npm - @rawdash/connector-azure-cost - Versions diffs - 0.17.0 - Mend

@rawdash/connector-azure-cost 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,111 @@
+<!-- This file is generated from connector metadata by scripts/generate-connector-docs.ts. Do not edit by hand. -->
+# @rawdash/connector-azure-cost
+[![npm version](https://img.shields.io/npm/v/@rawdash/connector-azure-cost)](https://www.npmjs.com/package/@rawdash/connector-azure-cost)
+[![license](https://img.shields.io/npm/l/@rawdash/connector-azure-cost)](https://github.com/rawdash/rawdash/blob/main/LICENSE)
+Track daily Azure spend over time, optionally broken down by resource group, service, or tag, via the Cost Management query API.
+> **Cost & frequency.** Azure Cost Management queries are throttled aggressively per subscription; avoid syncing more often than necessary. Recommended sync interval: **1 day**. Minimum sensible interval: **1 hour**.
+## Install
+```sh
+npm install @rawdash/connector-azure-cost
+```
+## Authentication
+Authenticates with a Microsoft Entra ID (Azure AD) service principal (tenant ID + client ID + client secret) scoped to the target subscription. The principal needs the built-in Cost Management Reader role at the subscription scope (or Reader).
+1. In the Azure portal open Microsoft Entra ID → App registrations → New registration and create an app for rawdash.
+2. Under Certificates & secrets, generate a client secret and copy its value (it is only shown once).
+3. In the target subscription open Access control (IAM) → Add role assignment and grant the new service principal the built-in Cost Management Reader role.
+4. Store the client secret as a secret and reference it from config as `clientSecret: secret("AZ_CLIENT_SECRET")`, alongside `tenantId`, `clientId`, and `subscriptionId`.
+5. Cost Management must be enabled for the subscription; the first activation can take up to 24 hours before data is queryable.
+## Configuration
+| Field            | Type   | Required | Description                                                                                                                                 |
+| ---------------- | ------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
+| `tenantId`       | string | Yes      | Microsoft Entra ID (Azure AD) tenant ID - the directory that hosts the app registration.                                                    |
+| `clientId`       | string | Yes      | Application (client) ID of the Entra ID app registration / service principal used for authentication.                                       |
+| `clientSecret`   | secret | Yes      | Client secret of the Entra ID app registration. Generate one under App registrations → Certificates & secrets.                              |
+| `subscriptionId` | string | Yes      | Azure subscription ID the cost query is scoped to. The service principal needs Cost Management Reader (or Reader) on this subscription.     |
+| `groupBy`        | array  | No       | Up to two Cost Management dimensions to break costs down by, e.g. ServiceName, ResourceGroup, or TAG:Environment. Omit for total cost only. |
+| `lookbackDays`   | number | No       | How many days of history to fetch on a full sync. Defaults to 90.                                                                           |
+## Resources
+- **`azure_cost_daily`** _(metric)_ - Daily Azure actual cost per time bucket, optionally split across the configured group-by dimensions.
+  - Endpoint: `POST /subscriptions/{subId}/providers/Microsoft.CostManagement/query`
+  - Unit: currency reported by Azure
+  - Granularity: daily
+  - Dimensions: `unit`, `service_name`
+  - Cost data can be revised for a couple of days after the fact, so incremental syncs refetch a short trailing window. Cost Management accepts at most two grouping dimensions per query.
+## Example
+```ts
+import {
+  defineConfig,
+  defineDashboard,
+  defineMetric,
+  secret,
+} from '@rawdash/core';
+const azureCost = {
+  name: 'azure-cost',
+  connectorId: 'azure-cost',
+  config: {
+    tenantId: '00000000-0000-0000-0000-000000000000',
+    clientId: '00000000-0000-0000-0000-000000000000',
+    clientSecret: secret('AZ_CLIENT_SECRET'),
+    subscriptionId: '00000000-0000-0000-0000-000000000000',
+    groupBy: ['ServiceName'],
+  },
+};
+export default defineConfig({
+  connectors: [azureCost],
+  dashboards: {
+    finance: defineDashboard({
+      widgets: {
+        spend_30d: {
+          kind: 'stat',
+          title: 'Azure spend (30d)',
+          window: '30d',
+          metric: defineMetric({
+            connector: azureCost,
+            shape: 'metric',
+            name: 'azure_cost_daily',
+            fn: 'sum',
+          }),
+        },
+      },
+    }),
+  },
+});
+```
+## Rate limits
+Cost Management throttles via 429 responses with Retry-After; the shared HTTP client honors Retry-After and backs off on 429.
+## Limitations
+- Cost data can be revised for a couple of days after the fact, so incremental syncs refetch a short trailing window.
+- Daily granularity only (the most common dashboard slice). Monthly granularity is not exposed in v1.
+- At most two grouping dimensions are accepted per query (Cost Management limit).
+- Forecast (`forecast` endpoint) is not synced in v1; only historical actual cost.
+## Links
+- [Rawdash docs](https://rawdash.dev/docs/connectors/)
+- [Microsoft Azure API docs](https://learn.microsoft.com/en-us/rest/api/cost-management/)
+- [GitHub](https://github.com/rawdash/rawdash)
+## License
+Apache-2.0

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,133 @@
+import { BaseConnector, ConnectorCost, ConnectorContext, SyncOptions, StorageHandle, SyncResult, ConnectorDoc } from '@rawdash/core';
+import { z } from 'zod';
+declare const configFields: z.ZodObject<{
+    tenantId: z.ZodString;
+    clientId: z.ZodString;
+    clientSecret: z.ZodObject<{
+        $secret: z.ZodString;
+    }, z.core.$strip>;
+    subscriptionId: z.ZodString;
+    groupBy: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    lookbackDays: z.ZodOptional<z.ZodNumber>;
+}, z.core.$strip>;
+declare const doc: ConnectorDoc;
+interface AzureCostSettings {
+    tenantId: string;
+    clientId: string;
+    subscriptionId: string;
+    groupBy?: readonly string[];
+    lookbackDays?: number;
+}
+declare const azureCostCredentials: {
+    clientSecret: {
+        description: string;
+        auth: "required";
+    };
+};
+type AzureCostCredentials = typeof azureCostCredentials;
+declare const azureCostResources: {
+    readonly azure_cost_daily: {
+        readonly shape: "metric";
+        readonly description: "Daily Azure actual cost per time bucket, optionally split across the configured group-by dimensions.";
+        readonly endpoint: "POST /subscriptions/{subId}/providers/Microsoft.CostManagement/query";
+        readonly unit: "currency reported by Azure";
+        readonly granularity: "daily";
+        readonly notes: "Cost data can be revised for a couple of days after the fact, so incremental syncs refetch a short trailing window. Cost Management accepts at most two grouping dimensions per query.";
+        readonly dimensions: [{
+            readonly name: "unit";
+            readonly description: "Currency reported by Azure (e.g. USD, EUR).";
+        }, {
+            readonly name: "service_name";
+            readonly description: "Azure service name, present when grouping by ServiceName (other dimensions appear under their normalized key, e.g. resource_group, tag_<key>).";
+        }];
+        readonly responses: {
+            readonly cost_query: z.ZodObject<{
+                id: z.ZodOptional<z.ZodString>;
+                name: z.ZodOptional<z.ZodString>;
+                type: z.ZodOptional<z.ZodString>;
+                properties: z.ZodObject<{
+                    nextLink: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+                    columns: z.ZodArray<z.ZodObject<{
+                        name: z.ZodString;
+                        type: z.ZodOptional<z.ZodString>;
+                    }, z.core.$strip>>;
+                    rows: z.ZodArray<z.ZodArray<z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodNull]>>>;
+                }, z.core.$strip>;
+            }, z.core.$strip>;
+        };
+    };
+};
+interface CostWindow {
+    from: string;
+    to: string;
+}
+declare const id = "azure-cost";
+declare const cost: ConnectorCost;
+declare class AzureCostConnector extends BaseConnector<AzureCostSettings, AzureCostCredentials> {
+    static readonly id = "azure-cost";
+    static readonly resources: {
+        readonly azure_cost_daily: {
+            readonly shape: "metric";
+            readonly description: "Daily Azure actual cost per time bucket, optionally split across the configured group-by dimensions.";
+            readonly endpoint: "POST /subscriptions/{subId}/providers/Microsoft.CostManagement/query";
+            readonly unit: "currency reported by Azure";
+            readonly granularity: "daily";
+            readonly notes: "Cost data can be revised for a couple of days after the fact, so incremental syncs refetch a short trailing window. Cost Management accepts at most two grouping dimensions per query.";
+            readonly dimensions: [{
+                readonly name: "unit";
+                readonly description: "Currency reported by Azure (e.g. USD, EUR).";
+            }, {
+                readonly name: "service_name";
+                readonly description: "Azure service name, present when grouping by ServiceName (other dimensions appear under their normalized key, e.g. resource_group, tag_<key>).";
+            }];
+            readonly responses: {
+                readonly cost_query: z.ZodObject<{
+                    id: z.ZodOptional<z.ZodString>;
+                    name: z.ZodOptional<z.ZodString>;
+                    type: z.ZodOptional<z.ZodString>;
+                    properties: z.ZodObject<{
+                        nextLink: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+                        columns: z.ZodArray<z.ZodObject<{
+                            name: z.ZodString;
+                            type: z.ZodOptional<z.ZodString>;
+                        }, z.core.$strip>>;
+                        rows: z.ZodArray<z.ZodArray<z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodNull]>>>;
+                    }, z.core.$strip>;
+                }, z.core.$strip>;
+            };
+        };
+    };
+    static readonly schemas: {
+        readonly cost_query: z.ZodObject<{
+            id: z.ZodOptional<z.ZodString>;
+            name: z.ZodOptional<z.ZodString>;
+            type: z.ZodOptional<z.ZodString>;
+            properties: z.ZodObject<{
+                nextLink: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+                columns: z.ZodArray<z.ZodObject<{
+                    name: z.ZodString;
+                    type: z.ZodOptional<z.ZodString>;
+                }, z.core.$strip>>;
+                rows: z.ZodArray<z.ZodArray<z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodNull]>>>;
+            }, z.core.$strip>;
+        }, z.core.$strip>;
+    } & Readonly<Record<string, z.ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>>>;
+    static readonly cost: ConnectorCost;
+    static create(input: unknown, ctx?: ConnectorContext): AzureCostConnector;
+    readonly id = "azure-cost";
+    readonly credentials: {
+        clientSecret: {
+            description: string;
+            auth: "required";
+        };
+    };
+    private tokenCache;
+    private getAccessToken;
+    private queryUrl;
+    private buildQueryPayload;
+    private runQuery;
+    sync(options: SyncOptions, storage: StorageHandle, signal?: AbortSignal): Promise<SyncResult>;
+}
+export { AzureCostConnector, type AzureCostSettings, type CostWindow, configFields, cost, AzureCostConnector as default, doc, id, azureCostResources as resources };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,790 @@
+// ../../connector-shared/dist/index.js
+var HttpClientError = class extends Error {
+  response;
+  constructor(message, response) {
+    super(message);
+    this.name = new.target.name;
+    this.response = response;
+  }
+};
+var TransientError = class extends HttpClientError {
+  kind = "transient";
+};
+var RateLimitError = class extends HttpClientError {
+  kind = "rate_limit";
+  retryAfter;
+  constructor(message, response, retryAfter) {
+    super(message, response);
+    this.retryAfter = retryAfter;
+  }
+};
+var AuthError = class extends HttpClientError {
+  kind = "auth";
+};
+var UpstreamBugError = class extends HttpClientError {
+  kind = "upstream_bug";
+};
+var ClientBugError = class extends HttpClientError {
+  kind = "client_bug";
+};
+function classifyStatus(status) {
+  if (status === 429) {
+    return "rate_limit";
+  }
+  if (status === 401 || status === 403) {
+    return "auth";
+  }
+  if (status === 408) {
+    return "transient";
+  }
+  if (status >= 500) {
+    return "upstream_bug";
+  }
+  if (status >= 400) {
+    return "client_bug";
+  }
+  return "client_bug";
+}
+function errorForStatus(message, response, retryAfter) {
+  const kind = classifyStatus(response.status);
+  switch (kind) {
+    case "rate_limit":
+      return new RateLimitError(message, response, retryAfter);
+    case "auth":
+      return new AuthError(message, response);
+    case "transient":
+      return new TransientError(message, response);
+    case "upstream_bug":
+      return new UpstreamBugError(message, response);
+    case "client_bug":
+      return new ClientBugError(message, response);
+  }
+}
+var defaultRetryOn = (status, err) => {
+  if (err instanceof RateLimitError) {
+    return true;
+  }
+  if (err instanceof TransientError) {
+    return true;
+  }
+  if (status === null) {
+    return err instanceof Error && !(err instanceof HttpClientError);
+  }
+  if (status === 408 || status === 429) {
+    return true;
+  }
+  if (status >= 500) {
+    return true;
+  }
+  return false;
+};
+function parseRetryAfter(headerValue, now = /* @__PURE__ */ new Date()) {
+  if (!headerValue) {
+    return void 0;
+  }
+  const trimmed = headerValue.trim();
+  if (/^\d+$/.test(trimmed)) {
+    return new Date(now.getTime() + Number(trimmed) * 1e3);
