@stackframe/stack-shared 2.8.35 → 2.8.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/dist/config/schema.d.mts +167 -107
  3. package/dist/config/schema.d.ts +167 -107
  4. package/dist/config/schema.js +39 -25
  5. package/dist/config/schema.js.map +1 -1
  6. package/dist/esm/config/schema.js +39 -25
  7. package/dist/esm/config/schema.js.map +1 -1
  8. package/dist/esm/helpers/vault/client-side.js +46 -0
  9. package/dist/esm/helpers/vault/client-side.js.map +1 -0
  10. package/dist/esm/helpers/vault/server-side.js +92 -0
  11. package/dist/esm/helpers/vault/server-side.js.map +1 -0
  12. package/dist/esm/hooks/use-hover.js +71 -0
  13. package/dist/esm/hooks/use-hover.js.map +1 -0
  14. package/dist/esm/interface/admin-interface.js +21 -3
  15. package/dist/esm/interface/admin-interface.js.map +1 -1
  16. package/dist/esm/interface/server-interface.js +38 -0
  17. package/dist/esm/interface/server-interface.js.map +1 -1
  18. package/dist/esm/known-errors.js +38 -1
  19. package/dist/esm/known-errors.js.map +1 -1
  20. package/dist/esm/utils/bytes.js +1 -2
  21. package/dist/esm/utils/bytes.js.map +1 -1
  22. package/dist/esm/utils/crypto.js +83 -2
  23. package/dist/esm/utils/crypto.js.map +1 -1
  24. package/dist/esm/utils/numbers.js.map +1 -1
  25. package/dist/esm/utils/react.js +7 -3
  26. package/dist/esm/utils/react.js.map +1 -1
  27. package/dist/helpers/password.d.mts +4 -4
  28. package/dist/helpers/password.d.ts +4 -4
  29. package/dist/helpers/vault/client-side.d.mts +14 -0
  30. package/dist/helpers/vault/client-side.d.ts +14 -0
  31. package/dist/helpers/vault/client-side.js +73 -0
  32. package/dist/helpers/vault/client-side.js.map +1 -0
  33. package/dist/helpers/vault/server-side.d.mts +7 -0
  34. package/dist/helpers/vault/server-side.d.ts +7 -0
  35. package/dist/helpers/vault/server-side.js +111 -0
  36. package/dist/helpers/vault/server-side.js.map +1 -0
  37. package/dist/hooks/use-hover.d.mts +6 -0
  38. package/dist/hooks/use-hover.d.ts +6 -0
  39. package/dist/hooks/use-hover.js +96 -0
  40. package/dist/hooks/use-hover.js.map +1 -0
  41. package/dist/index.d.mts +3 -3
  42. package/dist/index.d.ts +3 -3
  43. package/dist/interface/admin-interface.d.mts +11 -5
  44. package/dist/interface/admin-interface.d.ts +11 -5
  45. package/dist/interface/admin-interface.js +21 -3
  46. package/dist/interface/admin-interface.js.map +1 -1
  47. package/dist/interface/crud/current-user.d.mts +1 -1
  48. package/dist/interface/crud/current-user.d.ts +1 -1
  49. package/dist/interface/crud/project-api-keys.d.mts +4 -4
  50. package/dist/interface/crud/project-api-keys.d.ts +4 -4
  51. package/dist/interface/crud/team-member-profiles.d.mts +2 -2
  52. package/dist/interface/crud/team-member-profiles.d.ts +2 -2
  53. package/dist/interface/crud/users.d.mts +2 -2
  54. package/dist/interface/crud/users.d.ts +2 -2
  55. package/dist/interface/server-interface.d.mts +2 -0
  56. package/dist/interface/server-interface.d.ts +2 -0
  57. package/dist/interface/server-interface.js +38 -0
  58. package/dist/interface/server-interface.js.map +1 -1
  59. package/dist/known-errors.d.mts +9 -0
  60. package/dist/known-errors.d.ts +9 -0
  61. package/dist/known-errors.js +38 -1
  62. package/dist/known-errors.js.map +1 -1
  63. package/dist/schema-fields.d.mts +1 -1
  64. package/dist/schema-fields.d.ts +1 -1
  65. package/dist/utils/bytes.js +1 -2
  66. package/dist/utils/bytes.js.map +1 -1
  67. package/dist/utils/crypto.d.mts +31 -1
  68. package/dist/utils/crypto.d.ts +31 -1
  69. package/dist/utils/crypto.js +87 -2
  70. package/dist/utils/crypto.js.map +1 -1
  71. package/dist/utils/numbers.js.map +1 -1
  72. package/dist/utils/react.js +7 -3
  73. package/dist/utils/react.js.map +1 -1
  74. package/package.json +2 -1
package/dist/esm/config/schema.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/config/schema.ts"],"sourcesContent":["// TODO: rename this file to spaghetti.ts because that's the kind of code here\n\nimport * as yup from \"yup\";\nimport { DEFAULT_EMAIL_TEMPLATES, DEFAULT_EMAIL_THEMES, DEFAULT_EMAIL_THEME_ID } from \"../helpers/emails\";\nimport * as schemaFields from \"../schema-fields\";\nimport { offerSchema, userSpecifiedIdSchema, yupBoolean, yupDate, yupMixed, yupNever, yupNumber, yupObject, yupRecord, yupString, yupTuple, yupUnion } from \"../schema-fields\";\nimport { isShallowEqual } from \"../utils/arrays\";\nimport { SUPPORTED_CURRENCIES } from \"../utils/currency-constants\";\nimport { StackAssertionError } from \"../utils/errors\";\nimport { allProviders } from \"../utils/oauth\";\nimport { DeepFilterUndefined, DeepMerge, DeepRequiredOrUndefined, deleteKey, filterUndefined, get, has, isObjectLike, mapValues, set, typedAssign, typedEntries, typedFromEntries, typedKeys } from \"../utils/objects\";\nimport { Result } from \"../utils/results\";\nimport { CollapseObjectUnion, Expand, IntersectAll, IsUnion, typeAssert, typeAssertExtends, typeAssertIs } from \"../utils/types\";\nimport { Config, NormalizationError, NormalizesTo, assertNormalized, getInvalidConfigReason, normalize } from \"./format\";\n\nexport const configLevels = ['project', 'branch', 'environment', 'organization'] as const;\nexport type ConfigLevel = typeof configLevels[number];\nconst permissionRegex = /^\\$?[a-z0-9_:]+$/;\nconst customPermissionRegex = /^[a-z0-9_:]+$/;\ndeclare module \"yup\" {\n // eslint-disable-next-line @typescript-eslint/consistent-type-definitions\n export interface CustomSchemaMetadata {\n stackConfigCanNoLongerBeOverridden?: true,\n }\n}\n\nfunction canNoLongerBeOverridden<T extends yup.AnyObjectSchema, K extends string[]>(schema: T, keys: K): yup.Schema<Omit<yup.InferType<T>, K[number]>, T['__context'], Omit<T['__default'], K[number]>, T['__flags']> {\n const notOmitted = schema.concat(yupObject(\n Object.fromEntries(keys.map(key => [key, schema.getNested(key).meta({ stackConfigCanNoLongerBeOverridden: true })]))\n ));\n return notOmitted as any;\n}\n\n/**\n * All fields that can be overridden at this level.\n */\nexport const projectConfigSchema = yupObject({\n sourceOfTruth: yupUnion(\n yupObject({\n type: yupString().oneOf(['hosted']).defined(),\n }),\n yupObject({\n type: yupString().oneOf(['neon']).defined(),\n connectionStrings: yupRecord(\n yupString().defined(),\n yupString().defined(),\n ).defined(),\n }),\n yupObject({\n type: yupString().oneOf(['postgres']).defined(),\n connectionString: yupString().defined()\n }),\n ),\n});\n\n// --- NEW RBAC Schema ---\nconst branchRbacDefaultPermissions = yupRecord(\n yupString().matches(permissionRegex),\n yupBoolean().isTrue().optional(),\n);\n\nconst branchRbacSchema = yupObject({\n permissions: yupRecord(\n yupString().matches(customPermissionRegex),\n yupObject({\n description: yupString().optional(),\n scope: yupString().oneOf(['team', 'project']).optional(),\n containedPermissionIds: yupRecord(\n yupString().matches(permissionRegex),\n yupBoolean().isTrue().optional()\n ).optional(),\n }).optional(),\n ),\n defaultPermissions: yupObject({\n teamCreator: branchRbacDefaultPermissions,\n teamMember: branchRbacDefaultPermissions,\n signUp: branchRbacDefaultPermissions,\n }),\n});\n// --- END NEW RBAC Schema ---\n\n// --- NEW API Keys Schema ---\nconst branchApiKeysSchema = yupObject({\n enabled: yupObject({\n team: yupBoolean(),\n user: yupBoolean(),\n }),\n});\n// --- END NEW API Keys Schema ---\n\n\nconst branchAuthSchema = yupObject({\n allowSignUp: yupBoolean(),\n password: yupObject({\n allowSignIn: yupBoolean(),\n }),\n otp: yupObject({\n allowSignIn: yupBoolean(),\n }),\n passkey: yupObject({\n allowSignIn: yupBoolean(),\n }),\n oauth: yupObject({\n accountMergeStrategy: yupString().oneOf(['link_method', 'raise_error', 'allow_duplicates']).optional(),\n providers: yupRecord(\n yupString().matches(permissionRegex),\n yupObject({\n type: yupString().oneOf(allProviders).optional(),\n allowSignIn: yupBoolean(),\n allowConnectedAccounts: yupBoolean(),\n }),\n ),\n }),\n});\n\nexport const branchPaymentsSchema = yupObject({\n autoPay: yupObject({\n interval: schemaFields.dayIntervalSchema,\n }).optional(),\n groups: yupRecord(\n userSpecifiedIdSchema(\"groupId\"),\n yupObject({\n displayName: yupString().optional(),\n }),\n ).meta({ openapiField: { description: 'The groups that offers can be in. All offers in a group (besides add-ons) are mutually exclusive.', exampleValue: { \"group-id\": { displayName: \"My Group\" } } } }),\n offers: yupRecord(\n userSpecifiedIdSchema(\"offerId\"),\n offerSchema,\n ),\n items: yupRecord(\n userSpecifiedIdSchema(\"itemId\"),\n yupObject({\n displayName: yupString().optional(),\n customerType: schemaFields.customerTypeSchema,\n }),\n ),\n});\n\nconst branchDomain = yupObject({\n allowLocalhost: yupBoolean(),\n});\n\nexport const branchConfigSchema = canNoLongerBeOverridden(projectConfigSchema, [\"sourceOfTruth\"]).concat(yupObject({\n rbac: branchRbacSchema,\n\n teams: yupObject({\n createPersonalTeamOnSignUp: yupBoolean(),\n allowClientTeamCreation: yupBoolean(),\n }),\n\n users: yupObject({\n allowClientUserDeletion: yupBoolean(),\n }),\n\n apiKeys: branchApiKeysSchema,\n\n domains: branchDomain,\n\n auth: branchAuthSchema,\n\n emails: yupObject({\n selectedThemeId: schemaFields.emailThemeSchema,\n themes: schemaFields.emailThemeListSchema,\n templates: schemaFields.emailTemplateListSchema,\n }),\n\n payments: branchPaymentsSchema,\n}));\n\n\nexport const environmentConfigSchema = branchConfigSchema.concat(yupObject({\n auth: branchConfigSchema.getNested(\"auth\").concat(yupObject({\n oauth: branchConfigSchema.getNested(\"auth\").getNested(\"oauth\").concat(yupObject({\n providers: yupRecord(\n yupString().matches(permissionRegex),\n yupObject({\n type: yupString().oneOf(allProviders).optional(),\n isShared: yupBoolean(),\n clientId: schemaFields.oauthClientIdSchema.optional(),\n clientSecret: schemaFields.oauthClientSecretSchema.optional(),\n facebookConfigId: schemaFields.oauthFacebookConfigIdSchema.optional(),\n microsoftTenantId: schemaFields.oauthMicrosoftTenantIdSchema.optional(),\n allowSignIn: yupBoolean().optional(),\n allowConnectedAccounts: yupBoolean().optional(),\n }),\n ),\n })),\n })),\n\n emails: branchConfigSchema.getNested(\"emails\").concat(yupObject({\n server: yupObject({\n isShared: yupBoolean(),\n host: schemaFields.emailHostSchema.optional().nonEmpty(),\n port: schemaFields.emailPortSchema.optional(),\n username: schemaFields.emailUsernameSchema.optional().nonEmpty(),\n password: schemaFields.emailPasswordSchema.optional().nonEmpty(),\n senderName: schemaFields.emailSenderNameSchema.optional().nonEmpty(),\n senderEmail: schemaFields.emailSenderEmailSchema.optional().nonEmpty(),\n }),\n })),\n\n domains: branchConfigSchema.getNested(\"domains\").concat(yupObject({\n trustedDomains: yupRecord(\n userSpecifiedIdSchema(\"trustedDomainId\"),\n yupObject({\n baseUrl: schemaFields.wildcardUrlSchema.max(300),\n handlerPath: schemaFields.handlerPathSchema.max(300),\n }),\n ),\n })),\n}));\n\nexport const organizationConfigSchema = environmentConfigSchema.concat(yupObject({}));\n\n\n// Migration functions\n//\n// These are used to migrate old config overrides to the new format on the database.\n//\n// THEY SHOULD NOT BE USED FOR ANY OTHER PURPOSE. They should not be used for default values. They should not be used\n// for sanitization. Instead, use the applicable functions for that.\n//\n// We run these migrations over the database when we do a big migration. USE THESE SPARINGLY. USE OTHER METHODS WHENEVER\n// POSSIBLE.\n//\n// The result of this function should be reproducible, and should not contain ANY randomness/non-determinism.\nexport function migrateConfigOverride(type: \"project\" | \"branch\" | \"environment\" | \"organization\", oldUnmigratedConfigOverride: any): any {\n const isBranchOrHigher = [\"branch\", \"environment\", \"organization\"].includes(type);\n const isEnvironmentOrHigher = [\"environment\", \"organization\"].includes(type);\n\n let res = oldUnmigratedConfigOverride;\n\n // BEGIN 2025-07-28: emails.theme is now emails.selectedThemeId\n if (isBranchOrHigher) {\n res = renameProperty(res, \"emails.theme\", \"emails.selectedThemeId\");\n }\n // END\n\n // BEGIN 2025-07-28: domains.trustedDomains can no longer be an array\n if (isEnvironmentOrHigher) {\n res = mapProperty(res, \"domains.trustedDomains\", (value) => {\n if (Array.isArray(value)) {\n return typedFromEntries(value.map((v, i) => [`${i}`, v]));\n }\n return value;\n });\n }\n // END\n\n // BEGIN 2025-07-28: themeList and templateList have been renamed (this was before the email release, so they're safe to remove)\n if (isBranchOrHigher) {\n res = removeProperty(res, \"emails.themeList\");\n res = removeProperty(res, \"emails.templateList\");\n }\n // END\n\n // BEGIN 2025-07-28: sourceOfTruth was mistakenly written to the environment config in some cases, so let's remove it\n if (type === \"environment\") {\n res = removeProperty(res, \"sourceOfTruth\");\n }\n // END\n\n // BEGIN 2025-08-25: stripeAccountId and stripeAccountSetupComplete are unused, so let's remove them\n if (type === \"environment\") {\n res = removeProperty(res, \"payments.stripeAccountId\");\n res = removeProperty(res, \"payments.stripeAccountSetupComplete\");\n }\n // END\n\n // return the result\n return res;\n};\n\nfunction removeProperty(obj: any, path: string): any {\n return mapProperty(obj, path, () => undefined);\n}\n\nfunction mapProperty(obj: any, path: string, mapper: (value: any) => any): any {\n const keyParts = path.split(\".\");\n\n for (let i = 0; i < keyParts.length; i++) {\n const pathPrefix = keyParts.slice(0, i).join(\".\");\n const pathSuffix = keyParts.slice(i).join(\".\");\n if (has(obj, pathPrefix) && isObjectLike(get(obj, pathPrefix))) {\n const newValue = mapProperty(get(obj, pathPrefix), pathSuffix, mapper);\n set(obj, pathPrefix, newValue);\n }\n }\n if (has(obj, path)) {\n const newValue = mapper(get(obj, path));\n if (newValue !== undefined) {\n set(obj, path, newValue);\n } else {\n deleteKey(obj, path);\n }\n }\n\n return obj;\n}\nundefined?.test(\"mapProperty - basic property mapping\", ({ expect }) => {\n expect(mapProperty({ a: { b: { c: 1 } } }, \"a.b.c\", (value) => value + 1)).toEqual({ a: { b: { c: 2 } } });\n expect(mapProperty({ a: { b: { c: 1 } } }, \"a.b.d\", (value) => value + 1)).toEqual({ a: { b: { c: 1 } } });\n expect(mapProperty({ x: 5 }, \"x\", (value) => value * 2)).toEqual({ x: 10 });\n expect(mapProperty({ a: { b: { c: 1 } } }, \"b.c\", (value) => value * 10)).toEqual({ a: { b: { c: 1 } } });\n expect(mapProperty({ a: 1 }, \"b.c\", (value) => value)).toEqual({ a: 1 });\n});\n\nfunction renameProperty(obj: any, oldPath: string, newPath: string): any {\n const oldKeyParts = oldPath.split(\".\");\n const newKeyParts = newPath.split(\".\");\n if (!isShallowEqual(oldKeyParts.slice(0, -1), newKeyParts.slice(0, -1))) throw new StackAssertionError(`oldPath and newPath must have the same prefix. Provided: ${oldPath} and ${newPath}`);\n\n for (let i = 0; i < oldKeyParts.length; i++) {\n const pathPrefix = oldKeyParts.slice(0, i).join(\".\");\n const oldPathSuffix = oldKeyParts.slice(i).join(\".\");\n const newPathSuffix = newKeyParts.slice(i).join(\".\");\n if (has(obj, pathPrefix) && isObjectLike(get(obj, pathPrefix))) {\n set(obj, pathPrefix, renameProperty(get(obj, pathPrefix), oldPathSuffix, newPathSuffix));\n }\n }\n if (has(obj, oldPath)) {\n set(obj, newPath, get(obj, oldPath));\n deleteKey(obj, oldPath);\n }\n\n return obj;\n}\nundefined?.test(\"renameProperty\", ({ expect }) => {\n // Basic\n expect(renameProperty({ a: 1 }, \"a\", \"b\")).toEqual({ b: 1 });\n expect(renameProperty({ b: { c: 1 } }, \"b.c\", \"b.d\")).toEqual({ b: { d: 1 } });\n expect(renameProperty({ a: { b: { c: 1 } } }, \"a.b.c\", \"a.b.d\")).toEqual({ a: { b: { d: 1 } } });\n expect(renameProperty({ a: { b: { c: 1 } } }, \"a.b.c.d\", \"a.b.c.e\")).toEqual({ a: { b: { c: 1 } } });\n\n // Errors\n expect(() => renameProperty({ a: 1 }, \"a\", \"b.c\")).toThrow();\n});\n\n\n// Defaults\n// these are objects that are merged together to form the rendered config (see ./README.md)\n// Wherever an object could be used as a value, a function can instead be used to generate the default values on a per-key basis\n// To make sure you don't accidentally forget setting a default value, you must explicitly set fields with no default value to `undefined`.\n// NOTE: These values are the defaults of the schema, NOT the defaults for newly created projects. The values here signify what `null` means for each property. If you want new projects by default to have a certain value set to true, you should update the corresponding function in the backend instead.