@vercel/sandbox 2.0.0-beta.11 → 2.0.0-beta.13

package/dist/utils/dev-credentials.js

@@ -1,196 +1,138 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.cachedGenerateCredentials = void 0;
-exports.shouldPromptForCredentials = shouldPromptForCredentials;
-exports.generateCredentials = generateCredentials;
-exports.signInAndGetToken = signInAndGetToken;
-const picocolors_1 = __importDefault(require("picocolors"));
-const ms_1 = __importDefault(require("ms"));
-const Log = __importStar(require("./log"));
+import { code, write } from "./log.js";
+import pico from "picocolors";
+import ms from "ms";
+
+//#region src/utils/dev-credentials.ts
 async function importAuth() {
-    const auth = await Promise.resolve().then(() => __importStar(require("../auth/index")));
-    return auth;
+	return await import("../auth/index.js");
 }
 function shouldPromptForCredentials() {
-    return (process.env.NODE_ENV !== "production" &&
-        !["1", "true"].includes(process.env.CI || "") &&
-        process.stdout.isTTY &&
-        process.stdin.isTTY);
+	return process.env.NODE_ENV !== "production" && !["1", "true"].includes(process.env.CI || "") && process.stdout.isTTY && process.stdin.isTTY;
 }
 /**
- * Returns cached credentials for the given team/project combination.
- *
- * @remarks
- * The cache is keyed by `teamId` and `projectId`. A new credential generation
- * is triggered only when these values change or when a previous attempt failed.
- *
- * **Important:** Successfully resolved credentials are cached indefinitely and
- * will not be refreshed even if the token expires. Cache invalidation only occurs
- * on rejection (error). This is intentional for development use cases where
- * short-lived sessions don't require proactive token refresh.
- */
-exports.cachedGenerateCredentials = (() => {
-    let cache = null;
-    return async (opts) => {
-        if (!cache ||
-            cache[0].teamId !== opts.teamId ||
-            cache[0].projectId !== opts.projectId) {
-            const promise = generateCredentials(opts).catch((err) => {
-                cache = null;
-                throw err;
-            });
-            cache = [opts, promise];
-        }
-        const v = await cache[1];
-        Log.write("warn", `using inferred credentials team=${v.teamId} project=${v.projectId}`);
-        return v;
-    };
+* Returns cached credentials for the given team/project combination.
+*
+* @remarks
+* The cache is keyed by `teamId` and `projectId`. A new credential generation
+* is triggered only when these values change or when a previous attempt failed.
+*
+* **Important:** Successfully resolved credentials are cached indefinitely and
+* will not be refreshed even if the token expires. Cache invalidation only occurs
+* on rejection (error). This is intentional for development use cases where
+* short-lived sessions don't require proactive token refresh.
+*/
+const cachedGenerateCredentials = (() => {
+	let cache = null;
+	return async (opts) => {
+		if (!cache || cache[0].teamId !== opts.teamId || cache[0].projectId !== opts.projectId) cache = [opts, generateCredentials(opts).catch((err) => {
+			cache = null;
+			throw err;
+		})];
+		const v = await cache[1];
+		write("warn", `using inferred credentials team=${v.teamId} project=${v.projectId}`);
+		return v;
+	};
 })();
 /**
- * Generates credentials by authenticating and inferring scope.
- *
- * @internal This is exported for testing purposes. Consider using
- * {@link cachedGenerateCredentials} instead, which caches the result
- * to avoid redundant authentication flows.
- */
+* Generates credentials by authenticating and inferring scope.
+*
+* @internal This is exported for testing purposes. Consider using
+* {@link cachedGenerateCredentials} instead, which caches the result
+* to avoid redundant authentication flows.
+*/
 async function generateCredentials(opts) {
-    const { OAuth, pollForToken, getAuth, updateAuthConfig, inferScope } = await importAuth();
-    let auth = getAuth();
-    if (!auth?.token) {
-        const timeout = process.env.VERCEL_URL
-            ? /* when deployed to vercel we don't want to have a long timeout */ "1 minute"
-            : "5 minutes";
-        auth = await signInAndGetToken({ OAuth, pollForToken, getAuth }, timeout);
-    }
-    if (auth?.refreshToken &&
-        auth.expiresAt &&
-        auth.expiresAt.getTime() <= Date.now()) {
-        const oauth = await OAuth();
-        const newToken = await oauth.refreshToken(auth.refreshToken);
-        auth = {
-            expiresAt: new Date(Date.now() + newToken.expires_in * 1000),
-            token: newToken.access_token,
-            refreshToken: newToken.refresh_token || auth.refreshToken,
-        };
-        updateAuthConfig(auth);
-    }
-    if (!auth?.token) {
-        throw new Error([
-            `Failed to retrieve authentication token.`,
-            `${picocolors_1.default.bold("hint:")} Set VERCEL_OIDC_TOKEN or provide a Vercel API token.`,
-            "├▶ Sandbox docs: https://vercel.com/docs/vercel-sandbox",
-            "╰▶ Access tokens: https://vercel.com/kb/guide/how-do-i-use-a-vercel-api-access-token",
-        ].join("\n"));
-    }
-    if (opts.teamId && opts.projectId) {
-        return {
-            token: auth.token,
