@stackframe/stack-shared 2.8.25 → 2.8.27

package/dist/config/schema.js

@@ -30,124 +30,143 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/config/schema.ts
 var schema_exports = {};
 __export(schema_exports, {
-  applyDefaults: () => applyDefaults,
-  branchConfigDefaults: () => branchConfigDefaults,
+  applyBranchDefaults: () => applyBranchDefaults,
+  applyEnvironmentDefaults: () => applyEnvironmentDefaults,
+  applyOrganizationDefaults: () => applyOrganizationDefaults,
+  applyProjectDefaults: () => applyProjectDefaults,
+  assertNoConfigOverrideErrors: () => assertNoConfigOverrideErrors,
   branchConfigSchema: () => branchConfigSchema,
   configLevels: () => configLevels,
-  environmentConfigDefaults: () => environmentConfigDefaults,
   environmentConfigSchema: () => environmentConfigSchema,
-  organizationConfigDefaults: () => organizationConfigDefaults,
+  getConfigOverrideErrors: () => getConfigOverrideErrors,
+  getIncompleteConfigWarnings: () => getIncompleteConfigWarnings,
+  migrateConfigOverride: () => migrateConfigOverride,
   organizationConfigSchema: () => organizationConfigSchema,
-  projectConfigDefaults: () => projectConfigDefaults,
-  projectConfigSchema: () => projectConfigSchema
+  projectConfigSchema: () => projectConfigSchema,
+  sanitizeBranchConfig: () => sanitizeBranchConfig,
+  sanitizeEnvironmentConfig: () => sanitizeEnvironmentConfig,
+  sanitizeOrganizationConfig: () => sanitizeOrganizationConfig,
+  sanitizeProjectConfig: () => sanitizeProjectConfig
 });
 module.exports = __toCommonJS(schema_exports);
+var yup = __toESM(require("yup"));
+var import_emails = require("../helpers/emails.js");
 var schemaFields = __toESM(require("../schema-fields.js"));
 var import_schema_fields = require("../schema-fields.js");
+var import_arrays = require("../utils/arrays.js");
+var import_errors = require("../utils/errors.js");
 var import_oauth = require("../utils/oauth.js");
 var import_objects = require("../utils/objects.js");
-var import_emails = require("../helpers/emails.js");
+var import_results = require("../utils/results.js");
+var import_types = require("../utils/types.js");
+var import_format = require("./format.js");
 var configLevels = ["project", "branch", "environment", "organization"];
 var permissionRegex = /^\$?[a-z0-9_:]+$/;
 var customPermissionRegex = /^[a-z0-9_:]+$/;
+function canNoLongerBeOverridden(schema, keys) {
+  const notOmitted = schema.concat((0, import_schema_fields.yupObject)(
+    Object.fromEntries(keys.map((key) => [key, schema.getNested(key).meta({ stackConfigCanNoLongerBeOverridden: true })]))
+  ));
+  return notOmitted;
+}
 var projectConfigSchema = (0, import_schema_fields.yupObject)({
   sourceOfTruth: (0, import_schema_fields.yupUnion)(
     (0, import_schema_fields.yupObject)({
-      type: (0, import_schema_fields.yupString)().oneOf(["hosted"]).optional()
-    }).defined(),
+      type: (0, import_schema_fields.yupString)().oneOf(["hosted"]).defined()
+    }),
     (0, import_schema_fields.yupObject)({
-      type: (0, import_schema_fields.yupString)().oneOf(["neon"]).optional(),
+      type: (0, import_schema_fields.yupString)().oneOf(["neon"]).defined(),
       connectionStrings: (0, import_schema_fields.yupRecord)(
         (0, import_schema_fields.yupString)().defined(),
         (0, import_schema_fields.yupString)().defined()
       ).defined()
-    }).defined(),
+    }),
     (0, import_schema_fields.yupObject)({
-      type: (0, import_schema_fields.yupString)().oneOf(["postgres"]).optional(),
+      type: (0, import_schema_fields.yupString)().oneOf(["postgres"]).defined(),
