@vibe-lark/larkpal 0.1.88 → 0.1.90

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (115) hide show
  1. package/dist/{account-id-BM1T6029-BzQ_cMoi.mjs → account-id-BM1T6029-BvcZ99G0.mjs} +1 -1
  2. package/dist/{activation-context--5yu1dPF-XV0Y0pTy.mjs → activation-context--5yu1dPF-DHM2x52-.mjs} +1 -1
  3. package/dist/{anthropic-CFZUCb1w.mjs → anthropic-gnoZ_QRy.mjs} +1 -1
  4. package/dist/{assistant-visible-text-DuFWokAt-BOJV_zwc.mjs → assistant-visible-text-DuFWokAt-GbRm46te.mjs} +1 -1
  5. package/dist/{azure-openai-responses-BEuiMaF-.mjs → azure-openai-responses-DbHzq7dt.mjs} +1 -1
  6. package/dist/{boundary-file-read-BSd9MXPy-gnNVhPKT.mjs → boundary-file-read-BSd9MXPy-Tpd4W7aA.mjs} +1 -1
  7. package/dist/{browser-lifecycle-cleanup-BdNsMhMD-BM97qA_M.mjs → browser-lifecycle-cleanup-BdNsMhMD-Bjf5GI3L.mjs} +1 -1
  8. package/dist/{bundled-compat-BpaDaAAu-DJtrIX6i.mjs → bundled-compat-BpaDaAAu-DElY7pj-.mjs} +1 -1
  9. package/dist/{bundled-dir-U738ay4K-BxbzrJOo.mjs → bundled-dir-U738ay4K-DxHVp4u1.mjs} +1 -1
  10. package/dist/{call-DimWbpgJ-B4pv55RH.mjs → call-DimWbpgJ-BnglLl-j.mjs} +1 -1
  11. package/dist/channel-bootstrap.runtime-BVclcGv1-BH-3XviM.mjs +1 -0
  12. package/dist/{channel-bootstrap.runtime-Cwcr38m2-Dt6QlQkX.mjs → channel-bootstrap.runtime-Cwcr38m2-K7QN0kxA.mjs} +1 -1
  13. package/dist/cli.mjs +2 -2
  14. package/dist/{command-format-LSnUCVVF-Dn4h9IOh.mjs → command-format-LSnUCVVF-Ck0yuZRk.mjs} +1 -1
  15. package/dist/config-Bim2pi8a-xbw-saVR.mjs +1 -0
  16. package/dist/config-CtxZK_ZE.mjs +2 -0
  17. package/dist/{delivery-context.shared-j5hC5qb1-BSLQG47q.mjs → delivery-context.shared-j5hC5qb1-DIY5v1oC.mjs} +1 -1
  18. package/dist/{diagnostic-ClMwNnUA-BMKvPQJT.mjs → diagnostic-ClMwNnUA-BLmizo4w.mjs} +1 -1
  19. package/dist/{dist-coestTs9.mjs → dist-BUE_cxIa.mjs} +1 -1
  20. package/dist/{dist-J5UB83Ws.mjs → dist-Drhg3yZT.mjs} +1 -1
  21. package/dist/{facade-loader-DFzIYYt_-4bzFvy-b.mjs → facade-loader-DFzIYYt_--SN2-DQM.mjs} +1 -1
  22. package/dist/{google-ABo-1guT.mjs → google-BdoIr_xq.mjs} +1 -1
  23. package/dist/{google-gemini-cli-CGlN1zUA.mjs → google-gemini-cli-H9jO3Mvn.mjs} +1 -1
  24. package/dist/{google-shared-C60sNhwd.mjs → google-shared-DDK4NMAJ.mjs} +2 -2
  25. package/dist/{google-vertex-De0nAItu.mjs → google-vertex-B_OTGKnl.mjs} +1 -1
  26. package/dist/{ids-BPsM98Uu-CJBJAeVC.mjs → ids-BPsM98Uu-DGJB5aAM.mjs} +1 -1
  27. package/dist/{image-2w3cApg7-CrpUMCvm.mjs → image-2w3cApg7-B_-Jsk_m.mjs} +1 -1
  28. package/dist/interactive-init-CzbT0dDB.mjs +8 -0
  29. package/dist/{io-CH2g3vsv-JJtUIa_U.mjs → io-CH2g3vsv-BevbMdi6.mjs} +1 -1
  30. package/dist/{jiti-loader-cache-Bat69wam-DNIteTtO.mjs → jiti-loader-cache-Bat69wam-Cq2EONsH.mjs} +1 -1
  31. package/dist/{live-smoke-DpURW676.mjs → live-smoke-BY248saY.mjs} +18 -18
  32. package/dist/load-context-mb7uvLSn-C6DFwEWN.mjs +1 -0
  33. package/dist/{loader-708jrx4Y-BbJRXNlQ.mjs → loader-708jrx4Y-eFvaGnCt.mjs} +1 -1
  34. package/dist/main.mjs +114 -106
  35. package/dist/{manifest-registry-_hxKCS2K-OL8KK_o4.mjs → manifest-registry-_hxKCS2K-ezh_x2Cu.mjs} +1 -1
  36. package/dist/{message-channel-Bk_YHfQg-n2Hw2Y0L.mjs → message-channel-Bk_YHfQg-BGBJVvRK.mjs} +1 -1
  37. package/dist/{message-channel-core-DTA--Gjh-CIh10vfo.mjs → message-channel-core-DTA--Gjh-DeWCDZu1.mjs} +1 -1
  38. package/dist/message.config.runtime-K-k4XOyq-JWPtRES_.mjs +1 -0
  39. package/dist/message.gateway.runtime-DqHOHRTQ-BeYUdgSg.mjs +1 -0
  40. package/dist/{mistral-DyL3Zo1b.mjs → mistral-zWGv0zHS.mjs} +1 -1
  41. package/dist/{model-auth-env-oyg2Hexc-DJbt9J3o.mjs → model-auth-env-oyg2Hexc-B5WQGZqf.mjs} +1 -1
  42. package/dist/{models-config-BmpSQJQF-BL6S5qAo.mjs → models-config-BmpSQJQF-Bwnt6IgA.mjs} +1 -1
  43. package/dist/models-config.runtime-DkQfNKqN.mjs +1 -0
  44. package/dist/{multipart-parser-B9dwXBqu.mjs → multipart-parser-D_0C82Yv.mjs} +1 -1
  45. package/dist/{oauth-25y2wc7K.mjs → oauth-TYJ7I-Cs.mjs} +1 -1
  46. package/dist/{openai-codex-responses-BbyAPsP1.mjs → openai-codex-responses-CJA9360v.mjs} +1 -1
  47. package/dist/{openai-completions-Bu5qvQzb.mjs → openai-completions-BfXo7VuS.mjs} +1 -1
  48. package/dist/{openai-responses-pIdwQBc4.mjs → openai-responses-BH-GaE-g.mjs} +1 -1
  49. package/dist/{openai-responses-shared-DqW1JSux.mjs → openai-responses-shared-DHm7pNQU.mjs} +1 -1
  50. package/dist/{paths-D6msg0S1-BO4XgM1u.mjs → paths-D6msg0S1-C3GtW9t2.mjs} +1 -1
  51. package/dist/{paths-D92DjaZ--DdtJ-zYp.mjs → paths-D92DjaZ--CKAvIWoZ.mjs} +1 -1
  52. package/dist/{pi-model-discovery-Bd0TWzo8-DvSM0eWu.mjs → pi-model-discovery-Bd0TWzo8-DcalEcic.mjs} +1 -1
  53. package/dist/{pi-model-discovery-runtime-PrjWOmsV.mjs → pi-model-discovery-runtime-DnW_CaR2.mjs} +1 -1
  54. package/dist/{pi-tools.before-tool-call.runtime-Bn7uqKie-WPxU5oNX.mjs → pi-tools.before-tool-call.runtime-Bn7uqKie-CitpH_Lv.mjs} +1 -1
  55. package/dist/{plugin-auto-enable-DdH3n9V8-Dr_bUXkG.mjs → plugin-auto-enable-DdH3n9V8-Dd9H4luQ.mjs} +1 -1
  56. package/dist/{provider-discovery.runtime-DY0VWQ81.mjs → provider-discovery.runtime-CVft4TR0.mjs} +1 -1
  57. package/dist/{provider-model-compat-CFqcq0it-BUwZENrz.mjs → provider-model-compat-CFqcq0it-W6mE-T-j.mjs} +1 -1
  58. package/dist/{provider-runtime-C8rljsNs-BDvu6FW3.mjs → provider-runtime-C8rljsNs-BGpzSHUk.mjs} +1 -1
  59. package/dist/{provider-runtime-CT50mNIX-DImw7ZZu.mjs → provider-runtime-CT50mNIX-CC3WVtfL.mjs} +1 -1
  60. package/dist/{provider-stream-COLujAAo-Dpq1DSIk.mjs → provider-stream-COLujAAo-BtNcIBP4.mjs} +1 -1
  61. package/dist/{providers.runtime-Ba7tOlq7-B4t6ywCr.mjs → providers.runtime-Ba7tOlq7-CX4GoaJL.mjs} +1 -1
  62. package/dist/{public-surface-loader-BVl0NQAE-TfJ3izj1.mjs → public-surface-loader-BVl0NQAE-CTXfgfHE.mjs} +1 -1
  63. package/dist/{resolve-C33B7eeu-DZM_z6Wr.mjs → resolve-C33B7eeu-DhMVJCKm.mjs} +1 -1
  64. package/dist/{runtime-Cym-fqI8-1GOIuRRQ.mjs → runtime-Cym-fqI8-BuiEWXF-.mjs} +1 -1
  65. package/dist/{runtime-snapshot-C54O1-gI-DxusscPf.mjs → runtime-snapshot-C54O1-gI-0r2omPvJ.mjs} +1 -1
  66. package/dist/{runtime-web-tools-fallback.runtime-Ca-qn1mj-BsYE2gOd.mjs → runtime-web-tools-fallback.runtime-Ca-qn1mj-C5hD_aI-.mjs} +1 -1
  67. package/dist/runtime-web-tools-manifest.runtime-BgxQTjmq-BTi3YQxK.mjs +1 -0
  68. package/dist/runtime-web-tools-public-artifacts.runtime-D9qcoWIX-DNaDY4zG.mjs +1 -0
  69. package/dist/{session-archive.runtime-B52_5vs4-cU2tYbBz.mjs → session-archive.runtime-B52_5vs4-CUKEEsvr.mjs} +1 -1
  70. package/dist/{session-key-Cn2QoOyX-QZeYmbxd.mjs → session-key-Cn2QoOyX-BIh-9Y77.mjs} +1 -1
  71. package/dist/{session-transcript-files.fs-DEeFXruQ-CXIAFSsr.mjs → session-transcript-files.fs-DEeFXruQ-Dh_OJado.mjs} +1 -1
  72. package/dist/{src-CCDx_C-U.mjs → src-C9CsRdwI.mjs} +1 -1
  73. package/dist/{subagent-announce-L5WsQatW--rMn240x.mjs → subagent-announce-L5WsQatW-DyZFJvpK.mjs} +1 -1
  74. package/dist/{subagent-announce.registry.runtime-DiqZyeTs-DNfNHsls.mjs → subagent-announce.registry.runtime-DiqZyeTs-WCL-itg8.mjs} +1 -1
  75. package/dist/{subagent-registry-steer-runtime-DFgZFC0j-XYS1_qwl.mjs → subagent-registry-steer-runtime-DFgZFC0j-BlxUMPcM.mjs} +1 -1
  76. package/dist/{subagent-system-prompt-C1qnN--K-CsU4f97T.mjs → subagent-system-prompt-C1qnN--K-bhNPmt0u.mjs} +1 -1
  77. package/dist/{target-parsing-loaded-DKkb6jJY-B830OA1a.mjs → target-parsing-loaded-DKkb6jJY-Bx7-SykE.mjs} +1 -1
  78. package/dist/{task-registry-delivery-runtime-Dd1CUkZF-B2Hj2k8C.mjs → task-registry-delivery-runtime-Dd1CUkZF-xNioBd-k.mjs} +2 -2
  79. package/dist/task-registry-delivery-runtime-ragbeVx5-BXczubuw.mjs +1 -0
  80. package/dist/{transcript-E_-ISOkD-VTwb782D.mjs → transcript-E_-ISOkD-STFNoSGx.mjs} +2 -2
  81. package/dist/transcript.runtime-BqhvZZdl-BLeKq_RO.mjs +1 -0
  82. package/dist/{web-provider-public-artifacts-BlpRwIUS-DbVhDOrY.mjs → web-provider-public-artifacts-BlpRwIUS-CjacPoGF.mjs} +1 -1
  83. package/dist/{web-search-providers.runtime--0aUtC3b-Bjh4Bmrz.mjs → web-search-providers.runtime--0aUtC3b-EcJfEKJo.mjs} +1 -1
  84. package/package.json +1 -1
  85. package/dist/channel-bootstrap.runtime-BVclcGv1-CEZ0-JP9.mjs +0 -1
  86. package/dist/config-Bim2pi8a-03N-28sw.mjs +0 -1
  87. package/dist/interactive-init-C5MFL5MW.mjs +0 -8
  88. package/dist/load-context-mb7uvLSn-3xYwSnOZ.mjs +0 -1
  89. package/dist/message.config.runtime-K-k4XOyq-F_h0Cgkl.mjs +0 -1
  90. package/dist/message.gateway.runtime-DqHOHRTQ-ge4c5p4s.mjs +0 -1
  91. package/dist/models-config.runtime-SOhLEw-f.mjs +0 -1
  92. package/dist/runtime-web-tools-manifest.runtime-BgxQTjmq-P6MKP9gQ.mjs +0 -1
  93. package/dist/runtime-web-tools-public-artifacts.runtime-D9qcoWIX-5VoyjouO.mjs +0 -1
  94. package/dist/task-registry-delivery-runtime-ragbeVx5-Bdvo2Q5u.mjs +0 -1
  95. package/dist/transcript.runtime-BqhvZZdl-B4E0TiX5.mjs +0 -1
  96. /package/dist/{build-Bkj0hOS2.mjs → build-DSSm_dj2.mjs} +0 -0
  97. /package/dist/{env-api-keys-Cuz5irWW.mjs → env-api-keys-qlOAYu08.mjs} +0 -0
  98. /package/dist/{event-stream-B7Ei41Bu.mjs → event-stream-JP51qlT7.mjs} +0 -0
  99. /package/dist/{from-Ba69_5cR.mjs → from-BmSefSMV.mjs} +0 -0
  100. /package/dist/{gateway-method-policy-C7rf0SeV-CTJcMQCE.mjs → gateway-method-policy-C7rf0SeV-DXbYlbpG.mjs} +0 -0
  101. /package/dist/{github-copilot-headers-BfhryVuU.mjs → github-copilot-headers-BQ2T2OVX.mjs} +0 -0
  102. /package/dist/{hash-Dw-N8Y9l.mjs → hash-DtceYjXb.mjs} +0 -0
  103. /package/dist/{headers-Bpsp70B9.mjs → headers-KsIWdB9S.mjs} +0 -0
  104. /package/dist/{home-dir-C44RaPME-B5iLWwCq.mjs → home-dir-C44RaPME-BqOMy1pu.mjs} +0 -0
  105. /package/dist/{json-file-BQRNuxmK-hRjIgOXI.mjs → json-file-BQRNuxmK-DQHpAzI5.mjs} +0 -0
  106. /package/dist/{json-parse-BESd8UAM.mjs → json-parse-BJPqxncf.mjs} +0 -0
  107. /package/dist/{jws-YaZ38F_i.mjs → jws-EKtyH_je.mjs} +0 -0
  108. /package/dist/{lark-cli-provider-BLMxH6CN.mjs → lark-cli-provider-DrGmcwiB.mjs} +0 -0
  109. /package/dist/{openai-C-rgGb7X.mjs → openai-D-MIrxrj.mjs} +0 -0
  110. /package/dist/{process-scoped-map-B2cWkYET-Co-i-MXA.mjs → process-scoped-map-B2cWkYET-Bc7DvrUZ.mjs} +0 -0
  111. /package/dist/{runtime-channel-state-CohMybAh-BBzhl07Q.mjs → runtime-channel-state-CohMybAh-DfCjeyJq.mjs} +0 -0
  112. /package/dist/{runtime-state-IBOIXKOx-Cw1GA1td.mjs → runtime-state-IBOIXKOx-Cr97WVOr.mjs} +0 -0
  113. /package/dist/{src-DACmA9V6.mjs → src-5lm1WxWm.mjs} +0 -0
  114. /package/dist/{thinking-Bh-7MqXz-uApNUe6g.mjs → thinking-Bh-7MqXz-BB7ZJReA.mjs} +0 -0
  115. /package/dist/{transform-messages-BTA3xbAI.mjs → transform-messages-B6RF0Czv.mjs} +0 -0
@@ -1,6 +1,6 @@
1
- import{a as e,i as t,t as n}from"./chunk-DHbaKqs-.mjs";import{a as r,t as i}from"./transform-messages-BTA3xbAI.mjs";import{a,i as o,n as s,r as c,t as l}from"./jws-YaZ38F_i.mjs";import*as u from"fs/promises";import{writeFile as d}from"fs/promises";import{createWriteStream as f}from"fs";import{finished as p}from"node:stream/promises";import{Readable as m}from"node:stream";import*as h from"path";import*as g from"ws";var _=n(((e,t)=>{function n(e,t){typeof t==`boolean`&&(t={forever:t}),this._originalTimeouts=JSON.parse(JSON.stringify(e)),this._timeouts=e,this._options=t||{},this._maxRetryTime=t&&t.maxRetryTime||1/0,this._fn=null,this._errors=[],this._attempts=1,this._operationTimeout=null,this._operationTimeoutCb=null,this._timeout=null,this._operationStart=null,this._timer=null,this._options.forever&&(this._cachedTimeouts=this._timeouts.slice(0))}t.exports=n,n.prototype.reset=function(){this._attempts=1,this._timeouts=this._originalTimeouts.slice(0)},n.prototype.stop=function(){this._timeout&&clearTimeout(this._timeout),this._timer&&clearTimeout(this._timer),this._timeouts=[],this._cachedTimeouts=null},n.prototype.retry=function(e){if(this._timeout&&clearTimeout(this._timeout),!e)return!1;var t=new Date().getTime();if(e&&t-this._operationStart>=this._maxRetryTime)return this._errors.push(e),this._errors.unshift(Error(`RetryOperation timeout occurred`)),!1;this._errors.push(e);var n=this._timeouts.shift();if(n===void 0)if(this._cachedTimeouts)this._errors.splice(0,this._errors.length-1),n=this._cachedTimeouts.slice(-1);else return!1;var r=this;return this._timer=setTimeout(function(){r._attempts++,r._operationTimeoutCb&&(r._timeout=setTimeout(function(){r._operationTimeoutCb(r._attempts)},r._operationTimeout),r._options.unref&&r._timeout.unref()),r._fn(r._attempts)},n),this._options.unref&&this._timer.unref(),!0},n.prototype.attempt=function(e,t){this._fn=e,t&&(t.timeout&&(this._operationTimeout=t.timeout),t.cb&&(this._operationTimeoutCb=t.cb));var n=this;this._operationTimeoutCb&&(this._timeout=setTimeout(function(){n._operationTimeoutCb()},n._operationTimeout)),this._operationStart=new Date().getTime(),this._fn(this._attempts)},n.prototype.try=function(e){console.log(`Using RetryOperation.try() is deprecated`),this.attempt(e)},n.prototype.start=function(e){console.log(`Using RetryOperation.start() is deprecated`),this.attempt(e)},n.prototype.start=n.prototype.try,n.prototype.errors=function(){return this._errors},n.prototype.attempts=function(){return this._attempts},n.prototype.mainError=function(){if(this._errors.length===0)return null;for(var e={},t=null,n=0,r=0;r<this._errors.length;r++){var i=this._errors[r],a=i.message,o=(e[a]||0)+1;e[a]=o,o>=n&&(t=i,n=o)}return t}})),v=n((e=>{var t=_();e.operation=function(n){return new t(e.timeouts(n),{forever:n&&(n.forever||n.retries===1/0),unref:n&&n.unref,maxRetryTime:n&&n.maxRetryTime})},e.timeouts=function(e){if(e instanceof Array)return[].concat(e);var t={retries:10,factor:2,minTimeout:1*1e3,maxTimeout:1/0,randomize:!1};for(var n in e)t[n]=e[n];if(t.minTimeout>t.maxTimeout)throw Error(`minTimeout is greater than maxTimeout`);for(var r=[],i=0;i<t.retries;i++)r.push(this.createTimeout(i,t));return e&&e.forever&&!r.length&&r.push(this.createTimeout(i,t)),r.sort(function(e,t){return e-t}),r},e.createTimeout=function(e,t){var n=t.randomize?Math.random()+1:1,r=Math.round(n*Math.max(t.minTimeout,1)*t.factor**+e);return r=Math.min(r,t.maxTimeout),r},e.wrap=function(t,n,r){if(n instanceof Array&&(r=n,n=null),!r)for(var i in r=[],t)typeof t[i]==`function`&&r.push(i);for(var a=0;a<r.length;a++){var o=r[a],s=t[o];t[o]=function(r){var i=e.operation(n),a=Array.prototype.slice.call(arguments,1),o=a.pop();a.push(function(e){i.retry(e)||(e&&(arguments[0]=i.mainError()),o.apply(this,arguments))}),i.attempt(function(){r.apply(t,a)})}.bind(t,s),t[o].options=n}}})),y=n(((e,t)=>{t.exports=v()})),b=n(((e,t)=>{let n=y(),r=[`Failed to fetch`,`NetworkError when attempting to fetch resource.