\nconst projectConfigDefaults = {\n sourceOfTruth: {\n type: 'hosted',\n connectionStrings: undefined,\n connectionString: undefined,\n },\n} as const satisfies DefaultsType<ProjectRenderedConfigBeforeDefaults, []>;\n\nconst branchConfigDefaults = {} as const satisfies DefaultsType<BranchRenderedConfigBeforeDefaults, [typeof projectConfigDefaults]>;\n\nconst environmentConfigDefaults = {} as const satisfies DefaultsType<EnvironmentRenderedConfigBeforeDefaults, [typeof branchConfigDefaults, typeof projectConfigDefaults]>;\n\nconst organizationConfigDefaults = {\n rbac: {\n permissions: (key: string) => ({\n containedPermissionIds: (key: string) => undefined,\n description: undefined,\n scope: undefined,\n }),\n defaultPermissions: {\n teamCreator: (key: string) => undefined,\n teamMember: (key: string) => undefined,\n signUp: (key: string) => undefined,\n },\n },\n\n apiKeys: {\n enabled: {\n team: false,\n user: false,\n },\n },\n\n teams: {\n createPersonalTeamOnSignUp: false,\n allowClientTeamCreation: false,\n },\n\n users: {\n allowClientUserDeletion: false,\n },\n\n domains: {\n allowLocalhost: false,\n trustedDomains: (key: string) => ({\n baseUrl: undefined,\n handlerPath: '/handler',\n }) as const,\n },\n\n auth: {\n allowSignUp: true,\n password: {\n allowSignIn: false,\n },\n otp: {\n allowSignIn: false,\n },\n passkey: {\n allowSignIn: false,\n },\n oauth: {\n accountMergeStrategy: 'link_method',\n providers: (key: string) => ({\n type: undefined,\n isShared: true,\n allowSignIn: false,\n allowConnectedAccounts: false,\n clientId: undefined,\n clientSecret: undefined,\n facebookConfigId: undefined,\n microsoftTenantId: undefined,\n }),\n },\n },\n\n emails: {\n server: {\n isShared: true,\n host: undefined,\n port: undefined,\n username: undefined,\n password: undefined,\n senderName: undefined,\n senderEmail: undefined,\n },\n selectedThemeId: DEFAULT_EMAIL_THEME_ID,\n themes: typedAssign((key: string) => ({\n displayName: \"Unnamed Theme\",\n tsxSource: \"Error: Theme config is missing TypeScript source code.\",\n }), DEFAULT_EMAIL_THEMES),\n templates: typedAssign((key: string) => ({\n displayName: \"Unnamed Template\",\n tsxSource: \"Error: Template config is missing TypeScript source code.\",\n themeId: undefined,\n }), DEFAULT_EMAIL_TEMPLATES),\n },\n\n payments: {\n autoPay: undefined,\n groups: (key: string) => ({\n displayName: undefined,\n }),\n offers: (key: string) => ({\n displayName: key,\n groupId: undefined,\n customerType: \"user\",\n freeTrial: undefined,\n serverOnly: false,\n stackable: undefined,\n isAddOnTo: false,\n prices: (key: string) => ({\n ...typedFromEntries(SUPPORTED_CURRENCIES.map(currency => [currency.code, undefined])),\n interval: undefined,\n serverOnly: false,\n freeTrial: undefined,\n }),\n includedItems: (key: string) => ({\n quantity: 0,\n repeat: \"never\",\n expires: \"when-repeated\",\n }),\n } as const),\n items: (key: string) => ({\n displayName: key,\n customerType: \"user\",\n } as const),\n },\n} as const satisfies DefaultsType<OrganizationRenderedConfigBeforeDefaults, [typeof environmentConfigDefaults, typeof branchConfigDefaults, typeof projectConfigDefaults]>;\n\ntype _DeepOmitDefaultsImpl<T, U> = T extends object ? (\n (\n & /* keys that are both in T and U, *and* the key's value in U is not a subtype of the key's value in T */ { [K in { [Ki in keyof T & keyof U]: U[Ki] extends T[Ki] ? never : Ki }[keyof T & keyof U]]: DeepOmitDefaults<T[K], U[K] & object> }\n & /* keys that are in T but not in U */ { [K in Exclude<keyof T, keyof U>]: T[K] }\n )\n) : T;\ntype DeepOmitDefaults<T, U> = _DeepOmitDefaultsImpl<DeepFilterUndefined<T>, U>;\ntype DefaultsType<T, U extends any[]> = DeepReplaceAllowFunctionsForObjects<DeepOmitDefaults<DeepRequiredOrUndefined<T>, IntersectAll<{ [K in keyof U]: DeepReplaceFunctionsWithObjects<U[K]> }>>>;\ntypeAssertIs<DefaultsType<{ a: { b: Record<string, 123>, c: 456 } }, [{ a: { c: 456 } }]>, { a: { b: ((key: string) => 123) | Record<string, 123 | undefined> & ((key: string) => 123) } }>()();\n\ntype DeepReplaceAllowFunctionsForObjects<T> = T extends object\n ? (\n string extends keyof T\n ? ((arg: Exclude<keyof T, number>) => DeepReplaceAllowFunctionsForObjects<T[keyof T]>) & ({ [K in keyof T]?: DeepReplaceAllowFunctionsForObjects<T[K]> } | {})\n : { [K in keyof T]: DeepReplaceAllowFunctionsForObjects<T[K]> }\n )\n :\n T;\ntype ReplaceFunctionsWithObjects<T> = T & (T extends (arg: infer K extends string) => infer R ? Record<K, R> & object : unknown);\ntype DeepReplaceFunctionsWithObjects<T> = T extends object ? { [K in keyof ReplaceFunctionsWithObjects<T>]: DeepReplaceFunctionsWithObjects<ReplaceFunctionsWithObjects<T>[K]> } : T;\ntypeAssertIs<DeepReplaceFunctionsWithObjects<{ a: { b: 123 } & ((key: string) => number) }>, { a: { b: 123, [key: string]: number } }>()();\n\nfunction deepReplaceFunctionsWithObjects(obj: any): any {\n return mapValues({ ...obj }, v => (isObjectLike(v) ? deepReplaceFunctionsWithObjects(v as any) : v));\n}\nundefined?.test(\"deepReplaceFunctionsWithObjects\", ({ expect }) => {\n expect(deepReplaceFunctionsWithObjects(() => { })).toEqual({});\n expect(deepReplaceFunctionsWithObjects({ a: 3 })).toEqual({ a: 3 });\n expect(deepReplaceFunctionsWithObjects({ a: () => ({ b: 1 }) })).toEqual({ a: {} });\n expect(deepReplaceFunctionsWithObjects({ a: typedAssign(() => ({}), { b: { c: 1 } }) })).toEqual({ a: { b: { c: 1 } } });\n});\n\ntype ApplyDefaults<D extends object | ((key: string) => unknown), C extends object> = {} extends D ? C : DeepMerge<DeepReplaceFunctionsWithObjects<D>, C>; // the {} extends D makes TypeScript not recurse if the defaults are empty, hence allowing us more recursion until \"type instantiation too deep\" kicks in... it's a total hack, but it works, so hey?\nfunction applyDefaults<D extends object | ((key: string) => unknown), C extends object>(defaults: D, config: C): ApplyDefaults<D, C> {\n const res: any = deepReplaceFunctionsWithObjects(defaults);\n\n outer: for (const [key, mergeValue] of Object.entries(config)) {\n if (mergeValue === undefined) continue;\n const keyParts = key.split(\".\");\n let baseValue: any = defaults;\n let currentRes: any = res;\n for (const [index, part] of keyParts.entries()) {\n baseValue = has(baseValue, part) ? get(baseValue, part) : (typeof baseValue === 'function' ? (baseValue as any)(part) : undefined);\n if (baseValue === undefined || !isObjectLike(baseValue)) {\n set(res, key, mergeValue);\n continue outer;\n }\n if (!has(currentRes, part)) set(currentRes, part, deepReplaceFunctionsWithObjects(baseValue) as never);\n currentRes = get(currentRes, part);\n }\n set(res, key, isObjectLike(mergeValue) ? applyDefaults(baseValue, mergeValue) : mergeValue);\n }\n return res as any;\n}\nundefined?.test(\"applyDefaults\", ({ expect }) => {\n // Basic\n expect(applyDefaults({ a: 1 }, { a: 2 })).toEqual({ a: 2 });\n expect(applyDefaults({}, { a: 1 })).toEqual({ a: 1 });\n expect(applyDefaults({ a: { b: 1 } }, { a: { b: 2 } })).toEqual({ a: { b: 2 } });\n expect(applyDefaults({ a: { b: 1 } }, { a: { c: 2 } })).toEqual({ a: { b: 1, c: 2 } });\n expect(applyDefaults({ a: { b: { c: 1, d: 2 } } }, { a: { b: { d: 3, e: 4 } } })).toEqual({ a: { b: { c: 1, d: 3, e: 4 } } });\n\n // Functions\n expect(applyDefaults((key: string) => ({ b: key }), { a: {} })).toEqual({ a: { b: \"a\" } });\n expect(applyDefaults((key1: string) => (key2: string) => ({ a: key1, b: key2 }), { c: { d: {} } })).toEqual({ c: { d: { a: \"c\", b: \"d\" } } });\n expect(applyDefaults({ a: (key: string) => ({ b: key }) }, { a: { c: { d: 1 } } })).toEqual({ a: { c: { b: \"c\", d: 1 } } });\n expect(applyDefaults({ a: (key: string) => ({ b: key }) }, {})).toEqual({ a: {} });\n expect(applyDefaults({ a: { b: (key: string) => ({ b: key }) } }, {})).toEqual({ a: { b: {} } });\n expect(applyDefaults(typedAssign(() => ({ b: 1 }), { a: { b: 1, c: 2 } }), { a: {} })).toEqual({ a: { b: 1, c: 2 } });\n expect(applyDefaults(typedAssign(() => ({ b: 1 }), { a: { b: 1, c: 2 } }), { d: {} })).toEqual({ a: { b: 1, c: 2 }, d: { b: 1 } });\n\n // Dot notation\n expect(applyDefaults({ a: { b: 1 } }, { \"a.c\": 2 })).toEqual({ a: { b: 1 }, \"a.c\": 2 });\n expect(applyDefaults({ a: 1 }, { \"a.b\": 2 })).toEqual({ a: 1, \"a.b\": 2 });\n expect(applyDefaults({ a: null }, { \"a.b\": 2 })).toEqual({ a: null, \"a.b\": 2 });\n expect(applyDefaults({ a: { b: { c: 1 } } }, { \"a.b\": { d: 2 } })).toEqual({ a: { b: { c: 1 } }, \"a.b\": { c: 1, d: 2 } });\n expect(applyDefaults({ a: { b: { c: { d: 1 } } } }, { \"a.b.c\": {} })).toEqual({ a: { b: { c: { d: 1 } } }, \"a.b.c\": { d: 1 } });\n expect(applyDefaults({ a: () => ({ c: 1 }) }, { \"a.b\": { d: 2 } })).toEqual({ a: { b: { c: 1 } }, \"a.b\": { c: 1, d: 2 } });\n expect(applyDefaults({ a: () => () => ({ d: 1 }) }, { \"a.b.c\": {} })).toEqual({ a: { b: { c: { d: 1 } } }, \"a.b.c\": { d: 1 } });\n expect(applyDefaults({ a: { b: () => ({ c: 1, d: 2 }) } }, { \"a.b.x-y.c\": 3 })).toEqual({ a: { b: { \"x-y\": { c: 1, d: 2 } } }, \"a.b.x-y.c\": 3 });\n});\n\nexport function applyProjectDefaults<T extends ProjectRenderedConfigBeforeDefaults>(config: T) {\n return applyDefaults(projectConfigDefaults, config);\n}\n\nexport function applyBranchDefaults<T extends BranchRenderedConfigBeforeDefaults>(config: T) {\n return applyDefaults(\n branchConfigDefaults,\n applyDefaults(\n projectConfigDefaults,\n config\n )\n );\n}\n\nexport function applyEnvironmentDefaults<T extends EnvironmentRenderedConfigBeforeDefaults>(config: T): ApplyDefaults<typeof environmentConfigDefaults, ApplyDefaults<typeof branchConfigDefaults, ApplyDefaults<typeof projectConfigDefaults, T>>> {\n return applyDefaults(\n environmentConfigDefaults,\n applyDefaults(\n branchConfigDefaults,\n applyDefaults(\n projectConfigDefaults,\n config\n ) as any\n ) as any\n ) as any;\n}\n\nexport function applyOrganizationDefaults(config: OrganizationRenderedConfigBeforeDefaults): ApplyDefaults<typeof organizationConfigDefaults, ApplyDefaults<typeof environmentConfigDefaults, ApplyDefaults<typeof branchConfigDefaults, ApplyDefaults<typeof projectConfigDefaults, OrganizationRenderedConfigBeforeDefaults>>>> {\n return applyDefaults(\n organizationConfigDefaults,\n applyDefaults(\n environmentConfigDefaults,\n applyDefaults(\n branchConfigDefaults,\n applyDefaults(\n projectConfigDefaults,\n config\n ) as any\n ) as any\n ) as any\n ) as any;\n}\n\n\nexport async function sanitizeProjectConfig<T extends ProjectRenderedConfigBeforeSanitization>(config: T) {\n assertNormalized(config);\n const oldSourceOfTruth = config.sourceOfTruth;\n const sourceOfTruth =\n oldSourceOfTruth.type === 'neon' && typeof oldSourceOfTruth.connectionStrings === 'object' ? {\n type: 'neon',\n connectionStrings: { ...filterUndefined(oldSourceOfTruth.connectionStrings) as Record<string, string> }\n } as const\n : oldSourceOfTruth.type === 'postgres' && typeof oldSourceOfTruth.connectionString === 'string' ? {\n type: 'postgres',\n connectionString: oldSourceOfTruth.connectionString,\n } as const\n : {\n type: 'hosted',\n } as const;\n\n return {\n ...config,\n sourceOfTruth,\n };\n}\n\nexport async function sanitizeBranchConfig<T extends BranchRenderedConfigBeforeSanitization>(config: T) {\n assertNormalized(config);\n const prepared = await sanitizeProjectConfig(config);\n return {\n ...prepared,\n };\n}\n\nexport async function sanitizeEnvironmentConfig<T extends EnvironmentRenderedConfigBeforeSanitization>(config: T) {\n assertNormalized(config);\n const prepared = await sanitizeBranchConfig(config);\n return {\n ...prepared,\n };\n}\n\nexport async function sanitizeOrganizationConfig(config: OrganizationRenderedConfigBeforeSanitization) {\n assertNormalized(config);\n const prepared = await sanitizeEnvironmentConfig(config);\n const themes: typeof prepared.emails.themes = {\n ...DEFAULT_EMAIL_THEMES,\n ...prepared.emails.themes,\n };\n const templates: typeof prepared.emails.templates = {\n ...DEFAULT_EMAIL_TEMPLATES,\n ...prepared.emails.templates,\n };\n const offers = typedFromEntries(typedEntries(prepared.payments.offers).map(([key, offer]) => {\n const isAddOnTo = offer.isAddOnTo === false ?\n false as const :\n typedFromEntries(Object.keys(offer.isAddOnTo).map((key) => [key, true as const]));\n const prices = offer.prices === \"include-by-default\" ?\n \"include-by-default\" as const :\n typedFromEntries(typedEntries(offer.prices).map(([key, value]) => {\n const data = { serverOnly: false, ...(value ?? {}) };\n return [key, data];\n }));\n return [key, {\n ...offer,\n isAddOnTo,\n prices,\n }];\n }));\n return {\n ...prepared,\n emails: {\n ...prepared.emails,\n selectedThemeId: has(themes, prepared.emails.selectedThemeId) ? prepared.emails.selectedThemeId : DEFAULT_EMAIL_THEME_ID,\n themes,\n templates,\n },\n payments: {\n ...prepared.payments,\n offers\n }\n };\n}\n\n\n/**\n * Does not require a base config, and hence solely relies on the override itself to validate the config. If it returns\n * no error, you know that the\n *\n * It's crucial that our DB never contains any configs that are not valid according to this function, as this would mean\n * that the config object does not satisfy the ValidatedToHaveNoConfigOverrideErrors type (which is used as an assumption\n * in a whole bunch of places in the code).\n */\nexport async function getConfigOverrideErrors<T extends yup.AnySchema>(schema: T, configOverride: unknown, options: { allowPropertiesThatCanNoLongerBeOverridden?: boolean } = {}): Promise<Result<null, string>> {\n // currently, we go over the schema and ensure that the general requirements for each property are satisfied\n // importantly, we cannot check any cross-property constraints, as those may change depending on the base config\n // also, since overrides can be empty, we cannot have any required properties (TODO: can we have required properties in nested objects? would that even make sense? think about it)\n if (typeof configOverride !== \"object\" || configOverride === null) {\n return Result.error(\"Config override must be a non-null object.\");\n }\n if (Object.getPrototypeOf(configOverride) !== Object.getPrototypeOf({})) {\n return Result.error(\"Config override must be plain old JavaScript object.\");\n }\n // Check config format\n const reason = getInvalidConfigReason(configOverride, { configName: 'override' });\n if (reason) return Result.error(\"Invalid config format: \" + reason);\n\n const getSubSchema = (schema: yup.AnySchema, key: string): yup.AnySchema | undefined => {\n const keyParts = key.split(\".\");\n if (!schema.hasNested(keyParts[0])) {\n return undefined;\n }\n const nestedSchema = schema.getNested(keyParts[0]);\n if (nestedSchema.meta()?.stackConfigCanNoLongerBeOverridden && !options.allowPropertiesThatCanNoLongerBeOverridden) {\n return undefined;\n }\n if (keyParts.length === 1) {\n return nestedSchema;\n } else {\n return getSubSchema(nestedSchema, keyParts.slice(1).join(\".\"));\n }\n };\n\n const getRestrictedSchemaBase = (path: string, schema: yup.AnySchema): yup.AnySchema => {\n const schemaInfo = schema.meta()?.stackSchemaInfo;\n switch (schemaInfo?.type) {\n case \"string\": {\n const stringSchema = schema as yup.StringSchema<any>;\n const description = stringSchema.describe();\n let res = yupString();\n if (description.tests.some(t => t.name === \"uuid\")) {\n res = res.uuid();\n }\n return res;\n }\n case \"number\": {\n return yupNumber();\n }\n case \"boolean\": {\n return yupBoolean();\n }\n case \"date\": {\n return yupDate();\n }\n case \"mixed\": {\n return yupMixed();\n }\n case \"array\": {\n throw new StackAssertionError(`Arrays are not supported in config JSON files (besides tuples). Use a record instead.`, { schemaInfo, schema });\n\n // This is how the implementation would look like, but we don't support arrays in config JSON files (besides tuples)\n // const arraySchema = schema as yup.ArraySchema<any, any, any, any>;\n // const innerType = arraySchema.innerType;\n // return yupArray(innerType ? getRestrictedSchema(path + \".[]\", innerType as any) : undefined);\n }\n case \"tuple\": {\n return yupTuple(schemaInfo.items.map((s, index) => getRestrictedSchema(path + `[${index}]`, s)) as any);\n }\n case \"union\": {\n const schemas = schemaInfo.items;\n const nonObjectSchemas = [...schemas.entries()].filter(([index, s]) => s.meta()?.stackSchemaInfo?.type !== \"object\");\n const objectSchemas = schemas.filter((s): s is yup.ObjectSchema<any> => s.meta()?.stackSchemaInfo?.type === \"object\");\n\n // merge all object schemas into a single schema\n const allObjectSchemaKeys = [...new Set(objectSchemas.flatMap(s => Object.keys(s.fields)))];\n const mergedObjectSchema = yupObject(\n Object.fromEntries(\n allObjectSchemaKeys.map(key => [key, yupUnion(\n ...objectSchemas.flatMap((s, index) => s.hasNested(key) ? [s.getNested(key)] : [])\n )])\n )\n );\n\n return yupUnion(\n ...nonObjectSchemas.map(([index, s]) => getRestrictedSchema(path + `|variant-${index}|`, s)),\n ...objectSchemas.length > 0 ? [getRestrictedSchema(path + (nonObjectSchemas.length > 0 ? `|variant|` : \"\"), mergedObjectSchema)] : [],\n );\n }\n case \"record\": {\n return yupRecord(getRestrictedSchema(path + \".key\", schemaInfo.keySchema) as any, getRestrictedSchema(path + \".value\", schemaInfo.valueSchema));\n }\n case \"object\": {\n const objectSchema = schema as yup.ObjectSchema<any>;\n return yupObject(\n Object.fromEntries(\n Object.entries(objectSchema.fields)\n .map(([key, value]) => [key, getRestrictedSchema(path + \".