+  }
+  const parsed = Date.parse(trimmed);
+  if (Number.isNaN(parsed)) {
+    return void 0;
+  }
+  return new Date(parsed);
+}
+function sleep(ms, signal) {
+  if (signal?.aborted) {
+    return Promise.reject(signal.reason ?? new Error("Aborted"));
+  }
+  return new Promise((resolve, reject) => {
+    const onAbort = () => {
+      clearTimeout(timer);
+      reject(signal.reason ?? new Error("Aborted"));
+    };
+    const timer = setTimeout(() => {
+      signal?.removeEventListener("abort", onAbort);
+      resolve();
+    }, ms);
+    signal?.addEventListener("abort", onAbort, { once: true });
+  });
+}
+var HTTP_CLIENT_VERSION = "0.0.0";
+var DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;
+function connectorUserAgent(connectorId) {
+  return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;
+}
+var DEFAULT_TIMEOUT_MS = 1e4;
+var DEFAULT_MAX_ATTEMPTS = 3;
+var DEFAULT_INITIAL_DELAY_MS = 1e3;
+var DEFAULT_MAX_DELAY_MS = 6e4;
+var OBSERVER_TIMEOUT_MS = 250;
+async function notifyObserver(observer, event) {
+  let result;
+  try {
+    result = observer(event);
+  } catch (err) {
+    console.warn("[connector-shared] request observer threw:", err);
+    return;
+  }
+  if (!(result instanceof Promise)) {
+    return;
+  }
+  const guarded = result.catch((err) => {
+    console.warn("[connector-shared] request observer rejected:", err);
+  });
+  let timer;
+  const timeout = new Promise((resolve) => {
+    timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);
+  });
+  try {
+    await Promise.race([guarded, timeout]);
+  } finally {
+    if (timer) {
+      clearTimeout(timer);
+    }
+  }
+}
+function newRequestId() {
+  const c = globalThis.crypto;
+  if (c?.randomUUID) {
+    return c.randomUUID();
+  }
+  return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;
+}
+function mergeHeaders(defaults, overrides) {
+  const merged = {};
+  for (const [k, v] of Object.entries(defaults)) {
+    merged[k.toLowerCase()] = v;
+  }
+  if (overrides) {
+    for (const [k, v] of Object.entries(overrides)) {
+      merged[k.toLowerCase()] = v;
+    }
+  }
+  return merged;
+}
+function linkTimeoutSignal(parent, timeoutMs) {
+  const controller = new AbortController();
+  const onParentAbort = () => {
+    controller.abort(parent?.reason);
+  };
+  if (parent) {
+    if (parent.aborted) {
+      controller.abort(parent.reason);
+    } else {
+      parent.addEventListener("abort", onParentAbort, { once: true });
+    }
+  }
+  const timer = setTimeout(() => {
+    controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));
+  }, timeoutMs);
+  return {
+    signal: controller.signal,
+    cancel: () => {
+      clearTimeout(timer);
+      if (parent) {
+        parent.removeEventListener("abort", onParentAbort);
+      }
+    }
+  };
+}
+async function readBody(res, parseJson) {
+  if (res.status === 204 || res.status === 205) {
+    return null;
+  }
+  const contentType = res.headers.get("content-type") ?? "";
+  if (parseJson && contentType.includes("application/json")) {
+    const text = await res.text();
+    if (text.length === 0) {
+      return null;
+    }
+    return JSON.parse(text);
+  }
+  return res.text();
+}
+async function request(req, options) {
+  const fetchImpl = options.fetch ?? globalThis.fetch;
+  const retry = req.retry ?? {};
+  const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;
+  const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;
+  const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;
+  const retryOn = retry.retryOn ?? defaultRetryOn;
+  const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  const parseJson = req.parseJson ?? true;
+  const headers = mergeHeaders(
+    {
+      "User-Agent": DEFAULT_USER_AGENT,
+      Accept: "application/json"
+    },
+    req.headers
+  );
+  let lastErr;
+  for (let attempt = 0; attempt < maxAttempts; attempt++) {
+    req.signal?.throwIfAborted();
+    const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);
+    let res;
+    try {
+      res = await fetchImpl(req.url, {
+        method: req.method ?? "GET",
+        headers,
+        body: req.body,
+        signal
+      });
+    } catch (err2) {
+      cancel();
+      if (req.signal?.aborted) {
+        throw req.signal.reason ?? err2;
+      }
+      const error = err2 instanceof Error ? err2 : new Error(String(err2));
+      lastErr = error;
+      if (attempt < maxAttempts - 1 && retryOn(null, error)) {
+        const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);
+        await sleep(delay, req.signal);
+        continue;
+      }
+      throw new TransientError(error.message);
+    }
+    cancel();
+    const body = await readBody(res, parseJson);
+    const httpResponse = {
+      status: res.status,
+      headers: res.headers,
+      body
+    };
+    if (req.rateLimit) {
+      const state = req.rateLimit.parse(res.headers);
+      if (state) {
+        httpResponse.rateLimitState = state;
+      }
+    }
+    if (options.observer) {
+      await notifyObserver(options.observer, {
+        url: req.url,
+        method: req.method ?? "GET",
+        status: res.status,
+        resource: options.resource,
+        requestId: options.requestId ?? newRequestId(),
+        body
+      });
+    }
+    if (res.ok) {
+      return httpResponse;
+    }
+    const retryAfter = parseRetryAfter(res.headers.get("retry-after"));
+    const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? "GET"} ${req.url}`;
+    const err = errorForStatus(message, httpResponse, retryAfter);
+    if (attempt < maxAttempts - 1 && retryOn(res.status, err) && !(err instanceof AuthError) && !(err instanceof ClientBugError)) {
+      lastErr = err;
+      let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);
+      if (err instanceof RateLimitError && retryAfter) {
+        const wait = retryAfter.getTime() - Date.now();
+        if (wait > 0) {
+          delay = Math.min(wait, maxDelayMs);
+        }
+      }
+      await sleep(delay, req.signal);
+      continue;
+    }
+    throw err;
+  }
+  throw lastErr ?? new UpstreamBugError("Exhausted retry attempts");
+}
+function computeDelay(attempt, initialDelayMs, maxDelayMs) {
+  const base = initialDelayMs * 2 ** attempt;
+  const jitter = base * 0.25 * Math.random();
+  return Math.min(base + jitter, maxDelayMs);
+}
+// src/azure-cost.ts
+import {
+  BaseConnector,
+  defineConfigFields,
+  defineConnectorDoc,
+  defineResources,
+  schemasFromResources
+} from "@rawdash/core";
+import { z } from "zod";
+// src/auth.ts
+var TOKEN_HOST = "login.microsoftonline.com";
+var ARM_SCOPE = "https://management.azure.com/.default";
+var TOKEN_TTL_BUFFER_MS = 6e4;
+async function fetchArmAccessToken(input, signal) {
+  const params = new URLSearchParams();
+  params.set("grant_type", "client_credentials");
+  params.set("client_id", input.clientId);
+  params.set("client_secret", input.clientSecret);
+  params.set("scope", ARM_SCOPE);
+  let res;
+  try {
+    res = await request(
+      {
+        url: `https://${TOKEN_HOST}/${encodeURIComponent(input.tenantId)}/oauth2/v2.0/token`,
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+          Accept: "application/json",
+          "User-Agent": connectorUserAgent(input.connectorId)
+        },
+        body: params.toString(),
+        signal
+      },
+      { resource: "oauth_token" }
+    );
+  } catch (err) {
+    throw classifyTokenError(err);
+  }
+  const access = res.body.access_token;
+  const expiresIn = res.body.expires_in;
+  if (typeof access !== "string" || access.length === 0) {
+    throw new AuthError(
+      "Azure AD token response did not include an access_token"
+    );
+  }
+  const ttlMs = typeof expiresIn === "number" && Number.isFinite(expiresIn) ? expiresIn * 1e3 : 60 * 60 * 1e3;
+  return {
+    token: access,
+    expiresAt: Date.now() + ttlMs - TOKEN_TTL_BUFFER_MS
+  };
+}
+function classifyTokenError(err) {
+  if (!(err instanceof Error) || !("kind" in err)) {
+    return err;
+  }
+  const httpErr = err;
+  const status = httpErr.response?.status ?? 0;
+  if (status === 400 || status === 401 || status === 403) {
+    return new AuthError(httpErr.message, httpErr.response);
+  }
+  if (status >= 500) {
+    return new TransientError(httpErr.message, httpErr.response);
+  }
+  return err;
+}
+function isTokenFresh(cache, now = Date.now()) {
+  return cache !== null && now < cache.expiresAt;
+}
+// src/azure-cost.ts
+var dimensionValues = [
+  "ResourceGroup",
+  "ResourceGroupName",
+  "ServiceName",
+  "ServiceTier",
+  "Meter",
+  "MeterCategory",
+  "MeterSubCategory",
+  "ResourceId",
+  "ResourceType",
+  "ResourceLocation",
+  "ChargeType",
+  "PublisherType",
+  "BillingPeriod",
+  "InvoiceId",
+  "SubscriptionId",
+  "SubscriptionName"
+];
+var groupByEntrySchema = z.string().min(1).regex(
+  new RegExp(`^(${dimensionValues.join("|")}|TAG:.+)$`),
+  `groupBy entries must be one of ${dimensionValues.join(", ")}, or TAG:<tag-key>`
+);
+var configFields = defineConfigFields(
+  z.object({
+    tenantId: z.string().min(1).meta({
+      label: "Tenant ID",
+      description: "Microsoft Entra ID (Azure AD) tenant ID - the directory that hosts the app registration.",
+      placeholder: "00000000-0000-0000-0000-000000000000"
+    }),
+    clientId: z.string().min(1).meta({
+      label: "Client ID",
+      description: "Application (client) ID of the Entra ID app registration / service principal used for authentication.",
+      placeholder: "00000000-0000-0000-0000-000000000000"
+    }),
+    clientSecret: z.object({ $secret: z.string().min(1) }).meta({
+      label: "Client secret",
+      description: "Client secret of the Entra ID app registration. Generate one under App registrations \u2192 Certificates & secrets.",
+      placeholder: "azure-client-secret",
+      secret: true
+    }),
+    subscriptionId: z.string().min(1).meta({
+      label: "Subscription ID",
+      description: "Azure subscription ID the cost query is scoped to. The service principal needs Cost Management Reader (or Reader) on this subscription.",
+      placeholder: "00000000-0000-0000-0000-000000000000"
+    }),
+    groupBy: z.array(groupByEntrySchema).max(2, "Cost Management accepts at most two grouping dimensions").optional().meta({
+      label: "Group by (optional)",
+      description: "Up to two Cost Management dimensions to break costs down by, e.g. ServiceName, ResourceGroup, or TAG:Environment. Omit for total cost only."
+    }),
+    lookbackDays: z.number().int().positive().max(365).optional().meta({
+      label: "Backfill window (days)",
+      description: "How many days of history to fetch on a full sync. Defaults to 90.",
+      placeholder: "90"
+    })
+  })
+);
+var doc = defineConnectorDoc({
+  displayName: "Azure Cost Management",
+  category: "finance",
+  brandColor: "#0078D4",
+  tagline: "Track daily Azure spend over time, optionally broken down by resource group, service, or tag, via the Cost Management query API.",
+  vendor: {
+    name: "Microsoft Azure",
+    apiDocs: "https://learn.microsoft.com/en-us/rest/api/cost-management/",
+    website: "https://azure.microsoft.com/en-us/products/cost-management"
+  },
+  auth: {
+    summary: "Authenticates with a Microsoft Entra ID (Azure AD) service principal (tenant ID + client ID + client secret) scoped to the target subscription. The principal needs the built-in Cost Management Reader role at the subscription scope (or Reader).",
+    setup: [
+      "In the Azure portal open Microsoft Entra ID \u2192 App registrations \u2192 New registration and create an app for rawdash.",
+      "Under Certificates & secrets, generate a client secret and copy its value (it is only shown once).",
+      "In the target subscription open Access control (IAM) \u2192 Add role assignment and grant the new service principal the built-in Cost Management Reader role.",
+      'Store the client secret as a secret and reference it from config as `clientSecret: secret("AZ_CLIENT_SECRET")`, alongside `tenantId`, `clientId`, and `subscriptionId`.',
+      "Cost Management must be enabled for the subscription; the first activation can take up to 24 hours before data is queryable."
+    ]
+  },
+  rateLimit: "Cost Management throttles via 429 responses with Retry-After; the shared HTTP client honors Retry-After and backs off on 429.",
+  limitations: [
+    "Cost data can be revised for a couple of days after the fact, so incremental syncs refetch a short trailing window.",
+    "Daily granularity only (the most common dashboard slice). Monthly granularity is not exposed in v1.",
+    "At most two grouping dimensions are accepted per query (Cost Management limit).",
+    "Forecast (`forecast` endpoint) is not synced in v1; only historical actual cost."
+  ]
+});
+var azureCostCredentials = {
+  clientSecret: {
+    description: "Azure AD app-registration client secret",
+    auth: "required"
+  }
+};
+var costColumnSchema = z.object({
+  name: z.string(),
+  type: z.string().optional()
+});
+var costRowSchema = z.array(z.union([z.string(), z.number(), z.null()]));
+var costQueryResponseSchema = z.object({
+  id: z.string().optional(),
+  name: z.string().optional(),
+  type: z.string().optional(),
+  properties: z.object({
+    nextLink: z.string().nullish(),
+    columns: z.array(costColumnSchema),
+    rows: z.array(costRowSchema)
+  })
+});
+var DAILY_METRIC_NAME = "azure_cost_daily";
+var azureCostResources = defineResources({
+  azure_cost_daily: {
+    shape: "metric",
+    description: "Daily Azure actual cost per time bucket, optionally split across the configured group-by dimensions.",
+    endpoint: "POST /subscriptions/{subId}/providers/Microsoft.CostManagement/query",
+    unit: "currency reported by Azure",
+    granularity: "daily",
+    notes: "Cost data can be revised for a couple of days after the fact, so incremental syncs refetch a short trailing window. Cost Management accepts at most two grouping dimensions per query.",
+    dimensions: [
+      {
+        name: "unit",
+        description: "Currency reported by Azure (e.g. USD, EUR)."
+      },
+      {
+        name: "service_name",
+        description: "Azure service name, present when grouping by ServiceName (other dimensions appear under their normalized key, e.g. resource_group, tag_<key>)."