`,`The Internet connection appears to be offline.`,`Network request failed`];var i=class extends Error{constructor(e){super(),e instanceof Error?(this.originalError=e,{message:e}=e):(this.originalError=Error(e),this.originalError.stack=this.stack),this.name=`AbortError`,this.message=e}};let a=(e,t,n)=>{let r=n.retries-(t-1);return e.attemptNumber=t,e.retriesLeft=r,e},o=e=>r.includes(e),s=(e,t)=>new Promise((r,s)=>{t={onFailedAttempt:()=>{},retries:10,...t};let c=n.operation(t);c.attempt(async n=>{try{r(await e(n))}catch(e){if(!(e instanceof Error)){s(TypeError(`Non-error was thrown: "${e}". You should only throw errors.`));return}if(e instanceof i)c.stop(),s(e.originalError);else if(e instanceof TypeError&&!o(e.message))c.stop(),s(e);else{a(e,n,t);try{await t.onFailedAttempt(e)}catch(e){s(e);return}c.retry(e)||s(c.mainError())}}})});t.exports=s,t.exports.default=s,t.exports.AbortError=i})),x=n(((e,t)=>{t.exports={name:`gaxios`,version:`7.1.4`,description:`A simple common HTTP client specifically for Google APIs and services.`,main:`build/cjs/src/index.js`,types:`build/cjs/src/index.d.ts`,files:[`build/`],exports:{".":{import:{types:`./build/esm/src/index.d.ts`,default:`./build/esm/src/index.js`},require:{types:`./build/cjs/src/index.d.ts`,default:`./build/cjs/src/index.js`}}},scripts:{lint:`gts check --no-inline-config`,test:`c8 mocha build/esm/test`,"presystem-test":`npm run compile`,"system-test":`mocha build/esm/system-test --timeout 80000`,compile:`tsc -b ./tsconfig.json ./tsconfig.cjs.json && node utils/enable-esm.mjs`,fix:`gts fix`,prepare:`npm run compile`,pretest:`npm run compile`,webpack:`webpack`,"prebrowser-test":`npm run compile`,"browser-test":`node build/browser-test/browser-test-runner.js`,docs:`jsdoc -c .jsdoc.js`,"docs-test":`linkinator docs`,"predocs-test":`npm run docs`,"samples-test":`cd samples/ && npm link ../ && npm test && cd ../`,prelint:`cd samples; npm link ../; npm install`,clean:`gts clean`},repository:{type:`git`,directory:`packages/gaxios`,url:`https://github.com/googleapis/google-cloud-node-core.git`},keywords:[`google`],engines:{node:`>=18`},author:`Google, LLC`,license:`Apache-2.0`,devDependencies:{"@babel/plugin-proposal-private-methods":`^7.18.6`,"@types/cors":`^2.8.6`,"@types/express":`^5.0.0`,"@types/extend":`^3.0.1`,"@types/mocha":`^10.0.10`,"@types/multiparty":`4.2.1`,"@types/mv":`^2.1.0`,"@types/ncp":`^2.0.8`,"@types/node":`^22.13.1`,"@types/sinon":`^17.0.3`,"@types/tmp":`^0.2.6`,assert:`^2.0.0`,browserify:`^17.0.0`,c8:`^10.1.3`,cors:`^2.8.5`,express:`^5.0.0`,gts:`^6.0.2`,"is-docker":`^3.0.0`,jsdoc:`^4.0.4`,"jsdoc-fresh":`^5.0.0`,"jsdoc-region-tag":`^4.0.0`,karma:`^6.0.0`,"karma-chrome-launcher":`^3.0.0`,"karma-coverage":`^2.0.0`,"karma-firefox-launcher":`^2.0.0`,"karma-mocha":`^2.0.0`,"karma-remap-coverage":`^0.1.5`,"karma-sourcemap-loader":`^0.4.0`,"karma-webpack":`^5.0.1`,linkinator:`^6.1.2`,mocha:`^11.1.0`,multiparty:`^4.2.1`,mv:`^2.1.1`,ncp:`^2.0.0`,nock:`^14.0.5`,"null-loader":`^4.0.1`,"pack-n-play":`^4.0.0`,puppeteer:`^24.0.0`,sinon:`^21.0.0`,"stream-browserify":`^3.0.0`,tmp:`0.2.5`,"ts-loader":`^9.5.2`,typescript:`5.8.3`,webpack:`^5.97.1`,"webpack-cli":`^6.0.1`},dependencies:{extend:`^3.0.2`,"https-proxy-agent":`^7.0.1`,"node-fetch":`^3.3.2`},homepage:`https://github.com/googleapis/google-cloud-node-core/tree/main/packages/gaxios`}})),S=n(((e,t)=>{t.exports={pkg:x()}})),C=n((e=>{var t=e&&e.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(e,`__esModule`,{value:!0}),e.GaxiosError=e.GAXIOS_ERROR_SYMBOL=void 0,e.defaultErrorRedactor=o;let n=t(a()),r=t(S()).default.pkg;e.GAXIOS_ERROR_SYMBOL=Symbol.for(`${r.name}-gaxios-error`),e.GaxiosError=class t extends Error{config;response;code;status;error;[e.GAXIOS_ERROR_SYMBOL]=r.version;static[Symbol.hasInstance](n){return n&&typeof n==`object`&&e.GAXIOS_ERROR_SYMBOL in n&&n[e.GAXIOS_ERROR_SYMBOL]===r.version?!0:Function.prototype[Symbol.hasInstance].call(t,n)}constructor(e,t,r,a){if(super(e,{cause:a}),this.config=t,this.response=r,this.error=a instanceof Error?a:void 0,this.config=(0,n.default)(!0,{},t),this.response&&(this.response.config=(0,n.default)(!0,{},this.response.config)),this.response){try{this.response.data=i(this.config.responseType,this.response?.bodyUsed?this.response?.data:void 0)}catch{}this.status=this.response.status}a instanceof DOMException?this.code=a.name:a&&typeof a==`object`&&`code`in a&&(typeof a.code==`string`||typeof a.code==`number`)&&(this.code=a.code)}static extractAPIErrorFromResponse(e,t=`The request failed`){let n=t;if(typeof e.data==`string`&&(n=e.data),e.data&&typeof e.data==`object`&&`error`in e.data&&e.data.error&&!e.ok){if(typeof e.data.error==`string`)return{message:e.data.error,code:e.status,status:e.statusText};if(typeof e.data.error==`object`){n=`message`in e.data.error&&typeof e.data.error.message==`string`?e.data.error.message:n;let t=`status`in e.data.error&&typeof e.data.error.status==`string`?e.data.error.status:e.statusText,r=`code`in e.data.error&&typeof e.data.error.code==`number`?e.data.error.code:e.status;if(`errors`in e.data.error&&Array.isArray(e.data.error.errors)){let i=[];for(let t of e.data.error.errors)typeof t==`object`&&`message`in t&&typeof t.message==`string`&&i.push(t.message);return Object.assign({message:i.join(`
1
+ import{a as e,i as t,t as n}from"./chunk-DHbaKqs-.mjs";import{a as r,t as i}from"./transform-messages-B6RF0Czv.mjs";import{a,i as o,n as s,r as c,t as l}from"./jws-EKtyH_je.mjs";import*as u from"fs/promises";import{writeFile as d}from"fs/promises";import{createWriteStream as f}from"fs";import{finished as p}from"node:stream/promises";import{Readable as m}from"node:stream";import*as h from"path";import*as g from"ws";var _=n(((e,t)=>{function n(e,t){typeof t==`boolean`&&(t={forever:t}),this._originalTimeouts=JSON.parse(JSON.stringify(e)),this._timeouts=e,this._options=t||{},this._maxRetryTime=t&&t.maxRetryTime||1/0,this._fn=null,this._errors=[],this._attempts=1,this._operationTimeout=null,this._operationTimeoutCb=null,this._timeout=null,this._operationStart=null,this._timer=null,this._options.forever&&(this._cachedTimeouts=this._timeouts.slice(0))}t.exports=n,n.prototype.reset=function(){this._attempts=1,this._timeouts=this._originalTimeouts.slice(0)},n.prototype.stop=function(){this._timeout&&clearTimeout(this._timeout),this._timer&&clearTimeout(this._timer),this._timeouts=[],this._cachedTimeouts=null},n.prototype.retry=function(e){if(this._timeout&&clearTimeout(this._timeout),!e)return!1;var t=new Date().getTime();if(e&&t-this._operationStart>=this._maxRetryTime)return this._errors.push(e),this._errors.unshift(Error(`RetryOperation timeout occurred`)),!1;this._errors.push(e);var n=this._timeouts.shift();if(n===void 0)if(this._cachedTimeouts)this._errors.splice(0,this._errors.length-1),n=this._cachedTimeouts.slice(-1);else return!1;var r=this;return this._timer=setTimeout(function(){r._attempts++,r._operationTimeoutCb&&(r._timeout=setTimeout(function(){r._operationTimeoutCb(r._attempts)},r._operationTimeout),r._options.unref&&r._timeout.unref()),r._fn(r._attempts)},n),this._options.unref&&this._timer.unref(),!0},n.prototype.attempt=function(e,t){this._fn=e,t&&(t.timeout&&(this._operationTimeout=t.timeout),t.cb&&(this._operationTimeoutCb=t.cb));var n=this;this._operationTimeoutCb&&(this._timeout=setTimeout(function(){n._operationTimeoutCb()},n._operationTimeout)),this._operationStart=new Date().getTime(),this._fn(this._attempts)},n.prototype.try=function(e){console.log(`Using RetryOperation.try() is deprecated`),this.attempt(e)},n.prototype.start=function(e){console.log(`Using RetryOperation.start() is deprecated`),this.attempt(e)},n.prototype.start=n.prototype.try,n.prototype.errors=function(){return this._errors},n.prototype.attempts=function(){return this._attempts},n.prototype.mainError=function(){if(this._errors.length===0)return null;for(var e={},t=null,n=0,r=0;r<this._errors.length;r++){var i=this._errors[r],a=i.message,o=(e[a]||0)+1;e[a]=o,o>=n&&(t=i,n=o)}return t}})),v=n((e=>{var t=_();e.operation=function(n){return new t(e.timeouts(n),{forever:n&&(n.forever||n.retries===1/0),unref:n&&n.unref,maxRetryTime:n&&n.maxRetryTime})},e.timeouts=function(e){if(e instanceof Array)return[].concat(e);var t={retries:10,factor:2,minTimeout:1*1e3,maxTimeout:1/0,randomize:!1};for(var n in e)t[n]=e[n];if(t.minTimeout>t.maxTimeout)throw Error(`minTimeout is greater than maxTimeout`);for(var r=[],i=0;i<t.retries;i++)r.push(this.createTimeout(i,t));return e&&e.forever&&!r.length&&r.push(this.createTimeout(i,t)),r.sort(function(e,t){return e-t}),r},e.createTimeout=function(e,t){var n=t.randomize?Math.random()+1:1,r=Math.round(n*Math.max(t.minTimeout,1)*t.factor**+e);return r=Math.min(r,t.maxTimeout),r},e.wrap=function(t,n,r){if(n instanceof Array&&(r=n,n=null),!r)for(var i in r=[],t)typeof t[i]==`function`&&r.push(i);for(var a=0;a<r.length;a++){var o=r[a],s=t[o];t[o]=function(r){var i=e.operation(n),a=Array.prototype.slice.call(arguments,1),o=a.pop();a.push(function(e){i.retry(e)||(e&&(arguments[0]=i.mainError()),o.apply(this,arguments))}),i.attempt(function(){r.apply(t,a)})}.bind(t,s),t[o].options=n}}})),y=n(((e,t)=>{t.exports=v()})),b=n(((e,t)=>{let n=y(),r=[`Failed to fetch`,`NetworkError when attempting to fetch resource.`,`The Internet connection appears to be offline.`,`Network request failed`];var i=class extends Error{constructor(e){super(),e instanceof Error?(this.originalError=e,{message:e}=e):(this.originalError=Error(e),this.originalError.stack=this.stack),this.name=`AbortError`,this.message=e}};let a=(e,t,n)=>{let r=n.retries-(t-1);return e.attemptNumber=t,e.retriesLeft=r,e},o=e=>r.includes(e),s=(e,t)=>new Promise((r,s)=>{t={onFailedAttempt:()=>{},retries:10,...t};let c=n.operation(t);c.attempt(async n=>{try{r(await e(n))}catch(e){if(!(e instanceof Error)){s(TypeError(`Non-error was thrown: "${e}". You should only throw errors.`));return}if(e instanceof i)c.stop(),s(e.originalError);else if(e instanceof TypeError&&!o(e.message))c.stop(),s(e);else{a(e,n,t);try{await t.onFailedAttempt(e)}catch(e){s(e);return}c.retry(e)||s(c.mainError())}}})});t.exports=s,t.exports.default=s,t.exports.AbortError=i})),x=n(((e,t)=>{t.exports={name:`gaxios`,version:`7.1.4`,description:`A simple common HTTP client specifically for Google APIs and services.`,main:`build/cjs/src/index.js`,types:`build/cjs/src/index.d.ts`,files:[`build/`],exports:{".":{import:{types:`./build/esm/src/index.d.ts`,default:`./build/esm/src/index.js`},require:{types:`./build/cjs/src/index.d.ts`,default:`./build/cjs/src/index.js`}}},scripts:{lint:`gts check --no-inline-config`,test:`c8 mocha build/esm/test`,"presystem-test":`npm run compile`,"system-test":`mocha build/esm/system-test --timeout 80000`,compile:`tsc -b ./tsconfig.json ./tsconfig.cjs.json && node utils/enable-esm.mjs`,fix:`gts fix`,prepare:`npm run compile`,pretest:`npm run compile`,webpack:`webpack`,"prebrowser-test":`npm run compile`,"browser-test":`node build/browser-test/browser-test-runner.js`,docs:`jsdoc -c .jsdoc.js`,"docs-test":`linkinator docs`,"predocs-test":`npm run docs`,"samples-test":`cd samples/ && npm link ../ && npm test && cd ../`,prelint:`cd samples; npm link ../; npm install`,clean:`gts clean`},repository:{type:`git`,directory:`packages/gaxios`,url:`https://github.com/googleapis/google-cloud-node-core.git`},keywords:[`google`],engines:{node:`>=18`},author:`Google, LLC`,license:`Apache-2.0`,devDependencies:{"@babel/plugin-proposal-private-methods":`^7.18.6`,"@types/cors":`^2.8.6`,"@types/express":`^5.0.0`,"@types/extend":`^3.0.1`,"@types/mocha":`^10.0.10`,"@types/multiparty":`4.2.1`,"@types/mv":`^2.1.0`,"@types/ncp":`^2.0.8`,"@types/node":`^22.13.1`,"@types/sinon":`^17.0.3`,"@types/tmp":`^0.2.6`,assert:`^2.0.0`,browserify:`^17.0.0`,c8:`^10.1.3`,cors:`^2.8.5`,express:`^5.0.0`,gts:`^6.0.2`,"is-docker":`^3.0.0`,jsdoc:`^4.0.4`,"jsdoc-fresh":`^5.0.0`,"jsdoc-region-tag":`^4.0.0`,karma:`^6.0.0`,"karma-chrome-launcher":`^3.0.0`,"karma-coverage":`^2.0.0`,"karma-firefox-launcher":`^2.0.0`,"karma-mocha":`^2.0.0`,"karma-remap-coverage":`^0.1.5`,"karma-sourcemap-loader":`^0.4.0`,"karma-webpack":`^5.0.1`,linkinator:`^6.1.2`,mocha:`^11.1.0`,multiparty:`^4.2.1`,mv:`^2.1.1`,ncp:`^2.0.0`,nock:`^14.0.5`,"null-loader":`^4.0.1`,"pack-n-play":`^4.0.0`,puppeteer:`^24.0.0`,sinon:`^21.0.0`,"stream-browserify":`^3.0.0`,tmp:`0.2.5`,"ts-loader":`^9.5.2`,typescript:`5.8.3`,webpack:`^5.97.1`,"webpack-cli":`^6.0.1`},dependencies:{extend:`^3.0.2`,"https-proxy-agent":`^7.0.1`,"node-fetch":`^3.3.2`},homepage:`https://github.com/googleapis/google-cloud-node-core/tree/main/packages/gaxios`}})),S=n(((e,t)=>{t.exports={pkg:x()}})),C=n((e=>{var t=e&&e.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(e,`__esModule`,{value:!0}),e.GaxiosError=e.GAXIOS_ERROR_SYMBOL=void 0,e.defaultErrorRedactor=o;let n=t(a()),r=t(S()).default.pkg;e.GAXIOS_ERROR_SYMBOL=Symbol.for(`${r.name}-gaxios-error`),e.GaxiosError=class t extends Error{config;response;code;status;error;[e.GAXIOS_ERROR_SYMBOL]=r.version;static[Symbol.hasInstance](n){return n&&typeof n==`object`&&e.GAXIOS_ERROR_SYMBOL in n&&n[e.GAXIOS_ERROR_SYMBOL]===r.version?!0:Function.prototype[Symbol.hasInstance].call(t,n)}constructor(e,t,r,a){if(super(e,{cause:a}),this.config=t,this.response=r,this.error=a instanceof Error?a:void 0,this.config=(0,n.default)(!0,{},t),this.response&&(this.response.config=(0,n.default)(!0,{},this.response.config)),this.response){try{this.response.data=i(this.config.responseType,this.response?.bodyUsed?this.response?.data:void 0)}catch{}this.status=this.response.status}a instanceof DOMException?this.code=a.name:a&&typeof a==`object`&&`code`in a&&(typeof a.code==`string`||typeof a.code==`number`)&&(this.code=a.code)}static extractAPIErrorFromResponse(e,t=`The request failed`){let n=t;if(typeof e.data==`string`&&(n=e.data),e.data&&typeof e.data==`object`&&`error`in e.data&&e.data.error&&!e.ok){if(typeof e.data.error==`string`)return{message:e.data.error,code:e.status,status:e.statusText};if(typeof e.data.error==`object`){n=`message`in e.data.error&&typeof e.data.error.message==`string`?e.data.error.message:n;let t=`status`in e.data.error&&typeof e.data.error.status==`string`?e.data.error.status:e.statusText,r=`code`in e.data.error&&typeof e.data.error.code==`number`?e.data.error.code:e.status;if(`errors`in e.data.error&&Array.isArray(e.data.error.errors)){let i=[];for(let t of e.data.error.errors)typeof t==`object`&&`message`in t&&typeof t.message==`string`&&i.push(t.message);return Object.assign({message:i.join(`
