,mBAAmB,WAAW,KAAK,EAAE,EAAE;AAClD,WAAO,IAAI,mBAAmB,OAAO,4BAA4B,CAAC;AAClE,QAAI,KAAK,SAAS,eAAe,QAAW;AAC1C,aAAO,IAAI,cAAc,KAAK,SAAS,UAAU;IACnD;AAEA,UAAM,OAAO,OAAO,KAAK,SAAS,MAAM;AACxC,UAAM,MAAM,MAAM,KAAK,WAAW;MAChC;MACA,SAAS;MACT,MAAM,OAAO,SAAS;MACtB,oBAAoB,KAAK,gBAAgB;MACzC,UAAU;MACV;IACF,CAAC;AAED,UAAM,SAAS,gBAAgB,GAAG;AAClC,QAAI,WAAW,MAAM;AACnB,YAAM,IAAI;QACR,GAAG,KAAK,EAAE;MACZ;IACF;AACA,SAAK,wBAAwB,MAAM;AACnC,WAAO;MACL,aAAa,OAAO;MACpB,iBAAiB,OAAO;MACxB,cAAc,OAAO,gBAAgB;IACvC;EACF;EAEQ,wBAAwB,QAA8B;AAC5D,UAAM,eAAe,WAAW,OAAO,YAAY,KAAK;AACxD,UAAM,YACJ,iBAAiB,OACb,eAAe,6BACf,KAAK,IAAI,KAAK,+BAA+B,MAAM;AACzD,SAAK,eAAe;MAClB,OAAO;QACL,aAAa,OAAO;QACpB,iBAAiB,OAAO;QACxB,cAAc,OAAO,gBAAgB;MACvC;MACA;IACF;EACF;EAEA,MAAgB,WAAW,MAOP;AAClB,UAAM,EAAE,SAAS,UAAU,IAAI,cAAc,oBAAI,KAAK,CAAC;AACvD,UAAM,cAAc,MAAM,UAAU,KAAK,IAAI;AAE7C,UAAM,gBAAwC;MAC5C,MAAM,KAAK;MACX,gBAAgB;MAChB,wBAAwB;MACxB,cAAc;IAChB;AACA,QAAI,KAAK,mBAAmB,iBAAiB,QAAW;AACtD,oBAAc,sBAAsB,IAClC,KAAK,mBAAmB;IAC5B;AAEA,UAAM,gBAAgB,MAAM,0BAA0B;MACpD,QAAQ;MACR,MAAM,KAAK;MACX,MAAM;MACN,OAAO;MACP,SAAS;MACT;MACA,aAAa,KAAK,mBAAmB;MACrC,iBAAiB,KAAK,mBAAmB;MACzC,QAAQ,KAAK,SAAS;MACtB,SAAS,KAAK;MACd;MACA;IACF,CAAC;AAED,UAAM,cAAsC;MAC1C,gBAAgB;MAChB,wBAAwB;MACxB,cAAc;MACd,cAAc,mBAAmB,KAAK,EAAE;MACxC,eAAe;IACjB;AACA,QAAI,KAAK,mBAAmB,iBAAiB,QAAW;AACtD,kBAAY,sBAAsB,IAChC,KAAK,mBAAmB;IAC5B;AAEA,QAAI;AACF,YAAM,MAA4B,MAAM,KAAK;QAC3C;UACE,KAAK,WAAW,KAAK,IAAI;UACzB,QAAQ;UACR,SAAS;UACT,MAAM,KAAK;UACX,WAAW;UACX,QAAQ,KAAK;QACf;QACA,EAAE,UAAU,KAAK,SAAS;MAC5B;AACA,aAAO,IAAI;IACb,SAAS,KAAK;AACZ,YAAM,KAAK,iBAAiB,GAAG;IACjC;EACF;EAEU,iBAAiB,KAAuB;AAChD,QAAI,EAAE,eAAe,UAAU,EAAE,UAAU,MAAM;AAC/C,aAAO;IACT;AACA,UAAM,UAAU;AAChB,UAAM,OACJ,OAAO,QAAQ,UAAU,SAAS,WAAW,QAAQ,SAAS,OAAO;AACvE,UAAM,OAAO,eAAe,IAAI,KAAK;AACrC,UAAM,SAAS,QAAQ,UAAU,UAAU;AAE3C,QACE,8DAA8D,KAAK,IAAI,GACvE;AACA,aAAO,IAAI,eAAe,QAAQ,SAAS,QAAQ,QAAQ;IAC7D;AACA,QACE,uHAAuH;MACrH;IACF,GACA;AACA,aAAO,IAAI,UAAU,QAAQ,SAAS,QAAQ,QAAQ;IACxD;AACA,QAAI,UAAU,KAAK;AACjB,aAAO,IAAI,eAAe,QAAQ,SAAS,QAAQ,QAAQ;IAC7D;AACA,WAAO;EACT;AACF;ACxPO,IAAM,qBAAqB;EAChC,QAAQ,EACL,OAAO,EACP;IACC;IACA;EACF,EACC,KAAK;IACJ,OAAO;IACP,aACE;IACF,aAAa;EACf,CAAC;EACH,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK;IAC7D,OAAO;IACP,aACE;IACF,QAAQ;EACV,CAAC;EACD,iBAAiB,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK;IACjE,OAAO;IACP,aAAa;IACb,QAAQ;EACV,CAAC;EACD,SAAS,EACN,OAAO,EACP;IACC;IACA;EACF,EACC,SAAS,EACT,KAAK;IACJ,OAAO;IACP,aACE;IACF,aAAa;EACf,CAAC;EACH,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK;IAC5C,OAAO;IACP,aACE;EACJ,CAAC;AACH;AAUO,IAAM,gBAAgB;EAC3B,WAAW,CAAC,QAAgC;AAC1C,UAAM,UAAU,IAAI,YAAY;AAChC,UAAM,YACJ,IAAI,gBAAgB,UAAa,IAAI,oBAAoB;AAC3D,QAAI,IAAI,eAAe,UAAa,CAAC,SAAS;AAC5C,aAAO;IACT;AACA,WAAO,WAAW;EACpB;EACA,SACE;AACJ;;;ACzDO,IAAeA,mBAAf,cAAuC,MAAM;EAEzC;EAET,YAAY,SAAiB,UAAyB;AACpD,UAAM,OAAO;AACb,SAAK,OAAO,WAAW;AACvB,SAAK,WAAW;EAClB;AACF;AAEO,IAAMC,kBAAN,cAA6BD,iBAAgB;EACzC,OAAO;AAClB;AEtBO,IAAME,uBAAsB;AAE5B,IAAMC,sBAAqB,qBAAqBD,oBAAmB;AKAnE,SAASE,YACd,OACA,MACe;AACf,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;EACT;AACA,MAAI,SAAS,OAAO;AAClB,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;IACT;AACA,UAAM,KAAK,IAAI,KAAK,KAAK,EAAE,QAAQ;AACnC,WAAO,OAAO,SAAS,EAAE,IAAI,KAAK;EACpC;AACA,MAAI,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAI;AACpD,WAAO;EACT;AACA,QAAM,IAAI,OAAO,UAAU,WAAW,QAAQ,OAAO,KAAK;AAC1D,MAAI,CAAC,OAAO,SAAS,CAAC,GAAG;AACvB,WAAO;EACT;AACA,QAAM,SAAS,SAAS,MAAM,IAAI,MAAO;AACzC,SAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAC5C;;;AGjBA;AAAA,EASE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,KAAAC,UAAS;AAElB,IAAM,oBAAoBA,GAAE,OAAO;AAAA,EACjC,IAAIA,GACD,OAAO,EACP;AAAA,IACC;AAAA,IACA;AAAA,EACF;AAAA,EACF,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACxB,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,eAAeA,GACZ,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,OAAO,CAAC,MAAM,IAAI,OAAO,GAAG;AAAA,IAC3B,SAAS;AAAA,EACX,CAAC;AAAA,EACH,YAAYA,GAAE,OAAOA,GAAE,OAAO,GAAGA,GAAE,OAAO,CAAC,EAAE,SAAS;AACxD,CAAC;AAEM,IAAM,eAAe;AAAA,EAC1BA,GACG,OAAO;AAAA,IACN,GAAG;AAAA,IACH,eAAeA,GAAE,MAAM,iBAAiB,EAAE,SAAS,EAAE,KAAK;AAAA,MACxD,OAAO;AAAA,MACP,aACE;AAAA,IACJ,CAAC;AAAA,IACD,iBAAiBA,GAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,KAAM,EAAE,SAAS,EAAE,KAAK;AAAA,MACvE,OAAO;AAAA,MACP,aACE;AAAA,MACF,aAAa;AAAA,IACf,CAAC;AAAA,EACH,CAAC,EACA,OAAO,cAAc,WAAW,EAAE,SAAS,cAAc,QAAQ,CAAC,EAClE;AAAA,IACC,CAAC,QACC,IAAI,IAAI,IAAI,cAAc,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,SAC5C,IAAI,cAAc;AAAA,IACpB;AAAA,MACE,MAAM,CAAC,eAAe;AAAA,MACtB,SAAS;AAAA,IACX;AAAA,EACF;AACJ;AAEO,IAAM,MAAoB,mBAAmB;AAAA,EAClD,aAAa;AAAA,EACb,UAAU;AAAA,EACV,YAAY;AAAA,EACZ,SACE;AAAA,EACF,WACE;AAAA,EACF,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,SACE;AAAA,IACF,SAAS;AAAA,EACX;AAAA,EACA,MAAM;AAAA,IACJ,SACE;AAAA,IACF,OAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EACA,aAAa;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF,CAAC;AAgBD,IAAM,2BAA2BA,GAAE,OAAO;AAAA,EACxC,mBAAmBA,GAAE;AAAA,IACnBA,GAAE,OAAO;AAAA,MACP,IAAIA,GAAE,OAAO;AAAA,MACb,OAAOA,GAAE,OAAO;AAAA,MAChB,YAAYA,GAAE,MAAMA,GAAE,IAAI,SAAS,CAAC;AAAA,MACpC,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC;AAAA,MAC1B,YAAYA,GAAE,KAAK;AAAA,QACjB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA,EACA,WAAWA,GAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAEM,IAAM,yBAAyB,gBAAgB;AAAA,EACpD,wBAAwB;AAAA,IACtB,OAAO;AAAA,IACP,SAAS;AAAA,IACT,aACE;AAAA,IACF,UAAU;AAAA,IACV,aAAa;AAAA,IACb,OACE;AAAA,IACF,YAAY;AAAA,MACV;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,IACF;AAAA,IACA,WAAW,EAAE,aAAa,yBAAyB;AAAA,EACrD;AACF,CAAC;AAED,IAAM,qBAAqB;AAC3B,IAAM,yBAAyB;AAC/B,IAAM,uBAAuB;AAC7B,IAAM,2BAA2B;AACjC,IAAM,gBAAgB;AACtB,IAAM,cAAc;AACpB,IAAM,aAAa;AAEnB,IAAM,gCAAgC,IAAI;AAC1C,IAAM,8BAA8B,KAAK;AACzC,IAAM,8BAA8B,KAAK;AACzC,IAAM,+BAA+B,MAAM;AAE3C,SAAS,iBAAiB,eAA+B;AACvD,MAAI,gBAAgB,IAAI;AACtB,WAAO;AAAA,EACT;AACA,MAAI,gBAAgB,KAAK;AACvB,WAAO;AAAA,EACT;AACA,MAAI,gBAAgB,MAAM;AACxB,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,IAAM,KAAK;AAEX,IAAM,OAAsB;AAAA,EACjC,SACE;AACJ;AAEO,IAAM,sBAAN,MAAM,6BAA4B,iBAAqC;AAAA,EAC5E,OAAgB,KAAK;AAAA,EAErB,OAAgB,YAAY;AAAA,EAE5B,OAAgB,UAAU,qBAAqB,sBAAsB;AAAA,EAErE,OAAgB,OAAO;AAAA,EAEvB,OAAO,OAAO,OAAgB,KAA6C;AACzE,UAAM,SAAS,aAAa,MAAM,KAAK;AACvC,WAAO,IAAI;AAAA,MACT;AAAA,QACE,QAAQ,OAAO;AAAA,QACf,SAAS,OAAO;AAAA,QAChB,YAAY,OAAO;AAAA,QACnB,eAAe,OAAO;AAAA,QACtB,iBAAiB,OAAO;AAAA,MAC1B;AAAA,MACA;AAAA,QACE,aAAa,OAAO;AAAA,QACpB,iBAAiB,OAAO;AAAA,MAC1B;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAES,KAAK;AAAA,EAEN,cAAc,SAGpB;AACA,UAAM,QAAQ,KAAK,IAAI;AACvB,QAAI,QAAQ,OAAO;AACjB,YAAM,UAAUC,YAAW,QAAQ,OAAO,KAAK;AAC/C,UAAI,YAAY,MAAM;AACpB,eAAO,EAAE,SAAS,KAAK,IAAI,SAAS,KAAK,GAAG,MAAM;AAAA,MACpD;AAAA,IACF;AACA,QAAI,QAAQ,SAAS,UAAU;AAC7B,YAAM,YAAY,KAAK;AAAA,QACrB,GAAG,KAAK,SAAS,cAAc,IAAI,CAAC,MAAM,EAAE,aAAa;AAAA,QACzD;AAAA,MACF;AACA,aAAO,EAAE,SAAS,QAAQ,YAAY,IAAI,KAAM,MAAM;AAAA,IACxD;AACA,UAAM,WAAW,KAAK,SAAS,mBAAmB;AAClD,WAAO,EAAE,SAAS,QAAQ,WAAW,eAAe,MAAM;AAAA,EAC5D;AAAA,EAEQ,uBACN,SACA,SACA,OACA,WACQ;AACR,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,UAAU,eAAe;AACpC,WAAO,IAAI,WAAW,sBAAsB;AAC5C,WAAO,IAAI,aAAa,IAAI,KAAK,OAAO,EAAE,YAAY,CAAC;AACvD,WAAO,IAAI,WAAW,IAAI,KAAK,KAAK,EAAE,YAAY,CAAC;AACnD,WAAO,IAAI,UAAU,oBAAoB;AACzC,QAAI,cAAc,QAAW;AAC3B,aAAO,IAAI,aAAa,SAAS;AAAA,IACnC;AAEA,YAAQ,QAAQ,CAAC,OAAO,UAAU;AAChC,YAAM,SAAS,4BAA4B,QAAQ,CAAC;AACpD,aAAO,IAAI,GAAG,MAAM,OAAO,MAAM,EAAE;AACnC,aAAO,IAAI,GAAG,MAAM,eAAe,MAAM;AACzC,aAAO,IAAI,GAAG,MAAM,gCAAgC,MAAM,SAAS;AACnE,aAAO,IAAI,GAAG,MAAM,iCAAiC,MAAM,MAAM;AACjE,aAAO,IAAI,GAAG,MAAM,sBAAsB,OAAO,MAAM,aAAa,CAAC;AACrE,aAAO,IAAI,GAAG,MAAM,oBAAoB,MAAM,IAAI;AAClD,YAAM,aAAa,OAAO,QAAQ,MAAM,cAAc,CAAC,CAAC;AACxD,iBAAW,QAAQ,CAAC,CAAC,MAAM,KAAK,GAAG,aAAa;AAC9C,cAAM,YAAY,GAAG,MAAM,wCAAwC,WAAW,CAAC;AAC/E,eAAO,IAAI,GAAG,SAAS,SAAS,IAAI;AACpC,eAAO,IAAI,GAAG,SAAS,UAAU,KAAK;AAAA,MACxC,CAAC;AAAA,IACH,CAAC;AAED,WAAO,OAAO,SAAS;AAAA,EACzB;AAAA,EAEA,MAAM,KACJ,SACA,SACA,QACqB;AACrB,UAAM,UAAU,KAAK,SAAS;AAC9B,UAAM,QAAQ,IAAI,IAAI,QAAQ,IAAI,CAAC,MAAM,GAAG,EAAE,SAAS,IAAI,EAAE,MAAM,EAAE,CAAC;AAEtE,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,EAAE,MAAM,KAAK;AAAA,IACtB;AAEA,QACE,QAAQ,aACR,QAAQ,UAAU,OAAO,KACzB,CAAC,CAAC,GAAG,KAAK,EAAE,KAAK,CAAC,SAAS,QAAQ,UAAW,IAAI,IAAI,CAAC,GACvD;AACA,WAAK,OAAO,KAAK,oBAAoB;AAAA,QACnC,UAAU;AAAA,QACV,QAAQ;AAAA,MACV,CAAC;AACD,aAAO,EAAE,MAAM,KAAK;AAAA,IACtB;AAEA,UAAM,cAAc,IAAI,IAAI,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AACzD,UAAM,EAAE,SAAS,MAAM,IAAI,KAAK,cAAc,OAAO;AAErD,UAAM,UAA0B,CAAC;AACjC,UAAM,OAAO,GAAG,kBAAkB,IAAI,KAAK,SAAS,MAAM;AAE1D,UAAM,gBAAgB,oBAAI,IAAqC;AAC/D,eAAW,SAAS,SAAS;AAC3B,YAAM,UAAU,iBAAiB,MAAM,aAAa;AACpD,YAAM,QAAQ,cAAc,IAAI,OAAO;AACvC,UAAI,OAAO;AACT,cAAM,KAAK,KAAK;AAAA,MAClB,OAAO;AACL,sBAAc,IAAI,SAAS,CAAC,KAAK,CAAC;AAAA,MACpC;AAAA,IACF;AAEA,QAAI,oBAAoB;AAExB,eAAW,CAAC,SAAS,KAAK,KAAK,eAAe;AAC5C,YAAM,qBAAqB,QAAQ;AACnC,YAAM,mBAAmB,KAAK,IAAI,SAAS,kBAAkB;AAC7D,UAAI,mBAAmB,SAAS;AAC9B,aAAK,OAAO,KAAK,uCAAuC;AAAA,UACtD,UAAU;AAAA,UACV,kBAAkB;AAAA,UAClB,kBAAkB;AAAA,UAClB;AAAA,UACA,UAAU,MAAM,IAAI,CAAC,MAAM,EAAE,EAAE;AAAA,QACjC,CAAC;AAAA,MACH;AAEA,eAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,sBAAsB;AAC3D,cAAM,QAAQ,MAAM,MAAM,GAAG,IAAI,oBAAoB;AACrD,YAAI;AACJ,YAAI,OAAO;AACX,WAAG;AACD,cAAI,QAAQ,SAAS;AACnB,mBAAO,EAAE,MAAM,MAAM;AAAA,UACvB;AACA,gBAAM,OAAO,KAAK;AAAA,YAChB;AAAA,YACA;AAAA,YACA;AAAA,YACA;AAAA,UACF;AACA,gBAAM,qBACJ,MAAM,KAAK,0BAA0B,MAAM;AAC7C,gBAAM,MAAM,MAAM,KAAK,WAAW;AAAA,YAChC;AAAA,YACA,SAAS;AAAA,YACT;AAAA,YACA;AAAA,YACA,UAAU;AAAA,YACV;AAAA,UACF,CAAC;AACD,gBAAM,SAAS,mBAAmB,GAAG;AACrC,qBAAW,UAAU,OAAO,SAAS;AACnC,kBAAM,QAAQ,YAAY,IAAI,OAAO,EAAE;AACvC,gBAAI,UAAU,QAAW;AACvB;AAAA,YACF;AACA,gBAAI,OAAO,eAAe,aAAa;AACrC,mBAAK,OAAO,KAAK,2BAA2B;AAAA,gBAC1C,UAAU;AAAA,gBACV,SAAS,MAAM;AAAA,gBACf,QAAQ,GAAG,MAAM,SAAS,IAAI,MAAM,MAAM;AAAA,cAC5C,CAAC;AAAA,YACH,WAAW,OAAO,eAAe,iBAAiB;AAChD,kCAAoB;AACpB,mBAAK,OAAO,KAAK,gCAAgC;AAAA,gBAC/C,UAAU;AAAA,gBACV,SAAS,MAAM;AAAA,gBACf,QAAQ,GAAG,MAAM,SAAS,IAAI,MAAM,MAAM;AAAA,cAC5C,CAAC;AAAA,YACH;AACA,iBAAK,eAAe,SAAS,OAAO,MAAM;AAAA,UAC5C;AACA,sBAAY,OAAO,aAAa;AAChC,kBAAQ;AACR,eAAK,OAAO,KAAK,gBAAgB;AAAA,YAC/B,UAAU;AAAA,YACV;AAAA,YACA,OAAO,OAAO,QAAQ;AAAA,YACtB,MAAM,aAAa;AAAA,UACrB,CAAC;AAAA,QACH,SAAS,cAAc;AAAA,MACzB;AAAA,IACF;AAEA,QAAI,mBAAmB;AACrB,YAAM,IAAIC;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,QAAQ,QAAQ,SAAS,EAAE,OAAO,CAAC,GAAG,KAAK,EAAE,CAAC;AACpD,SAAK,OAAO,KAAK,iBAAiB;AAAA,MAChC,UAAU;AAAA,MACV,OAAO,QAAQ;AAAA,IACjB,CAAC;AACD,WAAO,EAAE,MAAM,KAAK;AAAA,EACtB;AAAA,EAEQ,eACN,SACA,OACA,QAMM;AACN,UAAM,OAAO,GAAG,MAAM,SAAS,IAAI,MAAM,MAAM;AAC/C,UAAM,iBAA4C;AAAA,MAChD,GAAI,MAAM,cAAc,CAAC;AAAA,MACzB,MAAM,MAAM;AAAA,MACZ,QAAQ,MAAM;AAAA,MACd,SAAS,MAAM;AAAA,MACf,YAAY,OAAO;AAAA,MACnB,OAAO,OAAO;AAAA,IAChB;AACA,UAAM,QAAQ,KAAK,IAAI,OAAO,WAAW,QAAQ,OAAO,OAAO,MAAM;AACrE,aAAS,IAAI,GAAG,IAAI,OAAO,KAAK;AAC9B,YAAM,KAAKD,YAAW,OAAO,WAAW,CAAC,GAAI,KAAK;AAClD,YAAM,QAAQ,OAAO,OAAO,CAAC;AAC7B,UAAI,OAAO,QAAQ,CAAC,OAAO,SAAS,KAAK,GAAG;AAC1C;AAAA,MACF;AACA,cAAQ,KAAK,EAAE,MAAM,IAAI,OAAO,YAAY,EAAE,GAAG,eAAe,EAAE,CAAC;AAAA,IACrE;AAAA,EACF;AACF;;;ACzbA,IAAO,gBAAQ;","names":["HttpClientError","TransientError","HTTP_CLIENT_VERSION","DEFAULT_USER_AGENT","parseEpoch","z","parseEpoch","TransientError"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rawdash/connector-aws-cloudwatch",
3
- "version": "0.24.0",
3
+ "version": "0.26.0",
4
4
  "description": "Rawdash connector for AWS CloudWatch — pulls declared metric queries into the six-shape storage model via GetMetricData",
5
5
  "license": "Apache-2.0",
6
6
  "type": "module",
@@ -24,7 +24,7 @@
24
24
  },
25
25
  "dependencies": {
26
26
  "zod": "^4.4.3",
27
- "@rawdash/core": "0.24.0"
27
+ "@rawdash/core": "0.26.0"
28
28
  },
29
29
  "devDependencies": {
30
30
  "fast-check": "^4.8.0",