\" + key, value as any)])\n )\n );\n }\n case \"never\": {\n return yupNever();\n }\n default: {\n throw new StackAssertionError(`Unknown schema info at path ${path}: ${JSON.stringify(schemaInfo)}`, { schemaInfo, schema });\n }\n }\n };\n const getRestrictedSchema = (path: string, schema: yup.AnySchema): yup.AnySchema => {\n let restricted = getRestrictedSchemaBase(path, schema);\n restricted = restricted.nullable();\n const description = schema.describe();\n if (description.oneOf.length > 0) {\n restricted = restricted.oneOf(description.oneOf);\n }\n if (description.notOneOf.length > 0) {\n restricted = restricted.notOneOf(description.notOneOf);\n }\n return restricted;\n };\n\n for (const [key, value] of Object.entries(configOverride)) {\n if (value === undefined) continue;\n const subSchema = getSubSchema(schema, key);\n if (!subSchema) {\n return Result.error(`The key ${JSON.stringify(key)} is not valid for the schema.`);\n }\n let restrictedSchema = getRestrictedSchema(key, subSchema);\n try {\n await restrictedSchema.validate(value, {\n strict: true,\n ...{\n // Although `path` is not part of the yup types, it is actually recognized and does the correct thing\n path: key\n },\n context: {\n noUnknownPathPrefixes: [''],\n },\n });\n } catch (error) {\n if (error instanceof yup.ValidationError) {\n return Result.error(error.message);\n }\n throw error;\n }\n }\n return Result.ok(null);\n}\nexport async function assertNoConfigOverrideErrors<T extends yup.AnySchema>(schema: T, config: unknown, options: { allowPropertiesThatCanNoLongerBeOverridden?: boolean, extraInfo?: any } = {}): Promise<void> {\n const res = await getConfigOverrideErrors(schema, config, options);\n if (res.status === \"error\") throw new StackAssertionError(`Config override is invalid — at a place where it should have already been validated! ${res.error}`, { options, config, schema });\n}\ntype _ValidatedToHaveNoConfigOverrideErrorsImpl<T> =\n IsUnion<T & object> extends true ? _ValidatedToHaveNoConfigOverrideErrorsImpl<CollapseObjectUnion<T & object> | Exclude<T, object>>\n : T extends object ? (T extends any[] ? T : { [K in keyof T]+?: _ValidatedToHaveNoConfigOverrideErrorsImpl<T[K]> })\n : T;\nexport type ValidatedToHaveNoConfigOverrideErrors<T extends yup.AnySchema> = _ValidatedToHaveNoConfigOverrideErrorsImpl<yup.InferType<T>>;\ntypeAssertIs<_ValidatedToHaveNoConfigOverrideErrorsImpl<{ a: string } | { b: number } | boolean>, { a?: string, b?: number } | boolean>()();\ntypeAssertExtends<_ValidatedToHaveNoConfigOverrideErrorsImpl<\"abc\" | 123 | null>, \"abc\" | 123 | null>()();\ntypeAssertExtends<_ValidatedToHaveNoConfigOverrideErrorsImpl<{ a: { b: { c: string } | { d: number } } }>, { a?: { b?: { c?: string, d?: number } } }>()();\n\n/**\n * Checks whether there are any warnings in the incomplete config. A warning doesn't stop the config from being valid,\n * but may require action regardless.\n *\n * The DB can contain configs that are not valid according to this function, as long as they are valid according to\n * the getConfigOverrideErrors function. (This is necessary, because a changing base config may make an override invalid\n * that was previously valid.)\n */\nexport async function getIncompleteConfigWarnings<T extends yup.AnySchema>(schema: T, incompleteConfig: Config): Promise<Result<null, string>> {\n // every rendered config should also be a config override without errors (regardless of whether it has warnings or not)\n await assertNoConfigOverrideErrors(schema, incompleteConfig, { allowPropertiesThatCanNoLongerBeOverridden: true });\n\n let normalized: Config;\n try {\n normalized = normalize(incompleteConfig, { onDotIntoNull: \"empty-object\" });\n } catch (error) {\n if (error instanceof NormalizationError) {\n return Result.error(`Config is not normalizable. ` + error.message);\n }\n throw error;\n }\n\n // test the schema against the normalized config\n try {\n await schema.validate(normalized, {\n strict: true,\n context: {\n noUnknownPathPrefixes: [''],\n },\n });\n return Result.ok(null);\n } catch (error) {\n if (error instanceof yup.ValidationError) {\n return Result.error(error.message);\n }\n throw error;\n }\n}\nexport type ValidatedToHaveNoIncompleteConfigWarnings<T extends yup.AnySchema> = yup.InferType<T>;\n\n\n// Normalized overrides\n// ex.: { a?: { b?: number, c?: string }, d?: number }\ntype ProjectConfigNormalizedOverride = Expand<ValidatedToHaveNoConfigOverrideErrors<typeof projectConfigSchema>>;\ntype BranchConfigNormalizedOverride = Expand<ValidatedToHaveNoConfigOverrideErrors<typeof branchConfigSchema>>;\ntype EnvironmentConfigNormalizedOverride = Expand<ValidatedToHaveNoConfigOverrideErrors<typeof environmentConfigSchema>>;\ntype OrganizationConfigNormalizedOverride = Expand<ValidatedToHaveNoConfigOverrideErrors<typeof organizationConfigSchema>>;\n\n\n// Overrides\n// ex.: { a?: null | { b?: null | number, c: string }, d?: null | number, \"a.b\"?: number, \"a.c\"?: string }\nexport type ProjectConfigOverride = NormalizesTo<ProjectConfigNormalizedOverride>;\nexport type BranchConfigOverride = NormalizesTo<BranchConfigNormalizedOverride>;\nexport type EnvironmentConfigOverride = NormalizesTo<EnvironmentConfigNormalizedOverride>;\nexport type OrganizationConfigOverride = NormalizesTo<OrganizationConfigNormalizedOverride>;\n\n// Override overrides (used to update the overrides)\n// ex.: { a?: null | { b?: null | number, c?: string }, d?: null | number, \"a.b\"?: number, \"a.c\"?: string }\nexport type ProjectConfigOverrideOverride = ProjectConfigOverride;\nexport type BranchConfigOverrideOverride = BranchConfigOverride;\nexport type EnvironmentConfigOverrideOverride = EnvironmentConfigOverride;\nexport type OrganizationConfigOverrideOverride = OrganizationConfigOverride;\n\n// Incomplete configs\n// note that we infer these types from the override types, not from the schema types directly, as there is no guarantee\n// that all configs in the DB satisfy the schema (the only guarantee we make is that this once *used* to be true)\nexport type ProjectIncompleteConfig = Expand<ProjectConfigNormalizedOverride>;\nexport type BranchIncompleteConfig = Expand<ProjectIncompleteConfig & BranchConfigNormalizedOverride>;\nexport type EnvironmentIncompleteConfig = Expand<BranchIncompleteConfig & EnvironmentConfigNormalizedOverride>;\nexport type OrganizationIncompleteConfig = Expand<EnvironmentIncompleteConfig & OrganizationConfigNormalizedOverride>;\n\n\n// Rendered configs before defaults, normalization, and sanitization\ntype ProjectRenderedConfigBeforeDefaults = Omit<ProjectIncompleteConfig,\n | keyof BranchConfigNormalizedOverride\n | keyof EnvironmentConfigNormalizedOverride\n | keyof OrganizationConfigNormalizedOverride\n>;\ntype BranchRenderedConfigBeforeDefaults = Omit<BranchIncompleteConfig,\n | keyof EnvironmentConfigNormalizedOverride\n | keyof OrganizationConfigNormalizedOverride\n>;\ntype EnvironmentRenderedConfigBeforeDefaults = Omit<EnvironmentIncompleteConfig,\n | keyof OrganizationConfigNormalizedOverride\n>;\ntype OrganizationRenderedConfigBeforeDefaults = OrganizationIncompleteConfig;\n\n\n// Rendered configs before sanitization\ntype ProjectRenderedConfigBeforeSanitization = Expand<Awaited<ReturnType<typeof applyProjectDefaults<ProjectRenderedConfigBeforeDefaults>>>>;\ntype BranchRenderedConfigBeforeSanitization = Expand<Awaited<ReturnType<typeof applyBranchDefaults<BranchRenderedConfigBeforeDefaults>>>>;\ntype EnvironmentRenderedConfigBeforeSanitization = Expand<Awaited<ReturnType<typeof applyEnvironmentDefaults<EnvironmentRenderedConfigBeforeDefaults>>>>;\ntype OrganizationRenderedConfigBeforeSanitization = Expand<Awaited<ReturnType<typeof applyOrganizationDefaults>>>;\n\n// Rendered configs after defaults, normalization, and sanitization\nexport type ProjectRenderedConfig = Expand<Awaited<ReturnType<typeof sanitizeProjectConfig<ProjectRenderedConfigBeforeSanitization>>>>;\nexport type BranchRenderedConfig = Expand<Awaited<ReturnType<typeof sanitizeBranchConfig<BranchRenderedConfigBeforeSanitization>>>>;\nexport type EnvironmentRenderedConfig = Expand<Awaited<ReturnType<typeof sanitizeEnvironmentConfig<EnvironmentRenderedConfigBeforeSanitization>>>>;\nexport type OrganizationRenderedConfig = Expand<Awaited<ReturnType<typeof sanitizeOrganizationConfig>>>;\n\n// Complete config\nexport type CompleteConfig = OrganizationRenderedConfig;\n\n// Type assertions (just to make sure the types are correct)\nconst __assertEmptyObjectIsValidProjectOverride: ProjectConfigOverride = {};\nconst __assertEmptyObjectIsValidBranchOverride: BranchConfigOverride = {};\nconst __assertEmptyObjectIsValidEnvironmentOverride: EnvironmentConfigOverride = {};\nconst __assertEmptyObjectIsValidOrganizationOverride: OrganizationConfigOverride = {};\ntypeAssertExtends<ProjectRenderedConfig, { \"sourceOfTruth\": any }>()();\ntypeAssertExtends<BranchRenderedConfig, { \"sourceOfTruth\": any }>()();\ntypeAssertExtends<EnvironmentRenderedConfig, { \"sourceOfTruth\": any }>()();\ntypeAssertExtends<OrganizationRenderedConfig, { \"sourceOfTruth\": any }>()();\ntypeAssert<BranchRenderedConfig extends { \"domains\": any } ? false : true>()();\ntypeAssert<EnvironmentRenderedConfig extends { \"domains\": any } ? false : true>()();\ntypeAssertExtends<OrganizationRenderedConfig, { \"domains\": any }>()();\n"],"mappings":";AAEA,YAAY,SAAS;AACrB,SAAS,yBAAyB,sBAAsB,8BAA8B;AACtF,YAAY,kBAAkB;AAC9B,SAAS,aAAa,uBAAuB,YAAY,SAAS,UAAU,UAAU,WAAW,WAAW,WAAW,WAAW,UAAU,gBAAgB;AAC5J,SAAS,sBAAsB;AAC/B,SAAS,4BAA4B;AACrC,SAAS,2BAA2B;AACpC,SAAS,oBAAoB;AAC7B,SAAkE,WAAW,iBAAiB,KAAK,KAAK,cAAc,WAAW,KAAK,aAAa,cAAc,wBAAmC;AACpM,SAAS,cAAc;AACvB,SAA6D,YAAY,mBAAmB,oBAAoB;AAChH,SAAiB,oBAAkC,kBAAkB,wBAAwB,iBAAiB;AAEvG,IAAM,eAAe,CAAC,WAAW,UAAU,eAAe,cAAc;AAE/E,IAAM,kBAAkB;AACxB,IAAM,wBAAwB;AAQ9B,SAAS,wBAA2E,QAAW,MAAuH;AACpN,QAAM,aAAa,OAAO,OAAO;AAAA,IAC/B,OAAO,YAAY,KAAK,IAAI,SAAO,CAAC,KAAK,OAAO,UAAU,GAAG,EAAE,KAAK,EAAE,oCAAoC,KAAK,CAAC,CAAC,CAAC,CAAC;AAAA,EACrH,CAAC;AACD,SAAO;AACT;AAKO,IAAM,sBAAsB,UAAU;AAAA,EAC3C,eAAe;AAAA,IACb,UAAU;AAAA,MACR,MAAM,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE,QAAQ;AAAA,IAC9C,CAAC;AAAA,IACD,UAAU;AAAA,MACR,MAAM,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,QAAQ;AAAA,MAC1C,mBAAmB;AAAA,QACjB,UAAU,EAAE,QAAQ;AAAA,QACpB,UAAU,EAAE,QAAQ;AAAA,MACtB,EAAE,QAAQ;AAAA,IACZ,CAAC;AAAA,IACD,UAAU;AAAA,MACR,MAAM,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ;AAAA,MAC9C,kBAAkB,UAAU,EAAE,QAAQ;AAAA,IACxC,CAAC;AAAA,EACH;AACF,CAAC;AAGD,IAAM,+BAA+B;AAAA,EACnC,UAAU,EAAE,QAAQ,eAAe;AAAA,EACnC,WAAW,EAAE,OAAO,EAAE,SAAS;AACjC;AAEA,IAAM,mBAAmB,UAAU;AAAA,EACjC,aAAa;AAAA,IACX,UAAU,EAAE,QAAQ,qBAAqB;AAAA,IACzC,UAAU;AAAA,MACR,aAAa,UAAU,EAAE,SAAS;AAAA,MAClC,OAAO,UAAU,EAAE,MAAM,CAAC,QAAQ,SAAS,CAAC,EAAE,SAAS;AAAA,MACvD,wBAAwB;AAAA,QACtB,UAAU,EAAE,QAAQ,eAAe;AAAA,QACnC,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,MACjC,EAAE,SAAS;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd;AAAA,EACA,oBAAoB,UAAU;AAAA,IAC5B,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,QAAQ;AAAA,EACV,CAAC;AACH,CAAC;AAID,IAAM,sBAAsB,UAAU;AAAA,EACpC,SAAS,UAAU;AAAA,IACjB,MAAM,WAAW;AAAA,IACjB,MAAM,WAAW;AAAA,EACnB,CAAC;AACH,CAAC;AAID,IAAM,mBAAmB,UAAU;AAAA,EACjC,aAAa,WAAW;AAAA,EACxB,UAAU,UAAU;AAAA,IAClB,aAAa,WAAW;AAAA,EAC1B,CAAC;AAAA,EACD,KAAK,UAAU;AAAA,IACb,aAAa,WAAW;AAAA,EAC1B,CAAC;AAAA,EACD,SAAS,UAAU;AAAA,IACjB,aAAa,WAAW;AAAA,EAC1B,CAAC;AAAA,EACD,OAAO,UAAU;AAAA,IACf,sBAAsB,UAAU,EAAE,MAAM,CAAC,eAAe,eAAe,kBAAkB,CAAC,EAAE,SAAS;AAAA,IACrG,WAAW;AAAA,MACT,UAAU,EAAE,QAAQ,eAAe;AAAA,MACnC,UAAU;AAAA,QACR,MAAM,UAAU,EAAE,MAAM,YAAY,EAAE,SAAS;AAAA,QAC/C,aAAa,WAAW;AAAA,QACxB,wBAAwB,WAAW;AAAA,MACrC,CAAC;AAAA,IACH;AAAA,EACF,CAAC;AACH,CAAC;AAEM,IAAM,uBAAuB,UAAU;AAAA,EAC5C,SAAS,UAAU;AAAA,IACjB,UAAuB;AAAA,EACzB,CAAC,EAAE,SAAS;AAAA,EACZ,QAAQ;AAAA,IACN,sBAAsB,SAAS;AAAA,IAC/B,UAAU;AAAA,MACR,aAAa,UAAU,EAAE,SAAS;AAAA,IACpC,CAAC;AAAA,EACH,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,qGAAqG,cAAc,EAAE,YAAY,EAAE,aAAa,WAAW,EAAE,EAAE,EAAE,CAAC;AAAA,EACxM,QAAQ;AAAA,IACN,sBAAsB,SAAS;AAAA,IAC/B;AAAA,EACF;AAAA,EACA,OAAO;AAAA,IACL,sBAAsB,QAAQ;AAAA,IAC9B,UAAU;AAAA,MACR,aAAa,UAAU,EAAE,SAAS;AAAA,MAClC,cAA2B;AAAA,IAC7B,CAAC;AAAA,EACH;AACF,CAAC;AAED,IAAM,eAAe,UAAU;AAAA,EAC7B,gBAAgB,WAAW;AAC7B,CAAC;AAEM,IAAM,qBAAqB,wBAAwB,qBAAqB,CAAC,eAAe,CAAC,EAAE,OAAO,UAAU;AAAA,EACjH,MAAM;AAAA,EAEN,OAAO,UAAU;AAAA,IACf,4BAA4B,WAAW;AAAA,IACvC,yBAAyB,WAAW;AAAA,EACtC,CAAC;AAAA,EAED,OAAO,UAAU;AAAA,IACf,yBAAyB,WAAW;AAAA,EACtC,CAAC;AAAA,EAED,SAAS;AAAA,EAET,SAAS;AAAA,EAET,MAAM;AAAA,EAEN,QAAQ,UAAU;AAAA,IAChB,iBAA8B;AAAA,IAC9B,QAAqB;AAAA,IACrB,WAAwB;AAAA,EAC1B,CAAC;AAAA,EAED,UAAU;AACZ,CAAC,CAAC;AAGK,IAAM,0BAA0B,mBAAmB,OAAO,UAAU;AAAA,EACzE,MAAM,mBAAmB,UAAU,MAAM,EAAE,OAAO,UAAU;AAAA,IAC1D,OAAO,mBAAmB,UAAU,MAAM,EAAE,UAAU,OAAO,EAAE,OAAO,UAAU;AAAA,MAC9E,WAAW;AAAA,QACT,UAAU,EAAE,QAAQ,eAAe;AAAA,QACnC,UAAU;AAAA,UACR,MAAM,UAAU,EAAE,MAAM,YAAY,EAAE,SAAS;AAAA,UAC/C,UAAU,WAAW;AAAA,UACrB,UAAuB,iCAAoB,SAAS;AAAA,UACpD,cAA2B,qCAAwB,SAAS;AAAA,UAC5D,kBAA+B,yCAA4B,SAAS;AAAA,UACpE,mBAAgC,0CAA6B,SAAS;AAAA,UACtE,aAAa,WAAW,EAAE,SAAS;AAAA,UACnC,wBAAwB,WAAW,EAAE,SAAS;AAAA,QAChD,CAAC;AAAA,MACH;AAAA,IACF,CAAC,CAAC;AAAA,EACJ,CAAC,CAAC;AAAA,EAEF,QAAQ,mBAAmB,UAAU,QAAQ,EAAE,OAAO,UAAU;AAAA,IAC9D,QAAQ,UAAU;AAAA,MAChB,UAAU,WAAW;AAAA,MACrB,MAAmB,6BAAgB,SAAS,EAAE,SAAS;AAAA,MACvD,MAAmB,6BAAgB,SAAS;AAAA,MAC5C,UAAuB,iCAAoB,SAAS,EAAE,SAAS;AAAA,MAC/D,UAAuB,iCAAoB,SAAS,EAAE,SAAS;AAAA,MAC/D,YAAyB,mCAAsB,SAAS,EAAE,SAAS;AAAA,MACnE,aAA0B,oCAAuB,SAAS,EAAE,SAAS;AAAA,IACvE,CAAC;AAAA,EACH,CAAC,CAAC;AAAA,EAEF,SAAS,mBAAmB,UAAU,SAAS,EAAE,OAAO,UAAU;AAAA,IAChE,gBAAgB;AAAA,MACd,sBAAsB,iBAAiB;AAAA,MACvC,UAAU;AAAA,QACR,SAAsB,+BAAkB,IAAI,GAAG;AAAA,QAC/C,aAA0B,+BAAkB,IAAI,GAAG;AAAA,MACrD,CAAC;AAAA,IACH;AAAA,EACF,CAAC,CAAC;AACJ,CAAC,CAAC;AAEK,IAAM,2BAA2B,wBAAwB,OAAO,UAAU,CAAC,CAAC,CAAC;AAc7E,SAAS,sBAAsB,MAA6D,6BAAuC;AACxI,QAAM,mBAAmB,CAAC,UAAU,eAAe,cAAc,EAAE,SAAS,IAAI;AAChF,QAAM,wBAAwB,CAAC,eAAe,cAAc,EAAE,SAAS,IAAI;AAE3E,MAAI,MAAM;AAGV,MAAI,kBAAkB;AACpB,UAAM,eAAe,KAAK,gBAAgB,wBAAwB;AAAA,EACpE;AAIA,MAAI,uBAAuB;AACzB,UAAM,YAAY,KAAK,0BAA0B,CAAC,UAAU;AAC1D,UAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,eAAO,iBAAiB,MAAM,IAAI,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;AAAA,MAC1D;AACA,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAIA,MAAI,kBAAkB;AACpB,UAAM,eAAe,KAAK,kBAAkB;AAC5C,UAAM,eAAe,KAAK,qBAAqB;AAAA,EACjD;AAIA,MAAI,SAAS,eAAe;AAC1B,UAAM,eAAe,KAAK,eAAe;AAAA,EAC3C;AAIA,MAAI,SAAS,eAAe;AAC1B,UAAM,eAAe,KAAK,0BAA0B;AACpD,UAAM,eAAe,KAAK,qCAAqC;AAAA,EACjE;AAIA,SAAO;AACT;AAEA,SAAS,eAAe,KAAU,MAAmB;AACnD,SAAO,YAAY,KAAK,MAAM,MAAM,MAAS;AAC/C;AAEA,SAAS,YAAY,KAAU,MAAc,QAAkC;AAC7E,QAAM,WAAW,KAAK,MAAM,GAAG;AAE/B,WAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;AACxC,UAAM,aAAa,SAAS,MAAM,GAAG,CAAC,EAAE,KAAK,GAAG;AAChD,UAAM,aAAa,SAAS,MAAM,CAAC,EAAE,KAAK,GAAG;AAC7C,QAAI,IAAI,KAAK,UAAU,KAAK,aAAa,IAAI,KAAK,UAAU,CAAC,GAAG;AAC9D,YAAM,WAAW,YAAY,IAAI,KAAK,UAAU,GAAG,YAAY,MAAM;AACrE,UAAI,KAAK,YAAY,QAAQ;AAAA,IAC/B;AAAA,EACF;AACA,MAAI,IAAI,KAAK,IAAI,GAAG;AAClB,UAAM,WAAW,OAAO,IAAI,KAAK,IAAI,CAAC;AACtC,QAAI,aAAa,QAAW;AAC1B,UAAI,KAAK,MAAM,QAAQ;AAAA,IACzB,OAAO;AACL,gBAAU,KAAK,IAAI;AAAA,IACrB;AAAA,EACF;AAEA,SAAO;AACT;AASA,SAAS,eAAe,KAAU,SAAiB,SAAsB;AACvE,QAAM,cAAc,QAAQ,MAAM,GAAG;AACrC,QAAM,cAAc,QAAQ,MAAM,GAAG;AACrC,MAAI,CAAC,eAAe,YAAY,MAAM,GAAG,EAAE,GAAG,YAAY,MAAM,GAAG,EAAE,CAAC,EAAG,OAAM,IAAI,oBAAoB,4DAA4D,OAAO,QAAQ,OAAO,EAAE;AAE3L,WAAS,IAAI,GAAG,IAAI,YAAY,QAAQ,KAAK;AAC3C,UAAM,aAAa,YAAY,MAAM,GAAG,CAAC,EAAE,KAAK,GAAG;AACnD,UAAM,gBAAgB,YAAY,MAAM,CAAC,EAAE,KAAK,GAAG;AACnD,UAAM,gBAAgB,YAAY,MAAM,CAAC,EAAE,KAAK,GAAG;AACnD,QAAI,IAAI,KAAK,UAAU,KAAK,aAAa,IAAI,KAAK,UAAU,CAAC,GAAG;AAC9D,UAAI,KAAK,YAAY,eAAe,IAAI,KAAK,UAAU,GAAG,eAAe,aAAa,CAAC;AAAA,IACzF;AAAA,EACF;AACA,MAAI,IAAI,KAAK,OAAO,GAAG;AACrB,QAAI,KAAK,SAAS,IAAI,KAAK,OAAO,CAAC;AACnC,cAAU,KAAK,OAAO;AAAA,EACxB;AAEA,SAAO;AACT;AAkBA,IAAM,wBAAwB;AAAA,EAC5B,eAAe;AAAA,IACb,MAAM;AAAA,IACN,mBAAmB;AAAA,IACnB,kBAAkB;AAAA,EACpB;AACF;AAEA,IAAM,uBAAuB,CAAC;AAE9B,IAAM,4BAA4B,CAAC;AAEnC,IAAM,6BAA6B;AAAA,EACjC,MAAM;AAAA,IACJ,aAAa,CAAC,SAAiB;AAAA,MAC7B,wBAAwB,CAACA,SAAgB;AAAA,MACzC,aAAa;AAAA,MACb,OAAO;AAAA,IACT;AAAA,IACA,oBAAoB;AAAA,MAClB,aAAa,CAAC,QAAgB;AAAA,MAC9B,YAAY,CAAC,QAAgB;AAAA,MAC7B,QAAQ,CAAC,QAAgB;AAAA,IAC3B;AAAA,EACF;AAAA,EAEA,SAAS;AAAA,IACP,SAAS;AAAA,MACP,MAAM;AAAA,MACN,MAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,OAAO;AAAA,IACL,4BAA4B;AAAA,IAC5B,yBAAyB;AAAA,EAC3B;AAAA,EAEA,OAAO;AAAA,IACL,yBAAyB;AAAA,EAC3B;AAAA,EAEA,SAAS;AAAA,IACP,gBAAgB;AAAA,IAChB,gBAAgB,CAAC,SAAiB;AAAA,MAChC,SAAS;AAAA,MACT,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EAEA,MAAM;AAAA,IACJ,aAAa;AAAA,IACb,UAAU;AAAA,MACR,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,aAAa;AAAA,IACf;AAAA,IACA,SAAS;AAAA,MACP,aAAa;AAAA,IACf;AAAA,IACA,OAAO;AAAA,MACL,sBAAsB;AAAA,MACtB,WAAW,CAAC,SAAiB;AAAA,QAC3B,MAAM;AAAA,QACN,UAAU;AAAA,QACV,aAAa;AAAA,QACb,wBAAwB;AAAA,QACxB,UAAU;AAAA,QACV,cAAc;AAAA,QACd,kBAAkB;AAAA,QAClB,mBAAmB;AAAA,MACrB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,QAAQ;AAAA,IACN,QAAQ;AAAA,MACN,UAAU;AAAA,MACV,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,YAAY;AAAA,MACZ,aAAa;AAAA,IACf;AAAA,IACA,iBAAiB;AAAA,IACjB,QAAQ,YAAY,CAAC,SAAiB;AAAA,MACpC,aAAa;AAAA,MACb,WAAW;AAAA,IACb,IAAI,oBAAoB;AAAA,IACxB,WAAW,YAAY,CAAC,SAAiB;AAAA,MACvC,aAAa;AAAA,MACb,WAAW;AAAA,MACX,SAAS;AAAA,IACX,IAAI,uBAAuB;AAAA,EAC7B;AAAA,EAEA,UAAU;AAAA,IACR,SAAS;AAAA,IACT,QAAQ,CAAC,SAAiB;AAAA,MACxB,aAAa;AAAA,IACf;AAAA,IACA,QAAQ,CAAC,SAAiB;AAAA,MACxB,aAAa;AAAA,MACb,SAAS;AAAA,MACT,cAAc;AAAA,MACd,WAAW;AAAA,MACX,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,WAAW;AAAA,MACX,QAAQ,CAACA,UAAiB;AAAA,QACxB,GAAG,iBAAiB,qBAAqB,IAAI,cAAY,CAAC,SAAS,MAAM,MAAS,CAAC,CAAC;AAAA,QACpF,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,WAAW;AAAA,MACb;AAAA,MACA,eAAe,CAACA,UAAiB;AAAA,QAC/B,UAAU;AAAA,QACV,QAAQ;