@varlock/nextjs-integration 0.3.2 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/next-env-compat.js +2 -1
  2. package/dist/next-env-compat.js.map +1 -1
  3. package/dist/plugin.js +1 -0
  4. package/dist/plugin.js.map +1 -1
  5. package/package.json +5 -4
package/dist/next-env-compat.js CHANGED
@@ -2,6 +2,7 @@
2
2
 
3
3
  var fs = require('fs');
4
4
  var path = require('path');
5
+ require('varlock');
5
6
  var env = require('varlock/env');
6
7
  var patchConsole = require('varlock/patch-console');
7
8
  var execSyncVarlock = require('varlock/exec-sync-varlock');
@@ -36,7 +37,7 @@ var parsedEnv;
36
37
  var loadedEnvFiles = [];
37
38
  var rootDir;
38
39
  function getVarlockSourcesAsLoadedEnvFiles() {
39
- const envFilesLabels = varlockLoadedEnv.sources.filter((s) => s.enabled && !s.label.startsWith("directory -")).map((s) => s.label);
40
+ const envFilesLabels = varlockLoadedEnv.sources.filter((s) => s.enabled && s.type !== "container" && s.type !== "import-alias").map((s) => s.label);
40
41
  if (envFilesLabels.length) {
41
42
  envFilesLabels.push("\n \u2728 loaded by varlock \u2728");
42
43
  }
package/dist/next-env-compat.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/next-env-compat.ts"],"names":["initialEnv","path","fs","resetRedactionMap","patchGlobalConsole","execSyncVarlock","initVarlockEnv"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsBWA;AAEX,IAAI,YAAA;AAEJ,IAAI,gBAAA;AACJ,IAAI,WAAA;AACJ,IAAI,SAAA;AAEJ,IAAI,iBAAiC,EAAC;AACtC,IAAI,OAAA;AAIJ,SAAS,iCAAA,GAAoD;AAC3D,EAAA,MAAM,iBAAiB,gBAAA,CAAiB,OAAA,CAGrC,OAAO,CAAC,CAAA,KAAM,EAAE,OAAA,IAAW,CAAC,EAAE,KAAA,CAAM,UAAA,CAAW,aAAa,CAAC,CAAA,CAC7D,IAAI,CAAC,CAAA,KAAM,EAAE,KAAK,CAAA;AACrB,EAAA,IAAI,eAAe,MAAA,EAAQ;AAEzB,IAAA,cAAA,CAAe,KAAK,sDAA4C,CAAA;AAAA,EAClE;AAEA,EAAA,MAAM,eAAe,CAAC,GAAG,IAAI,GAAA,CAAI,cAAc,CAAC,CAAA;AAEhD,EAAA,OAAO,YAAA,CAAa,GAAA,CAAI,CAAC,KAAA,MAAW;AAAA,IAClC,IAAA,EAAM,KAAA;AAAA,IACN,QAAA,EAAU,EAAA;AAAA,IACV,KAAK;AAAC,GACR,CAAE,CAAA;AACJ;AAEA,IAAM,SAAA,GAAY,CAAC,CAAC,OAAA,CAAQ,GAAA,CAAI,mBAAA;AAChC,SAAS,SAAS,IAAA,EAAkB;AAClC,EAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,8BAAA,EAAgC;AAEjD,EAAA,OAAA,CAAQ,GAAA;AAAA,IACN,YAAY,YAAA,GAAe,YAAA;AAAA,IAC3B,GAAG;AAAA,GACL;AACF;AACA,KAAA,CAAM,iCAA4B,CAAA;AAMlC,IAAM,sBAAA,GAAyB,CAAC,MAAA,EAAQ,YAAA,EAAc,oBAAoB,wBAAwB,CAAA;AAClG,IAAM,iBAAA,uBAAwB,GAAA,EAAY;AAE1C,SAAS,uBAAA,CAAwB,SAAwC,QAAA,EAAmB;AAC1F,EAAA,IAAI,SAAA,IAAa,CAAC,OAAA,EAAS;AAG3B,EAAA,MAAM,mBAAA,GAAsB,IAAI,GAAA,CAAI,sBAAA,CAAuB,GAAA,CAAI,CAAC,CAAA,KAAWC,eAAA,CAAA,IAAA,CAAK,OAAA,EAAU,CAAC,CAAC,CAAC,CAAA;AAC7F,EAAA,MAAM,iBAAgC,EAAC;AACvC,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,IAAI,CAAC,MAAA,CAAO,OAAA,IAAW,CAAC,OAAO,IAAA,EAAM;AACrC,IAAA,MAAM,OAAA,GAAU,QAAA,GAAgBA,eAAA,CAAA,OAAA,CAAQ,QAAA,EAAU,MAAA,CAAO,IAAI,CAAA,GAASA,eAAA,CAAA,OAAA,CAAQ,OAAA,EAAU,MAAA,CAAO,IAAI,CAAA;AACnG,IAAA,IAAI,CAAC,oBAAoB,GAAA,CAAI,OAAO,KAAK,CAAC,iBAAA,CAAkB,GAAA,CAAI,OAAO,CAAA,EAAG;AACxE,MAAA,cAAA,CAAe,KAAK,OAAO,CAAA;AAAA,IAC7B;AAAA,EACF;AAEA,EAAA,MAAM,aAAA,GAAqBA,eAAA,CAAA,IAAA,CAAK,OAAA,EAAU,aAAa,CAAA;AACvD,EAAA,IAAI,CAAC,oBAAoB,GAAA,CAAI,aAAa,KAAK,CAAC,iBAAA,CAAkB,GAAA,CAAI,aAAa,CAAA,EAAG;AACpF,IAAA,cAAA,CAAe,KAAK,aAAa,CAAA;AAAA,EACnC;AAEA,EAAA,IAAI,CAAC,eAAe,MAAA,EAAQ;AAI5B,EAAA,IAAI,eAAA,GAAiC,IAAA;AACrC,EAAA,KAAA,MAAW,eAAe,sBAAA,EAAwB;AAChD,IAAA,MAAM,QAAA,GAAgBA,eAAA,CAAA,IAAA,CAAK,OAAA,EAAU,WAAW,CAAA;AAChD,IAAA,IAAOC,aAAA,CAAA,UAAA,CAAW,QAAQ,CAAA,EAAG;AAC3B,MAAA,eAAA,GAAkB,QAAA;AAClB,MAAA;AAAA,IACF;AAAA,EACF;AACA,EAAA,MAAM,yBAAyB,CAAC,eAAA;AAChC,EAAA,eAAA,KAAyBD,eAAA,CAAA,IAAA,CAAK,SAAU,MAAM,CAAA;AAE9C,EAAA,SAAS,kBAAkB,WAAA,EAAqB;AAC9C,IAAA,KAAA,CAAM,0CAA0C,WAAW,CAAA;AAC3D,IAAA,IAAI,sBAAA,EAAwB;AAC1B,MAAGC,4BAAc,eAAA,EAAkB;AAAA,QACjC,wDAAA;AAAA,QACA,+EAAA;AAAA,QACA,uCAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACF,CAAE,IAAA,CAAK,IAAI,CAAA,EAAG,OAAO,CAAA;AACrB,MAAA,UAAA,CAAW,MAAM;AAEf,QAAA,IAAI;AAAE,UAAGA,yBAAW,eAAgB,CAAA;AAAA,QAAG,CAAA,CAAA,MAAQ;AAAA,QAA4B;AAAA,MAC7E,GAAG,GAAI,CAAA;AAAA,IACT,CAAA,MAAO;AACL,MAAA,MAAM,eAAA,GAAqBA,aAAA,CAAA,YAAA,CAAa,eAAA,EAAkB,OAAO,CAAA;AACjE,MAAGA,aAAA,CAAA,aAAA,CAAc,eAAA,EAAkB,eAAA,EAAiB,OAAO,CAAA;AAAA,IAC7D;AAAA,EACF;AAEA,EAAA,KAAA,CAAM,uCAAuC,cAAc,CAAA;AAC3D,EAAA,KAAA,MAAW,YAAY,cAAA,EAAgB;AACrC,IAAA,iBAAA,CAAkB,IAAI,QAAQ,CAAA;AAC9B,IAAGA,wBAAU,QAAA,EAAU,EAAE,QAAA,EAAU,GAAA,IAAO,MAAM;AAC9C,MAAA,iBAAA,CAAkB,QAAQ,CAAA;AAAA,IAC5B,CAAC,CAAA;AAAA,EACH;AACF;AA0EO,SAAS,iBAAiB,MAAA,EAAa;AAC5C,EAAA,IAAI,MAAA,CAAO,IAAA,CAAK,MAAM,CAAA,CAAE,MAAA,EAAQ;AAC9B,IAAA,KAAA,CAAM,oBAAoB,MAAM,CAAA;AAChC,IAAA,MAAA,CAAO,MAAA,CAAOF,kBAAA,IAAc,EAAC,EAAG,MAAM,CAAA;AAAA,EACxC;AACF;AAOA,SAAS,kBAAkB,SAAA,EAAgB;AACzC,EAAA,MAAA,CAAO,KAAK,OAAA,CAAQ,GAAG,CAAA,CAAE,OAAA,CAAQ,CAAC,GAAA,KAAQ;AAGxC,IAAA,IAAI,CAAC,GAAA,CAAI,UAAA,CAAW,gBAAgB,CAAA,EAAG;AACrC,MAAA,IAAI,UAAU,GAAG,CAAA,KAAM,UAAa,SAAA,CAAU,GAAG,MAAM,EAAA,EAAI;AACzD,QAAA,OAAO,OAAA,CAAQ,IAAI,GAAG,CAAA;AAAA,MACxB;AAAA,IACF;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAA,CAAO,OAAA,CAAQ,SAAS,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAClD,IAAA,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA,GAAI,KAAA;AAAA,EACrB,CAAC,CAAA;AACH;AAGO,SAAS,WACd,eAAA,EACA,IAAA,EACA,OAAY,OAAA,EACZ,YAAA,GAAe,OACf,SAAA,EACA;AACA,EAAA,OAAO,CAAC,QAAQ,GAAG,CAAA;AACrB;AAEO,SAAS,QAAA,GAAW;AACzB,EAAA,IAAIA,kBAAA,EAAY;AACd,IAAA,iBAAA,CAAkBA,kBAAU,CAAA;AAAA,EAC9B;AACF;AAQA,IAAI,SAAA,GAAY,CAAA;AAET,SAAS,cACd,GAAA,EACA,GAAA,EACA,OAAY,OAAA,EACZ,WAAA,GAAc,OACd,SAAA,EACiB;AAEjB,EAAAA,kBAAA,KAAe,EAAE,GAAG,OAAA,CAAQ,GAAA,EAAI;AAEhC,EAAA,SAAA,EAAA;AACA,EAAA,KAAA,CAAM,gBAAA,EAAkB,kBAAkB,WAAW,CAAA;AAKrD,EAAA,OAAA,KAAY,GAAA;AACZ,EAAA,IAAI,OAAA,KAAY,GAAA,EAAK,MAAM,IAAI,MAAM,wBAAwB,CAAA;AAK7D,EAAA,IAAI,GAAA,EAAK,uBAAA,CAAwB,EAAC,EAAG,MAAS,CAAA;AAE9C,EAAA,IAAI,YAAA,GAAe,CAAC,CAAC,OAAA,CAAQ,GAAA,CAAI,aAAA;AACjC,EAAA,IAAI,WAAA,EAAa;AAGf,IAAA,IAAI,CAAC,gBAAgB,YAAA,CAAa,OAAA,KAAY,IAAA,CAAK,GAAA,KAAQ,GAAA,EAAM;AAC/D,MAAA,YAAA,uBAAmB,IAAA,EAAK;AACxB,MAAA,YAAA,GAAe,KAAA;AAAA,IACjB;AAAA,EACF;AAEA,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,gBAAA,GAAmB,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,iBAAiB,IAAI,CAAA;AAC/D,MAAA,SAAA,GAAY,MAAA,CAAO,WAAA;AAAA,QACjB,MAAA,CAAO,OAAA,CAAQ,gBAAA,CAAiB,MAAM,EAAE,GAAA,CAAI,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM,CAAC,GAAA,EAAK,KAAA,CAAM,KAAK,CAAC;AAAA,OAClF;AAEA,MAAAG,qBAAA,CAAkB,gBAAgB,CAAA;AAClC,MAAA,KAAA,CAAM,wCAAwC,CAAA;AAC9C,MAAAC,+BAAA,EAAmB;AAAA,IACrB;AAEA,IAAA,WAAA,GAAc,EAAE,GAAGJ,kBAAA,EAAY,GAAG,SAAA,EAAU;AAE5C,IAAA,IAAI,GAAA,EAAK,uBAAA,CAAwB,gBAAA,CAAiB,OAAA,EAAS,iBAAiB,QAAQ,CAAA;AAEpF,IAAA,KAAA,CAAM,qBAAqB,CAAA;AAE3B,IAAA,OAAO,EAAE,WAAA,EAAa,SAAA,EAAW,cAAA,EAAe;AAAA,EAClD;AAEA,EAAA,YAAA,uBAAmB,IAAA,EAAK;AAExB,EAAA,KAAA,CAAM,kBAAkB,CAAA;AACxB,EAAA,iBAAA,CAAkBA,kBAAU,CAAA;AAK5B,EAAA,IAAI,kBAAA,GAAqB,MAAM,aAAA,GAAgB,YAAA;AAC/C,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,MAAA,EAAQ,kBAAA,GAAqB,MAAA;AAC1D,EAAA,KAAA,CAAM,2CAA2C,kBAAkB,CAAA;AAEnE,EAAA,IAAI;AAEF,IAAA,MAAM,QAAA,GAAW,EAAE,GAAGA,kBAAA,EAAW;AACjC,IAAA,OAAO,QAAA,CAAS,aAAA;AAChB,IAAA,MAAM,mBAAA,GAAsBK,+BAAA,CAAgB,CAAA,8BAAA,EAAiC,kBAAkB,CAAA,CAAA,EAAI;AAAA,MACjG,eAAA,EAAiB,IAAA;AAAA;AAAA,MAEjB,aAAa,CAAC,GAAA;AAAA,MACd,GAAA,EAAK;AAAA,KACN,CAAA;AACD,IAAA,IAAI,aAAa,CAAA,EAAG;AAElB,MAAA,OAAA,CAAQ,IAAI,mCAA8B,CAAA;AAAA,IAC5C;AACA,IAAA,gBAAA,GAAmB,IAAA,CAAK,MAAM,mBAAmB,CAAA;AAAA,EACnD,SAAS,GAAA,EAAK;AAEZ,IAAA,IAAK,GAAA,CAAY,OAAA,CAAQ,QAAA,CAAS,mCAAmC,CAAA,EAAG;AAEtE,MAAA,OAAA,CAAQ,KAAA,CAAM;AAAA,QACZ,EAAA;AAAA,QACA,iCAAA;AAAA,QACA,sEAAA;AAAA,QACA,EAAA;AAAA,QACA;AAAA,OACF,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AACZ,MAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,IAChB;AAKA,IAAA,OAAA,CAAQ,MAAM,kEAAmD,CAAA;AAIjE,IAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,GAAgB,IAAA,CAAK,SAAA,CAAU;AAAA,MACzC,SAAS,EAAC;AAAA,MACV,QAAQ,EAAC;AAAA,MACT,UAAU;AAAC,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,aAAa,EAAC,EAAG,WAAW,EAAC,EAAG,cAAA,EAAgB,EAAC,EAAE;AAAA,EAC9D;AAEA,EAAA,SAAA,GAAY,EAAC;AACb,EAAA,KAAA,MAAW,CAAC,SAAS,QAAQ,CAAA,IAAK,OAAO,OAAA,CAAQ,gBAAA,CAAiB,MAAM,CAAA,EAAG;AACzE,IAAA,SAAA,CAAU,OAAO,IAAI,QAAA,CAAS,KAAA;AAAA,EAChC;AACA,EAAA,KAAA,CAAM,eAAe,SAAS,CAAA;AAC9B,EAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,GAAgB,IAAA,CAAK,SAAA,CAAU,gBAAgB,CAAA;AAC3D,EAAAC,kBAAA,EAAe;AAEf,EAAAH,qBAAA,CAAkB,gBAAgB,CAAA;AAClC,EAAA,KAAA,CAAM,wCAAwC,CAAA;AAC9C,EAAAC,+BAAA,EAAmB;AAEnB,EAAA,WAAA,GAAc,EAAE,GAAGJ,kBAAA,EAAY,GAAG,SAAA,EAAU;AAC5C,EAAA,cAAA,GAAiB,iCAAA,EAAkC;AAInD,EAAA,IAAI,GAAA,EAAK,uBAAA,CAAwB,gBAAA,CAAiB,OAAA,EAAS,iBAAiB,QAAQ,CAAA;AAOpF,EAAA,OAAO,EAAE,WAAA,EAAa,SAAA,EAAW,cAAA,EAAe;AAClD","file":"next-env-compat.js","sourcesContent":["/**\n * Drop-in replacement for @next/env that uses varlock instead of dotenv\n *\n * This must be the default export of the module, and it must stay compatible with @next/env\n */\n\nimport * as fs from 'fs';\nimport * as path from 'path';\nimport { execSync } from 'child_process';\nimport { type SerializedEnvGraph } from 'varlock';\nimport { initVarlockEnv, resetRedactionMap } from 'varlock/env';\nimport { patchGlobalConsole } from 'varlock/patch-console';\nimport { execSyncVarlock } from 'varlock/exec-sync-varlock';\n\nexport type Env = { [key: string]: string | undefined };\nexport type LoadedEnvFiles = Array<{\n path: string\n contents: string\n env: Env\n}>;\n\n/** will store the original values of process.env */\nexport let initialEnv: Env | undefined;\n\nlet lastReloadAt: Date | undefined;\n\nlet varlockLoadedEnv: SerializedEnvGraph;\nlet combinedEnv: Env | undefined;\nlet parsedEnv: Env | undefined;\n// this is used by next just to display the list of .env files in a startup log\nlet loadedEnvFiles: LoadedEnvFiles = [];\nlet rootDir: string | undefined;\n\n// @next/env exports this info and currently it is only used to display\n// a list of filenames loaded, for example: `Environments: .env, .env.development`\nfunction getVarlockSourcesAsLoadedEnvFiles(): LoadedEnvFiles {\n const envFilesLabels = varlockLoadedEnv.sources\n // TODO expose more info so we can filter out disabled sources\n // and maybe show relative paths\n .filter((s) => s.enabled && !s.label.startsWith('directory -'))\n .map((s) => s.label);\n if (envFilesLabels.length) {\n // this adds an additional line, below the list of files\n envFilesLabels.push('\\n ✨ loaded by varlock ✨');\n }\n // files can be imported multiple times, so we deduplicate the labels here\n const uniqueLabels = [...new Set(envFilesLabels)];\n // Next.js expects an array of objects, even though it is not used for anything\n return uniqueLabels.map((label) => ({\n path: label,\n contents: '',\n env: {},\n }));\n}\n\nconst IS_WORKER = !!process.env.NEXT_PRIVATE_WORKER;\nfunction debug(...args: Array<any>) {\n if (!process.env.DEBUG_VARLOCK_NEXT_INTEGRATION) return;\n // eslint-disable-next-line no-console\n console.log(\n IS_WORKER ? 'worker -- ' : 'server -- ',\n ...args,\n );\n}\ndebug('✨ LOADED @next/env module!');\n\n\n// Next.js only watches a fixed set of .env files for changes. Varlock may load\n// additional files (e.g. .env.schema, .env.staging, custom sources). We watch\n// those extra files and trigger a reload by touching one of Next's watched files.\nconst NEXT_WATCHED_ENV_FILES = ['.env', '.env.local', '.env.development', '.env.development.local'];\nconst watchedExtraFiles = new Set<string>();\n\nfunction enableExtraFileWatchers(sources: SerializedEnvGraph['sources'], basePath?: string) {\n if (IS_WORKER || !rootDir) return;\n\n // Collect absolute paths of source files that Next.js does NOT already watch\n const nextWatchedAbsolute = new Set(NEXT_WATCHED_ENV_FILES.map((f) => path.join(rootDir!, f)));\n const extraFilePaths: Array<string> = [];\n for (const source of sources) {\n if (!source.enabled || !source.path) continue;\n const absPath = basePath ? path.resolve(basePath, source.path) : path.resolve(rootDir!, source.path);\n if (!nextWatchedAbsolute.has(absPath) && !watchedExtraFiles.has(absPath)) {\n extraFilePaths.push(absPath);\n }\n }\n // Also always watch .env.schema even if it wasn't in sources (it may not exist yet)\n const envSchemaPath = path.join(rootDir!, '.env.schema');\n if (!nextWatchedAbsolute.has(envSchemaPath) && !watchedExtraFiles.has(envSchemaPath)) {\n extraFilePaths.push(envSchemaPath);\n }\n\n if (!extraFilePaths.length) return;\n\n // Find a Next-watched file to touch as the reload trigger.\n // Prefer an existing file (cheaper), otherwise we'll create+destroy .env\n let triggerFilePath: string | null = null;\n for (const envFileName of NEXT_WATCHED_ENV_FILES) {\n const filePath = path.join(rootDir!, envFileName);\n if (fs.existsSync(filePath)) {\n triggerFilePath = filePath;\n break;\n }\n }\n const mustDestroyTriggerFile = !triggerFilePath;\n triggerFilePath ||= path.join(rootDir!, '.env');\n\n function triggerNextReload(changedPath: string) {\n debug('extra file changed, triggering reload:', changedPath);\n if (mustDestroyTriggerFile) {\n fs.writeFileSync(triggerFilePath!, [\n '# This file was created by @varlock/nextjs-integration',\n '# It is used to trigger Next.js to reload when non-standard .env files change',\n '# You can safely ignore and delete it',\n '# @disable',\n '# ---',\n ].join('\\n'), 'utf-8');\n setTimeout(() => {\n // eslint-disable-next-line\n try { fs.unlinkSync(triggerFilePath!); } catch { /* may already be gone */ }\n }, 1000);\n } else {\n const currentContents = fs.readFileSync(triggerFilePath!, 'utf-8');\n fs.writeFileSync(triggerFilePath!, currentContents, 'utf-8');\n }\n }\n\n debug('setting up extra file watchers for:', extraFilePaths);\n for (const filePath of extraFilePaths) {\n watchedExtraFiles.add(filePath);\n fs.watchFile(filePath, { interval: 500 }, () => {\n triggerNextReload(filePath);\n });\n }\n}\n\nfunction detectOpenNextCloudflareBuild() {\n try {\n // the above works if the build is happening within CI, but we may need to do this for local builds or other CI platforms\n // so we can try to detect if we are within an open-next build by looking at the process info\n\n // we will look at the process tree to try to determine if we are in a opennext build\n // process tree looks like:\n // - opennext-cloudflare build > npm run build > next build\n\n // get grandparent process id\n const pppid = parseInt(execSync(`ps -o ppid= -p ${process.ppid}`).toString().trim());\n // const processInfo = execSync('ps -p '+grandparentPid+' -o command');\n // output looks like\n // ---\n // COMMAND\n // node /.../node_modules/.bin/opennextjs-cloudflare build\n //\n // ---\n const commandName = execSync(`ps -p ${pppid} -o command`).toString().split('\\n')[1];\n if (commandName.endsWith('.bin/opennextjs-cloudflare build')) {\n return true;\n }\n } catch (err) {\n // do nothing\n }\n return false;\n}\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nfunction writeResolvedEnvFile() {\n // things get complicated on platforms like vercel/cloudflare, they do some of their own magic to load env vars\n // our loader (this file) will run during the _build_ process, but not when the platform is handling server rendered requests\n // also opennext is needed to run outside of vercel, so that adds other changes\n // so we export an additional .env file which the platform itself will automatically load\n\n const dotEnvStrLines = [];\n for (const [itemKey, itemInfo] of Object.entries(varlockLoadedEnv.config)) {\n if (itemInfo.value !== undefined) dotEnvStrLines.push(`${itemKey}=${JSON.stringify(itemInfo.value)}`);\n }\n\n if (\n detectOpenNextCloudflareBuild()\n || process.env.VERCEL || process.env.WORKERS_CI || process.env._VARLOCK_EXPORT_RESOLVED_ENV_FILE\n ) {\n dotEnvStrLines.unshift(`\n# 🛑 DO NOT CHECK THIS FILE INTO VERSION CONTROL 🛑\n# This file was automatically generated by @varlock/nextjs-integration\n# It contains a _fully resolved env_ to pass to platforms (ex: vercel, cloudflare, etc)\n# that are doing their own magic when booting up nextjs in certain scenarios\n#\n# It likely contains sensitive config data and should be deleted after use\n#\n# @disable # tells varlock to ignore this file\n# ---\n `);\n // this is the fully resolved env, which includes additional metadata about each item\n // our runtime code uses this to provide coerced values, redact sensitive values, etc\n dotEnvStrLines.push(`__VARLOCK_ENV=${JSON.stringify(varlockLoadedEnv)}`);\n\n let resolvedEnvFileName = '.env.production.local';\n if (process.env._VARLOCK_EXPORT_RESOLVED_ENV_FILE && !(['true', '1'].includes(process.env._VARLOCK_EXPORT_RESOLVED_ENV_FILE))) {\n resolvedEnvFileName = process.env._VARLOCK_EXPORT_RESOLVED_ENV_FILE;\n }\n if (!rootDir) throw new Error('expected rootDir to be set');\n const resolvedEnvFilePath = path.resolve(rootDir, resolvedEnvFileName);\n fs.writeFileSync(resolvedEnvFilePath, dotEnvStrLines.join('\\n'), 'utf-8');\n debug('wrote resolved env file:', resolvedEnvFilePath);\n }\n}\n\n// - these methods are the same as the original module -----------------\n\nexport function updateInitialEnv(newEnv: Env) {\n if (Object.keys(newEnv).length) {\n debug('updateInitialEnv', newEnv);\n Object.assign(initialEnv || {}, newEnv);\n }\n}\n\ntype Log = {\n info: (...args: Array<any>) => void\n error: (...args: Array<any>) => void\n};\n\nfunction replaceProcessEnv(sourceEnv: Env) {\n Object.keys(process.env).forEach((key) => {\n // Allow mutating internal Next.js env variables after the server has initiated.