2
2
  `)||n,code:r,status:t},e.data.error)}return Object.assign({message:n,code:r,status:t},e.data.error)}}return{message:n,code:e.status,status:e.statusText}}};function i(e,t){switch(e){case`stream`:return t;case`json`:return JSON.parse(JSON.stringify(t));case`arraybuffer`:return JSON.parse(Buffer.from(t).toString(`utf8`));case`blob`:return JSON.parse(t.text());default:return t}}function o(e){let t="<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.";function n(e){e&&e.forEach((n,r)=>{(/^authentication$/i.test(r)||/^authorization$/i.test(r)||/secret/i.test(r))&&e.set(r,t)})}function r(e,n){if(typeof e==`object`&&e&&typeof e[n]==`string`){let r=e[n];(/grant_type=/i.test(r)||/assertion=/i.test(r)||/secret/i.test(r))&&(e[n]=t)}}function i(e){!e||typeof e!=`object`||(e instanceof FormData||e instanceof URLSearchParams||`forEach`in e&&`set`in e?e.forEach((n,r)=>{([`grant_type`,`assertion`].includes(r)||/secret/.test(r))&&e.set(r,t)}):(`grant_type`in e&&(e.grant_type=t),`assertion`in e&&(e.assertion=t),`client_secret`in e&&(e.client_secret=t)))}return e.config&&(n(e.config.headers),r(e.config,`data`),i(e.config.data),r(e.config,`body`),i(e.config.body),e.config.url.searchParams.has(`token`)&&e.config.url.searchParams.set(`token`,t),e.config.url.searchParams.has(`client_secret`)&&e.config.url.searchParams.set(`client_secret`,t)),e.response&&(o({config:e.response.config}),n(e.response.headers),e.response.bodyUsed&&(r(e.response,`data`),i(e.response.data))),e}})),w=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.getRetryConfig=t;async function t(e){let t=r(e);if(!e||!e.config||!t&&!e.config.retry)return{shouldRetry:!1};if(t||={},t.currentRetryAttempt=t.currentRetryAttempt||0,t.retry=t.retry===void 0||t.retry===null?3:t.retry,t.httpMethodsToRetry=t.httpMethodsToRetry||[`GET`,`HEAD`,`PUT`,`OPTIONS`,`DELETE`],t.noResponseRetries=t.noResponseRetries===void 0||t.noResponseRetries===null?2:t.noResponseRetries,t.retryDelayMultiplier=t.retryDelayMultiplier?t.retryDelayMultiplier:2,t.timeOfFirstRequest=t.timeOfFirstRequest?t.timeOfFirstRequest:Date.now(),t.totalTimeout=t.totalTimeout?t.totalTimeout:2**53-1,t.maxRetryDelay=t.maxRetryDelay?t.maxRetryDelay:2**53-1,t.statusCodesToRetry=t.statusCodesToRetry||[[100,199],[408,408],[429,429],[500,599]],e.config.retryConfig=t,!await(t.shouldRetry||n)(e))return{shouldRetry:!1,config:e.config};let a=i(t);e.config.retryConfig.currentRetryAttempt+=1;let o=t.retryBackoff?t.retryBackoff(e,a):new Promise(e=>{setTimeout(e,a)});return t.onRetryAttempt&&await t.onRetryAttempt(e),await o,{shouldRetry:!0,config:e.config}}function n(e){let t=r(e);if(e.config.signal?.aborted&&e.code!==`TimeoutError`||e.code===`AbortError`||!t||t.retry===0||!e.response&&(t.currentRetryAttempt||0)>=t.noResponseRetries||!t.httpMethodsToRetry||!t.httpMethodsToRetry.includes(e.config.method?.toUpperCase()||`GET`))return!1;if(e.response&&e.response.status){let n=!1;for(let[r,i]of t.statusCodesToRetry){let t=e.response.status;if(t>=r&&t<=i){n=!0;break}}if(!n)return!1}return t.currentRetryAttempt=t.currentRetryAttempt||0,!(t.currentRetryAttempt>=t.retry)}function r(e){if(e&&e.config&&e.config.retryConfig)return e.config.retryConfig}function i(e){let t=(e.currentRetryAttempt?0:e.retryDelay??100)+(e.retryDelayMultiplier**+e.currentRetryAttempt-1)/2*1e3,n=e.totalTimeout-(Date.now()-e.timeOfFirstRequest);return Math.min(t,n,e.maxRetryDelay)}})),T=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.GaxiosInterceptorManager=void 0,e.GaxiosInterceptorManager=class extends Set{}})),E=n((n=>{var r=n&&n.__importDefault||function(e){return e&&e.__esModule?e:{default:e}},i;Object.defineProperty(n,`__esModule`,{value:!0}),n.Gaxios=void 0;let o=r(a()),s=t(`https`),c=C(),l=w(),u=t(`stream`),d=T(),f=async()=>globalThis.crypto?.randomUUID()||(await import(`crypto`)).randomUUID();var p=class{agentCache=new Map;defaults;interceptors;constructor(e){this.defaults=e||{},this.interceptors={request:new d.GaxiosInterceptorManager,response:new d.GaxiosInterceptorManager}}fetch(...e){let t=e[0],n=e[1],r,a=new Headers;return typeof t==`string`?r=new URL(t):t instanceof URL?r=t:t&&t.url&&(r=new URL(t.url)),t&&typeof t==`object`&&`headers`in t&&i.mergeHeaders(a,t.headers),n&&i.mergeHeaders(a,new Headers(n.headers)),typeof t==`object`&&!(t instanceof URL)?this.request({...n,...t,headers:a,url:r}):this.request({...n,headers:a,url:r})}async request(e={}){let t=await this.#r(e);return t=await this.#t(t),this.#n(this._request(t))}async _defaultAdapter(e){let t=e.fetchImplementation||this.defaults.fetchImplementation||await i.#c(),n={...e};delete n.data;let r=await t(e.url,n),a=await this.getResponseData(e,r);return Object.getOwnPropertyDescriptor(r,`data`)?.configurable||Object.defineProperties(r,{data:{configurable:!0,writable:!0,enumerable:!0,value:a}}),Object.assign(r,{config:e,data:a})}async _request(e){try{let t;if(t=e.adapter?await e.adapter(e,this._defaultAdapter.bind(this)):await this._defaultAdapter(e),!e.validateStatus(t.status)){if(e.responseType===`stream`){let e=[];for await(let n of t.data)e.push(n);t.data=e.toString()}let n=c.GaxiosError.extractAPIErrorFromResponse(t,`Request failed with status code ${t.status}`);throw new c.GaxiosError(n?.message,e,t,n)}return t}catch(t){let n;n=t instanceof c.GaxiosError?t:t instanceof Error?new c.GaxiosError(t.message,e,void 0,t):new c.GaxiosError(`Unexpected Gaxios Error`,e,void 0,t);let{shouldRetry:r,config:i}=await(0,l.getRetryConfig)(n);if(r&&i)return n.config.retryConfig.currentRetryAttempt=i.retryConfig.currentRetryAttempt,e.retryConfig=n.config?.retryConfig,this.#i(e),this._request(e);throw e.errorRedactor&&e.errorRedactor(n),n}}async getResponseData(e,t){if(t.status===204)return``;if(e.maxContentLength&&t.headers.has(`content-length`)&&e.maxContentLength<Number.parseInt(t.headers?.get(`content-length`)||``))throw new c.GaxiosError("Response's `Content-Length` is over the limit.",e,Object.assign(t,{config:e}));switch(e.responseType){case`stream`:return t.body;case`json`:{let e=await t.text();try{return JSON.parse(e)}catch{return e}}case`arraybuffer`:return t.arrayBuffer();case`blob`:return t.blob();case`text`:return t.text();default:return this.getResponseDataFromContentType(t)}}#e(e,t=[]){let n=new URL(e),r=[...t],i=(process.env.NO_PROXY??process.env.no_proxy)?.split(`,`)||[];for(let e of i)r.push(e.trim());for(let e of r)if(e instanceof RegExp){if(e.test(n.toString()))return!1}else if(e instanceof URL){if(e.origin===n.origin)return!1}else if(e.startsWith(`*.`)||e.startsWith(`.`)){let t=e.replace(/^\*\./,`.`);if(n.hostname.endsWith(t))return!1}else if(e===n.origin||e===n.hostname||e===n.href)return!1;return!0}async#t(e){let t=Promise.resolve(e);for(let e of this.interceptors.request.values())e&&(t=t.then(e.resolved,e.rejected));return t}async#n(e){let t=Promise.resolve(e);for(let e of this.interceptors.response.values())e&&(t=t.then(e.resolved,e.rejected));return t}async#r(e){let t=new Headers(this.defaults.headers);i.mergeHeaders(t,e.headers);let n=(0,o.default)(!0,{},this.defaults,e);if(!n.url)throw Error(`URL is required.`);if(n.baseURL&&(n.url=new URL(n.url,n.baseURL)),n.url=new URL(n.url),n.params)if(n.paramsSerializer){let e=n.paramsSerializer(n.params);e.startsWith(`?`)&&(e=e.slice(1));let t=n.url.toString().includes(`?`)?`&`:`?`;n.url=n.url+t+e}else{let e=n.url instanceof URL?n.url:new URL(n.url);for(let[t,r]of new URLSearchParams(n.params))e.searchParams.append(t,r);n.url=e}typeof e.maxContentLength==`number`&&(n.size=e.maxContentLength),typeof e.maxRedirects==`number`&&(n.follow=e.maxRedirects);let r=typeof n.data==`string`||n.data instanceof ArrayBuffer||n.data instanceof Blob||globalThis.File&&n.data instanceof File||n.data instanceof FormData||n.data instanceof u.Readable||n.data instanceof ReadableStream||n.data instanceof String||n.data instanceof URLSearchParams||ArrayBuffer.isView(n.data)||[`Blob`,`File`,`FormData`].includes(n.data?.constructor?.name||``);if(n.multipart?.length){let e=await f();t.set(`content-type`,`multipart/related; boundary=${e}`),n.body=u.Readable.from(this.getMultipartRequest(n.multipart,e))}else r?n.body=n.data:typeof n.data==`object`?t.get(`Content-Type`)===`application/x-www-form-urlencoded`?n.body=n.paramsSerializer?n.paramsSerializer(n.data):new URLSearchParams(n.data):(t.has(`content-type`)||t.set(`content-type`,`application/json`),n.body=JSON.stringify(n.data)):n.data&&(n.body=n.data);n.validateStatus=n.validateStatus||this.validateStatus,n.responseType=n.responseType||`unknown`,!t.has(`accept`)&&n.responseType===`json`&&t.set(`accept`,`application/json`);let a=n.proxy||process?.env?.HTTPS_PROXY||process?.env?.https_proxy||process?.env?.HTTP_PROXY||process?.env?.http_proxy;if(!n.agent)if(a&&this.#e(n.url,n.noProxy)){let e=await i.#s();this.agentCache.has(a)?n.agent=this.agentCache.get(a):(n.agent=new e(a,{cert:n.cert,key:n.key}),this.agentCache.set(a,n.agent))}else n.cert&&n.key&&(this.agentCache.has(n.key)?n.agent=this.agentCache.get(n.key):(n.agent=new s.Agent({cert:n.cert,key:n.key}),this.agentCache.set(n.key,n.agent)));return typeof n.errorRedactor!=`function`&&n.errorRedactor!==!1&&(n.errorRedactor=c.defaultErrorRedactor),n.body&&!(`duplex`in n)&&(n.duplex=`half`),this.#i(n),Object.assign(n,{headers:t,url:n.url instanceof URL?n.url:new URL(n.url)})}#i(e){if(e.timeout){let t=AbortSignal.timeout(e.timeout);e.signal&&!e.signal.aborted?e.signal=AbortSignal.any([e.signal,t]):e.signal=t}}validateStatus(e){return e>=200&&e<300}async getResponseDataFromContentType(e){let t=e.headers.get(`Content-Type`);if(t===null)return e.text();if(t=t.toLowerCase(),t.includes(`application/json`)){let t=await e.text();try{t=JSON.parse(t)}catch{}return t}else if(t.match(/^text\//))return e.text();else return e.blob()}async*getMultipartRequest(e,t){let n=`--${t}--`;for(let n of e)yield`--${t}\r\nContent-Type: ${n.headers.get(`Content-Type`)||`application/octet-stream`}\r\n\r\n`,typeof n.content==`string`?yield n.content:yield*n.content,yield`\r
3
- `;yield n}static#a;static#o;static async#s(){return this.#a||=(await import(`./dist-coestTs9.mjs`).then(t=>e(t.t()))).HttpsProxyAgent,this.#a}static async#c(){let e=typeof window<`u`&&!!window;return this.#o||=e?window.fetch:(await import(`./src-CCDx_C-U.mjs`)).default,this.#o}static mergeHeaders(e,...t){e=e instanceof Headers?e:new Headers(e);for(let n of t)(n instanceof Headers?n:new Headers(n)).forEach((t,n)=>{n===`set-cookie`?e.append(n,t):e.set(n,t)});return e}};n.Gaxios=p,i=p})),D=n((e=>{var t=e&&e.__createBinding||(Object.create?(function(e,t,n,r){r===void 0&&(r=n);var i=Object.getOwnPropertyDescriptor(t,n);(!i||(`get`in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,i)}):(function(e,t,n,r){r===void 0&&(r=n),e[r]=t[n]})),n=e&&e.__exportStar||function(e,n){for(var r in e)r!==`default`&&!Object.prototype.hasOwnProperty.call(n,r)&&t(n,e,r)};Object.defineProperty(e,`__esModule`,{value:!0}),e.instance=e.Gaxios=e.GaxiosError=void 0,e.request=a;let r=E();Object.defineProperty(e,`Gaxios`,{enumerable:!0,get:function(){return r.Gaxios}});var i=C();Object.defineProperty(e,`GaxiosError`,{enumerable:!0,get:function(){return i.GaxiosError}}),n(T(),e),e.instance=new r.Gaxios;async function a(t){return e.instance.request(t)}})),O=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.GCE_LINUX_BIOS_PATHS=void 0,e.isGoogleCloudServerless=a,e.isGoogleComputeEngineLinux=o,e.isGoogleComputeEngineMACAddress=s,e.isGoogleComputeEngine=c,e.detectGCPResidency=l;let n=t(`fs`),r=t(`os`);e.GCE_LINUX_BIOS_PATHS={BIOS_DATE:`/sys/class/dmi/id/bios_date`,BIOS_VENDOR:`/sys/class/dmi/id/bios_vendor`};let i=/^42:01/;function a(){return!!(process.env.CLOUD_RUN_JOB||process.env.FUNCTION_NAME||process.env.K_SERVICE)}function o(){if((0,r.platform)()!==`linux`)return!1;try{(0,n.statSync)(e.GCE_LINUX_BIOS_PATHS.BIOS_DATE);let t=(0,n.readFileSync)(e.GCE_LINUX_BIOS_PATHS.BIOS_VENDOR,`utf8`);return/Google/.test(t)}catch{return!1}}function s(){let e=(0,r.networkInterfaces)();for(let t of Object.values(e))if(t){for(let{mac:e}of t)if(i.test(e))return!0}return!1}function c(){return o()||s()}function l(){return a()||c()}})),k=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.Colours=void 0;var t=class e{static isEnabled(e){return e&&e.isTTY&&(typeof e.getColorDepth==`function`?e.getColorDepth()>2:!0)}static refresh(){e.enabled=e.isEnabled(process==null?void 0:process.stderr),this.enabled?(e.reset=`\x1B[0m`,e.bright=`\x1B[1m`,e.dim=`\x1B[2m`,e.red=`\x1B[31m`,e.green=`\x1B[32m`,e.yellow=`\x1B[33m`,e.blue=`\x1B[34m`,e.magenta=`\x1B[35m`,e.cyan=`\x1B[36m`,e.white=`\x1B[37m`,e.grey=`\x1B[90m`):(e.reset=``,e.bright=``,e.dim=``,e.red=``,e.green=``,e.yellow=``,e.blue=``,e.magenta=``,e.cyan=``,e.white=``,e.grey=``)}};e.Colours=t,t.enabled=!1,t.reset=``,t.bright=``,t.dim=``,t.red=``,t.green=``,t.yellow=``,t.blue=``,t.magenta=``,t.cyan=``,t.white=``,t.grey=``,t.refresh()})),ee=n((e=>{var n=e&&e.__createBinding||(Object.create?(function(e,t,n,r){r===void 0&&(r=n);var i=Object.getOwnPropertyDescriptor(t,n);(!i||(`get`in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,i)}):(function(e,t,n,r){r===void 0&&(r=n),e[r]=t[n]})),r=e&&e.__setModuleDefault||(Object.create?(function(e,t){Object.defineProperty(e,`default`,{enumerable:!0,value:t})}):function(e,t){e.default=t}),i=e&&e.__importStar||(function(){var e=function(t){return e=Object.getOwnPropertyNames||function(e){var t=[];for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[t.length]=n);return t},e(t)};return function(t){if(t&&t.__esModule)return t;var i={};if(t!=null)for(var a=e(t),o=0;o<a.length;o++)a[o]!==`default`&&n(i,t,a[o]);return r(i,t),i}})();Object.defineProperty(e,`__esModule`,{value:!0}),e.env=e.DebugLogBackendBase=e.placeholder=e.AdhocDebugLogger=e.LogSeverity=void 0,e.getNodeBackend=p,e.getDebugBackend=h,e.getStructuredBackend=_,e.setBackend=b,e.log=x;let a=t(`events`),o=i(t(`process`)),s=i(t(`util`)),c=k();var l;(function(e){e.DEFAULT=`DEFAULT`,e.DEBUG=`DEBUG`,e.INFO=`INFO`,e.WARNING=`WARNING`,e.ERROR=`ERROR`})(l||(e.LogSeverity=l={}));var u=class extends a.EventEmitter{constructor(e,t){super(),this.namespace=e,this.upstream=t,this.func=Object.assign(this.invoke.bind(this),{instance:this,on:(e,t)=>this.on(e,t)}),this.func.debug=(...e)=>this.invokeSeverity(l.DEBUG,...e),this.func.info=(...e)=>this.invokeSeverity(l.INFO,...e),this.func.warn=(...e)=>this.invokeSeverity(l.WARNING,...e),this.func.error=(...e)=>this.invokeSeverity(l.ERROR,...e),this.func.sublog=e=>x(e,this.func)}invoke(e,...t){if(this.upstream)try{this.upstream(e,...t)}catch{}try{this.emit(`log`,e,t)}catch{}}invokeSeverity(e,...t){this.invoke({severity:e},...t)}};e.AdhocDebugLogger=u,e.placeholder=new u(``,()=>{}).func;var d=class{constructor(){this.cached=new Map,this.filters=[],this.filtersSet=!1;let t=o.env[e.env.nodeEnables]??