AAAA,QACR,SAAS;AAAA,MACX;AAAA,IACF;AAAA,IACA,OAAO,CAAC,SAAiB;AAAA,MACvB,aAAa;AAAA,MACb,cAAc;AAAA,IAChB;AAAA,EACF;AACF;AAUA,aAA4L,EAAE;AAY9L,aAAuI,EAAE;AAEzI,SAAS,gCAAgC,KAAe;AACtD,SAAO,UAAU,EAAE,GAAG,IAAI,GAAG,OAAM,aAAa,CAAC,IAAI,gCAAgC,CAAQ,IAAI,CAAE;AACrG;AASA,SAAS,cAA+E,UAAa,QAAgC;AACnI,QAAM,MAAW,gCAAgC,QAAQ;AAEzD,QAAO,YAAW,CAAC,KAAK,UAAU,KAAK,OAAO,QAAQ,MAAM,GAAG;AAC7D,QAAI,eAAe,OAAW;AAC9B,UAAM,WAAW,IAAI,MAAM,GAAG;AAC9B,QAAI,YAAiB;AACrB,QAAI,aAAkB;AACtB,eAAW,CAAC,OAAO,IAAI,KAAK,SAAS,QAAQ,GAAG;AAC9C,kBAAY,IAAI,WAAW,IAAI,IAAI,IAAI,WAAW,IAAI,IAAK,OAAO,cAAc,aAAc,UAAkB,IAAI,IAAI;AACxH,UAAI,cAAc,UAAa,CAAC,aAAa,SAAS,GAAG;AACvD,YAAI,KAAK,KAAK,UAAU;AACxB,iBAAS;AAAA,MACX;AACA,UAAI,CAAC,IAAI,YAAY,IAAI,EAAG,KAAI,YAAY,MAAM,gCAAgC,SAAS,CAAU;AACrG,mBAAa,IAAI,YAAY,IAAI;AAAA,IACnC;AACA,QAAI,KAAK,KAAK,aAAa,UAAU,IAAI,cAAc,WAAW,UAAU,IAAI,UAAU;AAAA,EAC5F;AACA,SAAO;AACT;AA6BO,SAAS,qBAAoE,QAAW;AAC7F,SAAO,cAAc,uBAAuB,MAAM;AACpD;AAEO,SAAS,oBAAkE,QAAW;AAC3F,SAAO;AAAA,IACL;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,yBAA4E,QAAwJ;AAClP,SAAO;AAAA,IACL;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,0BAA0B,QAAwR;AAChU,SAAO;AAAA,IACL;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,UACE;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAGA,eAAsB,sBAAyE,QAAW;AACxG,mBAAiB,MAAM;AACvB,QAAM,mBAAmB,OAAO;AAChC,QAAM,gBACJ,iBAAiB,SAAS,UAAU,OAAO,iBAAiB,sBAAsB,WAAW;AAAA,IAC3F,MAAM;AAAA,IACN,mBAAmB,EAAE,GAAG,gBAAgB,iBAAiB,iBAAiB,EAA4B;AAAA,EACxG,IACI,iBAAiB,SAAS,cAAc,OAAO,iBAAiB,qBAAqB,WAAW;AAAA,IAChG,MAAM;AAAA,IACN,kBAAkB,iBAAiB;AAAA,EACrC,IACI;AAAA,IACA,MAAM;AAAA,EACR;AAEN,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,EACF;AACF;AAEA,eAAsB,qBAAuE,QAAW;AACtG,mBAAiB,MAAM;AACvB,QAAM,WAAW,MAAM,sBAAsB,MAAM;AACnD,SAAO;AAAA,IACL,GAAG;AAAA,EACL;AACF;AAEA,eAAsB,0BAAiF,QAAW;AAChH,mBAAiB,MAAM;AACvB,QAAM,WAAW,MAAM,qBAAqB,MAAM;AAClD,SAAO;AAAA,IACL,GAAG;AAAA,EACL;AACF;AAEA,eAAsB,2BAA2B,QAAsD;AACrG,mBAAiB,MAAM;AACvB,QAAM,WAAW,MAAM,0BAA0B,MAAM;AACvD,QAAM,SAAwC;AAAA,IAC5C,GAAG;AAAA,IACH,GAAG,SAAS,OAAO;AAAA,EACrB;AACA,QAAM,YAA8C;AAAA,IAClD,GAAG;AAAA,IACH,GAAG,SAAS,OAAO;AAAA,EACrB;AACA,QAAM,SAAS,iBAAiB,aAAa,SAAS,SAAS,MAAM,EAAE,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM;AAC3F,UAAM,YAAY,MAAM,cAAc,QACpC,QACA,iBAAiB,OAAO,KAAK,MAAM,SAAS,EAAE,IAAI,CAACA,SAAQ,CAACA,MAAK,IAAa,CAAC,CAAC;AAClF,UAAM,SAAS,MAAM,WAAW,uBAC9B,uBACA,iBAAiB,aAAa,MAAM,MAAM,EAAE,IAAI,CAAC,CAACA,MAAK,KAAK,MAAM;AAChE,YAAM,OAAO,EAAE,YAAY,OAAO,GAAI,SAAS,CAAC,EAAG;AACnD,aAAO,CAACA,MAAK,IAAI;AAAA,IACnB,CAAC,CAAC;AACJ,WAAO,CAAC,KAAK;AAAA,MACX,GAAG;AAAA,MACH;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH,CAAC,CAAC;AACF,SAAO;AAAA,IACL,GAAG;AAAA,IACH,QAAQ;AAAA,MACN,GAAG,SAAS;AAAA,MACZ,iBAAiB,IAAI,QAAQ,SAAS,OAAO,eAAe,IAAI,SAAS,OAAO,kBAAkB;AAAA,MAClG;AAAA,MACA;AAAA,IACF;AAAA,IACA,UAAU;AAAA,MACR,GAAG,SAAS;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF;AAWA,eAAsB,wBAAiD,QAAW,gBAAyB,UAAoE,CAAC,GAAkC;AAIhN,MAAI,OAAO,mBAAmB,YAAY,mBAAmB,MAAM;AACjE,WAAO,OAAO,MAAM,4CAA4C;AAAA,EAClE;AACA,MAAI,OAAO,eAAe,cAAc,MAAM,OAAO,eAAe,CAAC,CAAC,GAAG;AACvE,WAAO,OAAO,MAAM,sDAAsD;AAAA,EAC5E;AAEA,QAAM,SAAS,uBAAuB,gBAAgB,EAAE,YAAY,WAAW,CAAC;AAChF,MAAI,OAAQ,QAAO,OAAO,MAAM,4BAA4B,MAAM;AAElE,QAAM,eAAe,CAACC,SAAuB,QAA2C;AACtF,UAAM,WAAW,IAAI,MAAM,GAAG;AAC9B,QAAI,CAACA,QAAO,UAAU,SAAS,CAAC,CAAC,GAAG;AAClC,aAAO;AAAA,IACT;AACA,UAAM,eAAeA,QAAO,UAAU,SAAS,CAAC,CAAC;AACjD,QAAI,aAAa,KAAK,GAAG,sCAAsC,CAAC,QAAQ,4CAA4C;AAClH,aAAO;AAAA,IACT;AACA,QAAI,SAAS,WAAW,GAAG;AACzB,aAAO;AAAA,IACT,OAAO;AACL,aAAO,aAAa,cAAc,SAAS,MAAM,CAAC,EAAE,KAAK,GAAG,CAAC;AAAA,IAC/D;AAAA,EACF;AAEA,QAAM,0BAA0B,CAAC,MAAcA,YAAyC;AACtF,UAAM,aAAaA,QAAO,KAAK,GAAG;AAClC,YAAQ,YAAY,MAAM;AAAA,MACxB,KAAK,UAAU;AACb,cAAM,eAAeA;AACrB,cAAM,cAAc,aAAa,SAAS;AAC1C,YAAI,MAAM,UAAU;AACpB,YAAI,YAAY,MAAM,KAAK,OAAK,EAAE,SAAS,MAAM,GAAG;AAClD,gBAAM,IAAI,KAAK;AAAA,QACjB;AACA,eAAO;AAAA,MACT;AAAA,MACA,KAAK,UAAU;AACb,eAAO,UAAU;AAAA,MACnB;AAAA,MACA,KAAK,WAAW;AACd,eAAO,WAAW;AAAA,MACpB;AAAA,MACA,KAAK,QAAQ;AACX,eAAO,QAAQ;AAAA,MACjB;AAAA,MACA,KAAK,SAAS;AACZ,eAAO,SAAS;AAAA,MAClB;AAAA,MACA,KAAK,SAAS;AACZ,cAAM,IAAI,oBAAoB,yFAAyF,EAAE,YAAY,QAAAA,QAAO,CAAC;AAAA,MAM/I;AAAA,MACA,KAAK,SAAS;AACZ,eAAO,SAAS,WAAW,MAAM,IAAI,CAAC,GAAG,UAAU,oBAAoB,OAAO,IAAI,KAAK,KAAK,CAAC,CAAC,CAAQ;AAAA,MACxG;AAAA,MACA,KAAK,SAAS;AACZ,cAAM,UAAU,WAAW;AAC3B,cAAM,mBAAmB,CAAC,GAAG,QAAQ,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,GAAG,iBAAiB,SAAS,QAAQ;AACnH,cAAM,gBAAgB,QAAQ,OAAO,CAAC,MAAkC,EAAE,KAAK,GAAG,iBAAiB,SAAS,QAAQ;AAGpH,cAAM,sBAAsB,CAAC,GAAG,IAAI,IAAI,cAAc,QAAQ,OAAK,OAAO,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;AAC1F,cAAM,qBAAqB;AAAA,UACzB,OAAO;AAAA,YACL,oBAAoB,IAAI,SAAO,CAAC,KAAK;AAAA,cACnC,GAAG,cAAc,QAAQ,CAAC,GAAG,UAAU,EAAE,UAAU,GAAG,IAAI,CAAC,EAAE,UAAU,GAAG,CAAC,IAAI,CAAC,CAAC;AAAA,YACnF,CAAC,CAAC;AAAA,UACJ;AAAA,QACF;AAEA,eAAO;AAAA,UACL,GAAG,iBAAiB,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,oBAAoB,OAAO,YAAY,KAAK,KAAK,CAAC,CAAC;AAAA,UAC3F,GAAG,cAAc,SAAS,IAAI,CAAC,oBAAoB,QAAQ,iBAAiB,SAAS,IAAI,cAAc,KAAK,kBAAkB,CAAC,IAAI,CAAC;AAAA,QACtI;AAAA,MACF;AAAA,MACA,KAAK,UAAU;AACb,eAAO,UAAU,oBAAoB,OAAO,QAAQ,WAAW,SAAS,GAAU,oBAAoB,OAAO,UAAU,WAAW,WAAW,CAAC;AAAA,MAChJ;AAAA,MACA,KAAK,UAAU;AACb,cAAM,eAAeA;AACrB,eAAO;AAAA,UACL,OAAO;AAAA,YACL,OAAO,QAAQ,aAAa,MAAM,EAC/B,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,oBAAoB,OAAO,MAAM,KAAK,KAAY,CAAC,CAAC;AAAA,UACrF;AAAA,QACF;AAAA,MACF;AAAA,MACA,KAAK,SAAS;AACZ,eAAO,SAAS;AAAA,MAClB;AAAA,MACA,SAAS;AACP,cAAM,IAAI,oBAAoB,+BAA+B,IAAI,KAAK,KAAK,UAAU,UAAU,CAAC,IAAI,EAAE,YAAY,QAAAA,QAAO,CAAC;AAAA,MAC5H;AAAA,IACF;AAAA,EACF;AACA,QAAM,sBAAsB,CAAC,MAAcA,YAAyC;AAClF,QAAI,aAAa,wBAAwB,MAAMA,OAAM;AACrD,iBAAa,WAAW,SAAS;AACjC,UAAM,cAAcA,QAAO,SAAS;AACpC,QAAI,YAAY,MAAM,SAAS,GAAG;AAChC,mBAAa,WAAW,MAAM,YAAY,KAAK;AAAA,IACjD;AACA,QAAI,YAAY,SAAS,SAAS,GAAG;AACnC,mBAAa,WAAW,SAAS,YAAY,QAAQ;AAAA,IACvD;AACA,WAAO;AAAA,EACT;AAEA,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,cAAc,GAAG;AACzD,QAAI,UAAU,OAAW;AACzB,UAAM,YAAY,aAAa,QAAQ,GAAG;AAC1C,QAAI,CAAC,WAAW;AACd,aAAO,OAAO,MAAM,WAAW,KAAK,UAAU,GAAG,CAAC,+BAA+B;AAAA,IACnF;AACA,QAAI,mBAAmB,oBAAoB,KAAK,SAAS;AACzD,QAAI;AACF,YAAM,iBAAiB,SAAS,OAAO;AAAA,QACrC,QAAQ;AAAA,QACR,GAAG;AAAA;AAAA,UAED,MAAM;AAAA,QACR;AAAA,QACA,SAAS;AAAA,UACP,uBAAuB,CAAC,EAAE;AAAA,QAC5B;AAAA,MACF,CAAC;AAAA,IACH,SAAS,OAAO;AACd,UAAI,iBAAqB,qBAAiB;AACxC,eAAO,OAAO,MAAM,MAAM,OAAO;AAAA,MACnC;AACA,YAAM;AAAA,IACR;AAAA,EACF;AACA,SAAO,OAAO,GAAG,IAAI;AACvB;AACA,eAAsB,6BAAsD,QAAW,QAAiB,UAAqF,CAAC,GAAkB;AAC9M,QAAM,MAAM,MAAM,wBAAwB,QAAQ,QAAQ,OAAO;AACjE,MAAI,IAAI,WAAW,QAAS,OAAM,IAAI,oBAAoB,6FAAwF,IAAI,KAAK,IAAI,EAAE,SAAS,QAAQ,OAAO,CAAC;AAC5L;AAMA,aAAwI,EAAE;AAC1I,kBAAsG,EAAE;AACxG,kBAAuJ,EAAE;AAUzJ,eAAsB,4BAAqD,QAAW,kBAAyD;AAE7I,QAAM,6BAA6B,QAAQ,kBAAkB,EAAE,4CAA4C,KAAK,CAAC;AAEjH,MAAI;AACJ,MAAI;AACF,iBAAa,UAAU,kBAAkB,EAAE,eAAe,eAAe,CAAC;AAAA,EAC5E,SAAS,OAAO;AACd,QAAI,iBAAiB,oBAAoB;AACvC,aAAO,OAAO,MAAM,iCAAiC,MAAM,OAAO;AAAA,IACpE;AACA,UAAM;AAAA,EACR;AAGA,MAAI;AACF,UAAM,OAAO,SAAS,YAAY;AAAA,MAChC,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,uBAAuB,CAAC,EAAE;AAAA,MAC5B;AAAA,IACF,CAAC;AACD,WAAO,OAAO,GAAG,IAAI;AAAA,EACvB,SAAS,OAAO;AACd,QAAI,iBAAqB,qBAAiB;AACxC,aAAO,OAAO,MAAM,MAAM,OAAO;AAAA,IACnC;AACA,UAAM;AAAA,EACR;AACF;AAuEA,kBAAmE,EAAE;AACrE,kBAAkE,EAAE;AACpE,kBAAuE,EAAE;AACzE,kBAAwE,EAAE;AAC1E,WAA2E,EAAE;AAC7E,WAAgF,EAAE;AAClF,kBAAkE,EAAE;","names":["key","schema"]}
1
+ {"version":3,"sources":["../../../src/config/schema.ts"],"sourcesContent":["// TODO: rename this file to spaghetti.ts because that's the kind of code here\n\nimport * as yup from \"yup\";\nimport { DEFAULT_EMAIL_TEMPLATES, DEFAULT_EMAIL_THEMES, DEFAULT_EMAIL_THEME_ID } from \"../helpers/emails\";\nimport * as schemaFields from \"../schema-fields\";\nimport { offerSchema, userSpecifiedIdSchema, yupBoolean, yupDate, yupMixed, yupNever, yupNumber, yupObject, yupRecord, yupString, yupTuple, yupUnion } from \"../schema-fields\";\nimport { isShallowEqual } from \"../utils/arrays\";\nimport { SUPPORTED_CURRENCIES } from \"../utils/currency-constants\";\nimport { StackAssertionError } from \"../utils/errors\";\nimport { allProviders } from \"../utils/oauth\";\nimport { DeepFilterUndefined, DeepMerge, DeepRequiredOrUndefined, deleteKey, filterUndefined, get, has, isObjectLike, mapValues, set, typedAssign, typedEntries, typedFromEntries } from \"../utils/objects\";\nimport { Result } from \"../utils/results\";\nimport { CollapseObjectUnion, Expand, IntersectAll, IsUnion, typeAssert, typeAssertExtends, typeAssertIs } from \"../utils/types\";\nimport { Config, NormalizationError, NormalizesTo, assertNormalized, getInvalidConfigReason, normalize } from \"./format\";\n\nexport const configLevels = ['project', 'branch', 'environment', 'organization'] as const;\nexport type ConfigLevel = typeof configLevels[number];\nconst permissionRegex = /^\\$?[a-z0-9_:]+$/;\nconst customPermissionRegex = /^[a-z0-9_:]+$/;\ndeclare module \"yup\" {\n // eslint-disable-next-line @typescript-eslint/consistent-type-definitions\n export interface CustomSchemaMetadata {\n stackConfigCanNoLongerBeOverridden?: true,\n }\n}\n\nfunction canNoLongerBeOverridden<T extends yup.AnyObjectSchema, K extends string[]>(schema: T, keys: K): yup.Schema<Omit<yup.InferType<T>, K[number]>, T['__context'], Omit<T['__default'], K[number]>, T['__flags']> {\n const notOmitted = schema.concat(yupObject(\n Object.fromEntries(keys.map(key => [key, schema.getNested(key).meta({ stackConfigCanNoLongerBeOverridden: true })]))\n ));\n return notOmitted as any;\n}\n\n/**\n * All fields that can be overridden at this level.\n */\nexport const projectConfigSchema = yupObject({\n sourceOfTruth: yupUnion(\n yupObject({\n type: yupString().oneOf(['hosted']).defined(),\n }),\n yupObject({\n type: yupString().oneOf(['neon']).defined(),\n connectionStrings: yupRecord(\n yupString().defined(),\n yupString().defined(),\n ).defined(),\n }),\n yupObject({\n type: yupString().oneOf(['postgres']).defined(),\n connectionString: yupString().defined()\n }),\n ),\n});\n\n// --- NEW RBAC Schema ---\nconst branchRbacDefaultPermissions = yupRecord(\n yupString().matches(permissionRegex),\n yupBoolean().isTrue().optional(),\n);\n\nconst branchRbacSchema = yupObject({\n permissions: yupRecord(\n yupString().matches(customPermissionRegex),\n yupObject({\n description: yupString().optional(),\n scope: yupString().oneOf(['team', 'project']).optional(),\n containedPermissionIds: yupRecord(\n yupString().matches(permissionRegex),\n yupBoolean().isTrue().optional()\n ).optional(),\n }).optional(),\n ),\n defaultPermissions: yupObject({\n teamCreator: branchRbacDefaultPermissions,\n teamMember: branchRbacDefaultPermissions,\n signUp: branchRbacDefaultPermissions,\n }),\n});\n// --- END NEW RBAC Schema ---\n\n// --- NEW API Keys Schema ---\nconst branchApiKeysSchema = yupObject({\n enabled: yupObject({\n team: yupBoolean(),\n user: yupBoolean(),\n }),\n});\n// --- END NEW API Keys Schema ---\n\n\nconst branchAuthSchema = yupObject({\n allowSignUp: yupBoolean(),\n password: yupObject({\n allowSignIn: yupBoolean(),\n }),\n otp: yupObject({\n allowSignIn: yupBoolean(),\n }),\n passkey: yupObject({\n allowSignIn: yupBoolean(),\n }),\n oauth: yupObject({\n accountMergeStrategy: yupString().oneOf(['link_method', 'raise_error', 'allow_duplicates']).optional(),\n providers: yupRecord(\n yupString().matches(permissionRegex),\n yupObject({\n type: yupString().oneOf(allProviders).optional(),\n allowSignIn: yupBoolean(),\n allowConnectedAccounts: yupBoolean(),\n }),\n ),\n }),\n});\n\nexport const branchPaymentsSchema = yupObject({\n autoPay: yupObject({\n interval: schemaFields.dayIntervalSchema,\n }).optional(),\n groups: yupRecord(\n userSpecifiedIdSchema(\"groupId\"),\n yupObject({\n displayName: yupString().optional(),\n }),\n ).meta({ openapiField: { description: 'The groups that offers can be in. All offers in a group (besides add-ons) are mutually exclusive.', exampleValue: { \"group-id\": { displayName: \"My Group\" } } } }),\n offers: yupRecord(\n userSpecifiedIdSchema(\"offerId\"),\n offerSchema,\n ),\n items: yupRecord(\n userSpecifiedIdSchema(\"itemId\"),\n yupObject({\n displayName: yupString().optional(),\n customerType: schemaFields.customerTypeSchema,\n }),\n ),\n});\n\nconst branchDomain = yupObject({\n allowLocalhost: yupBoolean(),\n});\n\nexport const branchConfigSchema = canNoLongerBeOverridden(projectConfigSchema, [\"sourceOfTruth\"]).concat(yupObject({\n rbac: branchRbacSchema,\n\n teams: yupObject({\n createPersonalTeamOnSignUp: yupBoolean(),\n allowClientTeamCreation: yupBoolean(),\n }),\n\n users: yupObject({\n allowClientUserDeletion: yupBoolean(),\n }),\n\n apiKeys: branchApiKeysSchema,\n\n domains: branchDomain,\n\n auth: branchAuthSchema,\n\n emails: yupObject({\n selectedThemeId: schemaFields.emailThemeSchema,\n themes: schemaFields.emailThemeListSchema,\n templates: schemaFields.emailTemplateListSchema,\n }),\n\n payments: branchPaymentsSchema,\n\n dataVault: yupObject({\n stores: yupRecord(\n yupString(),\n yupObject({\n displayName: yupString(),\n }),\n ),\n }),\n}));\n\n\nexport const environmentConfigSchema = branchConfigSchema.concat(yupObject({\n auth: branchConfigSchema.getNested(\"auth\").concat(yupObject({\n oauth: branchConfigSchema.getNested(\"auth\").getNested(\"oauth\").concat(yupObject({\n providers: yupRecord(\n yupString().matches(permissionRegex),\n yupObject({\n type: yupString().oneOf(allProviders).optional(),\n isShared: yupBoolean(),\n clientId: schemaFields.oauthClientIdSchema.optional(),\n clientSecret: schemaFields.oauthClientSecretSchema.optional(),\n facebookConfigId: schemaFields.oauthFacebookConfigIdSchema.optional(),\n microsoftTenantId: schemaFields.oauthMicrosoftTenantIdSchema.optional(),\n allowSignIn: yupBoolean().optional(),\n allowConnectedAccounts: yupBoolean().optional(),\n }),\n ),\n })),\n })),\n\n emails: branchConfigSchema.getNested(\"emails\").concat(yupObject({\n server: yupObject({\n isShared: yupBoolean(),\n host: schemaFields.emailHostSchema.optional().nonEmpty(),\n port: schemaFields.emailPortSchema.optional(),\n username: schemaFields.emailUsernameSchema.optional().nonEmpty(),\n password: schemaFields.emailPasswordSchema.optional().nonEmpty(),\n senderName: schemaFields.emailSenderNameSchema.optional().nonEmpty(),\n senderEmail: schemaFields.emailSenderEmailSchema.optional().nonEmpty(),\n }),\n })),\n\n domains: branchConfigSchema.getNested(\"domains\").concat(yupObject({\n trustedDomains: yupRecord(\n userSpecifiedIdSchema(\"trustedDomainId\"),\n yupObject({\n baseUrl: schemaFields.wildcardUrlSchema.max(300),\n handlerPath: schemaFields.handlerPathSchema.max(300),\n }),\n ),\n })),\n}));\n\nexport const organizationConfigSchema = environmentConfigSchema.concat(yupObject({}));\n\n\n// Migration functions\n//\n// These are used to migrate old config overrides to the new format on the database.\n//\n// THEY SHOULD NOT BE USED FOR ANY OTHER PURPOSE. They should not be used for default values. They should not be used\n// for sanitization. Instead, use the applicable functions for that.\n//\n// We run these migrations over the database when we do a big migration. USE THESE SPARINGLY. USE OTHER METHODS WHENEVER\n// POSSIBLE.\n//\n// The result of this function should be reproducible, and should not contain ANY randomness/non-determinism.\nexport function migrateConfigOverride(type: \"project\" | \"branch\" | \"environment\" | \"organization\", oldUnmigratedConfigOverride: any): any {\n const isBranchOrHigher = [\"branch\", \"environment\", \"organization\"].includes(type);\n const isEnvironmentOrHigher = [\"environment\", \"organization\"].includes(type);\n\n let res = oldUnmigratedConfigOverride;\n\n // BEGIN 2025-07-28: emails.theme is now emails.selectedThemeId\n if (isBranchOrHigher) {\n res = renameProperty(res, \"emails.theme\", \"emails.selectedThemeId\");\n }\n // END\n\n // BEGIN 2025-07-28: domains.trustedDomains can no longer be an array\n if (isEnvironmentOrHigher) {\n res = mapProperty(res, p => p.join(\".\") === \"domains.trustedDomains\", (value) => {\n if (Array.isArray(value)) {\n return typedFromEntries(value.map((v, i) => [`${i}`, v]));\n }\n return value;\n });\n }\n // END\n\n // BEGIN 2025-07-28: themeList and templateList have been renamed (this was before the email release, so they're safe to remove)\n if (isBranchOrHigher) {\n res = removeProperty(res, p => p.join(\".\") === \"emails.themeList\");\n res = removeProperty(res, p => p.join(\".\") === \"emails.templateList\");\n }\n // END\n\n // BEGIN 2025-07-28: sourceOfTruth was mistakenly written to the environment config in some cases, so let's remove it\n if (type === \"environment\") {\n res = removeProperty(res, p => p.join(\".\") === \"sourceOfTruth\");\n }\n // END\n\n // BEGIN 2025-08-25: stripeAccountId and stripeAccountSetupComplete are unused, so let's remove them\n if (type === \"environment\") {\n res = removeProperty(res, p => p.join(\".\") === \"payments.stripeAccountId\");\n res = removeProperty(res, p => p.join(\".\") === \"payments.stripeAccountSetupComplete\");\n }\n // END\n\n // BEGIN 2025-08-25: payments.items.default is no longer used, so let's remove it\n if (isBranchOrHigher) {\n res = removeProperty(res, p => p.length === 4 && p[0] === \"payments\" && p[1] === \"items\" && p[3] === \"default\");\n }\n // END\n\n // return the result\n return res;\n};\n\nfunction removeProperty(obj: Record<string, any>, pathCond: (path: (string | symbol)[]) => boolean): any {\n return mapProperty(obj, pathCond, () => undefined);\n}\n\nfunction mapProperty(obj: Record<string, any>, pathCond: (path: string[]) => boolean, mapper: (value: any) => any): any {\n const res: Record<string, any> = Array.isArray(obj) ? [] : {};\n for (const [key, value] of typedEntries(obj)) {\n const path = key.split(\".