       connectionString: (0, import_schema_fields.yupString)().defined()
-    }).defined()
-  ).optional()
+    })
+  )
 });
 var branchRbacDefaultPermissions = (0, import_schema_fields.yupRecord)(
-  (0, import_schema_fields.yupString)().optional().matches(permissionRegex),
+  (0, import_schema_fields.yupString)().matches(permissionRegex),
   (0, import_schema_fields.yupBoolean)().isTrue().optional()
-).optional();
+);
 var branchRbacSchema = (0, import_schema_fields.yupObject)({
   permissions: (0, import_schema_fields.yupRecord)(
-    (0, import_schema_fields.yupString)().optional().matches(customPermissionRegex),
+    (0, import_schema_fields.yupString)().matches(customPermissionRegex),
     (0, import_schema_fields.yupObject)({
       description: (0, import_schema_fields.yupString)().optional(),
       scope: (0, import_schema_fields.yupString)().oneOf(["team", "project"]).optional(),
       containedPermissionIds: (0, import_schema_fields.yupRecord)(
-        (0, import_schema_fields.yupString)().optional().matches(permissionRegex),
+        (0, import_schema_fields.yupString)().matches(permissionRegex),
         (0, import_schema_fields.yupBoolean)().isTrue().optional()
       ).optional()
     }).optional()
-  ).optional(),
+  ),
   defaultPermissions: (0, import_schema_fields.yupObject)({
     teamCreator: branchRbacDefaultPermissions,
     teamMember: branchRbacDefaultPermissions,
     signUp: branchRbacDefaultPermissions
-  }).optional()
-}).optional();
+  })
+});
 var branchApiKeysSchema = (0, import_schema_fields.yupObject)({
   enabled: (0, import_schema_fields.yupObject)({
-    team: (0, import_schema_fields.yupBoolean)().optional(),
-    user: (0, import_schema_fields.yupBoolean)().optional()
-  }).optional()
-}).optional();
+    team: (0, import_schema_fields.yupBoolean)(),
+    user: (0, import_schema_fields.yupBoolean)()
+  })
+});
 var branchAuthSchema = (0, import_schema_fields.yupObject)({
-  allowSignUp: (0, import_schema_fields.yupBoolean)().optional(),
+  allowSignUp: (0, import_schema_fields.yupBoolean)(),
   password: (0, import_schema_fields.yupObject)({
-    allowSignIn: (0, import_schema_fields.yupBoolean)().optional()
-  }).optional(),
+    allowSignIn: (0, import_schema_fields.yupBoolean)()
+  }),
   otp: (0, import_schema_fields.yupObject)({
-    allowSignIn: (0, import_schema_fields.yupBoolean)().optional()
-  }).optional(),
+    allowSignIn: (0, import_schema_fields.yupBoolean)()
+  }),
   passkey: (0, import_schema_fields.yupObject)({
-    allowSignIn: (0, import_schema_fields.yupBoolean)().optional()
-  }).optional(),
+    allowSignIn: (0, import_schema_fields.yupBoolean)()
+  }),
   oauth: (0, import_schema_fields.yupObject)({
     accountMergeStrategy: (0, import_schema_fields.yupString)().oneOf(["link_method", "raise_error", "allow_duplicates"]).optional(),
     providers: (0, import_schema_fields.yupRecord)(
-      (0, import_schema_fields.yupString)().optional().matches(permissionRegex),
+      (0, import_schema_fields.yupString)().matches(permissionRegex),
       (0, import_schema_fields.yupObject)({
         type: (0, import_schema_fields.yupString)().oneOf(import_oauth.allProviders).optional(),
-        allowSignIn: (0, import_schema_fields.yupBoolean)().optional(),
-        allowConnectedAccounts: (0, import_schema_fields.yupBoolean)().optional()
-      }).defined()
-    ).optional()
-  }).optional()
-}).optional();
+        allowSignIn: (0, import_schema_fields.yupBoolean)(),
+        allowConnectedAccounts: (0, import_schema_fields.yupBoolean)()
+      })
+    )
+  })
+});
 var branchDomain = (0, import_schema_fields.yupObject)({