\n // This is necessary for dynamic things like the IPC server port.\n if (!key.startsWith('__NEXT_PRIVATE')) {\n if (sourceEnv[key] === undefined || sourceEnv[key] === '') {\n delete process.env[key];\n }\n }\n });\n\n Object.entries(sourceEnv).forEach(([key, value]) => {\n process.env[key] = value;\n });\n}\n\n// in original module, but does not appear to be used\nexport function processEnv(\n _loadedEnvFiles: LoadedEnvFiles,\n _dir?: string,\n _log: Log = console,\n _forceReload = false,\n _onReload?: (envFilePath: string) => void,\n) {\n return [process.env];\n}\n\nexport function resetEnv() {\n if (initialEnv) {\n replaceProcessEnv(initialEnv);\n }\n}\n\ntype LoadedEnvConfig = {\n combinedEnv: Env\n parsedEnv: Env | undefined\n loadedEnvFiles: LoadedEnvFiles\n};\n\nlet loadCount = 0;\n\nexport function loadEnvConfig(\n dir: string,\n dev?: boolean,\n _log: Log = console,\n forceReload = false,\n _onReload?: (envFilePath: string) => void,\n): LoadedEnvConfig {\n // store actual process.env so we can restore it later\n initialEnv ||= { ...process.env };\n\n loadCount++;\n debug('loadEnvConfig!', 'forceReload = ', forceReload);\n\n // onReload is used to show a log of which .env file changed\n // TODO: add similar log to show which env file changed\n\n rootDir ||= dir;\n if (rootDir !== dir) throw new Error('root directory changed');\n\n // Always watch .env.schema early — even before the first successful load —\n // so that if the load fails (e.g. validation error), the user can fix the\n // schema and have the dev server automatically retry without a restart.\n if (dev) enableExtraFileWatchers([], undefined);\n\n let useCachedEnv = !!process.env.__VARLOCK_ENV;\n if (forceReload) {\n // Throttle reloads to at most once per second to avoid spinning during\n // rapid file-change bursts (Next.js may fire multiple events per edit)\n if (!lastReloadAt || lastReloadAt.getTime() < Date.now() - 1000) {\n lastReloadAt = new Date();\n useCachedEnv = false;\n }\n }\n\n if (useCachedEnv) {\n if (!varlockLoadedEnv) {\n varlockLoadedEnv = JSON.parse(process.env.__VARLOCK_ENV || '{}');\n parsedEnv = Object.fromEntries(\n Object.entries(varlockLoadedEnv.config).map(([key, value]) => [key, value.value]),\n );\n\n resetRedactionMap(varlockLoadedEnv);\n debug('patching console with varlock redactor');\n patchGlobalConsole();\n }\n\n combinedEnv = { ...initialEnv, ...parsedEnv };\n\n if (dev) enableExtraFileWatchers(varlockLoadedEnv.sources, varlockLoadedEnv.basePath);\n\n debug('>> USING CACHED ENV');\n\n return { combinedEnv, parsedEnv, loadedEnvFiles };\n }\n\n lastReloadAt = new Date();\n\n debug('>> RELOADING ENV');\n replaceProcessEnv(initialEnv);\n\n // we must match @next/env default behaviour for which .env.XXX files to load\n // which is based on the current command (`next dev` vs `next build`) and `NODE_ENV=test`\n // however we will pass it through and let the user ignore it by setting their own `@currentEnv`\n let envFromNextCommand = dev ? 'development' : 'production';\n if (process.env.NODE_ENV === 'test') envFromNextCommand = 'test';\n debug('Inferred env mode (to match @next/env):', envFromNextCommand);\n\n try {\n // strip DEBUG_VARLOCK from env to prevent debug output from contaminating JSON stdout\n const cleanEnv = { ...initialEnv };\n delete cleanEnv.DEBUG_VARLOCK;\n const varlockLoadedEnvStr = execSyncVarlock(`load --format json-full --env ${envFromNextCommand}`, {\n showLogsOnError: true,\n // in a build, we want to fail and exit, while in dev we can keep retrying when changes are detected\n exitOnError: !dev,\n env: cleanEnv as any,\n });\n if (loadCount >= 2) {\n // eslint-disable-next-line no-console\n console.log('✅ env reloaded and validated');\n }\n varlockLoadedEnv = JSON.parse(varlockLoadedEnvStr);\n } catch (err) {\n // this error message comes from execSyncVarlock when it cannot find varlock\n if ((err as any).message.includes('Unable to find varlock executable')) {\n // eslint-disable-next-line no-console\n console.error([\n '',\n '❌ ERROR: varlock not found',\n 'varlock is a required peer dependency of @varlock/nextjs-integration',\n '',\n 'Please add varlock as a dependency to your project (e.g., `npm install varlock`)',\n ].join('\\n'));\n process.exit(1);\n }\n\n // showLogsOnError already printed the formatted CLI output above,\n // so we only add a short note here (err.message duplicates stderr)\n // eslint-disable-next-line no-console\n console.error('[varlock] ⚠️ failed to load env — see error above');\n\n // if we dont do this, we'll see an error that looks like `process.env.__VARLOCK_ENV is not set` which is misleading.\n // Ideally we would pass through an error of some kind and trigger the webpack runtime error popup\n process.env.__VARLOCK_ENV = JSON.stringify({\n sources: [],\n config: {},\n settings: {},\n });\n\n return { combinedEnv: {}, parsedEnv: {}, loadedEnvFiles: [] };\n }\n\n parsedEnv = {};\n for (const [itemKey, itemInfo] of Object.entries(varlockLoadedEnv.config)) {\n parsedEnv[itemKey] = itemInfo.value;\n }\n debug('LOADED ENV:', parsedEnv);\n process.env.__VARLOCK_ENV = JSON.stringify(varlockLoadedEnv);\n initVarlockEnv(); // calling this will set process.env vars\n\n resetRedactionMap(varlockLoadedEnv);\n debug('patching console with varlock redactor');\n patchGlobalConsole();\n\n combinedEnv = { ...initialEnv, ...parsedEnv };\n loadedEnvFiles = getVarlockSourcesAsLoadedEnvFiles();\n\n // Set up watchers for source files that Next.js doesn't natively watch.\n // Called after every reload so newly-added sources get watched too.\n if (dev) enableExtraFileWatchers(varlockLoadedEnv.sources, varlockLoadedEnv.basePath);\n\n // write a resolved .env file for platforms like Vercel/Cloudflare that need\n // pre-resolved env values at runtime (they don't re-run @next/env on boot)\n // TODO: re-enable once we verify instrumentation approach works for prod\n // if (!dev) writeResolvedEnvFile();\n\n return { combinedEnv, parsedEnv, loadedEnvFiles };\n}\n"]}
1
+ {"version":3,"sources":["../src/next-env-compat.ts"],"names":["initialEnv","path","fs","resetRedactionMap","patchGlobalConsole","execSyncVarlock","initVarlockEnv"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsBWA;AAEX,IAAI,YAAA;AAEJ,IAAI,gBAAA;AACJ,IAAI,WAAA;AACJ,IAAI,SAAA;AAEJ,IAAI,iBAAiC,EAAC;AACtC,IAAI,OAAA;AAIJ,SAAS,iCAAA,GAAoD;AAC3D,EAAA,MAAM,iBAAiB,gBAAA,CAAiB,OAAA,CACrC,OAAO,CAAC,CAAA,KAAM,EAAE,OAAA,IAAW,CAAA,CAAE,SAAS,WAAA,IAAe,CAAA,CAAE,SAAS,cAAc,CAAA,CAC9E,IAAI,CAAC,CAAA,KAAM,EAAE,KAAK,CAAA;AACrB,EAAA,IAAI,eAAe,MAAA,EAAQ;AAEzB,IAAA,cAAA,CAAe,KAAK,sDAA4C,CAAA;AAAA,EAClE;AAEA,EAAA,MAAM,eAAe,CAAC,GAAG,IAAI,GAAA,CAAI,cAAc,CAAC,CAAA;AAEhD,EAAA,OAAO,YAAA,CAAa,GAAA,CAAI,CAAC,KAAA,MAAW;AAAA,IAClC,IAAA,EAAM,KAAA;AAAA,IACN,QAAA,EAAU,EAAA;AAAA,IACV,KAAK;AAAC,GACR,CAAE,CAAA;AACJ;AAEA,IAAM,SAAA,GAAY,CAAC,CAAC,OAAA,CAAQ,GAAA,CAAI,mBAAA;AAChC,SAAS,SAAS,IAAA,EAAkB;AAClC,EAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,8BAAA,EAAgC;AAEjD,EAAA,OAAA,CAAQ,GAAA;AAAA,IACN,YAAY,YAAA,GAAe,YAAA;AAAA,IAC3B,GAAG;AAAA,GACL;AACF;AACA,KAAA,CAAM,iCAA4B,CAAA;AAMlC,IAAM,sBAAA,GAAyB,CAAC,MAAA,EAAQ,YAAA,EAAc,oBAAoB,wBAAwB,CAAA;AAClG,IAAM,iBAAA,uBAAwB,GAAA,EAAY;AAE1C,SAAS,uBAAA,CAAwB,SAAwC,QAAA,EAAmB;AAC1F,EAAA,IAAI,SAAA,IAAa,CAAC,OAAA,EAAS;AAG3B,EAAA,MAAM,mBAAA,GAAsB,IAAI,GAAA,CAAI,sBAAA,CAAuB,GAAA,CAAI,CAAC,CAAA,KAAWC,eAAA,CAAA,IAAA,CAAK,OAAA,EAAU,CAAC,CAAC,CAAC,CAAA;AAC7F,EAAA,MAAM,iBAAgC,EAAC;AACvC,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,IAAI,CAAC,MAAA,CAAO,OAAA,IAAW,CAAC,OAAO,IAAA,EAAM;AACrC,IAAA,MAAM,OAAA,GAAU,QAAA,GAAgBA,eAAA,CAAA,OAAA,CAAQ,QAAA,EAAU,MAAA,CAAO,IAAI,CAAA,GAASA,eAAA,CAAA,OAAA,CAAQ,OAAA,EAAU,MAAA,CAAO,IAAI,CAAA;AACnG,IAAA,IAAI,CAAC,oBAAoB,GAAA,CAAI,OAAO,KAAK,CAAC,iBAAA,CAAkB,GAAA,CAAI,OAAO,CAAA,EAAG;AACxE,MAAA,cAAA,CAAe,KAAK,OAAO,CAAA;AAAA,IAC7B;AAAA,EACF;AAEA,EAAA,MAAM,aAAA,GAAqBA,eAAA,CAAA,IAAA,CAAK,OAAA,EAAU,aAAa,CAAA;AACvD,EAAA,IAAI,CAAC,oBAAoB,GAAA,CAAI,aAAa,KAAK,CAAC,iBAAA,CAAkB,GAAA,CAAI,aAAa,CAAA,EAAG;AACpF,IAAA,cAAA,CAAe,KAAK,aAAa,CAAA;AAAA,EACnC;AAEA,EAAA,IAAI,CAAC,eAAe,MAAA,EAAQ;AAI5B,EAAA,IAAI,eAAA,GAAiC,IAAA;AACrC,EAAA,KAAA,MAAW,eAAe,sBAAA,EAAwB;AAChD,IAAA,MAAM,QAAA,GAAgBA,eAAA,CAAA,IAAA,CAAK,OAAA,EAAU,WAAW,CAAA;AAChD,IAAA,IAAOC,aAAA,CAAA,UAAA,CAAW,QAAQ,CAAA,EAAG;AAC3B,MAAA,eAAA,GAAkB,QAAA;AAClB,MAAA;AAAA,IACF;AAAA,EACF;AACA,EAAA,MAAM,yBAAyB,CAAC,eAAA;AAChC,EAAA,eAAA,KAAyBD,eAAA,CAAA,IAAA,CAAK,SAAU,MAAM,CAAA;AAE9C,EAAA,SAAS,kBAAkB,WAAA,EAAqB;AAC9C,IAAA,KAAA,CAAM,0CAA0C,WAAW,CAAA;AAC3D,IAAA,IAAI,sBAAA,EAAwB;AAC1B,MAAGC,4BAAc,eAAA,EAAkB;AAAA,QACjC,wDAAA;AAAA,QACA,+EAAA;AAAA,QACA,uCAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACF,CAAE,IAAA,CAAK,IAAI,CAAA,EAAG,OAAO,CAAA;AACrB,MAAA,UAAA,CAAW,MAAM;AAEf,QAAA,IAAI;AAAE,UAAGA,yBAAW,eAAgB,CAAA;AAAA,QAAG,CAAA,CAAA,MAAQ;AAAA,QAA4B;AAAA,MAC7E,GAAG,GAAI,CAAA;AAAA,IACT,CAAA,MAAO;AACL,MAAA,MAAM,eAAA,GAAqBA,aAAA,CAAA,YAAA,CAAa,eAAA,EAAkB,OAAO,CAAA;AACjE,MAAGA,aAAA,CAAA,aAAA,CAAc,eAAA,EAAkB,eAAA,EAAiB,OAAO,CAAA;AAAA,IAC7D;AAAA,EACF;AAEA,EAAA,KAAA,CAAM,uCAAuC,cAAc,CAAA;AAC3D,EAAA,KAAA,MAAW,YAAY,cAAA,EAAgB;AACrC,IAAA,iBAAA,CAAkB,IAAI,QAAQ,CAAA;AAC9B,IAAGA,wBAAU,QAAA,EAAU,EAAE,QAAA,EAAU,GAAA,IAAO,MAAM;AAC9C,MAAA,iBAAA,CAAkB,QAAQ,CAAA;AAAA,IAC5B,CAAC,CAAA;AAAA,EACH;AACF;AA0EO,SAAS,iBAAiB,MAAA,EAAa;AAC5C,EAAA,IAAI,MAAA,CAAO,IAAA,CAAK,MAAM,CAAA,CAAE,MAAA,EAAQ;AAC9B,IAAA,KAAA,CAAM,oBAAoB,MAAM,CAAA;AAChC,IAAA,MAAA,CAAO,MAAA,CAAOF,kBAAA,IAAc,EAAC,EAAG,MAAM,CAAA;AAAA,EACxC;AACF;AAOA,SAAS,kBAAkB,SAAA,EAAgB;AACzC,EAAA,MAAA,CAAO,KAAK,OAAA,CAAQ,GAAG,CAAA,CAAE,OAAA,CAAQ,CAAC,GAAA,KAAQ;AAGxC,IAAA,IAAI,CAAC,GAAA,CAAI,UAAA,CAAW,gBAAgB,CAAA,EAAG;AACrC,MAAA,IAAI,UAAU,GAAG,CAAA,KAAM,UAAa,SAAA,CAAU,GAAG,MAAM,EAAA,EAAI;AACzD,QAAA,OAAO,OAAA,CAAQ,IAAI,GAAG,CAAA;AAAA,MACxB;AAAA,IACF;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAA,CAAO,OAAA,CAAQ,SAAS,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAClD,IAAA,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA,GAAI,KAAA;AAAA,EACrB,CAAC,CAAA;AACH;AAGO,SAAS,WACd,eAAA,EACA,IAAA,EACA,OAAY,OAAA,EACZ,YAAA,GAAe,OACf,SAAA,EACA;AACA,EAAA,OAAO,CAAC,QAAQ,GAAG,CAAA;AACrB;AAEO,SAAS,QAAA,GAAW;AACzB,EAAA,IAAIA,kBAAA,EAAY;AACd,IAAA,iBAAA,CAAkBA,kBAAU,CAAA;AAAA,EAC9B;AACF;AAQA,IAAI,SAAA,GAAY,CAAA;AAET,SAAS,cACd,GAAA,EACA,GAAA,EACA,OAAY,OAAA,EACZ,WAAA,GAAc,OACd,SAAA,EACiB;AAEjB,EAAAA,kBAAA,KAAe,EAAE,GAAG,OAAA,CAAQ,GAAA,EAAI;AAEhC,EAAA,SAAA,EAAA;AACA,EAAA,KAAA,CAAM,gBAAA,EAAkB,kBAAkB,WAAW,CAAA;AAKrD,EAAA,OAAA,KAAY,GAAA;AACZ,EAAA,IAAI,OAAA,KAAY,GAAA,EAAK,MAAM,IAAI,MAAM,wBAAwB,CAAA;AAK7D,EAAA,IAAI,GAAA,EAAK,uBAAA,CAAwB,EAAC,EAAG,MAAS,CAAA;AAE9C,EAAA,IAAI,YAAA,GAAe,CAAC,CAAC,OAAA,CAAQ,GAAA,CAAI,aAAA;AACjC,EAAA,IAAI,WAAA,EAAa;AAGf,IAAA,IAAI,CAAC,gBAAgB,YAAA,CAAa,OAAA,KAAY,IAAA,CAAK,GAAA,KAAQ,GAAA,EAAM;AAC/D,MAAA,YAAA,uBAAmB,IAAA,EAAK;AACxB,MAAA,YAAA,GAAe,KAAA;AAAA,IACjB;AAAA,EACF;AAEA,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,gBAAA,GAAmB,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,iBAAiB,IAAI,CAAA;AAC/D,MAAA,SAAA,GAAY,MAAA,CAAO,WAAA;AAAA,QACjB,MAAA,CAAO,OAAA,CAAQ,gBAAA,CAAiB,MAAM,EAAE,GAAA,CAAI,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM,CAAC,GAAA,EAAK,KAAA,CAAM,KAAK,CAAC;AAAA,OAClF;AAEA,MAAAG,qBAAA,CAAkB,gBAAgB,CAAA;AAClC,MAAA,KAAA,CAAM,wCAAwC,CAAA;AAC9C,MAAAC,+BAAA,EAAmB;AAAA,IACrB;AAEA,IAAA,WAAA,GAAc,EAAE,GAAGJ,kBAAA,EAAY,GAAG,SAAA,EAAU;AAE5C,IAAA,IAAI,GAAA,EAAK,uBAAA,CAAwB,gBAAA,CAAiB,OAAA,EAAS,iBAAiB,QAAQ,CAAA;AAEpF,IAAA,KAAA,CAAM,qBAAqB,CAAA;AAE3B,IAAA,OAAO,EAAE,WAAA,EAAa,SAAA,EAAW,cAAA,EAAe;AAAA,EAClD;AAEA,EAAA,YAAA,uBAAmB,IAAA,EAAK;AAExB,EAAA,KAAA,CAAM,kBAAkB,CAAA;AACxB,EAAA,iBAAA,CAAkBA,kBAAU,CAAA;AAK5B,EAAA,IAAI,kBAAA,GAAqB,MAAM,aAAA,GAAgB,YAAA;AAC/C,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,MAAA,EAAQ,kBAAA,GAAqB,MAAA;AAC1D,EAAA,KAAA,CAAM,2CAA2C,kBAAkB,CAAA;AAEnE,EAAA,IAAI;AAEF,IAAA,MAAM,QAAA,GAAW,EAAE,GAAGA,kBAAA,EAAW;AACjC,IAAA,OAAO,QAAA,CAAS,aAAA;AAChB,IAAA,MAAM,mBAAA,GAAsBK,+BAAA,CAAgB,CAAA,8BAAA,EAAiC,kBAAkB,CAAA,CAAA,EAAI;AAAA,MACjG,eAAA,EAAiB,IAAA;AAAA;AAAA,MAEjB,aAAa,CAAC,GAAA;AAAA,MACd,GAAA,EAAK;AAAA,KACN,CAAA;AACD,IAAA,IAAI,aAAa,CAAA,EAAG;AAElB,MAAA,OAAA,CAAQ,IAAI,mCAA8B,CAAA;AAAA,IAC5C;AACA,IAAA,gBAAA,GAAmB,IAAA,CAAK,MAAM,mBAAmB,CAAA;AAAA,EACnD,SAAS,GAAA,EAAK;AAEZ,IAAA,IAAK,GAAA,CAAY,OAAA,CAAQ,QAAA,CAAS,mCAAmC,CAAA,EAAG;AAEtE,MAAA,OAAA,CAAQ,KAAA,CAAM;AAAA,QACZ,EAAA;AAAA,QACA,iCAAA;AAAA,QACA,sEAAA;AAAA,QACA,EAAA;AAAA,QACA;AAAA,OACF,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AACZ,MAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,IAChB;AAKA,IAAA,OAAA,CAAQ,MAAM,kEAAmD,CAAA;AAIjE,IAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,GAAgB,IAAA,CAAK,SAAA,CAAU;AAAA,MACzC,SAAS,EAAC;AAAA,MACV,QAAQ,EAAC;AAAA,MACT,UAAU;AAAC,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,aAAa,EAAC,EAAG,WAAW,EAAC,EAAG,cAAA,EAAgB,EAAC,EAAE;AAAA,EAC9D;AAEA,EAAA,SAAA,GAAY,EAAC;AACb,EAAA,KAAA,MAAW,CAAC,SAAS,QAAQ,CAAA,IAAK,OAAO,OAAA,CAAQ,gBAAA,CAAiB,MAAM,CAAA,EAAG;AACzE,IAAA,SAAA,CAAU,OAAO,IAAI,QAAA,CAAS,KAAA;AAAA,EAChC;AACA,EAAA,KAAA,CAAM,eAAe,SAAS,CAAA;AAC9B,EAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,GAAgB,IAAA,CAAK,SAAA,CAAU,gBAAgB,CAAA;AAC3D,EAAAC,kBAAA,EAAe;AAEf,EAAAH,qBAAA,CAAkB,gBAAgB,CAAA;AAClC,EAAA,KAAA,CAAM,wCAAwC,CAAA;AAC9C,EAAAC,+BAAA,EAAmB;AAEnB,EAAA,WAAA,GAAc,EAAE,GAAGJ,kBAAA,EAAY,GAAG,SAAA,EAAU;AAC5C,EAAA,cAAA,GAAiB,iCAAA,EAAkC;AAInD,EAAA,IAAI,GAAA,EAAK,uBAAA,CAAwB,gBAAA,CAAiB,OAAA,EAAS,iBAAiB,QAAQ,CAAA;AAOpF,EAAA,OAAO,EAAE,WAAA,EAAa,SAAA,EAAW,cAAA,EAAe;AAClD","file":"next-env-compat.js","sourcesContent":["/**\n * Drop-in replacement for @next/env that uses varlock instead of dotenv\n *\n * This must be the default export of the module, and it must stay compatible with @next/env\n */\n\nimport * as fs from 'fs';\nimport * as path from 'path';\nimport { execSync } from 'child_process';\nimport { type SerializedEnvGraph } from 'varlock';\nimport { initVarlockEnv, resetRedactionMap } from 'varlock/env';\nimport { patchGlobalConsole } from 'varlock/patch-console';\nimport { execSyncVarlock } from 'varlock/exec-sync-varlock';\n\nexport type Env = { [key: string]: string | undefined };\nexport type LoadedEnvFiles = Array<{\n path: string\n contents: string\n env: Env\n}>;\n\n/** will store the original values of process.env */\nexport let initialEnv: Env | undefined;\n\nlet lastReloadAt: Date | undefined;\n\nlet varlockLoadedEnv: SerializedEnvGraph;\nlet combinedEnv: Env | undefined;\nlet parsedEnv: Env | undefined;\n// this is used by next just to display the list of .env files in a startup log\nlet loadedEnvFiles: LoadedEnvFiles = [];\nlet rootDir: string | undefined;\n\n// @next/env exports this info and currently it is only used to display\n// a list of filenames loaded, for example: `Environments: .env, .env.development`\nfunction getVarlockSourcesAsLoadedEnvFiles(): LoadedEnvFiles {\n const envFilesLabels = varlockLoadedEnv.sources\n .filter((s) => s.enabled && s.type !== 'container' && s.type !== 'import-alias')\n .map((s) => s.label);\n if (envFilesLabels.length) {\n // this adds an additional line, below the list of files\n envFilesLabels.push('\\n ✨ loaded by varlock ✨');\n }\n // files can be imported multiple times, so we deduplicate the labels here\n const uniqueLabels = [...new Set(envFilesLabels)];\n // Next.js expects an array of objects, even though it is not used for anything\n return uniqueLabels.map((label) => ({\n path: label,\n contents: '',\n env: {},\n }));\n}\n\nconst IS_WORKER = !!process.env.NEXT_PRIVATE_WORKER;\nfunction debug(...args: Array<any>) {\n if (!process.env.DEBUG_VARLOCK_NEXT_INTEGRATION) return;\n // eslint-disable-next-line no-console\n console.log(\n IS_WORKER ? 'worker -- ' : 'server -- ',\n ...args,\n );\n}\ndebug('✨ LOADED @next/env module!');\n\n\n// Next.js only watches a fixed set of .env files for changes. Varlock may load\n// additional files (e.g. .env.schema, .env.staging, custom sources). We watch\n// those extra files and trigger a reload by touching one of Next's watched files.\nconst NEXT_WATCHED_ENV_FILES = ['.env', '.env.local', '.env.development', '.env.development.local'];\nconst watchedExtraFiles = new Set<string>();\n\nfunction enableExtraFileWatchers(sources: SerializedEnvGraph['sources'], basePath?: string) {\n if (IS_WORKER || !rootDir) return;\n\n // Collect absolute paths of source files that Next.js does NOT already watch\n const nextWatchedAbsolute = new Set(NEXT_WATCHED_ENV_FILES.map((f) => path.join(rootDir!, f)));\n const extraFilePaths: Array<string> = [];\n for (const source of sources) {\n if (!source.enabled || !source.path) continue;\n const absPath = basePath ? path.resolve(basePath, source.path) : path.resolve(rootDir!, source.path);\n if (!nextWatchedAbsolute.has(absPath) && !watchedExtraFiles.has(absPath)) {\n extraFilePaths.push(absPath);\n }\n }\n // Also always watch .env.schema even if it wasn't in sources (it may not exist yet)\n const envSchemaPath = path.join(rootDir!, '.env.schema');\n if (!nextWatchedAbsolute.has(envSchemaPath) && !watchedExtraFiles.has(envSchemaPath)) {\n extraFilePaths.push(envSchemaPath);\n }\n\n if (!extraFilePaths.length) return;\n\n // Find a Next-watched file to touch as the reload trigger.