\");\n if (pathCond(path)) {\n const newValue = mapper(value);\n if (newValue !== undefined) {\n set(res, key, newValue);\n } else {\n // do nothing\n }\n } else if (isObjectLike(value)) {\n set(res, key, mapProperty(value, p => pathCond([...path, ...p]), mapper));\n } else {\n set(res, key, value);\n }\n }\n return res;\n}\nundefined?.test(\"mapProperty - basic property mapping\", ({ expect }) => {\n expect(mapProperty({ a: { b: { c: 1 } } }, p => p.join(\".\") === \"a.b.c\", (value) => value + 1)).toEqual({ a: { b: { c: 2 } } });\n expect(mapProperty({ a: { b: { c: 1 } } }, p => p.join(\".\") === \"a.b.d\", (value) => value + 1)).toEqual({ a: { b: { c: 1 } } });\n expect(mapProperty({ x: 5 }, p => p.join(\".\") === \"x\", (value) => value * 2)).toEqual({ x: 10 });\n expect(mapProperty({ a: { b: { c: 1 } } }, p => p.join(\".\") === \"b.c\", (value) => value * 10)).toEqual({ a: { b: { c: 1 } } });\n expect(mapProperty({ a: 1 }, p => p.join(\".\") === \"b.c\", (value) => value)).toEqual({ a: 1 });\n expect(mapProperty({ \"a.b\": { c: 1 } }, p => p.join(\".\") === \"a.b.c\", (value) => value + 1)).toEqual({ \"a.b\": { c: 2 } });\n\n expect(mapProperty({ a: { b: { c: 1 } } }, p => p.length === 3 && p[0] === \"a\" && p[1] === \"b\", (value) => value + 1)).toEqual({ a: { b: { c: 2 } } });\n});\n\nfunction renameProperty(obj: Record<string, any>, oldPath: string, newPath: string): any {\n const oldKeyParts = oldPath.split(\".\");\n const newKeyParts = newPath.split(\".\");\n if (!isShallowEqual(oldKeyParts.slice(0, -1), newKeyParts.slice(0, -1))) throw new StackAssertionError(`oldPath and newPath must have the same prefix. Provided: ${oldPath} and ${newPath}`);\n\n for (let i = 0; i < oldKeyParts.length; i++) {\n const pathPrefix = oldKeyParts.slice(0, i).join(\".\");\n const oldPathSuffix = oldKeyParts.slice(i).join(\".\");\n const newPathSuffix = newKeyParts.slice(i).join(\".\");\n if (has(obj, pathPrefix) && isObjectLike(get(obj, pathPrefix))) {\n set(obj, pathPrefix, renameProperty(get(obj, pathPrefix), oldPathSuffix, newPathSuffix));\n }\n }\n if (has(obj, oldPath)) {\n set(obj, newPath, get(obj, oldPath));\n deleteKey(obj, oldPath);\n }\n\n return obj;\n}\nundefined?.test(\"renameProperty\", ({ expect }) => {\n // Basic\n expect(renameProperty({ a: 1 }, \"a\", \"b\")).toEqual({ b: 1 });\n expect(renameProperty({ b: { c: 1 } }, \"b.c\", \"b.d\")).toEqual({ b: { d: 1 } });\n expect(renameProperty({ a: { b: { c: 1 } } }, \"a.b.c\", \"a.b.d\")).toEqual({ a: { b: { d: 1 } } });\n expect(renameProperty({ a: { b: { c: 1 } } }, \"a.b.c.d\", \"a.b.c.e\")).toEqual({ a: { b: { c: 1 } } });\n\n // Errors\n expect(() => renameProperty({ a: 1 }, \"a\", \"b.c\")).toThrow();\n});\n\n\n// Defaults\n// these are objects that are merged together to form the rendered config (see ./README.md)\n// Wherever an object could be used as a value, a function can instead be used to generate the default values on a per-key basis\n// To make sure you don't accidentally forget setting a default value, you must explicitly set fields with no default value to `undefined`.\n// NOTE: These values are the defaults of the schema, NOT the defaults for newly created projects. The values here signify what `null` means for each property. If you want new projects by default to have a certain value set to true, you should update the corresponding function in the backend instead.\nconst projectConfigDefaults = {\n sourceOfTruth: {\n type: 'hosted',\n connectionStrings: undefined,\n connectionString: undefined,\n },\n} as const satisfies DefaultsType<ProjectRenderedConfigBeforeDefaults, []>;\n\nconst branchConfigDefaults = {} as const satisfies DefaultsType<BranchRenderedConfigBeforeDefaults, [typeof projectConfigDefaults]>;\n\nconst environmentConfigDefaults = {} as const satisfies DefaultsType<EnvironmentRenderedConfigBeforeDefaults, [typeof branchConfigDefaults, typeof projectConfigDefaults]>;\n\nconst organizationConfigDefaults = {\n rbac: {\n permissions: (key: string) => ({\n containedPermissionIds: (key: string) => undefined,\n description: undefined,\n scope: undefined,\n }),\n defaultPermissions: {\n teamCreator: (key: string) => undefined,\n teamMember: (key: string) => undefined,\n signUp: (key: string) => undefined,\n },\n },\n\n apiKeys: {\n enabled: {\n team: false,\n user: false,\n },\n },\n\n teams: {\n createPersonalTeamOnSignUp: false,\n allowClientTeamCreation: false,\n },\n\n users: {\n allowClientUserDeletion: false,\n },\n\n domains: {\n allowLocalhost: false,\n trustedDomains: (key: string) => ({\n baseUrl: undefined,\n handlerPath: '/handler',\n }) as const,\n },\n\n auth: {\n allowSignUp: true,\n password: {\n allowSignIn: false,\n },\n otp: {\n allowSignIn: false,\n },\n passkey: {\n allowSignIn: false,\n },\n oauth: {\n accountMergeStrategy: 'link_method',\n providers: (key: string) => ({\n type: undefined,\n isShared: true,\n allowSignIn: false,\n allowConnectedAccounts: false,\n clientId: undefined,\n clientSecret: undefined,\n facebookConfigId: undefined,\n microsoftTenantId: undefined,\n }),\n },\n },\n\n emails: {\n server: {\n isShared: true,\n host: undefined,\n port: undefined,\n username: undefined,\n password: undefined,\n senderName: undefined,\n senderEmail: undefined,\n },\n selectedThemeId: DEFAULT_EMAIL_THEME_ID,\n themes: typedAssign((key: string) => ({\n displayName: \"Unnamed Theme\",\n tsxSource: \"Error: Theme config is missing TypeScript source code.\",\n }), DEFAULT_EMAIL_THEMES),\n templates: typedAssign((key: string) => ({\n displayName: \"Unnamed Template\",\n tsxSource: \"Error: Template config is missing TypeScript source code.\",\n themeId: undefined,\n }), DEFAULT_EMAIL_TEMPLATES),\n },\n\n payments: {\n autoPay: undefined,\n groups: (key: string) => ({\n displayName: undefined,\n }),\n offers: (key: string) => ({\n displayName: key,\n groupId: undefined,\n customerType: \"user\",\n freeTrial: undefined,\n serverOnly: false,\n stackable: undefined,\n isAddOnTo: false,\n prices: (key: string) => ({\n ...typedFromEntries(SUPPORTED_CURRENCIES.map(currency => [currency.code, undefined])),\n interval: undefined,\n serverOnly: false,\n freeTrial: undefined,\n }),\n includedItems: (key: string) => ({\n quantity: 0,\n repeat: \"never\",\n expires: \"when-repeated\",\n }),\n } as const),\n items: (key: string) => ({\n displayName: key,\n customerType: \"user\",\n } as const)\n },\n\n dataVault: {\n stores: (key: string) => ({\n displayName: \"Unnamed Vault\",\n }),\n },\n} as const satisfies DefaultsType<OrganizationRenderedConfigBeforeDefaults, [typeof environmentConfigDefaults, typeof branchConfigDefaults, typeof projectConfigDefaults]>;\n\ntype _DeepOmitDefaultsImpl<T, U> = T extends object ? (\n (\n & /* keys that are both in T and U, *and* the key's value in U is not a subtype of the key's value in T */ { [K in { [Ki in keyof T & keyof U]: U[Ki] extends T[Ki] ? never : Ki }[keyof T & keyof U]]: DeepOmitDefaults<T[K], U[K] & object> }\n & /* keys that are in T but not in U */ { [K in Exclude<keyof T, keyof U>]: T[K] }\n )\n) : T;\ntype DeepOmitDefaults<T, U> = _DeepOmitDefaultsImpl<DeepFilterUndefined<T>, U>;\ntype DefaultsType<T, U extends any[]> = DeepReplaceAllowFunctionsForObjects<DeepOmitDefaults<DeepRequiredOrUndefined<T>, IntersectAll<{ [K in keyof U]: DeepReplaceFunctionsWithObjects<U[K]> }>>>;\ntypeAssertIs<DefaultsType<{ a: { b: Record<string, 123>, c: 456 } }, [{ a: { c: 456 } }]>, { a: { b: ((key: string) => 123) | Record<string, 123 | undefined> & ((key: string) => 123) } }>()();\n\ntype DeepReplaceAllowFunctionsForObjects<T> = T extends object\n ? (\n string extends keyof T\n ? ((arg: Exclude<keyof T, number>) => DeepReplaceAllowFunctionsForObjects<T[keyof T]>) & ({ [K in keyof T]?: DeepReplaceAllowFunctionsForObjects<T[K]> } | {})\n : { [K in keyof T]: DeepReplaceAllowFunctionsForObjects<T[K]> }\n )\n :\n T;\ntype ReplaceFunctionsWithObjects<T> = T & (T extends (arg: infer K extends string) => infer R ? Record<K, R> & object : unknown);\ntype DeepReplaceFunctionsWithObjects<T> = T extends object ? { [K in keyof ReplaceFunctionsWithObjects<T>]: DeepReplaceFunctionsWithObjects<ReplaceFunctionsWithObjects<T>[K]> } : T;\ntypeAssertIs<DeepReplaceFunctionsWithObjects<{ a: { b: 123 } & ((key: string) => number) }>, { a: { b: 123, [key: string]: number } }>()();\n\nfunction deepReplaceFunctionsWithObjects(obj: any): any {\n return mapValues({ ...obj }, v => (isObjectLike(v) ? deepReplaceFunctionsWithObjects(v as any) : v));\n}\nundefined?.test(\"deepReplaceFunctionsWithObjects\", ({ expect }) => {\n expect(deepReplaceFunctionsWithObjects(() => { })).toEqual({});\n expect(deepReplaceFunctionsWithObjects({ a: 3 })).toEqual({ a: 3 });\n expect(deepReplaceFunctionsWithObjects({ a: () => ({ b: 1 }) })).toEqual({ a: {} });\n expect(deepReplaceFunctionsWithObjects({ a: typedAssign(() => ({}), { b: { c: 1 } }) })).toEqual({ a: { b: { c: 1 } } });\n});\n\ntype ApplyDefaults<D extends object | ((key: string) => unknown), C extends object> = {} extends D ? C : DeepMerge<DeepReplaceFunctionsWithObjects<D>, C>; // the {} extends D makes TypeScript not recurse if the defaults are empty, hence allowing us more recursion until \"type instantiation too deep\" kicks in... it's a total hack, but it works, so hey?\nfunction applyDefaults<D extends object | ((key: string) => unknown), C extends object>(defaults: D, config: C): ApplyDefaults<D, C> {\n const res: any = deepReplaceFunctionsWithObjects(defaults);\n\n outer: for (const [key, mergeValue] of Object.entries(config)) {\n if (mergeValue === undefined) continue;\n const keyParts = key.split(\".\");\n let baseValue: any = defaults;\n let currentRes: any = res;\n for (const [index, part] of keyParts.entries()) {\n baseValue = has(baseValue, part) ? get(baseValue, part) : (typeof baseValue === 'function' ? (baseValue as any)(part) : undefined);\n if (baseValue === undefined || !isObjectLike(baseValue)) {\n set(res, key, mergeValue);\n continue outer;\n }\n if (!has(currentRes, part)) set(currentRes, part, deepReplaceFunctionsWithObjects(baseValue) as never);\n currentRes = get(currentRes, part);\n }\n set(res, key, isObjectLike(mergeValue) ? applyDefaults(baseValue, mergeValue) : mergeValue);\n }\n return res as any;\n}\nundefined?.test(\"applyDefaults\", ({ expect }) => {\n // Basic\n expect(applyDefaults({ a: 1 }, { a: 2 })).toEqual({ a: 2 });\n expect(applyDefaults({}, { a: 1 })).toEqual({ a: 1 });\n expect(applyDefaults({ a: { b: 1 } }, { a: { b: 2 } })).toEqual({ a: { b: 2 } });\n expect(applyDefaults({ a: { b: 1 } }, { a: { c: 2 } })).toEqual({ a: { b: 1, c: 2 } });\n expect(applyDefaults({ a: { b: { c: 1, d: 2 } } }, { a: { b: { d: 3, e: 4 } } })).toEqual({ a: { b: { c: 1, d: 3, e: 4 } } });\n\n // Functions\n expect(applyDefaults((key: string) => ({ b: key }), { a: {} })).toEqual({ a: { b: \"a\" } });\n expect(applyDefaults((key1: string) => (key2: string) => ({ a: key1, b: key2 }), { c: { d: {} } })).toEqual({ c: { d: { a: \"c\", b: \"d\" } } });\n expect(applyDefaults({ a: (key: string) => ({ b: key }) }, { a: { c: { d: 1 } } })).toEqual({ a: { c: { b: \"c\", d: 1 } } });\n expect(applyDefaults({ a: (key: string) => ({ b: key }) }, {})).toEqual({ a: {} });\n expect(applyDefaults({ a: { b: (key: string) => ({ b: key }) } }, {})).toEqual({ a: { b: {} } });\n expect(applyDefaults(typedAssign(() => ({ b: 1 }), { a: { b: 1, c: 2 } }), { a: {} })).toEqual({ a: { b: 1, c: 2 } });\n expect(applyDefaults(typedAssign(() => ({ b: 1 }), { a: { b: 1, c: 2 } }), { d: {} })).toEqual({ a: { b: 1, c: 2 }, d: { b: 1 } });\n\n // Dot notation\n expect(applyDefaults({ a: { b: 1 } }, { \"a.c\": 2 })).toEqual({ a: { b: 1 }, \"a.c\": 2 });\n expect(applyDefaults({ a: 1 }, { \"a.b\": 2 })).toEqual({ a: 1, \"a.b\": 2 });\n expect(applyDefaults({ a: null }, { \"a.b\": 2 })).toEqual({ a: null, \"a.b\": 2 });\n expect(applyDefaults({ a: { b: { c: 1 } } }, { \"a.b\": { d: 2 } })).toEqual({ a: { b: { c: 1 } }, \"a.b\": { c: 1, d: 2 } });\n expect(applyDefaults({ a: { b: { c: { d: 1 } } } }, { \"a.b.c\": {} })).toEqual({ a: { b: { c: { d: 1 } } }, \"a.b.c\": { d: 1 } });\n expect(applyDefaults({ a: () => ({ c: 1 }) }, { \"a.b\": { d: 2 } })).toEqual({ a: { b: { c: 1 } }, \"a.b\": { c: 1, d: 2 } });\n expect(applyDefaults({ a: () => () => ({ d: 1 }) }, { \"a.b.c\": {} })).toEqual({ a: { b: { c: { d: 1 } } }, \"a.b.c\": { d: 1 } });\n expect(applyDefaults({ a: { b: () => ({ c: 1, d: 2 }) } }, { \"a.b.x-y.c\": 3 })).toEqual({ a: { b: { \"x-y\": { c: 1, d: 2 } } }, \"a.b.x-y.c\": 3 });\n});\n\nexport function applyProjectDefaults<T extends ProjectRenderedConfigBeforeDefaults>(config: T) {\n return applyDefaults(projectConfigDefaults, config);\n}\n\nexport function applyBranchDefaults<T extends BranchRenderedConfigBeforeDefaults>(config: T) {\n return applyDefaults(\n branchConfigDefaults,\n applyDefaults(\n projectConfigDefaults,\n config\n )\n );\n}\n\nexport function applyEnvironmentDefaults<T extends EnvironmentRenderedConfigBeforeDefaults>(config: T): ApplyDefaults<typeof environmentConfigDefaults, ApplyDefaults<typeof branchConfigDefaults, ApplyDefaults<typeof projectConfigDefaults, T>>> {\n return applyDefaults(\n environmentConfigDefaults,\n applyDefaults(\n branchConfigDefaults,\n applyDefaults(\n projectConfigDefaults,\n config\n ) as any\n ) as any\n ) as any;\n}\n\nexport function applyOrganizationDefaults(config: OrganizationRenderedConfigBeforeDefaults): ApplyDefaults<typeof organizationConfigDefaults, ApplyDefaults<typeof environmentConfigDefaults, ApplyDefaults<typeof branchConfigDefaults, ApplyDefaults<typeof projectConfigDefaults, OrganizationRenderedConfigBeforeDefaults>>>> {\n return applyDefaults(\n organizationConfigDefaults,\n applyDefaults(\n environmentConfigDefaults,\n applyDefaults(\n branchConfigDefaults,\n applyDefaults(\n projectConfigDefaults,\n config\n ) as any\n ) as any\n ) as any\n ) as any;\n}\n\n\nexport async function sanitizeProjectConfig<T extends ProjectRenderedConfigBeforeSanitization>(config: T) {\n assertNormalized(config);\n const oldSourceOfTruth = config.sourceOfTruth;\n const sourceOfTruth =\n oldSourceOfTruth.type === 'neon' && typeof oldSourceOfTruth.connectionStrings === 'object' ? {\n type: 'neon',\n connectionStrings: { ...filterUndefined(oldSourceOfTruth.connectionStrings) as Record<string, string> }\n } as const\n : oldSourceOfTruth.type === 'postgres' && typeof oldSourceOfTruth.connectionString === 'string' ? {\n type: 'postgres',\n connectionString: oldSourceOfTruth.connectionString,\n } as const\n : {\n type: 'hosted',\n } as const;\n\n return {\n ...config,\n sourceOfTruth,\n };\n}\n\nexport async function sanitizeBranchConfig<T extends BranchRenderedConfigBeforeSanitization>(config: T) {\n assertNormalized(config);\n const prepared = await sanitizeProjectConfig(config);\n return {\n ...prepared,\n };\n}\n\nexport async function sanitizeEnvironmentConfig<T extends EnvironmentRenderedConfigBeforeSanitization>(config: T) {\n assertNormalized(config);\n const prepared = await sanitizeBranchConfig(config);\n return {\n ...prepared,\n };\n}\n\nexport async function sanitizeOrganizationConfig(config: OrganizationRenderedConfigBeforeSanitization) {\n assertNormalized(config);\n const prepared = await sanitizeEnvironmentConfig(config);\n const themes: typeof prepared.emails.themes = {\n ...DEFAULT_EMAIL_THEMES,\n ...prepared.emails.themes,\n };\n const templates: typeof prepared.emails.templates = {\n ...DEFAULT_EMAIL_TEMPLATES,\n ...prepared.emails.templates,\n };\n const offers = typedFromEntries(typedEntries(prepared.payments.offers).map(([key, offer]) => {\n const isAddOnTo = offer.isAddOnTo === false ?\n false as const :\n typedFromEntries(Object.keys(offer.isAddOnTo).map((key) => [key, true as const]));\n const prices = offer.prices === \"include-by-default\" ?\n \"include-by-default\" as const :\n typedFromEntries(typedEntries(offer.prices).map(([key, value]) => {\n const data = { serverOnly: false, ...(value ?? {}) };\n return [key, data];\n }));\n return [key, {\n ...offer,\n isAddOnTo,\n prices,\n }];\n }));\n return {\n ...prepared,\n emails: {\n ...prepared.emails,\n selectedThemeId: has(themes, prepared.emails.selectedThemeId) ? prepared.emails.selectedThemeId : DEFAULT_EMAIL_THEME_ID,\n themes,\n templates,\n },\n payments: {\n ...prepared.payments,\n offers\n }\n };\n}\n\n\n/**\n * Does not require a base config, and hence solely relies on the override itself to validate the config. If it returns\n * no error, you know that the\n *\n * It's crucial that our DB never contains any configs that are not valid according to this function, as this would mean\n * that the config object does not satisfy the ValidatedToHaveNoConfigOverrideErrors type (which is used as an assumption\n * in a whole bunch of places in the code).