-  allowLocalhost: (0, import_schema_fields.yupBoolean)().optional()
-}).optional();
-var branchConfigSchema = projectConfigSchema.omit(["sourceOfTruth"]).concat((0, import_schema_fields.yupObject)({
+  allowLocalhost: (0, import_schema_fields.yupBoolean)()
+});
+var branchConfigSchema = canNoLongerBeOverridden(projectConfigSchema, ["sourceOfTruth"]).concat((0, import_schema_fields.yupObject)({
   rbac: branchRbacSchema,
   teams: (0, import_schema_fields.yupObject)({
-    createPersonalTeamOnSignUp: (0, import_schema_fields.yupBoolean)().optional(),
-    allowClientTeamCreation: (0, import_schema_fields.yupBoolean)().optional()
-  }).optional(),
+    createPersonalTeamOnSignUp: (0, import_schema_fields.yupBoolean)(),
+    allowClientTeamCreation: (0, import_schema_fields.yupBoolean)()
+  }),
   users: (0, import_schema_fields.yupObject)({
-    allowClientUserDeletion: (0, import_schema_fields.yupBoolean)().optional()
-  }).optional(),
+    allowClientUserDeletion: (0, import_schema_fields.yupBoolean)()
+  }),
   apiKeys: branchApiKeysSchema,
   domains: branchDomain,
   auth: branchAuthSchema,
   emails: (0, import_schema_fields.yupObject)({
-    theme: schemaFields.emailThemeSchema.optional(),
-    themeList: schemaFields.emailThemeListSchema.optional(),
-    templateList: schemaFields.emailTemplateListSchema.optional()
+    selectedThemeId: schemaFields.emailThemeSchema,
+    themes: schemaFields.emailThemeListSchema,
+    templates: schemaFields.emailTemplateListSchema
   })
 }));
 var environmentConfigSchema = branchConfigSchema.concat((0, import_schema_fields.yupObject)({
   auth: branchConfigSchema.getNested("auth").concat((0, import_schema_fields.yupObject)({
     oauth: branchConfigSchema.getNested("auth").getNested("oauth").concat((0, import_schema_fields.yupObject)({
       providers: (0, import_schema_fields.yupRecord)(
-        (0, import_schema_fields.yupString)().optional().matches(permissionRegex),
+        (0, import_schema_fields.yupString)().matches(permissionRegex),
         (0, import_schema_fields.yupObject)({
           type: (0, import_schema_fields.yupString)().oneOf(import_oauth.allProviders).optional(),
-          isShared: (0, import_schema_fields.yupBoolean)().optional(),
+          isShared: (0, import_schema_fields.yupBoolean)(),
           clientId: schemaFields.oauthClientIdSchema.optional(),
           clientSecret: schemaFields.oauthClientSecretSchema.optional(),
           facebookConfigId: schemaFields.oauthFacebookConfigIdSchema.optional(),
@@ -155,12 +174,12 @@ var environmentConfigSchema = branchConfigSchema.concat((0, import_schema_fields
           allowSignIn: (0, import_schema_fields.yupBoolean)().optional(),
           allowConnectedAccounts: (0, import_schema_fields.yupBoolean)().optional()
         })
-      ).optional()
-    }).optional())
+      )
+    }))
   })),
   emails: branchConfigSchema.getNested("emails").concat((0, import_schema_fields.yupObject)({
     server: (0, import_schema_fields.yupObject)({
-      isShared: (0, import_schema_fields.yupBoolean)().optional(),
+      isShared: (0, import_schema_fields.yupBoolean)(),
       host: schemaFields.emailHostSchema.optional().nonEmpty(),
       port: schemaFields.emailPortSchema.optional(),
       username: schemaFields.emailUsernameSchema.optional().nonEmpty(),
@@ -168,32 +187,103 @@ var environmentConfigSchema = branchConfigSchema.concat((0, import_schema_fields
       senderName: schemaFields.emailSenderNameSchema.optional().nonEmpty(),
       senderEmail: schemaFields.emailSenderEmailSchema.optional().nonEmpty()
     })
-  }).optional()),
+  })),
   domains: branchConfigSchema.getNested("domains").concat((0, import_schema_fields.yupObject)({
     trustedDomains: (0, import_schema_fields.yupRecord)(
-      (0, import_schema_fields.yupString)().uuid().optional(),
+      (0, import_schema_fields.yupString)(),
       (0, import_schema_fields.yupObject)({
-        baseUrl: schemaFields.urlSchema.optional(),
-        handlerPath: schemaFields.handlerPathSchema.optional()
+        baseUrl: schemaFields.urlSchema,
+        handlerPath: schemaFields.handlerPathSchema
       })
-    ).optional()
+    )
   }))
 }));
 var organizationConfigSchema = environmentConfigSchema.concat((0, import_schema_fields.yupObject)({}));
+function migrateConfigOverride(type, oldUnmigratedConfigOverride) {
+  const isBranchOrHigher = ["branch", "environment", "organization"].includes(type);
+  const isEnvironmentOrHigher = ["environment", "organization"].includes(type);
+  let res = oldUnmigratedConfigOverride;
+  if (isBranchOrHigher) {
+    res = renameProperty(res, "emails.theme", "emails.selectedThemeId");
+  }
+  if (isEnvironmentOrHigher) {
+    res = mapProperty(res, "domains.trustedDomains", (value) => {
+      if (Array.isArray(value)) {
+        return (0, import_objects.typedFromEntries)(value.map((v, i) => [`${i}`, v]));
+      }
+      return value;
+    });
+  }
+  if (isBranchOrHigher) {
+    res = removeProperty(res, "emails.themeList");
+    res = removeProperty(res, "emails.templateList");
+  }
+  if (type === "environment") {
+    res = removeProperty(res, "sourceOfTruth");
+  }
+  return res;
+}
+function removeProperty(obj, path) {
+  return mapProperty(obj, path, () => void 0);
+}
+function mapProperty(obj, path, mapper) {
+  const keyParts = path.split(".");
+  for (let i = 0; i < keyParts.length; i++) {
+    const pathPrefix = keyParts.slice(0, i).join(".");
+    const pathSuffix = keyParts.slice(i).join(".");
+    if ((0, import_objects.has)(obj, pathPrefix) && (0, import_objects.isObjectLike)((0, import_objects.get)(obj, pathPrefix))) {
+      const newValue = mapProperty((0, import_objects.get)(obj, pathPrefix), pathSuffix, mapper);
+      (0, import_objects.set)(obj, pathPrefix, newValue);
+    }
+  }
+  if ((0, import_objects.has)(obj, path)) {
+    const newValue = mapper((0, import_objects.get)(obj, path));
+    if (newValue !== void 0) {
+      (0, import_objects.set)(obj, path, newValue);
+    } else {
+      (0, import_objects.deleteKey)(obj, path);
+    }
+  }
+  return obj;
+}
+function renameProperty(obj, oldPath, newPath) {
+  const oldKeyParts = oldPath.split(".");
+  const newKeyParts = newPath.split(".");
+  if (!(0, import_arrays.isShallowEqual)(oldKeyParts.slice(0, -1), newKeyParts.slice(0, -1))) throw new import_errors.StackAssertionError(`oldPath and newPath must have the same prefix. Provided: ${oldPath} and ${newPath}`);
+  for (let i = 0; i < oldKeyParts.length; i++) {
+    const pathPrefix = oldKeyParts.slice(0, i).join(".");
+    const oldPathSuffix = oldKeyParts.slice(i).join(".");
+    const newPathSuffix = newKeyParts.slice(i).join(".");
+    if ((0, import_objects.has)(obj, pathPrefix) && (0, import_objects.isObjectLike)((0, import_objects.get)(obj, pathPrefix))) {
+      (0, import_objects.set)(obj, pathPrefix, renameProperty((0, import_objects.get)(obj, pathPrefix), oldPathSuffix, newPathSuffix));
+    }
+  }
+  if ((0, import_objects.has)(obj, oldPath)) {
+    (0, import_objects.set)(obj, newPath, (0, import_objects.get)(obj, oldPath));
+    (0, import_objects.deleteKey)(obj, oldPath);
+  }
+  return obj;
+}
 var projectConfigDefaults = {
   sourceOfTruth: {
-    type: "hosted"
+    type: "hosted",
+    connectionStrings: void 0,