\n // Prefer an existing file (cheaper), otherwise we'll create+destroy .env\n let triggerFilePath: string | null = null;\n for (const envFileName of NEXT_WATCHED_ENV_FILES) {\n const filePath = path.join(rootDir!, envFileName);\n if (fs.existsSync(filePath)) {\n triggerFilePath = filePath;\n break;\n }\n }\n const mustDestroyTriggerFile = !triggerFilePath;\n triggerFilePath ||= path.join(rootDir!, '.env');\n\n function triggerNextReload(changedPath: string) {\n debug('extra file changed, triggering reload:', changedPath);\n if (mustDestroyTriggerFile) {\n fs.writeFileSync(triggerFilePath!, [\n '# This file was created by @varlock/nextjs-integration',\n '# It is used to trigger Next.js to reload when non-standard .env files change',\n '# You can safely ignore and delete it',\n '# @disable',\n '# ---',\n ].join('\\n'), 'utf-8');\n setTimeout(() => {\n // eslint-disable-next-line\n try { fs.unlinkSync(triggerFilePath!); } catch { /* may already be gone */ }\n }, 1000);\n } else {\n const currentContents = fs.readFileSync(triggerFilePath!, 'utf-8');\n fs.writeFileSync(triggerFilePath!, currentContents, 'utf-8');\n }\n }\n\n debug('setting up extra file watchers for:', extraFilePaths);\n for (const filePath of extraFilePaths) {\n watchedExtraFiles.add(filePath);\n fs.watchFile(filePath, { interval: 500 }, () => {\n triggerNextReload(filePath);\n });\n }\n}\n\nfunction detectOpenNextCloudflareBuild() {\n try {\n // the above works if the build is happening within CI, but we may need to do this for local builds or other CI platforms\n // so we can try to detect if we are within an open-next build by looking at the process info\n\n // we will look at the process tree to try to determine if we are in a opennext build\n // process tree looks like:\n // - opennext-cloudflare build > npm run build > next build\n\n // get grandparent process id\n const pppid = parseInt(execSync(`ps -o ppid= -p ${process.ppid}`).toString().trim());\n // const processInfo = execSync('ps -p '+grandparentPid+' -o command');\n // output looks like\n // ---\n // COMMAND\n // node /.../node_modules/.bin/opennextjs-cloudflare build\n //\n // ---\n const commandName = execSync(`ps -p ${pppid} -o command`).toString().split('\\n')[1];\n if (commandName.endsWith('.bin/opennextjs-cloudflare build')) {\n return true;\n }\n } catch (err) {\n // do nothing\n }\n return false;\n}\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nfunction writeResolvedEnvFile() {\n // things get complicated on platforms like vercel/cloudflare, they do some of their own magic to load env vars\n // our loader (this file) will run during the _build_ process, but not when the platform is handling server rendered requests\n // also opennext is needed to run outside of vercel, so that adds other changes\n // so we export an additional .env file which the platform itself will automatically load\n\n const dotEnvStrLines = [];\n for (const [itemKey, itemInfo] of Object.entries(varlockLoadedEnv.config)) {\n if (itemInfo.value !== undefined) dotEnvStrLines.push(`${itemKey}=${JSON.stringify(itemInfo.value)}`);\n }\n\n if (\n detectOpenNextCloudflareBuild()\n || process.env.VERCEL || process.env.WORKERS_CI || process.env._VARLOCK_EXPORT_RESOLVED_ENV_FILE\n ) {\n dotEnvStrLines.unshift(`\n# 🛑 DO NOT CHECK THIS FILE INTO VERSION CONTROL 🛑\n# This file was automatically generated by @varlock/nextjs-integration\n# It contains a _fully resolved env_ to pass to platforms (ex: vercel, cloudflare, etc)\n# that are doing their own magic when booting up nextjs in certain scenarios\n#\n# It likely contains sensitive config data and should be deleted after use\n#\n# @disable # tells varlock to ignore this file\n# ---\n `);\n // this is the fully resolved env, which includes additional metadata about each item\n // our runtime code uses this to provide coerced values, redact sensitive values, etc\n dotEnvStrLines.push(`__VARLOCK_ENV=${JSON.stringify(varlockLoadedEnv)}`);\n\n let resolvedEnvFileName = '.env.production.local';\n if (process.env._VARLOCK_EXPORT_RESOLVED_ENV_FILE && !(['true', '1'].includes(process.env._VARLOCK_EXPORT_RESOLVED_ENV_FILE))) {\n resolvedEnvFileName = process.env._VARLOCK_EXPORT_RESOLVED_ENV_FILE;\n }\n if (!rootDir) throw new Error('expected rootDir to be set');\n const resolvedEnvFilePath = path.resolve(rootDir, resolvedEnvFileName);\n fs.writeFileSync(resolvedEnvFilePath, dotEnvStrLines.join('\\n'), 'utf-8');\n debug('wrote resolved env file:', resolvedEnvFilePath);\n }\n}\n\n// - these methods are the same as the original module -----------------\n\nexport function updateInitialEnv(newEnv: Env) {\n if (Object.keys(newEnv).length) {\n debug('updateInitialEnv', newEnv);\n Object.assign(initialEnv || {}, newEnv);\n }\n}\n\ntype Log = {\n info: (...args: Array<any>) => void\n error: (...args: Array<any>) => void\n};\n\nfunction replaceProcessEnv(sourceEnv: Env) {\n Object.keys(process.env).forEach((key) => {\n // Allow mutating internal Next.js env variables after the server has initiated.\n // This is necessary for dynamic things like the IPC server port.\n if (!key.startsWith('__NEXT_PRIVATE')) {\n if (sourceEnv[key] === undefined || sourceEnv[key] === '') {\n delete process.env[key];\n }\n }\n });\n\n Object.entries(sourceEnv).forEach(([key, value]) => {\n process.env[key] = value;\n });\n}\n\n// in original module, but does not appear to be used\nexport function processEnv(\n _loadedEnvFiles: LoadedEnvFiles,\n _dir?: string,\n _log: Log = console,\n _forceReload = false,\n _onReload?: (envFilePath: string) => void,\n) {\n return [process.env];\n}\n\nexport function resetEnv() {\n if (initialEnv) {\n replaceProcessEnv(initialEnv);\n }\n}\n\ntype LoadedEnvConfig = {\n combinedEnv: Env\n parsedEnv: Env | undefined\n loadedEnvFiles: LoadedEnvFiles\n};\n\nlet loadCount = 0;\n\nexport function loadEnvConfig(\n dir: string,\n dev?: boolean,\n _log: Log = console,\n forceReload = false,\n _onReload?: (envFilePath: string) => void,\n): LoadedEnvConfig {\n // store actual process.env so we can restore it later\n initialEnv ||= { ...process.env };\n\n loadCount++;\n debug('loadEnvConfig!', 'forceReload = ', forceReload);\n\n // onReload is used to show a log of which .env file changed\n // TODO: add similar log to show which env file changed\n\n rootDir ||= dir;\n if (rootDir !== dir) throw new Error('root directory changed');\n\n // Always watch .env.schema early — even before the first successful load —\n // so that if the load fails (e.g. validation error), the user can fix the\n // schema and have the dev server automatically retry without a restart.\n if (dev) enableExtraFileWatchers([], undefined);\n\n let useCachedEnv = !!process.env.__VARLOCK_ENV;\n if (forceReload) {\n // Throttle reloads to at most once per second to avoid spinning during\n // rapid file-change bursts (Next.js may fire multiple events per edit)\n if (!lastReloadAt || lastReloadAt.getTime() < Date.now() - 1000) {\n lastReloadAt = new Date();\n useCachedEnv = false;\n }\n }\n\n if (useCachedEnv) {\n if (!varlockLoadedEnv) {\n varlockLoadedEnv = JSON.parse(process.env.__VARLOCK_ENV || '{}');\n parsedEnv = Object.fromEntries(\n Object.entries(varlockLoadedEnv.config).map(([key, value]) => [key, value.value]),\n );\n\n resetRedactionMap(varlockLoadedEnv);\n debug('patching console with varlock redactor');\n patchGlobalConsole();\n }\n\n combinedEnv = { ...initialEnv, ...parsedEnv };\n\n if (dev) enableExtraFileWatchers(varlockLoadedEnv.sources, varlockLoadedEnv.basePath);\n\n debug('>> USING CACHED ENV');\n\n return { combinedEnv, parsedEnv, loadedEnvFiles };\n }\n\n lastReloadAt = new Date();\n\n debug('>> RELOADING ENV');\n replaceProcessEnv(initialEnv);\n\n // we must match @next/env default behaviour for which .env.XXX files to load\n // which is based on the current command (`next dev` vs `next build`) and `NODE_ENV=test`\n // however we will pass it through and let the user ignore it by setting their own `@currentEnv`\n let envFromNextCommand = dev ? 'development' : 'production';\n if (process.env.NODE_ENV === 'test') envFromNextCommand = 'test';\n debug('Inferred env mode (to match @next/env):', envFromNextCommand);\n\n try {\n // strip DEBUG_VARLOCK from env to prevent debug output from contaminating JSON stdout\n const cleanEnv = { ...initialEnv };\n delete cleanEnv.DEBUG_VARLOCK;\n const varlockLoadedEnvStr = execSyncVarlock(`load --format json-full --env ${envFromNextCommand}`, {\n showLogsOnError: true,\n // in a build, we want to fail and exit, while in dev we can keep retrying when changes are detected\n exitOnError: !dev,\n env: cleanEnv as any,\n });\n if (loadCount >= 2) {\n // eslint-disable-next-line no-console\n console.log('✅ env reloaded and validated');\n }\n varlockLoadedEnv = JSON.parse(varlockLoadedEnvStr);\n } catch (err) {\n // this error message comes from execSyncVarlock when it cannot find varlock\n if ((err as any).message.includes('Unable to find varlock executable')) {\n // eslint-disable-next-line no-console\n console.error([\n '',\n '❌ ERROR: varlock not found',\n 'varlock is a required peer dependency of @varlock/nextjs-integration',\n '',\n 'Please add varlock as a dependency to your project (e.g., `npm install varlock`)',\n ].join('\\n'));\n process.exit(1);\n }\n\n // showLogsOnError already printed the formatted CLI output above,\n // so we only add a short note here (err.message duplicates stderr)\n // eslint-disable-next-line no-console\n console.error('[varlock] ⚠️ failed to load env — see error above');\n\n // if we dont do this, we'll see an error that looks like `process.env.__VARLOCK_ENV is not set` which is misleading.\n // Ideally we would pass through an error of some kind and trigger the webpack runtime error popup\n process.env.__VARLOCK_ENV = JSON.stringify({\n sources: [],\n config: {},\n settings: {},\n });\n\n return { combinedEnv: {}, parsedEnv: {}, loadedEnvFiles: [] };\n }\n\n parsedEnv = {};\n for (const [itemKey, itemInfo] of Object.entries(varlockLoadedEnv.config)) {\n parsedEnv[itemKey] = itemInfo.value;\n }\n debug('LOADED ENV:', parsedEnv);\n process.env.__VARLOCK_ENV = JSON.stringify(varlockLoadedEnv);\n initVarlockEnv(); // calling this will set process.env vars\n\n resetRedactionMap(varlockLoadedEnv);\n debug('patching console with varlock redactor');\n patchGlobalConsole();\n\n combinedEnv = { ...initialEnv, ...parsedEnv };\n loadedEnvFiles = getVarlockSourcesAsLoadedEnvFiles();\n\n // Set up watchers for source files that Next.js doesn't natively watch.\n // Called after every reload so newly-added sources get watched too.\n if (dev) enableExtraFileWatchers(varlockLoadedEnv.sources, varlockLoadedEnv.basePath);\n\n // write a resolved .env file for platforms like Vercel/Cloudflare that need\n // pre-resolved env values at runtime (they don't re-run @next/env on boot)\n // TODO: re-enable once we verify instrumentation approach works for prod\n // if (!dev) writeResolvedEnvFile();\n\n return { combinedEnv, parsedEnv, loadedEnvFiles };\n}\n"]}
package/dist/plugin.js CHANGED
@@ -5,6 +5,7 @@ var path2 = require('path');
5
5
  var env = require('varlock/env');
6
6
  var patchConsole = require('varlock/patch-console');
7
7
  var patchServerResponse = require('varlock/patch-server-response');
8
+ require('varlock');
8
9
 
9
10
  function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
10
11
 
package/dist/plugin.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/webpack-plugin.ts","../src/turbopack-runtime-inject.ts","../src/plugin.ts"],"names":["debug","patchGlobalFsMethods","varlockSettings","patchGlobalServerResponse","scanForLeaks","fs","redactSensitiveConfig","path","patchGlobalConsole","initVarlockEnv","getRedactionMapInfo"],"mappings":";;;;;;;;;;;;;;;;;;;AAUA,IAAM,mBAAA,GAAsB,0BAAA;AAO5B,IAAI,sBAAA;AACJ,SAAS,8BAA8BA,MAAAA,EAAsC;AAC3E,EAAA,OAAO,IAAI,KAAA,CAAM,EAAC,EAA6B;AAAA,IAC7C,QAAQ,OAAA,EAAS;AACf,MAAA,sBAAA,GAAyB,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,iBAAiB,IAAI,CAAA;AACrE,MAAA,MAAM,cAAc,EAAC;AACrB,MAAA,KAAA,MAAW,OAAA,IAAW,uBAAuB,MAAA,EAAQ;AACnD,QAAA,MAAM,IAAA,GAAO,sBAAA,CAAuB,MAAA,CAAO,OAAO,CAAA;AAClD,QAAA,IAAI,CAAC,IAAA,CAAK,WAAA,cAAyB,IAAA,CAAK,CAAA,IAAA,EAAO,OAAO,CAAA,CAAE,CAAA;AAAA,MAC1D;AACA,MAAAA,MAAAA,CAAM,qCAAqC,WAAW,CAAA;AACtD,MAAA,OAAO,WAAA;AAAA,IACT,CAAA;AAAA,IACA,wBAAA,CAAyB,SAAS,IAAA,EAAM;AACtC,MAAA,MAAM,UAAU,IAAA,CAAK,QAAA,GAAW,KAAA,CAAM,GAAG,EAAE,CAAC,CAAA;AAC5C,MAAA,MAAM,IAAA,GAAO,sBAAA,EAAwB,MAAA,CAAO,OAAO,CAAA;AACnD,MAAA,IAAI,CAAC,IAAA,IAAQ,IAAA,CAAK,WAAA,EAAa;AAC/B,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,EAAA;AAAA;AAAA,QACP,QAAA,EAAU,KAAA;AAAA,QACV,UAAA,EAAY,IAAA;AAAA,QACZ,YAAA,EAAc;AAAA,OAChB;AAAA,IACF,CAAA;AAAA,IACA,GAAA,CAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAM,UAAU,IAAA,CAAK,QAAA,GAAW,KAAA,CAAM,GAAG,EAAE,CAAC,CAAA;AAC5C,MAAA,MAAM,IAAA,GAAO,sBAAA,EAAwB,MAAA,CAAO,OAAO,CAAA;AACnD,MAAA,IAAI,IAAA,IAAQ,CAAC,IAAA,CAAK,WAAA,SAAoB,IAAA,CAAK,SAAA,CAAU,KAAK,KAAK,CAAA;AAAA,IACjE;AAAA,GACD,CAAA;AACH;AAEO,SAAS,qBAAA,CACd,kBAAA,EACAC,qBAAAA,EACAD,MAAAA,EACA,OAAA,EACA;AACA,EAAA,MAAM,uBAAA,GAA0B,8BAA8BA,MAAK,CAAA;AAEnE,EAAA,OAAO,SAAS,eAAA,CAAgB,aAAA,EAAoB,OAAA,EAAc;AAChE,IAAAA,OAAM,iDAAiD,CAAA;AAEvD,IAAA,MAAM,EAAE,KAAI,GAAI,OAAA;AAIhB,IAAA,IAAI,OAAA,EAASC,qBAAAA,EAAqB;AAElC,IAAA,IAAIC,oBAAgB,YAAA,EAAc;AAEhC,MAAAC,6CAAA,CAA0B;AAAA,QACxB,iBAAA,EAAmB;AAAA,UACjB,4BAAA;AAAA;AAAA,UACA;AAAA;AAAA,SACF;AAAA;AAAA,QAEA,oBAAA,EAAsB;AAAA,OACvB,CAAA;AAAA,IACH;AAGA,IAAA,MAAM,UAAU,OAAA,CAAQ,OAAA;AAGxB,IAAA,IAAI,mBAAmB,OAAA,EAAS;AAC9B,MAAA,aAAA,GAAgB,kBAAA,CAAmB,OAAA,CAAQ,aAAA,EAAe,OAAO,CAAA;AAAA,IACnE;AAEA,IAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,eAAe,MAAM,IAAI,MAAM,oDAAoD,CAAA;AASpG,IAAA,IAAI,OAAA,CAAQ,QAAA,IAAY,OAAA,CAAQ,WAAA,KAAgB,MAAA,EAAQ;AACtD,MAAA,aAAA,CAAc,MAAA,CAAO,MAAM,IAAA,CAAK;AAAA,QAC9B,IAAA,EAAM,4BAAA;AAAA,QACN,OAAA,EAAS,cAAA;AAAA,QACT,GAAA,EAAK;AAAA,UACH;AAAA,YACE,MAAA,EAAQ,SAAA,CAAQ,OAAA,CAAQ,UAAU,CAAA;AAAA,YAClC,OAAA,EAAS,EAAE,OAAA,EAAS,SAAA;AAAU;AAChC;AACF,OACD,CAAA;AAAA,IACH;AAIA,IAAA,IAAI,OAAA,CAAQ,QAAA,IAAY,OAAA,CAAQ,WAAA,KAAgB,MAAA,EAAQ;AACtD,MAAA,aAAA,CAAc,MAAA,CAAO,MAAM,IAAA,CAAK;AAAA,QAC9B,IAAA,EAAM,4BAAA;AAAA,QACN,OAAA,EAAS,cAAA;AAAA,QACT,GAAA,EAAK;AAAA,UACH;AAAA,YACE,MAAA,EAAQ,SAAA,CAAQ,OAAA,CAAQ,UAAU,CAAA;AAAA,YAClC,OAAA,EAAS,EAAE,OAAA,EAAS,SAAA,EAAW,QAAQ,IAAA;AAAK;AAC9C;AACF,OACD,CAAA;AAAA,IACH;AAIA,IAAAH,OAAM,iDAAiD,CAAA;AACvD,IAAA,aAAA,CAAc,QAAQ,IAAA,CAAK,IAAI,OAAA,CAAQ,YAAA,CAAa,uBAAuB,CAAC,CAAA;AAE5E,IAAA,IAAIE,oBAAgB,YAAA,EAAc;AAChC,MAAA,aAAA,CAAc,QAAQ,IAAA,CAAK;AAAA,QACzB,MAAM,QAAA,EAAe;AACnB,UAAA,QAAA,CAAS,MAAM,YAAA,CAAa,GAAA,CAAI,mBAAA,EAAqB,CAAC,OAAY,YAAA,KAAsB;AACtF,YAAA,MAAM,EAAE,OAAA,EAAS,UAAA,EAAW,GAAI,YAAA;AAEhC,YAAA,IACE,WAAW,QAAA,CAAS,uBAAuB,KACxC,UAAA,CAAW,QAAA,CAAS,OAAO,CAAA,EAE9B;AAGA,cAAA,IAAI;AACF,gBAAAE,gBAAA,CAAa,OAAA,EAAS;AAAA,kBACpB,MAAA,EAAQ,wDAAA;AAAA,kBACR,IAAA,EAAM;AAAA,iBACP,CAAA;AAAA,cACH,SAAS,GAAA,EAAK;AACZ,gBAAA,IAAI,GAAA,EAAK;AAEP,kBAAAC,oBAAA,CAAG,cAAc,UAAA,EAAYC,yBAAA,CAAsB,OAAA,CAAQ,QAAA,EAAU,CAAC,CAAA;AAAA,gBACxE,CAAA,MAAO;AACL,kBAAA,MAAM,GAAA;AAAA,gBACR;AAAA,cACF;AAAA,YACF;AAAA,UACF,CAAC,CAAA;AAAA,QACH;AAAA,OACD,CAAA;AAAA,IACH;AAMA,IAAA,SAAS,mCAAA,CAAoC,cAAc,KAAA,EAAO;AAChE,MAAA,OAAO,SAAS,cAAc,UAAA,EAAiB;AAC7C,QAAA,MAAM,aAAA,GAAgB,WAAW,MAAA,EAAO;AAExC,QAAA,MAAM,cAAA,GAAiB,cAAc,WAAA,GAAc,aAAA;AACnD,QAAA,MAAM,YAAA,GAAe,SAAA,CAAQ,OAAA,CAAQ,CAAA,QAAA,EAAW,cAAc,CAAA,CAAE,CAAA;AAChE,QAAA,MAAM,WAAA,GAAcD,oBAAA,CAAG,YAAA,CAAa,YAAA,EAAc,MAAM,CAAA;AAIxD,QAAA,MAAM,MAAA,GAAS,QAAQ,GAAA,CAAI,aAAA;AAC3B,QAAA,MAAM,YAAY,MAAA,GACd,CAAA,yDAAA,EAA4D,KAAK,SAAA,CAAU,MAAM,CAAC,CAAA,CAAA,CAAA,GAClF,EAAA;AAEJ,QAAA,MAAM,gBAAA,GAAmB;AAAA,UACvB,SAAA;AAAA;AAAA;AAAA,UAGA,6BAA6B,WAAW,CAAA,oBAAA,CAAA;AAAA,UACxC;AAAA,SACF,CAAE,KAAK,IAAI,CAAA;AAEX,QAAA,OAAO,IAAI,OAAA,CAAQ,OAAA,CAAQ,SAAA,CAAU,gBAAgB,CAAA;AAAA,MACvD,CAAA;AAAA,IACF;AAEA,IAAA,MAAM,aAAA,GAAgB,QAAQ,WAAA,KAAgB,MAAA;AAC9C,IAAA,aAAA,CAAc,QAAQ,IAAA,CAAK;AAAA,MACzB,MAAM,QAAA,EAAe;AACnB,QAAA,QAAA,CAAS,KAAA,CAAM,eAAA,CAAgB,GAAA,CAAI,mBAAA,EAAqB,CAAC,WAAA,KAAqB;AAC5E,UAAA,WAAA,CAAY,MAAM,aAAA,CAAc,GAAA;AAAA,YAC9B;AAAA,cACE,IAAA,EAAM,mBAAA;AAAA,cACN,KAAA,EAAO,QAAQ,WAAA,CAAY;AAAA,aAC7B;AAAA,YACA,MAAM;AACJ,cAAA,IAAI,aAAA,EAAe;AAEjB,gBAAA,IAAI,WAAA,CAAY,QAAA,CAAS,yBAAyB,CAAA,EAAG;AACnD,kBAAA,WAAA,CAAY,WAAA,CAAY,yBAAA,EAA2B,mCAAA,CAAoC,IAAI,CAAC,CAAA;AAAA,gBAC9F;AAEA,gBAAA,KAAA,MAAW,IAAA,IAAQ,CAAC,oBAAA,EAAsB,uBAAuB,CAAA,EAAG;AAClE,kBAAA,IAAI,WAAA,CAAY,QAAA,CAAS,IAAI,CAAA,EAAG;AAC9B,oBAAA,WAAA,CAAY,WAAA,CAAY,IAAA,EAAM,mCAAA,CAAoC,IAAI,CAAC,CAAA;AAAA,kBACzE;AAAA,gBACF;AAAA,cACF,CAAA,MAAA,IAAW,QAAQ,QAAA,EAAU;AAE3B,gBAAA,KAAA,MAAW,QAAQ,CAAC,oBAAA,EAAsB,uBAAA,EAAyB,wBAAA,EAA0B,2BAA2B,CAAA,EAAG;AACzH,kBAAA,IAAI,WAAA,CAAY,QAAA,CAAS,IAAI,CAAA,EAAG;AAC9B,oBAAA,WAAA,CAAY,WAAA,CAAY,IAAA,EAAM,mCAAA,EAAqC,CAAA;AAAA,kBACrE;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,WACF;AAAA,QACF,CAAC,CAAA;AAAA,MACH;AAAA,KACD,CAAA;AAED,IAAA,OAAO,aAAA;AAAA,EACT,CAAA;AACF;ACjOA,SAAS,SAAS,IAAA,EAAkB;AAClC,EAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,8BAAA,EAAgC;AAEjD,EAAA,OAAA,CAAQ,GAAA,CAAI,WAAA,EAAa,GAAG,IAAI,CAAA;AAClC;AAWA,IAAI,wBAAA,GAA2B,KAAA;AACxB,SAAS,sCAAsC,WAAA,EAAqB;AACzE,EAAA,IAAI,wBAAA,EAA0B;AAE9B,EAAA,MAAM,MAAA,GAAS,QAAQ,GAAA,CAAI,aAAA;AAC3B,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA;AAAA,EACF;AAKA,EAAA,MAAM,qBAAoC,EAAC;AAC3C,EAAA,MAAM,mBAAkC,EAAC;AACzC,EAAA,MAAM,OAAA,GAAU,CAAC,GAAA,KAAgB;AAC/B,IAAA,IAAI,CAACA,oBAAAA,CAAG,UAAA,CAAW,GAAG,CAAA,EAAG;AACzB,IAAA,KAAA,MAAW,KAAA,IAASA,qBAAG,WAAA,CAAY,GAAA,EAAK,EAAE,aAAA,EAAe,IAAA,EAAM,CAAA,EAAG;AAChE,MAAA,IAAI,KAAA,CAAM,aAAY,EAAG;AACvB,QAAA,OAAA,CAAQE,sBAAA,CAAK,IAAA,CAAK,GAAA,EAAK,KAAA,CAAM,IAAI,CAAC,CAAA;AAAA,MACpC,CAAA,MAAA,IAAW,KAAA,CAAM,IAAA,KAAS,wBAAA,EAA0B;AAClD,QAAA,kBAAA,CAAmB,KAAKA,sBAAA,CAAK,IAAA,CAAK,GAAA,EAAK,KAAA,CAAM,IAAI,CAAC,CAAA;AAAA,MACpD,CAAA,MAAA,IAAW,KAAA,CAAM,IAAA,CAAK,QAAA,CAAS,cAAc,KAAK,KAAA,CAAM,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA,EAAG;AAC5E,QAAA,gBAAA,CAAiB,KAAKA,sBAAA,CAAK,IAAA,CAAK,GAAA,EAAK,KAAA,CAAM,IAAI,CAAC,CAAA;AAAA,MAClD;AAAA,IACF;AAAA,EACF,CAAA;AACA,EAAA,OAAA,CAAQ,WAAW,CAAA;AAEnB,EAAA,KAAA,CAAM,sCAAsC,kBAAA,CAAmB,MAAM,CAAA,uBAAA,EAA0B,gBAAA,CAAiB,MAAM,CAAA,mBAAA,CAAqB,CAAA;AAE3I,EAAA,IAAI,CAAC,mBAAmB,MAAA,EAAQ;AAG9B,IAAA;AAAA,EACF;AAGA,EAAA,wBAAA,GAA2B,IAAA;AAG3B,EAAA,MAAM,gBAAgBF,oBAAAA,CAAG,YAAA,CAAa,UAAQ,OAAA,CAAQ,qBAAqB,GAAG,MAAM,CAAA;AACpF,EAAA,MAAM,cAAcA,oBAAAA,CAAG,YAAA,CAAa,UAAQ,OAAA,CAAQ,mBAAmB,GAAG,MAAM,CAAA;AAChF,EAAA,MAAM,SAAA,GAAY,CAAA,yDAAA,EAA4D,IAAA,CAAK,SAAA,CAAU,MAAM,CAAC,CAAA,CAAA,CAAA;AAIpG,EAAA,MAAM,QAAA,GAAW,CAAC,GAAA,KAAgB,CAAA,0BAAA,EAA6B,GAAG,CAAA,oBAAA,CAAA;AAGlE,EAAA,KAAA,MAAW,eAAe,kBAAA,EAAoB;AAC5C,IAAA,MAAM,UAAA,GAAaA,oBAAAA,CAAG,YAAA,CAAa,WAAA,EAAa,MAAM,CAAA;AACtD,IAAA,MAAM,aAAA,GAAgB;AAAA,MACpB,SAAA;AAAA,MACA,SAAS,aAAa,CAAA;AAAA,MACtB;AAAA,KACF,CAAE,KAAK,IAAI,CAAA;AACX,IAAAA,oBAAAA,CAAG,aAAA,CAAc,WAAA,EAAa,aAAa,CAAA;AAC3C,IAAA,KAAA,CAAM,CAAA,6CAAA,EAAgD,WAAW,CAAA,CAAE,CAAA;AAAA,EACrE;AAGA,EAAA,KAAA,MAAW,eAAe,gBAAA,EAAkB;AAC1C,IAAA,MAAM,UAAA,GAAaA,oBAAAA,CAAG,YAAA,CAAa,WAAA,EAAa,MAAM,CAAA;AACtD,IAAA,MAAM,aAAA,GAAgB;AAAA,MACpB,SAAA;AAAA,MACA,SAAS,WAAW,CAAA;AAAA,MACpB;AAAA,KACF,CAAE,KAAK,IAAI,CAAA;AACX,IAAAA,oBAAAA,CAAG,aAAA,CAAc,WAAA,EAAa,aAAa,CAAA;AAC3C,IAAA,KAAA,CAAM,CAAA,sCAAA,EAAyC,WAAW,CAAA,CAAE,CAAA;AAAA,EAC9D;AACF;AAEO,SAAS,0BAAA,GAA6B;AAC3C,EAAA,OAAO,wBAAA;AACT;;;AC3EA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe;AAC9B,EAAA,OAAA,CAAQ,KAAA,CAAM;AAAA,IACZ,0DAAA;AAAA,IACA,EAAA;AAAA,IACA,gFAAA;AAAA,IACA,kEAAA;AAAA,IACA;AAAA,GACF,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AACZ,EAAA,MAAM,IAAI,MAAM,oDAAoD,CAAA;AACtE;AAEAG,+BAAA,EAAmB;AAInB,IAAM,YAAA,GAAe,CAAC,EACpB,OAAA,CAAQ,GAAA,CAAI,SAAA,IACT,OAAA,CAAQ,GAAA,CAAI,aAAA,IACZ,OAAA,CAAQ,GAAA,CAAI,eAAA,IACZ,QAAQ,GAAA,CAAI,oBAAA,CAAA;AAMjB,IAAI,YAAA,IAAgBN,oBAAgB,YAAA,EAAc;AAChD,EAAAC,6CAAAA,CAA0B;AAAA,IACxB,iBAAA,EAAmB;AAAA,MACjB,4BAAA;AAAA;AAAA,MACA;AAAA;AAAA,KACF;AAAA;AAAA,IAEA,oBAAA,EAAsB;AAAA,GACvB,CAAA;AACH;AAEA,IAAM,SAAA,GAAY,CAAC,CAAC,OAAA,CAAQ,GAAA,CAAI,mBAAA;AAChC,SAASH,UAAS,IAAA,EAAkB;AAClC,EAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,8BAAA,EAAgC;AACjD,EAAA,OAAA,CAAQ,GAAA;AAAA,IACN,QAAA;AAAA,IACA,YAAY,WAAA,GAAc,UAAA;AAAA,IAC1B,IAAA;AAAA,IACA,GAAG;AAAA,GACL;AACF;AACAA,MAAAA,CAAM,wDAAmD,CAAA;AAMzD,IAAI,kBAAA,GAAqB,KAAA;AACzB,eAAe,gBAAgB,WAAA,EAAqB;AAClD,EAAA,kBAAA,GAAqB,IAAA;AACrB,EAAA,WAAA,MAAiB,QAAQK,oBAAAA,CAAG,QAAA,CAAS,KAAK,CAAA,EAAG,WAAW,YAAY,CAAA,EAAG;AACrE,IAAA,MAAM,eAAe,MAAMA,oBAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,MAAM,MAAM,CAAA;AAC5D,IAAAD,iBAAa,YAAA,EAAc,EAAE,MAAA,EAAQ,+BAAA,EAAiC,MAAM,CAAA;AAAA,EAC9E;AACF;AAEA,IAAI,kBAAA,GAAqB,KAAA;AACzB,eAAe,gBAAgB,WAAA,EAAqB;AAClD,EAAA,IAAI,kBAAA,EAAoB;AACxB,EAAA,kBAAA,GAAqB,IAAA;AAGrB,EAAA,MAAM,WAA+B,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,iBAAiB,IAAI,CAAA;AACjF,EAAA,MAAM,kBAAiE,EAAC;AACxE,EAAA,KAAA,MAAW,OAAA,IAAW,SAAS,MAAA,EAAQ;AACrC,IAAA,MAAM,IAAA,GAAO,QAAA,CAAS,MAAA,CAAO,OAAO,CAAA;AACpC,IAAA,IAAI,IAAA,CAAK,WAAA,IAAe,IAAA,CAAK,KAAA,IAAS,OAAO,IAAA,CAAK,KAAA,KAAU,QAAA,IAAY,IAAA,CAAK,KAAA,CAAM,MAAA,GAAS,CAAA,EAAG;AAE7F,MAAA,eAAA,CAAgB,IAAA,CAAK;AAAA,QACnB,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,WAAA,EAAa,GAAA,CAAI,MAAA,CAAO,IAAA,CAAK,MAAM,MAAM;AAAA,OAC1C,CAAA;AAAA,IACH;AAAA,EACF;AACA,EAAA,IAAI,CAAC,gBAAgB,MAAA,EAAQ;AAC3B,IAAAJ,OAAM,8CAA8C,CAAA;AACpD,IAAA;AAAA,EACF;AAEA,EAAA,eAAA,CAAgB,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,EAAE,KAAA,CAAM,MAAA,GAAS,CAAA,CAAE,KAAA,CAAM,MAAM,CAAA;AAE9D,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,WAAA,MAAiB,WAAWK,oBAAAA,CAAG,QAAA,CAAS,KAAK,CAAA,EAAG,WAAW,WAAW,CAAA,EAAG;AACvE,IAAA,MAAM,WAAW,MAAMA,oBAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,SAAS,MAAM,CAAA;AAC3D,IAAA,IAAI,QAAA,GAAW,QAAA;AACf,IAAA,KAAA,MAAW,EAAE,KAAA,EAAO,WAAA,EAAY,IAAK,eAAA,EAAiB;AACpD,MAAA,QAAA,GAAW,QAAA,CAAS,UAAA,CAAW,KAAA,EAAO,WAAW,CAAA;AAAA,IACnD;AACA,IAAA,IAAI,aAAa,QAAA,EAAU;AACzB,MAAA,MAAMA,oBAAAA,CAAG,QAAA,CAAS,SAAA,CAAU,OAAA,EAAS,QAAQ,CAAA;AAC7C,MAAA,UAAA,EAAA;AAAA,IACF;AAAA,EACF;AACA,EAAAL,MAAAA,CAAM,CAAA,+BAAA,EAAkC,UAAU,CAAA,gBAAA,CAAkB,CAAA;AACtE;AAEA,IAAI,kBAAA,GAAqB,KAAA;AACzB,eAAe,uBAAA,CAAwB,aAAqB,IAAA,EAAgC;AAC1F,EAAA,IAAI,kBAAA,EAAoB;AACxB,EAAA,kBAAA,GAAqB,IAAA;AAIrB,EAAA,IAAI,eAAeE,mBAAAA,CAAgB,YAAA;AACnC,EAAA,IAAI,YAAA,KAAiB,MAAA,IAAa,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAA+B,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,IAAI,aAAa,CAAA;AACzE,MAAA,YAAA,GAAe,SAAS,QAAA,EAAU,YAAA;AAAA,IACpC,CAAA,CAAA,MAAQ;AAAA,IAAe;AAAA,EACzB;AAGA,EAAA,IAAI,OAAA,CAAQ,IAAI,aAAA,EAAe;AAE7B,IAAA,IAAI;AAAE,MAAAO,kBAAA,EAAe;AAAA,IAAG,CAAA,CAAA,MAAQ;AAAA,IAA+C;AAAA,EACjF;AACA,EAAA,MAAM,gBAAgBC,uBAAA,EAAoB;AAC1C,EAAAV,MAAAA,CAAM,yCAAyC,YAAY,CAAA,gBAAA,EAAmB,KAAK,SAAA,CAAU,aAAa,CAAC,CAAA,CAAE,CAAA;AAC7G,EAAA,IAAI,CAAC,YAAA,EAAc;AAEnB,EAAA,MAAM,cAA6B,EAAC;AACpC,EAAA,IAAI,YAAA,GAAe,CAAA;AAInB,EAAA,WAAA,MAAiB,QAAQK,oBAAAA,CAAG,QAAA,CAAS,KAAK,CAAA,EAAG,WAAW,wBAAwB,CAAA,EAAG;AACjF,IAAA,YAAA,EAAA;AACA,IAAA,MAAM,eAAe,MAAMA,oBAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,MAAM,MAAM,CAAA;AAC5D,IAAA,IAAI;AACF,MAAAD,iBAAa,YAAA,EAAc;AAAA,QACzB,MAAA,EAAQ,wCAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,GAAA,EAAK;AACZ,MAAA,WAAA,CAAY,KAAK,IAAI,CAAA;AAErB,MAAA,MAAMC,qBAAG,QAAA,CAAS,SAAA,CAAU,IAAA,EAAMC,yBAAAA,CAAsB,YAAY,CAAC,CAAA;AAAA,IACvE;AAAA,EACF;AAEA,EAAAN,MAAAA,CAAM,CAAA,QAAA,EAAW,YAAY,CAAA,uBAAA,EAA0B,WAAW,CAAA,eAAA,CAAiB,CAAA;AAKnF,EAAA,KAAA,MAAW,GAAA,IAAO,CAAC,MAAM,CAAA,EAAG;AAC1B,IAAA,WAAA,MAAiB,IAAA,IAAQK,qBAAG,QAAA,CAAS,IAAA,CAAK,GAAG,WAAW,CAAA,MAAA,EAAS,GAAG,CAAA,CAAE,CAAA,EAAG;AACvE,MAAA,YAAA,EAAA;AACA,MAAA,MAAM,eAAe,MAAMA,oBAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,MAAM,MAAM,CAAA;AAC5D,MAAA,IAAI;AACF,QAAAD,iBAAa,YAAA,EAAc;AAAA,UACzB,MAAA,EAAQ,4BAA4B,GAAG,CAAA,CAAA,CAAA;AAAA,UACvC;AAAA,SACD,CAAA;AAAA,MACH,SAAS,GAAA,EAAK;AACZ,QAAA,WAAA,CAAY,KAAK,IAAI,CAAA;AACrB,QAAA,MAAMC,qBAAG,QAAA,CAAS,SAAA,CAAU,IAAA,EAAMC,yBAAAA,CAAsB,YAAY,CAAC,CAAA;AAAA,MACvE;AAAA,IACF;AAAA,EACF;AAEA,EAAAN,MAAAA,CAAM,CAAA,QAAA,EAAW,YAAY,CAAA,yBAAA,CAA2B,CAAA;AAExD,EAAA,IAAI,WAAA,CAAY,SAAS,CAAA,EAAG;AAC1B,IAAA,MAAM,GAAA,GAAM,CAAA,4DAAA,EAAqD,WAAA,CAAY,MAAM,CAAA;AAAA,EAA2B,WAAA,CAAY,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,IAAA,EAAO,CAAC,CAAA,CAAE,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAC3J,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,MAAM,IAAI,MAAM,GAAG,CAAA;AAAA,IACrB;AACA,IAAA,OAAA,CAAQ,MAAM,GAAG,CAAA;AAAA,EACnB,CAAA,MAAO;AACL,IAAAA,OAAM,uCAAkC,CAAA;AAAA,EAC1C;AACF;AAMA,SAAS,oBAAA,GAAuB;AAC9B,EAAAA,OAAM,4BAA4B,CAAA;AAElC,EAAA,MAAM,eAAA,GAAkBK,qBAAG,QAAA,CAAS,SAAA;AACpC,EAAAA,oBAAAA,CAAG,QAAA,CAAS,SAAA,GAAY,eAAe,wBAAwB,IAAA,EAAM;AACnE,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,CAAC,CAAA,CAAE,QAAA,EAAS;AAClC,IAAAL,MAAAA,CAAM,0BAA0B,QAAQ,CAAA;AAIxC,IAAA,IAAI,CAAC,0BAAA,EAA2B,IAAK,QAAA,CAAS,QAAA,CAAS,2BAA2B,CAAA,EAAG;AACnF,MAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,GAAG,QAAA,CAAS,WAAA,CAAY,GAAG,CAAC,CAAA;AACnE,MAAA,qCAAA,CAAsC,WAAW,CAAA;AAAA,IACnD;AAEA,IAAA,IAAI,QAAA,CAAS,QAAA,CAAS,gCAAgC,CAAA,IAAK,CAAC,kBAAA,EAAoB;AAC9E,MAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,GAAG,QAAA,CAAS,WAAA,CAAY,GAAG,CAAC,CAAA;AACnE,MAAA,MAAM,gBAAgB,WAAW,CAAA;AAAA,IACnC;AAGA,IAAA,IACE,SAAS,QAAA,CAAS,gCAAgC,KAC/C,QAAA,CAAS,QAAA,CAAS,gCAAgC,CAAA,EACrD;AACA,MAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,GAAG,QAAA,CAAS,WAAA,CAAY,GAAG,CAAC,CAAA;AACnE,MAAA,IAAI,CAAC,kBAAA,EAAoB,MAAM,eAAA,CAAgB,WAAW,CAAA;AAC1D,MAAA,IAAI,CAAC,oBAAoB,MAAM,uBAAA,CAAwB,aAAa,EAAE,SAAA,EAAW,MAAM,CAAA;AAAA,IACzF;AAEA,IAAA,OAAO,eAAA,CAAgB,IAAA,CAAK,IAAA,EAAM,GAAG,IAAI,CAAA;AAAA,EAC3C,CAAA;AAGA,EAAA,MAAM,sBAAsBK,oBAAAA,CAAG,aAAA;AAC/B,EAAAA,oBAAAA,CAAG,aAAA,GAAgB,SAAS,wBAAA,CAAA,GAA4B,IAAA,EAA2C;AACjG,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,CAAC,CAAA,CAAE,QAAA,EAAS;AAClC,IAAAL,MAAAA,CAAM,qBAAqB,QAAQ,CAAA;AAEnC,IAAA,IAAI,CAAC,0BAAA,EAA2B,IAAK,QAAA,CAAS,QAAA,CAAS,2CAA2C,CAAA,EAAG;AACnG,MAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,GAAG,QAAA,CAAS,WAAA,CAAY,GAAG,CAAC,CAAA;AACnE,MAAA,qCAAA,CAAsC,WAAW,CAAA;AAAA,IACnD;AAEA,IAAA,OAAO,mBAAA,CAAoB,IAAA,CAAK,IAAA,EAAM,GAAG,IAAI,CAAA;AAAA,EAC/C,CAAA;AACF;AAUO,SAAS,wBAAwB,cAAA,EAAuC;AAG7E,EAAA,OAAO,CAAC,UAAA,KAA0E;AAChF,IAAAA,OAAM,iCAAiC,CAAA;AAEvC,IAAA,OAAO,OAAO,OAAe,QAAA,KAA4C;AACvE,MAAA,IAAI,kBAAA;AACJ,MAAA,IAAI,OAAO,eAAe,UAAA,EAAY;AACpC,QAAA,MAAM,kBAAA,GAAqB,UAAA,CAAW,KAAA,EAAO,QAAQ,CAAA;AACrD,QAAA,kBAAA,GAAqB,MAAM,kBAAA;AAAA,MAC7B,CAAA,MAAO;AACL,QAAA,kBAAA,GAAqB,UAAA;AAAA,MACvB;AAGA,MAAA,MAAM,WAAA,GAAc,CAAC,EACnB,OAAA,CAAQ,GAAA,CAAI,SAAA,IACT,OAAA,CAAQ,GAAA,CAAI,aAAA,IACZ,OAAA,CAAQ,GAAA,CAAI,eAAA,IACZ,QAAQ,GAAA,CAAI,oBAAA,CAAA;AAEjB,MAAA,MAAM,UAAU,KAAA,KAAU,wBAAA;AAC1B,MAAAA,OAAM,CAAA,+BAAA,EAAkC,OAAA,CAAQ,IAAI,SAAS,CAAA,gBAAA,EAAmB,QAAQ,GAAA,CAAI,aAAa,qBAAqB,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA,QAAA,EAAW,KAAK,iBAAiB,WAAW,CAAA,UAAA,EAAa,OAAO,CAAA,CAAE,CAAA;AAM3N,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,OAAA,CAAQ,IAAA,CAAK,cAAc,MAAM;AAC/B,UAAA,MAAM,cAAcO,sBAAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,IAAO,OAAO,CAAA;AACvD,UAAA,MAAM,eAAqC,EAAC;AAC5C,UAAA,IAAI,CAAC,kBAAA,EAAoB,YAAA,CAAa,IAAA,CAAK,eAAA,CAAgB,WAAW,CAAC,CAAA;AACvE,UAAA,IAAI,CAAC,kBAAA,EAAoB,YAAA,CAAa,IAAA,CAAK,uBAAA,CAAwB,aAAa,EAAE,SAAA,EAAW,IAAA,EAAM,CAAC,CAAA;AACpG,UAAA,IAAI,YAAA,CAAa,SAAS,CAAA,EAAG;AAG3B,YAAA,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,CAAE,KAAA,CAAM,CAAC,GAAA,KAAQ;AACvC,cAAA,OAAA,CAAQ,KAAA,CAAM,qCAAqC,GAAG,CAAA;AACtD,cAAA,OAAA,CAAQ,QAAA,GAAW,CAAA;AAAA,YACrB,CAAC,CAAA;AAAA,UACH;AAAA,QACF,CAAC,CAAA;AAAA,MACH;AAEA,MAAA,IAAI,WAAA,EAAa;AACf,QAAAP,OAAM,4CAA4C,CAAA;AAGlD,QAAA,IAAI,SAAS,oBAAA,EAAqB;AAGlC,QAAA,IAAI,eAAA,GAAmB,kBAAA,CAA2B,SAAA,IAC5C,kBAAA,CAA2B,YAAA,EAAc,KAAA;AAE/C,QAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,UAAA,eAAA,GAAkB,EAAC;AACnB,UAAC,mBAA2B,SAAA,GAAY,eAAA;AAAA,QAC1C;AAGA,QAAA,MAAM,UAAA,GAAa;AAAA,UACjB,OAAA,EAAS,CAAC,SAAA,CAAQ,OAAA,CAAQ,UAAU,CAAC;AAAA,SACvC;AACA,QAAA,eAAA,CAAgB,UAAU,EAAC;AAC3B,QAAA,eAAA,CAAgB,KAAA,CAAM,2BAA2B,CAAA,GAAI,UAAA;AAKrD,QAAA,MAAM,yBAAyBO,sBAAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,IAAO,sBAAsB,CAAA;AACjF,QAAA,IAAI,WAAA,GAAc,KAAA;AAClB,QAAA,IAAI;AACF,UAAA,WAAA,GAAcF,oBAAAA,CAAG,SAAA,CAAU,sBAAsB,CAAA,CAAE,cAAA,EAAe;AAAA,QACpE,CAAA,CAAA,MAAQ;AAAA,QAAqD;AAE7D,QAAA,IAAI,WAAA,EAAa;AACf,UAAAL,OAAM,wDAAwD,CAAA;AAC9D,UAAA,MAAM,cAAA,GAAiBO,sBAAAA,CAAK,OAAA,CAAQA,sBAAAA,CAAK,OAAA,CAAQ,UAAQ,OAAA,CAAQ,aAAa,CAAC,CAAA,EAAG,IAAI,CAAA;AACtF,UAAA,MAAM,WAAA,GAAcA,sBAAAA,CAAK,OAAA,CAAQ,cAAA,EAAgB,IAAI,CAAA;AACrD,UAAA,MAAM,WAAWA,sBAAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,IAAO,uBAAuB,CAAA;AACpE,UAAA,MAAM,YAAA,GAAeA,sBAAAA,CAAK,IAAA,CAAK,QAAA,EAAU,MAAM,CAAA;AAC/C,UAAA,IAAI;AACF,YAAAF,qBAAG,SAAA,CAAU,QAAA,EAAU,EAAE,SAAA,EAAW,MAAM,CAAA;AAE1C,YAAAA,qBAAG,MAAA,CAAO,cAAA,EAAgB,cAAc,EAAE,SAAA,EAAW,MAAM,CAAA;AAC3D,YAAAA,oBAAAA,CAAG,YAAA,CAAaE,sBAAAA,CAAK,IAAA,CAAK,WAAA,EAAa,cAAc,CAAA,EAAGA,sBAAAA,CAAK,IAAA,CAAK,QAAA,EAAU,cAAc,CAAC,CAAA;AAC3F,YAAAP,MAAAA,CAAM,mCAAmC,QAAQ,CAAA;AAAA,UACnD,SAAS,GAAA,EAAK;AACZ,YAAA,OAAA,CAAQ,IAAA,CAAK,mDAAmD,GAAG,CAAA;AAAA,UACrE;AAEA,UAAA,eAAA,CAAgB,iBAAiB,EAAC;AAClC,UAAA,eAAA,CAAgB,YAAA,CAAa,aAAa,CAAA,GAAI,6CAAA;AAC9C,UAAA,eAAA,CAAgB,YAAA,CAAa,uBAAuB,CAAA,GAAI,uDAAA;AACxD,UAAA,eAAA,CAAgB,YAAA,CAAa,+BAA+B,CAAA,GAAI,+DAAA;AAChE,UAAA,eAAA,CAAgB,YAAA,CAAa,wBAAwB,CAAA,GAAI,wDAAA;AACzD,UAAA,eAAA,CAAgB,YAAA,CAAa,qBAAqB,CAAA,GAAI,sDAAA;AACtD,UAAA,eAAA,CAAgB,YAAA,CAAa,mBAAmB,CAAA,GAAI,oDAAA;AACpD,UAAAA,OAAM,2EAA2E,CAAA;AAAA,QACnF,CAAA,MAAO;AACL,UAAAA,OAAM,6DAA6D,CAAA;AAAA,QACrE;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,GAAG,kBAAA;AAAA,QACH,GAAG,WAAA,IAAe;AAAA,UAChB,WAAY,kBAAA,CAA2B;AAAA,SACzC;AAAA,QACA,GAAG,CAAC,YAAA,IAAgB;AAAA,UAClB,OAAA,EAAS,qBAAA,CAAsB,kBAAA,EAAoB,oBAAA,EAAsBA,QAAO,OAAO;AAAA;AACzF,OACF;AAAA,IACF,CAAA;AAAA,EACF,CAAA;AACF","file":"plugin.js","sourcesContent":["import fs from 'node:fs';\n\nimport {\n redactSensitiveConfig, scanForLeaks, varlockSettings,\n} from 'varlock/env';\nimport { patchGlobalServerResponse } from 'varlock/patch-server-response';\n\nimport { type SerializedEnvGraph } from 'varlock';\nimport type { NextConfig } from 'next';\n\nconst WEBPACK_PLUGIN_NAME = 'VarlockNextWebpackPlugin';\n\n// We use a proxy object for the static replacements that we pass to webpack.DefinePlugin\n// because this plugin/webpack code is not invoked again when env files change\n// instead next is direcly messing with the existing plugins for their own changes\n// so instead we use a proxy object, and grab the values off of process.env.__VARLOCK_ENV\n// which will have been updated by our next-env-compat code\nlet latestLoadedVarlockEnv: SerializedEnvGraph | undefined;\nfunction createStaticReplacementsProxy(debug: (...args: Array<any>) => void) {\n return new Proxy({} as Record<string, string>, {\n ownKeys(_target) {\n latestLoadedVarlockEnv = JSON.parse(process.env.__VARLOCK_ENV || '{}') as SerializedEnvGraph;\n const replaceKeys = [] as Array<string>;\n for (const itemKey in latestLoadedVarlockEnv.config) {\n const item = latestLoadedVarlockEnv.config[itemKey];\n if (!item.isSensitive) replaceKeys.push(`ENV.${itemKey}`);\n }\n debug('reloaded static replacements keys', replaceKeys);\n return replaceKeys;\n },\n getOwnPropertyDescriptor(_target, prop) {\n const itemKey = prop.toString().split('.')[1];\n const item = latestLoadedVarlockEnv?.config[itemKey];\n if (!item || item.isSensitive) return;\n return {\n value: '', // this value is not used, the get handler will return the value\n writable: false,\n enumerable: true,\n configurable: true,\n };\n },\n get(_target, prop) {\n const itemKey = prop.toString().split('.')[1];\n const item = latestLoadedVarlockEnv?.config[itemKey];\n if (item && !item.isSensitive) return JSON.stringify(item.value);\n },\n });\n}\n\nexport function createWebpackConfigFn(\n resolvedNextConfig: NextConfig,\n patchGlobalFsMethods: () => void,\n debug: (...args: Array<any>) => void,\n isBuild: boolean,\n) {\n const staticReplacementsProxy = createStaticReplacementsProxy(debug);\n\n return function webpackConfigFn(webpackConfig: any, options: any) {\n debug('varlockNextConfigPlugin webpack config patching');\n\n const { dev } = options; // also available - isServer, nextRuntime\n\n // only patch fs methods during builds — they create \"hooks\" for post-build\n // scanning/scrubbing and are unnecessary during dev\n if (isBuild) patchGlobalFsMethods();\n\n if (varlockSettings.preventLeaks) {\n // have to wait to run this until here when we know if this is dev mode or not\n patchGlobalServerResponse({\n ignoreUrlPatterns: [\n /^\\/__nextjs_source-map\\?.*/, // sourcemaps\n /[?&]_rsc=/, // RSC payloads are server-side and expected to contain sensitive data\n ],\n // in dev mode, we redact the secrets rather than throwing, because otherwise the dev server crashes\n redactInsteadOfThrow: dev,\n });\n }\n\n // webpack itself is passed in so we dont have to import it (or make it a dependency)\n const webpack = options.webpack;\n\n // apply existing user customizations if there are any\n if (resolvedNextConfig.webpack) {\n webpackConfig = resolvedNextConfig.webpack(webpackConfig, options);\n }\n\n if (!process.env.__VARLOCK_ENV) throw new Error('VarlockNextWebpackPlugin: __VARLOCK_ENV is not set');\n\n // Add per-file init guard for server (non-edge) compilations.\n // Pre-rendering workers may receive compiled code via IPC rather than loading\n // runtime files from disk, so runtime injection alone isn't sufficient.\n // The loader ensures initVarlockEnv() and patchGlobalConsole() run in every worker.\n // alwaysRepatchConsole: in webpack, React wraps console for RSC dev replay AFTER\n // our initial patch in the runtime file, so we re-patch in each file to ensure\n // our redaction wraps React's wrapper. (Turbopack doesn't need this.)\n if (options.isServer && options.nextRuntime !== 'edge') {\n webpackConfig.module.rules.push({\n test: /\\.(js|jsx|ts|tsx|mjs|mts)$/,\n exclude: /node_modules/,\n use: [\n {\n loader: require.resolve('./loader'),\n options: { bundler: 'webpack' },\n },\n ],\n });\n }\n // Edge compilation: also re-patch console to wrap React's RSC dev replay wrapper.\n // Edge can't use require(), so we call globalThis.__varlockPatchConsole which the\n // init-edge bundle exposes after running.\n if (options.isServer && options.nextRuntime === 'edge') {\n webpackConfig.module.rules.push({\n test: /\\.(js|jsx|ts|tsx|mjs|mts)$/,\n exclude: /node_modules/,\n use: [\n {\n loader: require.resolve('./loader'),\n options: { bundler: 'webpack', isEdge: true },\n },\n ],\n });\n }\n\n // Set up build-time replacements / rewrites - using webpack.DefinePlugin and a proxy\n // TODO: use shared helpers from core library?