-            teamId: opts.teamId,
-            projectId: opts.projectId,
-        };
-    }
-    const scope = await inferScope({ teamId: opts.teamId, token: auth.token });
-    if (scope.created) {
-        Log.write("info", `Created default project "${scope.projectId}" in team "${scope.teamId}".`);
-    }
-    return {
-        token: auth.token,
-        teamId: opts.teamId || scope.teamId,
-        projectId: opts.projectId || scope.projectId,
-    };
+	const { OAuth, pollForToken, getAuth, updateAuthConfig, inferScope } = await importAuth();
+	let auth = getAuth();
+	if (!auth?.token) {
+		const timeout = process.env.VERCEL_URL ? "1 minute" : "5 minutes";
+		auth = await signInAndGetToken({
+			OAuth,
+			pollForToken,
+			getAuth
+		}, timeout);
+	}
+	if (auth?.refreshToken && auth.expiresAt && auth.expiresAt.getTime() <= Date.now()) {
+		const newToken = await (await OAuth()).refreshToken(auth.refreshToken);
+		auth = {
+			expiresAt: new Date(Date.now() + newToken.expires_in * 1e3),
+			token: newToken.access_token,
+			refreshToken: newToken.refresh_token || auth.refreshToken
+		};
+		updateAuthConfig(auth);
+	}
+	if (!auth?.token) throw new Error([
+		`Failed to retrieve authentication token.`,
+		`${pico.bold("hint:")} Set VERCEL_OIDC_TOKEN or provide a Vercel API token.`,
+		"├▶ Sandbox docs: https://vercel.com/docs/vercel-sandbox",
+		"╰▶ Access tokens: https://vercel.com/kb/guide/how-do-i-use-a-vercel-api-access-token"
+	].join("\n"));
+	if (opts.teamId && opts.projectId) return {
+		token: auth.token,
+		teamId: opts.teamId,
+		projectId: opts.projectId
+	};
+	const scope = await inferScope({
+		teamId: opts.teamId,
+		token: auth.token
+	});
+	if (scope.created) write("info", `Created default project "${scope.projectId}" in team "${scope.teamId}".`);
+	return {
+		token: auth.token,
+		teamId: opts.teamId || scope.teamId,
+		projectId: opts.projectId || scope.projectId
+	};
 }
 async function signInAndGetToken(auth, timeout) {
-    Log.write("warn", [
-        `No VERCEL_OIDC_TOKEN environment variable found, initiating device authorization flow...`,
-        `│  ${picocolors_1.default.bold("help:")} this flow only happens on development environment.`,
-        `│  In production, make sure to set up a proper token, or set up Vercel OIDC [https://vercel.com/docs/oidc].`,
-    ]);
-    const oauth = await auth.OAuth();
-    const request = await oauth.deviceAuthorizationRequest();
-    Log.write("info", [
-        `╰▶ To authenticate, visit: ${request.verification_uri_complete}`,
-        `   or visit ${picocolors_1.default.italic(request.verification_uri)} and type ${picocolors_1.default.bold(request.user_code)}`,
-        `   Press ${picocolors_1.default.bold("<return>")} to open in your browser`,
-    ]);
-    let error;
-    const generator = auth.pollForToken({ request, oauth });
-    let done = false;
-    let spawnedTimeout = setTimeout(() => {
-        if (done)
-            return;
-        const message = [
-            `Authentication flow timed out after ${timeout}.`,
-            `│  Make sure to provide a token to avoid prompting an interactive flow.`,
-            `╰▶ ${picocolors_1.default.bold("help:")} Link your project with ${Log.code("npx vercel link")} to refresh OIDC token automatically.`,
-        ].join("\n");
-        error = new Error(message);
-        // Note: generator.return() initiates cooperative cancellation. The generator's
-        // finally block will abort pending setTimeout calls, but any in-flight HTTP
-        // request will complete before the generator terminates. This is acceptable
-        // for this dev-only timeout scenario.
-        generator.return();
-    }, (0, ms_1.default)(timeout));
-    try {
-        for await (const event of generator) {
-            switch (event._tag) {
-                case "SlowDown":
-                case "Timeout":
-                case "Response":
-                    break;
-                case "Error":
-                    error = event.error;
-                    break;
-                default:
-                    throw new Error(`Unknown event type: ${JSON.stringify(event)}`);
-            }
-        }
-    }
-    finally {
-        done = true;
-        clearTimeout(spawnedTimeout);
-    }
-    if (error) {
-        Log.write("error", `${picocolors_1.default.bold("error:")} Authentication failed: ${error.message}`);
-        throw error;
-    }
-    Log.write("success", `${picocolors_1.default.bold("done!")} Authenticated successfully!`);
-    const stored = auth.getAuth();
-    return stored;
+	write("warn", [
+		`No VERCEL_OIDC_TOKEN environment variable found, initiating device authorization flow...`,
+		`│  ${pico.bold("help:")} this flow only happens on development environment.`,
+		`│  In production, make sure to set up a proper token, or set up Vercel OIDC [https://vercel.com/docs/oidc].`
+	]);
+	const oauth = await auth.OAuth();
+	const request = await oauth.deviceAuthorizationRequest();
+	write("info", [
+		`╰▶ To authenticate, visit: ${request.verification_uri_complete}`,
+		`   or visit ${pico.italic(request.verification_uri)} and type ${pico.bold(request.user_code)}`,
+		`   Press ${pico.bold("<return>")} to open in your browser`
+	]);
+	let error;
+	const generator = auth.pollForToken({