+      }
+    ],
+    responses: { cost_query: costQueryResponseSchema }
+  }
+});
+var ARM_HOST = "https://management.azure.com";
+var COST_API_VERSION = "2024-08-01";
+var DEFAULT_BACKFILL_DAYS = 90;
+var INCREMENTAL_LOOKBACK_DAYS = 3;
+var MS_PER_DAY = 864e5;
+function startOfUtcDay(ms) {
+  return Math.floor(ms / MS_PER_DAY) * MS_PER_DAY;
+}
+function getCostWindow(options, lookbackDays, now = Date.now()) {
+  const sinceMs = options.since !== void 0 ? Date.parse(options.since) : NaN;
+  const hasSince = Number.isFinite(sinceMs);
+  let days = lookbackDays;
+  if (options.mode === "latest") {
+    days = INCREMENTAL_LOOKBACK_DAYS;
+  } else if (hasSince) {
+    const elapsed = Math.ceil((now - sinceMs) / MS_PER_DAY);
+    days = Math.min(Math.max(elapsed, 1), lookbackDays);
+  }
+  const todayStart = startOfUtcDay(now);
+  const fromMs = todayStart - (days - 1) * MS_PER_DAY;
+  const toMs = todayStart + MS_PER_DAY - 1;
+  return {
+    from: new Date(fromMs).toISOString(),
+    to: new Date(toMs).toISOString()
+  };
+}
+function dimensionAttrKey(dimension) {
+  if (dimension.startsWith("TAG:")) {
+    return `tag_${dimension.slice(4)}`;
+  }
+  return dimension.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/([A-Z]+)([A-Z][a-z])/g, "$1_$2").toLowerCase();
+}
+function toGrouping(dimension) {
+  if (dimension.startsWith("TAG:")) {
+    return { type: "Tag", name: dimension.slice(4) };
+  }
+  return { type: "Dimension", name: dimension };
+}
+function parseUsageDate(value) {
+  if (value === null) {
+    return null;
+  }
+  const s = String(value);
+  const m = /^(\d{4})(\d{2})(\d{2})$/.exec(s);
+  if (!m) {
+    return null;
+  }
+  const ts = Date.UTC(Number(m[1]), Number(m[2]) - 1, Number(m[3]));
+  return Number.isFinite(ts) ? ts : null;
+}
+function lookupColumns(columns, groupBy) {
+  const out = {
+    costIdx: null,
+    dateIdx: null,
+    currencyIdx: null,
+    groupingIdx: /* @__PURE__ */ new Map()
+  };
+  const named = columns ?? [];
+  for (let i = 0; i < named.length; i++) {
+    const name = named[i]?.name ?? "";
+    const lower = name.toLowerCase();
+    if (lower === "cost" || lower === "costusd" || lower === "pretaxcost") {
+      out.costIdx = i;
+    } else if (lower === "usagedate" || lower === "date") {
+      out.dateIdx = i;
+    } else if (lower === "currency") {
+      out.currencyIdx = i;
+    }
+  }
+  if (groupBy) {
+    for (const dim of groupBy) {
+      const wantName = dim.startsWith("TAG:") ? dim.slice(4) : dim;
+      const idx = named.findIndex(
+        (c) => (c.name ?? "").toLowerCase() === wantName.toLowerCase() || // Cost Management sometimes prefixes tag columns with TagValue.
+        (c.name ?? "").toLowerCase() === `tagvalue${wantName.toLowerCase()}`
+      );
+      if (idx >= 0) {
+        out.groupingIdx.set(dim, idx);
+      }
+    }
+  }
+  return out;
+}
+function buildCostSamples(body, groupBy) {
+  const props = body.properties;
+  if (!props) {
+    return [];
+  }
+  const lookup = lookupColumns(props.columns, groupBy);
+  if (lookup.costIdx === null || lookup.dateIdx === null) {
+    return [];
+  }
+  const samples = [];
+  for (const row of props.rows ?? []) {
+    const rawCost = row[lookup.costIdx];
+    const rawDate = row[lookup.dateIdx];
+    if (rawCost === null || rawCost === void 0) {
+      continue;
+    }
+    const cost2 = typeof rawCost === "number" ? rawCost : Number.parseFloat(String(rawCost));
+    if (!Number.isFinite(cost2)) {
+      continue;
+    }
+    const ts = parseUsageDate(
+      typeof rawDate === "string" || typeof rawDate === "number" ? rawDate : null
+    );
+    if (ts === null) {
+      continue;
+    }
+    const currency = lookup.currencyIdx !== null ? row[lookup.currencyIdx] ?? null : null;
+    const attributes = {
+      unit: typeof currency === "string" ? currency : currency ?? "unknown"
+    };
+    for (const [dim, idx] of lookup.groupingIdx.entries()) {
+      const val = row[idx];
+      attributes[dimensionAttrKey(dim)] = typeof val === "string" || typeof val === "number" || val === null ? val : null;
+    }
+    samples.push({
+      name: DAILY_METRIC_NAME,
+      ts,
+      value: cost2,
+      attributes
+    });
+  }
+  return samples;
+}
+function mapArmError(err) {
+  if (!(err instanceof Error) || !("kind" in err)) {
+    return err;
+  }
+  const httpErr = err;
+  const status = httpErr.response?.status ?? 0;
+  if (status === 401 || status === 403) {
+    return new AuthError(httpErr.message, httpErr.response);
+  }
+  if (status === 429) {
+    return new RateLimitError(httpErr.message, httpErr.response);
+  }
+  if (status >= 500) {
+    return new TransientError(httpErr.message, httpErr.response);
+  }
+  return err;
+}
+function isAllowedArmUrl(value) {
+  try {
+    const u = new URL(value);
+    return u.protocol === "https:" && u.host === "management.azure.com";
+  } catch {
+    return false;
+  }
+}
+var id = "azure-cost";
+var cost = {
+  recommendedInterval: "1 day",
+  minInterval: "1 hour",
+  warning: "Azure Cost Management queries are throttled aggressively per subscription; avoid syncing more often than necessary."
+};
+var AzureCostConnector = class _AzureCostConnector extends BaseConnector {
+  static id = id;
+  static resources = azureCostResources;
+  static schemas = schemasFromResources(azureCostResources);
+  static cost = cost;
+  static create(input, ctx) {
+    const parsed = configFields.parse(input);
+    return new _AzureCostConnector(
+      {
+        tenantId: parsed.tenantId,
+        clientId: parsed.clientId,
+        subscriptionId: parsed.subscriptionId,
+        groupBy: parsed.groupBy,
+        lookbackDays: parsed.lookbackDays
+      },
+      { clientSecret: parsed.clientSecret },
+      ctx
+    );
+  }
+  id = id;
+  credentials = azureCostCredentials;
+  tokenCache = null;
+  async getAccessToken(signal) {
+    if (isTokenFresh(this.tokenCache)) {
+      return this.tokenCache.token;
+    }
+    this.tokenCache = await fetchArmAccessToken(
+      {
+        tenantId: this.settings.tenantId,
+        clientId: this.settings.clientId,
+        clientSecret: this.creds.clientSecret,
+        connectorId: this.id
+      },
+      signal
+    );
+    return this.tokenCache.token;
+  }
+  queryUrl() {
+    const params = new URLSearchParams();
+    params.set("api-version", COST_API_VERSION);
+    return `${ARM_HOST}/subscriptions/${encodeURIComponent(this.settings.subscriptionId)}/providers/Microsoft.CostManagement/query?${params.toString()}`;
+  }
+  buildQueryPayload(window) {
+    const groupBy = this.settings.groupBy ?? [];
+    const grouping = groupBy.slice(0, 2).map(toGrouping);
+    return {
+      type: "ActualCost",
+      timeframe: "Custom",
+      timePeriod: { from: window.from, to: window.to },
+      dataset: {
+        granularity: "Daily",
+        aggregation: {
+          totalCost: { name: "Cost", function: "Sum" }
+        },
+        ...grouping.length > 0 ? { grouping } : {}
+      }
+    };
+  }
+  async runQuery(url, payload, signal) {
+    const token = await this.getAccessToken(signal);
+    try {
+      return await this.post(url, {
+        resource: "cost_query",
+        headers: {
+          Authorization: `Bearer ${token}`,
+          "Content-Type": "application/json",
+          Accept: "application/json",
+          "User-Agent": connectorUserAgent(this.id)
+        },
+        body: payload ? JSON.stringify(payload) : void 0,
+        signal
+      });
+    } catch (err) {
+      throw mapArmError(err);
+    }
+  }
+  async sync(options, storage, signal) {
+    if (options.resources && options.resources.size > 0 && !options.resources.has("azure_cost_daily")) {
+      return { done: true };
+    }
+    const lookbackDays = this.settings.lookbackDays ?? DEFAULT_BACKFILL_DAYS;
+    const window = getCostWindow(options, lookbackDays);
+    const payload = this.buildQueryPayload(window);
+    const phaseStart = Date.now();
+    const samples = [];
+    let pages = 0;
+    let url = this.queryUrl();
+    let body = payload;
+    while (true) {
+      if (signal?.aborted) {
+        return { done: false };
+      }
+      const res = await this.runQuery(url, body, signal);
+      const chunk = buildCostSamples(res.body, this.settings.groupBy);
+      samples.push(...chunk);
+      pages += 1;
+      this.logger.info("fetched page", {
+        resource: "cost_query",
+        page: pages,
+        items: chunk.length
+      });
+      const next = res.body.properties?.nextLink;
+      if (typeof next === "string" && next.length > 0) {
+        if (!isAllowedArmUrl(next)) {
+          throw new UpstreamBugError(
+            `Azure Cost nextLink rejected by ARM host allowlist: ${next}`,
+            res
+          );
+        }
+        url = next;
+        body = void 0;
+      } else {
+        break;
+      }
+    }
+    await storage.metrics(samples, { names: [DAILY_METRIC_NAME] });
+    this.logger.info("resource done", {
+      resource: "cost_query",
+      pages,
+      items: samples.length,
+      duration_ms: Date.now() - phaseStart
+    });
+    return { done: true };
+  }
+};
+// src/index.ts
+var index_default = AzureCostConnector;
+export {
+  AzureCostConnector,
+  configFields,
+  cost,
+  index_default as default,
+  doc,
+  id,
+  azureCostResources as resources