`*`;t===`all`&&(t=`*`),this.filters=t.split(`,`)}log(e,t,...n){try{this.filtersSet||=(this.setFilters(),!0);let r=this.cached.get(e);r||(r=this.makeLogger(e),this.cached.set(e,r)),r(t,...n)}catch(e){console.error(e)}}};e.DebugLogBackendBase=d;var f=class extends d{constructor(){super(...arguments),this.enabledRegexp=/.*/g}isEnabled(e){return this.enabledRegexp.test(e)}makeLogger(e){return this.enabledRegexp.test(e)?(t,...n)=>{let r=`${c.Colours.green}${e}${c.Colours.reset}`,i=`${c.Colours.yellow}${o.pid}${c.Colours.reset}`,a;switch(t.severity){case l.ERROR:a=`${c.Colours.red}${t.severity}${c.Colours.reset}`;break;case l.INFO:a=`${c.Colours.magenta}${t.severity}${c.Colours.reset}`;break;case l.WARNING:a=`${c.Colours.yellow}${t.severity}${c.Colours.reset}`;break;default:a=t.severity??l.DEFAULT;break}let u=s.formatWithOptions({colors:c.Colours.enabled},...n),d=Object.assign({},t);delete d.severity;let f=Object.getOwnPropertyNames(d).length?JSON.stringify(d):``,p=f?`${c.Colours.grey}${f}${c.Colours.reset}`:``;console.error(`%s [%s|%s] %s%s`,i,r,a,u,f?` ${p}`:``)}:()=>{}}setFilters(){let e=this.filters.join(`,`).replace(/[|\\{}()[\]^$+?.]/g,`\\$&`).replace(/\*/g,`.*`).replace(/,/g,`$|^`);this.enabledRegexp=RegExp(`^${e}$`,`i`)}};function p(){return new f}var m=class extends d{constructor(e){super(),this.debugPkg=e}makeLogger(e){let t=this.debugPkg(e);return(e,...n)=>{t(n[0],...n.slice(1))}}setFilters(){let e=o.env.NODE_DEBUG??``;o.env.NODE_DEBUG=`${e}${e?`,`:``}${this.filters.join(`,`)}`}};function h(e){return new m(e)}var g=class extends d{constructor(e){super(),this.upstream=e??void 0}makeLogger(e){let t=this.upstream?.makeLogger(e);return(e,...n)=>{let r=e.severity??l.INFO,i=Object.assign({severity:r,message:s.format(...n)},e),a=JSON.stringify(i);t?t(e,a):console.log(`%s`,a)}}setFilters(){var e;(e=this.upstream)==null||e.setFilters()}};function _(e){return new g(e)}e.env={nodeEnables:`GOOGLE_SDK_NODE_LOGGING`};let v=new Map,y;function b(e){y=e,v.clear()}function x(t,n){if(!y&&!o.env[e.env.nodeEnables]||!t)return e.placeholder;n&&(t=`${n.instance.namespace}:${t}`);let r=v.get(t);if(r)return r.func;if(y===null)return e.placeholder;y===void 0&&(y=p());let i=(()=>{let e;return new u(t,(n,...r)=>{if(e!==y){if(y===null)return;y===void 0&&(y=p()),e=y}y?.log(t,n,...r)})})();return v.set(t,i),i.func}})),te=n((e=>{var t=e&&e.__createBinding||(Object.create?(function(e,t,n,r){r===void 0&&(r=n);var i=Object.getOwnPropertyDescriptor(t,n);(!i||(`get`in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,i)}):(function(e,t,n,r){r===void 0&&(r=n),e[r]=t[n]})),n=e&&e.__exportStar||function(e,n){for(var r in e)r!==`default`&&!Object.prototype.hasOwnProperty.call(n,r)&&t(n,e,r)};Object.defineProperty(e,`__esModule`,{value:!0}),n(ee(),e)})),A=n((e=>{var t=e&&e.__createBinding||(Object.create?(function(e,t,n,r){r===void 0&&(r=n);var i=Object.getOwnPropertyDescriptor(t,n);(!i||(`get`in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,i)}):(function(e,t,n,r){r===void 0&&(r=n),e[r]=t[n]})),n=e&&e.__setModuleDefault||(Object.create?(function(e,t){Object.defineProperty(e,`default`,{enumerable:!0,value:t})}):function(e,t){e.default=t}),r=e&&e.__importStar||(function(){var e=function(t){return e=Object.getOwnPropertyNames||function(e){var t=[];for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[t.length]=n);return t},e(t)};return function(r){if(r&&r.__esModule)return r;var i={};if(r!=null)for(var a=e(r),o=0;o<a.length;o++)a[o]!==`default`&&t(i,r,a[o]);return n(i,r),i}})(),i=e&&e.__exportStar||function(e,n){for(var r in e)r!==`default`&&!Object.prototype.hasOwnProperty.call(n,r)&&t(n,e,r)};Object.defineProperty(e,`__esModule`,{value:!0}),e.gcpResidencyCache=e.METADATA_SERVER_DETECTION=e.HEADERS=e.HEADER_VALUE=e.HEADER_NAME=e.SECONDARY_HOST_ADDRESS=e.HOST_ADDRESS=e.BASE_PATH=void 0,e.instance=h,e.project=g,e.universe=_,e.bulk=v,e.isAvailable=x,e.resetIsAvailableCache=S,e.getGCPResidency=C,e.setGCPResidency=w,e.requestTimeout=T;let a=D(),s=o(),c=O(),l=r(te());e.BASE_PATH=`/computeMetadata/v1`,e.HOST_ADDRESS=`http://169.254.169.254`,e.SECONDARY_HOST_ADDRESS=`http://metadata.google.internal.`,e.HEADER_NAME=`Metadata-Flavor`,e.HEADER_VALUE=`Google`,e.HEADERS=Object.freeze({[e.HEADER_NAME]:e.HEADER_VALUE});let u=l.log(`gcp-metadata`);e.METADATA_SERVER_DETECTION=Object.freeze({"assume-present":`don't try to ping the metadata server, but assume it's present`,none:`don't try to ping the metadata server, but don't try to use it either`,"bios-only":`treat the result of a BIOS probe as canonical (don't fall back to pinging)`,"ping-only":`skip the BIOS probe, and go straight to pinging`});function d(t){return t||=process.env.GCE_METADATA_IP||process.env.GCE_METADATA_HOST||e.HOST_ADDRESS,/^https?:\/\//.test(t)||(t=`http://${t}`),new URL(e.BASE_PATH,t).href}function f(e){Object.keys(e).forEach(e=>{switch(e){case`params`:case`property`:case`headers`:break;case`qs`:throw Error(`'qs' is not a valid configuration option. Please use 'params' instead.`);default:throw Error(`'${e}' is not a valid configuration option.`)}})}async function p(t,n={},r=3,i=!1){let o=new Headers(e.HEADERS),c=``,l={};if(typeof t==`object`){let e=t;new Headers(e.headers).forEach((e,t)=>o.set(t,e)),c=e.metadataKey,l=e.params||l,r=e.noResponseRetries||r,i=e.fastFail||i}else c=t;typeof n==`string`?c+=`/${n}`:(f(n),n.property&&(c+=`/${n.property}`),new Headers(n.headers).forEach((e,t)=>o.set(t,e)),l=n.params||l);let p=i?m:a.request,h={url:`${d()}/${c}`,headers:o,retryConfig:{noResponseRetries:r},params:l,responseType:`text`,timeout:T()};u.info(`instance request %j`,h);let g=await p(h);u.info(`instance metadata is %s`,g.data);let _=g.headers.get(e.HEADER_NAME);if(_!==e.HEADER_VALUE)throw RangeError(`Invalid response from metadata service: incorrect ${e.HEADER_NAME} header. Expected '${e.HEADER_VALUE}', got ${_?`'${_}'`:`no header`}`);if(typeof g.data==`string`)try{return s.parse(g.data)}catch{}return g.data}async function m(t){let n={...t,url:t.url?.toString().replace(d(),d(e.SECONDARY_HOST_ADDRESS))},r=(0,a.request)(t),i=(0,a.request)(n);return Promise.any([r,i])}function h(e){return p(`instance`,e)}function g(e){return p(`project`,e)}function _(e){return p(`universe`,e)}async function v(e){let t={};return await Promise.all(e.map(e=>(async()=>{let n=await p(e),r=e.metadataKey;t[r]=n})())),t}function y(){return process.env.DETECT_GCP_RETRIES?Number(process.env.DETECT_GCP_RETRIES):0}let b;async function x(){if(process.env.METADATA_SERVER_DETECTION){let t=process.env.METADATA_SERVER_DETECTION.trim().toLocaleLowerCase();if(!(t in e.METADATA_SERVER_DETECTION))throw RangeError(`Unknown \`METADATA_SERVER_DETECTION\` env variable. Got \`${t}\`, but it should be \`${Object.keys(e.METADATA_SERVER_DETECTION).join("`, `")}\`, or unset`);switch(t){case`assume-present`:return!0;case`none`:return!1;case`bios-only`:return C();case`ping-only`:}}try{return b===void 0&&(b=p(`instance`,void 0,y(),!(process.env.GCE_METADATA_IP||process.env.GCE_METADATA_HOST))),await b,!0}catch(e){let t=e;if(process.env.DEBUG_AUTH&&console.info(t),t.type===`request-timeout`||t.response&&t.response.status===404)return!1;if(!(t.response&&t.response.status===404)&&(!t.code||![`EHOSTDOWN`,`EHOSTUNREACH`,`ENETUNREACH`,`ENOENT`,`ENOTFOUND`,`ECONNREFUSED`].includes(t.code.toString()))){let e=`UNKNOWN`;t.code&&(e=t.code.toString()),process.emitWarning(`received unexpected error = ${t.message} code = ${e}`,`MetadataLookupWarning`)}return!1}}function S(){b=void 0}e.gcpResidencyCache=null;function C(){return e.gcpResidencyCache===null&&w(),e.gcpResidencyCache}function w(t=null){e.gcpResidencyCache=t===null?(0,c.detectGCPResidency)():t}function T(){return C()?0:3e3}i(O(),e)})),ne=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.fromArrayBufferToHex=t;function t(e){return Array.from(new Uint8Array(e)).map(e=>e.toString(16).padStart(2,`0`)).join(``)}})),re=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.BrowserCrypto=void 0;let t=c(),n=ne();e.BrowserCrypto=class e{constructor(){if(typeof window>`u`||window.crypto===void 0||window.crypto.subtle===void 0)throw Error(`SubtleCrypto not found. Make sure it's an https:// website.`)}async sha256DigestBase64(e){let n=new TextEncoder().encode(e),r=await window.crypto.subtle.digest(`SHA-256`,n);return t.fromByteArray(new Uint8Array(r))}randomBytesBase64(e){let n=new Uint8Array(e);return window.crypto.getRandomValues(n),t.fromByteArray(n)}static padBase64(e){for(;e.length%4!=0;)e+=`=`;return e}async verify(n,r,i){let a={name:`RSASSA-PKCS1-v1_5`,hash:{name:`SHA-256`}},o=new TextEncoder().encode(r),s=t.toByteArray(e.padBase64(i)),c=await window.crypto.subtle.importKey(`jwk`,n,a,!0,[`verify`]);return await window.crypto.subtle.verify(a,c,Buffer.from(s),o)}async sign(e,n){let r={name:`RSASSA-PKCS1-v1_5`,hash:{name:`SHA-256`}},i=new TextEncoder().encode(n),a=await window.crypto.subtle.importKey(`jwk`,e,r,!0,[`sign`]),o=await window.crypto.subtle.sign(r,a,i);return t.fromByteArray(new Uint8Array(o))}decodeBase64StringUtf8(n){let r=t.toByteArray(e.padBase64(n));return new TextDecoder().decode(r)}encodeBase64StringUtf8(e){let n=new TextEncoder().encode(e);return t.fromByteArray(n)}async sha256DigestHex(e){let t=new TextEncoder().encode(e),r=await window.crypto.subtle.digest(`SHA-256`,t);return(0,n.fromArrayBufferToHex)(r)}async signWithHmacSha256(e,t){let n=typeof e==`string`?e:String.fromCharCode(...new Uint16Array(e)),r=new TextEncoder,i=await window.crypto.subtle.importKey(`raw`,r.encode(n),{name:`HMAC`,hash:{name:`SHA-256`}},!1,[`sign`]);return window.crypto.subtle.sign(`HMAC`,i,r.encode(t))}}})),ie=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.NodeCrypto=void 0;let n=t(`crypto`);e.NodeCrypto=class{async sha256DigestBase64(e){return n.createHash(`sha256`).update(e).digest(`base64`)}randomBytesBase64(e){return n.randomBytes(e).toString(`base64`)}async verify(e,t,r){let i=n.createVerify(`RSA-SHA256`);return i.update(t),i.end(),i.verify(e,r,`base64`)}async sign(e,t){let r=n.createSign(`RSA-SHA256`);return r.update(t),r.end(),r.sign(e,`base64`)}decodeBase64StringUtf8(e){return Buffer.from(e,`base64`).toString(`utf-8`)}encodeBase64StringUtf8(e){return Buffer.from(e,`utf-8`).toString(`base64`)}async sha256DigestHex(e){return n.createHash(`sha256`).update(e).digest(`hex`)}async signWithHmacSha256(e,t){let a=typeof e==`string`?e:i(e);return r(n.createHmac(`sha256`,a).update(t).digest())}};function r(e){let t=new ArrayBuffer(e.length),n=new Uint8Array(t);for(let t=0;t<e.length;++t)n[t]=e[t];return t}function i(e){return Buffer.from(e)}})),ae=n((e=>{var t=e&&e.__createBinding||(Object.create?(function(e,t,n,r){r===void 0&&(r=n);var i=Object.getOwnPropertyDescriptor(t,n);(!i||(`get`in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,i)}):(function(e,t,n,r){r===void 0&&(r=n),e[r]=t[n]})),n=e&&e.__exportStar||function(e,n){for(var r in e)r!==`default`&&!Object.prototype.hasOwnProperty.call(n,r)&&t(n,e,r)};Object.defineProperty(e,`__esModule`,{value:!0}),e.createCrypto=a,e.hasBrowserCrypto=o;let r=re(),i=ie();n(ne(),e);function a(){return o()?new r.BrowserCrypto:new i.NodeCrypto}function o(){return typeof window<`u`&&window.crypto!==void 0&&window.crypto.subtle!==void 0}})),j=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.LRUCache=void 0,e.snakeToCamel=o,e.originalOrCamelOptions=s,e.removeUndefinedValuesInObject=c,e.isValidFile=l,e.getWellKnownCertificateConfigFileLocation=u;let n=t(`fs`),r=t(`os`),i=t(`path`),a=`gcloud`;function o(e){return e.replace(/([_][^_])/g,e=>e.slice(1).toUpperCase())}function s(e){function t(t){let n=e||{};return n[t]??n[o(t)]}return{get:t}}e.LRUCache=class{capacity;#e=new Map;maxAge;constructor(e){this.capacity=e.capacity,this.maxAge=e.maxAge}#t(e,t){this.#e.delete(e),this.#e.set(e,{value:t,lastAccessed:Date.now()})}set(e,t){this.#t(e,t),this.#n()}get(e){let t=this.#e.get(e);if(t)return this.#t(e,t.value),this.#n(),t.value}#n(){let e=this.maxAge?Date.now()-this.maxAge:0,t=this.#e.entries().next();for(;!t.done&&(this.#e.size>this.capacity||t.value[1].lastAccessed<e);)this.#e.delete(t.value[0]),t=this.#e.entries().next()}};function c(e){return Object.entries(e).forEach(([t,n])=>{(n===void 0||n===`undefined`)&&delete e[t]}),e}async function l(e){try{return(await n.promises.lstat(e)).isFile()}catch{return!1}}function u(){let e=process.env.CLOUDSDK_CONFIG||(d()?i.join(process.env.APPDATA||``,a):i.join(process.env.HOME||``,`.config`,a));return i.join(e,`certificate_config.json`)}function d(){return r.platform().startsWith(`win`)}})),oe=n(((e,t)=>{t.exports={name:`google-auth-library`,version:`10.6.2`,author:`Google Inc.`,description:`Google APIs Authentication Client Library for Node.js`,engines:{node:`>=18`},main:`./build/src/index.js`,types:`./build/src/index.d.ts`,repository:{type:`git`,directory:`packages/google-auth-library-nodejs`,url:`https://github.com/googleapis/google-cloud-node-core.git`},keywords:[`google`,`api`,`google apis`,`client`,`client library`],dependencies:{"base64-js":`^1.3.0`,"ecdsa-sig-formatter":`^1.0.11`,gaxios:`^7.1.4`,"gcp-metadata":`8.1.2`,"google-logging-utils":`1.1.3`,jws:`^4.0.0`},devDependencies:{"@types/base64-js":`^1.2.5`,"@types/jws":`^3.1.0`,"@types/mocha":`^10.0.10`,"@types/mv":`^2.1.0`,"@types/ncp":`^2.0.8`,"@types/node":`^24.0.0`,"@types/sinon":`^21.0.0`,"assert-rejects":`^1.0.0`,c8:`^10.1.3`,codecov:`^3.8.3`,gts:`^6.0.2`,"is-docker":`^3.0.0`,jsdoc:`^4.0.4`,"jsdoc-fresh":`^5.0.0`,"jsdoc-region-tag":`^4.0.0`,karma:`^6.0.0`,"karma-chrome-launcher":`^3.0.0`,"karma-coverage":`^2.0.0`,"karma-firefox-launcher":`^2.0.0`,"karma-mocha":`^2.0.0`,"karma-sourcemap-loader":`^0.4.0`,"karma-webpack":`^5.0.1`,keypair:`^1.0.4`,mocha:`^11.1.0`,mv:`^2.1.1`,ncp:`^2.0.0`,nock:`^14.0.5`,"null-loader":`^4.0.1`,puppeteer:`^24.0.0`,sinon:`^21.0.0`,"ts-loader":`^9.5.2`,typescript:`5.8.3`,webpack:`^5.97.1`,"webpack-cli":`^6.0.1`},files:[`build/src`,`!build/src/**/*.map`],scripts:{test:`c8 mocha build/test`,clean:`gts clean`,prepare:`npm run compile`,lint:`gts check --no-inline-config`,compile:`tsc -p .