+		request,
+		oauth
+	});
+	let done = false;
+	let spawnedTimeout = setTimeout(() => {
+		if (done) return;
+		const message = [
+			`Authentication flow timed out after ${timeout}.`,
+			`│  Make sure to provide a token to avoid prompting an interactive flow.`,
+			`╰▶ ${pico.bold("help:")} Link your project with ${code("npx vercel link")} to refresh OIDC token automatically.`
+		].join("\n");
+		error = new Error(message);
+		generator.return();
+	}, ms(timeout));
+	try {
+		for await (const event of generator) switch (event._tag) {
+			case "SlowDown":
+			case "Timeout":
+			case "Response": break;
+			case "Error":
+				error = event.error;
+				break;
+			default: throw new Error(`Unknown event type: ${JSON.stringify(event)}`);
+		}
+	} finally {
+		done = true;
+		clearTimeout(spawnedTimeout);
+	}
+	if (error) {
+		write("error", `${pico.bold("error:")} Authentication failed: ${error.message}`);
+		throw error;
+	}
+	write("success", `${pico.bold("done!")} Authenticated successfully!`);
+	return auth.getAuth();
 }
+
+//#endregion
+export { cachedGenerateCredentials, shouldPromptForCredentials };
 //# sourceMappingURL=dev-credentials.js.map

package/dist/utils/dev-credentials.js.map

@@ -1 +1 @@
-{"version":3,"file":"dev-credentials.js","sourceRoot":"","sources":["../../src/utils/dev-credentials.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUA,gEAOC;AA8CD,kDA6DC;AAED,8CAqEC;AAnMD,4DAA8B;AAE9B,4CAAoB;AACpB,2CAA6B;AAE7B,KAAK,UAAU,UAAU;IACvB,MAAM,IAAI,GAAG,wDAAa,eAAe,GAAC,CAAC;IAC3C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,0BAA0B;IACxC,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;QACrC,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK;QACpB,OAAO,CAAC,KAAK,CAAC,KAAK,CACpB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACU,QAAA,yBAAyB,GAAG,CAAC,GAAG,EAAE;IAC7C,IAAI,KAAK,GAEE,IAAI,CAAC;IAChB,OAAO,KAAK,EAAE,IAA6C,EAAE,EAAE;QAC7D,IACE,CAAC,KAAK;YACN,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM;YAC/B,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,EACrC,CAAC;YACD,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACtD,KAAK,GAAG,IAAI,CAAC;gBACb,MAAM,GAAG,CAAC;YACZ,CAAC,CAAC,CAAC;YACH,KAAK,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC1B,CAAC;QACD,MAAM,CAAC,GAAG,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,GAAG,CAAC,KAAK,CACP,MAAM,EACN,mCAAmC,CAAC,CAAC,MAAM,YAAY,CAAC,CAAC,SAAS,EAAE,CACrE,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC,CAAC;AACJ,CAAC,CAAC,EAAE,CAAC;AAEL;;;;;;GAMG;AACI,KAAK,UAAU,mBAAmB,CAAC,IAGzC;IACC,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,GAClE,MAAM,UAAU,EAAE,CAAC;IACrB,IAAI,IAAI,GAAG,OAAO,EAAE,CAAC;IACrB,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;QACjB,MAAM,OAAO,GAAmB,OAAO,CAAC,GAAG,CAAC,UAAU;YACpD,CAAC,CAAC,kEAAkE,CAAC,UAAU;YAC/E,CAAC,CAAC,WAAW,CAAC;QAChB,IAAI,GAAG,MAAM,iBAAiB,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;IAC5E,CAAC;IACD,IACE,IAAI,EAAE,YAAY;QAClB,IAAI,CAAC,SAAS;QACd,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,EACtC,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,KAAK,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC7D,IAAI,GAAG;YACL,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC;YAC5D,KAAK,EAAE,QAAQ,CAAC,YAAY;YAC5B,YAAY,EAAE,QAAQ,CAAC,aAAa,IAAI,IAAI,CAAC,YAAY;SAC1D,CAAC;QACF,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC;IAED,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb;YACE,0CAA0C;YAC1C,GAAG,oBAAI,CAAC,IAAI,CAAC,OAAO,CAAC,uDAAuD;YAC5E,yDAAyD;YACzD,sFAAsF;SACvF,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QAClC,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAE3E,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,GAAG,CAAC,KAAK,CACP,MAAM,EACN,4BAA4B,KAAK,CAAC,SAAS,cAAc,KAAK,CAAC,MAAM,IAAI,CAC1E,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM;QACnC,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS;KAC7C,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,IAGC,EACD,OAAuB;IAEvB,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE;QAChB,0FAA0F;QAC1F,MAAM,oBAAI,CAAC,IAAI,CAAC,OAAO,CAAC,qDAAqD;QAC7E,6GAA6G;KAC9G,CAAC,CAAC;IACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,0BAA0B,EAAE,CAAC;IACzD,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE;QAChB,8BAA8B,OAAO,CAAC,yBAAyB,EAAE;QACjE,eAAe,oBAAI,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,aAAa,oBAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;QAC/F,YAAY,oBAAI,CAAC,IAAI,CAAC,UAAU,CAAC,0BAA0B;KAC5D,CAAC,CAAC;IAEH,IAAI,KAAwB,CAAC;IAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,cAAc,GAAG,UAAU,CAAC,GAAG,EAAE;QACnC,IAAI,IAAI;YAAE,OAAO;QACjB,MAAM,OAAO,GAAG;YACd,uCAAuC,OAAO,GAAG;YACjD,yEAAyE;YACzE,MAAM,oBAAI,CAAC,IAAI,CAAC,OAAO,CAAC,2BAA2B,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,uCAAuC;SACtH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;QAC3B,+EAA+E;QAC/E,4EAA4E;QAC5E,4EAA4E;QAC5E,sCAAsC;QACtC,SAAS,CAAC,MAAM,EAAE,CAAC;IACrB,CAAC,EAAE,IAAA,YAAE,EAAC,OAAO,CAAC,CAAC,CAAC;IAChB,IAAI,CAAC;QACH,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;YACpC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;gBACnB,KAAK,UAAU,CAAC;gBAChB,KAAK,SAAS,CAAC;gBACf,KAAK,UAAU;oBACb,MAAM;gBACR,KAAK,OAAO;oBACV,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;oBACpB,MAAM;gBACR;oBACE,MAAM,IAAI,KAAK,CACb,uBAAuB,IAAI,CAAC,SAAS,CAAC,KAAqB,CAAC,EAAE,CAC/D,CAAC;YACN,CAAC;QACH,CAAC;IACH,CAAC;YAAS,CAAC;QACT,IAAI,GAAG,IAAI,CAAC;QACZ,YAAY,CAAC,cAAc,CAAC,CAAC;IAC/B,CAAC;IAED,IAAI,KAAK,EAAE,CAAC;QACV,GAAG,CAAC,KAAK,CACP,OAAO,EACP,GAAG,oBAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,2BAA2B,KAAK,CAAC,OAAO,EAAE,CACjE,CAAC;QACF,MAAM,KAAK,CAAC;IACd,CAAC;IAED,GAAG,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,oBAAI,CAAC,IAAI,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;IAC1E,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAC9B,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"dev-credentials.js","names":["cache:\n    | [{ teamId?: string; projectId?: string }, Promise<Credentials>]\n    | null","timeout: ms.StringValue","error: Error | undefined","Log.code"],"sources":["../../src/utils/dev-credentials.ts"],"sourcesContent":["import pico from \"picocolors\";\nimport type { Credentials } from \"./get-credentials.js\";\nimport ms from \"ms\";\nimport * as Log from \"./log.js\";\n\nasync function importAuth() {\n  const auth = await import(\"../auth/index.js\");\n  return auth;\n}\n\nexport function shouldPromptForCredentials(): boolean {\n  return (\n    process.env.NODE_ENV !== \"production\" &&\n    ![\"1\", \"true\"].includes(process.env.CI || \"\") &&\n    process.stdout.isTTY &&\n    process.stdin.isTTY\n  );\n}\n\n/**\n * Returns cached credentials for the given team/project combination.\n *\n * @remarks\n * The cache is keyed by `teamId` and `projectId`. A new credential generation\n * is triggered only when these values change or when a previous attempt failed.\n *\n * **Important:** Successfully resolved credentials are cached indefinitely and\n * will not be refreshed even if the token expires. Cache invalidation only occurs\n * on rejection (error). This is intentional for development use cases where\n * short-lived sessions don't require proactive token refresh.\n */\nexport const cachedGenerateCredentials = (() => {\n  let cache:\n    | [{ teamId?: string; projectId?: string }, Promise<Credentials>]\n    | null = null;\n  return async (opts: { projectId?: string; teamId?: string }) => {\n    if (\n      !cache ||\n      cache[0].teamId !== opts.teamId ||\n      cache[0].projectId !== opts.projectId\n    ) {\n      const promise = generateCredentials(opts).catch((err) => {\n        cache = null;\n        throw err;\n      });\n      cache = [opts, promise];\n    }\n    const v = await cache[1];\n    Log.write(\n      \"warn\",\n      `using inferred credentials team=${v.teamId} project=${v.projectId}`,\n    );\n    return v;\n  };\n})();\n\n/**\n * Generates credentials by authenticating and inferring scope.\n *\n * @internal This is exported for testing purposes. Consider using\n * {@link cachedGenerateCredentials} instead, which caches the result\n * to avoid redundant authentication flows.\n */\nexport async function generateCredentials(opts: {\n  teamId?: string;\n  projectId?: string;\n}): Promise<Credentials> {\n  const { OAuth, pollForToken, getAuth, updateAuthConfig, inferScope } =\n    await importAuth();\n  let auth = getAuth();\n  if (!auth?.token) {\n    const timeout: ms.StringValue = process.env.VERCEL_URL\n      ? /* when deployed to vercel we don't want to have a long timeout */ \"1 minute\"\n      : \"5 minutes\";\n    auth = await signInAndGetToken({ OAuth, pollForToken, getAuth }, timeout);\n  }\n  if (\n    auth?.refreshToken &&\n    auth.expiresAt &&\n    auth.expiresAt.getTime() <= Date.now()\n  ) {\n    const oauth = await OAuth();\n    const newToken = await oauth.refreshToken(auth.refreshToken);\n    auth = {\n      expiresAt: new Date(Date.now() + newToken.expires_in * 1000),\n      token: newToken.access_token,\n      refreshToken: newToken.refresh_token || auth.refreshToken,\n    };\n    updateAuthConfig(auth);\n  }\n\n  if (!auth?.token) {\n    throw new Error(\n      [\n        `Failed to retrieve authentication token.`,\n        `${pico.bold(\"hint:\")} Set VERCEL_OIDC_TOKEN or provide a Vercel API token.`,\n        \"├▶ Sandbox docs: https://vercel.com/docs/vercel-sandbox\",\n        \"╰▶ Access tokens: https://vercel.com/kb/guide/how-do-i-use-a-vercel-api-access-token\",\n      ].join(\"\\n\"),\n    );\n  }\n\n  if (opts.teamId && opts.projectId) {\n    return {\n      token: auth.token,\n      teamId: opts.teamId,\n      projectId: opts.projectId,\n    };\n  }\n\n  const scope = await inferScope({ teamId: opts.teamId, token: auth.token });\n\n  if (scope.created) {\n    Log.write(\n      \"info\",\n      `Created default project \"${scope.projectId}\" in team \"${scope.teamId}\".`,\n    );\n  }\n\n  return {\n    token: auth.token,\n    teamId: opts.teamId || scope.teamId,\n    projectId: opts.projectId || scope.projectId,\n  };\n}\n\nexport async function signInAndGetToken(\n  auth: Pick<\n    Awaited<ReturnType<typeof importAuth>>,\n    \"OAuth\" | \"getAuth\" | \"pollForToken\"\n  >,\n  timeout: ms.StringValue,\n) {\n  Log.write(\"warn\", [\n    `No VERCEL_OIDC_TOKEN environment variable found, initiating device authorization flow...`,\n    `│  ${pico.bold(\"help:\")} this flow only happens on development environment.`,\n    `│  In production, make sure to set up a proper token, or set up Vercel OIDC [https://vercel.com/docs/oidc].