+    connectionString: void 0
   }
 };
 var branchConfigDefaults = {};
 var environmentConfigDefaults = {};
 var organizationConfigDefaults = {
   rbac: {
-    permissions: (key) => ({}),
+    permissions: (key) => ({
+      containedPermissionIds: (key2) => void 0,
+      description: void 0,
+      scope: void 0
+    }),
     defaultPermissions: {
-      teamCreator: {},
-      teamMember: {},
-      signUp: {}
+      teamCreator: (key) => void 0,
+      teamMember: (key) => void 0,
+      signUp: (key) => void 0
     }
   },
   apiKeys: {
@@ -212,6 +302,7 @@ var organizationConfigDefaults = {
   domains: {
     allowLocalhost: false,
     trustedDomains: (key) => ({
+      baseUrl: void 0,
       handlerPath: "/handler"
     })
   },
@@ -229,46 +320,342 @@ var organizationConfigDefaults = {
     oauth: {
       accountMergeStrategy: "link_method",
       providers: (key) => ({
+        type: void 0,
         isShared: true,
         allowSignIn: false,
-        allowConnectedAccounts: false
+        allowConnectedAccounts: false,
+        clientId: void 0,
+        clientSecret: void 0,
+        facebookConfigId: void 0,
+        microsoftTenantId: void 0
       })
     }
   },
   emails: {
     server: {
-      isShared: true
+      isShared: true,
+      host: void 0,
+      port: void 0,
+      username: void 0,
+      password: void 0,
+      senderName: void 0,
+      senderEmail: void 0
     },
-    theme: import_emails.DEFAULT_EMAIL_THEME_ID,
-    themeList: import_emails.DEFAULT_EMAIL_THEMES,
-    templateList: import_emails.DEFAULT_EMAIL_TEMPLATES
+    selectedThemeId: import_emails.DEFAULT_EMAIL_THEME_ID,
+    themes: (0, import_objects.typedAssign)((key) => ({
+      displayName: "Unnamed Theme",
+      tsxSource: "Error: Theme config is missing TypeScript source code."
+    }), import_emails.DEFAULT_EMAIL_THEMES),
+    templates: (0, import_objects.typedAssign)((key) => ({
+      displayName: "Unnamed Template",
+      tsxSource: "Error: Template config is missing TypeScript source code.",
+      themeId: void 0
+    }), import_emails.DEFAULT_EMAIL_TEMPLATES)
   }
 };
+(0, import_types.typeAssertIs)()();
+(0, import_types.typeAssertIs)()();
+function deepReplaceFunctionsWithObjects(obj) {
+  return (0, import_objects.mapValues)({ ...obj }, (v) => (0, import_objects.isObjectLike)(v) ? deepReplaceFunctionsWithObjects(v) : v);
+}
 function applyDefaults(defaults, config) {
-  const res = typeof defaults === "function" ? {} : (0, import_objects.mapValues)(defaults, (v) => typeof v === "function" ? {} : typeof v === "object" ? applyDefaults(v, {}) : v);
-  for (const [key, mergeValue] of Object.entries(config)) {
-    const baseValue = typeof defaults === "function" ? defaults(key) : (0, import_objects.has)(defaults, key) ? (0, import_objects.get)(defaults, key) : void 0;
-    if (baseValue !== void 0) {
-      if ((0, import_objects.isObjectLike)(baseValue) && (0, import_objects.isObjectLike)(mergeValue)) {
-        (0, import_objects.set)(res, key, applyDefaults(baseValue, mergeValue));
-        continue;
+  const res = deepReplaceFunctionsWithObjects(defaults);
+  outer: for (const [key, mergeValue] of Object.entries(config)) {
+    if (mergeValue === void 0) continue;
+    const keyParts = key.split(".");
+    let baseValue = defaults;
+    let currentRes = res;
+    for (const [index, part] of keyParts.entries()) {
+      baseValue = (0, import_objects.has)(baseValue, part) ? (0, import_objects.get)(baseValue, part) : typeof baseValue === "function" ? baseValue(part) : void 0;
+      if (baseValue === void 0 || !(0, import_objects.isObjectLike)(baseValue)) {