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../connector-shared/src/errors.ts","../../../connector-shared/src/retry.ts","../../../connector-shared/src/version.ts","../../../connector-shared/src/request.ts","../../../connector-shared/src/rate-limit.ts","../../../connector-shared/src/sanitize.ts","../../../connector-shared/src/epoch.ts","../../../connector-shared/src/pagination.ts","../../../connector-shared/src/logger.ts","../src/azure-cost.ts","../src/auth.ts","../src/index.ts"],"sourcesContent":["import type { HttpResponse } from './types';\n\nexport type HttpErrorKind =\n | 'transient'\n | 'rate_limit'\n | 'auth'\n | 'upstream_bug'\n | 'client_bug';\n\nexport abstract class HttpClientError extends Error {\n abstract readonly kind: HttpErrorKind;\n readonly response?: HttpResponse;\n\n constructor(message: string, response?: HttpResponse) {\n super(message);\n this.name = new.target.name;\n this.response = response;\n }\n}\n\nexport class TransientError extends HttpClientError {\n readonly kind = 'transient' as const;\n}\n\nexport class RateLimitError extends HttpClientError {\n readonly kind = 'rate_limit' as const;\n readonly retryAfter?: Date;\n\n constructor(message: string, response?: HttpResponse, retryAfter?: Date) {\n super(message, response);\n this.retryAfter = retryAfter;\n }\n}\n\nexport class AuthError extends HttpClientError {\n readonly kind = 'auth' as const;\n}\n\nexport class UpstreamBugError extends HttpClientError {\n readonly kind = 'upstream_bug' as const;\n}\n\nexport class ClientBugError extends HttpClientError {\n readonly kind = 'client_bug' as const;\n}\n\nexport function classifyStatus(status: number): HttpErrorKind {\n if (status === 429) {\n return 'rate_limit';\n }\n if (status === 401 || status === 403) {\n return 'auth';\n }\n if (status === 408) {\n return 'transient';\n }\n if (status >= 500) {\n return 'upstream_bug';\n }\n if (status >= 400) {\n return 'client_bug';\n }\n return 'client_bug';\n}\n\nexport function errorForStatus(\n message: string,\n response: HttpResponse,\n retryAfter?: Date,\n): HttpClientError {\n const kind = classifyStatus(response.status);\n switch (kind) {\n case 'rate_limit':\n return new RateLimitError(message, response, retryAfter);\n case 'auth':\n return new AuthError(message, response);\n case 'transient':\n return new TransientError(message, response);\n case 'upstream_bug':\n return new UpstreamBugError(message, response);\n case 'client_bug':\n return new ClientBugError(message, response);\n }\n}\n","import { HttpClientError, RateLimitError, TransientError } from './errors';\n\nexport interface RetryPolicy {\n maxAttempts?: number;\n initialDelayMs?: number;\n maxDelayMs?: number;\n retryOn?: (status: number | null, err?: Error) => boolean;\n}\n\nexport const defaultRetryOn = (status: number | null, err?: Error): boolean => {\n if (err instanceof RateLimitError) {\n return true;\n }\n if (err instanceof TransientError) {\n return true;\n }\n if (status === null) {\n return err instanceof Error && !(err instanceof HttpClientError);\n }\n if (status === 408 || status === 429) {\n return true;\n }\n if (status >= 500) {\n return true;\n }\n return false;\n};\n\nexport function backoffDelayMs(\n attempt: number,\n policy: Required<Pick<RetryPolicy, 'initialDelayMs' | 'maxDelayMs'>>,\n): number {\n const base = policy.initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, policy.maxDelayMs);\n}\n\nexport function parseRetryAfter(\n headerValue: string | null,\n now: Date = new Date(),\n): Date | undefined {\n if (!headerValue) {\n return undefined;\n }\n const trimmed = headerValue.trim();\n if (/^\\d+$/.test(trimmed)) {\n return new Date(now.getTime() + Number(trimmed) * 1000);\n }\n const parsed = Date.parse(trimmed);\n if (Number.isNaN(parsed)) {\n return undefined;\n }\n return new Date(parsed);\n}\n\nexport function sleep(ms: number, signal?: AbortSignal): Promise<void> {\n if (signal?.aborted) {\n return Promise.reject(signal.reason ?? new Error('Aborted'));\n }\n return new Promise<void>((resolve, reject) => {\n const onAbort = () => {\n clearTimeout(timer);\n reject(signal!.reason ?? new Error('Aborted'));\n };\n const timer = setTimeout(() => {\n signal?.removeEventListener('abort', onAbort);\n resolve();\n }, ms);\n signal?.addEventListener('abort', onAbort, { once: true });\n });\n}\n","export const HTTP_CLIENT_VERSION = '0.0.0';\n\nexport const DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n\nexport function connectorUserAgent(connectorId: string): string {\n return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n}\n","import {\n AuthError,\n ClientBugError,\n HttpClientError,\n RateLimitError,\n TransientError,\n UpstreamBugError,\n errorForStatus,\n} from './errors';\nimport { defaultRetryOn, parseRetryAfter, sleep } from './retry';\nimport type { FetchLike, HttpMethod, HttpRequest, HttpResponse } from './types';\nimport { DEFAULT_USER_AGENT } from './version';\n\nconst DEFAULT_TIMEOUT_MS = 10_000;\nconst DEFAULT_MAX_ATTEMPTS = 3;\nconst DEFAULT_INITIAL_DELAY_MS = 1000;\nconst DEFAULT_MAX_DELAY_MS = 60_000;\nconst OBSERVER_TIMEOUT_MS = 250;\n\nexport interface RequestObservation {\n url: string;\n method: HttpMethod;\n status: number;\n resource: string;\n requestId: string;\n body: unknown;\n}\n\nexport type RequestObserver = (\n event: RequestObservation,\n) => void | Promise<void>;\n\nexport interface RequestOptions {\n fetch?: FetchLike;\n observer?: RequestObserver;\n resource: string;\n requestId?: string;\n}\n\nasync function notifyObserver(\n observer: RequestObserver,\n event: RequestObservation,\n): Promise<void> {\n let result: void | Promise<void>;\n try {\n result = observer(event);\n } catch (err) {\n console.warn('[connector-shared] request observer threw:', err);\n return;\n }\n if (!(result instanceof Promise)) {\n return;\n }\n const guarded = result.catch((err) => {\n console.warn('[connector-shared] request observer rejected:', err);\n });\n let timer: ReturnType<typeof setTimeout> | undefined;\n const timeout = new Promise<void>((resolve) => {\n timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);\n });\n try {\n await Promise.race([guarded, timeout]);\n } finally {\n if (timer) {\n clearTimeout(timer);\n }\n }\n}\n\nfunction newRequestId(): string {\n const c = (globalThis as { crypto?: { randomUUID?: () => string } }).crypto;\n if (c?.randomUUID) {\n return c.randomUUID();\n }\n return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;\n}\n\nfunction mergeHeaders(\n defaults: Record<string, string>,\n overrides: Record<string, string> | undefined,\n): Record<string, string> {\n const merged: Record<string, string> = {};\n for (const [k, v] of Object.entries(defaults)) {\n merged[k.toLowerCase()] = v;\n }\n if (overrides) {\n for (const [k, v] of Object.entries(overrides)) {\n merged[k.toLowerCase()] = v;\n }\n }\n return merged;\n}\n\nfunction linkTimeoutSignal(\n parent: AbortSignal | undefined,\n timeoutMs: number,\n): { signal: AbortSignal; cancel: () => void } {\n const controller = new AbortController();\n const onParentAbort = () => {\n controller.abort(parent?.reason);\n };\n if (parent) {\n if (parent.aborted) {\n controller.abort(parent.reason);\n } else {\n parent.addEventListener('abort', onParentAbort, { once: true });\n }\n }\n const timer = setTimeout(() => {\n controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n if (parent) {\n parent.removeEventListener('abort', onParentAbort);\n }\n },\n };\n}\n\nasync function readBody(res: Response, parseJson: boolean): Promise<unknown> {\n if (res.status === 204 || res.status === 205) {\n return null;\n }\n const contentType = res.headers.get('content-type') ?? '';\n if (parseJson && contentType.includes('application/json')) {\n const text = await res.text();\n if (text.length === 0) {\n return null;\n }\n return JSON.parse(text);\n }\n return res.text();\n}\n\nexport async function request<T = unknown>(\n req: HttpRequest,\n options: RequestOptions,\n): Promise<HttpResponse<T>> {\n const fetchImpl: FetchLike = options.fetch ?? (globalThis.fetch as FetchLike);\n const retry = req.retry ?? {};\n const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;\n const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;\n const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;\n const retryOn = retry.retryOn ?? defaultRetryOn;\n const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const parseJson = req.parseJson ?? true;\n\n const headers = mergeHeaders(\n {\n 'User-Agent': DEFAULT_USER_AGENT,\n Accept: 'application/json',\n },\n req.headers,\n );\n\n let lastErr: Error | undefined;\n\n for (let attempt = 0; attempt < maxAttempts; attempt++) {\n req.signal?.throwIfAborted();\n\n const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);\n let res: Response;\n try {\n res = await fetchImpl(req.url, {\n method: req.method ?? 'GET',\n headers,\n body: req.body as RequestInit['body'],\n signal,\n });\n } catch (err) {\n cancel();\n if (req.signal?.aborted) {\n throw req.signal.reason ?? err;\n }\n const error = err instanceof Error ? err : new Error(String(err));\n lastErr = error;\n if (attempt < maxAttempts - 1 && retryOn(null, error)) {\n const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n await sleep(delay, req.signal);\n continue;\n }\n throw new TransientError(error.message);\n }\n cancel();\n\n const body = await readBody(res, parseJson);\n const httpResponse: HttpResponse<T> = {\n status: res.status,\n headers: res.headers,\n body: body as T,\n };\n if (req.rateLimit) {\n const state = req.rateLimit.parse(res.headers);\n if (state) {\n httpResponse.rateLimitState = state;\n }\n }\n\n if (options.observer) {\n await notifyObserver(options.observer, {\n url: req.url,\n method: req.method ?? 'GET',\n status: res.status,\n resource: options.resource,\n requestId: options.requestId ?? newRequestId(),\n body,\n });\n }\n\n if (res.ok) {\n return httpResponse;\n }\n\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\n const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? 'GET'} ${req.url}`;\n const err = errorForStatus(message, httpResponse, retryAfter);\n\n if (\n attempt < maxAttempts - 1 &&\n retryOn(res.status, err) &&\n !(err instanceof AuthError) &&\n !(err instanceof ClientBugError)\n ) {\n lastErr = err;\n let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n if (err instanceof RateLimitError && retryAfter) {\n const wait = retryAfter.getTime() - Date.now();\n if (wait > 0) {\n delay = Math.min(wait, maxDelayMs);\n }\n }\n await sleep(delay, req.signal);\n continue;\n }\n\n throw err;\n }\n\n throw lastErr ?? new UpstreamBugError('Exhausted retry attempts');\n}\n\nfunction computeDelay(\n attempt: number,\n initialDelayMs: number,\n maxDelayMs: number,\n): number {\n const base = initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, maxDelayMs);\n}\n\nexport { HttpClientError };\n","export interface RateLimitState {\n remaining: number;\n resetAt: Date;\n}\n\nexport interface RateLimitPolicy {\n parse(headers: Headers): RateLimitState | null;\n}\n\nexport interface StandardRateLimitPolicyConfig {\n remainingHeader: string;\n resetHeader: string;\n resetUnit: 's' | 'ms';\n resetFallbackMs?: number;\n}\n\nexport function standardRateLimitPolicy(\n config: StandardRateLimitPolicyConfig,\n): RateLimitPolicy {\n const { remainingHeader, resetHeader, resetUnit, resetFallbackMs } = config;\n const multiplier = resetUnit === 's' ? 1000 : 1;\n return {\n parse(h) {\n const remainingRaw = h.get(remainingHeader);\n if (remainingRaw === null || remainingRaw.trim() === '') {\n return null;\n }\n const remaining = Number(remainingRaw);\n if (!Number.isFinite(remaining)) {\n return null;\n }\n const resetRaw = h.get(resetHeader);\n if (resetRaw === null) {\n if (resetFallbackMs === undefined) {\n return null;\n }\n return {\n remaining,\n resetAt: new Date(Date.now() + resetFallbackMs),\n };\n }\n if (resetRaw.trim() === '') {\n return null;\n }\n const reset = Number(resetRaw);\n if (!Number.isFinite(reset) || reset < 0) {\n return null;\n }\n const resetMs = reset * multiplier;\n if (!Number.isFinite(resetMs)) {\n return null;\n }\n return { remaining, resetAt: new Date(resetMs) };\n },\n };\n}\n","export interface SanitizeAllowedUrlOptions {\n url: string | null;\n host: string;\n pathname: string;\n protocol?: 'https:' | 'http:';\n}\n\nexport function sanitizeAllowedUrl(\n options: SanitizeAllowedUrlOptions,\n): string | null {\n const { url, host, pathname, protocol = 'https:' } = options;\n if (url === null) {\n return null;\n }\n try {\n const u = new URL(url);\n if (u.protocol !