`,\n  ]);\n  const oauth = await auth.OAuth();\n  const request = await oauth.deviceAuthorizationRequest();\n  Log.write(\"info\", [\n    `╰▶ To authenticate, visit: ${request.verification_uri_complete}`,\n    `   or visit ${pico.italic(request.verification_uri)} and type ${pico.bold(request.user_code)}`,\n    `   Press ${pico.bold(\"<return>\")} to open in your browser`,\n  ]);\n\n  let error: Error | undefined;\n  const generator = auth.pollForToken({ request, oauth });\n  let done = false;\n  let spawnedTimeout = setTimeout(() => {\n    if (done) return;\n    const message = [\n      `Authentication flow timed out after ${timeout}.`,\n      `│  Make sure to provide a token to avoid prompting an interactive flow.`,\n      `╰▶ ${pico.bold(\"help:\")} Link your project with ${Log.code(\"npx vercel link\")} to refresh OIDC token automatically.`,\n    ].join(\"\\n\");\n    error = new Error(message);\n    // Note: generator.return() initiates cooperative cancellation. The generator's\n    // finally block will abort pending setTimeout calls, but any in-flight HTTP\n    // request will complete before the generator terminates. This is acceptable\n    // for this dev-only timeout scenario.\n    generator.return();\n  }, ms(timeout));\n  try {\n    for await (const event of generator) {\n      switch (event._tag) {\n        case \"SlowDown\":\n        case \"Timeout\":\n        case \"Response\":\n          break;\n        case \"Error\":\n          error = event.error;\n          break;\n        default:\n          throw new Error(\n            `Unknown event type: ${JSON.stringify(event satisfies never)}`,\n          );\n      }\n    }\n  } finally {\n    done = true;\n    clearTimeout(spawnedTimeout);\n  }\n\n  if (error) {\n    Log.write(\n      \"error\",\n      `${pico.bold(\"error:\")} Authentication failed: ${error.message}`,\n    );\n    throw error;\n  }\n\n  Log.write(\"success\", `${pico.bold(\"done!\")} Authenticated successfully!`);\n  const stored = auth.getAuth();\n  return stored;\n}\n"],"mappings":";;;;;AAKA,eAAe,aAAa;AAE1B,QADa,MAAM,OAAO;;AAI5B,SAAgB,6BAAsC;AACpD,QACE,QAAQ,IAAI,aAAa,gBACzB,CAAC,CAAC,KAAK,OAAO,CAAC,SAAS,QAAQ,IAAI,MAAM,GAAG,IAC7C,QAAQ,OAAO,SACf,QAAQ,MAAM;;;;;;;;;;;;;;AAgBlB,MAAa,mCAAmC;CAC9C,IAAIA,QAEO;AACX,QAAO,OAAO,SAAkD;AAC9D,MACE,CAAC,SACD,MAAM,GAAG,WAAW,KAAK,UACzB,MAAM,GAAG,cAAc,KAAK,UAM5B,SAAQ,CAAC,MAJO,oBAAoB,KAAK,CAAC,OAAO,QAAQ;AACvD,WAAQ;AACR,SAAM;IACN,CACqB;EAEzB,MAAM,IAAI,MAAM,MAAM;AACtB,QACE,QACA,mCAAmC,EAAE,OAAO,WAAW,EAAE,YAC1D;AACD,SAAO;;IAEP;;;;;;;;AASJ,eAAsB,oBAAoB,MAGjB;CACvB,MAAM,EAAE,OAAO,cAAc,SAAS,kBAAkB,eACtD,MAAM,YAAY;CACpB,IAAI,OAAO,SAAS;AACpB,KAAI,CAAC,MAAM,OAAO;EAChB,MAAMC,UAA0B,QAAQ,IAAI,aAC2B,aACnE;AACJ,SAAO,MAAM,kBAAkB;GAAE;GAAO;GAAc;GAAS,EAAE,QAAQ;;AAE3E,KACE,MAAM,gBACN,KAAK,aACL,KAAK,UAAU,SAAS,IAAI,KAAK,KAAK,EACtC;EAEA,MAAM,WAAW,OADH,MAAM,OAAO,EACE,aAAa,KAAK,aAAa;AAC5D,SAAO;GACL,WAAW,IAAI,KAAK,KAAK,KAAK,GAAG,SAAS,aAAa,IAAK;GAC5D,OAAO,SAAS;GAChB,cAAc,SAAS,iBAAiB,KAAK;GAC9C;AACD,mBAAiB,KAAK;;AAGxB,KAAI,CAAC,MAAM,MACT,OAAM,IAAI,MACR;EACE;EACA,GAAG,KAAK,KAAK,QAAQ,CAAC;EACtB;EACA;EACD,CAAC,KAAK,KAAK,CACb;AAGH,KAAI,KAAK,UAAU,KAAK,UACtB,QAAO;EACL,OAAO,KAAK;EACZ,QAAQ,KAAK;EACb,WAAW,KAAK;EACjB;CAGH,MAAM,QAAQ,MAAM,WAAW;EAAE,QAAQ,KAAK;EAAQ,OAAO,KAAK;EAAO,CAAC;AAE1E,KAAI,MAAM,QACR,OACE,QACA,4BAA4B,MAAM,UAAU,aAAa,MAAM,OAAO,IACvE;AAGH,QAAO;EACL,OAAO,KAAK;EACZ,QAAQ,KAAK,UAAU,MAAM;EAC7B,WAAW,KAAK,aAAa,MAAM;EACpC;;AAGH,eAAsB,kBACpB,MAIA,SACA;AACA,OAAU,QAAQ;EAChB;EACA,MAAM,KAAK,KAAK,QAAQ,CAAC;EACzB;EACD,CAAC;CACF,MAAM,QAAQ,MAAM,KAAK,OAAO;CAChC,MAAM,UAAU,MAAM,MAAM,4BAA4B;AACxD,OAAU,QAAQ;EAChB,8BAA8B,QAAQ;EACtC,eAAe,KAAK,OAAO,QAAQ,iBAAiB,CAAC,YAAY,KAAK,KAAK,QAAQ,UAAU;EAC7F,YAAY,KAAK,KAAK,WAAW,CAAC;EACnC,CAAC;CAEF,IAAIC;CACJ,MAAM,YAAY,KAAK,aAAa;EAAE;EAAS;EAAO,CAAC;CACvD,IAAI,OAAO;CACX,IAAI,iBAAiB,iBAAiB;AACpC,MAAI,KAAM;EACV,MAAM,UAAU;GACd,uCAAuC,QAAQ;GAC/C;GACA,MAAM,KAAK,KAAK,QAAQ,CAAC,0BAA0BC,KAAS,kBAAkB,CAAC;GAChF,CAAC,KAAK,KAAK;AACZ,UAAQ,IAAI,MAAM,QAAQ;AAK1B,YAAU,QAAQ;IACjB,GAAG,QAAQ,CAAC;AACf,KAAI;AACF,aAAW,MAAM,SAAS,UACxB,SAAQ,MAAM,MAAd;GACE,KAAK;GACL,KAAK;GACL,KAAK,WACH;GACF,KAAK;AACH,YAAQ,MAAM;AACd;GACF,QACE,OAAM,IAAI,MACR,uBAAuB,KAAK,UAAU,MAAsB,GAC7D;;WAGC;AACR,SAAO;AACP,eAAa,eAAe;;AAG9B,KAAI,OAAO;AACT,QACE,SACA,GAAG,KAAK,KAAK,SAAS,CAAC,0BAA0B,MAAM,UACxD;AACD,QAAM;;AAGR,OAAU,WAAW,GAAG,KAAK,KAAK,QAAQ,CAAC,8BAA8B;AAEzE,QADe,KAAK,SAAS"}

package/dist/utils/get-credentials.cjs

@@ -0,0 +1,123 @@
+const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
+const require_decode_base64_url = require('./decode-base64-url.cjs');
+const require_dev_credentials = require('./dev-credentials.cjs');
+let zod = require("zod");
+let __vercel_oidc = require("@vercel/oidc");
+
+//#region src/utils/get-credentials.ts
+/**
+* Error thrown when OIDC context is not available in local development,
+* therefore we should guide how to ensure it is set up by linking a project
+*/
+var LocalOidcContextError = class extends Error {
+	constructor(cause) {
+		const message = [
+			"Could not get credentials from OIDC context.",
+			"Please link your Vercel project using `npx vercel link`.",
+			"Then, pull an initial OIDC token with `npx vercel env pull`",
+			"and retry.",
+			"╰▶ Make sure you are loading `.env.local` correctly, or passing $VERCEL_OIDC_TOKEN directly."