+        (0, import_objects.set)(res, key, mergeValue);
+        continue outer;
       }
+      if (!(0, import_objects.has)(currentRes, part)) (0, import_objects.set)(currentRes, part, deepReplaceFunctionsWithObjects(baseValue));
+      currentRes = (0, import_objects.get)(currentRes, part);
     }
-    (0, import_objects.set)(res, key, mergeValue);
+    (0, import_objects.set)(res, key, (0, import_objects.isObjectLike)(mergeValue) ? applyDefaults(baseValue, mergeValue) : mergeValue);
   }
   return res;
 }
+function applyProjectDefaults(config) {
+  return applyDefaults(projectConfigDefaults, config);
+}
+function applyBranchDefaults(config) {
+  return applyDefaults(
+    branchConfigDefaults,
+    applyDefaults(
+      projectConfigDefaults,
+      config
+    )
+  );
+}
+function applyEnvironmentDefaults(config) {
+  return applyDefaults(
+    environmentConfigDefaults,
+    applyDefaults(
+      branchConfigDefaults,
+      applyDefaults(
+        projectConfigDefaults,
+        config
+      )
+    )
+  );
+}
+function applyOrganizationDefaults(config) {
+  return applyDefaults(
+    organizationConfigDefaults,
+    applyDefaults(
+      environmentConfigDefaults,
+      applyDefaults(
+        branchConfigDefaults,
+        applyDefaults(
+          projectConfigDefaults,
+          config
+        )
+      )
+    )
+  );
+}
+async function sanitizeProjectConfig(config) {
+  (0, import_format.assertNormalized)(config);
+  const oldSourceOfTruth = config.sourceOfTruth;
+  const sourceOfTruth = oldSourceOfTruth.type === "neon" && typeof oldSourceOfTruth.connectionStrings === "object" ? {
+    type: "neon",
+    connectionStrings: { ...(0, import_objects.filterUndefined)(oldSourceOfTruth.connectionStrings) }
+  } : oldSourceOfTruth.type === "postgres" && typeof oldSourceOfTruth.connectionString === "string" ? {
+    type: "postgres",
+    connectionString: oldSourceOfTruth.connectionString
+  } : {
+    type: "hosted"
+  };
+  return {
+    ...config,
+    sourceOfTruth
+  };
+}
+async function sanitizeBranchConfig(config) {
+  (0, import_format.assertNormalized)(config);
+  const prepared = await sanitizeProjectConfig(config);
+  return {
+    ...prepared
+  };
+}
+async function sanitizeEnvironmentConfig(config) {
+  (0, import_format.assertNormalized)(config);
+  const prepared = await sanitizeBranchConfig(config);
+  return {
+    ...prepared
+  };
+}
+async function sanitizeOrganizationConfig(config) {
+  (0, import_format.assertNormalized)(config);
+  const prepared = await sanitizeEnvironmentConfig(config);
+  const themes = {
+    ...import_emails.DEFAULT_EMAIL_THEMES,
+    ...prepared.emails.themes
+  };
+  const templates = {
+    ...import_emails.DEFAULT_EMAIL_TEMPLATES,
+    ...prepared.emails.templates
+  };
+  return {
+    ...prepared,
+    emails: {
+      ...prepared.emails,
+      selectedThemeId: (0, import_objects.has)(themes, prepared.emails.selectedThemeId) ? prepared.emails.selectedThemeId : import_emails.DEFAULT_EMAIL_THEME_ID,
+      themes,
+      templates
+    }
+  };
+}
+async function getConfigOverrideErrors(schema, configOverride, options = {}) {
+  if (typeof configOverride !== "object" || configOverride === null) {
+    return import_results.Result.error("Config override must be a non-null object.");
+  }
+  if (Object.getPrototypeOf(configOverride) !== Object.getPrototypeOf({})) {
+    return import_results.Result.error("Config override must be plain old JavaScript object.");
+  }
+  const reason = (0, import_format.getInvalidConfigReason)(configOverride, { configName: "override" });