\n debug('adding ENV.xxx static replacements proxy object');\n webpackConfig.plugins.push(new webpack.DefinePlugin(staticReplacementsProxy));\n\n if (varlockSettings.preventLeaks) {\n webpackConfig.plugins.push({\n apply(compiler: any) {\n compiler.hooks.assetEmitted.tap(WEBPACK_PLUGIN_NAME, (_file: any, assetDetails: any) => {\n const { content, targetPath } = assetDetails;\n\n if (\n targetPath.includes('/.next/static/chunks/')\n || targetPath.endsWith('.html')\n // .rsc and .body are server-side (RSC payloads), not client-facing\n ) {\n // NOTE - in dev mode the request hangs on the error, but the console error should help\n // and during a build, it will actually fail the build\n try {\n scanForLeaks(content, {\n method: '@varlock/nextjs-integration/plugin - assetEmitted hook',\n file: targetPath,\n });\n } catch (err) {\n if (dev) {\n // overwrite file with redacted version\n fs.writeFileSync(targetPath, redactSensitiveConfig(content.toString()));\n } else {\n throw err;\n }\n }\n }\n });\n },\n });\n }\n\n // Inject varlock init into webpack runtime files.\n // We prepend the self-contained init bundle as raw JS so it runs before any module code.\n // Server runtimes get the full init (with server-response patching),\n // edge runtimes get the edge-safe init (no node:zlib/node:http).\n function injectVarlockInitIntoWebpackRuntime(edgeRuntime = false) {\n return function assetUpdateFn(origSource: any) {\n const origSourceStr = origSource.source();\n\n const initBundleName = edgeRuntime ? 'init-edge' : 'init-server';\n const injectorPath = require.resolve(`varlock/${initBundleName}`);\n const injectorSrc = fs.readFileSync(injectorPath, 'utf8');\n\n // inline the resolved env so it's baked into the build\n // this removes the need for a .env.production.local file on platforms like Vercel\n const rawEnv = process.env.__VARLOCK_ENV;\n const envInline = rawEnv\n ? `process.env.__VARLOCK_ENV = process.env.__VARLOCK_ENV || ${JSON.stringify(rawEnv)};`\n : '';\n\n const updatedSourceStr = [\n envInline,\n // Wrap in IIFE to avoid symbol collisions when bundlers concatenate files.\n // Provide dummy exports/module since the CJS bundle uses `exports.X = ...`\n `(function(exports,module){${injectorSrc}})({},{exports:{}});`,\n origSourceStr,\n ].join('\\n');\n\n return new webpack.sources.RawSource(updatedSourceStr);\n };\n }\n\n const isEdgeRuntime = options.nextRuntime === 'edge';\n webpackConfig.plugins.push({\n apply(compiler: any) {\n compiler.hooks.thisCompilation.tap(WEBPACK_PLUGIN_NAME, (compilation: any) => {\n compilation.hooks.processAssets.tap(\n {\n name: WEBPACK_PLUGIN_NAME,\n stage: webpack.Compilation.PROCESS_ASSETS_STAGE_ADDITIONS,\n },\n () => {\n if (isEdgeRuntime) {\n // Edge compilation — only inject the edge-safe init bundle (no node builtins)\n if (compilation.getAsset('edge-runtime-webpack.js')) {\n compilation.updateAsset('edge-runtime-webpack.js', injectVarlockInitIntoWebpackRuntime(true));\n }\n // Edge compilation also has webpack-runtime.js — inject init-edge there too\n for (const name of ['webpack-runtime.js', '../webpack-runtime.js']) {\n if (compilation.getAsset(name)) {\n compilation.updateAsset(name, injectVarlockInitIntoWebpackRuntime(true));\n }\n }\n } else if (options.isServer) {\n // Server (node.js) compilation — inject full init with server-response patching\n for (const name of ['webpack-runtime.js', '../webpack-runtime.js', 'webpack-api-runtime.js', '../webpack-api-runtime.js']) {\n if (compilation.getAsset(name)) {\n compilation.updateAsset(name, injectVarlockInitIntoWebpackRuntime());\n }\n }\n }\n },\n );\n });\n },\n });\n\n return webpackConfig; // must return the modified config\n };\n}\n","import fs from 'node:fs';\nimport path from 'node:path';\n\nfunction debug(...args: Array<any>) {\n if (!process.env.DEBUG_VARLOCK_NEXT_INTEGRATION) return;\n // eslint-disable-next-line no-console\n console.log('[varlock]', ...args);\n}\n\n/**\n * Inject varlock init bundle into turbopack runtime files (analogous to webpack runtime injection).\n * Turbopack writes `[turbopack]_runtime.js` files during compilation — these are loaded by\n * the deployed server before any user code runs, making them the ideal injection point.\n *\n * Note: pre-rendering workers during builds receive compiled code via IPC (not from disk),\n * so this injection only takes effect for the deployed server. Build-time init is handled\n * by the turbopack loader's init guard snippet.\n */\nlet injectedTurbopackRuntime = false;\nexport function injectVarlockInitIntoTurbopackRuntime(nextDirPath: string) {\n if (injectedTurbopackRuntime) return;\n\n const rawEnv = process.env.__VARLOCK_ENV;\n if (!rawEnv) {\n return;\n }\n\n // Find turbopack runtime files ([turbopack]_runtime.js) and edge-wrapper files.\n // Node.js SSR/build uses [turbopack]_runtime.js, while edge runtime uses\n // edge-wrapper JS files (no [turbopack]_runtime.js exists for edge).\n const serverRuntimeFiles: Array<string> = [];\n const edgeWrapperFiles: Array<string> = [];\n const walkDir = (dir: string) => {\n if (!fs.existsSync(dir)) return;\n for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {\n if (entry.isDirectory()) {\n walkDir(path.join(dir, entry.name));\n } else if (entry.name === '[turbopack]_runtime.js') {\n serverRuntimeFiles.push(path.join(dir, entry.name));\n } else if (entry.name.includes('edge-wrapper') && entry.name.endsWith('.js')) {\n edgeWrapperFiles.push(path.join(dir, entry.name));\n }\n }\n };\n walkDir(nextDirPath);\n\n debug(`turbopack runtime injection: found ${serverRuntimeFiles.length} server runtime files, ${edgeWrapperFiles.length} edge wrapper files`);\n\n if (!serverRuntimeFiles.length) {\n // Runtime files may not exist yet — turbopack (Rust) writes them directly.\n // We'll retry on subsequent fs writes until they appear.\n return;\n }\n\n // Mark as done so we don't retry\n injectedTurbopackRuntime = true;\n\n // Load both init bundles — server (full, node:zlib/node:http) and edge (no node builtins)\n const initServerSrc = fs.readFileSync(require.resolve('varlock/init-server'), 'utf8');\n const initEdgeSrc = fs.readFileSync(require.resolve('varlock/init-edge'), 'utf8');\n const envInline = `process.env.__VARLOCK_ENV = process.env.__VARLOCK_ENV || ${JSON.stringify(rawEnv)};`;\n\n // The CJS init bundles use `exports.X = ...` at the end, so we must provide\n // a dummy `exports` object when wrapping in an IIFE to avoid ReferenceError.\n const iifeWrap = (src: string) => `(function(exports,module){${src}})({},{exports:{}});`;\n\n // Inject init-server into [turbopack]_runtime.js files (node.js SSR + build)\n for (const runtimeFile of serverRuntimeFiles) {\n const origSource = fs.readFileSync(runtimeFile, 'utf8');\n const updatedSource = [\n envInline,\n iifeWrap(initServerSrc),\n origSource,\n ].join('\\n');\n fs.writeFileSync(runtimeFile, updatedSource);\n debug(`injected init-server into turbopack runtime: ${runtimeFile}`);\n }\n\n // Inject init-edge into edge-wrapper files (edge runtime — no node builtins)\n for (const wrapperFile of edgeWrapperFiles) {\n const origSource = fs.readFileSync(wrapperFile, 'utf8');\n const updatedSource = [\n envInline,\n iifeWrap(initEdgeSrc),\n origSource,\n ].join('\\n');\n fs.writeFileSync(wrapperFile, updatedSource);\n debug(`injected init-edge into edge wrapper: ${wrapperFile}`);\n }\n}\n\nexport function isInjectedTurbopackRuntime() {\n return injectedTurbopackRuntime;\n}\n","/* eslint-disable no-console */\n\nimport fs from 'node:fs';\nimport path from 'node:path';\nimport type { NextConfig } from 'next';\n\nimport {\n getRedactionMapInfo, initVarlockEnv, redactSensitiveConfig, scanForLeaks, varlockSettings,\n} from 'varlock/env';\nimport { patchGlobalConsole } from 'varlock/patch-console';\nimport { patchGlobalServerResponse } from 'varlock/patch-server-response';\n\nimport { type SerializedEnvGraph } from 'varlock';\nimport { createWebpackConfigFn } from './webpack-plugin';\nimport { injectVarlockInitIntoTurbopackRuntime, isInjectedTurbopackRuntime } from './turbopack-runtime-inject';\n\n// make sure varlock has actually loaded the env files\n// NOTE - we don't need to call `initVarlockEnv` because the next-env-compat has already been loaded and called it\nif (!process.env.__VARLOCK_ENV) {\n console.error([\n '🚨 process.env.__VARLOCK_ENV is not set 🚨',\n '',\n 'To use this plugin, you must override @next/env with @varlock/next-integration',\n 'See https://varlock.dev/integrations/nextjs for more information',\n '',\n ].join('\\n'));\n throw new Error('VarlockNextWebpackPlugin: __VARLOCK_ENV is not set');\n}\n\npatchGlobalConsole();\n\n// Turbopack detection at module level — needed to apply patches in worker processes\n// (the config function only runs in the main process, but workers also load this module)\nconst IS_TURBOPACK = !!(\n process.env.TURBOPACK\n || process.env.TURBOPACK_DEV\n || process.env.TURBOPACK_BUILD\n || process.env.npm_config_turbopack\n);\n\n// For turbopack, apply server response patching at module level so it takes effect\n// in worker processes (which serve actual responses). The config function's turbopack\n// branch only runs in the main process, which doesn't handle HTTP responses.\nif (IS_TURBOPACK && varlockSettings.preventLeaks) {\n patchGlobalServerResponse({\n ignoreUrlPatterns: [\n /^\\/__nextjs_source-map\\?.*/, // sourcemaps\n /[?&]_rsc=/, // RSC payloads are server-side and expected to contain sensitive data\n ],\n // always redact in dev to avoid crashing the dev server; prod builds override via init bundles\n redactInsteadOfThrow: true,\n });\n}\n\nconst IS_WORKER = !!process.env.NEXT_PRIVATE_WORKER;\nfunction debug(...args: Array<any>) {\n if (!process.env.DEBUG_VARLOCK_NEXT_INTEGRATION) return;\n console.log(\n 'plugin',\n IS_WORKER ? '[worker] ' : '[server]',\n '--',\n ...args,\n );\n}\ndebug('✨ LOADED @varlock/next-integration/plugin module!');\n\ntype VarlockPluginOptions = {\n // injectResolvedConfigAtBuildTime: boolean,\n};\n\nlet scannedStaticFiles = false;\nasync function scanStaticFiles(nextDirPath: string) {\n scannedStaticFiles = true;\n for await (const file of fs.promises.glob(`${nextDirPath}/**/*.html`)) {\n const fileContents = await fs.promises.readFile(file, 'utf8');\n scanForLeaks(fileContents, { method: 'nextjs scan static html files', file });\n }\n}\n\nlet scrubbedSourcemaps = false;\nasync function scrubSourcemaps(nextDirPath: string) {\n if (scrubbedSourcemaps) return;\n scrubbedSourcemaps = true;\n\n // build a list of sensitive values and their same-length replacements\n const envGraph: SerializedEnvGraph = JSON.parse(process.env.__VARLOCK_ENV || '{}');\n const sensitiveValues: Array<{ value: string, replacement: string }> = [];\n for (const itemKey in envGraph.config) {\n const item = envGraph.config[itemKey];\n if (item.isSensitive && item.value && typeof item.value === 'string' && item.value.length > 0) {\n // same-length replacement to preserve sourcemap column offsets\n sensitiveValues.push({\n value: item.value,\n replacement: '*'.repeat(item.value.length),\n });\n }\n }\n if (!sensitiveValues.length) {\n debug('no sensitive values to scrub from sourcemaps');\n return;\n }\n // sort longest first for maximal munch\n sensitiveValues.sort((a, b) => b.value.length - a.value.length);\n\n let scrubCount = 0;\n for await (const mapFile of fs.promises.glob(`${nextDirPath}/**/*.map`)) {\n const contents = await fs.promises.readFile(mapFile, 'utf8');\n let scrubbed = contents;\n for (const { value, replacement } of sensitiveValues) {\n scrubbed = scrubbed.replaceAll(value, replacement);\n }\n if (scrubbed !== contents) {\n await fs.promises.writeFile(mapFile, scrubbed);\n scrubCount++;\n }\n }\n debug(`scrubbed sensitive values from ${scrubCount} sourcemap files`);\n}\n\nlet scannedBuildOutput = false;\nasync function scanBuildOutputForLeaks(nextDirPath: string, opts?: { failBuild?: boolean }) {\n if (scannedBuildOutput) return;\n scannedBuildOutput = true;\n\n // varlockSettings may not be populated if initVarlockEnv hasn't run in this process,\n // so fall back to reading the setting directly from the env data\n let preventLeaks = varlockSettings.preventLeaks;\n if (preventLeaks === undefined && process.env.__VARLOCK_ENV) {\n try {\n const envGraph: SerializedEnvGraph = JSON.parse(process.env.__VARLOCK_ENV);\n preventLeaks = envGraph.settings?.preventLeaks;\n } catch { /* ignore */ }\n }\n // Ensure the redaction map is populated so scanForLeaks knows what to look for.\n // initVarlockEnv may not have run in this process (the plugin's main process).\n if (process.env.__VARLOCK_ENV) {\n // eslint-disable-next-line @stylistic/max-statements-per-line\n try { initVarlockEnv(); } catch { /* ignore if already initialized or fails */ }\n }\n const redactionInfo = getRedactionMapInfo();\n debug(`scanBuildOutputForLeaks: preventLeaks=${preventLeaks}, redactionInfo=${JSON.stringify(redactionInfo)}`);\n if (!preventLeaks) return;\n\n const leakedFiles: Array<string> = [];\n let scannedCount = 0;\n\n // scan JS chunks in .next/static/chunks/ — these are client-facing bundles\n // that should never contain sensitive values\n for await (const file of fs.promises.glob(`${nextDirPath}/static/chunks/**/*.js`)) {\n scannedCount++;\n const fileContents = await fs.promises.readFile(file, 'utf8');\n try {\n scanForLeaks(fileContents, {\n method: 'nextjs post-build scan (static chunks)',\n file,\n });\n } catch (err) {\n leakedFiles.push(file);\n // redact the file so the leak doesn't ship\n await fs.promises.writeFile(file, redactSensitiveConfig(fileContents));\n }\n }\n\n debug(`scanned ${scannedCount} static chunk files in ${nextDirPath}/static/chunks/`);\n\n // scan prerendered HTML files (client-facing static output)\n // NOTE: .rsc and .body files are server-side (RSC payloads) and are expected\n // to access sensitive data, so we don't scan those\n for (const ext of ['html']) {\n for await (const file of fs.promises.glob(`${nextDirPath}/**/*.${ext}`)) {\n scannedCount++;\n const fileContents = await fs.promises.readFile(file, 'utf8');\n try {\n scanForLeaks(fileContents, {\n method: `nextjs post-build scan (.${ext})`,\n file,\n });\n } catch (err) {\n leakedFiles.push(file);\n await fs.promises.writeFile(file, redactSensitiveConfig(fileContents));\n }\n }\n }\n\n debug(`scanned ${scannedCount} total build output files`);\n\n if (leakedFiles.length > 0) {\n const msg = `[varlock] ⚠️ found and redacted leaked secrets in ${leakedFiles.length} build output file(s):\\n${leakedFiles.map((f) => ` - ${f}`).join('\\n')}`;\n if (opts?.failBuild) {\n throw new Error(msg);\n }\n console.error(msg);\n } else {\n debug('✅ no leaks found in build output');\n }\n}\n\n// not all file writes go through this, at least in Next 15\n// (likely because webpack and prerendering are happening in workers)\n// but we can use this to monitor writing of certain files and give ourselves a \"hook\"\n// which we can then scan existing files\nfunction patchGlobalFsMethods() {\n debug('patching global fs methods');\n // patch fs.promises.writeFile\n const origWriteFileFn = fs.promises.writeFile;\n fs.promises.writeFile = async function dmnoPatchedWriteFile(...args) {\n const filePath = args[0].toString();\n debug('fs.promises.writeFile:', filePath);\n\n // BUILD_ID is written after turbopack compilation completes but before pre-rendering.\n // This is our hook to inject the init bundle into turbopack runtime files.\n if (!isInjectedTurbopackRuntime() && filePath.endsWith('/.next/export-detail.json')) {\n const nextDirPath = filePath.substring(0, filePath.lastIndexOf('/'));\n injectVarlockInitIntoTurbopackRuntime(nextDirPath);\n }\n\n if (filePath.endsWith('/.next/next-server.js.nft.json') && !scannedStaticFiles) {\n const nextDirPath = filePath.substring(0, filePath.lastIndexOf('/'));\n await scanStaticFiles(nextDirPath);\n }\n // next-server.js.nft.json is written near the end of the build, after prerendering (webpack)\n // prerender-manifest.json is written after \"Generating static pages\" completes (turbopack + webpack)\n if (\n filePath.endsWith('/.next/next-server.js.nft.json')\n || filePath.endsWith('/.next/prerender-manifest.json')\n ) {\n const nextDirPath = filePath.substring(0, filePath.lastIndexOf('/'));\n if (!scrubbedSourcemaps) await scrubSourcemaps(nextDirPath);\n if (!scannedBuildOutput) await scanBuildOutputForLeaks(nextDirPath, { failBuild: true });\n }\n\n return origWriteFileFn.call(this, ...args);\n };\n\n // also patch sync version in case turbopack uses it\n const origWriteFileSyncFn = fs.writeFileSync;\n fs.writeFileSync = function dmnoPatchedWriteFileSync(...args: Parameters<typeof fs.writeFileSync>) {\n const filePath = args[0].toString();\n debug('fs.writeFileSync:', filePath);\n\n if (!isInjectedTurbopackRuntime() && filePath.endsWith('/.next/diagnostics/build-diagnostics.json')) {\n const nextDirPath = filePath.substring(0, filePath.lastIndexOf('/'));\n injectVarlockInitIntoTurbopackRuntime(nextDirPath);\n }\n\n return origWriteFileSyncFn.call(this, ...args);\n };\n}\n\n\nexport type NextConfigFunction = (\n phase: string,\n defaults: { defaultConfig: NextConfig },\n) => NextConfig | PromiseLike<NextConfig>;\n\n\n// we make this a plugin a function because we'll likely end up adding some options\nexport function varlockNextConfigPlugin(_pluginOptions?: VarlockPluginOptions) {\n // nextjs doesnt have a proper plugin system :(\n // so we use a function which takes in a config object and returns an augmented one\n return (nextConfig: any | NextConfig | NextConfigFunction): NextConfigFunction => {\n debug('varlockNextConfigPlugin init fn');\n\n return async (phase: string, defaults: { defaultConfig: NextConfig }) => {\n let resolvedNextConfig: NextConfig;\n if (typeof nextConfig === 'function') {\n const nextConfigFnResult = nextConfig(phase, defaults);\n resolvedNextConfig = await nextConfigFnResult;\n } else {\n resolvedNextConfig = nextConfig;\n }\n\n // Next 16+ uses Turbopack by default for dev, but may not set TURBOPACK env var\n const isTurbopack = !!