\n */\nexport async function getConfigOverrideErrors<T extends yup.AnySchema>(schema: T, configOverride: unknown, options: { allowPropertiesThatCanNoLongerBeOverridden?: boolean } = {}): Promise<Result<null, string>> {\n // currently, we go over the schema and ensure that the general requirements for each property are satisfied\n // importantly, we cannot check any cross-property constraints, as those may change depending on the base config\n // also, since overrides can be empty, we cannot have any required properties (TODO: can we have required properties in nested objects? would that even make sense? think about it)\n if (typeof configOverride !== \"object\" || configOverride === null) {\n return Result.error(\"Config override must be a non-null object.\");\n }\n if (Object.getPrototypeOf(configOverride) !== Object.getPrototypeOf({})) {\n return Result.error(\"Config override must be plain old JavaScript object.\");\n }\n // Check config format\n const reason = getInvalidConfigReason(configOverride, { configName: 'override' });\n if (reason) return Result.error(\"Invalid config format: \" + reason);\n\n const getSubSchema = (schema: yup.AnySchema, key: string): yup.AnySchema | undefined => {\n const keyParts = key.split(\".\");\n if (!schema.hasNested(keyParts[0])) {\n return undefined;\n }\n const nestedSchema = schema.getNested(keyParts[0]);\n if (nestedSchema.meta()?.stackConfigCanNoLongerBeOverridden && !options.allowPropertiesThatCanNoLongerBeOverridden) {\n return undefined;\n }\n if (keyParts.length === 1) {\n return nestedSchema;\n } else {\n return getSubSchema(nestedSchema, keyParts.slice(1).join(\".\"));\n }\n };\n\n const getRestrictedSchemaBase = (path: string, schema: yup.AnySchema): yup.AnySchema => {\n const schemaInfo = schema.meta()?.stackSchemaInfo;\n switch (schemaInfo?.type) {\n case \"string\": {\n const stringSchema = schema as yup.StringSchema<any>;\n const description = stringSchema.describe();\n let res = yupString();\n if (description.tests.some(t => t.name === \"uuid\")) {\n res = res.uuid();\n }\n return res;\n }\n case \"number\": {\n return yupNumber();\n }\n case \"boolean\": {\n return yupBoolean();\n }\n case \"date\": {\n return yupDate();\n }\n case \"mixed\": {\n return yupMixed();\n }\n case \"array\": {\n throw new StackAssertionError(`Arrays are not supported in config JSON files (besides tuples). Use a record instead.`, { schemaInfo, schema });\n\n // This is how the implementation would look like, but we don't support arrays in config JSON files (besides tuples)\n // const arraySchema = schema as yup.ArraySchema<any, any, any, any>;\n // const innerType = arraySchema.innerType;\n // return yupArray(innerType ? getRestrictedSchema(path + \".[]\", innerType as any) : undefined);\n }\n case \"tuple\": {\n return yupTuple(schemaInfo.items.map((s, index) => getRestrictedSchema(path + `[${index}]`, s)) as any);\n }\n case \"union\": {\n const schemas = schemaInfo.items;\n const nonObjectSchemas = [...schemas.entries()].filter(([index, s]) => s.meta()?.stackSchemaInfo?.type !== \"object\");\n const objectSchemas = schemas.filter((s): s is yup.ObjectSchema<any> => s.meta()?.stackSchemaInfo?.type === \"object\");\n\n // merge all object schemas into a single schema\n const allObjectSchemaKeys = [...new Set(objectSchemas.flatMap(s => Object.keys(s.fields)))];\n const mergedObjectSchema = yupObject(\n Object.fromEntries(\n allObjectSchemaKeys.map(key => [key, yupUnion(\n ...objectSchemas.flatMap((s, index) => s.hasNested(key) ? [s.getNested(key)] : [])\n )])\n )\n );\n\n return yupUnion(\n ...nonObjectSchemas.map(([index, s]) => getRestrictedSchema(path + `|variant-${index}|`, s)),\n ...objectSchemas.length > 0 ? [getRestrictedSchema(path + (nonObjectSchemas.length > 0 ? `|variant|` : \"\"), mergedObjectSchema)] : [],\n );\n }\n case \"record\": {\n return yupRecord(getRestrictedSchema(path + \".key\", schemaInfo.keySchema) as any, getRestrictedSchema(path + \".value\", schemaInfo.valueSchema));\n }\n case \"object\": {\n const objectSchema = schema as yup.ObjectSchema<any>;\n return yupObject(\n Object.fromEntries(\n Object.entries(objectSchema.fields)\n .map(([key, value]) => [key, getRestrictedSchema(path + \".\" + key, value as any)])\n )\n );\n }\n case \"never\": {\n return yupNever();\n }\n default: {\n throw new StackAssertionError(`Unknown schema info at path ${path}: ${JSON.stringify(schemaInfo)}`, { schemaInfo, schema });\n }\n }\n };\n const getRestrictedSchema = (path: string, schema: yup.AnySchema): yup.AnySchema => {\n let restricted = getRestrictedSchemaBase(path, schema);\n restricted = restricted.nullable();\n const description = schema.describe();\n if (description.oneOf.length > 0) {\n restricted = restricted.oneOf(description.oneOf);\n }\n if (description.notOneOf.length > 0) {\n restricted = restricted.notOneOf(description.notOneOf);\n }\n return restricted;\n };\n\n for (const [key, value] of Object.entries(configOverride)) {\n if (value === undefined) continue;\n const subSchema = getSubSchema(schema, key);\n if (!subSchema) {\n return Result.error(`The key ${JSON.stringify(key)} is not valid for the schema.`);\n }\n let restrictedSchema = getRestrictedSchema(key, subSchema);\n try {\n await restrictedSchema.validate(value, {\n strict: true,\n ...{\n // Although `path` is not part of the yup types, it is actually recognized and does the correct thing\n path: key\n },\n context: {\n noUnknownPathPrefixes: [''],\n },\n });\n } catch (error) {\n if (error instanceof yup.ValidationError) {\n return Result.error(error.message);\n }\n throw error;\n }\n }\n return Result.ok(null);\n}\nexport async function assertNoConfigOverrideErrors<T extends yup.AnySchema>(schema: T, config: unknown, options: { allowPropertiesThatCanNoLongerBeOverridden?: boolean, extraInfo?: any } = {}): Promise<void> {\n const res = await getConfigOverrideErrors(schema, config, options);\n if (res.status === \"error\") throw new StackAssertionError(`Config override is invalid — at a place where it should have already been validated! ${res.error}`, { options, config, schema });\n}\ntype _ValidatedToHaveNoConfigOverrideErrorsImpl<T> =\n IsUnion<T & object> extends true ? _ValidatedToHaveNoConfigOverrideErrorsImpl<CollapseObjectUnion<T & object> | Exclude<T, object>>\n : T extends object ? (T extends any[] ? T : { [K in keyof T]+?: _ValidatedToHaveNoConfigOverrideErrorsImpl<T[K]> })\n : T;\nexport type ValidatedToHaveNoConfigOverrideErrors<T extends yup.AnySchema> = _ValidatedToHaveNoConfigOverrideErrorsImpl<yup.InferType<T>>;\ntypeAssertIs<_ValidatedToHaveNoConfigOverrideErrorsImpl<{ a: string } | { b: number } | boolean>, { a?: string, b?: number } | boolean>()();\ntypeAssertExtends<_ValidatedToHaveNoConfigOverrideErrorsImpl<\"abc\" | 123 | null>, \"abc\" | 123 | null>()();\ntypeAssertExtends<_ValidatedToHaveNoConfigOverrideErrorsImpl<{ a: { b: { c: string } | { d: number } } }>, { a?: { b?: { c?: string, d?: number } } }>()();\n\n/**\n * Checks whether there are any warnings in the incomplete config. A warning doesn't stop the config from being valid,\n * but may require action regardless.\n *\n * The DB can contain configs that are not valid according to this function, as long as they are valid according to\n * the getConfigOverrideErrors function. (This is necessary, because a changing base config may make an override invalid\n * that was previously valid.)\n */\nexport async function getIncompleteConfigWarnings<T extends yup.AnySchema>(schema: T, incompleteConfig: Config): Promise<Result<null, string>> {\n // every rendered config should also be a config override without errors (regardless of whether it has warnings or not)\n await assertNoConfigOverrideErrors(schema, incompleteConfig, { allowPropertiesThatCanNoLongerBeOverridden: true });\n\n let normalized: Config;\n try {\n normalized = normalize(incompleteConfig, { onDotIntoNull: \"empty-object\" });\n } catch (error) {\n if (error instanceof NormalizationError) {\n return Result.error(`Config is not normalizable. ` + error.message);\n }\n throw error;\n }\n\n // test the schema against the normalized config\n try {\n await schema.validate(normalized, {\n strict: true,\n context: {\n noUnknownPathPrefixes: [''],\n },\n });\n return Result.ok(null);\n } catch (error) {\n if (error instanceof yup.ValidationError) {\n return Result.error(error.message);\n }\n throw error;\n }\n}\nexport type ValidatedToHaveNoIncompleteConfigWarnings<T extends yup.AnySchema> = yup.InferType<T>;\n\n\n// Normalized overrides\n// ex.: { a?: { b?: number, c?: string }, d?: number }\ntype ProjectConfigNormalizedOverride = Expand<ValidatedToHaveNoConfigOverrideErrors<typeof projectConfigSchema>>;\ntype BranchConfigNormalizedOverride = Expand<ValidatedToHaveNoConfigOverrideErrors<typeof branchConfigSchema>>;\ntype EnvironmentConfigNormalizedOverride = Expand<ValidatedToHaveNoConfigOverrideErrors<typeof environmentConfigSchema>>;\ntype OrganizationConfigNormalizedOverride = Expand<ValidatedToHaveNoConfigOverrideErrors<typeof organizationConfigSchema>>;\n\n\n// Overrides\n// ex.: { a?: null | { b?: null | number, c: string }, d?: null | number, \"a.b\"?: number, \"a.c\"?: string }\nexport type ProjectConfigOverride = NormalizesTo<ProjectConfigNormalizedOverride>;\nexport type BranchConfigOverride = NormalizesTo<BranchConfigNormalizedOverride>;\nexport type EnvironmentConfigOverride = NormalizesTo<EnvironmentConfigNormalizedOverride>;\nexport type OrganizationConfigOverride = NormalizesTo<OrganizationConfigNormalizedOverride>;\n\n// Override overrides (used to update the overrides)\n// ex.: { a?: null | { b?: null | number, c?: string }, d?: null | number, \"a.b\"?: number, \"a.c\"?: string }\nexport type ProjectConfigOverrideOverride = ProjectConfigOverride;\nexport type BranchConfigOverrideOverride = BranchConfigOverride;\nexport type EnvironmentConfigOverrideOverride = EnvironmentConfigOverride;\nexport type OrganizationConfigOverrideOverride = OrganizationConfigOverride;\n\n// Incomplete configs\n// note that we infer these types from the override types, not from the schema types directly, as there is no guarantee\n// that all configs in the DB satisfy the schema (the only guarantee we make is that this once *used* to be true)\nexport type ProjectIncompleteConfig = Expand<ProjectConfigNormalizedOverride>;\nexport type BranchIncompleteConfig = Expand<ProjectIncompleteConfig & BranchConfigNormalizedOverride>;\nexport type EnvironmentIncompleteConfig = Expand<BranchIncompleteConfig & EnvironmentConfigNormalizedOverride>;\nexport type OrganizationIncompleteConfig = Expand<EnvironmentIncompleteConfig & OrganizationConfigNormalizedOverride>;\n\n\n// Rendered configs before defaults, normalization, and sanitization\ntype ProjectRenderedConfigBeforeDefaults = Omit<ProjectIncompleteConfig,\n | keyof BranchConfigNormalizedOverride\n | keyof EnvironmentConfigNormalizedOverride\n | keyof OrganizationConfigNormalizedOverride\n>;\ntype BranchRenderedConfigBeforeDefaults = Omit<BranchIncompleteConfig,\n | keyof EnvironmentConfigNormalizedOverride\n | keyof OrganizationConfigNormalizedOverride\n>;\ntype EnvironmentRenderedConfigBeforeDefaults = Omit<EnvironmentIncompleteConfig,\n | keyof OrganizationConfigNormalizedOverride\n>;\ntype OrganizationRenderedConfigBeforeDefaults = OrganizationIncompleteConfig;\n\n\n// Rendered configs before sanitization\ntype ProjectRenderedConfigBeforeSanitization = Expand<Awaited<ReturnType<typeof applyProjectDefaults<ProjectRenderedConfigBeforeDefaults>>>>;\ntype BranchRenderedConfigBeforeSanitization = Expand<Awaited<ReturnType<typeof applyBranchDefaults<BranchRenderedConfigBeforeDefaults>>>>;\ntype EnvironmentRenderedConfigBeforeSanitization = Expand<Awaited<ReturnType<typeof applyEnvironmentDefaults<EnvironmentRenderedConfigBeforeDefaults>>>>;\ntype OrganizationRenderedConfigBeforeSanitization = Expand<Awaited<ReturnType<typeof applyOrganizationDefaults>>>;\n\n// Rendered configs after defaults, normalization, and sanitization\nexport type ProjectRenderedConfig = Expand<Awaited<ReturnType<typeof sanitizeProjectConfig<ProjectRenderedConfigBeforeSanitization>>>>;\nexport type BranchRenderedConfig = Expand<Awaited<ReturnType<typeof sanitizeBranchConfig<BranchRenderedConfigBeforeSanitization>>>>;\nexport type EnvironmentRenderedConfig = Expand<Awaited<ReturnType<typeof sanitizeEnvironmentConfig<EnvironmentRenderedConfigBeforeSanitization>>>>;\nexport type OrganizationRenderedConfig = Expand<Awaited<ReturnType<typeof sanitizeOrganizationConfig>>>;\n\n// Complete config\nexport type CompleteConfig = OrganizationRenderedConfig;\n\n// Type assertions (just to make sure the types are correct)\nconst __assertEmptyObjectIsValidProjectOverride: ProjectConfigOverride = {};\nconst __assertEmptyObjectIsValidBranchOverride: BranchConfigOverride = {};\nconst __assertEmptyObjectIsValidEnvironmentOverride: EnvironmentConfigOverride = {};\nconst __assertEmptyObjectIsValidOrganizationOverride: OrganizationConfigOverride = {};\ntypeAssertExtends<ProjectRenderedConfig, { \"sourceOfTruth\": any }>()();\ntypeAssertExtends<BranchRenderedConfig, { \"sourceOfTruth\": any }>()();\ntypeAssertExtends<EnvironmentRenderedConfig, { \"sourceOfTruth\": any }>()();\ntypeAssertExtends<OrganizationRenderedConfig, { \"sourceOfTruth\": any }>()();\ntypeAssert<BranchRenderedConfig extends { \"domains\": any } ? false : true>()();\ntypeAssert<EnvironmentRenderedConfig extends { \"domains\": any } ? false : true>()();\ntypeAssertExtends<OrganizationRenderedConfig, { \"domains\": any }>()();\n"],"mappings":";AAEA,YAAY,SAAS;AACrB,SAAS,yBAAyB,sBAAsB,8BAA8B;AACtF,YAAY,kBAAkB;AAC9B,SAAS,aAAa,uBAAuB,YAAY,SAAS,UAAU,UAAU,WAAW,WAAW,WAAW,WAAW,UAAU,gBAAgB;AAC5J,SAAS,sBAAsB;AAC/B,SAAS,4BAA4B;AACrC,SAAS,2BAA2B;AACpC,SAAS,oBAAoB;AAC7B,SAAkE,WAAW,iBAAiB,KAAK,KAAK,cAAc,WAAW,KAAK,aAAa,cAAc,wBAAwB;AACzL,SAAS,cAAc;AACvB,SAA6D,YAAY,mBAAmB,oBAAoB;AAChH,SAAiB,oBAAkC,kBAAkB,wBAAwB,iBAAiB;AAEvG,IAAM,eAAe,CAAC,WAAW,UAAU,eAAe,cAAc;AAE/E,IAAM,kBAAkB;AACxB,IAAM,wBAAwB;AAQ9B,SAAS,wBAA2E,QAAW,MAAuH;AACpN,QAAM,aAAa,OAAO,OAAO;AAAA,IAC/B,OAAO,YAAY,KAAK,IAAI,SAAO,CAAC,KAAK,OAAO,UAAU,GAAG,EAAE,KAAK,EAAE,oCAAoC,KAAK,CAAC,CAAC,CAAC,CAAC;AAAA,EACrH,CAAC;AACD,SAAO;AACT;AAKO,IAAM,sBAAsB,UAAU;AAAA,EAC3C,eAAe;AAAA,IACb,UAAU;AAAA,MACR,MAAM,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE,QAAQ;AAAA,IAC9C,CAAC;AAAA,IACD,UAAU;AAAA,MACR,MAAM,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,QAAQ;AAAA,MAC1C,mBAAmB;AAAA,QACjB,UAAU,EAAE,QAAQ;AAAA,QACpB,UAAU,EAAE,QAAQ;AAAA,MACtB,EAAE,QAAQ;AAAA,IACZ,CAAC;AAAA,IACD,UAAU;AAAA,MACR,MAAM,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ;AAAA,MAC9C,kBAAkB,UAAU,EAAE,QAAQ;AAAA,IACxC,CAAC;AAAA,EACH;AACF,CAAC;AAGD,IAAM,+BAA+B;AAAA,EACnC,UAAU,EAAE,QAAQ,eAAe;AAAA,EACnC,WAAW,EAAE,OAAO,EAAE,SAAS;AACjC;AAEA,IAAM,mBAAmB,UAAU;AAAA,EACjC,aAAa;AAAA,IACX,UAAU,EAAE,QAAQ,qBAAqB;AAAA,IACzC,UAAU;AAAA,MACR,aAAa,UAAU,EAAE,SAAS;AAAA,MAClC,OAAO,UAAU,EAAE,MAAM,CAAC,QAAQ,SAAS,CAAC,EAAE,SAAS;AAAA,MACvD,wBAAwB;AAAA,QACtB,UAAU,EAAE,QAAQ,eAAe;AAAA,QACnC,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,MACjC,EAAE,SAAS;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd;AAAA,EACA,oBAAoB,UAAU;AAAA,IAC5B,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,QAAQ;AAAA,EACV,CAAC;AACH,CAAC;AAID,IAAM,sBAAsB,UAAU;AAAA,EACpC,SAAS,UAAU;AAAA,IACjB,MAAM,WAAW;AAAA,IACjB,MAAM,WAAW;AAAA,EACnB,CAAC;AACH,CAAC;AAID,IAAM,mBAAmB,UAAU;AAAA,EACjC,aAAa,WAAW;AAAA,EACxB,UAAU,UAAU;AAAA,IAClB,aAAa,WAAW;AAAA,EAC1B,CAAC;AAAA,EACD,KAAK,UAAU;AAAA,IACb,aAAa,WAAW;AAAA,EAC1B,CAAC;AAAA,EACD,SAAS,UAAU;AAAA,IACjB,aAAa,WAAW;AAAA,EAC1B,CAAC;AAAA,EACD,OAAO,UAAU;AAAA,IACf,sBAAsB,UAAU,EAAE,MAAM,CAAC,eAAe,eAAe,kBAAkB,CAAC,EAAE,SAAS;AAAA,IACrG,WAAW;AAAA,MACT,UAAU,EAAE,QAAQ,eAAe;AAAA,MACnC,UAAU;AAAA,QACR,MAAM,UAAU,EAAE,MAAM,YAAY,EAAE,SAAS;AAAA,QAC/C,aAAa,WAAW;AAAA,QACxB,wBAAwB,WAAW;AAAA,MACrC,CAAC;AAAA,IACH;AAAA,EACF,CAAC;AACH,CAAC;AAEM,IAAM,uBAAuB,UAAU;AAAA,EAC5C,SAAS,UAAU;AAAA,IACjB,UAAuB;AAAA,EACzB,CAAC,EAAE,SAAS;AAAA,EACZ,QAAQ;AAAA,IACN,sBAAsB,SAAS;AAAA,IAC/B,UAAU;AAAA,MACR,aAAa,UAAU,EAAE,SAAS;AAAA,IACpC,CAAC;AAAA,EACH,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,qGAAqG,cAAc,EAAE,YAAY,EAAE,aAAa,WAAW,EAAE,EAAE,EAAE,CAAC;AAAA,EACxM,QAAQ;AAAA,IACN,sBAAsB,SAAS;AAAA,IAC/B;AAAA,EACF;AAAA,EACA,OAAO;AAAA,IACL,sBAAsB,QAAQ;AAAA,IAC9B,UAAU;AAAA,MACR,aAAa,UAAU,EAAE,SAAS;AAAA,MAClC,cAA2B;AAAA,IAC7B,CAAC;AAAA,EACH;AACF,CAAC;AAED,IAAM,eAAe,UAAU;AAAA,EAC7B,gBAAgB,WAAW;AAC7B,CAAC;AAEM,IAAM,qBAAqB,wBAAwB,qBAAqB,CAAC,eAAe,CAAC,EAAE,OAAO,UAAU;AAAA,EACjH,MAAM;AAAA,EAEN,OAAO,UAAU;AAAA,IACf,4BAA4B,WAAW;AAAA,IACvC,yBAAyB,WAAW;AAAA,EACtC,CAAC;AAAA,EAED,OAAO,UAAU;AAAA,IACf,yBAAyB,WAAW;AAAA,EACtC,CAAC;AAAA,EAED,SAAS;AAAA,EAET,SAAS;AAAA,EAET,MAAM;AAAA,EAEN,QAAQ,UAAU;AAAA,IAChB,iBAA8B;AAAA,IAC9B,QAAqB;AAAA,IACrB,WAAwB;AAAA,EAC1B,CAAC;AAAA,EAED,UAAU;AAAA,EAEV,WAAW,UAAU;AAAA,IACnB,QAAQ;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,QACR,aAAa,UAAU;AAAA,MACzB,CAAC;AAAA,IACH;AAAA,EACF,CAAC;AACH,CAAC,CAAC;AAGK,IAAM,0BAA0B,mBAAmB,OAAO,UAAU;AAAA,EACzE,MAAM,mBAAmB,UAAU,MAAM,EAAE,OAAO,UAAU;AAAA,IAC1D,OAAO,mBAAmB,UAAU,MAAM,EAAE,UAAU,OAAO,EAAE,OAAO,UAAU;AAAA,MAC9E,WAAW;AAAA,QACT,UAAU,EAAE,QAAQ,eAAe;AAAA,QACnC,UAAU;AAAA,UACR,MAAM,UAAU,EAAE,MAAM,YAAY,EAAE,SAAS;AAAA,UAC/C,UAAU,WAAW;AAAA,UACrB,UAAuB,iCAAoB,SAAS;AAAA,UACpD,cAA2B,qCAAwB,SAAS;AAAA,UAC5D,kBAA+B,yCAA4B,SAAS;AAAA,UACpE,mBAAgC,0CAA6B,SAAS;AAAA,UACtE,aAAa,WAAW,EAAE,SAAS;AAAA,UACnC,wBAAwB,WAAW,EAAE,SAAS;AAAA,QAChD,CAAC;AAAA,MACH;AAAA,IACF,CAAC,CAAC;AAAA,EACJ,CAAC,CAAC;AAAA,EAEF,QAAQ,mBAAmB,UAAU,QAAQ,EAAE,OAAO,UAAU;AAAA,IAC9D,QAAQ,UAAU;AAAA,MAChB,UAAU,WAAW;AAAA,MACrB,MAAmB,6BAAgB,SAAS,EAAE,SAAS;AAAA,MACvD,MAAmB,6BAAgB,SAAS;AAAA,MAC5C,UAAuB,iCAAoB,SAAS,EAAE,SAAS;AAAA,MAC/D,UAAuB,iCAAoB,SAAS,EAAE,SAAS;AAAA,MAC/D,YAAyB,mCAAsB,SAAS,EAAE,SAAS;AAAA,MACnE,aAA0B,oCAAuB,SAAS,EAAE,SAAS;AAAA,IACvE,CAAC;AAAA,EACH,CAAC,CAAC;AAAA,EAEF,SAAS,mBAAmB,UAAU,SAAS,EAAE,OAAO,UAAU;AAAA,IAChE,gBAAgB;AAAA,MACd,sBAAsB,iBAAiB;AAAA,MACvC,UAAU;AAAA,QACR,SAAsB,+BAAkB,IAAI,GAAG;AAAA,QAC/C,aAA0B,+BAAkB,IAAI,GAAG;AAAA,MACrD,CAAC;AAAA,IACH;AAAA,EACF,CAAC,CAAC;AACJ,CAAC,CAAC;AAEK,IAAM,2BAA2B,wBAAwB,OAAO,UAAU,CAAC,CAAC,CAAC;AAc7E,SAAS,sBAAsB,MAA6D,6BAAuC;AACxI,QAAM,mBAAmB,CAAC,UAAU,eAAe,cAAc,EAAE,SAAS,IAAI;AAChF,QAAM,wBAAwB,CAAC,eAAe,cAAc,EAAE,SAAS,IAAI;AAE3E,MAAI,MAAM;AAGV,MAAI,kBAAkB;AACpB,UAAM,eAAe,KAAK,gBAAgB,wBAAwB;AAAA,EACpE;AAIA,MAAI,uBAAuB;AACzB,UAAM,YAAY,KAAK,OAAK,EAAE,KAAK,GAAG,MAAM,0BAA0B,CAAC,UAAU;AAC/E,UAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,eAAO,iBAAiB,MAAM,IAAI,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;AAAA,MAC1D;AACA,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAIA,MAAI,kBAAkB;AACpB,UAAM,eAAe,KAAK,OAAK,EAAE,KAAK,GAAG,MAAM,kBAAkB;AACjE,UAAM,eAAe,KAAK,OAAK,EAAE,KAAK,GAAG,MAAM,qBAAqB;AAAA,EACtE;AAIA,MAAI,SAAS,eAAe;AAC1B,UAAM,eAAe,KAAK,OAAK,EAAE,KAAK,GAAG,MAAM,eAAe;AAAA,EAChE;AAIA,MAAI,SAAS,eAAe;AAC1B,UAAM,eAAe,KAAK,OAAK,EAAE,KAAK,GAAG,MAAM,0BAA0B;AACzE,UAAM,eAAe,KAAK,OAAK,EAAE,KAAK,GAAG,MAAM,qCAAqC;AAAA,EACtF;AAIA,MAAI,kBAAkB;AACpB,UAAM,eAAe,KAAK,OAAK,EAAE,WAAW,KAAK,EAAE,CAAC,MAAM,cAAc,EAAE,CAAC,MAAM,WAAW,EAAE,CAAC,MAAM,SAAS;AAAA,EAChH;AAIA,SAAO;AACT;AAEA,SAAS,eAAe,KAA0B,UAAuD;AACvG,SAAO,YAAY,KAAK,UAAU,MAAM,MAAS;AACnD;AAEA,SAAS,YAAY,KAA0B,UAAuC,QAAkC;AACtH,QAAM,MAA2B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC;AAC5D,aAAW,CAAC,KAAK,KAAK,KAAK,aAAa,GAAG,GAAG;AAC5C,UAAM,OAAO,IAAI,MAAM,GAAG;AAC1B,QAAI,SAAS,IAAI,GAAG;AAClB,YAAM,WAAW,OAAO,KAAK;AAC7B,UAAI,aAAa,QAAW;AAC1B,YAAI,KAAK,KAAK,QAAQ;AAAA,MACxB,OAAO;AAAA,MAEP;AAAA,IACF,WAAW,aAAa,KAAK,GAAG;AAC9B,UAAI,KAAK,KAAK,YAAY,OAAO,OAAK,SAAS,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC;AAAA,IAC1E,OAAO;AACL,UAAI,KAAK,KAAK,KAAK;AAAA,IACrB;AAAA,EACF;AACA,SAAO;AACT;AAYA,SAAS,eAAe,KAA0B,SAAiB,SAAsB;AACvF,QAAM,cAAc,QAAQ,MAAM,GAAG;AACrC,QAAM,cAAc,QAAQ,MAAM,GAAG;AACrC,MAAI,CAAC,eAAe,YAAY,MAAM,GAAG,EAAE,GAAG,YAAY,MAAM,GAAG,EAAE,CAAC,EAAG,OAAM,IAAI,oBAAoB,4DAA4D,OAAO,QAAQ,OAAO,EAAE;AAE3L,WAAS,IAAI,GAAG,IAAI,YAAY,QAAQ,KAAK;AAC3C,UAAM,aAAa,YAAY,MAAM,GAAG,CAAC,EAAE,KAAK,GAAG;AACnD,UAAM,gBAAgB,YAAY,MAAM,CAAC,EAAE,KAAK,GAAG;AACnD,UAAM,gBAAgB,YAAY,MAAM,CAAC,EAAE,KAAK,GAAG;AACnD,QAAI,IAAI,KAAK,UAAU,KAAK,aAAa,IAAI,KAAK,UAAU,CAAC,GAAG;AAC9D,UAAI,KAAK,YAAY,eAAe,IAAI,KAAK,UAAU,GAAG,eAAe,aAAa,CAAC;AAAA,IACzF;AAAA,EACF;AACA,MAAI,IAAI,KAAK,OAAO,GAAG;AACrB,QAAI,KAAK,SAAS,IAAI,KAAK,OAAO,CAAC;AACnC,cAAU,KAAK,OAAO;AAAA,EACxB;AAEA,SAAO;AACT;AAkBA,IAAM,wBAAwB;AAAA,EAC5B,eAAe;AAAA,IACb,MAAM;AAAA,IACN,mBAAmB;AAAA,IACnB,kBAAkB;AAAA,EACpB;AACF;AAEA,IAAM,uBAAuB,CAAC;AAE9B,IAAM,4BAA4B,CAAC;AAEnC,IAAM,6BAA6B;AAAA,EACjC,MAAM;AAAA,IACJ,aAAa,CAAC,SAAiB;AAAA,MAC7B,wBAAwB,CAACA,SAAgB;AAAA,MACzC,aAAa;AAAA,MACb,OAAO;AAAA,IACT;AAAA,IACA,oBAAoB;AAAA,MAClB,aAAa,CAAC,QAAgB;AAAA,MAC9B,YAAY,CAAC,QAAgB;AAAA,MAC7B,QAAQ,CAAC,QAAgB;AAAA,IAC3B;AAAA,EACF;AAAA,EAEA,SAAS;AAAA,IACP,SAAS;AAAA,MACP,MAAM;AAAA,MACN,MAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,OAAO;AAAA,IACL,4BAA4B;AAAA,IAC5B,yBAAyB;AAAA,EAC3B;AAAA,EAEA,OAAO;AAAA,IACL,yBAAyB;AAAA,EAC3B;AAAA,EAEA,SAAS;AAAA,IACP,gBAAgB;AAAA,IAChB,gBAAgB,CAAC,SAAiB;AAAA,MAChC,SAAS;AAAA,MACT,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EAEA,MAAM;AAAA,IACJ,aAAa;AAAA,IACb,UAAU;AAAA,MACR,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,aAAa;AAAA,IACf;AAAA,IACA,SAAS;AAAA,MACP,aAAa;AAAA,IACf;AAAA,IACA,OAAO;AAAA,MACL,sBAAsB;AAAA,MACtB,WAAW,CAAC,SAAiB;AAAA,QAC3B,MAAM;AAAA,QACN,UAAU;AAAA,QACV,aAAa;AAAA,QACb,wBAAwB;AAAA,QACxB,UAAU;AAAA,QACV,cAAc;AAAA,QACd,kBAAkB;AAAA,QAClB,mBAAmB;AAAA,MACrB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,QAAQ;AAAA,IACN,QAAQ;AAAA,MACN,UAAU;AAAA,MACV,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,YAAY;AAAA,MACZ,aAAa;AAAA,IACf;AAAA,IACA,iBAAiB;AAAA,IACjB,QAAQ,YAAY,CAAC,SAAiB;AAAA,MACpC,aAAa;AAAA,MACb,WAAW;AAAA,IACb,IAAI,oBAAoB;AAAA,IACxB,WAAW,YAAY,CAAC,SAAiB;AAAA,MACvC,aAAa;AAAA,MACb,WAAW;AAAA,MACX,SAAS;AAAA,IACX,IAAI,uBAAuB;AAAA,EAC7B;AAAA,EAEA,UAAU;AAAA,IACR,SAAS;AAAA,IACT,QAAQ,CAAC,SAAiB;AAAA,MACxB,aAAa;AAAA,IACf;AAAA,IACA,QAAQ,CAAC,SAAiB;AAAA,MACxB,aAAa;AAAA,MACb,SAAS;AAAA,MACT,cAAc;AAAA,MACd,WAAW;AAAA,MACX,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,WAAW;AAAA,MACX,QAAQ,CAACA,UAAiB;AAAA,QACxB,GAAG,iBAAiB,qBAAqB,IAAI,cAAY,CAAC,SAAS,MAAM,MAAS,CAAC,CAAC;AAAA,QACpF,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,WAAW;AAAA,MACb;AAAA,MACA,eAAe,CAACA,UAAiB;AAAA,QAC/B,UAAU;AAAA,QACV,QAAQ;AAAA,QACR,SAAS;AAAA,MACX;AAAA,IACF;AAAA,IACA,OAAO,CAAC,SAAiB;AAAA,MACvB,aAAa;AAAA,MACb,cAAc;AAAA,IAChB;AAAA,EACF;AAAA,EAEA,WAAW;AAAA,IACT,QAAQ,CAAC,SAAiB;AAAA,MACxB,aAAa;AAAA,IACf;AAAA,EACF;AACF;AAUA,aAA4L,EAAE;AAY9L,aAAuI,EAAE;AAEzI,SAAS,gCAAgC,KAAe;AACtD,SAAO,UAAU,EAAE,GAAG,IAAI,GAAG,OAAM,aAAa,CAAC,IAAI,gCAAgC,CAAQ,IAAI,CAAE;AACrG;AASA,SAAS,cAA+E,UAAa,QAAgC;AACnI,QAAM,MAAW,gCAAgC,QAAQ;AAEzD,QAAO,YAAW,CAAC,KAAK,UAAU,KAAK,OAAO,QAAQ,MAAM,GAAG;AAC7D,QAAI,eAAe,OAAW;AAC9B,UAAM,WAAW,IAAI,MAAM,GAAG;AAC9B,QAAI,YAAiB;AACrB,QAAI,aAAkB;AACtB,eAAW,CAAC,OAAO,IAAI,KAAK,SAAS,QAAQ,GAAG;AAC9C,kBAAY,IAAI,WAAW,IAAI,IAAI,IAAI,WAAW,IAAI,IAAK,OAAO,cAAc,aAAc,UAAkB,IAAI,IAAI;AACxH,UAAI,cAAc,UAAa,CAAC,aAAa,SAAS,GAAG;AACvD,YAAI,KAAK,KAAK,UAAU;AACxB,iBAAS;AAAA,MACX;AACA,UAAI,CAAC,IAAI,YAAY,IAAI,EAAG,KAAI,YAAY,MAAM,gCAAgC,SAAS,CAAU;AACrG,mBAAa,IAAI,YAAY,IAAI;AAAA,IACnC;AACA,QAAI,KAAK,KAAK,aAAa,UAAU,IAAI,cAAc,WAAW,UAAU,IAAI,UAAU;AAAA,EAC5F;AACA,SAAO;AACT;AA6BO,SAAS,qBAAoE,QAAW;AAC7F,SAAO,cAAc,uBAAuB,MAAM;AACpD;AAEO,SAAS,oBAAkE,QAAW;AAC3F,SAAO;AAAA,IACL;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,yBAA4E,QAAwJ;AAClP,SAAO;AAAA,IACL;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,0BAA0B,QAAwR;AAChU,SAAO;AAAA,IACL;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,UACE;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAGA,eAAsB,sBAAyE,QAAW;AACxG,mBAAiB,MAAM;AACvB,QAAM,mBAAmB,OAAO;AAChC,QAAM,gBACJ,iBAAiB,SAAS,UAAU,OAAO,iBAAiB,sBAAsB,WAAW;AAAA,IAC3F,MAAM;AAAA,IACN,mBAAmB,EAAE,GAAG,gBAAgB,iBAAiB,iBAAiB,EAA4B;AAAA,EACxG,IACI,iBAAiB,SAAS,cAAc,OAAO,iBAAiB,qBAAqB,WAAW;AAAA,IAChG,MAAM;AAAA,IACN,kBAAkB,iBAAiB;AAAA,EACrC,IACI;AAAA,IACA,MAAM;AAAA,EACR;AAEN,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,EACF;AACF;AAEA,eAAsB,qBAAuE,QAAW;AACtG,mBAAiB,MAAM;AACvB,QAAM,WAAW,MAAM,sBAAsB,MAAM;AACnD,SAAO;AAAA,IACL,GAAG;AAAA,EACL;AACF;AAEA,eAAsB,0BAAiF,QAAW;AAChH,mBAAiB,MAAM;AACvB,QAAM,WAAW,MAAM,qBAAqB,MAAM;AAClD,SAAO;AAAA,IACL,GAAG;AAAA,EACL;AACF;AAEA,eAAsB,2BAA2B,QAAsD;AACrG,mBAAiB,MAAM;AACvB,QAAM,WAAW,MAAM,0BAA0B,MAAM;AACvD,QAAM,SAAwC;AAAA,IAC5C,GAAG;AAAA,IACH,GAAG,SAAS,OAAO;AAAA,EACrB;AACA,QAAM,YAA8C;AAAA,IAClD,GAAG;AAAA,IACH,GAAG,SAAS,OAAO;AAAA,EACrB;AACA,QAAM,SAAS,iBAAiB,aAAa,SAAS,SAAS,MAAM,EAAE,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM;AAC3F,UAAM,YAAY,MAAM,cAAc,QACpC,QACA,iBAAiB,OAAO,KAAK,MAAM,SAAS,EAAE,IAAI,CAACA,SAAQ,CAACA,MAAK,IAAa,CAAC,CAAC;AAClF,UAAM,SAAS,MAAM,WAAW,uBAC9B,uBACA,iBAAiB,aAAa,MAAM,MAAM,EAAE,IAAI,CAAC,CAACA,MAAK,KAAK,MAAM;AAChE,YAAM,OAAO,EAAE,YAAY,OAAO,GAAI,SAAS,CAAC,EAAG;AACnD,aAAO,CAACA,MAAK,IAAI;AAAA,IACnB,CAAC,CAAC;AACJ,WAAO,CAAC,KAAK;AAAA,MACX,GAAG;AAAA,MACH;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH,CAAC,CAAC;AACF,SAAO;AAAA,IACL,GAAG;AAAA,IACH,QAAQ;AAAA,MACN,GAAG,SAAS;AAAA,MACZ,iBAAiB,IAAI,QAAQ,SAAS,OAAO,eAAe,IAAI,SAAS,OAAO,kBAAkB;AAAA,MAClG;AAAA,MACA;AAAA,IACF;AAAA,IACA,UAAU;AAAA,MACR,GAAG,SAAS;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AACF;AAWA,eAAsB,wBAAiD,QAAW,gBAAyB,UAAoE,CAAC,GAAkC;AAIhN,MAAI,OAAO,mBAAmB,YAAY,mBAAmB,MAAM;AACjE,WAAO,OAAO,MAAM,4CAA4C;AAAA,EAClE;AACA,MAAI,OAAO,eAAe,cAAc,MAAM,OAAO,eAAe,CAAC,CAAC,GAAG;AACvE,WAAO,OAAO,MAAM,sDAAsD;AAAA,EAC5E;AAEA,QAAM,SAAS,uBAAuB,gBAAgB,EAAE,YAAY,WAAW,CAAC;AAChF,MAAI,OAAQ,QAAO,OAAO,MAAM,4BAA4B,MAAM;AAElE,QAAM,eAAe,CAACC,SAAuB,QAA2C;AACtF,UAAM,WAAW,IAAI,MAAM,GAAG;AAC9B,QAAI,CAACA,QAAO,UAAU,SAAS,CAAC,CAAC,GAAG;AAClC,aAAO;AAAA,IACT;AACA,UAAM,eAAeA,QAAO,UAAU,SAAS,CAAC,CAAC;AACjD,QAAI,aAAa,KAAK,GAAG,sCAAsC,CAAC,QAAQ,4CAA4C;AAClH,aAAO;AAAA,IACT;AACA,QAAI,SAAS,WAAW,GAAG;AACzB,aAAO;AAAA,IACT,OAAO;AACL,aAAO,aAAa,cAAc,SAAS,MAAM,CAAC,EAAE,KAAK,GAAG,CAAC;AAAA,IAC/D;AAAA,EACF;AAEA,QAAM,0BAA0B,CAAC,MAAcA,YAAyC;AACtF,UAAM,aAAaA,QAAO,KAAK,GAAG;AAClC,YAAQ,YAAY,MAAM;AAAA,MACxB,KAAK,UAAU;AACb,cAAM,eAAeA;AACrB,cAAM,cAAc,aAAa,SAAS;AAC1C,YAAI,MAAM,UAAU;AACpB,YAAI,YAAY,MAAM,KAAK,OAAK,EAAE,SAAS,MAAM,GAAG;AAClD,gBAAM,IAAI,KAAK;AAAA,QACjB;AACA,eAAO;AAAA,MACT;AAAA,MACA,KAAK,UAAU;AACb,eAAO,UAAU;AAAA,MACnB;AAAA,MACA,KAAK,WAAW;AACd,eAAO,WAAW;AAAA,MACpB;AAAA,MACA,KAAK,QAAQ;AACX,eAAO,QAAQ;AAAA,MACjB;AAAA,MACA,KAAK,SAAS;AACZ,eAAO,SAAS;AAAA,MAClB;AAAA,MACA,KAAK,SAAS;AACZ,cAAM,IAAI,oBAAoB,yFAAyF,EAAE,YAAY,QAAAA,QAAO,CAAC;AAAA,MAM/I;AAAA,MACA,KAAK,SAAS;AACZ,eAAO,SAAS,WAAW,MAAM,IAAI,CAAC,GAAG,UAAU,oBAAoB,OAAO,IAAI,KAAK,KAAK,CAAC,CAAC,CAAQ;AAAA,MACxG;AAAA,MACA,KAAK,SAAS;AACZ,cAAM,UAAU,WAAW;AAC3B,cAAM,mBAAmB,CAAC,GAAG,QAAQ,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,GAAG,iBAAiB,SAAS,QAAQ;AACnH,cAAM,gBAAgB,QAAQ,OAAO,CAAC,MAAkC,EAAE,KAAK,GAAG,iBAAiB,SAAS,QAAQ;AAGpH,cAAM,sBAAsB,CAAC,GAAG,IAAI,IAAI,cAAc,QAAQ,OAAK,OAAO,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;AAC1F,cAAM,qBAAqB;AAAA,UACzB,OAAO;AAAA,YACL,oBAAoB,IAAI,SAAO,CAAC,KAAK;AAAA,cACnC,GAAG,cAAc,QAAQ,CAAC,GAAG,UAAU,EAAE,UAAU,GAAG,IAAI,CAAC,EAAE,UAAU,GAAG,CAAC,IAAI,CAAC,CAAC;AAAA,YACnF,CAAC,CAAC;AAAA,UACJ;AAAA,QACF;AAEA,eAAO;AAAA,UACL,GAAG,iBAAiB,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,oBAAoB,OAAO,YAAY,KAAK,KAAK,CAAC,CAAC;AAAA,UAC3F,GAAG,cAAc,SAAS,IAAI,CAAC,oBAAoB,QAAQ,iBAAiB,SAAS,IAAI,cAAc,KAAK,kBAAkB,CAAC,IAAI,CAAC;AAAA,QACtI;AAAA,MACF;AAAA,MACA,KAAK,UAAU;AACb,eAAO,UAAU,oBAAoB,OAAO,QAAQ,WAAW,SAAS,GAAU,oBAAoB,OAAO,UAAU,WAAW,WAAW,CAAC;AAAA,MAChJ;AAAA,MACA,KAAK,UAAU;AACb,cAAM,eAAeA;AACrB,eAAO;AAAA,UACL,OAAO;AAAA,YACL,OAAO,QAAQ,aAAa,MAAM,EAC/B,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,oBAAoB,OAAO,MAAM,KAAK,KAAY,CAAC,CAAC;AAAA,UACrF;AAAA,QACF;AAAA,MACF;AAAA,MACA,KAAK,SAAS;AACZ,eAAO,SAAS;AAAA,MAClB;AAAA,MACA,SAAS;AACP,cAAM,IAAI,oBAAoB,+BAA+B,IAAI,KAAK,KAAK,UAAU,UAAU,CAAC,IAAI,EAAE,YAAY,QAAAA,QAAO,CAAC;AAAA,MAC5H;AAAA,IACF;AAAA,EACF;AACA,QAAM,sBAAsB,CAAC,MAAcA,YAAyC;AAClF,QAAI,aAAa,wBAAwB,MAAMA,OAAM;AACrD,iBAAa,WAAW,SAAS;AACjC,UAAM,cAAcA,QAAO,SAAS;AACpC,QAAI,YAAY,MAAM,SAAS,GAAG;AAChC,mBAAa,WAAW,MAAM,YAAY,KAAK;AAAA,IACjD;AACA,QAAI,YAAY,SAAS,SAAS,GAAG;AACnC,mBAAa,WAAW,SAAS,YAAY,QAAQ;AAAA,IACvD;AACA,WAAO;AAAA,EACT;AAEA,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,cAAc,GAAG;AACzD,QAAI,UAAU,OAAW;AACzB,UAAM,YAAY,aAAa,QAAQ,GAAG;AAC1C,QAAI,CAAC,WAAW;AACd,aAAO,OAAO,MAAM,WAAW,KAAK,UAAU,GAAG,CAAC,+BAA+B;AAAA,IACnF;AACA,QAAI,mBAAmB,oBAAoB,KAAK,SAAS;AACzD,QAAI;AACF,YAAM,iBAAiB,SAAS,OAAO;AAAA,QACrC,QAAQ;AAAA,QACR,GAAG;AAAA;AAAA,UAED,MAAM;AAAA,QACR;AAAA,QACA,SAAS;AAAA,UACP,uBAAuB,CAAC,EAAE;AAAA,QAC5B;AAAA,MACF,CAAC;AAAA,IACH,SAAS,OAAO;AACd,UAAI,iBAAqB,qBAAiB;AACxC,eAAO,OAAO,MAAM,MAAM,OAAO;AAAA,MACnC;AACA,YAAM;AAAA,IACR;AAAA,EACF;AACA,SAAO,OAAO,GAAG,IAAI;AACvB;AACA,eAAsB,6BAAsD,QAAW,QAAiB,UAAqF,CAAC,GAAkB;AAC9M,QAAM,MAAM,MAAM,wBAAwB,QAAQ,QAAQ,OAAO;AACjE,MAAI,IAAI,WAAW,QAAS,OAAM,IAAI,oBAAoB,6FAAwF,IAAI,KAAK,IAAI,EAAE,SAAS,QAAQ,OAAO,CAAC;AAC5L;AAMA,aAAwI,EAAE;AAC1I,kBAAsG,EAAE;AACxG,kBAAuJ,EAAE;AAUzJ,eAAsB,4BAAqD,QAAW,kBAAyD;AAE7I,QAAM,6BAA6B,QAAQ,kBAAkB,EAAE,4CAA4C,KAAK,CAAC;AAEjH,MAAI;AACJ,MAAI;AACF,iBAAa,UAAU,kBAAkB,EAAE,eAAe,eAAe,CAAC;AAAA,EAC5E,SAAS,OAAO;AACd,QAAI,iBAAiB,oBAAoB;AACvC,aAAO,OAAO,MAAM,iCAAiC,MAAM,OAAO;AAAA,IACpE;AACA,UAAM;AAAA,EACR;AAGA,MAAI;AACF,UAAM,OAAO,SAAS,YAAY;AAAA,MAChC,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,uBAAuB,CAAC,EAAE;AAAA,MAC5B;AAAA,IACF,CAAC;AACD,WAAO,OAAO,GAAG,IAAI;AAAA,EACvB,SAAS,OAAO;AACd,QAAI,iBAAqB,qBAAiB;AACxC,aAAO,OAAO,MAAM,MAAM,OAAO;AAAA,IACnC;AACA,UAAM;AAAA,EACR;AACF;AAuEA,kBAAmE,EAAE;AACrE,kBAAkE,EAAE;AACpE,kBAAuE,EAAE;AACzE,kBAAwE,EAAE;AAC1E,WAA2E,EAAE;AAC7E,WAAgF,EAAE;AAClF,kBAAkE,EAAE;","names":["key","schema"]}
package/dist/esm/helpers/vault/client-side.js ADDED
@@ -0,0 +1,46 @@
1
+ // src/helpers/vault/client-side.ts
2
+ import { decodeBase64, encodeBase64 } from "../../utils/bytes.js";
3
+ import { decrypt, encrypt, hash, iteratedHash } from "../../utils/crypto.js";
4
+ var hashPurpose = "stack-data-vault-client-side-encryption-key-hash";
5
+ var encryptionSecretPurpose = "stack-data-vault-client-side-encryption-value-encryption-key-hash";
6
+ var encryptionValuePurpose = "stack-data-vault-client-side-encryption-value-encryption-value-encryption";
7
+ async function getDerivedKey(secret, key) {
8
+ return await iteratedHash({
9
+ purpose: encryptionSecretPurpose,
10
+ extra: secret,
11
+ value: key,
12
+ iterations: 1e5
13
+ });
14
+ }
15
+ async function hashKey(secret, key) {
16
+ return encodeBase64(await hash({
17
+ purpose: hashPurpose,
18
+ extra: secret,
19
+ value: await getDerivedKey(secret, key)
20
+ }));
21
+ }
22
+ async function encryptValue(secret, key, value) {
23
+ const valueEncryptionDerivedKey = await getDerivedKey(secret, key);
24
+ const bytes = await encrypt({
25
+ purpose: encryptionValuePurpose,
26
+ secret: valueEncryptionDerivedKey,
27
+ value: new TextEncoder().encode(value)
28
+ });
29
+ return encodeBase64(bytes);
30
+ }
31
+ async function decryptValue(secret, key, encryptedValue) {
32
+ const valueEncryptionDerivedKey = await getDerivedKey(secret, key);
33
+ const bytesResult = await decrypt({
34
+ purpose: encryptionValuePurpose,
35
+ secret: valueEncryptionDerivedKey,
36
+ cipher: decodeBase64(encryptedValue)
37
+ });
38
+ if (bytesResult.status === "error") throw new Error("Data vault client-side decryption failed. Are you sure you're using the correct secret?", { cause: bytesResult.error });
39
+ return new TextDecoder().decode(bytesResult.data);
40
+ }
41
+ export {
42
+ decryptValue,
43
+ encryptValue,
44
+ hashKey
45
+ };
46
+ //# sourceMappingURL=client-side.js.map
package/dist/esm/helpers/vault/client-side.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../../src/helpers/vault/client-side.ts"],"sourcesContent":["import { decodeBase64, encodeBase64 } from \"../../utils/bytes\";\nimport { decrypt, encrypt, hash, iteratedHash } from \"../../utils/crypto\";\n\nconst hashPurpose = \"stack-data-vault-client-side-encryption-key-hash\";\nconst encryptionSecretPurpose = \"stack-data-vault-client-side-encryption-value-encryption-key-hash\";\nconst encryptionValuePurpose = \"stack-data-vault-client-side-encryption-value-encryption-value-encryption\";\n\n\nasync function getDerivedKey(secret: string, key: string) {\n return await iteratedHash({\n purpose: encryptionSecretPurpose,\n extra: secret,\n value: key,\n iterations: 100_000,\n });\n}\n\n/**\n * Use to hash the key so the server cannot infer it.\n */\nexport async function hashKey(secret: string, key: string) {\n return encodeBase64(await hash({\n purpose: hashPurpose,\n extra: secret,\n value: await getDerivedKey(secret, key),\n }));\n}\n\n/**\n * Use to encrypt the value so that the server cannot read the value without knowing the key.\n */\nexport async function encryptValue(secret: string, key: string, value: string) {\n const valueEncryptionDerivedKey = await getDerivedKey(secret, key);\n\n const bytes = await encrypt({\n purpose: encryptionValuePurpose,\n secret: valueEncryptionDerivedKey,\n value: new TextEncoder().encode(value)\n });\n return encodeBase64(bytes);\n}\n\n/**\n * Use to decrypt the value. See encryptValue.\n */\nexport async function decryptValue(secret: string, key: string, encryptedValue: string) {\n const valueEncryptionDerivedKey = await getDerivedKey(secret, key);\n\n const bytesResult = await decrypt({\n purpose: encryptionValuePurpose,\n secret: valueEncryptionDerivedKey,\n cipher: decodeBase64(encryptedValue),\n });\n if (bytesResult.status === \"error\") throw new Error(\"Data vault client-side decryption failed. Are you sure you're using the correct secret?\", { cause: bytesResult.error });\n return new TextDecoder().decode(bytesResult.data);\n}\n\n\nundefined?.describe(\"encryptValue & decryptValue\", () => {\n undefined?.it(\"should encrypt and decrypt a value\", async ({ expect }) => {\n const secret = \"test-secret\";\n const value = \"test-value\";\n const encrypted = await encryptValue(secret, \"key\", value);\n const decrypted = await decryptValue(secret, \"key\", encrypted);\n expect(decrypted).toEqual(value);\n });\n\n undefined?.it(\"should not decrypt a value with a different secret\", async ({ expect }) => {\n const secret = \"test-secret\";\n const value = \"test-value\";\n const encrypted = await encryptValue(secret, \"key\", value);\n await expect(decryptValue(\"different-secret\", \"key\", encrypted)).rejects.toThrow();\n });\n\n undefined?.it(\"should not decrypt a value with a different key\", async ({ expect }) => {\n const secret = \"test-secret\";\n const value = \"test-value\";\n const encrypted = await encryptValue(secret, \"key\", value);\n await expect(decryptValue(secret, \"different-key\", encrypted)).rejects.toThrow();\n });\n\n undefined?.it(\"should not decrypt a value if the cipher was tampered with\", async ({ expect }) => {\n const secret = \"test-secret\";\n const value = \"test-value\";\n const encrypted = await encryptValue(secret, \"key\", value);\n const tampered = encrypted + \"7\";\n await expect(decryptValue(secret, \"key\", tampered)).rejects.toThrow();\n });\n});\n"],"mappings":";AAAA,SAAS,cAAc,oBAAoB;AAC3C,SAAS,SAAS,SAAS,MAAM,oBAAoB;AAErD,IAAM,cAAc;AACpB,IAAM,0BAA0B;AAChC,IAAM,yBAAyB;AAG/B,eAAe,cAAc,QAAgB,KAAa;AACxD,SAAO,MAAM,aAAa;AAAA,IACxB,SAAS;AAAA,IACT,OAAO;AAAA,IACP,OAAO;AAAA,IACP,YAAY;AAAA,EACd,CAAC;AACH;AAKA,eAAsB,QAAQ,QAAgB,KAAa;AACzD,SAAO,aAAa,MAAM,KAAK;AAAA,IAC7B,SAAS;AAAA,IACT,OAAO;AAAA,IACP,OAAO,MAAM,cAAc,QAAQ,GAAG;AAAA,EACxC,CAAC,CAAC;AACJ;AAKA,eAAsB,aAAa,QAAgB,KAAa,OAAe;AAC7E,QAAM,4BAA4B,MAAM,cAAc,QAAQ,GAAG;AAEjE,QAAM,QAAQ,MAAM,QAAQ;AAAA,IAC1B,SAAS;AAAA,IACT,QAAQ;AAAA,IACR,OAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AAAA,EACvC,CAAC;AACD,SAAO,aAAa,KAAK;AAC3B;AAKA,eAAsB,aAAa,QAAgB,KAAa,gBAAwB;AACtF,QAAM,4BAA4B,MAAM,cAAc,QAAQ,GAAG;AAEjE,QAAM,cAAc,MAAM,QAAQ;AAAA,IAChC,SAAS;AAAA,IACT,QAAQ;AAAA,IACR,QAAQ,aAAa,cAAc;AAAA,EACrC,CAAC;AACD,MAAI,YAAY,WAAW,QAAS,OAAM,IAAI,MAAM,2FAA2F,EAAE,OAAO,YAAY,MAAM,CAAC;AAC3K,SAAO,IAAI,YAAY,EAAE,OAAO,YAAY,IAAI;AAClD;","names":[]}