+		].join("\n");
+		super(message, { cause });
+		this.name = "LocalOidcContextError";
+	}
+};
+/**
+* Error thrown when OIDC context is not available in Vercel environment,
+* therefore we should guide how to set it up.
+*/
+var VercelOidcContextError = class extends Error {
+	constructor(cause) {
+		const message = [
+			"Could not get credentials from OIDC context.",
+			"Please make sure OIDC is set up for your project",
+			"╰▶ Docs: https://vercel.com/docs/oidc"
+		].join("\n");
+		super(message, { cause });
+		this.name = "VercelOidcContextError";
+	}
+};
+async function getVercelToken(opts) {
+	try {
+		return getCredentialsFromOIDCToken(await (0, __vercel_oidc.getVercelOidcToken)({
+			team: opts.teamId,
+			project: opts.projectId
+		}));
+	} catch (error) {
+		if (!require_dev_credentials.shouldPromptForCredentials()) if (process.env.VERCEL_URL) throw new VercelOidcContextError(error);
+		else throw new LocalOidcContextError(error);
+		return await require_dev_credentials.cachedGenerateCredentials(opts);
+	}
+}
+/**
+* Allow to get credentials to access the Vercel API. Credentials can be
+* provided in two different ways:
+*
+* 1. By passing an object with the `teamId`, `token`, and `projectId` properties.
+* 2. By using an environment variable VERCEL_OIDC_TOKEN.
+*
+* If both methods are used, the object properties take precedence over the
+* environment variable. If neither method is used, an error is thrown.
+*/
+async function getCredentials(params) {
+	const credentials = getCredentialsFromParams(params ?? {});
+	if (credentials) return credentials;
+	return await getVercelToken({
+		teamId: params && typeof params === "object" && "teamId" in params && typeof params.teamId === "string" ? params.teamId : void 0,
+		projectId: params && typeof params === "object" && "projectId" in params && typeof params.projectId === "string" ? params.projectId : void 0
+	});
+}
+/**
+* Attempt to extract credentials from the provided parameters. Either all
+* required fields (`token`, `teamId`, and `projectId`) must be present
+* or none of them, otherwise an error is thrown.
+*/
+function getCredentialsFromParams(params) {
+	if (!params || typeof params !== "object") return null;
+	const missing = [
+		"token" in params && typeof params.token === "string" ? null : "token",
+		"teamId" in params && typeof params.teamId === "string" ? null : "teamId",
+		"projectId" in params && typeof params.projectId === "string" ? null : "projectId"
+	].filter((value) => value !== null);
+	if (missing.length === 0) return {
+		token: params.token,
+		projectId: params.projectId,
+		teamId: params.teamId
+	};
+	if (missing.length < 3) throw new Error(`Missing credentials parameters to access the Vercel API: ${missing.filter((value) => value !== null).join(", ")}`);
+	return null;
+}
+/**
+* Schema to validate the payload of the Vercel OIDC token where we expect
+* to find the `teamId` and `projectId`.
+*/
+const schema = zod.z.object({
+	exp: zod.z.number().optional().describe("Expiry timestamp (seconds since epoch)"),
+	iat: zod.z.number().optional().describe("Issued at timestamp"),
+	owner_id: zod.z.string(),
+	project_id: zod.z.string()
+});
+/**
+* Extracts credentials from a Vercel OIDC token. The token is expected to be
+* a JWT with a payload that contains `project_id` and `owner_id`.
+*
+* @param token - The Vercel OIDC token.
+* @returns An object containing the token, projectId, and teamId.
+* @throws If the token is invalid or does not contain the required fields.