(\n process.env.TURBOPACK\n || process.env.TURBOPACK_DEV\n || process.env.TURBOPACK_BUILD\n || process.env.npm_config_turbopack\n );\n const isBuild = phase === 'phase-production-build';\n debug(`turbopack detection: TURBOPACK=${process.env.TURBOPACK}, TURBOPACK_DEV=${process.env.TURBOPACK_DEV}, TURBOPACK_BUILD=${process.env.TURBOPACK_BUILD}, phase=${phase}, isTurbopack=${isTurbopack}, isBuild=${isBuild}`);\n\n // For production builds, schedule a post-build scan as a safety net.\n // The fs.writeFile patches may not intercept all writes (workers), and\n // BUILD_ID is written before prerendering completes. beforeExit fires\n // after the build finishes, ensuring all output files exist.\n if (isBuild) {\n process.once('beforeExit', () => {\n const nextDirPath = path.resolve(process.cwd(), '.next');\n const scanPromises: Array<Promise<void>> = [];\n if (!scrubbedSourcemaps) scanPromises.push(scrubSourcemaps(nextDirPath));\n if (!scannedBuildOutput) scanPromises.push(scanBuildOutputForLeaks(nextDirPath, { failBuild: true }));\n if (scanPromises.length > 0) {\n // The async work keeps the event loop alive, and beforeExit\n // will fire again once it completes (but the guards prevent re-runs)\n Promise.all(scanPromises).catch((err) => {\n console.error('[varlock] post-build scan failed:', err);\n process.exitCode = 1;\n });\n }\n });\n }\n\n if (isTurbopack) {\n debug('turbopack detected, injecting loader rules');\n // only patch fs methods during builds — they create \"hooks\" for post-build\n // scanning/scrubbing and are unnecessary (and noisy) during dev\n if (isBuild) patchGlobalFsMethods();\n\n // turbopack config can be under `turbopack` (Next 15+) or `experimental.turbo` (older)\n let turbopackConfig = (resolvedNextConfig as any).turbopack\n ?? (resolvedNextConfig as any).experimental?.turbo;\n\n if (!turbopackConfig) {\n turbopackConfig = {};\n (resolvedNextConfig as any).turbopack = turbopackConfig;\n }\n\n // inject loader rules\n const loaderRule = {\n loaders: [require.resolve('./loader')],\n };\n turbopackConfig.rules ||= {};\n turbopackConfig.rules['*.{js,jsx,ts,tsx,mjs,mts}'] = loaderRule;\n\n // Turbopack can't resolve symlinked packages (e.g. link: or workspace: installs).\n // If varlock is symlinked, we copy dist files into node_modules/.varlock/ as real\n // files and set up resolve aliases so turbopack can find them.\n const varlockNodeModulesPath = path.resolve(process.cwd(), 'node_modules/varlock');\n let isSymlinked = false;\n try {\n isSymlinked = fs.lstatSync(varlockNodeModulesPath).isSymbolicLink();\n } catch { /* not found — might be hoisted or nested, skip */ }\n\n if (isSymlinked) {\n debug('varlock is symlinked, copying dist files for turbopack');\n const varlockDistDir = path.resolve(path.dirname(require.resolve('varlock/env')), '..');\n const varlockRoot = path.resolve(varlockDistDir, '..');\n const cacheDir = path.resolve(process.cwd(), 'node_modules/.varlock');\n const cacheDistDir = path.join(cacheDir, 'dist');\n try {\n fs.mkdirSync(cacheDir, { recursive: true });\n // copy dist/ and package.json so turbopack can resolve subpath exports\n fs.cpSync(varlockDistDir, cacheDistDir, { recursive: true });\n fs.copyFileSync(path.join(varlockRoot, 'package.json'), path.join(cacheDir, 'package.json'));\n debug('copied varlock package files to', cacheDir);\n } catch (err) {\n console.warn('[varlock] failed to copy varlock package files:', err);\n }\n\n turbopackConfig.resolveAlias ||= {};\n turbopackConfig.resolveAlias['varlock/env'] = './node_modules/.varlock/dist/runtime/env.js';\n turbopackConfig.resolveAlias['varlock/patch-console'] = './node_modules/.varlock/dist/runtime/patch-console.js';\n turbopackConfig.resolveAlias['varlock/patch-server-response'] = './node_modules/.varlock/dist/runtime/patch-server-response.js';\n turbopackConfig.resolveAlias['varlock/patch-response'] = './node_modules/.varlock/dist/runtime/patch-response.js';\n turbopackConfig.resolveAlias['varlock/init-server'] = './node_modules/.varlock/dist/runtime/init-server.cjs';\n turbopackConfig.resolveAlias['varlock/init-edge'] = './node_modules/.varlock/dist/runtime/init-edge.cjs';\n debug('set resolveAlias for varlock subpaths -> ./node_modules/.varlock/dist/...');\n } else {\n debug('varlock is not symlinked, turbopack can resolve it natively');\n }\n }\n\n return {\n ...resolvedNextConfig,\n ...isTurbopack && {\n turbopack: (resolvedNextConfig as any).turbopack,\n },\n ...!IS_TURBOPACK && {\n webpack: createWebpackConfigFn(resolvedNextConfig, patchGlobalFsMethods, debug, isBuild),\n },\n };\n };\n };\n}\n"]}
1
+ {"version":3,"sources":["../src/webpack-plugin.ts","../src/turbopack-runtime-inject.ts","../src/plugin.ts"],"names":["debug","patchGlobalFsMethods","varlockSettings","patchGlobalServerResponse","scanForLeaks","fs","redactSensitiveConfig","path","patchGlobalConsole","initVarlockEnv","getRedactionMapInfo"],"mappings":";;;;;;;;;;;;;;;;;;;;AAUA,IAAM,mBAAA,GAAsB,0BAAA;AAO5B,IAAI,sBAAA;AACJ,SAAS,8BAA8BA,MAAAA,EAAsC;AAC3E,EAAA,OAAO,IAAI,KAAA,CAAM,EAAC,EAA6B;AAAA,IAC7C,QAAQ,OAAA,EAAS;AACf,MAAA,sBAAA,GAAyB,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,iBAAiB,IAAI,CAAA;AACrE,MAAA,MAAM,cAAc,EAAC;AACrB,MAAA,KAAA,MAAW,OAAA,IAAW,uBAAuB,MAAA,EAAQ;AACnD,QAAA,MAAM,IAAA,GAAO,sBAAA,CAAuB,MAAA,CAAO,OAAO,CAAA;AAClD,QAAA,IAAI,CAAC,IAAA,CAAK,WAAA,cAAyB,IAAA,CAAK,CAAA,IAAA,EAAO,OAAO,CAAA,CAAE,CAAA;AAAA,MAC1D;AACA,MAAAA,MAAAA,CAAM,qCAAqC,WAAW,CAAA;AACtD,MAAA,OAAO,WAAA;AAAA,IACT,CAAA;AAAA,IACA,wBAAA,CAAyB,SAAS,IAAA,EAAM;AACtC,MAAA,MAAM,UAAU,IAAA,CAAK,QAAA,GAAW,KAAA,CAAM,GAAG,EAAE,CAAC,CAAA;AAC5C,MAAA,MAAM,IAAA,GAAO,sBAAA,EAAwB,MAAA,CAAO,OAAO,CAAA;AACnD,MAAA,IAAI,CAAC,IAAA,IAAQ,IAAA,CAAK,WAAA,EAAa;AAC/B,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,EAAA;AAAA;AAAA,QACP,QAAA,EAAU,KAAA;AAAA,QACV,UAAA,EAAY,IAAA;AAAA,QACZ,YAAA,EAAc;AAAA,OAChB;AAAA,IACF,CAAA;AAAA,IACA,GAAA,CAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAM,UAAU,IAAA,CAAK,QAAA,GAAW,KAAA,CAAM,GAAG,EAAE,CAAC,CAAA;AAC5C,MAAA,MAAM,IAAA,GAAO,sBAAA,EAAwB,MAAA,CAAO,OAAO,CAAA;AACnD,MAAA,IAAI,IAAA,IAAQ,CAAC,IAAA,CAAK,WAAA,SAAoB,IAAA,CAAK,SAAA,CAAU,KAAK,KAAK,CAAA;AAAA,IACjE;AAAA,GACD,CAAA;AACH;AAEO,SAAS,qBAAA,CACd,kBAAA,EACAC,qBAAAA,EACAD,MAAAA,EACA,OAAA,EACA;AACA,EAAA,MAAM,uBAAA,GAA0B,8BAA8BA,MAAK,CAAA;AAEnE,EAAA,OAAO,SAAS,eAAA,CAAgB,aAAA,EAAoB,OAAA,EAAc;AAChE,IAAAA,OAAM,iDAAiD,CAAA;AAEvD,IAAA,MAAM,EAAE,KAAI,GAAI,OAAA;AAIhB,IAAA,IAAI,OAAA,EAASC,qBAAAA,EAAqB;AAElC,IAAA,IAAIC,oBAAgB,YAAA,EAAc;AAEhC,MAAAC,6CAAA,CAA0B;AAAA,QACxB,iBAAA,EAAmB;AAAA,UACjB,4BAAA;AAAA;AAAA,UACA;AAAA;AAAA,SACF;AAAA;AAAA,QAEA,oBAAA,EAAsB;AAAA,OACvB,CAAA;AAAA,IACH;AAGA,IAAA,MAAM,UAAU,OAAA,CAAQ,OAAA;AAGxB,IAAA,IAAI,mBAAmB,OAAA,EAAS;AAC9B,MAAA,aAAA,GAAgB,kBAAA,CAAmB,OAAA,CAAQ,aAAA,EAAe,OAAO,CAAA;AAAA,IACnE;AAEA,IAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,eAAe,MAAM,IAAI,MAAM,oDAAoD,CAAA;AASpG,IAAA,IAAI,OAAA,CAAQ,QAAA,IAAY,OAAA,CAAQ,WAAA,KAAgB,MAAA,EAAQ;AACtD,MAAA,aAAA,CAAc,MAAA,CAAO,MAAM,IAAA,CAAK;AAAA,QAC9B,IAAA,EAAM,4BAAA;AAAA,QACN,OAAA,EAAS,cAAA;AAAA,QACT,GAAA,EAAK;AAAA,UACH;AAAA,YACE,MAAA,EAAQ,SAAA,CAAQ,OAAA,CAAQ,UAAU,CAAA;AAAA,YAClC,OAAA,EAAS,EAAE,OAAA,EAAS,SAAA;AAAU;AAChC;AACF,OACD,CAAA;AAAA,IACH;AAIA,IAAA,IAAI,OAAA,CAAQ,QAAA,IAAY,OAAA,CAAQ,WAAA,KAAgB,MAAA,EAAQ;AACtD,MAAA,aAAA,CAAc,MAAA,CAAO,MAAM,IAAA,CAAK;AAAA,QAC9B,IAAA,EAAM,4BAAA;AAAA,QACN,OAAA,EAAS,cAAA;AAAA,QACT,GAAA,EAAK;AAAA,UACH;AAAA,YACE,MAAA,EAAQ,SAAA,CAAQ,OAAA,CAAQ,UAAU,CAAA;AAAA,YAClC,OAAA,EAAS,EAAE,OAAA,EAAS,SAAA,EAAW,QAAQ,IAAA;AAAK;AAC9C;AACF,OACD,CAAA;AAAA,IACH;AAIA,IAAAH,OAAM,iDAAiD,CAAA;AACvD,IAAA,aAAA,CAAc,QAAQ,IAAA,CAAK,IAAI,OAAA,CAAQ,YAAA,CAAa,uBAAuB,CAAC,CAAA;AAE5E,IAAA,IAAIE,oBAAgB,YAAA,EAAc;AAChC,MAAA,aAAA,CAAc,QAAQ,IAAA,CAAK;AAAA,QACzB,MAAM,QAAA,EAAe;AACnB,UAAA,QAAA,CAAS,MAAM,YAAA,CAAa,GAAA,CAAI,mBAAA,EAAqB,CAAC,OAAY,YAAA,KAAsB;AACtF,YAAA,MAAM,EAAE,OAAA,EAAS,UAAA,EAAW,GAAI,YAAA;AAEhC,YAAA,IACE,WAAW,QAAA,CAAS,uBAAuB,KACxC,UAAA,CAAW,QAAA,CAAS,OAAO,CAAA,EAE9B;AAGA,cAAA,IAAI;AACF,gBAAAE,gBAAA,CAAa,OAAA,EAAS;AAAA,kBACpB,MAAA,EAAQ,wDAAA;AAAA,kBACR,IAAA,EAAM;AAAA,iBACP,CAAA;AAAA,cACH,SAAS,GAAA,EAAK;AACZ,gBAAA,IAAI,GAAA,EAAK;AAEP,kBAAAC,oBAAA,CAAG,cAAc,UAAA,EAAYC,yBAAA,CAAsB,OAAA,CAAQ,QAAA,EAAU,CAAC,CAAA;AAAA,gBACxE,CAAA,MAAO;AACL,kBAAA,MAAM,GAAA;AAAA,gBACR;AAAA,cACF;AAAA,YACF;AAAA,UACF,CAAC,CAAA;AAAA,QACH;AAAA,OACD,CAAA;AAAA,IACH;AAMA,IAAA,SAAS,mCAAA,CAAoC,cAAc,KAAA,EAAO;AAChE,MAAA,OAAO,SAAS,cAAc,UAAA,EAAiB;AAC7C,QAAA,MAAM,aAAA,GAAgB,WAAW,MAAA,EAAO;AAExC,QAAA,MAAM,cAAA,GAAiB,cAAc,WAAA,GAAc,aAAA;AACnD,QAAA,MAAM,YAAA,GAAe,SAAA,CAAQ,OAAA,CAAQ,CAAA,QAAA,EAAW,cAAc,CAAA,CAAE,CAAA;AAChE,QAAA,MAAM,WAAA,GAAcD,oBAAA,CAAG,YAAA,CAAa,YAAA,EAAc,MAAM,CAAA;AAIxD,QAAA,MAAM,MAAA,GAAS,QAAQ,GAAA,CAAI,aAAA;AAC3B,QAAA,MAAM,YAAY,MAAA,GACd,CAAA,yDAAA,EAA4D,KAAK,SAAA,CAAU,MAAM,CAAC,CAAA,CAAA,CAAA,GAClF,EAAA;AAEJ,QAAA,MAAM,gBAAA,GAAmB;AAAA,UACvB,SAAA;AAAA;AAAA;AAAA,UAGA,6BAA6B,WAAW,CAAA,oBAAA,CAAA;AAAA,UACxC;AAAA,SACF,CAAE,KAAK,IAAI,CAAA;AAEX,QAAA,OAAO,IAAI,OAAA,CAAQ,OAAA,CAAQ,SAAA,CAAU,gBAAgB,CAAA;AAAA,MACvD,CAAA;AAAA,IACF;AAEA,IAAA,MAAM,aAAA,GAAgB,QAAQ,WAAA,KAAgB,MAAA;AAC9C,IAAA,aAAA,CAAc,QAAQ,IAAA,CAAK;AAAA,MACzB,MAAM,QAAA,EAAe;AACnB,QAAA,QAAA,CAAS,KAAA,CAAM,eAAA,CAAgB,GAAA,CAAI,mBAAA,EAAqB,CAAC,WAAA,KAAqB;AAC5E,UAAA,WAAA,CAAY,MAAM,aAAA,CAAc,GAAA;AAAA,YAC9B;AAAA,cACE,IAAA,EAAM,mBAAA;AAAA,cACN,KAAA,EAAO,QAAQ,WAAA,CAAY;AAAA,aAC7B;AAAA,YACA,MAAM;AACJ,cAAA,IAAI,aAAA,EAAe;AAEjB,gBAAA,IAAI,WAAA,CAAY,QAAA,CAAS,yBAAyB,CAAA,EAAG;AACnD,kBAAA,WAAA,CAAY,WAAA,CAAY,yBAAA,EAA2B,mCAAA,CAAoC,IAAI,CAAC,CAAA;AAAA,gBAC9F;AAEA,gBAAA,KAAA,MAAW,IAAA,IAAQ,CAAC,oBAAA,EAAsB,uBAAuB,CAAA,EAAG;AAClE,kBAAA,IAAI,WAAA,CAAY,QAAA,CAAS,IAAI,CAAA,EAAG;AAC9B,oBAAA,WAAA,CAAY,WAAA,CAAY,IAAA,EAAM,mCAAA,CAAoC,IAAI,CAAC,CAAA;AAAA,kBACzE;AAAA,gBACF;AAAA,cACF,CAAA,MAAA,IAAW,QAAQ,QAAA,EAAU;AAE3B,gBAAA,KAAA,MAAW,QAAQ,CAAC,oBAAA,EAAsB,uBAAA,EAAyB,wBAAA,EAA0B,2BAA2B,CAAA,EAAG;AACzH,kBAAA,IAAI,WAAA,CAAY,QAAA,CAAS,IAAI,CAAA,EAAG;AAC9B,oBAAA,WAAA,CAAY,WAAA,CAAY,IAAA,EAAM,mCAAA,EAAqC,CAAA;AAAA,kBACrE;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,WACF;AAAA,QACF,CAAC,CAAA;AAAA,MACH;AAAA,KACD,CAAA;AAED,IAAA,OAAO,aAAA;AAAA,EACT,CAAA;AACF;ACjOA,SAAS,SAAS,IAAA,EAAkB;AAClC,EAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,8BAAA,EAAgC;AAEjD,EAAA,OAAA,CAAQ,GAAA,CAAI,WAAA,EAAa,GAAG,IAAI,CAAA;AAClC;AAWA,IAAI,wBAAA,GAA2B,KAAA;AACxB,SAAS,sCAAsC,WAAA,EAAqB;AACzE,EAAA,IAAI,wBAAA,EAA0B;AAE9B,EAAA,MAAM,MAAA,GAAS,QAAQ,GAAA,CAAI,aAAA;AAC3B,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA;AAAA,EACF;AAKA,EAAA,MAAM,qBAAoC,EAAC;AAC3C,EAAA,MAAM,mBAAkC,EAAC;AACzC,EAAA,MAAM,OAAA,GAAU,CAAC,GAAA,KAAgB;AAC/B,IAAA,IAAI,CAACA,oBAAAA,CAAG,UAAA,CAAW,GAAG,CAAA,EAAG;AACzB,IAAA,KAAA,MAAW,KAAA,IAASA,qBAAG,WAAA,CAAY,GAAA,EAAK,EAAE,aAAA,EAAe,IAAA,EAAM,CAAA,EAAG;AAChE,MAAA,IAAI,KAAA,CAAM,aAAY,EAAG;AACvB,QAAA,OAAA,CAAQE,sBAAA,CAAK,IAAA,CAAK,GAAA,EAAK,KAAA,CAAM,IAAI,CAAC,CAAA;AAAA,MACpC,CAAA,MAAA,IAAW,KAAA,CAAM,IAAA,KAAS,wBAAA,EAA0B;AAClD,QAAA,kBAAA,CAAmB,KAAKA,sBAAA,CAAK,IAAA,CAAK,GAAA,EAAK,KAAA,CAAM,IAAI,CAAC,CAAA;AAAA,MACpD,CAAA,MAAA,IAAW,KAAA,CAAM,IAAA,CAAK,QAAA,CAAS,cAAc,KAAK,KAAA,CAAM,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA,EAAG;AAC5E,QAAA,gBAAA,CAAiB,KAAKA,sBAAA,CAAK,IAAA,CAAK,GAAA,EAAK,KAAA,CAAM,IAAI,CAAC,CAAA;AAAA,MAClD;AAAA,IACF;AAAA,EACF,CAAA;AACA,EAAA,OAAA,CAAQ,WAAW,CAAA;AAEnB,EAAA,KAAA,CAAM,sCAAsC,kBAAA,CAAmB,MAAM,CAAA,uBAAA,EAA0B,gBAAA,CAAiB,MAAM,CAAA,mBAAA,CAAqB,CAAA;AAE3I,EAAA,IAAI,CAAC,mBAAmB,MAAA,EAAQ;AAG9B,IAAA;AAAA,EACF;AAGA,EAAA,wBAAA,GAA2B,IAAA;AAG3B,EAAA,MAAM,gBAAgBF,oBAAAA,CAAG,YAAA,CAAa,UAAQ,OAAA,CAAQ,qBAAqB,GAAG,MAAM,CAAA;AACpF,EAAA,MAAM,cAAcA,oBAAAA,CAAG,YAAA,CAAa,UAAQ,OAAA,CAAQ,mBAAmB,GAAG,MAAM,CAAA;AAChF,EAAA,MAAM,SAAA,GAAY,CAAA,yDAAA,EAA4D,IAAA,CAAK,SAAA,CAAU,MAAM,CAAC,CAAA,CAAA,CAAA;AAIpG,EAAA,MAAM,QAAA,GAAW,CAAC,GAAA,KAAgB,CAAA,0BAAA,EAA6B,GAAG,CAAA,oBAAA,CAAA;AAGlE,EAAA,KAAA,MAAW,eAAe,kBAAA,EAAoB;AAC5C,IAAA,MAAM,UAAA,GAAaA,oBAAAA,CAAG,YAAA,CAAa,WAAA,EAAa,MAAM,CAAA;AACtD,IAAA,MAAM,aAAA,GAAgB;AAAA,MACpB,SAAA;AAAA,MACA,SAAS,aAAa,CAAA;AAAA,MACtB;AAAA,KACF,CAAE,KAAK,IAAI,CAAA;AACX,IAAAA,oBAAAA,CAAG,aAAA,CAAc,WAAA,EAAa,aAAa,CAAA;AAC3C,IAAA,KAAA,CAAM,CAAA,6CAAA,EAAgD,WAAW,CAAA,CAAE,CAAA;AAAA,EACrE;AAGA,EAAA,KAAA,MAAW,eAAe,gBAAA,EAAkB;AAC1C,IAAA,MAAM,UAAA,GAAaA,oBAAAA,CAAG,YAAA,CAAa,WAAA,EAAa,MAAM,CAAA;AACtD,IAAA,MAAM,aAAA,GAAgB;AAAA,MACpB,SAAA;AAAA,MACA,SAAS,WAAW,CAAA;AAAA,MACpB;AAAA,KACF,CAAE,KAAK,IAAI,CAAA;AACX,IAAAA,oBAAAA,CAAG,aAAA,CAAc,WAAA,EAAa,aAAa,CAAA;AAC3C,IAAA,KAAA,CAAM,CAAA,sCAAA,EAAyC,WAAW,CAAA,CAAE,CAAA;AAAA,EAC9D;AACF;AAEO,SAAS,0BAAA,GAA6B;AAC3C,EAAA,OAAO,wBAAA;AACT;;;AC3EA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe;AAC9B,EAAA,OAAA,CAAQ,KAAA,CAAM;AAAA,IACZ,0DAAA;AAAA,IACA,EAAA;AAAA,IACA,gFAAA;AAAA,IACA,kEAAA;AAAA,IACA;AAAA,GACF,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AACZ,EAAA,MAAM,IAAI,MAAM,oDAAoD,CAAA;AACtE;AAEAG,+BAAA,EAAmB;AAInB,IAAM,YAAA,GAAe,CAAC,EACpB,OAAA,CAAQ,GAAA,CAAI,SAAA,IACT,OAAA,CAAQ,GAAA,CAAI,aAAA,IACZ,OAAA,CAAQ,GAAA,CAAI,eAAA,IACZ,QAAQ,GAAA,CAAI,oBAAA,CAAA;AAMjB,IAAI,YAAA,IAAgBN,oBAAgB,YAAA,EAAc;AAChD,EAAAC,6CAAAA,CAA0B;AAAA,IACxB,iBAAA,EAAmB;AAAA,MACjB,4BAAA;AAAA;AAAA,MACA;AAAA;AAAA,KACF;AAAA;AAAA,IAEA,oBAAA,EAAsB;AAAA,GACvB,CAAA;AACH;AAEA,IAAM,SAAA,GAAY,CAAC,CAAC,OAAA,CAAQ,GAAA,CAAI,mBAAA;AAChC,SAASH,UAAS,IAAA,EAAkB;AAClC,EAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,8BAAA,EAAgC;AACjD,EAAA,OAAA,CAAQ,GAAA;AAAA,IACN,QAAA;AAAA,IACA,YAAY,WAAA,GAAc,UAAA;AAAA,IAC1B,IAAA;AAAA,IACA,GAAG;AAAA,GACL;AACF;AACAA,MAAAA,CAAM,wDAAmD,CAAA;AAMzD,IAAI,kBAAA,GAAqB,KAAA;AACzB,eAAe,gBAAgB,WAAA,EAAqB;AAClD,EAAA,kBAAA,GAAqB,IAAA;AACrB,EAAA,WAAA,MAAiB,QAAQK,oBAAAA,CAAG,QAAA,CAAS,KAAK,CAAA,EAAG,WAAW,YAAY,CAAA,EAAG;AACrE,IAAA,MAAM,eAAe,MAAMA,oBAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,MAAM,MAAM,CAAA;AAC5D,IAAAD,iBAAa,YAAA,EAAc,EAAE,MAAA,EAAQ,+BAAA,EAAiC,MAAM,CAAA;AAAA,EAC9E;AACF;AAEA,IAAI,kBAAA,GAAqB,KAAA;AACzB,eAAe,gBAAgB,WAAA,EAAqB;AAClD,EAAA,IAAI,kBAAA,EAAoB;AACxB,EAAA,kBAAA,GAAqB,IAAA;AAGrB,EAAA,MAAM,WAA+B,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,iBAAiB,IAAI,CAAA;AACjF,EAAA,MAAM,kBAAiE,EAAC;AACxE,EAAA,KAAA,MAAW,OAAA,IAAW,SAAS,MAAA,EAAQ;AACrC,IAAA,MAAM,IAAA,GAAO,QAAA,CAAS,MAAA,CAAO,OAAO,CAAA;AACpC,IAAA,IAAI,IAAA,CAAK,WAAA,IAAe,IAAA,CAAK,KAAA,IAAS,OAAO,IAAA,CAAK,KAAA,KAAU,QAAA,IAAY,IAAA,CAAK,KAAA,CAAM,MAAA,GAAS,CAAA,EAAG;AAE7F,MAAA,eAAA,CAAgB,IAAA,CAAK;AAAA,QACnB,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,WAAA,EAAa,GAAA,CAAI,MAAA,CAAO,IAAA,CAAK,MAAM,MAAM;AAAA,OAC1C,CAAA;AAAA,IACH;AAAA,EACF;AACA,EAAA,IAAI,CAAC,gBAAgB,MAAA,EAAQ;AAC3B,IAAAJ,OAAM,8CAA8C,CAAA;AACpD,IAAA;AAAA,EACF;AAEA,EAAA,eAAA,CAAgB,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,EAAE,KAAA,CAAM,MAAA,GAAS,CAAA,CAAE,KAAA,CAAM,MAAM,CAAA;AAE9D,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,WAAA,MAAiB,WAAWK,oBAAAA,CAAG,QAAA,CAAS,KAAK,CAAA,EAAG,WAAW,WAAW,CAAA,EAAG;AACvE,IAAA,MAAM,WAAW,MAAMA,oBAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,SAAS,MAAM,CAAA;AAC3D,IAAA,IAAI,QAAA,GAAW,QAAA;AACf,IAAA,KAAA,MAAW,EAAE,KAAA,EAAO,WAAA,EAAY,IAAK,eAAA,EAAiB;AACpD,MAAA,QAAA,GAAW,QAAA,CAAS,UAAA,CAAW,KAAA,EAAO,WAAW,CAAA;AAAA,IACnD;AACA,IAAA,IAAI,aAAa,QAAA,EAAU;AACzB,MAAA,MAAMA,oBAAAA,CAAG,QAAA,CAAS,SAAA,CAAU,OAAA,EAAS,QAAQ,CAAA;AAC7C,MAAA,UAAA,EAAA;AAAA,IACF;AAAA,EACF;AACA,EAAAL,MAAAA,CAAM,CAAA,+BAAA,EAAkC,UAAU,CAAA,gBAAA,CAAkB,CAAA;AACtE;AAEA,IAAI,kBAAA,GAAqB,KAAA;AACzB,eAAe,uBAAA,CAAwB,aAAqB,IAAA,EAAgC;AAC1F,EAAA,IAAI,kBAAA,EAAoB;AACxB,EAAA,kBAAA,GAAqB,IAAA;AAIrB,EAAA,IAAI,eAAeE,mBAAAA,CAAgB,YAAA;AACnC,EAAA,IAAI,YAAA,KAAiB,MAAA,IAAa,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAA+B,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,IAAI,aAAa,CAAA;AACzE,MAAA,YAAA,GAAe,SAAS,QAAA,EAAU,YAAA;AAAA,IACpC,CAAA,CAAA,MAAQ;AAAA,IAAe;AAAA,EACzB;AAGA,EAAA,IAAI,OAAA,CAAQ,IAAI,aAAA,EAAe;AAE7B,IAAA,IAAI;AAAE,MAAAO,kBAAA,EAAe;AAAA,IAAG,CAAA,CAAA,MAAQ;AAAA,IAA+C;AAAA,EACjF;AACA,EAAA,MAAM,gBAAgBC,uBAAA,EAAoB;AAC1C,EAAAV,MAAAA,CAAM,yCAAyC,YAAY,CAAA,gBAAA,EAAmB,KAAK,SAAA,CAAU,aAAa,CAAC,CAAA,CAAE,CAAA;AAC7G,EAAA,IAAI,CAAC,YAAA,EAAc;AAEnB,EAAA,MAAM,cAA6B,EAAC;AACpC,EAAA,IAAI,YAAA,GAAe,CAAA;AAInB,EAAA,WAAA,MAAiB,QAAQK,oBAAAA,CAAG,QAAA,CAAS,KAAK,CAAA,EAAG,WAAW,wBAAwB,CAAA,EAAG;AACjF,IAAA,YAAA,EAAA;AACA,IAAA,MAAM,eAAe,MAAMA,oBAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,MAAM,MAAM,CAAA;AAC5D,IAAA,IAAI;AACF,MAAAD,iBAAa,YAAA,EAAc;AAAA,QACzB,MAAA,EAAQ,wCAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,GAAA,EAAK;AACZ,MAAA,WAAA,CAAY,KAAK,IAAI,CAAA;AAErB,MAAA,MAAMC,qBAAG,QAAA,CAAS,SAAA,CAAU,IAAA,EAAMC,yBAAAA,CAAsB,YAAY,CAAC,CAAA;AAAA,IACvE;AAAA,EACF;AAEA,EAAAN,MAAAA,CAAM,CAAA,QAAA,EAAW,YAAY,CAAA,uBAAA,EAA0B,WAAW,CAAA,eAAA,CAAiB,CAAA;AAKnF,EAAA,KAAA,MAAW,GAAA,IAAO,CAAC,MAAM,CAAA,EAAG;AAC1B,IAAA,WAAA,MAAiB,IAAA,IAAQK,qBAAG,QAAA,CAAS,IAAA,CAAK,GAAG,WAAW,CAAA,MAAA,EAAS,GAAG,CAAA,CAAE,CAAA,EAAG;AACvE,MAAA,YAAA,EAAA;AACA,MAAA,MAAM,eAAe,MAAMA,oBAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,MAAM,MAAM,CAAA;AAC5D,MAAA,IAAI;AACF,QAAAD,iBAAa,YAAA,EAAc;AAAA,UACzB,MAAA,EAAQ,4BAA4B,GAAG,CAAA,CAAA,CAAA;AAAA,UACvC;AAAA,SACD,CAAA;AAAA,MACH,SAAS,GAAA,EAAK;AACZ,QAAA,WAAA,CAAY,KAAK,IAAI,CAAA;AACrB,QAAA,MAAMC,qBAAG,QAAA,CAAS,SAAA,CAAU,IAAA,EAAMC,yBAAAA,CAAsB,YAAY,CAAC,CAAA;AAAA,MACvE;AAAA,IACF;AAAA,EACF;AAEA,EAAAN,MAAAA,CAAM,CAAA,QAAA,EAAW,YAAY,CAAA,yBAAA,CAA2B,CAAA;AAExD,EAAA,IAAI,WAAA,CAAY,SAAS,CAAA,EAAG;AAC1B,IAAA,MAAM,GAAA,GAAM,CAAA,4DAAA,EAAqD,WAAA,CAAY,MAAM,CAAA;AAAA,EAA2B,WAAA,CAAY,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,IAAA,EAAO,CAAC,CAAA,CAAE,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAC3J,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,MAAM,IAAI,MAAM,GAAG,CAAA;AAAA,IACrB;AACA,IAAA,OAAA,CAAQ,MAAM,GAAG,CAAA;AAAA,EACnB,CAAA,MAAO;AACL,IAAAA,OAAM,uCAAkC,CAAA;AAAA,EAC1C;AACF;AAMA,SAAS,oBAAA,GAAuB;AAC9B,EAAAA,OAAM,4BAA4B,CAAA;AAElC,EAAA,MAAM,eAAA,GAAkBK,qBAAG,QAAA,CAAS,SAAA;AACpC,EAAAA,oBAAAA,CAAG,QAAA,CAAS,SAAA,GAAY,eAAe,wBAAwB,IAAA,EAAM;AACnE,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,CAAC,CAAA,CAAE,QAAA,EAAS;AAClC,IAAAL,MAAAA,CAAM,0BAA0B,QAAQ,CAAA;AAIxC,IAAA,IAAI,CAAC,0BAAA,EAA2B,IAAK,QAAA,CAAS,QAAA,CAAS,2BAA2B,CAAA,EAAG;AACnF,MAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,GAAG,QAAA,CAAS,WAAA,CAAY,GAAG,CAAC,CAAA;AACnE,MAAA,qCAAA,CAAsC,WAAW,CAAA;AAAA,IACnD;AAEA,IAAA,IAAI,QAAA,CAAS,QAAA,CAAS,gCAAgC,CAAA,IAAK,CAAC,kBAAA,EAAoB;AAC9E,MAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,GAAG,QAAA,CAAS,WAAA,CAAY,GAAG,CAAC,CAAA;AACnE,MAAA,MAAM,gBAAgB,WAAW,CAAA;AAAA,IACnC;AAGA,IAAA,IACE,SAAS,QAAA,CAAS,gCAAgC,KAC/C,QAAA,CAAS,QAAA,CAAS,gCAAgC,CAAA,EACrD;AACA,MAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,GAAG,QAAA,CAAS,WAAA,CAAY,GAAG,CAAC,CAAA;AACnE,MAAA,IAAI,CAAC,kBAAA,EAAoB,MAAM,eAAA,CAAgB,WAAW,CAAA;AAC1D,MAAA,IAAI,CAAC,oBAAoB,MAAM,uBAAA,CAAwB,aAAa,EAAE,SAAA,EAAW,MAAM,CAAA;AAAA,IACzF;AAEA,IAAA,OAAO,eAAA,CAAgB,IAAA,CAAK,IAAA,EAAM,GAAG,IAAI,CAAA;AAAA,EAC3C,CAAA;AAGA,EAAA,MAAM,sBAAsBK,oBAAAA,CAAG,aAAA;AAC/B,EAAAA,oBAAAA,CAAG,aAAA,GAAgB,SAAS,wBAAA,CAAA,GAA4B,IAAA,EAA2C;AACjG,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,CAAC,CAAA,CAAE,QAAA,EAAS;AAClC,IAAAL,MAAAA,CAAM,qBAAqB,QAAQ,CAAA;AAEnC,IAAA,IAAI,CAAC,0BAAA,EAA2B,IAAK,QAAA,CAAS,QAAA,CAAS,2CAA2C,CAAA,EAAG;AACnG,MAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,GAAG,QAAA,CAAS,WAAA,CAAY,GAAG,CAAC,CAAA;AACnE,MAAA,qCAAA,CAAsC,WAAW,CAAA;AAAA,IACnD;AAEA,IAAA,OAAO,mBAAA,CAAoB,IAAA,CAAK,IAAA,EAAM,GAAG,IAAI,CAAA;AAAA,EAC/C,CAAA;AACF;AAUO,SAAS,wBAAwB,cAAA,EAAuC;AAG7E,EAAA,OAAO,CAAC,UAAA,KAA0E;AAChF,IAAAA,OAAM,iCAAiC,CAAA;AAEvC,IAAA,OAAO,OAAO,OAAe,QAAA,KAA4C;AACvE,MAAA,IAAI,kBAAA;AACJ,MAAA,IAAI,OAAO,eAAe,UAAA,EAAY;AACpC,QAAA,MAAM,kBAAA,GAAqB,UAAA,CAAW,KAAA,EAAO,QAAQ,CAAA;AACrD,QAAA,kBAAA,GAAqB,MAAM,kBAAA;AAAA,MAC7B,CAAA,MAAO;AACL,QAAA,kBAAA,GAAqB,UAAA;AAAA,MACvB;AAGA,MAAA,MAAM,WAAA,GAAc,CAAC,EACnB,OAAA,CAAQ,GAAA,CAAI,SAAA,IACT,OAAA,CAAQ,GAAA,CAAI,aAAA,IACZ,OAAA,CAAQ,GAAA,CAAI,eAAA,IACZ,QAAQ,GAAA,CAAI,oBAAA,CAAA;AAEjB,MAAA,MAAM,UAAU,KAAA,KAAU,wBAAA;AAC1B,MAAAA,OAAM,CAAA,+BAAA,EAAkC,OAAA,CAAQ,IAAI,SAAS,CAAA,gBAAA,EAAmB,QAAQ,GAAA,CAAI,aAAa,qBAAqB,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA,QAAA,EAAW,KAAK,iBAAiB,WAAW,CAAA,UAAA,EAAa,OAAO,CAAA,CAAE,CAAA;AAM3N,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,OAAA,CAAQ,IAAA,CAAK,cAAc,MAAM;AAC/B,UAAA,MAAM,cAAcO,sBAAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,IAAO,OAAO,CAAA;AACvD,UAAA,MAAM,eAAqC,EAAC;AAC5C,UAAA,IAAI,CAAC,kBAAA,EAAoB,YAAA,CAAa,IAAA,CAAK,eAAA,CAAgB,WAAW,CAAC,CAAA;AACvE,UAAA,IAAI,CAAC,kBAAA,EAAoB,YAAA,CAAa,IAAA,CAAK,uBAAA,CAAwB,aAAa,EAAE,SAAA,EAAW,IAAA,EAAM,CAAC,CAAA;AACpG,UAAA,IAAI,YAAA,CAAa,SAAS,CAAA,EAAG;AAG3B,YAAA,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,CAAE,KAAA,CAAM,CAAC,GAAA,KAAQ;AACvC,cAAA,OAAA,CAAQ,KAAA,CAAM,qCAAqC,GAAG,CAAA;AACtD,cAAA,OAAA,CAAQ,QAAA,GAAW,CAAA;AAAA,YACrB,CAAC,CAAA;AAAA,UACH;AAAA,QACF,CAAC,CAAA;AAAA,MACH;AAEA,MAAA,IAAI,WAAA,EAAa;AACf,QAAAP,OAAM,4CAA4C,CAAA;AAGlD,QAAA,IAAI,SAAS,oBAAA,EAAqB;AAGlC,QAAA,IAAI,eAAA,GAAmB,kBAAA,CAA2B,SAAA,IAC5C,kBAAA,CAA2B,YAAA,EAAc,KAAA;AAE/C,QAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,UAAA,eAAA,GAAkB,EAAC;AACnB,UAAC,mBAA2B,SAAA,GAAY,eAAA;AAAA,QAC1C;AAGA,QAAA,MAAM,UAAA,GAAa;AAAA,UACjB,OAAA,EAAS,CAAC,SAAA,CAAQ,OAAA,CAAQ,UAAU,CAAC;AAAA,SACvC;AACA,QAAA,eAAA,CAAgB,UAAU,EAAC;AAC3B,QAAA,eAAA,CAAgB,KAAA,CAAM,2BAA2B,CAAA,GAAI,UAAA;AAKrD,QAAA,MAAM,yBAAyBO,sBAAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,IAAO,sBAAsB,CAAA;AACjF,QAAA,IAAI,WAAA,GAAc,KAAA;AAClB,QAAA,IAAI;AACF,UAAA,WAAA,GAAcF,oBAAAA,CAAG,SAAA,CAAU,sBAAsB,CAAA,CAAE,cAAA,EAAe;AAAA,QACpE,CAAA,CAAA,MAAQ;AAAA,QAAqD;AAE7D,QAAA,IAAI,WAAA,EAAa;AACf,UAAAL,OAAM,wDAAwD,CAAA;AAC9D,UAAA,MAAM,cAAA,GAAiBO,sBAAAA,CAAK,OAAA,CAAQA,sBAAAA,CAAK,OAAA,CAAQ,UAAQ,OAAA,CAAQ,aAAa,CAAC,CAAA,EAAG,IAAI,CAAA;AACtF,UAAA,MAAM,WAAA,GAAcA,sBAAAA,CAAK,OAAA,CAAQ,cAAA,EAAgB,IAAI,CAAA;AACrD,UAAA,MAAM,WAAWA,sBAAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,IAAO,uBAAuB,CAAA;AACpE,UAAA,MAAM,YAAA,GAAeA,sBAAAA,CAAK,IAAA,CAAK,QAAA,EAAU,MAAM,CAAA;AAC/C,UAAA,IAAI;AACF,YAAAF,qBAAG,SAAA,CAAU,QAAA,EAAU,EAAE,SAAA,EAAW,MAAM,CAAA;AAE1C,YAAAA,qBAAG,MAAA,CAAO,cAAA,EAAgB,cAAc,EAAE,SAAA,EAAW,MAAM,CAAA;AAC3D,YAAAA,oBAAAA,CAAG,YAAA,CAAaE,sBAAAA,CAAK,IAAA,CAAK,WAAA,EAAa,cAAc,CAAA,EAAGA,sBAAAA,CAAK,IAAA,CAAK,QAAA,EAAU,cAAc,CAAC,CAAA;AAC3F,YAAAP,MAAAA,CAAM,mCAAmC,QAAQ,CAAA;AAAA,UACnD,SAAS,GAAA,EAAK;AACZ,YAAA,OAAA,CAAQ,IAAA,CAAK,mDAAmD,GAAG,CAAA;AAAA,UACrE;AAEA,UAAA,eAAA,CAAgB,iBAAiB,EAAC;AAClC,UAAA,eAAA,CAAgB,YAAA,CAAa,aAAa,CAAA,GAAI,6CAAA;AAC9C,UAAA,eAAA,CAAgB,YAAA,CAAa,uBAAuB,CAAA,GAAI,uDAAA;AACxD,UAAA,eAAA,CAAgB,YAAA,CAAa,+BAA+B,CAAA,GAAI,+DAAA;AAChE,UAAA,eAAA,CAAgB,YAAA,CAAa,wBAAwB,CAAA,GAAI,wDAAA;AACzD,UAAA,eAAA,CAAgB,YAAA,CAAa,qBAAqB,CAAA,GAAI,sDAAA;AACtD,UAAA,eAAA,CAAgB,YAAA,CAAa,mBAAmB,CAAA,GAAI,oDAAA;AACpD,UAAAA,OAAM,2EAA2E,CAAA;AAAA,QACnF,CAAA,MAAO;AACL,UAAAA,OAAM,6DAA6D,CAAA;AAAA,QACrE;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,GAAG,kBAAA;AAAA,QACH,GAAG,WAAA,IAAe;AAAA,UAChB,WAAY,kBAAA,CAA2B;AAAA,SACzC;AAAA,QACA,GAAG,CAAC,YAAA,IAAgB;AAAA,UAClB,OAAA,EAAS,qBAAA,CAAsB,kBAAA,EAAoB,oBAAA,EAAsBA,QAAO,OAAO;AAAA;AACzF,OACF;AAAA,IACF,CAAA;AAAA,EACF,CAAA;AACF","file":"plugin.js","sourcesContent":["import fs from 'node:fs';\n\nimport {\n redactSensitiveConfig, scanForLeaks, varlockSettings,\n} from 'varlock/env';\nimport { patchGlobalServerResponse } from 'varlock/patch-server-response';\n\nimport { type SerializedEnvGraph } from 'varlock';\nimport type { NextConfig } from 'next';\n\nconst WEBPACK_PLUGIN_NAME = 'VarlockNextWebpackPlugin';\n\n// We use a proxy object for the static replacements that we pass to webpack.DefinePlugin\n// because this plugin/webpack code is not invoked again when env files change\n// instead next is direcly messing with the existing plugins for their own changes\n// so instead we use a proxy object, and grab the values off of process.env.__VARLOCK_ENV\n// which will have been updated by our next-env-compat code\nlet latestLoadedVarlockEnv: SerializedEnvGraph | undefined;\nfunction createStaticReplacementsProxy(debug: (...args: Array<any>) => void) {\n return new Proxy({} as Record<string, string>, {\n ownKeys(_target) {\n latestLoadedVarlockEnv = JSON.parse(process.env.__VARLOCK_ENV || '{}') as SerializedEnvGraph;\n const replaceKeys = [] as Array<string>;\n for (const itemKey in latestLoadedVarlockEnv.config) {\n const item = latestLoadedVarlockEnv.config[itemKey];\n if (!item.isSensitive) replaceKeys.push(`ENV.${itemKey}`);\n }\n debug('reloaded static replacements keys', replaceKeys);\n return replaceKeys;\n },\n getOwnPropertyDescriptor(_target, prop) {\n const itemKey = prop.toString().split('.')[1];\n const item = latestLoadedVarlockEnv?.config[itemKey];\n if (!item || item.isSensitive) return;\n return {\n value: '', // this value is not used, the get handler will return the value\n writable: false,\n enumerable: true,\n configurable: true,\n };\n },\n get(_target, prop) {\n const itemKey = prop.toString().split('.')[1];\n const item = latestLoadedVarlockEnv?.config[itemKey];\n if (item && !item.isSensitive) return JSON.stringify(item.value);\n },\n });\n}\n\nexport function createWebpackConfigFn(\n resolvedNextConfig: NextConfig,\n patchGlobalFsMethods: () => void,\n debug: (...args: Array<any>) => void,\n isBuild: boolean,\n) {\n const staticReplacementsProxy = createStaticReplacementsProxy(debug);\n\n return function webpackConfigFn(webpackConfig: any, options: any) {\n debug('varlockNextConfigPlugin webpack config patching');\n\n const { dev } = options; // also available - isServer, nextRuntime\n\n // only patch fs methods during builds — they create \"hooks\" for post-build\n // scanning/scrubbing and are unnecessary during dev\n if (isBuild) patchGlobalFsMethods();\n\n if (varlockSettings.preventLeaks) {\n // have to wait to run this until here when we know if this is dev mode or not\n patchGlobalServerResponse({\n ignoreUrlPatterns: [\n /^\\/__nextjs_source-map\\?.*/, // sourcemaps\n /[?&]_rsc=/, // RSC payloads are server-side and expected to contain sensitive data\n ],\n // in dev mode, we redact the secrets rather than throwing, because otherwise the dev server crashes\n redactInsteadOfThrow: dev,\n });\n }\n\n // webpack itself is passed in so we dont have to import it (or make it a dependency)\n const webpack = options.webpack;\n\n // apply existing user customizations if there are any\n if (resolvedNextConfig.webpack) {\n webpackConfig = resolvedNextConfig.webpack(webpackConfig, options);\n }\n\n if (!process.env.__VARLOCK_ENV) throw new Error('VarlockNextWebpackPlugin: __VARLOCK_ENV is not set');\n\n // Add per-file init guard for server (non-edge) compilations.\n // Pre-rendering workers may receive compiled code via IPC rather than loading\n // runtime files from disk, so runtime injection alone isn't sufficient.\n // The loader ensures initVarlockEnv() and patchGlobalConsole() run in every worker.\n // alwaysRepatchConsole: in webpack, React wraps console for RSC dev replay AFTER\n // our initial patch in the runtime file, so we re-patch in each file to ensure\n // our redaction wraps React's wrapper. (Turbopack doesn't need this.)\n if (options.isServer && options.nextRuntime !== 'edge') {\n webpackConfig.module.rules.push({\n test: /\\.(js|jsx|ts|tsx|mjs|mts)$/,\n exclude: /node_modules/,\n use: [\n {\n loader: require.resolve('./loader'),\n options: { bundler: 'webpack' },\n },\n ],\n });\n }\n // Edge compilation: also re-patch console to wrap React's RSC dev replay wrapper.\n // Edge can't use require(), so we call globalThis.__varlockPatchConsole which the\n // init-edge bundle exposes after running.\n if (options.isServer && options.nextRuntime === 'edge') {\n webpackConfig.module.rules.push({\n test: /\\.(js|jsx|ts|tsx|mjs|mts)$/,\n exclude: /node_modules/,\n use: [\n {\n loader: require.resolve('./loader'),\n options: { bundler: 'webpack', isEdge: true },\n },\n ],\n });\n }\n\n // Set up build-time replacements / rewrites - using webpack.DefinePlugin and a proxy\n // TODO: use shared helpers from core library?\n debug('adding ENV.xxx static replacements proxy object');\n webpackConfig.plugins.push(new webpack.DefinePlugin(staticReplacementsProxy));\n\n if (varlockSettings.preventLeaks) {\n webpackConfig.plugins.push({\n apply(compiler: any) {\n compiler.hooks.assetEmitted.tap(WEBPACK_PLUGIN_NAME, (_file: any, assetDetails: any) => {\n const { content, targetPath } = assetDetails;\n\n if (\n targetPath.includes('/.next/static/chunks/')\n || targetPath.endsWith('.html')\n // .rsc and .body are server-side (RSC payloads), not client-facing\n ) {\n // NOTE - in dev mode the request hangs on the error, but the console error should help\n // and during a build, it will actually fail the build\n try {\n scanForLeaks(content, {\n method: '@varlock/nextjs-integration/plugin - assetEmitted hook',\n file: targetPath,\n });\n } catch (err) {\n if (dev) {\n // overwrite file with redacted version\n fs.writeFileSync(targetPath, redactSensitiveConfig(content.toString()));\n } else {\n throw err;\n }\n }\n }\n });\n },\n });\n }\n\n // Inject varlock init into webpack runtime files.\n // We prepend the self-contained init bundle as raw JS so it runs before any module code.\n // Server runtimes get the full init (with server-response patching),\n // edge runtimes get the edge-safe init (no node:zlib/node:http).\n function injectVarlockInitIntoWebpackRuntime(edgeRuntime = false) {\n return function assetUpdateFn(origSource: any) {\n const origSourceStr = origSource.source();\n\n const initBundleName = edgeRuntime ? 'init-edge' : 'init-server';\n const injectorPath = require.resolve(`varlock/${initBundleName}`);\n const injectorSrc = fs.readFileSync(injectorPath, 'utf8');\n\n // inline the resolved env so it's baked into the build\n // this removes the need for a .env.production.local file on platforms like Vercel\n const rawEnv = process.env.__VARLOCK_ENV;\n const envInline = rawEnv\n ? `process.env.__VARLOCK_ENV = process.env.__VARLOCK_ENV || ${JSON.stringify(rawEnv)};`\n : '';\n\n const updatedSourceStr = [\n envInline,\n // Wrap in IIFE to avoid symbol collisions when bundlers concatenate files.\n // Provide dummy exports/module since the CJS bundle uses `exports.X = ...`\n `(function(exports,module){${injectorSrc}})({},{exports:{}});`,\n origSourceStr,\n ].join('\\n');\n\n return new webpack.sources.RawSource(updatedSourceStr);\n };\n }\n\n const isEdgeRuntime = options.nextRuntime === 'edge';\n webpackConfig.plugins.push({\n apply(compiler: any) {\n compiler.hooks.thisCompilation.tap(WEBPACK_PLUGIN_NAME, (compilation: any) => {\n compilation.hooks.processAssets.tap(\n {\n name: WEBPACK_PLUGIN_NAME,\n stage: webpack.Compilation.PROCESS_ASSETS_STAGE_ADDITIONS,\n },\n () => {\n if (isEdgeRuntime) {\n // Edge compilation — only inject the edge-safe init bundle (no node builtins)\n if (compilation.getAsset('edge-runtime-webpack.js')) {\n compilation.updateAsset('edge-runtime-webpack.js', injectVarlockInitIntoWebpackRuntime(true));\n }\n // Edge compilation also has webpack-runtime.js — inject init-edge there too\n for (const name of ['webpack-runtime.js', '../webpack-runtime.js']) {\n if (compilation.getAsset(name)) {\n compilation.updateAsset(name, injectVarlockInitIntoWebpackRuntime(true));\n }\n }\n } else if (options.isServer) {\n // Server (node.js) compilation — inject full init with server-response patching\n for (const name of ['webpack-runtime.js', '../webpack-runtime.js', 'webpack-api-runtime.js', '../webpack-api-runtime.js']) {\n if (compilation.getAsset(name)) {\n compilation.updateAsset(name, injectVarlockInitIntoWebpackRuntime());\n }\n }\n }\n },\n );\n });\n },\n });\n\n return webpackConfig; // must return the modified config\n };\n}\n","import fs from 'node:fs';\nimport path from 'node:path';\n\nfunction debug(...args: Array<any>) {\n if (!process.env.DEBUG_VARLOCK_NEXT_INTEGRATION) return;\n // eslint-disable-next-line no-console\n console.log('[varlock]', ...args);\n}\n\n/**\n * Inject varlock init bundle into turbopack runtime files (analogous to webpack runtime injection).\n * Turbopack writes `[turbopack]_runtime.js` files during compilation — these are loaded by\n * the deployed server before any user code runs, making them the ideal injection point.\n *\n * Note: pre-rendering workers during builds receive compiled code via IPC (not from disk),\n * so this injection only takes effect for the deployed server. Build-time init is handled\n * by the turbopack loader's init guard snippet.\n */\nlet injectedTurbopackRuntime = false;\nexport function injectVarlockInitIntoTurbopackRuntime(nextDirPath: string) {\n if (injectedTurbopackRuntime) return;\n\n const rawEnv = process.env.__VARLOCK_ENV;\n if (!rawEnv) {\n return;\n }\n\n // Find turbopack runtime files ([turbopack]_runtime.js) and edge-wrapper files.\n // Node.js SSR/build uses [turbopack]_runtime.js, while edge runtime uses\n // edge-wrapper JS files (no [turbopack]_runtime.js exists for edge).\n const serverRuntimeFiles: Array<string> = [];\n const edgeWrapperFiles: Array<string> = [];\n const walkDir = (dir: string) => {\n if (!fs.existsSync(dir)) return;\n for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {\n if (entry.isDirectory()) {\n walkDir(path.join(dir, entry.name));\n } else if (entry.name === '[turbopack]_runtime.js') {\n serverRuntimeFiles.push(path.join(dir, entry.name));\n } else if (entry.name.includes('edge-wrapper') && entry.name.endsWith('.js')) {\n edgeWrapperFiles.push(path.join(dir, entry.name));\n }\n }\n };\n walkDir(nextDirPath);\n\n debug(`turbopack runtime injection: found ${serverRuntimeFiles.length} server runtime files, ${edgeWrapperFiles.length} edge wrapper files`);\n\n if (!serverRuntimeFiles.length) {\n // Runtime files may not exist yet — turbopack (Rust) writes them directly.\n // We'll retry on subsequent fs writes until they appear.\n return;\n }\n\n // Mark as done so we don't retry\n injectedTurbopackRuntime = true;\n\n // Load both init bundles — server (full, node:zlib/node:http) and edge (no node builtins)\n const initServerSrc = fs.readFileSync(require.resolve('varlock/init-server'), 'utf8');\n const initEdgeSrc = fs.readFileSync(require.resolve('varlock/init-edge'), 'utf8');\n const envInline = `process.env.__VARLOCK_ENV = process.env.__VARLOCK_ENV || ${JSON.stringify(rawEnv)};`;\n\n // The CJS init bundles use `exports.X = ...