+  if (reason) return import_results.Result.error("Invalid config format: " + reason);
+  const getSubSchema = (schema2, key) => {
+    const keyParts = key.split(".");
+    if (!schema2.hasNested(keyParts[0])) {
+      return void 0;
+    }
+    const nestedSchema = schema2.getNested(keyParts[0]);
+    if (nestedSchema.meta()?.stackConfigCanNoLongerBeOverridden && !options.allowPropertiesThatCanNoLongerBeOverridden) {
+      return void 0;
+    }
+    if (keyParts.length === 1) {
+      return nestedSchema;
+    } else {
+      return getSubSchema(nestedSchema, keyParts.slice(1).join("."));
+    }
+  };
+  const getRestrictedSchemaBase = (path, schema2) => {
+    const schemaInfo = schema2.meta()?.stackSchemaInfo;
+    switch (schemaInfo?.type) {
+      case "string": {
+        const stringSchema = schema2;
+        const description = stringSchema.describe();
+        let res = (0, import_schema_fields.yupString)();
+        if (description.tests.some((t) => t.name === "uuid")) {
+          res = res.uuid();
+        }
+        return res;
+      }
+      case "number": {
+        return (0, import_schema_fields.yupNumber)();
+      }
+      case "boolean": {
+        return (0, import_schema_fields.yupBoolean)();
+      }
+      case "date": {
+        return (0, import_schema_fields.yupDate)();
+      }
+      case "mixed": {
+        return (0, import_schema_fields.yupMixed)();
+      }
+      case "array": {
+        throw new import_errors.StackAssertionError(`Arrays are not supported in config JSON files (besides tuples). Use a record instead.`, { schemaInfo, schema: schema2 });
+      }
+      case "tuple": {
+        return (0, import_schema_fields.yupTuple)(schemaInfo.items.map((s, index) => getRestrictedSchema(path + `[${index}]`, s)));
+      }
+      case "union": {
+        const schemas = schemaInfo.items;
+        const nonObjectSchemas = [...schemas.entries()].filter(([index, s]) => s.meta()?.stackSchemaInfo?.type !== "object");
+        const objectSchemas = schemas.filter((s) => s.meta()?.stackSchemaInfo?.type === "object");
+        const allObjectSchemaKeys = [...new Set(objectSchemas.flatMap((s) => Object.keys(s.fields)))];
+        const mergedObjectSchema = (0, import_schema_fields.yupObject)(
+          Object.fromEntries(
+            allObjectSchemaKeys.map((key) => [key, (0, import_schema_fields.yupUnion)(
+              ...objectSchemas.flatMap((s, index) => s.hasNested(key) ? [s.getNested(key)] : [])
+            )])
+          )
+        );
+        return (0, import_schema_fields.yupUnion)(
+          ...nonObjectSchemas.map(([index, s]) => getRestrictedSchema(path + `|variant-${index}|`, s)),
+          ...objectSchemas.length > 0 ? [getRestrictedSchema(path + (nonObjectSchemas.length > 0 ? `|variant|` : ""), mergedObjectSchema)] : []
+        );
+      }
+      case "record": {
+        return (0, import_schema_fields.yupRecord)(getRestrictedSchema(path + ".key", schemaInfo.keySchema), getRestrictedSchema(path + ".value", schemaInfo.valueSchema));
+      }
+      case "object": {
+        const objectSchema = schema2;
+        return (0, import_schema_fields.yupObject)(
+          Object.fromEntries(
+            Object.entries(objectSchema.fields).map(([key, value]) => [key, getRestrictedSchema(path + "." + key, value)])
+          )
+        );
+      }
+      case "never": {
+        return (0, import_schema_fields.yupNever)();
+      }
+      default: {
+        throw new import_errors.StackAssertionError(`Unknown schema info at path ${path}: ${JSON.stringify(schemaInfo)}`, { schemaInfo, schema: schema2 });
+      }
+    }
+  };
+  const getRestrictedSchema = (path, schema2) => {