+*/
+function getCredentialsFromOIDCToken(token) {
+	try {
+		const payload = schema.parse(require_decode_base64_url.decodeBase64Url(token.split(".")[1]));
+		return {
+			token,
+			projectId: payload.project_id,
+			teamId: payload.owner_id
+		};
+	} catch (error) {
+		throw new Error(`Invalid Vercel OIDC token: ${error instanceof Error ? error.message : String(error)}`);
+	}
+}
+
+//#endregion
+exports.getCredentials = getCredentials;
+//# sourceMappingURL=get-credentials.cjs.map

package/dist/utils/get-credentials.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-credentials.cjs","names":["shouldPromptForCredentials","cachedGenerateCredentials","z","decodeBase64Url"],"sources":["../../src/utils/get-credentials.ts"],"sourcesContent":["import { getVercelOidcToken } from \"@vercel/oidc\";\nimport { decodeBase64Url } from \"./decode-base64-url.js\";\nimport { z } from \"zod\";\nimport {\n  cachedGenerateCredentials,\n  shouldPromptForCredentials,\n} from \"./dev-credentials.js\";\n\nexport interface Credentials {\n  /**\n   * Authentication token for the Vercel API. It could be an OIDC token\n   * or a personal access token.\n   */\n  token: string;\n  /**\n   * The ID of the project to associate Sandbox operations.\n   */\n  projectId: string;\n  /**\n   * The ID of the team to associate Sandbox operations.\n   */\n  teamId: string;\n}\n\n/**\n * Error thrown when OIDC context is not available in local development,\n * therefore we should guide how to ensure it is set up by linking a project\n */\nexport class LocalOidcContextError extends Error {\n  name = \"LocalOidcContextError\";\n  constructor(cause: unknown) {\n    const message = [\n      \"Could not get credentials from OIDC context.\",\n      \"Please link your Vercel project using `npx vercel link`.\",\n      \"Then, pull an initial OIDC token with `npx vercel env pull`\",\n      \"and retry.\",\n      \"╰▶ Make sure you are loading `.env.local` correctly, or passing $VERCEL_OIDC_TOKEN directly.\",\n    ].join(\"\\n\");\n    super(message, { cause });\n  }\n}\n\n/**\n * Error thrown when OIDC context is not available in Vercel environment,\n * therefore we should guide how to set it up.\n */\nexport class VercelOidcContextError extends Error {\n  name = \"VercelOidcContextError\";\n  constructor(cause: unknown) {\n    const message = [\n      \"Could not get credentials from OIDC context.\",\n      \"Please make sure OIDC is set up for your project\",\n      \"╰▶ Docs: https://vercel.com/docs/oidc\",\n    ].join(\"\\n\");\n    super(message, { cause });\n  }\n}\n\nasync function getVercelToken(opts: {\n  teamId?: string;\n  projectId?: string;\n}): Promise<Credentials> {\n  try {\n    const token = await getVercelOidcToken({\n      team: opts.teamId,\n      project: opts.projectId,\n    });\n    return getCredentialsFromOIDCToken(token);\n  } catch (error) {\n    if (!shouldPromptForCredentials()) {\n      if (process.env.VERCEL_URL) {\n        throw new VercelOidcContextError(error);\n      } else {\n        throw new LocalOidcContextError(error);\n      }\n    }\n    return await cachedGenerateCredentials(opts);\n  }\n}\n\n/**\n * Allow to get credentials to access the Vercel API. Credentials can be\n * provided in two different ways:\n *\n * 1. By passing an object with the `teamId`, `token`, and `projectId` properties.\n * 2. By using an environment variable VERCEL_OIDC_TOKEN.\n *\n * If both methods are used, the object properties take precedence over the\n * environment variable. If neither method is used, an error is thrown.\n */\nexport async function getCredentials(params?: unknown): Promise<Credentials> {\n  const credentials = getCredentialsFromParams(params ?? {});\n  if (credentials) {\n    return credentials;\n  }\n\n  const oidcToken = await getVercelToken({\n    teamId:\n      params &&\n      typeof params === \"object\" &&\n      \"teamId\" in params &&\n      typeof params.teamId === \"string\"\n        ? params.teamId\n        : undefined,\n    projectId:\n      params &&\n      typeof params === \"object\" &&\n      \"projectId\" in params &&\n      typeof params.projectId === \"string\"\n        ? params.projectId\n        : undefined,\n  });\n\n  return oidcToken;\n}\n\n/**\n * Attempt to extract credentials from the provided parameters. Either all\n * required fields (`token`, `teamId`, and `projectId`) must be present\n * or none of them, otherwise an error is thrown.\n */\nfunction getCredentialsFromParams(params: unknown): Credentials | null {\n  // Type guard: params must be an object\n  if (!params || typeof params !== \"object\") {\n    return null;\n  }\n\n  const missing = [\n    \"token\" in params && typeof params.token === \"string\" ? null : \"token\",\n    \"teamId\" in params && typeof params.teamId === \"string\" ? null : \"teamId\",\n    \"projectId\" in params && typeof params.projectId === \"string\"\n      ? null\n      : \"projectId\",\n  ].filter((value) => value !== null);\n\n  if (missing.length === 0) {\n    return {\n      token: (params as any).token,\n      projectId: (params as any).projectId,\n      teamId: (params as any).teamId,\n    };\n  }\n\n  if (missing.length < 3) {\n    throw new Error(\n      `Missing credentials parameters to access the Vercel API: ${missing\n        .filter((value) => value !== null)\n        .join(\", \")}`,\n    );\n  }\n\n  return null;\n}\n\n/**\n * Schema to validate the payload of the Vercel OIDC token where we expect\n * to find the `teamId` and `projectId`.