== protocol || u.host !== host || u.pathname !== pathname) {\n return null;\n }\n return u.toString();\n } catch {\n return null;\n }\n}\n","export type EpochUnit = 'ms' | 's' | 'iso';\n\nexport function parseEpoch(\n value: number | string | null | undefined,\n unit: EpochUnit,\n): number | null {\n if (value === null || value === undefined) {\n return null;\n }\n if (unit === 'iso') {\n if (typeof value !== 'string') {\n return null;\n }\n const ms = new Date(value).getTime();\n return Number.isFinite(ms) ? ms : null;\n }\n if (typeof value === 'string' && value.trim() === '') {\n return null;\n }\n const n = typeof value === 'number' ? value : Number(value);\n if (!Number.isFinite(n)) {\n return null;\n }\n const result = unit === 's' ? n * 1000 : n;\n return Number.isFinite(result) ? result : null;\n}\n","import { request } from './request';\nimport type { HttpRequest } from './types';\n\nexport function parseLinkHeader(header: string | null): Record<string, string> {\n if (!header) {\n return {};\n }\n const result: Record<string, string> = {};\n for (const part of header.split(',')) {\n const match = part.match(/<([^>]+)>\\s*;\\s*rel=\"([^\"]+)\"/);\n if (match) {\n result[match[2]!] = match[1]!;\n }\n }\n return result;\n}\n\nexport async function* paginateLink<T>(\n initial: HttpRequest,\n parse: (body: unknown) => T[],\n options: { resource: string },\n): AsyncIterable<T> {\n let next: string | null = initial.url;\n while (next) {\n const res: Awaited<ReturnType<typeof request>> = await request(\n {\n ...initial,\n url: next,\n },\n { resource: options.resource },\n );\n for (const item of parse(res.body)) {\n yield item;\n }\n const links = parseLinkHeader(res.headers.get('link'));\n next = links['next'] ?? null;\n }\n}\n\nexport async function* paginateCursor<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; nextCursor: string | null },\n buildNext: (req: HttpRequest, cursor: string) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let req: HttpRequest = initial;\n while (true) {\n const res = await request(req, { resource: options.resource });\n const { items, nextCursor } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!nextCursor) {\n return;\n }\n req = buildNext(req, nextCursor);\n }\n}\n\nexport async function* paginatePage<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; hasMore: boolean },\n buildPage: (req: HttpRequest, page: number) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let page = 1;\n while (true) {\n const req = page === 1 ? initial : buildPage(initial, page);\n const res = await request(req, { resource: options.resource });\n const { items, hasMore } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!hasMore || items.length === 0) {\n return;\n }\n page++;\n }\n}\n","export type LogFields = Record<string, unknown>;\n\nexport interface ConnectorLogger {\n info(event: string, fields?: LogFields): void;\n warn(event: string, fields?: LogFields): void;\n}\n\nexport interface ConnectorLoggerOptions {\n scope: string;\n}\n\nconst MAX_VALUE_LEN = 120;\n\nfunction truncate(s: string, max = MAX_VALUE_LEN): string {\n if (s.length <= max) {\n return s;\n }\n return `${s.slice(0, max - 1)}…`;\n}\n\nfunction formatValue(value: unknown): string {\n if (value === null) {\n return 'null';\n }\n if (value === undefined) {\n return '';\n }\n if (typeof value === 'number' || typeof value === 'boolean') {\n return String(value);\n }\n if (typeof value === 'string') {\n const t = truncate(value);\n if (/[\\s\"=]/.test(t)) {\n return JSON.stringify(t);\n }\n return t;\n }\n if (typeof value === 'bigint') {\n return value.toString();\n }\n let json: string | undefined;\n try {\n json = JSON.stringify(value);\n } catch {\n json = undefined;\n }\n return truncate(json ?? String(value));\n}\n\nexport function formatLogFields(fields?: LogFields): string {\n if (!fields) {\n return '';\n }\n const parts: string[] = [];\n for (const [k, v] of Object.entries(fields)) {\n if (v === undefined) {\n continue;\n }\n parts.push(`${k}=${formatValue(v)}`);\n }\n return parts.length > 0 ? ` ${parts.join(' ')}` : '';\n}\n\nexport function formatLogLine(\n scope: string,\n event: string,\n fields?: LogFields,\n): string {\n return `[${scope}] ${event}${formatLogFields(fields)}`;\n}\n\nexport function createDefaultConnectorLogger(\n opts: ConnectorLoggerOptions,\n): ConnectorLogger {\n return {\n info(event, fields) {\n console.info(formatLogLine(opts.scope, event, fields));\n },\n warn(event, fields) {\n console.warn(formatLogLine(opts.scope, event, fields));\n },\n };\n}\n\nconst NOOP_LOGGER: ConnectorLogger = {\n info() {},\n warn() {},\n};\n\nexport function noopConnectorLogger(): ConnectorLogger {\n return NOOP_LOGGER;\n}\n","import {\n AuthError,\n type HttpResponse,\n RateLimitError,\n TransientError,\n UpstreamBugError,\n connectorUserAgent,\n} from '@rawdash/connector-shared';\nimport {\n BaseConnector,\n type ConnectorContext,\n type ConnectorCost,\n type ConnectorDoc,\n type CredentialsSchema,\n type JSONValue,\n type MetricSample,\n type StorageHandle,\n type SyncOptions,\n type SyncResult,\n defineConfigFields,\n defineConnectorDoc,\n defineResources,\n schemasFromResources,\n} from '@rawdash/core';\nimport { z } from 'zod';\n\nimport {\n type TokenCacheEntry,\n fetchArmAccessToken,\n isTokenFresh,\n} from './auth';\n\n// ---------------------------------------------------------------------------\n// configFields\n// ---------------------------------------------------------------------------\n\nconst dimensionValues = [\n 'ResourceGroup',\n 'ResourceGroupName',\n 'ServiceName',\n 'ServiceTier',\n 'Meter',\n 'MeterCategory',\n 'MeterSubCategory',\n 'ResourceId',\n 'ResourceType',\n 'ResourceLocation',\n 'ChargeType',\n 'PublisherType',\n 'BillingPeriod',\n 'InvoiceId',\n 'SubscriptionId',\n 'SubscriptionName',\n] as const;\n\ntype CostDimension = (typeof dimensionValues)[number];\n\nconst groupByEntrySchema = z\n .string()\n .min(1)\n .regex(\n new RegExp(`^(${dimensionValues.join('|')}|TAG:.+)$`),\n `groupBy entries must be one of ${dimensionValues.join(', ')}, or TAG:<tag-key>`,\n );\n\nexport const configFields = defineConfigFields(\n z.object({\n tenantId: z.string().min(1).meta({\n label: 'Tenant ID',\n description:\n 'Microsoft Entra ID (Azure AD) tenant ID - the directory that hosts the app registration.',\n placeholder: '00000000-0000-0000-0000-000000000000',\n }),\n clientId: z.string().min(1).meta({\n label: 'Client ID',\n description:\n 'Application (client) ID of the Entra ID app registration / service principal used for authentication.',\n placeholder: '00000000-0000-0000-0000-000000000000',\n }),\n clientSecret: z.object({ $secret: z.string().min(1) }).meta({\n label: 'Client secret',\n description:\n 'Client secret of the Entra ID app registration. Generate one under App registrations → Certificates & secrets.',\n placeholder: 'azure-client-secret',\n secret: true,\n }),\n subscriptionId: z.string().min(1).meta({\n label: 'Subscription ID',\n description:\n 'Azure subscription ID the cost query is scoped to. The service principal needs Cost Management Reader (or Reader) on this subscription.',\n placeholder: '00000000-0000-0000-0000-000000000000',\n }),\n groupBy: z\n .array(groupByEntrySchema)\n .max(2, 'Cost Management accepts at most two grouping dimensions')\n .optional()\n .meta({\n label: 'Group by (optional)',\n description:\n 'Up to two Cost Management dimensions to break costs down by, e.g. ServiceName, ResourceGroup, or TAG:Environment. Omit for total cost only.',\n }),\n lookbackDays: z.number().int().positive().max(365).optional().meta({\n label: 'Backfill window (days)',\n description:\n 'How many days of history to fetch on a full sync. Defaults to 90.',\n placeholder: '90',\n }),\n }),\n);\n\nexport const doc: ConnectorDoc = defineConnectorDoc({\n displayName: 'Azure Cost Management',\n category: 'finance',\n brandColor: '#0078D4',\n tagline:\n 'Track daily Azure spend over time, optionally broken down by resource group, service, or tag, via the Cost Management query API.',\n vendor: {\n name: 'Microsoft Azure',\n apiDocs: 'https://learn.microsoft.com/en-us/rest/api/cost-management/',\n website: 'https://azure.microsoft.com/en-us/products/cost-management',\n },\n auth: {\n summary:\n 'Authenticates with a Microsoft Entra ID (Azure AD) service principal (tenant ID + client ID + client secret) scoped to the target subscription. The principal needs the built-in Cost Management Reader role at the subscription scope (or Reader).',\n setup: [\n 'In the Azure portal open Microsoft Entra ID → App registrations → New registration and create an app for rawdash.',\n 'Under Certificates & secrets, generate a client secret and copy its value (it is only shown once).',\n 'In the target subscription open Access control (IAM) → Add role assignment and grant the new service principal the built-in Cost Management Reader role.',\n 'Store the client secret as a secret and reference it from config as `clientSecret: secret(\"AZ_CLIENT_SECRET\")`, alongside `tenantId`, `clientId`, and `subscriptionId`.',\n 'Cost Management must be enabled for the subscription; the first activation can take up to 24 hours before data is queryable.',\n ],\n },\n rateLimit:\n 'Cost Management throttles via 429 responses with Retry-After; the shared HTTP client honors Retry-After and backs off on 429.',\n limitations: [\n 'Cost data can be revised for a couple of days after the fact, so incremental syncs refetch a short trailing window.',\n 'Daily granularity only (the most common dashboard slice). Monthly granularity is not exposed in v1.',\n 'At most two grouping dimensions are accepted per query (Cost Management limit).',\n 'Forecast (`forecast` endpoint) is not synced in v1; only historical actual cost.',\n ],\n});\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\nexport interface AzureCostSettings {\n tenantId: string;\n clientId: string;\n subscriptionId: string;\n groupBy?: readonly string[];\n lookbackDays?: number;\n}\n\nconst azureCostCredentials = {\n clientSecret: {\n description: 'Azure AD app-registration client secret',\n auth: 'required' as const,\n },\n} satisfies CredentialsSchema;\n\ntype AzureCostCredentials = typeof azureCostCredentials;\n\n// ---------------------------------------------------------------------------\n// API response schemas\n// ---------------------------------------------------------------------------\n\nconst costColumnSchema = z.object({\n name: z.string(),\n type: z.string().optional(),\n});\n\nconst costRowSchema = z.array(z.union([z.string(), z.number(), z.null()]));\n\nconst costQueryResponseSchema = z.object({\n id: z.string().optional(),\n name: z.string().optional(),\n type: z.string().optional(),\n properties: z.object({\n nextLink: z.string().nullish(),\n columns: z.array(costColumnSchema),\n rows: z.array(costRowSchema),\n }),\n});\n\n// ---------------------------------------------------------------------------\n// Runtime