` at the end, so we must provide\n // a dummy `exports` object when wrapping in an IIFE to avoid ReferenceError.\n const iifeWrap = (src: string) => `(function(exports,module){${src}})({},{exports:{}});`;\n\n // Inject init-server into [turbopack]_runtime.js files (node.js SSR + build)\n for (const runtimeFile of serverRuntimeFiles) {\n const origSource = fs.readFileSync(runtimeFile, 'utf8');\n const updatedSource = [\n envInline,\n iifeWrap(initServerSrc),\n origSource,\n ].join('\\n');\n fs.writeFileSync(runtimeFile, updatedSource);\n debug(`injected init-server into turbopack runtime: ${runtimeFile}`);\n }\n\n // Inject init-edge into edge-wrapper files (edge runtime — no node builtins)\n for (const wrapperFile of edgeWrapperFiles) {\n const origSource = fs.readFileSync(wrapperFile, 'utf8');\n const updatedSource = [\n envInline,\n iifeWrap(initEdgeSrc),\n origSource,\n ].join('\\n');\n fs.writeFileSync(wrapperFile, updatedSource);\n debug(`injected init-edge into edge wrapper: ${wrapperFile}`);\n }\n}\n\nexport function isInjectedTurbopackRuntime() {\n return injectedTurbopackRuntime;\n}\n","/* eslint-disable no-console */\n\nimport fs from 'node:fs';\nimport path from 'node:path';\nimport type { NextConfig } from 'next';\n\nimport {\n getRedactionMapInfo, initVarlockEnv, redactSensitiveConfig, scanForLeaks, varlockSettings,\n} from 'varlock/env';\nimport { patchGlobalConsole } from 'varlock/patch-console';\nimport { patchGlobalServerResponse } from 'varlock/patch-server-response';\n\nimport { type SerializedEnvGraph } from 'varlock';\nimport { createWebpackConfigFn } from './webpack-plugin';\nimport { injectVarlockInitIntoTurbopackRuntime, isInjectedTurbopackRuntime } from './turbopack-runtime-inject';\n\n// make sure varlock has actually loaded the env files\n// NOTE - we don't need to call `initVarlockEnv` because the next-env-compat has already been loaded and called it\nif (!process.env.__VARLOCK_ENV) {\n console.error([\n '🚨 process.env.__VARLOCK_ENV is not set 🚨',\n '',\n 'To use this plugin, you must override @next/env with @varlock/next-integration',\n 'See https://varlock.dev/integrations/nextjs for more information',\n '',\n ].join('\\n'));\n throw new Error('VarlockNextWebpackPlugin: __VARLOCK_ENV is not set');\n}\n\npatchGlobalConsole();\n\n// Turbopack detection at module level — needed to apply patches in worker processes\n// (the config function only runs in the main process, but workers also load this module)\nconst IS_TURBOPACK = !!(\n process.env.TURBOPACK\n || process.env.TURBOPACK_DEV\n || process.env.TURBOPACK_BUILD\n || process.env.npm_config_turbopack\n);\n\n// For turbopack, apply server response patching at module level so it takes effect\n// in worker processes (which serve actual responses). The config function's turbopack\n// branch only runs in the main process, which doesn't handle HTTP responses.\nif (IS_TURBOPACK && varlockSettings.preventLeaks) {\n patchGlobalServerResponse({\n ignoreUrlPatterns: [\n /^\\/__nextjs_source-map\\?.*/, // sourcemaps\n /[?&]_rsc=/, // RSC payloads are server-side and expected to contain sensitive data\n ],\n // always redact in dev to avoid crashing the dev server; prod builds override via init bundles\n redactInsteadOfThrow: true,\n });\n}\n\nconst IS_WORKER = !!process.env.NEXT_PRIVATE_WORKER;\nfunction debug(...args: Array<any>) {\n if (!process.env.DEBUG_VARLOCK_NEXT_INTEGRATION) return;\n console.log(\n 'plugin',\n IS_WORKER ? '[worker] ' : '[server]',\n '--',\n ...args,\n );\n}\ndebug('✨ LOADED @varlock/next-integration/plugin module!');\n\ntype VarlockPluginOptions = {\n // injectResolvedConfigAtBuildTime: boolean,\n};\n\nlet scannedStaticFiles = false;\nasync function scanStaticFiles(nextDirPath: string) {\n scannedStaticFiles = true;\n for await (const file of fs.promises.glob(`${nextDirPath}/**/*.html`)) {\n const fileContents = await fs.promises.readFile(file, 'utf8');\n scanForLeaks(fileContents, { method: 'nextjs scan static html files', file });\n }\n}\n\nlet scrubbedSourcemaps = false;\nasync function scrubSourcemaps(nextDirPath: string) {\n if (scrubbedSourcemaps) return;\n scrubbedSourcemaps = true;\n\n // build a list of sensitive values and their same-length replacements\n const envGraph: SerializedEnvGraph = JSON.parse(process.env.__VARLOCK_ENV || '{}');\n const sensitiveValues: Array<{ value: string, replacement: string }> = [];\n for (const itemKey in envGraph.config) {\n const item = envGraph.config[itemKey];\n if (item.isSensitive && item.value && typeof item.value === 'string' && item.value.length > 0) {\n // same-length replacement to preserve sourcemap column offsets\n sensitiveValues.push({\n value: item.value,\n replacement: '*'.repeat(item.value.length),\n });\n }\n }\n if (!sensitiveValues.length) {\n debug('no sensitive values to scrub from sourcemaps');\n return;\n }\n // sort longest first for maximal munch\n sensitiveValues.sort((a, b) => b.value.length - a.value.length);\n\n let scrubCount = 0;\n for await (const mapFile of fs.promises.glob(`${nextDirPath}/**/*.map`)) {\n const contents = await fs.promises.readFile(mapFile, 'utf8');\n let scrubbed = contents;\n for (const { value, replacement } of sensitiveValues) {\n scrubbed = scrubbed.replaceAll(value, replacement);\n }\n if (scrubbed !== contents) {\n await fs.promises.writeFile(mapFile, scrubbed);\n scrubCount++;\n }\n }\n debug(`scrubbed sensitive values from ${scrubCount} sourcemap files`);\n}\n\nlet scannedBuildOutput = false;\nasync function scanBuildOutputForLeaks(nextDirPath: string, opts?: { failBuild?: boolean }) {\n if (scannedBuildOutput) return;\n scannedBuildOutput = true;\n\n // varlockSettings may not be populated if initVarlockEnv hasn't run in this process,\n // so fall back to reading the setting directly from the env data\n let preventLeaks = varlockSettings.preventLeaks;\n if (preventLeaks === undefined && process.env.__VARLOCK_ENV) {\n try {\n const envGraph: SerializedEnvGraph = JSON.parse(process.env.__VARLOCK_ENV);\n preventLeaks = envGraph.settings?.preventLeaks;\n } catch { /* ignore */ }\n }\n // Ensure the redaction map is populated so scanForLeaks knows what to look for.\n // initVarlockEnv may not have run in this process (the plugin's main process).\n if (process.env.__VARLOCK_ENV) {\n // eslint-disable-next-line @stylistic/max-statements-per-line\n try { initVarlockEnv(); } catch { /* ignore if already initialized or fails */ }\n }\n const redactionInfo = getRedactionMapInfo();\n debug(`scanBuildOutputForLeaks: preventLeaks=${preventLeaks}, redactionInfo=${JSON.stringify(redactionInfo)}`);\n if (!preventLeaks) return;\n\n const leakedFiles: Array<string> = [];\n let scannedCount = 0;\n\n // scan JS chunks in .next/static/chunks/ — these are client-facing bundles\n // that should never contain sensitive values\n for await (const file of fs.promises.glob(`${nextDirPath}/static/chunks/**/*.js`)) {\n scannedCount++;\n const fileContents = await fs.promises.readFile(file, 'utf8');\n try {\n scanForLeaks(fileContents, {\n method: 'nextjs post-build scan (static chunks)',\n file,\n });\n } catch (err) {\n leakedFiles.push(file);\n // redact the file so the leak doesn't ship\n await fs.promises.writeFile(file, redactSensitiveConfig(fileContents));\n }\n }\n\n debug(`scanned ${scannedCount} static chunk files in ${nextDirPath}/static/chunks/`);\n\n // scan prerendered HTML files (client-facing static output)\n // NOTE: .rsc and .body files are server-side (RSC payloads) and are expected\n // to access sensitive data, so we don't scan those\n for (const ext of ['html']) {\n for await (const file of fs.promises.glob(`${nextDirPath}/**/*.${ext}`)) {\n scannedCount++;\n const fileContents = await fs.promises.readFile(file, 'utf8');\n try {\n scanForLeaks(fileContents, {\n method: `nextjs post-build scan (.${ext})`,\n file,\n });\n } catch (err) {\n leakedFiles.push(file);\n await fs.promises.writeFile(file, redactSensitiveConfig(fileContents));\n }\n }\n }\n\n debug(`scanned ${scannedCount} total build output files`);\n\n if (leakedFiles.length > 0) {\n const msg = `[varlock] ⚠️ found and redacted leaked secrets in ${leakedFiles.length} build output file(s):\\n${leakedFiles.map((f) => ` - ${f}`).join('\\n')}`;\n if (opts?.failBuild) {\n throw new Error(msg);\n }\n console.error(msg);\n } else {\n debug('✅ no leaks found in build output');\n }\n}\n\n// not all file writes go through this, at least in Next 15\n// (likely because webpack and prerendering are happening in workers)\n// but we can use this to monitor writing of certain files and give ourselves a \"hook\"\n// which we can then scan existing files\nfunction patchGlobalFsMethods() {\n debug('patching global fs methods');\n // patch fs.promises.writeFile\n const origWriteFileFn = fs.promises.writeFile;\n fs.promises.writeFile = async function dmnoPatchedWriteFile(...args) {\n const filePath = args[0].toString();\n debug('fs.promises.writeFile:', filePath);\n\n // BUILD_ID is written after turbopack compilation completes but before pre-rendering.\n // This is our hook to inject the init bundle into turbopack runtime files.\n if (!isInjectedTurbopackRuntime() && filePath.endsWith('/.next/export-detail.json')) {\n const nextDirPath = filePath.substring(0, filePath.lastIndexOf('/'));\n injectVarlockInitIntoTurbopackRuntime(nextDirPath);\n }\n\n if (filePath.endsWith('/.next/next-server.js.nft.json') && !scannedStaticFiles) {\n const nextDirPath = filePath.substring(0, filePath.lastIndexOf('/'));\n await scanStaticFiles(nextDirPath);\n }\n // next-server.js.nft.json is written near the end of the build, after prerendering (webpack)\n // prerender-manifest.json is written after \"Generating static pages\" completes (turbopack + webpack)\n if (\n filePath.endsWith('/.next/next-server.js.nft.json')\n || filePath.endsWith('/.next/prerender-manifest.json')\n ) {\n const nextDirPath = filePath.substring(0, filePath.lastIndexOf('/'));\n if (!scrubbedSourcemaps) await scrubSourcemaps(nextDirPath);\n if (!scannedBuildOutput) await scanBuildOutputForLeaks(nextDirPath, { failBuild: true });\n }\n\n return origWriteFileFn.call(this, ...args);\n };\n\n // also patch sync version in case turbopack uses it\n const origWriteFileSyncFn = fs.writeFileSync;\n fs.writeFileSync = function dmnoPatchedWriteFileSync(...args: Parameters<typeof fs.writeFileSync>) {\n const filePath = args[0].toString();\n debug('fs.writeFileSync:', filePath);\n\n if (!isInjectedTurbopackRuntime() && filePath.endsWith('/.next/diagnostics/build-diagnostics.json')) {\n const nextDirPath = filePath.substring(0, filePath.lastIndexOf('/'));\n injectVarlockInitIntoTurbopackRuntime(nextDirPath);\n }\n\n return origWriteFileSyncFn.call(this, ...args);\n };\n}\n\n\nexport type NextConfigFunction = (\n phase: string,\n defaults: { defaultConfig: NextConfig },\n) => NextConfig | PromiseLike<NextConfig>;\n\n\n// we make this a plugin a function because we'll likely end up adding some options\nexport function varlockNextConfigPlugin(_pluginOptions?: VarlockPluginOptions) {\n // nextjs doesnt have a proper plugin system :(\n // so we use a function which takes in a config object and returns an augmented one\n return (nextConfig: any | NextConfig | NextConfigFunction): NextConfigFunction => {\n debug('varlockNextConfigPlugin init fn');\n\n return async (phase: string, defaults: { defaultConfig: NextConfig }) => {\n let resolvedNextConfig: NextConfig;\n if (typeof nextConfig === 'function') {\n const nextConfigFnResult = nextConfig(phase, defaults);\n resolvedNextConfig = await nextConfigFnResult;\n } else {\n resolvedNextConfig = nextConfig;\n }\n\n // Next 16+ uses Turbopack by default for dev, but may not set TURBOPACK env var\n const isTurbopack = !!(\n process.env.TURBOPACK\n || process.env.TURBOPACK_DEV\n || process.env.TURBOPACK_BUILD\n || process.env.npm_config_turbopack\n );\n const isBuild = phase === 'phase-production-build';\n debug(`turbopack detection: TURBOPACK=${process.env.TURBOPACK}, TURBOPACK_DEV=${process.env.TURBOPACK_DEV}, TURBOPACK_BUILD=${process.env.TURBOPACK_BUILD}, phase=${phase}, isTurbopack=${isTurbopack}, isBuild=${isBuild}`);\n\n // For production builds, schedule a post-build scan as a safety net.\n // The fs.writeFile patches may not intercept all writes (workers), and\n // BUILD_ID is written before prerendering completes. beforeExit fires\n // after the build finishes, ensuring all output files exist.\n if (isBuild) {\n process.once('beforeExit', () => {\n const nextDirPath = path.resolve(process.cwd(), '.next');\n const scanPromises: Array<Promise<void>> = [];\n if (!scrubbedSourcemaps) scanPromises.push(scrubSourcemaps(nextDirPath));\n if (!scannedBuildOutput) scanPromises.push(scanBuildOutputForLeaks(nextDirPath, { failBuild: true }));\n if (scanPromises.length > 0) {\n // The async work keeps the event loop alive, and beforeExit\n // will fire again once it completes (but the guards prevent re-runs)\n Promise.all(scanPromises).catch((err) => {\n console.error('[varlock] post-build scan failed:', err);\n process.exitCode = 1;\n });\n }\n });\n }\n\n if (isTurbopack) {\n debug('turbopack detected, injecting loader rules');\n // only patch fs methods during builds — they create \"hooks\" for post-build\n // scanning/scrubbing and are unnecessary (and noisy) during dev\n if (isBuild) patchGlobalFsMethods();\n\n // turbopack config can be under `turbopack` (Next 15+) or `experimental.turbo` (older)\n let turbopackConfig = (resolvedNextConfig as any).turbopack\n ?? (resolvedNextConfig as any).experimental?.turbo;\n\n if (!turbopackConfig) {\n turbopackConfig = {};\n (resolvedNextConfig as any).turbopack = turbopackConfig;\n }\n\n // inject loader rules\n const loaderRule = {\n loaders: [require.resolve('./loader')],\n };\n turbopackConfig.rules ||= {};\n turbopackConfig.rules['*.{js,jsx,ts,tsx,mjs,mts}'] = loaderRule;\n\n // Turbopack can't resolve symlinked packages (e.g. link: or workspace: installs).\n // If varlock is symlinked, we copy dist files into node_modules/.varlock/ as real\n // files and set up resolve aliases so turbopack can find them.\n const varlockNodeModulesPath = path.resolve(process.cwd(), 'node_modules/varlock');\n let isSymlinked = false;\n try {\n isSymlinked = fs.lstatSync(varlockNodeModulesPath).isSymbolicLink();\n } catch { /* not found — might be hoisted or nested, skip */ }\n\n if (isSymlinked) {\n debug('varlock is symlinked, copying dist files for turbopack');\n const varlockDistDir = path.resolve(path.dirname(require.resolve('varlock/env')), '..');\n const varlockRoot = path.resolve(varlockDistDir, '..');\n const cacheDir = path.resolve(process.cwd(), 'node_modules/.varlock');\n const cacheDistDir = path.join(cacheDir, 'dist');\n try {\n fs.mkdirSync(cacheDir, { recursive: true });\n // copy dist/ and package.json so turbopack can resolve subpath exports\n fs.cpSync(varlockDistDir, cacheDistDir, { recursive: true });\n fs.copyFileSync(path.join(varlockRoot, 'package.json'), path.join(cacheDir, 'package.json'));\n debug('copied varlock package files to', cacheDir);\n } catch (err) {\n console.warn('[varlock] failed to copy varlock package files:', err);\n }\n\n turbopackConfig.resolveAlias ||= {};\n turbopackConfig.resolveAlias['varlock/env'] = './node_modules/.varlock/dist/runtime/env.js';\n turbopackConfig.resolveAlias['varlock/patch-console'] = './node_modules/.varlock/dist/runtime/patch-console.js';\n turbopackConfig.resolveAlias['varlock/patch-server-response'] = './node_modules/.varlock/dist/runtime/patch-server-response.js';\n turbopackConfig.resolveAlias['varlock/patch-response'] = './node_modules/.varlock/dist/runtime/patch-response.js';\n turbopackConfig.resolveAlias['varlock/init-server'] = './node_modules/.varlock/dist/runtime/init-server.cjs';\n turbopackConfig.resolveAlias['varlock/init-edge'] = './node_modules/.varlock/dist/runtime/init-edge.cjs';\n debug('set resolveAlias for varlock subpaths -> ./node_modules/.varlock/dist/...');\n } else {\n debug('varlock is not symlinked, turbopack can resolve it natively');\n }\n }\n\n return {\n ...resolvedNextConfig,\n ...isTurbopack && {\n turbopack: (resolvedNextConfig as any).turbopack,\n },\n ...!IS_TURBOPACK && {\n webpack: createWebpackConfigFn(resolvedNextConfig, patchGlobalFsMethods, debug, isBuild),\n },\n };\n };\n };\n}\n"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@varlock/nextjs-integration",
3
3
  "description": "drop-in replacement for @next/env that uses varlock to load .env files with validation and extra security features",
4
- "version": "0.3.2",
4
+ "version": "0.3.3",
5
5
  "repository": {
6
6
  "type": "git",
7
7
  "url": "https://github.com/dmno-dev/varlock.git",
@@ -20,7 +20,8 @@
20
20
  ],
21
21
  "scripts": {
22
22
  "dev": "tsup --watch",
23
- "build": "rm -rf dist && tsup"
23
+ "build": "rm -rf dist && tsup",
24
+ "typecheck": "tsc --noEmit"
24
25
  },
25
26
  "keywords": [
26
27
  "varlock",
@@ -42,13 +43,13 @@
42
43
  "node": ">=22"
43
44
  },
44
45
  "peerDependencies": {
45
- "varlock": "^0.7.0",
46
+ "varlock": "^0.7.2",
46
47
  "next": ">=14"
47
48
  },
48
49
  "devDependencies": {
49
50
  "@types/node": "25.3.2",
50
51
  "tsup": "^8.5.1",
51
- "varlock": "^0.7.0",
52
+ "varlock": "^0.7.2",
52
53
  "vitest": "^4.0.18"
53
54
  }
54
55
  }