`,fix:`gts fix`,pretest:`npm run compile -- --sourceMap`,docs:`jsdoc -c .jsdoc.js`,"samples-setup":`cd samples/ && npm link ../ && npm run setup && cd ../`,"samples-test":`cd samples/ && npm link ../ && npm test && cd ../`,"system-test":`mocha build/system-test --timeout 60000`,"presystem-test":`npm run compile -- --sourceMap`,webpack:`webpack`,"browser-test":`karma start`,"docs-test":`echo 'disabled until linkinator is fixed'`,"predocs-test":`npm run docs`,prelint:`cd samples; npm link ../; npm install`},license:`Apache-2.0`,homepage:`https://github.com/googleapis/google-cloud-node-core/tree/main/packages/google-auth-library-nodejs`}})),se=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.USER_AGENT=e.PRODUCT_NAME=e.pkg=void 0;let t=oe();e.pkg=t;let n=`google-api-nodejs-client`;e.PRODUCT_NAME=n,e.USER_AGENT=`${n}/${t.version}`})),M=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.AuthClient=e.DEFAULT_EAGER_REFRESH_THRESHOLD_MILLIS=e.DEFAULT_UNIVERSE=void 0;let n=t(`events`),r=D(),i=j(),a=te(),o=se();e.DEFAULT_UNIVERSE=`googleapis.com`,e.DEFAULT_EAGER_REFRESH_THRESHOLD_MILLIS=300*1e3,e.AuthClient=class t extends n.EventEmitter{apiKey;projectId;quotaProjectId;transporter;credentials={};eagerRefreshThresholdMillis=e.DEFAULT_EAGER_REFRESH_THRESHOLD_MILLIS;forceRefreshOnFailure=!1;universeDomain=e.DEFAULT_UNIVERSE;static RequestMethodNameSymbol=Symbol(`request method name`);static RequestLogIdSymbol=Symbol(`request log id`);constructor(n={}){super();let a=(0,i.originalOrCamelOptions)(n);this.apiKey=n.apiKey,this.projectId=a.get(`project_id`)??null,this.quotaProjectId=a.get(`quota_project_id`),this.credentials=a.get(`credentials`)??{},this.universeDomain=a.get(`universe_domain`)??e.DEFAULT_UNIVERSE,this.transporter=n.transporter??new r.Gaxios(n.transporterOptions),a.get(`useAuthRequestParameters`)!==!1&&(this.transporter.interceptors.request.add(t.DEFAULT_REQUEST_INTERCEPTOR),this.transporter.interceptors.response.add(t.DEFAULT_RESPONSE_INTERCEPTOR)),n.eagerRefreshThresholdMillis&&(this.eagerRefreshThresholdMillis=n.eagerRefreshThresholdMillis),this.forceRefreshOnFailure=n.forceRefreshOnFailure??!1}fetch(...e){let t=e[0],n=e[1],i,a=new Headers;return typeof t==`string`?i=new URL(t):t instanceof URL?i=t:t&&t.url&&(i=new URL(t.url)),t&&typeof t==`object`&&`headers`in t&&r.Gaxios.mergeHeaders(a,t.headers),n&&r.Gaxios.mergeHeaders(a,new Headers(n.headers)),typeof t==`object`&&!(t instanceof URL)?this.request({...n,...t,headers:a,url:i}):this.request({...n,headers:a,url:i})}setCredentials(e){this.credentials=e}addSharedMetadataHeaders(e){return!e.has(`x-goog-user-project`)&&this.quotaProjectId&&e.set(`x-goog-user-project`,this.quotaProjectId),e}addUserProjectAndAuthHeaders(e,t){let n=t.get(`x-goog-user-project`),r=t.get(`authorization`);return n&&e.set(`x-goog-user-project`,n),r&&e.set(`authorization`,r),e}static log=(0,a.log)(`auth`);static DEFAULT_REQUEST_INTERCEPTOR={resolved:async e=>{if(!e.headers.has(`x-goog-api-client`)){let t=process.version.replace(/^v/,``);e.headers.set(`x-goog-api-client`,`gl-node/${t}`)}let n=e.headers.get(`User-Agent`);n?n.includes(`${o.PRODUCT_NAME}/`)||e.headers.set(`User-Agent`,`${n} ${o.USER_AGENT}`):e.headers.set(`User-Agent`,o.USER_AGENT);try{let n=e,r=n[t.RequestMethodNameSymbol],i=`${Math.floor(Math.random()*1e3)}`;n[t.RequestLogIdSymbol]=i;let a={url:e.url,headers:e.headers};r?t.log.info(`%s [%s] request %j`,r,i,a):t.log.info(`[%s] request %j`,i,a)}catch{}return e}};static DEFAULT_RESPONSE_INTERCEPTOR={resolved:async e=>{try{let n=e.config,r=n[t.RequestMethodNameSymbol],i=n[t.RequestLogIdSymbol];r?t.log.info(`%s [%s] response %j`,r,i,e.data):t.log.info(`[%s] response %j`,i,e.data)}catch{}return e},rejected:async e=>{try{let n=e.config,r=n[t.RequestMethodNameSymbol],i=n[t.RequestLogIdSymbol];r?t.log.info(`%s [%s] error %j`,r,i,e.response?.data):t.log.error(`[%s] error %j`,i,e.response?.data)}catch{}throw e}};static setMethodName(e,n){try{let r=e;r[t.RequestMethodNameSymbol]=n}catch{}}static get RETRY_CONFIG(){return{retry:!0,retryConfig:{httpMethodsToRetry:[`GET`,`PUT`,`POST`,`HEAD`,`OPTIONS`,`DELETE`]}}}}})),ce=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.LoginTicket=void 0,e.LoginTicket=class{envelope;payload;constructor(e,t){this.envelope=e,this.payload=t}getEnvelope(){return this.envelope}getPayload(){return this.payload}getUserId(){let e=this.getPayload();return e&&e.sub?e.sub:null}getAttributes(){return{envelope:this.getEnvelope(),payload:this.getPayload()}}}})),le=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.OAuth2Client=e.ClientAuthentication=e.CertificateFormat=e.CodeChallengeMethod=void 0;let n=D(),r=t(`querystring`),i=t(`stream`),a=s(),o=j(),c=ae(),l=M(),u=ce();var d;(function(e){e.Plain=`plain`,e.S256=`S256`})(d||(e.CodeChallengeMethod=d={}));var f;(function(e){e.PEM=`PEM`,e.JWK=`JWK`})(f||(e.CertificateFormat=f={}));var p;(function(e){e.ClientSecretPost=`ClientSecretPost`,e.ClientSecretBasic=`ClientSecretBasic`,e.None=`None`})(p||(e.ClientAuthentication=p={})),e.OAuth2Client=class e extends l.AuthClient{redirectUri;certificateCache={};certificateExpiry=null;certificateCacheFormat=f.PEM;refreshTokenPromises=new Map;endpoints;issuers;clientAuthentication;_clientId;_clientSecret;refreshHandler;constructor(e={},t,n){super(typeof e==`object`?e:{}),typeof e!=`object`&&(e={clientId:e,clientSecret:t,redirectUri:n}),this._clientId=e.clientId||e.client_id,this._clientSecret=e.clientSecret||e.client_secret,this.redirectUri=e.redirectUri||e.redirect_uris?.[0],this.endpoints={tokenInfoUrl:`https://oauth2.googleapis.com/tokeninfo`,oauth2AuthBaseUrl:`https://accounts.google.com/o/oauth2/v2/auth`,oauth2TokenUrl:`https://oauth2.googleapis.com/token`,oauth2RevokeUrl:`https://oauth2.googleapis.com/revoke`,oauth2FederatedSignonPemCertsUrl:`https://www.googleapis.com/oauth2/v1/certs`,oauth2FederatedSignonJwkCertsUrl:`https://www.googleapis.com/oauth2/v3/certs`,oauth2IapPublicKeyUrl:`https://www.gstatic.com/iap/verify/public_key`,...e.endpoints},this.clientAuthentication=e.clientAuthentication||p.ClientSecretPost,this.issuers=e.issuers||[`accounts.google.com`,`https://accounts.google.com`,this.universeDomain]}static GOOGLE_TOKEN_INFO_URL=`https://oauth2.googleapis.com/tokeninfo`;static CLOCK_SKEW_SECS_=300;static DEFAULT_MAX_TOKEN_LIFETIME_SECS_=86400;generateAuthUrl(e={}){if(e.code_challenge_method&&!e.code_challenge)throw Error(`If a code_challenge_method is provided, code_challenge must be included.`);return e.response_type=e.response_type||`code`,e.client_id=e.client_id||this._clientId,e.redirect_uri=e.redirect_uri||this.redirectUri,Array.isArray(e.scope)&&(e.scope=e.scope.join(` `)),this.endpoints.oauth2AuthBaseUrl.toString()+`?`+r.stringify(e)}generateCodeVerifier(){throw Error(`generateCodeVerifier is removed, please use generateCodeVerifierAsync instead.`)}async generateCodeVerifierAsync(){let e=(0,c.createCrypto)(),t=e.randomBytesBase64(96).replace(/\+/g,`~`).replace(/=/g,`_`).replace(/\//g,`-`);return{codeVerifier:t,codeChallenge:(await e.sha256DigestBase64(t)).split(`=`)[0].replace(/\+/g,`-`).replace(/\//g,`_`)}}getToken(e,t){let n=typeof e==`string`?{code:e}:e;if(t)this.getTokenAsync(n).then(e=>t(null,e.tokens,e.res),e=>t(e,null,e.response));else return this.getTokenAsync(n)}async getTokenAsync(t){let n=this.endpoints.oauth2TokenUrl.toString(),r=new Headers,i={client_id:t.client_id||this._clientId,code_verifier:t.codeVerifier,code:t.code,grant_type:`authorization_code`,redirect_uri:t.redirect_uri||this.redirectUri};if(this.clientAuthentication===p.ClientSecretBasic){let e=Buffer.from(`${this._clientId}:${this._clientSecret}`);r.set(`authorization`,`Basic ${e.toString(`base64`)}`)}this.clientAuthentication===p.ClientSecretPost&&(i.client_secret=this._clientSecret);let a={...e.RETRY_CONFIG,method:`POST`,url:n,data:new URLSearchParams((0,o.removeUndefinedValuesInObject)(i)),headers:r};l.AuthClient.setMethodName(a,`getTokenAsync`);let s=await this.transporter.request(a),c=s.data;return s.data&&s.data.expires_in&&(c.expiry_date=new Date().getTime()+s.data.expires_in*1e3,delete c.expires_in),this.emit(`tokens`,c),{tokens:c,res:s}}async refreshToken(e){if(!e)return this.refreshTokenNoCache(e);if(this.refreshTokenPromises.has(e))return this.refreshTokenPromises.get(e);let t=this.refreshTokenNoCache(e).then(t=>(this.refreshTokenPromises.delete(e),t),t=>{throw this.refreshTokenPromises.delete(e),t});return this.refreshTokenPromises.set(e,t),t}async refreshTokenNoCache(t){if(!t)throw Error(`No refresh token is set.`);let r=this.endpoints.oauth2TokenUrl.toString(),i={refresh_token:t,client_id:this._clientId,client_secret:this._clientSecret,grant_type:`refresh_token`},a;try{let t={...e.RETRY_CONFIG,method:`POST`,url:r,data:new URLSearchParams((0,o.removeUndefinedValuesInObject)(i))};l.AuthClient.setMethodName(t,`refreshTokenNoCache`),a=await this.transporter.request(t)}catch(e){throw e instanceof n.GaxiosError&&e.message===`invalid_grant`&&e.response?.data&&/ReAuth/i.test(e.response.data.error_description)&&(e.message=JSON.stringify(e.response.data)),e}let s=a.data;return a.data&&a.data.expires_in&&(s.expiry_date=new Date().getTime()+a.data.expires_in*1e3,delete s.expires_in),this.emit(`tokens`,s),{tokens:s,res:a}}refreshAccessToken(e){if(e)this.refreshAccessTokenAsync().then(t=>e(null,t.credentials,t.res),e);else return this.refreshAccessTokenAsync()}async refreshAccessTokenAsync(){let e=await this.refreshToken(this.credentials.refresh_token),t=e.tokens;return t.refresh_token=this.credentials.refresh_token,this.credentials=t,{credentials:this.credentials,res:e.res}}getAccessToken(e){if(e)this.getAccessTokenAsync().then(t=>e(null,t.token,t.res),e);else return this.getAccessTokenAsync()}async getAccessTokenAsync(){if(!this.credentials.access_token||this.isTokenExpiring()){if(!this.credentials.refresh_token)if(this.refreshHandler){let e=await this.processAndValidateRefreshHandler();if(e?.access_token)return this.setCredentials(e),{token:this.credentials.access_token}}else throw Error(`No refresh token or refresh handler callback is set.`);let e=await this.refreshAccessTokenAsync();if(!e.credentials||e.credentials&&!e.credentials.access_token)throw Error(`Could not refresh access token.`);return{token:e.credentials.access_token,res:e.res}}else return{token:this.credentials.access_token}}async getRequestHeaders(e){return(await this.getRequestMetadataAsync(e)).headers}async getRequestMetadataAsync(e){let t=this.credentials;if(!t.access_token&&!t.refresh_token&&!this.apiKey&&!this.refreshHandler)throw Error(`No access, refresh token, API key or refresh handler callback is set.`);if(t.access_token&&!this.isTokenExpiring()){t.token_type=t.token_type||`Bearer`;let e=new Headers({authorization:t.token_type+` `+t.access_token});return{headers:this.addSharedMetadataHeaders(e)}}if(this.refreshHandler){let e=await this.processAndValidateRefreshHandler();if(e?.access_token){this.setCredentials(e);let t=new Headers({authorization:`Bearer `+this.credentials.access_token});return{headers:this.addSharedMetadataHeaders(t)}}}if(this.apiKey)return{headers:new Headers({"X-Goog-Api-Key":this.apiKey})};let n=null,r=null;try{n=await this.refreshToken(t.refresh_token),r=n.tokens}catch(e){let t=e;throw t.response&&(t.response.status===403||t.response.status===404)&&(t.message=`Could not refresh access token: ${t.message}`),t}let i=this.credentials;i.token_type=i.token_type||`Bearer`,r.refresh_token=i.refresh_token,this.credentials=r;let a=new Headers({authorization:i.token_type+` `+r.access_token});return{headers:this.addSharedMetadataHeaders(a),res:n.res}}static getRevokeTokenUrl(t){return new e().getRevokeTokenURL(t).toString()}getRevokeTokenURL(e){let t=new URL(this.endpoints.oauth2RevokeUrl);return t.searchParams.append(`token`,e),t}revokeToken(t,n){let r={...e.RETRY_CONFIG,url:this.getRevokeTokenURL(t).toString(),method:`POST`};if(l.AuthClient.setMethodName(r,`revokeToken`),n)this.transporter.request(r).then(e=>n(null,e),n);else return this.transporter.request(r)}revokeCredentials(e){if(e)this.revokeCredentialsAsync().then(t=>e(null,t),e);else return this.revokeCredentialsAsync()}async revokeCredentialsAsync(){let e=this.credentials.access_token;if(this.credentials={},e)return this.revokeToken(e);throw Error(`No access token to revoke.`)}request(e,t){if(t)this.requestAsync(e).then(e=>t(null,e),e=>t(e,e.response));else return this.requestAsync(e)}async requestAsync(e,t=!1){try{let t=await this.getRequestMetadataAsync();return e.headers=n.Gaxios.mergeHeaders(e.headers),this.addUserProjectAndAuthHeaders(e.headers,t.headers),this.apiKey&&e.headers.set(`X-Goog-Api-Key`,this.apiKey),await this.transporter.request(e)}catch(n){let r=n.response;if(r){let n=r.status,a=this.credentials&&this.credentials.access_token&&this.credentials.refresh_token&&(!this.credentials.expiry_date||this.forceRefreshOnFailure),o=this.credentials&&this.credentials.access_token&&!this.credentials.refresh_token&&(!this.credentials.expiry_date||this.forceRefreshOnFailure)&&this.refreshHandler,s=r.config.data instanceof i.Readable,c=n===401||n===403;if(!t&&c&&!s&&a)return await this.refreshAccessTokenAsync(),this.requestAsync(e,!0);if(!t&&c&&!s&&o){let t=await this.processAndValidateRefreshHandler();return t?.access_token&&this.setCredentials(t),this.requestAsync(e,!0)}}throw n}}verifyIdToken(e,t){if(t&&typeof t!=`function`)throw Error(`This method accepts an options object as the first parameter, which includes the idToken, audience, and maxExpiry.`);if(t)this.verifyIdTokenAsync(e).then(e=>t(null,e),t);else return this.verifyIdTokenAsync(e)}async verifyIdTokenAsync(e){if(!e.idToken)throw Error(`The verifyIdToken method requires an ID Token`);let t=await this.getFederatedSignonCertsAsync();return await this.verifySignedJwtWithCertsAsync(e.idToken,t.certs,e.audience,this.issuers,e.maxExpiry)}async getTokenInfo(t){let{data:n}=await this.transporter.request({...e.RETRY_CONFIG,method:`POST`,headers:{"content-type":`application/x-www-form-urlencoded;charset=UTF-8`,authorization:`Bearer ${t}`},url:this.endpoints.tokenInfoUrl.toString()}),r=Object.assign({expiry_date:new Date().getTime()+n.expires_in*1e3,scopes:n.scope.split(` `)},n);return delete r.expires_in,delete r.scope,r}getFederatedSignonCerts(e){if(e)this.getFederatedSignonCertsAsync().then(t=>e(null,t.certs,t.res),e);else return this.getFederatedSignonCertsAsync()}async getFederatedSignonCertsAsync(){let t=new Date().getTime(),n=(0,c.hasBrowserCrypto)()?f.JWK:f.PEM;if(this.certificateExpiry&&t<this.certificateExpiry.getTime()&&this.certificateCacheFormat===n)return{certs:this.certificateCache,format:n};let r,i;switch(n){case f.PEM:i=this.endpoints.oauth2FederatedSignonPemCertsUrl.toString();break;case f.JWK:i=this.endpoints.oauth2FederatedSignonJwkCertsUrl.toString();break;default:throw Error(`Unsupported certificate format ${n}`)}try{let t={...e.RETRY_CONFIG,url:i};l.AuthClient.setMethodName(t,`getFederatedSignonCertsAsync`),r=await this.transporter.request(t)}catch(e){throw e instanceof Error&&(e.message=`Failed to retrieve verification certificates: ${e.message}`),e}let a=r?.headers.get(`cache-control`),o=-1;if(a){let e=/max-age=(?