response shapes (permissive — assertions live in the Zod schemas)\n// ---------------------------------------------------------------------------\n\ninterface CostColumn {\n name?: string;\n type?: string;\n}\n\ninterface CostQueryProperties {\n nextLink?: string | null;\n columns?: CostColumn[];\n rows?: Array<Array<string | number | null>>;\n}\n\ninterface CostQueryResponseBody {\n properties?: CostQueryProperties;\n}\n\n// ---------------------------------------------------------------------------\n// Resources\n// ---------------------------------------------------------------------------\n\nconst DAILY_METRIC_NAME = 'azure_cost_daily';\n\nexport const azureCostResources = defineResources({\n azure_cost_daily: {\n shape: 'metric',\n description:\n 'Daily Azure actual cost per time bucket, optionally split across the configured group-by dimensions.',\n endpoint:\n 'POST /subscriptions/{subId}/providers/Microsoft.CostManagement/query',\n unit: 'currency reported by Azure',\n granularity: 'daily',\n notes:\n 'Cost data can be revised for a couple of days after the fact, so incremental syncs refetch a short trailing window. Cost Management accepts at most two grouping dimensions per query.',\n dimensions: [\n {\n name: 'unit',\n description: 'Currency reported by Azure (e.g. USD, EUR).',\n },\n {\n name: 'service_name',\n description:\n 'Azure service name, present when grouping by ServiceName (other dimensions appear under their normalized key, e.g. resource_group, tag_<key>).',\n },\n ],\n responses: { cost_query: costQueryResponseSchema },\n },\n});\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst ARM_HOST = 'https://management.azure.com';\nconst COST_API_VERSION = '2024-08-01';\nconst DEFAULT_BACKFILL_DAYS = 90;\nconst INCREMENTAL_LOOKBACK_DAYS = 3;\nconst MS_PER_DAY = 86_400_000;\n\n// ---------------------------------------------------------------------------\n// Pure helpers — exported for unit testing\n// ---------------------------------------------------------------------------\n\nfunction startOfUtcDay(ms: number): number {\n return Math.floor(ms / MS_PER_DAY) * MS_PER_DAY;\n}\n\nexport interface CostWindow {\n from: string;\n to: string;\n}\n\nexport function getCostWindow(\n options: SyncOptions,\n lookbackDays: number,\n now: number = Date.now(),\n): CostWindow {\n const sinceMs = options.since !== undefined ? Date.parse(options.since) : NaN;\n const hasSince = Number.isFinite(sinceMs);\n\n let days = lookbackDays;\n if (options.mode === 'latest') {\n days = INCREMENTAL_LOOKBACK_DAYS;\n } else if (hasSince) {\n const elapsed = Math.ceil((now - sinceMs) / MS_PER_DAY);\n days = Math.min(Math.max(elapsed, 1), lookbackDays);\n }\n // Inclusive end at end of today UTC so the still-estimating current day is\n // captured and overwritten on each later sync.\n const todayStart = startOfUtcDay(now);\n const fromMs = todayStart - (days - 1) * MS_PER_DAY;\n const toMs = todayStart + MS_PER_DAY - 1;\n return {\n from: new Date(fromMs).toISOString(),\n to: new Date(toMs).toISOString(),\n };\n}\n\nfunction dimensionAttrKey(dimension: string): string {\n if (dimension.startsWith('TAG:')) {\n return `tag_${dimension.slice(4)}`;\n }\n // Normalize dimension names (\"ResourceGroup\" → \"resource_group\") so attribute\n // keys are stable regardless of the case Azure echoes back in column headers.\n return dimension\n .replace(/([a-z0-9])([A-Z])/g, '$1_$2')\n .replace(/([A-Z]+)([A-Z][a-z])/g, '$1_$2')\n .toLowerCase();\n}\n\nfunction toGrouping(dimension: string): { type: string; name: string } {\n if (dimension.startsWith('TAG:')) {\n return { type: 'Tag', name: dimension.slice(4) };\n }\n return { type: 'Dimension', name: dimension };\n}\n\nfunction parseUsageDate(value: string | number | null): number | null {\n if (value === null) {\n return null;\n }\n // Cost Management returns UsageDate as an integer YYYYMMDD (column type\n // 'Number') for Daily granularity. We normalize to the start-of-day Unix ms.\n const s = String(value);\n const m = /^(\\d{4})(\\d{2})(\\d{2})$/.exec(s);\n if (!m) {\n return null;\n }\n const ts = Date.UTC(Number(m[1]), Number(m[2]) - 1, Number(m[3]));\n return Number.isFinite(ts) ? ts : null;\n}\n\ninterface ColumnLookup {\n costIdx: number | null;\n dateIdx: number | null;\n currencyIdx: number | null;\n // Map of grouping dimension (as configured) -> column index.\n groupingIdx: Map<string, number>;\n}\n\nfunction lookupColumns(\n columns: CostColumn[] | undefined,\n groupBy: readonly string[] | undefined,\n): ColumnLookup {\n const out: ColumnLookup = {\n costIdx: null,\n dateIdx: null,\n currencyIdx: null,\n groupingIdx: new Map(),\n };\n const named = columns ?? [];\n for (let i = 0; i < named.length; i++) {\n const name = named[i]?.name ?? '';\n const lower = name.toLowerCase();\n if (lower === 'cost' || lower === 'costusd' || lower === 'pretaxcost') {\n out.costIdx = i;\n } else if (lower === 'usagedate' || lower === 'date') {\n out.dateIdx = i;\n } else if (lower === 'currency') {\n out.currencyIdx = i;\n }\n }\n if (groupBy) {\n for (const dim of groupBy) {\n const wantName = dim.startsWith('TAG:') ? dim.slice(4) : dim;\n const idx = named.findIndex(\n (c) =>\n (c.name ?? '').toLowerCase() === wantName.toLowerCase() ||\n // Cost Management sometimes prefixes tag columns with TagValue.\n (c.name ?? '').toLowerCase() === `tagvalue${wantName.toLowerCase()}`,\n );\n if (idx >= 0) {\n out.groupingIdx.set(dim, idx);\n }\n }\n }\n return out;\n}\n\nexport function buildCostSamples(\n body: CostQueryResponseBody,\n groupBy: readonly string[] | undefined,\n): MetricSample[] {\n const props = body.properties;\n if (!props) {\n return [];\n }\n const lookup = lookupColumns(props.columns, groupBy);\n if (lookup.costIdx === null || lookup.dateIdx === null) {\n return [];\n }\n const samples: MetricSample[] = [];\n for (const row of props.rows ?? []) {\n const rawCost = row[lookup.costIdx];\n const rawDate = row[lookup.dateIdx];\n if (rawCost === null || rawCost === undefined) {\n continue;\n }\n const cost =\n typeof rawCost === 'number'\n ? rawCost\n : Number.parseFloat(String(rawCost));\n if (!Number.isFinite(cost)) {\n continue;\n }\n const ts = parseUsageDate(\n typeof rawDate === 'string' || typeof rawDate === 'number'\n ? rawDate\n : null,\n );\n if (ts === null) {\n continue;\n }\n const currency =\n lookup.currencyIdx !== null ? (row[lookup.currencyIdx] ?? null) : null;\n const attributes: Record<string, JSONValue> = {\n unit: typeof currency === 'string' ? currency : (currency ?? 'unknown'),\n };\n for (const [dim, idx] of lookup.groupingIdx.entries()) {\n const val = row[idx];\n attributes[dimensionAttrKey(dim)] =\n typeof val === 'string' || typeof val === 'number' || val === null\n ? val\n : null;\n }\n samples.push({\n name: DAILY_METRIC_NAME,\n ts,\n value: cost,\n attributes,\n });\n }\n return samples;\n}\n\n// ---------------------------------------------------------------------------\n// Error mapping\n// ---------------------------------------------------------------------------\n\nfunction mapArmError(err: unknown): unknown {\n if (!(err instanceof Error) || !('kind' in err)) {\n return err;\n }\n const httpErr = err as Error & { response?: HttpResponse };\n const status = httpErr.response?.status ?? 0;\n if (status === 401 || status === 403) {\n return new AuthError(httpErr.message, httpErr.response);\n }\n if (status === 429) {\n return new RateLimitError(httpErr.message, httpErr.response);\n }\n if (status >= 500) {\n return new TransientError(httpErr.message, httpErr.response);\n }\n return err;\n}\n\n// nextLink can be a fully-qualified URL Azure hands back; sanitize before reuse\n// so a corrupted cursor cannot exfiltrate the bearer token to an attacker host.\nfunction isAllowedArmUrl(value: string): boolean {\n try {\n const u = new URL(value);\n return u.protocol === 'https:' && u.host === 'management.azure.com';\n } catch {\n return false;\n }\n}\n\n// ---------------------------------------------------------------------------\n// AzureCostConnector\n// ---------------------------------------------------------------------------\n\nexport const id = 'azure-cost';\n\nexport const cost: ConnectorCost = {\n recommendedInterval: '1 day',\n minInterval: '1 hour',\n warning:\n 'Azure Cost Management queries are throttled aggressively per subscription; avoid syncing more often than necessary.',\n};\n\nexport class AzureCostConnector extends BaseConnector<\n AzureCostSettings,\n AzureCostCredentials\n> {\n static readonly id = id;\n\n static readonly resources = azureCostResources;\n\n static readonly schemas = schemasFromResources(azureCostResources);\n\n static readonly cost = cost;\n\n static create(input: unknown, ctx?: ConnectorContext): AzureCostConnector {\n const parsed = configFields.parse(input);\n return new AzureCostConnector(\n {\n tenantId: parsed.tenantId,\n clientId: parsed.clientId,\n subscriptionId: parsed.subscriptionId,\n groupBy: parsed.groupBy,\n lookbackDays: parsed.lookbackDays,\n },\n { clientSecret: parsed.clientSecret },\n ctx,\n );\n }\n\n readonly id = id;\n override readonly credentials = azureCostCredentials;\n\n private tokenCache: TokenCacheEntry | null = null;\n\n private async getAccessToken(signal?: AbortSignal): Promise<string> {\n if (isTokenFresh(this.tokenCache)) {\n return this.tokenCache!.token;\n }\n this.tokenCache = await fetchArmAccessToken(\n {\n tenantId: this.settings.tenantId,\n clientId: this.settings.clientId,\n clientSecret: this.creds.clientSecret,\n connectorId: this.id,\n },\n signal,\n );\n return this.tokenCache.token;\n }\n\n private queryUrl(): string {\n const params = new URLSearchParams();\n params.set('api-version', COST_API_VERSION);\n return `${ARM_HOST}/subscriptions/${encodeURIComponent(this.settings.subscriptionId)}/providers/Microsoft.CostManagement/query?${params.toString()}`;\n }\n\n private buildQueryPayload(window: CostWindow): Record<string, unknown> {\n const groupBy = this.settings.groupBy ?? [];\n const grouping = groupBy.slice(0, 2).map(toGrouping);\n return {\n type: 'ActualCost',\n timeframe: 'Custom',\n timePeriod: { from: window.from, to: window.to },\n dataset: {\n granularity: 'Daily',\n aggregation: {\n totalCost: { name: 'Cost', function: 'Sum' },\n },\n ...