+    let restricted = getRestrictedSchemaBase(path, schema2);
+    restricted = restricted.nullable();
+    const description = schema2.describe();
+    if (description.oneOf.length > 0) {
+      restricted = restricted.oneOf(description.oneOf);
+    }
+    if (description.notOneOf.length > 0) {
+      restricted = restricted.notOneOf(description.notOneOf);
+    }
+    return restricted;
+  };
+  for (const [key, value] of Object.entries(configOverride)) {
+    if (value === void 0) continue;
+    const subSchema = getSubSchema(schema, key);
+    if (!subSchema) {
+      return import_results.Result.error(`The key ${JSON.stringify(key)} is not valid for the schema.`);
+    }
+    let restrictedSchema = getRestrictedSchema(key, subSchema);
+    try {
+      await restrictedSchema.validate(value, {
+        strict: true,
+        ...{
+          // Although `path` is not part of the yup types, it is actually recognized and does the correct thing
+          path: key
+        },
+        context: {
+          noUnknownPathPrefixes: [""]
+        }
+      });
+    } catch (error) {
+      if (error instanceof yup.ValidationError) {
+        return import_results.Result.error(error.message);
+      }
+      throw error;
+    }
+  }
+  return import_results.Result.ok(null);
+}
+async function assertNoConfigOverrideErrors(schema, config, options = {}) {
+  const res = await getConfigOverrideErrors(schema, config, options);
+  if (res.status === "error") throw new import_errors.StackAssertionError(`Config override is invalid \u2014 at a place where it should have already been validated! ${res.error}`, { options, config, schema });
+}
+(0, import_types.typeAssertIs)()();
+(0, import_types.typeAssertExtends)()();
+(0, import_types.typeAssertExtends)()();
+async function getIncompleteConfigWarnings(schema, incompleteConfig) {
+  await assertNoConfigOverrideErrors(schema, incompleteConfig, { allowPropertiesThatCanNoLongerBeOverridden: true });
+  let normalized;
+  try {
+    normalized = (0, import_format.normalize)(incompleteConfig, { onDotIntoNull: "empty-object" });
+  } catch (error) {
+    if (error instanceof import_format.NormalizationError) {
+      return import_results.Result.error(`Config is not normalizable. ` + error.message);
+    }
+    throw error;
+  }
+  try {
+    await schema.validate(normalized, {
+      strict: true,
+      context: {
+        noUnknownPathPrefixes: [""]
+      }
+    });
+    return import_results.Result.ok(null);
+  } catch (error) {
+    if (error instanceof yup.ValidationError) {
+      return import_results.Result.error(error.message);
+    }
+    throw error;
+  }
+}
+(0, import_types.typeAssertExtends)()();
+(0, import_types.typeAssertExtends)()();
+(0, import_types.typeAssertExtends)()();
+(0, import_types.typeAssertExtends)()();
+(0, import_types.typeAssert)()();
+(0, import_types.typeAssert)()();
+(0, import_types.typeAssertExtends)()();
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  applyDefaults,
-  branchConfigDefaults,
+  applyBranchDefaults,
+  applyEnvironmentDefaults,
+  applyOrganizationDefaults,
+  applyProjectDefaults,
+  assertNoConfigOverrideErrors,
   branchConfigSchema,
   configLevels,
-  environmentConfigDefaults,
   environmentConfigSchema,
-  organizationConfigDefaults,
+  getConfigOverrideErrors,
+  getIncompleteConfigWarnings,
+  migrateConfigOverride,
   organizationConfigSchema,
-  projectConfigDefaults,
-  projectConfigSchema
+  projectConfigSchema,
+  sanitizeBranchConfig,
+  sanitizeEnvironmentConfig,
+  sanitizeOrganizationConfig,
+  sanitizeProjectConfig
 });
 //# sourceMappingURL=schema.js.map