package/dist/esm/helpers/vault/server-side.js ADDED
@@ -0,0 +1,92 @@
1
+ // src/helpers/vault/server-side.ts
2
+ import {
3
+ CreateAliasCommand,
4
+ CreateKeyCommand,
5
+ DecryptCommand,
6
+ DescribeKeyCommand,
7
+ GenerateDataKeyCommand,
8
+ KMSClient
9
+ } from "@aws-sdk/client-kms";
10
+ import { decodeBase64, encodeBase64 } from "../../utils/bytes.js";
11
+ import { decrypt, encrypt } from "../../utils/crypto.js";
12
+ import { getEnvVariable } from "../../utils/env.js";
13
+ import { Result } from "../../utils/results.js";
14
+ function getKmsClient() {
15
+ return new KMSClient({
16
+ region: getEnvVariable("STACK_AWS_REGION"),
17
+ endpoint: getEnvVariable("STACK_AWS_KMS_ENDPOINT"),
18
+ credentials: {
19
+ accessKeyId: getEnvVariable("STACK_AWS_ACCESS_KEY_ID"),
20
+ secretAccessKey: getEnvVariable("STACK_AWS_SECRET_ACCESS_KEY")
21
+ }
22
+ });
23
+ }
24
+ async function getOrCreateKekId() {
25
+ const id = "alias/stack-data-vault-server-side-kek";
26
+ const kms = getKmsClient();
27
+ try {
28
+ const describeResult = await kms.send(new DescribeKeyCommand({ KeyId: id }));
29
+ if (describeResult.KeyMetadata?.KeyId) return describeResult.KeyMetadata.KeyId;
30
+ } catch (e) {
31
+ if (e instanceof Error && e.name !== "NotFoundException") {
32
+ throw e;
33
+ }
34
+ }
35
+ const { KeyMetadata } = await kms.send(new CreateKeyCommand({
36
+ KeyUsage: "ENCRYPT_DECRYPT",
37
+ Description: "DataVault KEK"
38
+ }));
39
+ await kms.send(new CreateAliasCommand({ AliasName: id, TargetKeyId: KeyMetadata.KeyId }));
40
+ return id;
41
+ }
42
+ async function genDEK() {
43
+ const kekId = await getOrCreateKekId();
44
+ const kms = getKmsClient();
45
+ const out = await kms.send(new GenerateDataKeyCommand({ KeyId: kekId, KeySpec: "AES_256" }));
46
+ if (!out.Plaintext || !out.CiphertextBlob) throw new Error("GenerateDataKey failed");
47
+ return {
48
+ dekBytes: out.Plaintext,
49
+ edkBytes: out.CiphertextBlob
50
+ };
51
+ }
52
+ async function unwrapDEK(edk_b64) {
53
+ const edkBytes = decodeBase64(edk_b64);
54
+ const kms = getKmsClient();
55
+ const out = await kms.send(new DecryptCommand({ CiphertextBlob: edkBytes }));
56
+ if (!out.Plaintext) throw new Error("KMS Decrypt failed");
57
+ return {
58
+ dekBytes: out.Plaintext,
59
+ edkBytes
60
+ };
61
+ }
62
+ async function encryptWithKms(value) {
63
+ const { dekBytes, edkBytes } = await genDEK();
64
+ try {
65
+ const ciphertext = await encrypt({
66
+ purpose: "stack-data-vault-server-side-encryption",
67
+ secret: dekBytes,
68
+ value: new TextEncoder().encode(value)
69
+ });
70
+ return { edkBase64: encodeBase64(edkBytes), ciphertextBase64: encodeBase64(ciphertext) };
71
+ } finally {
72
+ dekBytes.fill(0);
73
+ }
74
+ }
75
+ async function decryptWithKms(encrypted) {
76
+ const { dekBytes } = await unwrapDEK(encrypted.edkBase64);
77
+ try {
78
+ const value = Result.orThrow(await decrypt({
79
+ purpose: "stack-data-vault-server-side-encryption",
80
+ secret: dekBytes,
81
+ cipher: decodeBase64(encrypted.ciphertextBase64)
82
+ }));
83
+ return new TextDecoder().decode(value);
84
+ } finally {
85
+ dekBytes.fill(0);
86
+ }
87
+ }
88
+ export {
89
+ decryptWithKms,
90
+ encryptWithKms
91
+ };
92
+ //# sourceMappingURL=server-side.js.map
package/dist/esm/helpers/vault/server-side.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../../src/helpers/vault/server-side.ts"],"sourcesContent":["import {\n CreateAliasCommand,\n CreateKeyCommand,\n DecryptCommand,\n DescribeKeyCommand,\n GenerateDataKeyCommand,\n KMSClient\n} from \"@aws-sdk/client-kms\";\nimport { decodeBase64, encodeBase64 } from \"../../utils/bytes\";\nimport { decrypt, encrypt } from \"../../utils/crypto\";\nimport { getEnvVariable } from \"../../utils/env\";\nimport { Result } from \"../../utils/results\";\n\nfunction getKmsClient() {\n return new KMSClient({\n region: getEnvVariable(\"STACK_AWS_REGION\"),\n endpoint: getEnvVariable(\"STACK_AWS_KMS_ENDPOINT\"),\n credentials: {\n accessKeyId: getEnvVariable(\"STACK_AWS_ACCESS_KEY_ID\"),\n secretAccessKey: getEnvVariable(\"STACK_AWS_SECRET_ACCESS_KEY\")\n }\n });\n}\n\nasync function getOrCreateKekId(): Promise<string> {\n const id = \"alias/stack-data-vault-server-side-kek\";\n const kms = getKmsClient();\n try {\n const describeResult = await kms.send(new DescribeKeyCommand({ KeyId: id }));\n if (describeResult.KeyMetadata?.KeyId) return describeResult.KeyMetadata.KeyId;\n } catch (e) {\n if (e instanceof Error && e.name !== \"NotFoundException\") {\n throw e;\n }\n }\n const { KeyMetadata } = await kms.send(new CreateKeyCommand({\n KeyUsage: \"ENCRYPT_DECRYPT\",\n Description: \"DataVault KEK\"\n }));\n await kms.send(new CreateAliasCommand({ AliasName: id, TargetKeyId: KeyMetadata!.KeyId! }));\n return id;\n}\n\nasync function genDEK() {\n const kekId = await getOrCreateKekId();\n const kms = getKmsClient();\n const out = await kms.send(new GenerateDataKeyCommand({ KeyId: kekId, KeySpec: \"AES_256\" }));\n if (!out.Plaintext || !out.CiphertextBlob) throw new Error(\"GenerateDataKey failed\");\n return {\n dekBytes: out.Plaintext,\n edkBytes: out.CiphertextBlob,\n };\n}\n\nasync function unwrapDEK(edk_b64: string) {\n const edkBytes = decodeBase64(edk_b64);\n const kms = getKmsClient();\n const out = await kms.send(new DecryptCommand({ CiphertextBlob: edkBytes }));\n if (!out.Plaintext) throw new Error(\"KMS Decrypt failed\");\n return {\n dekBytes: out.Plaintext,\n edkBytes,\n };\n}\n\nexport async function encryptWithKms(value: string) {\n const { dekBytes, edkBytes } = await genDEK();\n try {\n const ciphertext = await encrypt({\n purpose: \"stack-data-vault-server-side-encryption\",\n secret: dekBytes,\n value: new TextEncoder().encode(value),\n });\n return { edkBase64: encodeBase64(edkBytes), ciphertextBase64: encodeBase64(ciphertext) };\n } finally {\n dekBytes.fill(0);\n }\n}\n\nexport async function decryptWithKms(encrypted: Awaited<ReturnType<typeof encryptWithKms>>) {\n const { dekBytes } = await unwrapDEK(encrypted.edkBase64);\n try {\n const value = Result.orThrow(await decrypt({\n purpose: \"stack-data-vault-server-side-encryption\",\n secret: dekBytes,\n cipher: decodeBase64(encrypted.ciphertextBase64),\n }));\n return new TextDecoder().decode(value);\n } finally {\n dekBytes.fill(0);\n }\n}\n"],"mappings":";AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,cAAc,oBAAoB;AAC3C,SAAS,SAAS,eAAe;AACjC,SAAS,sBAAsB;AAC/B,SAAS,cAAc;AAEvB,SAAS,eAAe;AACtB,SAAO,IAAI,UAAU;AAAA,IACnB,QAAQ,eAAe,kBAAkB;AAAA,IACzC,UAAU,eAAe,wBAAwB;AAAA,IACjD,aAAa;AAAA,MACX,aAAa,eAAe,yBAAyB;AAAA,MACrD,iBAAiB,eAAe,6BAA6B;AAAA,IAC/D;AAAA,EACF,CAAC;AACH;AAEA,eAAe,mBAAoC;AACjD,QAAM,KAAK;AACX,QAAM,MAAM,aAAa;AACzB,MAAI;AACF,UAAM,iBAAiB,MAAM,IAAI,KAAK,IAAI,mBAAmB,EAAE,OAAO,GAAG,CAAC,CAAC;AAC3E,QAAI,eAAe,aAAa,MAAO,QAAO,eAAe,YAAY;AAAA,EAC3E,SAAS,GAAG;AACV,QAAI,aAAa,SAAS,EAAE,SAAS,qBAAqB;AACxD,YAAM;AAAA,IACR;AAAA,EACF;AACA,QAAM,EAAE,YAAY,IAAI,MAAM,IAAI,KAAK,IAAI,iBAAiB;AAAA,IAC1D,UAAU;AAAA,IACV,aAAa;AAAA,EACf,CAAC,CAAC;AACF,QAAM,IAAI,KAAK,IAAI,mBAAmB,EAAE,WAAW,IAAI,aAAa,YAAa,MAAO,CAAC,CAAC;AAC1F,SAAO;AACT;AAEA,eAAe,SAAS;AACtB,QAAM,QAAQ,MAAM,iBAAiB;AACrC,QAAM,MAAM,aAAa;AACzB,QAAM,MAAM,MAAM,IAAI,KAAK,IAAI,uBAAuB,EAAE,OAAO,OAAO,SAAS,UAAU,CAAC,CAAC;AAC3F,MAAI,CAAC,IAAI,aAAa,CAAC,IAAI,eAAgB,OAAM,IAAI,MAAM,wBAAwB;AACnF,SAAO;AAAA,IACL,UAAU,IAAI;AAAA,IACd,UAAU,IAAI;AAAA,EAChB;AACF;AAEA,eAAe,UAAU,SAAiB;AACxC,QAAM,WAAW,aAAa,OAAO;AACrC,QAAM,MAAM,aAAa;AACzB,QAAM,MAAM,MAAM,IAAI,KAAK,IAAI,eAAe,EAAE,gBAAgB,SAAS,CAAC,CAAC;AAC3E,MAAI,CAAC,IAAI,UAAW,OAAM,IAAI,MAAM,oBAAoB;AACxD,SAAO;AAAA,IACL,UAAU,IAAI;AAAA,IACd;AAAA,EACF;AACF;AAEA,eAAsB,eAAe,OAAe;AAClD,QAAM,EAAE,UAAU,SAAS,IAAI,MAAM,OAAO;AAC5C,MAAI;AACF,UAAM,aAAa,MAAM,QAAQ;AAAA,MAC/B,SAAS;AAAA,MACT,QAAQ;AAAA,MACR,OAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AAAA,IACvC,CAAC;AACD,WAAO,EAAE,WAAW,aAAa,QAAQ,GAAG,kBAAkB,aAAa,UAAU,EAAE;AAAA,EACzF,UAAE;AACA,aAAS,KAAK,CAAC;AAAA,EACjB;AACF;AAEA,eAAsB,eAAe,WAAuD;AAC1F,QAAM,EAAE,SAAS,IAAI,MAAM,UAAU,UAAU,SAAS;AACxD,MAAI;AACF,UAAM,QAAQ,OAAO,QAAQ,MAAM,QAAQ;AAAA,MACzC,SAAS;AAAA,MACT,QAAQ;AAAA,MACR,QAAQ,aAAa,UAAU,gBAAgB;AAAA,IACjD,CAAC,CAAC;AACF,WAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AAAA,EACvC,UAAE;AACA,aAAS,KAAK,CAAC;AAAA,EACjB;AACF;","names":[]}
package/dist/esm/hooks/use-hover.js ADDED
@@ -0,0 +1,71 @@
1
+ // src/hooks/use-hover.tsx
2
+ import { useLayoutEffect } from "react";
3
+ import { useRefState } from "../utils/react.js";
4
+ function useHover(ref, options = {}) {
5
+ const counter = useRefState(0);
6
+ useLayoutEffect(() => {
7
+ const el = ref.current;
8
+ if (!el) return;
9
+ let incr = 0;
10
+ let prevInside = false;
11
+ const contains = (r, x, y) => x >= r.left && x <= r.right && y >= r.top && y <= r.bottom;
12
+ const enter = () => {
13
+ incr++;
14
+ counter.set((c) => c + 1);
15
+ if (counter.current === 1) {
16
+ options.onMouseEnter?.();
17
+ }
18
+ };
19
+ const leave = () => {
20
+ incr--;
21
+ requestAnimationFrame(() => {
22
+ requestAnimationFrame(() => {
23
+ counter.set((c) => c - 1);
24
+ if (counter.current === 0) {
25
+ options.onMouseLeave?.();
26
+ }
27
+ });
28
+ });
29
+ };
30
+ const topMatchesTarget = (x, y) => {
31
+ const top = document.elementFromPoint(x, y);
32
+ return !!(top && (top === el || el.contains(top)));
33
+ };
34
+ const processPoint = (x, y) => {
35
+ const rect = el.getBoundingClientRect();
36
+ const inside = contains(rect, x, y) && topMatchesTarget(x, y);
37
+ if (inside && !prevInside) {
38
+ enter();
39
+ } else if (!inside && prevInside) {
40
+ leave();
41
+ }
42
+ prevInside = inside;
43
+ };
44
+ const onMove = (e) => {
45
+ if (e.pointerType !== "mouse") return;
46
+ const batch = e.getCoalescedEvents();
47
+ if (batch.length) {
48
+ for (let eventIndex = 0; eventIndex < batch.length - 1; eventIndex++) {
49
+ const e1 = batch[eventIndex];
50
+ const e2 = batch[eventIndex + 1];
51
+ const steps = 10;
52
+ for (let i = 0; i <= steps; i++) {
53
+ processPoint(e1.clientX + (e2.clientX - e1.clientX) * i / steps, e1.clientY + (e2.clientY - e1.clientY) * i / steps);
54
+ }
55
+ }
56
+ } else {
57
+ processPoint(e.clientX, e.clientY);
58
+ }
59
+ };
60
+ window.addEventListener("pointermove", onMove, { passive: true });
61
+ return () => {
62
+ window.removeEventListener("pointermove", onMove);
63
+ counter.set((c) => c - incr);
64
+ };
65
+ }, []);
66
+ return counter.current > 0;
67
+ }
68
+ export {
69
+ useHover
70
+ };
71
+ //# sourceMappingURL=use-hover.js.map
package/dist/esm/hooks/use-hover.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../src/hooks/use-hover.tsx"],"sourcesContent":["import { useLayoutEffect } from \"react\";\nimport { useRefState } from \"../utils/react\";\n\nexport function useHover<T extends HTMLElement>(\n ref: React.RefObject<T>,\n options: {\n onMouseEnter?: () => void,\n onMouseLeave?: () => void,\n } = {},\n): boolean {\n // Internal counter: mouseenter++ / mouseleave-- (isHovering = counter > 0)\n const counter = useRefState(0);\n\n useLayoutEffect(() => {\n const el = ref.current;\n if (!el) return;\n let incr = 0;\n let prevInside = false;\n\n const contains = (r: DOMRect, x: number, y: number) =>\n x >= r.left && x <= r.right && y >= r.top && y <= r.bottom;\n\n const enter = () => {\n incr++;\n counter.set(c => c + 1);\n if (counter.current === 1) {\n options.onMouseEnter?.();\n }\n };\n\n const leave = () => {\n incr--;\n requestAnimationFrame(() => {\n requestAnimationFrame(() => {\n counter.set(c => c - 1);\n if (counter.current === 0) {\n options.onMouseLeave?.();\n }\n });\n });\n };\n\n const topMatchesTarget = (x: number, y: number) => {\n const top = document.elementFromPoint(x, y);\n return !!(top && (top === el || el.contains(top)));\n };\n\n const processPoint = (x: number, y: number) => {\n const rect = el.getBoundingClientRect();\n\n // True “hoverability”: inside rect AND not occluded by others\n const inside = contains(rect, x, y) && topMatchesTarget(x, y);\n if (inside && !prevInside) {\n enter();\n } else if (!inside && prevInside) {\n leave();\n }\n prevInside = inside;\n };\n\n const onMove = (e: PointerEvent) => {\n if (e.pointerType !== \"mouse\") return; // keep it hover-only\n // Use coalesced points when available\n const batch = e.getCoalescedEvents();\n if (batch.length) {\n for (let eventIndex = 0; eventIndex < batch.length - 1; eventIndex++) {\n const e1 = batch[eventIndex];\n const e2 = batch[eventIndex + 1];\n const steps = 10;\n for (let i = 0; i <= steps; i++) {\n processPoint(e1.clientX + (e2.clientX - e1.clientX) * i / steps, e1.clientY + (e2.clientY - e1.clientY) * i / steps);\n }\n }\n } else {\n processPoint(e.clientX, e.clientY);\n }\n };\n\n window.addEventListener(\"pointermove\", onMove, { passive: true });\n\n return () => {\n window.removeEventListener(\"pointermove\", onMove);\n counter.set(c => c - incr);\n };\n }, []);\n\n return counter.current > 0;\n}\n"],"mappings":";AAAA,SAAS,uBAAuB;AAChC,SAAS,mBAAmB;AAErB,SAAS,SACd,KACA,UAGI,CAAC,GACI;AAET,QAAM,UAAU,YAAY,CAAC;AAE7B,kBAAgB,MAAM;AACpB,UAAM,KAAK,IAAI;AACf,QAAI,CAAC,GAAI;AACT,QAAI,OAAO;AACX,QAAI,aAAa;AAEjB,UAAM,WAAW,CAAC,GAAY,GAAW,MACvC,KAAK,EAAE,QAAQ,KAAK,EAAE,SAAS,KAAK,EAAE,OAAO,KAAK,EAAE;AAEtD,UAAM,QAAQ,MAAM;AAClB;AACA,cAAQ,IAAI,OAAK,IAAI,CAAC;AACtB,UAAI,QAAQ,YAAY,GAAG;AACzB,gBAAQ,eAAe;AAAA,MACzB;AAAA,IACF;AAEA,UAAM,QAAQ,MAAM;AAClB;AACA,4BAAsB,MAAM;AAC1B,8BAAsB,MAAM;AAC1B,kBAAQ,IAAI,OAAK,IAAI,CAAC;AACtB,cAAI,QAAQ,YAAY,GAAG;AACzB,oBAAQ,eAAe;AAAA,UACzB;AAAA,QACF,CAAC;AAAA,MACH,CAAC;AAAA,IACH;AAEA,UAAM,mBAAmB,CAAC,GAAW,MAAc;AACjD,YAAM,MAAM,SAAS,iBAAiB,GAAG,CAAC;AAC1C,aAAO,CAAC,EAAE,QAAQ,QAAQ,MAAM,GAAG,SAAS,GAAG;AAAA,IACjD;AAEA,UAAM,eAAe,CAAC,GAAW,MAAc;AAC7C,YAAM,OAAO,GAAG,sBAAsB;AAGtC,YAAM,SAAS,SAAS,MAAM,GAAG,CAAC,KAAK,iBAAiB,GAAG,CAAC;AAC5D,UAAI,UAAU,CAAC,YAAY;AACzB,cAAM;AAAA,MACR,WAAW,CAAC,UAAU,YAAY;AAChC,cAAM;AAAA,MACR;AACA,mBAAa;AAAA,IACf;AAEA,UAAM,SAAS,CAAC,MAAoB;AAClC,UAAI,EAAE,gBAAgB,QAAS;AAE/B,YAAM,QAAQ,EAAE,mBAAmB;AACnC,UAAI,MAAM,QAAQ;AAChB,iBAAS,aAAa,GAAG,aAAa,MAAM,SAAS,GAAG,cAAc;AACpE,gBAAM,KAAK,MAAM,UAAU;AAC3B,gBAAM,KAAK,MAAM,aAAa,CAAC;AAC/B,gBAAM,QAAQ;AACd,mBAAS,IAAI,GAAG,KAAK,OAAO,KAAK;AAC/B,yBAAa,GAAG,WAAW,GAAG,UAAU,GAAG,WAAW,IAAI,OAAO,GAAG,WAAW,GAAG,UAAU,GAAG,WAAW,IAAI,KAAK;AAAA,UACrH;AAAA,QACF;AAAA,MACF,OAAO;AACL,qBAAa,EAAE,SAAS,EAAE,OAAO;AAAA,MACnC;AAAA,IACF;AAEA,WAAO,iBAAiB,eAAe,QAAQ,EAAE,SAAS,KAAK,CAAC;AAEhE,WAAO,MAAM;AACX,aAAO,oBAAoB,eAAe,MAAM;AAChD,cAAQ,IAAI,OAAK,IAAI,IAAI;AAAA,IAC3B;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,SAAO,QAAQ,UAAU;AAC3B;","names":[]}
package/dist/esm/interface/admin-interface.js CHANGED
@@ -1,4 +1,6 @@
1
1
  // src/interface/admin-interface.ts
2
+ import { KnownErrors } from "../known-errors.js";
3
+ import { Result } from "../utils/results.js";
2
4
  import { StackServerInterface } from "./server-interface.js";
3
5
  var StackAdminInterface = class extends StackServerInterface {
4
6
  constructor(options) {
@@ -19,6 +21,18 @@ var StackAdminInterface = class extends StackServerInterface {
19
21
  requestType
20
22
  );
21
23
  }
24
+ async sendAdminRequestAndCatchKnownError(path, requestOptions, tokenStoreOrNull, errorsToCatch) {
25
+ try {
26
+ return Result.ok(await this.sendAdminRequest(path, requestOptions, tokenStoreOrNull));
27
+ } catch (e) {
28
+ for (const errorType of errorsToCatch) {
29
+ if (errorType.isInstance(e)) {
30
+ return Result.error(e);
31
+ }
32
+ }
33
+ throw e;
34
+ }
35
+ }
22
36
  async getProject() {
23
37
  const response = await this.sendAdminRequest(
24
38
  "/internal/projects/current",
@@ -410,12 +424,16 @@ var StackAdminInterface = class extends StackServerInterface {
410
424
  return await response.json();
411
425
  }
412
426
  async getStripeAccountInfo() {
413
- const response = await this.sendAdminRequest(
427
+ const response = await this.sendAdminRequestAndCatchKnownError(
414
428
  "/internal/payments/stripe/account-info",
415
429
  {},
416
- null
430
+ null,
431
+ [KnownErrors.StripeAccountInfoNotFound]
417
432
  );
418
- return await response.json();
433
+ if (response.status === "error") {
434
+ return null;
435
+ }
436
+ return await response.data.json();
419
437
  }
420
438
  async createStripeWidgetAccountSession() {
421
439
  const response = await this.sendAdminRequest(