(grouping.length > 0 ? { grouping } : {}),\n },\n };\n }\n\n private async runQuery(\n url: string,\n payload: Record<string, unknown> | undefined,\n signal?: AbortSignal,\n ): Promise<HttpResponse<CostQueryResponseBody>> {\n const token = await this.getAccessToken(signal);\n try {\n return await this.post<CostQueryResponseBody>(url, {\n resource: 'cost_query',\n headers: {\n Authorization: `Bearer ${token}`,\n 'Content-Type': 'application/json',\n Accept: 'application/json',\n 'User-Agent': connectorUserAgent(this.id),\n },\n body: payload ? JSON.stringify(payload) : undefined,\n signal,\n });\n } catch (err) {\n throw mapArmError(err);\n }\n }\n\n async sync(\n options: SyncOptions,\n storage: StorageHandle,\n signal?: AbortSignal,\n ): Promise<SyncResult> {\n if (\n options.resources &&\n options.resources.size > 0 &&\n !options.resources.has('azure_cost_daily')\n ) {\n return { done: true };\n }\n\n const lookbackDays = this.settings.lookbackDays ?? DEFAULT_BACKFILL_DAYS;\n const window = getCostWindow(options, lookbackDays);\n const payload = this.buildQueryPayload(window);\n const phaseStart = Date.now();\n const samples: MetricSample[] = [];\n let pages = 0;\n\n let url = this.queryUrl();\n let body: Record<string, unknown> | undefined = payload;\n while (true) {\n if (signal?.aborted) {\n return { done: false };\n }\n const res = await this.runQuery(url, body, signal);\n const chunk = buildCostSamples(res.body, this.settings.groupBy);\n samples.push(...chunk);\n pages += 1;\n this.logger.info('fetched page', {\n resource: 'cost_query',\n page: pages,\n items: chunk.length,\n });\n const next = res.body.properties?.nextLink;\n if (typeof next === 'string' && next.length > 0) {\n if (!isAllowedArmUrl(next)) {\n throw new UpstreamBugError(\n `Azure Cost nextLink rejected by ARM host allowlist: ${next}`,\n res,\n );\n }\n url = next;\n // Cost Management's nextLink is a continuation token URL; the request\n // body is empty on subsequent calls.\n body = undefined;\n } else {\n break;\n }\n }\n\n await storage.metrics(samples, { names: [DAILY_METRIC_NAME] });\n this.logger.info('resource done', {\n resource: 'cost_query',\n pages,\n items: samples.length,\n duration_ms: Date.now() - phaseStart,\n });\n return { done: true };\n }\n}\n\n// Exported only so it shows up in the connector's typed surface for tests.\nexport type { CostDimension };\n","import {\n AuthError,\n type HttpResponse,\n TransientError,\n connectorUserAgent,\n request as sharedRequest,\n} from '@rawdash/connector-shared';\n\n// Azure AD client-credentials token caching, scoped to ARM\n// (https://management.azure.com/.default). Both Monitor and Cost connectors\n// share an identical flow against the Microsoft Entra ID token endpoint, so the\n// helper is co-located in each package (rather than a shared sub-package, which\n// would force consumers to install a second runtime dependency).\n\nconst TOKEN_HOST = 'login.microsoftonline.com';\nconst ARM_SCOPE = 'https://management.azure.com/.default';\nconst TOKEN_TTL_BUFFER_MS = 60_000;\n\nexport interface AzureAuthInput {\n tenantId: string;\n clientId: string;\n clientSecret: string;\n connectorId: string;\n}\n\ninterface TokenResponse {\n access_token?: string;\n expires_in?: number;\n token_type?: string;\n}\n\nexport interface TokenCacheEntry {\n token: string;\n expiresAt: number;\n}\n\nexport async function fetchArmAccessToken(\n input: AzureAuthInput,\n signal?: AbortSignal,\n): Promise<TokenCacheEntry> {\n const params = new URLSearchParams();\n params.set('grant_type', 'client_credentials');\n params.set('client_id', input.clientId);\n params.set('client_secret', input.clientSecret);\n params.set('scope', ARM_SCOPE);\n\n let res: HttpResponse<TokenResponse>;\n try {\n res = await sharedRequest<TokenResponse>(\n {\n url: `https://${TOKEN_HOST}/${encodeURIComponent(input.tenantId)}/oauth2/v2.0/token`,\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n Accept: 'application/json',\n 'User-Agent': connectorUserAgent(input.connectorId),\n },\n body: params.toString(),\n signal,\n },\n { resource: 'oauth_token' },\n );\n } catch (err) {\n throw classifyTokenError(err);\n }\n\n const access = res.body.access_token;\n const expiresIn = res.body.expires_in;\n if (typeof access !== 'string' || access.length === 0) {\n throw new AuthError(\n 'Azure AD token response did not include an access_token',\n );\n }\n const ttlMs =\n typeof expiresIn === 'number' && Number.isFinite(expiresIn)\n ? expiresIn * 1000\n : 60 * 60 * 1000;\n return {\n token: access,\n expiresAt: Date.now() + ttlMs - TOKEN_TTL_BUFFER_MS,\n };\n}\n\nfunction classifyTokenError(err: unknown): unknown {\n if (!(err instanceof Error) || !('kind' in err)) {\n return err;\n }\n const httpErr = err as Error & { response?: HttpResponse };\n const status = httpErr.response?.status ?? 0;\n if (status === 400 || status === 401 || status === 403) {\n return new AuthError(httpErr.message, httpErr.response);\n }\n if (status >= 500) {\n return new TransientError(httpErr.message, httpErr.response);\n }\n return err;\n}\n\nexport function isTokenFresh(\n cache: TokenCacheEntry | null,\n now: number = Date.now(),\n): boolean {\n return cache !== null && now < cache.expiresAt;\n}\n","import { AzureCostConnector } from './azure-cost';\n\nexport {\n AzureCostConnector,\n azureCostResources as resources,\n configFields,\n cost,\n doc,\n id,\n} from './azure-cost';\nexport type { AzureCostSettings, CostWindow } from './azure-cost';\nexport default AzureCostConnector;\n"],"mappings":";AASO,IAAe,kBAAf,cAAuC,MAAM;EAEzC;EAET,YAAY,SAAiB,UAAyB;AACpD,UAAM,OAAO;AACb,SAAK,OAAO,WAAW;AACvB,SAAK,WAAW;EAClB;AACF;AAEO,IAAM,iBAAN,cAA6B,gBAAgB;EACzC,OAAO;AAClB;AAEO,IAAM,iBAAN,cAA6B,gBAAgB;EACzC,OAAO;EACP;EAET,YAAY,SAAiB,UAAyB,YAAmB;AACvE,UAAM,SAAS,QAAQ;AACvB,SAAK,aAAa;EACpB;AACF;AAEO,IAAM,YAAN,cAAwB,gBAAgB;EACpC,OAAO;AAClB;AAEO,IAAM,mBAAN,cAA+B,gBAAgB;EAC3C,OAAO;AAClB;AAEO,IAAM,iBAAN,cAA6B,gBAAgB;EACzC,OAAO;AAClB;AAEO,SAAS,eAAe,QAA+B;AAC5D,MAAI,WAAW,KAAK;AAClB,WAAO;EACT;AACA,MAAI,WAAW,OAAO,WAAW,KAAK;AACpC,WAAO;EACT;AACA,MAAI,WAAW,KAAK;AAClB,WAAO;EACT;AACA,MAAI,UAAU,KAAK;AACjB,WAAO;EACT;AACA,MAAI,UAAU,KAAK;AACjB,WAAO;EACT;AACA,SAAO;AACT;AAEO,SAAS,eACd,SACA,UACA,YACiB;AACjB,QAAM,OAAO,eAAe,SAAS,MAAM;AAC3C,UAAQ,MAAM;IACZ,KAAK;AACH,aAAO,IAAI,eAAe,SAAS,UAAU,UAAU;IACzD,KAAK;AACH,aAAO,IAAI,UAAU,SAAS,QAAQ;IACxC,KAAK;AACH,aAAO,IAAI,eAAe,SAAS,QAAQ;IAC7C,KAAK;AACH,aAAO,IAAI,iBAAiB,SAAS,QAAQ;IAC/C,KAAK;AACH,aAAO,IAAI,eAAe,SAAS,QAAQ;EAC/C;AACF;AC1EO,IAAM,iBAAiB,CAAC,QAAuB,QAAyB;AAC7E,MAAI,eAAe,gBAAgB;AACjC,WAAO;EACT;AACA,MAAI,eAAe,gBAAgB;AACjC,WAAO;EACT;AACA,MAAI,WAAW,MAAM;AACnB,WAAO,eAAe,SAAS,EAAE,eAAe;EAClD;AACA,MAAI,WAAW,OAAO,WAAW,KAAK;AACpC,WAAO;EACT;AACA,MAAI,UAAU,KAAK;AACjB,WAAO;EACT;AACA,SAAO;AACT;AAWO,SAAS,gBACd,aACA,MAAY,oBAAI,KAAK,GACH;AAClB,MAAI,CAAC,aAAa;AAChB,WAAO;EACT;AACA,QAAM,UAAU,YAAY,KAAK;AACjC,MAAI,QAAQ,KAAK,OAAO,GAAG;AACzB,WAAO,IAAI,KAAK,IAAI,QAAQ,IAAI,OAAO,OAAO,IAAI,GAAI;EACxD;AACA,QAAM,SAAS,KAAK,MAAM,OAAO;AACjC,MAAI,OAAO,MAAM,MAAM,GAAG;AACxB,WAAO;EACT;AACA,SAAO,IAAI,KAAK,MAAM;AACxB;AAEO,SAAS,MAAM,IAAY,QAAqC;AACrE,MAAI,QAAQ,SAAS;AACnB,WAAO,QAAQ,OAAO,OAAO,UAAU,IAAI,MAAM,SAAS,CAAC;EAC7D;AACA,SAAO,IAAI,QAAc,CAAC,SAAS,WAAW;AAC5C,UAAM,UAAU,MAAM;AACpB,mBAAa,KAAK;AAClB,aAAO,OAAQ,UAAU,IAAI,MAAM,SAAS,CAAC;IAC/C;AACA,UAAM,QAAQ,WAAW,MAAM;AAC7B,cAAQ,oBAAoB,SAAS,OAAO;AAC5C,cAAQ;IACV,GAAG,EAAE;AACL,YAAQ,iBAAiB,SAAS,SAAS,EAAE,MAAM,KAAK,CAAC;EAC3D,CAAC;AACH;ACtEO,IAAM,sBAAsB;AAE5B,IAAM,qBAAqB,qBAAqB,mBAAmB;AAEnE,SAAS,mBAAmB,aAA6B;AAC9D,SAAO,qBAAqB,WAAW,IAAI,mBAAmB;AAChE;ACOA,IAAM,qBAAqB;AAC3B,IAAM,uBAAuB;AAC7B,IAAM,2BAA2B;AACjC,IAAM,uBAAuB;AAC7B,IAAM,sBAAsB;AAsB5B,eAAe,eACb,UACA,OACe;AACf,MAAI;AACJ,MAAI;AACF,aAAS,SAAS,KAAK;EACzB,SAAS,KAAK;AACZ,YAAQ,KAAK,8CAA8C,GAAG;AAC9D;EACF;AACA,MAAI,EAAE,kBAAkB,UAAU;AAChC;EACF;AACA,QAAM,UAAU,OAAO,MAAM,CAAC,QAAQ;AACpC,YAAQ,KAAK,iDAAiD,GAAG;EACnE,CAAC;AACD,MAAI;AACJ,QAAM,UAAU,IAAI,QAAc,CAAC,YAAY;AAC7C,YAAQ,WAAW,SAAS,mBAAmB;EACjD,CAAC;AACD,MAAI;AACF,UAAM,QAAQ,KAAK,CAAC,SAAS,OAAO,CAAC;EACvC,UAAA;AACE,QAAI,OAAO;AACT,mBAAa,KAAK;IACpB;EACF;AACF;AAEA,SAAS,eAAuB;AAC9B,QAAM,IAAK,WAA0D;AACrE,MAAI,GAAG,YAAY;AACjB,WAAO,EAAE,WAAW;EACtB;AACA,SAAO,GAAG,KAAK,IAAI,EAAE,SAAS,EAAE,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,EAAE,CAAC;AAC9E;AAEA,SAAS,aACP,UACA,WACwB;AACxB,QAAM,SAAiC,CAAC;AACxC,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,GAAG;AAC7C,WAAO,EAAE,YAAY,CAAC,IAAI;EAC5B;AACA,MAAI,WAAW;AACb,eAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,SAAS,GAAG;AAC9C,aAAO,EAAE,YAAY,CAAC,IAAI;IAC5B;EACF;AACA,SAAO;AACT;AAEA,SAAS,kBACP,QACA,WAC6C;AAC7C,QAAM,aAAa,IAAI,gBAAgB;AACvC,QAAM,gBAAgB,MAAM;AAC1B,eAAW,MAAM,QAAQ,MAAM;EACjC;AACA,MAAI,QAAQ;AACV,QAAI,OAAO,SAAS;AAClB,iBAAW,MAAM,OAAO,MAAM;IAChC,OAAO;AACL,aAAO,iBAAiB,SAAS,eAAe,EAAE,MAAM,KAAK,CAAC;IAChE;EACF;AACA,QAAM,QAAQ,WAAW,MAAM;AAC7B,eAAW,MAAM,IAAI,MAAM,2BAA2B,SAAS,IAAI,CAAC;EACtE,GAAG,SAAS;AACZ,SAAO;IACL,QAAQ,WAAW;IACnB,QAAQ,MAAM;AACZ,mBAAa,KAAK;AAClB,UAAI,QAAQ;AACV,eAAO,oBAAoB,SAAS,aAAa;MACnD;IACF;EACF;AACF;AAEA,eAAe,SAAS,KAAe,WAAsC;AAC3E,MAAI,IAAI,WAAW,OAAO,IAAI,WAAW,KAAK;AAC5C,WAAO;EACT;AACA,QAAM,cAAc,IAAI,QAAQ,IAAI,cAAc,KAAK;AACvD,MAAI,aAAa,YAAY,SAAS,kBAAkB,GAAG;AACzD,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,KAAK,WAAW,GAAG;AACrB,aAAO;IACT;AACA,WAAO,KAAK,MAAM,IAAI;EACxB;AACA,SAAO,IAAI,KAAK;AAClB;AAEA,eAAsB,QACpB,KACA,SAC0B;AAC1B,QAAM,YAAuB,QAAQ,SAAU,WAAW;AAC1D,QAAM,QAAQ,IAAI,SAAS,CAAC;AAC5B,QAAM,cAAc,MAAM,eAAe;AACzC,QAAM,iBAAiB,MAAM,kBAAkB;AAC/C,QAAM,aAAa,MAAM,cAAc;AACvC,QAAM,UAAU,MAAM,WAAW;AACjC,QAAM,YAAY,IAAI,aAAa;AACnC,QAAM,YAAY,IAAI,aAAa;AAEnC,QAAM,UAAU;IACd;MACE,cAAc;MACd,QAAQ;IACV;IACA,IAAI;EACN;AAEA,MAAI;AAEJ,WAAS,UAAU,GAAG,UAAU,aAAa,WAAW;AACtD,QAAI,QAAQ,eAAe;AAE3B,UAAM,EAAE,QAAQ,OAAO,IAAI,kBAAkB,IAAI,QAAQ,SAAS;AAClE,QAAI;AACJ,QAAI;AACF,YAAM,MAAM,UAAU,IAAI,KAAK;QAC7B,QAAQ,IAAI,UAAU;QACtB;QACA,MAAM,IAAI;QACV;MACF,CAAC;IACH,SAASA,MAAK;AACZ,aAAO;AACP,UAAI,IAAI,QAAQ,SAAS;AACvB,cAAM,IAAI,OAAO,UAAUA;MAC7B;AACA,YAAM,QAAQA,gBAAe,QAAQA,OAAM,IAAI,MAAM,OAAOA,IAAG,CAAC;AAChE,gBAAU;AACV,UAAI,UAAU,cAAc,KAAK,QAAQ,MAAM,KAAK,GAAG;AACrD,cAAM,QAAQ,aAAa,SAAS,gBAAgB,UAAU;AAC9D,cAAM,MAAM,OAAO,IAAI,MAAM;AAC7B;MACF;AACA,YAAM,IAAI,eAAe,MAAM,OAAO;IACxC;AACA,WAAO;AAEP,UAAM,OAAO,MAAM,SAAS,KAAK,SAAS;AAC1C,UAAM,eAAgC;MACpC,QAAQ,IAAI;MACZ,SAAS,IAAI;MACb;IACF;AACA,QAAI,IAAI,WAAW;AACjB,YAAM,QAAQ,IAAI,UAAU,MAAM,IAAI,OAAO;AAC7C,UAAI,OAAO;AACT,qBAAa,iBAAiB;MAChC;IACF;AAEA,QAAI,QAAQ,UAAU;AACpB,YAAM,eAAe,QAAQ,UAAU;QACrC,KAAK,IAAI;QACT,QAAQ,IAAI,UAAU;QACtB,QAAQ,IAAI;QACZ,UAAU,QAAQ;QAClB,WAAW,QAAQ,aAAa,aAAa;QAC7C;MACF,CAAC;IACH;AAEA,QAAI,IAAI,IAAI;AACV,aAAO;IACT;AAEA,UAAM,aAAa,gBAAgB,IAAI,QAAQ,IAAI,aAAa,CAAC;AACjE,UAAM,UAAU,QAAQ,IAAI,MAAM,IAAI,IAAI,UAAU,QAAQ,IAAI,UAAU,KAAK,IAAI,IAAI,GAAG;AAC1F,UAAM,MAAM,eAAe,SAAS,cAAc,UAAU;AAE5D,QACE,UAAU,cAAc,KACxB,QAAQ,IAAI,QAAQ,GAAG,KACvB,EAAE,eAAe,cACjB,EAAE,eAAe,iBACjB;AACA,gBAAU;AACV,UAAI,QAAQ,aAAa,SAAS,gBAAgB,UAAU;AAC5D,UAAI,eAAe,kBAAkB,YAAY;AAC/C,cAAM,OAAO,WAAW,QAAQ,IAAI,KAAK,IAAI;AAC7C,YAAI,OAAO,GAAG;AACZ,kBAAQ,KAAK,IAAI,MAAM,UAAU;QACnC;MACF;AACA,YAAM,MAAM,OAAO,IAAI,MAAM;AAC7B;IACF;AAEA,UAAM;EACR;AAEA,QAAM,WAAW,IAAI,iBAAiB,0BAA0B;AAClE;AAEA,SAAS,aACP,SACA,gBACA,YACQ;AACR,QAAM,OAAO,iBAAiB,KAAK;AACnC,QAAM,SAAS,OAAO,OAAO,KAAK,OAAO;AACzC,SAAO,KAAK,IAAI,OAAO,QAAQ,UAAU;AAC3C;;;AMpPA;AAAA,EACE;AAAA,EAUA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,SAAS;;;ACVlB,IAAM,aAAa;AACnB,IAAM,YAAY;AAClB,IAAM,sBAAsB;AAoB5B,eAAsB,oBACpB,OACA,QAC0B;AAC1B,QAAM,SAAS,IAAI,gBAAgB;AACnC,SAAO,IAAI,cAAc,oBAAoB;AAC7C,SAAO,IAAI,aAAa,MAAM,QAAQ;AACtC,SAAO,IAAI,iBAAiB,MAAM,YAAY;AAC9C,SAAO,IAAI,SAAS,SAAS;AAE7B,MAAI;AACJ,MAAI;AACF,UAAM,MAAM;AAAA,MACV;AAAA,QACE,KAAK,WAAW,UAAU,IAAI,mBAAmB,MAAM,QAAQ,CAAC;AAAA,QAChE,