<maxAge>[0-9]+)/.exec(a)?.groups?.maxAge;e&&(o=Number(e)*1e3)}let s={};switch(n){case f.PEM:s=r.data;break;case f.JWK:for(let e of r.data.keys)s[e.kid]=e;break;default:throw Error(`Unsupported certificate format ${n}`)}let u=new Date;return this.certificateExpiry=o===-1?null:new Date(u.getTime()+o),this.certificateCache=s,this.certificateCacheFormat=n,{certs:s,format:n,res:r}}getIapPublicKeys(e){if(e)this.getIapPublicKeysAsync().then(t=>e(null,t.pubkeys,t.res),e);else return this.getIapPublicKeysAsync()}async getIapPublicKeysAsync(){let t,n=this.endpoints.oauth2IapPublicKeyUrl.toString();try{let r={...e.RETRY_CONFIG,url:n};l.AuthClient.setMethodName(r,`getIapPublicKeysAsync`),t=await this.transporter.request(r)}catch(e){throw e instanceof Error&&(e.message=`Failed to retrieve verification certificates: ${e.message}`),e}return{pubkeys:t.data,res:t}}verifySignedJwtWithCerts(){throw Error(`verifySignedJwtWithCerts is removed, please use verifySignedJwtWithCertsAsync instead.`)}async verifySignedJwtWithCertsAsync(t,n,r,i,o){let s=(0,c.createCrypto)();o||=e.DEFAULT_MAX_TOKEN_LIFETIME_SECS_;let l=t.split(`.`);if(l.length!==3)throw Error(`Wrong number of segments in token: `+t);let d=l[0]+`.`+l[1],f=l[2],p,m;try{p=JSON.parse(s.decodeBase64StringUtf8(l[0]))}catch(e){throw e instanceof Error&&(e.message=`Can't parse token envelope: ${l[0]}': ${e.message}`),e}if(!p)throw Error(`Can't parse token envelope: `+l[0]);try{m=JSON.parse(s.decodeBase64StringUtf8(l[1]))}catch(e){throw e instanceof Error&&(e.message=`Can't parse token payload '${l[0]}`),e}if(!m)throw Error(`Can't parse token payload: `+l[1]);if(!Object.prototype.hasOwnProperty.call(n,p.kid))throw Error(`No pem found for envelope: `+JSON.stringify(p));let h=n[p.kid];if(p.alg===`ES256`&&(f=a.joseToDer(f,`ES256`).toString(`base64`)),!await s.verify(h,d,f))throw Error(`Invalid token signature: `+t);if(!m.iat)throw Error(`No issue time in token: `+JSON.stringify(m));if(!m.exp)throw Error(`No expiration time in token: `+JSON.stringify(m));let g=Number(m.iat);if(isNaN(g))throw Error(`iat field using invalid format`);let _=Number(m.exp);if(isNaN(_))throw Error(`exp field using invalid format`);let v=new Date().getTime()/1e3;if(_>=v+o)throw Error(`Expiration time too far in future: `+JSON.stringify(m));let y=g-e.CLOCK_SKEW_SECS_,b=_+e.CLOCK_SKEW_SECS_;if(v<y)throw Error(`Token used too early, `+v+` < `+y+`: `+JSON.stringify(m));if(v>b)throw Error(`Token used too late, `+v+` > `+b+`: `+JSON.stringify(m));if(i&&i.indexOf(m.iss)<0)throw Error(`Invalid issuer, expected one of [`+i+`], but got `+m.iss);if(r!=null){let e=m.aud,t=!1;if(t=r.constructor===Array?r.indexOf(e)>-1:e===r,!t)throw Error(`Wrong recipient, payload audience != requiredAudience`)}return new u.LoginTicket(p,m)}async processAndValidateRefreshHandler(){if(this.refreshHandler){let e=await this.refreshHandler();if(!e.access_token)throw Error(`No access token is returned by the refreshHandler callback.`);return e}}isTokenExpiring(){let e=this.credentials.expiry_date;return e?e<=new Date().getTime()+this.eagerRefreshThresholdMillis:!1}}})),ue=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.Compute=void 0;let t=D(),n=A(),r=le();e.Compute=class extends r.OAuth2Client{serviceAccountEmail;scopes;constructor(e={}){super(e),this.credentials={expiry_date:1,refresh_token:`compute-placeholder`},this.serviceAccountEmail=e.serviceAccountEmail||`default`,this.scopes=Array.isArray(e.scopes)?e.scopes:e.scopes?[e.scopes]:[]}async refreshTokenNoCache(){let e=`service-accounts/${this.serviceAccountEmail}/token`,r;try{let t={property:e};this.scopes.length>0&&(t.params={scopes:this.scopes.join(`,`)}),r=await n.instance(t)}catch(e){throw e instanceof t.GaxiosError&&(e.message=`Could not refresh access token: ${e.message}`,this.wrapError(e)),e}let i=r;return r&&r.expires_in&&(i.expiry_date=new Date().getTime()+r.expires_in*1e3,delete i.expires_in),this.emit(`tokens`,i),{tokens:i,res:null}}async fetchIdToken(e){let t=`service-accounts/${this.serviceAccountEmail}/identity?format=full&audience=${e}`,r;try{let e={property:t};r=await n.instance(e)}catch(e){throw e instanceof Error&&(e.message=`Could not fetch ID token: ${e.message}`),e}return r}wrapError(e){let t=e.response;t&&t.status&&(e.status=t.status,t.status===403?e.message=`A Forbidden error was returned while attempting to retrieve an access token for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have the correct permission scopes specified: `+e.message:t.status===404&&(e.message=`A Not Found error was returned while attempting to retrieve an accesstoken for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have any permission scopes specified: `+e.message))}}})),de=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.IdTokenClient=void 0;let t=le();e.IdTokenClient=class extends t.OAuth2Client{targetAudience;idTokenProvider;constructor(e){super(e),this.targetAudience=e.targetAudience,this.idTokenProvider=e.idTokenProvider}async getRequestMetadataAsync(){if(!this.credentials.id_token||!this.credentials.expiry_date||this.isTokenExpiring()){let e=await this.idTokenProvider.fetchIdToken(this.targetAudience);this.credentials={id_token:e,expiry_date:this.getIdTokenExpiryDate(e)}}return{headers:new Headers({authorization:`Bearer `+this.credentials.id_token})}}getIdTokenExpiryDate(e){let t=e.split(`.`)[1];if(t)return JSON.parse(Buffer.from(t,`base64`).toString(`ascii`)).exp*1e3}}})),fe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.GCPEnv=void 0,e.clear=i,e.getEnv=a;let t=A();var n;(function(e){e.APP_ENGINE=`APP_ENGINE`,e.KUBERNETES_ENGINE=`KUBERNETES_ENGINE`,e.CLOUD_FUNCTIONS=`CLOUD_FUNCTIONS`,e.COMPUTE_ENGINE=`COMPUTE_ENGINE`,e.CLOUD_RUN=`CLOUD_RUN`,e.CLOUD_RUN_JOBS=`CLOUD_RUN_JOBS`,e.NONE=`NONE`})(n||(e.GCPEnv=n={}));let r;function i(){r=void 0}async function a(){return r||(r=o(),r)}async function o(){let e=n.NONE;return e=s()?n.APP_ENGINE:c()?n.CLOUD_FUNCTIONS:await f()?await d()?n.KUBERNETES_ENGINE:l()?n.CLOUD_RUN:u()?n.CLOUD_RUN_JOBS:n.COMPUTE_ENGINE:n.NONE,e}function s(){return!!(process.env.GAE_SERVICE||process.env.GAE_MODULE_NAME)}function c(){return!!(process.env.FUNCTION_NAME||process.env.FUNCTION_TARGET)}function l(){return!!process.env.K_CONFIGURATION}function u(){return!!process.env.CLOUD_RUN_JOB}async function d(){try{return await t.instance(`attributes/cluster-name`),!0}catch{return!1}}async function f(){return t.isAvailable()}})),pe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.buildPayloadForJwsSign=n,e.getJwsSign=r;let t=l();function n(e){let t=Math.floor(new Date().getTime()/1e3);return{iss:e.iss,scope:e.scope,aud:`https://oauth2.googleapis.com/token`,exp:t+3600,iat:t,sub:e.sub,...e.additionalClaims}}function r(e){let r=n(e);return(0,t.sign)({header:{alg:`RS256`},payload:r,secret:e.key})}})),me=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.getToken=r;let t=pe(),n=e=>({method:`POST`,url:`https://oauth2.googleapis.com/token`,data:new URLSearchParams({grant_type:`urn:ietf:params:oauth:grant-type:jwt-bearer`,assertion:(0,t.getJwsSign)(e)}),responseType:`json`,retryConfig:{httpMethodsToRetry:[`POST`]}});async function r(e){if(!e.transporter)throw Error(`No transporter set.`);try{let t=n(e);return(await e.transporter.request(t)).data}catch(e){let t=e,n=t.response?.data;throw n?.error&&(t.message=`${n.error}: ${n.error_description}`),t}}})),he=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.ErrorWithCode=void 0,e.ErrorWithCode=class extends Error{code;constructor(e,t){super(e),this.code=t}}})),ge=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.getCredentials=f;let n=t(`path`),r=t(`fs`),i=t(`util`),a=he(),o=r.readFile?(0,i.promisify)(r.readFile):async()=>{throw new a.ErrorWithCode(`use key rather than keyFile.`,`MISSING_CREDENTIALS`)};var s;(function(e){e.JSON=`.json`,e.DER=`.der`,e.CRT=`.crt`,e.PEM=`.pem`,e.P12=`.p12`,e.PFX=`.pfx`})(s||={});var c=class{keyFilePath;constructor(e){this.keyFilePath=e}async getCredentials(){let e=await o(this.keyFilePath,`utf8`),t;try{t=JSON.parse(e)}catch(e){throw Error(`Invalid JSON key file: ${e.message}`)}let n=t.private_key,r=t.client_email;if(!n||!r)throw new a.ErrorWithCode(`private_key and client_email are required.`,`MISSING_CREDENTIALS`);return{privateKey:n,clientEmail:r}}},l=class{keyFilePath;constructor(e){this.keyFilePath=e}async getCredentials(){return{privateKey:await o(this.keyFilePath,`utf8`)}}},u=class{async getCredentials(){throw new a.ErrorWithCode(`*.p12 certificates are not supported after v6.1.2. Consider utilizing *.json format or converting *.p12 to *.pem using the OpenSSL CLI.`,`UNKNOWN_CERTIFICATE_TYPE`)}},d=class{static create(e){switch(n.extname(e)){case s.JSON:return new c(e);case s.DER:case s.CRT:case s.PEM:return new l(e);case s.P12:case s.PFX:return new u;default:throw new a.ErrorWithCode(`Unknown certificate type. Type is determined based on file extension. Current supported extensions are *.json, and *.pem.`,`UNKNOWN_CERTIFICATE_TYPE`)}}};async function f(e){return d.create(e).getCredentials()}})),_e=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.TokenHandler=void 0;let t=me(),n=ge();e.TokenHandler=class{token;tokenExpiresAt;inFlightRequest;tokenOptions;constructor(e){this.tokenOptions=e}async processCredentials(){if(!this.tokenOptions.key&&!this.tokenOptions.keyFile)throw Error(`No key or keyFile set.`);if(!this.tokenOptions.key&&this.tokenOptions.keyFile){let e=await(0,n.getCredentials)(this.tokenOptions.keyFile);this.tokenOptions.key=e.privateKey,this.tokenOptions.email=e.clientEmail}}isTokenExpiring(){if(!this.token||!this.tokenExpiresAt)return!0;let e=new Date().getTime(),t=this.tokenOptions.eagerRefreshThresholdMillis??0;return this.tokenExpiresAt<=e+t}hasExpired(){return new Date().getTime(),this.token&&this.tokenExpiresAt?new Date().getTime()>=this.tokenExpiresAt:!0}async getToken(e){if(await this.processCredentials(),this.inFlightRequest&&!e)return this.inFlightRequest;if(this.token&&!this.isTokenExpiring()&&!e)return this.token;try{this.inFlightRequest=(0,t.getToken)(this.tokenOptions);let e=await this.inFlightRequest;return this.token=e,this.tokenExpiresAt=new Date().getTime()+(e.expires_in??0)*1e3,e}finally{this.inFlightRequest=void 0}}}})),ve=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.revokeToken=t;async function t(e,t){let n=`https://oauth2.googleapis.com/revoke?token=`+e;return await t.request({url:n,retry:!0})}})),ye=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.GoogleToken=void 0;let t=D(),n=_e(),r=ve();e.GoogleToken=class{tokenOptions;tokenHandler;constructor(e){this.tokenOptions=e||{},this.tokenOptions.transporter=this.tokenOptions.transporter||{request:e=>(0,t.request)(e)},this.tokenOptions.iss||(this.tokenOptions.iss=this.tokenOptions.email),typeof this.tokenOptions.scope==`object`&&(this.tokenOptions.scope=this.tokenOptions.scope.join(` `)),this.tokenHandler=new n.TokenHandler(this.tokenOptions)}get expiresAt(){return this.tokenHandler.tokenExpiresAt}get accessToken(){return this.tokenHandler.token?.access_token}get idToken(){return this.tokenHandler.token?.id_token}get tokenType(){return this.tokenHandler.token?.token_type}get refreshToken(){return this.tokenHandler.token?.refresh_token}hasExpired(){return this.tokenHandler.hasExpired()}isTokenExpiring(){return this.tokenHandler.isTokenExpiring()}getToken(e,t={forceRefresh:!1}){let n;typeof e==`function`?n=e:typeof e==`object`&&(t=e);let r=this.tokenHandler.getToken(t.forceRefresh??!1);return n&&r.then(e=>n(null,e),n),r}revokeToken(e){if(!this.accessToken)return Promise.reject(Error(`No token to revoke.`));let t=(0,r.revokeToken)(this.accessToken,this.tokenOptions.transporter);e&&t.then(()=>e(),e),this.tokenHandler=new n.TokenHandler(this.tokenOptions)}get googleTokenOptions(){return this.tokenOptions}}})),be=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.JWTAccess=void 0;let t=l(),n=j(),r={alg:`RS256`,typ:`JWT`};e.JWTAccess=class e{email;key;keyId;projectId;eagerRefreshThresholdMillis;cache=new n.LRUCache({capacity:500,maxAge:3600*1e3});constructor(e,t,n,r){this.email=e,this.key=t,this.keyId=n,this.eagerRefreshThresholdMillis=r??300*1e3}getCachedKey(e,t){let n=e;if(t&&Array.isArray(t)&&t.length?n=e?`${e}_${t.join(`_`)}`:`${t.join(`_`)}`:typeof t==`string`&&(n=e?`${e}_${t}`:t),!n)throw Error(`Scopes or url must be provided`);return n}getRequestHeaders(n,i,a){let o=this.getCachedKey(n,a),s=this.cache.get(o),c=Date.now();if(s&&s.expiration-c>this.eagerRefreshThresholdMillis)return new Headers(s.headers);let l=Math.floor(Date.now()/1e3),u=e.getExpirationTime(l),d;if(Array.isArray(a)&&(a=a.join(` `)),d=a?{iss:this.email,sub:this.email,scope:a,exp:u,iat:l}:{iss:this.email,sub:this.email,aud:n,exp:u,iat:l},i){for(let e in d)if(i[e])throw Error(`The '${e}' property is not allowed when passing additionalClaims. This claim is included in the JWT by default.`)}let f=this.keyId?{...r,kid:this.keyId}:r,p=Object.assign(d,i),m=t.sign({header:f,payload:p,secret:this.key}),h=new Headers({authorization:`Bearer ${m}`});return this.cache.set(o,{expiration:u*1e3,headers:h}),h}static getExpirationTime(e){return e+3600}fromJSON(e){if(!e)throw Error(`Must pass in a JSON object containing the service account auth settings.`);if(!e.client_email)throw Error(`The incoming JSON object does not contain a client_email field`);if(!e.private_key)throw Error(`The incoming JSON object does not contain a private_key field`);this.email=e.client_email,this.key=e.private_key,this.keyId=e.private_key_id,this.projectId=e.project_id}fromStream(e,t){if(t)this.fromStreamAsync(e).then(()=>t(),t);else return this.fromStreamAsync(e)}fromStreamAsync(e){return new Promise((t,n)=>{e||n(Error(`Must pass in a stream containing the service account auth settings.`));let r=``;e.setEncoding(`utf8`).on(`data`,e=>r+=e).on(`error`,n).on(`end`,()=>{try{let e=JSON.parse(r);this.fromJSON(e),t()}catch(e){n(e)}})})}}})),xe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.JWT=void 0;let t=ye(),n=ge(),r=be(),i=le(),a=M();e.JWT=class e extends i.OAuth2Client{email;keyFile;key;keyId;defaultScopes;scopes;scope;subject;gtoken;additionalClaims;useJWTAccessWithScope;defaultServicePath;access;constructor(e={}){super(e),this.email=e.email,this.keyFile=e.keyFile,this.key=e.key,this.keyId=e.keyId,this.scopes=e.scopes,this.subject=e.subject,this.additionalClaims=e.additionalClaims,this.credentials={refresh_token:`jwt-placeholder`,expiry_date:1}}createScoped(t){let n=new e(this);return n.scopes=t,n}async getRequestMetadataAsync(e){e=this.defaultServicePath?