\n */\nexport const schema = z.object({\n  exp: z.number().optional().describe(\"Expiry timestamp (seconds since epoch)\"),\n  iat: z.number().optional().describe(\"Issued at timestamp\"),\n  owner_id: z.string(),\n  project_id: z.string(),\n});\n\n/**\n * Extracts credentials from a Vercel OIDC token. The token is expected to be\n * a JWT with a payload that contains `project_id` and `owner_id`.\n *\n * @param token - The Vercel OIDC token.\n * @returns An object containing the token, projectId, and teamId.\n * @throws If the token is invalid or does not contain the required fields.\n */\nfunction getCredentialsFromOIDCToken(token: string): Credentials {\n  try {\n    const payload = schema.parse(decodeBase64Url(token.split(\".\")[1]));\n    return {\n      token,\n      projectId: payload.project_id,\n      teamId: payload.owner_id,\n    };\n  } catch (error) {\n    throw new Error(\n      `Invalid Vercel OIDC token: ${error instanceof Error ? error.message : String(error)}`,\n    );\n  }\n}\n"],"mappings":";;;;;;;;;;;AA4BA,IAAa,wBAAb,cAA2C,MAAM;CAE/C,YAAY,OAAgB;EAC1B,MAAM,UAAU;GACd;GACA;GACA;GACA;GACA;GACD,CAAC,KAAK,KAAK;AACZ,QAAM,SAAS,EAAE,OAAO,CAAC;OAT3B,OAAO;;;;;;;AAiBT,IAAa,yBAAb,cAA4C,MAAM;CAEhD,YAAY,OAAgB;EAC1B,MAAM,UAAU;GACd;GACA;GACA;GACD,CAAC,KAAK,KAAK;AACZ,QAAM,SAAS,EAAE,OAAO,CAAC;OAP3B,OAAO;;;AAWT,eAAe,eAAe,MAGL;AACvB,KAAI;AAKF,SAAO,4BAJO,4CAAyB;GACrC,MAAM,KAAK;GACX,SAAS,KAAK;GACf,CAAC,CACuC;UAClC,OAAO;AACd,MAAI,CAACA,oDAA4B,CAC/B,KAAI,QAAQ,IAAI,WACd,OAAM,IAAI,uBAAuB,MAAM;MAEvC,OAAM,IAAI,sBAAsB,MAAM;AAG1C,SAAO,MAAMC,kDAA0B,KAAK;;;;;;;;;;;;;AAchD,eAAsB,eAAe,QAAwC;CAC3E,MAAM,cAAc,yBAAyB,UAAU,EAAE,CAAC;AAC1D,KAAI,YACF,QAAO;AAoBT,QAjBkB,MAAM,eAAe;EACrC,QACE,UACA,OAAO,WAAW,YAClB,YAAY,UACZ,OAAO,OAAO,WAAW,WACrB,OAAO,SACP;EACN,WACE,UACA,OAAO,WAAW,YAClB,eAAe,UACf,OAAO,OAAO,cAAc,WACxB,OAAO,YACP;EACP,CAAC;;;;;;;AAUJ,SAAS,yBAAyB,QAAqC;AAErE,KAAI,CAAC,UAAU,OAAO,WAAW,SAC/B,QAAO;CAGT,MAAM,UAAU;EACd,WAAW,UAAU,OAAO,OAAO,UAAU,WAAW,OAAO;EAC/D,YAAY,UAAU,OAAO,OAAO,WAAW,WAAW,OAAO;EACjE,eAAe,UAAU,OAAO,OAAO,cAAc,WACjD,OACA;EACL,CAAC,QAAQ,UAAU,UAAU,KAAK;AAEnC,KAAI,QAAQ,WAAW,EACrB,QAAO;EACL,OAAQ,OAAe;EACvB,WAAY,OAAe;EAC3B,QAAS,OAAe;EACzB;AAGH,KAAI,QAAQ,SAAS,EACnB,OAAM,IAAI,MACR,4DAA4D,QACzD,QAAQ,UAAU,UAAU,KAAK,CACjC,KAAK,KAAK,GACd;AAGH,QAAO;;;;;;AAOT,MAAa,SAASC,MAAE,OAAO;CAC7B,KAAKA,MAAE,QAAQ,CAAC,UAAU,CAAC,SAAS,yCAAyC;CAC7E,KAAKA,MAAE,QAAQ,CAAC,UAAU,CAAC,SAAS,sBAAsB;CAC1D,UAAUA,MAAE,QAAQ;CACpB,YAAYA,MAAE,QAAQ;CACvB,CAAC;;;;;;;;;AAUF,SAAS,4BAA4B,OAA4B;AAC/D,KAAI;EACF,MAAM,UAAU,OAAO,MAAMC,0CAAgB,MAAM,MAAM,IAAI,CAAC,GAAG,CAAC;AAClE,SAAO;GACL;GACA,WAAW,QAAQ;GACnB,QAAQ,QAAQ;GACjB;UACM,OAAO;AACd,QAAM,IAAI,MACR,8BAA8B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,GACrF"}

package/dist/utils/get-credentials.d.cts

@@ -0,0 +1,21 @@
+import { z } from "zod";
+
+//#region src/utils/get-credentials.d.ts
+interface Credentials {
+  /**
+   * Authentication token for the Vercel API. It could be an OIDC token
+   * or a personal access token.
+   */
+  token: string;
+  /**
+   * The ID of the project to associate Sandbox operations.
+   */
+  projectId: string;
+  /**
+   * The ID of the team to associate Sandbox operations.
+   */
+  teamId: string;
+}
+//#endregion
+export { Credentials };
+//# sourceMappingURL=get-credentials.d.cts.map

package/dist/utils/get-credentials.d.ts

@@ -1,63 +1,21 @@
 import { z } from "zod";
-export interface Credentials {
-    /**
-     * Authentication token for the Vercel API. It could be an OIDC token
-     * or a personal access token.
-     */
-    token: string;
-    /**
-     * The ID of the project to associate Sandbox operations.
-     */
-    projectId: string;
-    /**
-     * The ID of the team to associate Sandbox operations.
-     */
-    teamId: string;
+
+//#region src/utils/get-credentials.d.ts
+interface Credentials {
+  /**
+   * Authentication token for the Vercel API. It could be an OIDC token
+   * or a personal access token.
+   */
+  token: string;
+  /**
+   * The ID of the project to associate Sandbox operations.
+   */
+  projectId: string;
+  /**
+   * The ID of the team to associate Sandbox operations.
+   */
+  teamId: string;
 }
-/**
- * Error thrown when OIDC context is not available in local development,
- * therefore we should guide how to ensure it is set up by linking a project
- */
-export declare class LocalOidcContextError extends Error {
-    name: string;
-    constructor(cause: unknown);
-}
-/**
- * Error thrown when OIDC context is not available in Vercel environment,
- * therefore we should guide how to set it up.
- */
-export declare class VercelOidcContextError extends Error {
-    name: string;
-    constructor(cause: unknown);
-}
-/**
- * Allow to get credentials to access the Vercel API. Credentials can be
- * provided in two different ways:
- *
- * 1. By passing an object with the `teamId`, `token`, and `projectId` properties.
- * 2. By using an environment variable VERCEL_OIDC_TOKEN.
- *
- * If both methods are used, the object properties take precedence over the
- * environment variable. If neither method is used, an error is thrown.
- */
-export declare function getCredentials(params?: unknown): Promise<Credentials>;
-/**
- * Schema to validate the payload of the Vercel OIDC token where we expect
- * to find the `teamId` and `projectId`.
- */
-export declare const schema: z.ZodObject<{
-    exp: z.ZodOptional<z.ZodNumber>;
-    iat: z.ZodOptional<z.ZodNumber>;
-    owner_id: z.ZodString;
-    project_id: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-    owner_id: string;
-    project_id: string;
-    exp?: number | undefined;
-    iat?: number | undefined;
-}, {
-    owner_id: string;
-    project_id: string;
-    exp?: number | undefined;
-    iat?: number | undefined;
-}>;
+//#endregion
+export { Credentials };
+//# sourceMappingURL=get-credentials.d.ts.map