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,QAAQ;AAAA,UACR,cAAc,mBAAmB,MAAM,WAAW;AAAA,QACpD;AAAA,QACA,MAAM,OAAO,SAAS;AAAA,QACtB;AAAA,MACF;AAAA,MACA,EAAE,UAAU,cAAc;AAAA,IAC5B;AAAA,EACF,SAAS,KAAK;AACZ,UAAM,mBAAmB,GAAG;AAAA,EAC9B;AAEA,QAAM,SAAS,IAAI,KAAK;AACxB,QAAM,YAAY,IAAI,KAAK;AAC3B,MAAI,OAAO,WAAW,YAAY,OAAO,WAAW,GAAG;AACrD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,QACJ,OAAO,cAAc,YAAY,OAAO,SAAS,SAAS,IACtD,YAAY,MACZ,KAAK,KAAK;AAChB,SAAO;AAAA,IACL,OAAO;AAAA,IACP,WAAW,KAAK,IAAI,IAAI,QAAQ;AAAA,EAClC;AACF;AAEA,SAAS,mBAAmB,KAAuB;AACjD,MAAI,EAAE,eAAe,UAAU,EAAE,UAAU,MAAM;AAC/C,WAAO;AAAA,EACT;AACA,QAAM,UAAU;AAChB,QAAM,SAAS,QAAQ,UAAU,UAAU;AAC3C,MAAI,WAAW,OAAO,WAAW,OAAO,WAAW,KAAK;AACtD,WAAO,IAAI,UAAU,QAAQ,SAAS,QAAQ,QAAQ;AAAA,EACxD;AACA,MAAI,UAAU,KAAK;AACjB,WAAO,IAAI,eAAe,QAAQ,SAAS,QAAQ,QAAQ;AAAA,EAC7D;AACA,SAAO;AACT;AAEO,SAAS,aACd,OACA,MAAc,KAAK,IAAI,GACd;AACT,SAAO,UAAU,QAAQ,MAAM,MAAM;AACvC;;;ADnEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAIA,IAAM,qBAAqB,EACxB,OAAO,EACP,IAAI,CAAC,EACL;AAAA,EACC,IAAI,OAAO,KAAK,gBAAgB,KAAK,GAAG,CAAC,WAAW;AAAA,EACpD,kCAAkC,gBAAgB,KAAK,IAAI,CAAC;AAC9D;AAEK,IAAM,eAAe;AAAA,EAC1B,EAAE,OAAO;AAAA,IACP,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,KAAK;AAAA,MAC/B,OAAO;AAAA,MACP,aACE;AAAA,MACF,aAAa;AAAA,IACf,CAAC;AAAA,IACD,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,KAAK;AAAA,MAC/B,OAAO;AAAA,MACP,aACE;AAAA,MACF,aAAa;AAAA,IACf,CAAC;AAAA,IACD,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC,EAAE,KAAK;AAAA,MAC1D,OAAO;AAAA,MACP,aACE;AAAA,MACF,aAAa;AAAA,MACb,QAAQ;AAAA,IACV,CAAC;AAAA,IACD,gBAAgB,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,KAAK;AAAA,MACrC,OAAO;AAAA,MACP,aACE;AAAA,MACF,aAAa;AAAA,IACf,CAAC;AAAA,IACD,SAAS,EACN,MAAM,kBAAkB,EACxB,IAAI,GAAG,yDAAyD,EAChE,SAAS,EACT,KAAK;AAAA,MACJ,OAAO;AAAA,MACP,aACE;AAAA,IACJ,CAAC;AAAA,IACH,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,KAAK;AAAA,MACjE,OAAO;AAAA,MACP,aACE;AAAA,MACF,aAAa;AAAA,IACf,CAAC;AAAA,EACH,CAAC;AACH;AAEO,IAAM,MAAoB,mBAAmB;AAAA,EAClD,aAAa;AAAA,EACb,UAAU;AAAA,EACV,YAAY;AAAA,EACZ,SACE;AAAA,EACF,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AAAA,EACA,MAAM;AAAA,IACJ,SACE;AAAA,IACF,OAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EACA,WACE;AAAA,EACF,aAAa;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF,CAAC;AAcD,IAAM,uBAAuB;AAAA,EAC3B,cAAc;AAAA,IACZ,aAAa;AAAA,IACb,MAAM;AAAA,EACR;AACF;AAQA,IAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,MAAM,EAAE,OAAO;AAAA,EACf,MAAM,EAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAED,IAAM,gBAAgB,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,OAAO,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;AAEzE,IAAM,0BAA0B,EAAE,OAAO;AAAA,EACvC,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,EACxB,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,YAAY,EAAE,OAAO;AAAA,IACnB,UAAU,EAAE,OAAO,EAAE,QAAQ;AAAA,IAC7B,SAAS,EAAE,MAAM,gBAAgB;AAAA,IACjC,MAAM,EAAE,MAAM,aAAa;AAAA,EAC7B,CAAC;AACH,CAAC;AAyBD,IAAM,oBAAoB;AAEnB,IAAM,qBAAqB,gBAAgB;AAAA,EAChD,kBAAkB;AAAA,IAChB,OAAO;AAAA,IACP,aACE;AAAA,IACF,UACE;AAAA,IACF,MAAM;AAAA,IACN,aAAa;AAAA,IACb,OACE;AAAA,IACF,YAAY;AAAA,MACV;AAAA,QACE,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,IACF;AAAA,IACA,WAAW,EAAE,YAAY,wBAAwB;AAAA,EACnD;AACF,CAAC;AAMD,IAAM,WAAW;AACjB,IAAM,mBAAmB;AACzB,IAAM,wBAAwB;AAC9B,IAAM,4BAA4B;AAClC,IAAM,aAAa;AAMnB,SAAS,cAAc,IAAoB;AACzC,SAAO,KAAK,MAAM,KAAK,UAAU,IAAI;AACvC;AAOO,SAAS,cACd,SACA,cACA,MAAc,KAAK,IAAI,GACX;AACZ,QAAM,UAAU,QAAQ,UAAU,SAAY,KAAK,MAAM,QAAQ,KAAK,IAAI;AAC1E,QAAM,WAAW,OAAO,SAAS,OAAO;AAExC,MAAI,OAAO;AACX,MAAI,QAAQ,SAAS,UAAU;AAC7B,WAAO;AAAA,EACT,WAAW,UAAU;AACnB,UAAM,UAAU,KAAK,MAAM,MAAM,WAAW,UAAU;AACtD,WAAO,KAAK,IAAI,KAAK,IAAI,SAAS,CAAC,GAAG,YAAY;AAAA,EACpD;AAGA,QAAM,aAAa,cAAc,GAAG;AACpC,QAAM,SAAS,cAAc,OAAO,KAAK;AACzC,QAAM,OAAO,aAAa,aAAa;AACvC,SAAO;AAAA,IACL,MAAM,IAAI,KAAK,MAAM,EAAE,YAAY;AAAA,IACnC,IAAI,IAAI,KAAK,IAAI,EAAE,YAAY;AAAA,EACjC;AACF;AAEA,SAAS,iBAAiB,WAA2B;AACnD,MAAI,UAAU,WAAW,MAAM,GAAG;AAChC,WAAO,OAAO,UAAU,MAAM,CAAC,CAAC;AAAA,EAClC;AAGA,SAAO,UACJ,QAAQ,sBAAsB,OAAO,EACrC,QAAQ,yBAAyB,OAAO,EACxC,YAAY;AACjB;AAEA,SAAS,WAAW,WAAmD;AACrE,MAAI,UAAU,WAAW,MAAM,GAAG;AAChC,WAAO,EAAE,MAAM,OAAO,MAAM,UAAU,MAAM,CAAC,EAAE;AAAA,EACjD;AACA,SAAO,EAAE,MAAM,aAAa,MAAM,UAAU;AAC9C;AAEA,SAAS,eAAe,OAA8C;AACpE,MAAI,UAAU,MAAM;AAClB,WAAO;AAAA,EACT;AAGA,QAAM,IAAI,OAAO,KAAK;AACtB,QAAM,IAAI,0BAA0B,KAAK,CAAC;AAC1C,MAAI,CAAC,GAAG;AACN,WAAO;AAAA,EACT;AACA,QAAM,KAAK,KAAK,IAAI,OAAO,EAAE,CAAC,CAAC,GAAG,OAAO,EAAE,CAAC,CAAC,IAAI,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC;AAChE,SAAO,OAAO,SAAS,EAAE,IAAI,KAAK;AACpC;AAUA,SAAS,cACP,SACA,SACc;AACd,QAAM,MAAoB;AAAA,IACxB,SAAS;AAAA,IACT,SAAS;AAAA,IACT,aAAa;AAAA,IACb,aAAa,oBAAI,IAAI;AAAA,EACvB;AACA,QAAM,QAAQ,WAAW,CAAC;AAC1B,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,UAAM,OAAO,MAAM,CAAC,GAAG,QAAQ;AAC/B,UAAM,QAAQ,KAAK,YAAY;AAC/B,QAAI,UAAU,UAAU,UAAU,aAAa,UAAU,cAAc;AACrE,UAAI,UAAU;AAAA,IAChB,WAAW,UAAU,eAAe,UAAU,QAAQ;AACpD,UAAI,UAAU;AAAA,IAChB,WAAW,UAAU,YAAY;AAC/B,UAAI,cAAc;AAAA,IACpB;AAAA,EACF;AACA,MAAI,SAAS;AACX,eAAW,OAAO,SAAS;AACzB,YAAM,WAAW,IAAI,WAAW,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI;AACzD,YAAM,MAAM,MAAM;AAAA,QAChB,CAAC,OACE,EAAE,QAAQ,IAAI,YAAY,MAAM,SAAS,YAAY;AAAA,SAErD,EAAE,QAAQ,IAAI,YAAY,MAAM,WAAW,SAAS,YAAY,CAAC;AAAA,MACtE;AACA,UAAI,OAAO,GAAG;AACZ,YAAI,YAAY,IAAI,KAAK,GAAG;AAAA,MAC9B;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,iBACd,MACA,SACgB;AAChB,QAAM,QAAQ,KAAK;AACnB,MAAI,CAAC,OAAO;AACV,WAAO,CAAC;AAAA,EACV;AACA,QAAM,SAAS,cAAc,MAAM,SAAS,OAAO;AACnD,MAAI,OAAO,YAAY,QAAQ,OAAO,YAAY,MAAM;AACtD,WAAO,CAAC;AAAA,EACV;AACA,QAAM,UAA0B,CAAC;AACjC,aAAW,OAAO,MAAM,QAAQ,CAAC,GAAG;AAClC,UAAM,UAAU,IAAI,OAAO,OAAO;AAClC,UAAM,UAAU,IAAI,OAAO,OAAO;AAClC,QAAI,YAAY,QAAQ,YAAY,QAAW;AAC7C;AAAA,IACF;AACA,UAAMC,QACJ,OAAO,YAAY,WACf,UACA,OAAO,WAAW,OAAO,OAAO,CAAC;AACvC,QAAI,CAAC,OAAO,SAASA,KAAI,GAAG;AAC1B;AAAA,IACF;AACA,UAAM,KAAK;AAAA,MACT,OAAO,YAAY,YAAY,OAAO,YAAY,WAC9C,UACA;AAAA,IACN;AACA,QAAI,OAAO,MAAM;AACf;AAAA,IACF;AACA,UAAM,WACJ,OAAO,gBAAgB,OAAQ,IAAI,OAAO,WAAW,KAAK,OAAQ;AACpE,UAAM,aAAwC;AAAA,MAC5C,MAAM,OAAO,aAAa,WAAW,WAAY,YAAY;AAAA,IAC/D;AACA,eAAW,CAAC,KAAK,GAAG,KAAK,OAAO,YAAY,QAAQ,GAAG;AACrD,YAAM,MAAM,IAAI,GAAG;AACnB,iBAAW,iBAAiB,GAAG,CAAC,IAC9B,OAAO,QAAQ,YAAY,OAAO,QAAQ,YAAY,QAAQ,OAC1D,MACA;AAAA,IACR;AACA,YAAQ,KAAK;AAAA,MACX,MAAM;AAAA,MACN;AAAA,MACA,OAAOA;AAAA,MACP;AAAA,IACF,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAMA,SAAS,YAAY,KAAuB;AAC1C,MAAI,EAAE,eAAe,UAAU,EAAE,UAAU,MAAM;AAC/C,WAAO;AAAA,EACT;AACA,QAAM,UAAU;AAChB,QAAM,SAAS,QAAQ,UAAU,UAAU;AAC3C,MAAI,WAAW,OAAO,WAAW,KAAK;AACpC,WAAO,IAAI,UAAU,QAAQ,SAAS,QAAQ,QAAQ;AAAA,EACxD;AACA,MAAI,WAAW,KAAK;AAClB,WAAO,IAAI,eAAe,QAAQ,SAAS,QAAQ,QAAQ;AAAA,EAC7D;AACA,MAAI,UAAU,KAAK;AACjB,WAAO,IAAI,eAAe,QAAQ,SAAS,QAAQ,QAAQ;AAAA,EAC7D;AACA,SAAO;AACT;AAIA,SAAS,gBAAgB,OAAwB;AAC/C,MAAI;AACF,UAAM,IAAI,IAAI,IAAI,KAAK;AACvB,WAAO,EAAE,aAAa,YAAY,EAAE,SAAS;AAAA,EAC/C,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAMO,IAAM,KAAK;AAEX,IAAM,OAAsB;AAAA,EACjC,qBAAqB;AAAA,EACrB,aAAa;AAAA,EACb,SACE;AACJ;AAEO,IAAM,qBAAN,MAAM,4BAA2B,cAGtC;AAAA,EACA,OAAgB,KAAK;AAAA,EAErB,OAAgB,YAAY;AAAA,EAE5B,OAAgB,UAAU,qBAAqB,kBAAkB;AAAA,EAEjE,OAAgB,OAAO;AAAA,EAEvB,OAAO,OAAO,OAAgB,KAA4C;AACxE,UAAM,SAAS,aAAa,MAAM,KAAK;AACvC,WAAO,IAAI;AAAA,MACT;AAAA,QACE,UAAU,OAAO;AAAA,QACjB,UAAU,OAAO;AAAA,QACjB,gBAAgB,OAAO;AAAA,QACvB,SAAS,OAAO;AAAA,QAChB,cAAc,OAAO;AAAA,MACvB;AAAA,MACA,EAAE,cAAc,OAAO,aAAa;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AAAA,EAES,KAAK;AAAA,EACI,cAAc;AAAA,EAExB,aAAqC;AAAA,EAE7C,MAAc,eAAe,QAAuC;AAClE,QAAI,aAAa,KAAK,UAAU,GAAG;AACjC,aAAO,KAAK,WAAY;AAAA,IAC1B;AACA,SAAK,aAAa,MAAM;AAAA,MACtB;AAAA,QACE,UAAU,KAAK,SAAS;AAAA,QACxB,UAAU,KAAK,SAAS;AAAA,QACxB,cAAc,KAAK,MAAM;AAAA,QACzB,aAAa,KAAK;AAAA,MACpB;AAAA,MACA;AAAA,IACF;AACA,WAAO,KAAK,WAAW;AAAA,EACzB;AAAA,EAEQ,WAAmB;AACzB,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,eAAe,gBAAgB;AAC1C,WAAO,GAAG,QAAQ,kBAAkB,mBAAmB,KAAK,SAAS,cAAc,CAAC,6CAA6C,OAAO,SAAS,CAAC;AAAA,EACpJ;AAAA,EAEQ,kBAAkB,QAA6C;AACrE,UAAM,UAAU,KAAK,SAAS,WAAW,CAAC;AAC1C,UAAM,WAAW,QAAQ,MAAM,GAAG,CAAC,EAAE,IAAI,UAAU;AACnD,WAAO;AAAA,MACL,MAAM;AAAA,MACN,WAAW;AAAA,MACX,YAAY,EAAE,MAAM,OAAO,MAAM,IAAI,OAAO,GAAG;AAAA,MAC/C,SAAS;AAAA,QACP,aAAa;AAAA,QACb,aAAa;AAAA,UACX,WAAW,EAAE,MAAM,QAAQ,UAAU,MAAM;AAAA,QAC7C;AAAA,QACA,GAAI,SAAS,SAAS,IAAI,EAAE,SAAS,IAAI,CAAC;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,SACZ,KACA,SACA,QAC8C;AAC9C,UAAM,QAAQ,MAAM,KAAK,eAAe,MAAM;AAC9C,QAAI;AACF,aAAO,MAAM,KAAK,KAA4B,KAAK;AAAA,QACjD,UAAU;AAAA,QACV,SAAS;AAAA,UACP,eAAe,UAAU,KAAK;AAAA,UAC9B,gBAAgB;AAAA,UAChB,QAAQ;AAAA,UACR,cAAc,mBAAmB,KAAK,EAAE;AAAA,QAC1C;AAAA,QACA,MAAM,UAAU,KAAK,UAAU,OAAO,IAAI;AAAA,QAC1C;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,YAAM,YAAY,GAAG;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,MAAM,KACJ,SACA,SACA,QACqB;AACrB,QACE,QAAQ,aACR,QAAQ,UAAU,OAAO,KACzB,CAAC,QAAQ,UAAU,IAAI,kBAAkB,GACzC;AACA,aAAO,EAAE,MAAM,KAAK;AAAA,IACtB;AAEA,UAAM,eAAe,KAAK,SAAS,gBAAgB;AACnD,UAAM,SAAS,cAAc,SAAS,YAAY;AAClD,UAAM,UAAU,KAAK,kBAAkB,MAAM;AAC7C,UAAM,aAAa,KAAK,IAAI;AAC5B,UAAM,UAA0B,CAAC;AACjC,QAAI,QAAQ;AAEZ,QAAI,MAAM,KAAK,SAAS;AACxB,QAAI,OAA4C;AAChD,WAAO,MAAM;AACX,UAAI,QAAQ,SAAS;AACnB,eAAO,EAAE,MAAM,MAAM;AAAA,MACvB;AACA,YAAM,MAAM,MAAM,KAAK,SAAS,KAAK,MAAM,MAAM;AACjD,YAAM,QAAQ,iBAAiB,IAAI,MAAM,KAAK,SAAS,OAAO;AAC9D,cAAQ,KAAK,GAAG,KAAK;AACrB,eAAS;AACT,WAAK,OAAO,KAAK,gBAAgB;AAAA,QAC/B,UAAU;AAAA,QACV,MAAM;AAAA,QACN,OAAO,MAAM;AAAA,MACf,CAAC;AACD,YAAM,OAAO,IAAI,KAAK,YAAY;AAClC,UAAI,OAAO,SAAS,YAAY,KAAK,SAAS,GAAG;AAC/C,YAAI,CAAC,gBAAgB,IAAI,GAAG;AAC1B,gBAAM,IAAI;AAAA,YACR,uDAAuD,IAAI;AAAA,YAC3D;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAGN,eAAO;AAAA,MACT,OAAO;AACL;AAAA,MACF;AAAA,IACF;AAEA,UAAM,QAAQ,QAAQ,SAAS,EAAE,OAAO,CAAC,iBAAiB,EAAE,CAAC;AAC7D,SAAK,OAAO,KAAK,iBAAiB;AAAA,MAChC,UAAU;AAAA,MACV;AAAA,MACA,OAAO,QAAQ;AAAA,MACf,aAAa,KAAK,IAAI,IAAI;AAAA,IAC5B,CAAC;AACD,WAAO,EAAE,MAAM,KAAK;AAAA,EACtB;AACF;;;AEpmBA,IAAO,gBAAQ;","names":["err","cost"]}

package/package.json ADDED Viewed

@@ -0,0 +1,43 @@
+{
+  "name": "@rawdash/connector-azure-cost",
+  "version": "0.17.0",
+  "description": "Rawdash connector for Azure Cost Management — pulls daily Azure spend (optionally grouped by resource group, service, or tag) into the six-shape storage model via the Cost Management query API",
+  "license": "Apache-2.0",
+  "type": "module",
+  "sideEffects": false,
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/rawdash/rawdash.git",
+    "directory": "packages/connectors/azure-cost"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "exports": {
+    ".": {
+      "@rawdash/source": "./src/index.ts",
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "build": "tsup",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint src",
+    "test": "vitest run"
+  },
+  "dependencies": {
+    "@rawdash/core": "workspace:*",
+    "zod": "^4.4.3"
+  },
+  "devDependencies": {
+    "@rawdash/connector-shared": "workspace:*",
+    "@rawdash/connector-test-utils": "workspace:*",
+    "fast-check": "^4.8.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.7.2",
+    "vitest": "^4.1.4"
+  }
+}