`https://${this.defaultServicePath}/`:e;let t=!this.hasUserScopes()&&e||this.useJWTAccessWithScope&&this.hasAnyScopes()||this.universeDomain!==a.DEFAULT_UNIVERSE;if(this.subject&&this.universeDomain!==a.DEFAULT_UNIVERSE)throw RangeError(`Service Account user is configured for the credential. Domain-wide delegation is not supported in universes other than ${a.DEFAULT_UNIVERSE}`);if(!this.apiKey&&t)if(this.additionalClaims&&this.additionalClaims.target_audience){let{tokens:e}=await this.refreshToken();return{headers:this.addSharedMetadataHeaders(new Headers({authorization:`Bearer ${e.id_token}`}))}}else{this.access||=new r.JWTAccess(this.email,this.key,this.keyId,this.eagerRefreshThresholdMillis);let t;this.hasUserScopes()?t=this.scopes:e||(t=this.defaultScopes);let n=this.useJWTAccessWithScope||this.universeDomain!==a.DEFAULT_UNIVERSE,i=await this.access.getRequestHeaders(e??void 0,this.additionalClaims,n?t:void 0);return{headers:this.addSharedMetadataHeaders(i)}}else if(this.hasAnyScopes()||this.apiKey)return super.getRequestMetadataAsync(e);else return{headers:new Headers}}async fetchIdToken(e){let n=new t.GoogleToken({iss:this.email,sub:this.subject,scope:this.scopes||this.defaultScopes,keyFile:this.keyFile,key:this.key,additionalClaims:{target_audience:e},transporter:this.transporter});if(await n.getToken({forceRefresh:!0}),!n.idToken)throw Error(`Unknown error: Failed to fetch ID token`);return n.idToken}hasUserScopes(){return this.scopes?this.scopes.length>0:!1}hasAnyScopes(){return!!(this.scopes&&this.scopes.length>0||this.defaultScopes&&this.defaultScopes.length>0)}authorize(e){if(e)this.authorizeAsync().then(t=>e(null,t),e);else return this.authorizeAsync()}async authorizeAsync(){let e=await this.refreshToken();if(!e)throw Error(`No result returned`);return this.credentials=e.tokens,this.credentials.refresh_token=`jwt-placeholder`,this.key=this.gtoken.googleTokenOptions?.key,this.email=this.gtoken.googleTokenOptions?.iss,e.tokens}async refreshTokenNoCache(){let e=this.createGToken(),t={access_token:(await e.getToken({forceRefresh:this.isTokenExpiring()})).access_token,token_type:`Bearer`,expiry_date:e.expiresAt,id_token:e.idToken};return this.emit(`tokens`,t),{res:null,tokens:t}}createGToken(){return this.gtoken||=new t.GoogleToken({iss:this.email,sub:this.subject,scope:this.scopes||this.defaultScopes,keyFile:this.keyFile,key:this.key,additionalClaims:this.additionalClaims,transporter:this.transporter}),this.gtoken}fromJSON(e){if(!e)throw Error(`Must pass in a JSON object containing the service account auth settings.`);if(!e.client_email)throw Error(`The incoming JSON object does not contain a client_email field`);if(!e.private_key)throw Error(`The incoming JSON object does not contain a private_key field`);this.email=e.client_email,this.key=e.private_key,this.keyId=e.private_key_id,this.projectId=e.project_id,this.quotaProjectId=e.quota_project_id,this.universeDomain=e.universe_domain||this.universeDomain}fromStream(e,t){if(t)this.fromStreamAsync(e).then(()=>t(),t);else return this.fromStreamAsync(e)}fromStreamAsync(e){return new Promise((t,n)=>{if(!e)throw Error(`Must pass in a stream containing the service account auth settings.`);let r=``;e.setEncoding(`utf8`).on(`error`,n).on(`data`,e=>r+=e).on(`end`,()=>{try{let e=JSON.parse(r);this.fromJSON(e),t()}catch(e){n(e)}})})}fromAPIKey(e){if(typeof e!=`string`)throw Error(`Must provide an API Key string.`);this.apiKey=e}async getCredentials(){if(this.key)return{private_key:this.key,client_email:this.email};if(this.keyFile){this.createGToken();let e=await(0,n.getCredentials)(this.keyFile);return{private_key:e.privateKey,client_email:e.clientEmail}}throw Error(`A key or a keyFile must be provided to getCredentials.`)}}})),Se=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.UserRefreshClient=e.USER_REFRESH_ACCOUNT_TYPE=void 0;let t=le(),n=M();e.USER_REFRESH_ACCOUNT_TYPE=`authorized_user`,e.UserRefreshClient=class e extends t.OAuth2Client{_refreshToken;constructor(e,t,n,r,i){let a=e&&typeof e==`object`?e:{clientId:e,clientSecret:t,refreshToken:n,eagerRefreshThresholdMillis:r,forceRefreshOnFailure:i};super(a),this._refreshToken=a.refreshToken,this.credentials.refresh_token=a.refreshToken}async refreshTokenNoCache(){return super.refreshTokenNoCache(this._refreshToken)}async fetchIdToken(t){let r={...e.RETRY_CONFIG,url:this.endpoints.oauth2TokenUrl,method:`POST`,data:new URLSearchParams({client_id:this._clientId,client_secret:this._clientSecret,grant_type:`refresh_token`,refresh_token:this._refreshToken,target_audience:t}),responseType:`json`};return n.AuthClient.setMethodName(r,`fetchIdToken`),(await this.transporter.request(r)).data.id_token}fromJSON(e){if(!e)throw Error(`Must pass in a JSON object containing the user refresh token`);if(e.type!==`authorized_user`)throw Error(`The incoming JSON object does not have the "authorized_user" type`);if(!e.client_id)throw Error(`The incoming JSON object does not contain a client_id field`);if(!e.client_secret)throw Error(`The incoming JSON object does not contain a client_secret field`);if(!e.refresh_token)throw Error(`The incoming JSON object does not contain a refresh_token field`);this._clientId=e.client_id,this._clientSecret=e.client_secret,this._refreshToken=e.refresh_token,this.credentials.refresh_token=e.refresh_token,this.quotaProjectId=e.quota_project_id,this.universeDomain=e.universe_domain||this.universeDomain}fromStream(e,t){if(t)this.fromStreamAsync(e).then(()=>t(),t);else return this.fromStreamAsync(e)}async fromStreamAsync(e){return new Promise((t,n)=>{if(!e)return n(Error(`Must pass in a stream containing the user refresh token.`));let r=``;e.setEncoding(`utf8`).on(`error`,n).on(`data`,e=>r+=e).on(`end`,()=>{try{let e=JSON.parse(r);return this.fromJSON(e),t()}catch(e){return n(e)}})})}static fromJSON(t){let n=new e;return n.fromJSON(t),n}}})),Ce=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.Impersonated=e.IMPERSONATED_ACCOUNT_TYPE=void 0;let t=le(),n=D(),r=j();e.IMPERSONATED_ACCOUNT_TYPE=`impersonated_service_account`,e.Impersonated=class e extends t.OAuth2Client{sourceClient;targetPrincipal;targetScopes;delegates;lifetime;endpoint;constructor(e={}){if(super(e),this.credentials={expiry_date:1,refresh_token:`impersonated-placeholder`},this.sourceClient=e.sourceClient??new t.OAuth2Client,this.targetPrincipal=e.targetPrincipal??``,this.delegates=e.delegates??[],this.targetScopes=e.targetScopes??[],this.lifetime=e.lifetime??3600,!(0,r.originalOrCamelOptions)(e).get(`universe_domain`))this.universeDomain=this.sourceClient.universeDomain;else if(this.sourceClient.universeDomain!==this.universeDomain)throw RangeError(`Universe domain ${this.sourceClient.universeDomain} in source credentials does not match ${this.universeDomain} universe domain set for impersonated credentials.`);this.endpoint=e.endpoint??`https://iamcredentials.${this.universeDomain}`}async sign(t){await this.sourceClient.getAccessToken();let n=`projects/-/serviceAccounts/${this.targetPrincipal}`,r=`${this.endpoint}/v1/${n}:signBlob`,i={delegates:this.delegates,payload:Buffer.from(t).toString(`base64`)};return(await this.sourceClient.request({...e.RETRY_CONFIG,url:r,data:i,method:`POST`})).data}getTargetPrincipal(){return this.targetPrincipal}async refreshToken(){try{await this.sourceClient.getAccessToken();let t=`projects/-/serviceAccounts/`+this.targetPrincipal,n=`${this.endpoint}/v1/${t}:generateAccessToken`,r={delegates:this.delegates,scope:this.targetScopes,lifetime:this.lifetime+`s`},i=await this.sourceClient.request({...e.RETRY_CONFIG,url:n,data:r,method:`POST`}),a=i.data;return this.credentials.access_token=a.accessToken,this.credentials.expiry_date=Date.parse(a.expireTime),{tokens:this.credentials,res:i}}catch(e){if(!(e instanceof Error))throw e;let t=0,r=``;throw e instanceof n.GaxiosError&&(t=e?.response?.data?.error?.status,r=e?.response?.data?.error?.message),t&&r?(e.message=`${t}: unable to impersonate: ${r}`,e):(e.message=`unable to impersonate: ${e}`,e)}}async fetchIdToken(t,n){await this.sourceClient.getAccessToken();let r=`projects/-/serviceAccounts/${this.targetPrincipal}`,i=`${this.endpoint}/v1/${r}:generateIdToken`,a={delegates:this.delegates,audience:t,includeEmail:n?.includeEmail??!0,useEmailAzp:n?.includeEmail??!0};return(await this.sourceClient.request({...e.RETRY_CONFIG,url:i,data:a,method:`POST`})).data.token}}})),we=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.OAuthClientAuthHandler=void 0,e.getErrorFromOAuthErrorResponse=i;let t=D(),n=ae(),r=[`PUT`,`POST`,`PATCH`];e.OAuthClientAuthHandler=class{#e=(0,n.createCrypto)();#t;transporter;constructor(e){e&&`clientId`in e?(this.#t=e,this.transporter=new t.Gaxios):(this.#t=e?.clientAuthentication,this.transporter=e?.transporter||new t.Gaxios)}applyClientAuthenticationOptions(e,n){e.headers=t.Gaxios.mergeHeaders(e.headers),this.injectAuthenticatedHeaders(e,n),n||this.injectAuthenticatedRequestBody(e)}injectAuthenticatedHeaders(e,n){if(n)e.headers=t.Gaxios.mergeHeaders(e.headers,{authorization:`Bearer ${n}`});else if(this.#t?.confidentialClientType===`basic`){e.headers=t.Gaxios.mergeHeaders(e.headers);let n=this.#t.clientId,r=this.#t.clientSecret||``,i=this.#e.encodeBase64StringUtf8(`${n}:${r}`);t.Gaxios.mergeHeaders(e.headers,{authorization:`Basic ${i}`})}}injectAuthenticatedRequestBody(e){if(this.#t?.confidentialClientType===`request-body`){let t=(e.method||`GET`).toUpperCase();if(!r.includes(t))throw Error(`${t} HTTP method does not support ${this.#t.confidentialClientType} client authentication`);let n=new Headers(e.headers).get(`content-type`);if(n?.startsWith(`application/x-www-form-urlencoded`)||e.data instanceof URLSearchParams){let t=new URLSearchParams(e.data??``);t.append(`client_id`,this.#t.clientId),t.append(`client_secret`,this.#t.clientSecret||``),e.data=t}else if(n?.startsWith(`application/json`))e.data=e.data||{},Object.assign(e.data,{client_id:this.#t.clientId,client_secret:this.#t.clientSecret||``});else throw Error(`${n} content-types are not supported with ${this.#t.confidentialClientType} client authentication`)}}static get RETRY_CONFIG(){return{retry:!0,retryConfig:{httpMethodsToRetry:[`GET`,`PUT`,`POST`,`HEAD`,`OPTIONS`,`DELETE`]}}}};function i(e,t){let n=e.error,r=e.error_description,i=e.error_uri,a=`Error code ${n}`;r!==void 0&&(a+=`: ${r}`),i!==void 0&&(a+=` - ${i}`);let o=Error(a);if(t){let e=Object.keys(t);t.stack&&e.push(`stack`),e.forEach(e=>{e!==`message`&&Object.defineProperty(o,e,{value:t[e],writable:!1,enumerable:!0})})}return o}})),Te=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.StsCredentials=void 0;let t=D(),n=M(),r=we(),i=j();e.StsCredentials=class e extends r.OAuthClientAuthHandler{#e;constructor(e={tokenExchangeEndpoint:``},t){(typeof e!=`object`||e instanceof URL)&&(e={tokenExchangeEndpoint:e,clientAuthentication:t}),super(e),this.#e=e.tokenExchangeEndpoint}async exchangeToken(a,o,s){let c={grant_type:a.grantType,resource:a.resource,audience:a.audience,scope:a.scope?.join(` `),requested_token_type:a.requestedTokenType,subject_token:a.subjectToken,subject_token_type:a.subjectTokenType,actor_token:a.actingParty?.actorToken,actor_token_type:a.actingParty?.actorTokenType,options:s&&JSON.stringify(s)},l={...e.RETRY_CONFIG,url:this.#e.toString(),method:`POST`,headers:o,data:new URLSearchParams((0,i.removeUndefinedValuesInObject)(c)),responseType:`json`};n.AuthClient.setMethodName(l,`exchangeToken`),this.applyClientAuthenticationOptions(l);try{let e=await this.transporter.request(l),t=e.data;return t.res=e,t}catch(e){throw e instanceof t.GaxiosError&&e.response?(0,r.getErrorFromOAuthErrorResponse)(e.response.data,e):e}}}})),Ee=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.BaseExternalAccountClient=e.CLOUD_RESOURCE_MANAGER=e.EXTERNAL_ACCOUNT_TYPE=e.EXPIRATION_TIME_OFFSET=void 0;let n=D(),r=t(`stream`),i=M(),a=Te(),o=j(),s=se(),c=`https://www.googleapis.com/auth/cloud-platform`;e.EXPIRATION_TIME_OFFSET=300*1e3,e.EXTERNAL_ACCOUNT_TYPE=`external_account`,e.CLOUD_RESOURCE_MANAGER=`https://cloudresourcemanager.googleapis.com/v1/projects/`,e.BaseExternalAccountClient=class t extends i.AuthClient{scopes;projectNumber;audience;subjectTokenType;stsCredential;clientAuth;credentialSourceType;cachedAccessToken;serviceAccountImpersonationUrl;serviceAccountImpersonationLifetime;workforcePoolUserProject;configLifetimeRequested;tokenUrl;cloudResourceManagerURL;supplierContext;#e=null;constructor(t){super(t);let n=(0,o.originalOrCamelOptions)(t),r=n.get(`type`);if(r&&r!==e.EXTERNAL_ACCOUNT_TYPE)throw Error(`Expected "${e.EXTERNAL_ACCOUNT_TYPE}" type but received "${t.type}"`);let i=n.get(`client_id`),s=n.get(`client_secret`);this.tokenUrl=n.get(`token_url`)??`https://sts.{universeDomain}/v1/token`.replace(`{universeDomain}`,this.universeDomain);let l=n.get(`subject_token_type`),u=n.get(`workforce_pool_user_project`),d=n.get(`service_account_impersonation_url`),f=n.get(`service_account_impersonation`),p=(0,o.originalOrCamelOptions)(f).get(`token_lifetime_seconds`);this.cloudResourceManagerURL=new URL(n.get(`cloud_resource_manager_url`)||`https://cloudresourcemanager.${this.universeDomain}/v1/projects/`),i&&(this.clientAuth={confidentialClientType:`basic`,clientId:i,clientSecret:s}),this.stsCredential=new a.StsCredentials({tokenExchangeEndpoint:this.tokenUrl,clientAuthentication:this.clientAuth}),this.scopes=n.get(`scopes`)||[c],this.cachedAccessToken=null,this.audience=n.get(`audience`),this.subjectTokenType=l,this.workforcePoolUserProject=u;let m=RegExp(`//iam\\.googleapis\\.com/locations/[^/]+/workforcePools/[^/]+/providers/.+`);if(this.workforcePoolUserProject&&!this.audience.match(m))throw Error(`workforcePoolUserProject should not be set for non-workforce pool credentials.`);this.serviceAccountImpersonationUrl=d,this.serviceAccountImpersonationLifetime=p,this.serviceAccountImpersonationLifetime?this.configLifetimeRequested=!0:(this.configLifetimeRequested=!1,this.serviceAccountImpersonationLifetime=3600),this.projectNumber=this.getProjectNumber(this.audience),this.supplierContext={audience:this.audience,subjectTokenType:this.subjectTokenType,transporter:this.transporter}}getServiceAccountEmail(){if(this.serviceAccountImpersonationUrl){if(this.serviceAccountImpersonationUrl.length>256)throw RangeError(`URL is too long: ${this.serviceAccountImpersonationUrl}`);return/serviceAccounts\/(?<email>[^:]+):generateAccessToken$/.exec(this.serviceAccountImpersonationUrl)?.groups?.email||null}return null}setCredentials(e){super.setCredentials(e),this.cachedAccessToken=e}async getAccessToken(){return(!this.cachedAccessToken||this.isExpired(this.cachedAccessToken))&&await this.refreshAccessTokenAsync(),{token:this.cachedAccessToken.access_token,res:this.cachedAccessToken.res}}async getRequestHeaders(){let e=await this.getAccessToken(),t=new Headers({authorization:`Bearer ${e.token}`});return this.addSharedMetadataHeaders(t)}request(e,t){if(t)this.requestAsync(e).then(e=>t(null,e),e=>t(e,e.response));else return this.requestAsync(e)}async getProjectId(){let e=this.projectNumber||this.workforcePoolUserProject;if(this.projectId)return this.projectId;if(e){let n=await this.getRequestHeaders(),r={...t.RETRY_CONFIG,headers:n,url:`${this.cloudResourceManagerURL.toString()}${e}`,responseType:`json`};i.AuthClient.setMethodName(r,`getProjectId`);let a=await this.transporter.request(r);return this.projectId=a.data.projectId,this.projectId}return null}async requestAsync(e,t=!1){let i;try{let t=await this.getRequestHeaders();e.headers=n.Gaxios.mergeHeaders(e.headers),this.addUserProjectAndAuthHeaders(e.headers,t),i=await this.transporter.request(e)}catch(n){let i=n.response;if(i){let n=i.status,a=i.config.data instanceof r.Readable;if(!t&&(n===401||n===403)&&!a&&this.forceRefreshOnFailure)return await this.refreshAccessTokenAsync(),await this.requestAsync(e,!0)}throw n}return i}async refreshAccessTokenAsync(){this.#e=this.#e||this.#t();try{return await this.#e}finally{this.#e=null}}async#t(){let e=await this.retrieveSubjectToken(),t={grantType:`urn:ietf:params:oauth:grant-type:token-exchange`,audience:this.audience,requestedTokenType:`urn:ietf:params:oauth:token-type:access_token`,subjectToken:e,subjectTokenType:this.subjectTokenType,scope:this.serviceAccountImpersonationUrl?[c]:this.getScopesArray()},n=!this.clientAuth&&this.workforcePoolUserProject?{userProject:this.workforcePoolUserProject}:void 0,r=new Headers({"x-goog-api-client":this.getMetricsHeaderValue()}),i=await this.stsCredential.exchangeToken(t,r,n);return this.serviceAccountImpersonationUrl?this.cachedAccessToken=await this.getImpersonatedAccessToken(i.access_token):i.expires_in?this.cachedAccessToken={access_token:i.access_token,expiry_date:new Date().getTime()+i.expires_in*1e3,res:i.res}:this.cachedAccessToken={access_token:i.access_token,res:i.res},this.credentials={},Object.assign(this.credentials,this.cachedAccessToken),delete this.credentials.res,this.emit(`tokens`,{refresh_token:null,expiry_date:this.cachedAccessToken.expiry_date,access_token:this.cachedAccessToken.access_token,token_type:`Bearer`,id_token:null}),this.cachedAccessToken}getProjectNumber(e){let t=e.match(/\/projects\/([^/]+)/);return t?t[1]:null}async getImpersonatedAccessToken(e){let n={...t.RETRY_CONFIG,url:this.serviceAccountImpersonationUrl,method:`POST`,headers:{"content-type":`application/json`,authorization:`Bearer ${e}`},data:{scope:this.getScopesArray(),lifetime:this.serviceAccountImpersonationLifetime+`s`},responseType:`json`};i.AuthClient.setMethodName(n,`getImpersonatedAccessToken`);let r=await this.transporter.request(n),a=r.data;return{access_token:a.accessToken,expiry_date:new Date(a.expireTime).getTime(),res:r}}isExpired(e){let t=new Date().getTime();return e.expiry_date?t>=e.expiry_date-this.eagerRefreshThresholdMillis:!1}getScopesArray(){return typeof this.scopes==`string`?[this.scopes]:this.scopes||[c]}getMetricsHeaderValue(){let e=process.version.replace(/^v/,``),t=this.serviceAccountImpersonationUrl!==void 0,n=this.credentialSourceType?this.credentialSourceType:`unknown`;return`gl-node/${e} auth/${s.pkg.version} google-byoid-sdk source/${n} sa-impersonation/${t} config-lifetime/${this.configLifetimeRequested}`}getTokenUrl(){return this.tokenUrl}}})),De=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.FileSubjectTokenSupplier=void 0;let n=t(`util`),r=t(`fs`),i=(0,n.promisify)(r.readFile??(()=>{})),a=(0,n.promisify)(r.realpath??(()=>{})),o=(0,n.promisify)(r.lstat??(()=>{}));e.FileSubjectTokenSupplier=class{filePath;formatType;subjectTokenFieldName;constructor(e){this.filePath=e.filePath,this.formatType=e.formatType,this.subjectTokenFieldName=e.subjectTokenFieldName}async getSubjectToken(){let e=this.filePath;try{if(e=await a(e),!(await o(e)).isFile())throw Error()}catch(t){throw t instanceof Error&&(t.message=`The file at ${e} does not exist, or it is not a file. ${t.message}`),t}let t,n=await i(e,{encoding:`utf8`});if(this.formatType===`text`?t=n:this.formatType===`json`&&this.subjectTokenFieldName&&(t=JSON.parse(n)[this.subjectTokenFieldName]),!t)throw Error(`Unable to parse the subject_token from the credential_source file`);return t}}})),Oe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.UrlSubjectTokenSupplier=void 0;let t=M();e.UrlSubjectTokenSupplier=class{url;headers;formatType;subjectTokenFieldName;additionalGaxiosOptions;constructor(e){this.url=e.url,this.formatType=e.formatType,this.subjectTokenFieldName=e.subjectTokenFieldName,this.headers=e.headers,this.additionalGaxiosOptions=e.additionalGaxiosOptions}async getSubjectToken(e){let n={...this.additionalGaxiosOptions,url:this.url,method:`GET`,headers:this.headers,responseType:this.formatType};t.AuthClient.setMethodName(n,`getSubjectToken`);let r;if(this.formatType===`text`?r=(await e.transporter.request(n)).data:this.formatType===`json`&&this.subjectTokenFieldName&&(r=(await e.transporter.request(n)).data[this.subjectTokenFieldName]),!r)throw Error(`Unable to parse the subject_token from the credential_source URL`);return r}}})),ke=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.CertificateSubjectTokenSupplier=e.InvalidConfigurationError=e.CertificateSourceUnavailableError=e.CERTIFICATE_CONFIGURATION_ENV_VARIABLE=void 0;let n=j(),r=t(`fs`),i=t(`crypto`),a=t(`https`);e.CERTIFICATE_CONFIGURATION_ENV_VARIABLE=`GOOGLE_API_CERTIFICATE_CONFIG`;var o=class extends Error{constructor(e){super(e),this.name=`CertificateSourceUnavailableError`}};e.CertificateSourceUnavailableError=o;var s=class extends Error{constructor(e){super(e),this.name=`InvalidConfigurationError`}};e.InvalidConfigurationError=s,e.CertificateSubjectTokenSupplier=class{certificateConfigPath;trustChainPath;cert;key;constructor(e){if(!e.useDefaultCertificateConfig&&!e.certificateConfigLocation)throw new s("Either `useDefaultCertificateConfig` must be true or a `certificateConfigLocation` must be provided.");if(e.useDefaultCertificateConfig&&e.certificateConfigLocation)throw new s("Both `useDefaultCertificateConfig` and `certificateConfigLocation` cannot be provided.");this.trustChainPath=e.trustChainPath,this.certificateConfigPath=e.certificateConfigLocation??``}async createMtlsHttpsAgent(){if(!this.key||!this.cert)throw new s(`Cannot create mTLS Agent with missing certificate or key`);return new a.Agent({key:this.key,cert:this.cert})}async getSubjectToken(){this.certificateConfigPath=await this.#e();let{certPath:e,keyPath:t}=await this.#t();return{cert:this.cert,key:this.key}=await this.#n(e,t),await this.#r(this.cert)}async#e(){let t=this.certificateConfigPath;if(t){if(await(0,n.isValidFile)(t))return t;throw new o(`Provided certificate config path is invalid: ${t}`)}let r=process.env[e.CERTIFICATE_CONFIGURATION_ENV_VARIABLE];if(r){if(await(0,n.isValidFile)(r))return r;throw new o(`Path from environment variable "${e.CERTIFICATE_CONFIGURATION_ENV_VARIABLE}" is invalid: ${r}`)}let i=(0,n.getWellKnownCertificateConfigFileLocation)();if(await(0,n.isValidFile)(i))return i;throw new o(`Could not find certificate configuration file. Searched override path, the "${e.CERTIFICATE_CONFIGURATION_ENV_VARIABLE}" env var, and the gcloud path (${i}).`)}async#t(){let e=this.certificateConfigPath,t;try{t=await r.promises.readFile(e,`utf8`)}catch{throw new o(`Failed to read certificate config file at: ${e}`)}try{let n=JSON.parse(t),r=n?.cert_configs?.workload?.cert_path,i=n?.cert_configs?.workload?.key_path;if(!r||!i)throw new s(`Certificate config file (${e}) is missing required "cert_path" or "key_path" in the workload config.`);return{certPath:r,keyPath:i}}catch(t){throw t instanceof s?t:new s(`Failed to parse certificate config from ${e}: ${t.message}`)}}async#n(e,t){let n,a;try{n=await r.promises.readFile(e),new i.X509Certificate(n)}catch(t){throw new o(`Failed to read certificate file at ${e}: ${t instanceof Error?t.message:String(t)}`)}try{a=await r.promises.readFile(t),(0,i.createPrivateKey)(a)}catch(e){throw new o(`Failed to read private key file at ${t}: ${e instanceof Error?e.message:String(e)}`)}return{cert:n,key:a}}async#r(e){let t=new i.X509Certificate(e);if(!this.trustChainPath)return JSON.stringify([t.raw.toString(`base64`)]);try{let e=((await r.promises.readFile(this.trustChainPath,`utf8`)).match(/-----BEGIN CERTIFICATE-----[^-]+-----END CERTIFICATE-----/g)??[]).map((e,t)=>{try{return new i.X509Certificate(e)}catch(e){let n=e instanceof Error?e.message:String(e);throw new s(`Failed to parse certificate at index ${t} in trust chain file ${this.trustChainPath}: ${n}`)}}),n=e.findIndex(e=>t.raw.equals(e.raw)),a;if(n===-1)a=[t,...e];else if(n===0)a=e;else throw new s(`Leaf certificate exists in the trust chain but is not the first entry (found at index ${n}).`);return JSON.stringify(a.map(e=>e.raw.toString(`base64`)))}catch(e){if(e instanceof s)throw e;let t=e instanceof Error?e.message:String(e);throw new o(`Failed to process certificate chain from ${this.trustChainPath}: ${t}`)}}}})),Ae=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.IdentityPoolClient=void 0;let t=Ee(),n=j(),r=De(),i=Oe(),a=ke(),o=Te(),s=D();e.IdentityPoolClient=class e extends t.BaseExternalAccountClient{subjectTokenSupplier;constructor(t){super(t);let o=(0,n.originalOrCamelOptions)(t),s=o.get(`credential_source`),c=o.get(`subject_token_supplier`);if(!s&&!c)throw Error(`A credential source or subject token supplier must be specified.`);if(s&&c)throw Error(`Only one of credential source or subject token supplier can be specified.`);if(c)this.subjectTokenSupplier=c,this.credentialSourceType=`programmatic`;else{let t=(0,n.originalOrCamelOptions)(s),o=(0,n.originalOrCamelOptions)(t.get(`format`)),c=o.get(`type`)||`text`,l=o.get(`subject_token_field_name`);if(c!==`json`&&c!==`text`)throw Error(`Invalid credential_source format "${c}"`);if(c===`json`&&!l)throw Error(`Missing subject_token_field_name for JSON credential_source format`);let u=t.get(`file`),d=t.get(`url`),f=t.get(`certificate`),p=t.get(`headers`);if(u&&d||d&&f||u&&f)throw Error(`No valid Identity Pool "credential_source" provided, must be either file, url, or certificate.`);if(u)this.credentialSourceType=`file`,this.subjectTokenSupplier=new r.FileSubjectTokenSupplier({filePath:u,formatType:c,subjectTokenFieldName:l});else if(d)this.credentialSourceType=`url`,this.subjectTokenSupplier=new i.UrlSubjectTokenSupplier({url:d,formatType:c,subjectTokenFieldName:l,headers:p,additionalGaxiosOptions:e.RETRY_CONFIG});else if(f){this.credentialSourceType=`certificate`;let e=new a.CertificateSubjectTokenSupplier({useDefaultCertificateConfig:f.use_default_certificate_config,certificateConfigLocation:f.certificate_config_location,trustChainPath:f.trust_chain_path});this.subjectTokenSupplier=e}else throw Error(`No valid Identity Pool "credential_source" provided, must be either file, url, or certificate.`)}}async retrieveSubjectToken(){let e=await this.subjectTokenSupplier.getSubjectToken(this.supplierContext);if(this.subjectTokenSupplier instanceof a.CertificateSubjectTokenSupplier){let e=await this.subjectTokenSupplier.createMtlsHttpsAgent();this.stsCredential=new o.StsCredentials({tokenExchangeEndpoint:this.getTokenUrl(),clientAuthentication:this.clientAuth,transporter:new s.Gaxios({agent:e})}),this.transporter=new s.Gaxios({...this.transporter.defaults||{},agent:e})}return e}}})),je=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.AwsRequestSigner=void 0;let t=D(),n=ae(),r=`AWS4-HMAC-SHA256`;e.AwsRequestSigner=class{getCredentials;region;crypto;constructor(e,t){this.getCredentials=e,this.region=t,this.crypto=(0,n.createCrypto)()}async getRequestOptions(e){if(!e.url)throw RangeError(`"url" is required in "amzOptions"`);let n=typeof e.data==`object`?JSON.stringify(e.data):e.data,r=e.url,i=e.method||`GET`,a=e.body||n,s=e.headers,c=await this.getCredentials(),l=new URL(r);if(typeof a!=`string`&&a!==void 0)throw TypeError(`'requestPayload' is expected to be a string if provided. Got: ${a}`);let u=await o({crypto:this.crypto,host:l.host,canonicalUri:l.pathname,canonicalQuerystring:l.search.slice(1),method:i,region:this.region,securityCredentials:c,requestPayload:a,additionalAmzHeaders:s}),d=t.Gaxios.mergeHeaders(u.amzDate?{"x-amz-date":u.amzDate}:{},{authorization:u.authorizationHeader,host:l.host},s||{});c.token&&t.Gaxios.mergeHeaders(d,{"x-amz-security-token":c.token});let f={url:r,method:i,headers:d};return a!==void 0&&(f.body=a),f}};async function i(e,t,n){return await e.signWithHmacSha256(t,n)}async function a(e,t,n,r,a){return await i(e,await i(e,await i(e,await i(e,`AWS4${t}`,n),r),a),`aws4_request`)}async function o(e){let o=t.Gaxios.mergeHeaders(e.additionalAmzHeaders),s=e.requestPayload||``,c=e.host.split(`.`)[0],l=new Date,u=l.toISOString().replace(/[-:]/g,``).replace(/\.[0-9]+/,``),d=l.toISOString().replace(/[-]/g,``).replace(/T.*/,``);e.securityCredentials.token&&o.set(`x-amz-security-token`,e.securityCredentials.token);let f=t.Gaxios.mergeHeaders({host:e.host},o.has(`date`)?{}:{"x-amz-date":u},o),p=``,m=[...f.keys()].sort();m.forEach(e=>{p+=`${e}:${f.get(e)}\n`});let h=m.join(`;`),g=await e.crypto.sha256DigestHex(s),_=`${e.method.toUpperCase()}\n${e.canonicalUri}\n${e.canonicalQuerystring}\n${p}\n${h}\n${g}`,v=`${d}/${e.region}/${c}/aws4_request`,y=`${r}\n${u}\n${v}\n`+await e.crypto.sha256DigestHex(_),b=await a(e.crypto,e.securityCredentials.secretAccessKey,d,e.region,c),x=await i(e.crypto,b,y),S=`${r} Credential=${e.securityCredentials.accessKeyId}/${v}, SignedHeaders=${h}, Signature=${(0,n.fromArrayBufferToHex)(x)}`;return{amzDate:o.has(`date`)?void 0:u,authorizationHeader:S,canonicalQuerystring:e.canonicalQuerystring}}})),Me=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.DefaultAwsSecurityCredentialsSupplier=void 0;let t=M();e.DefaultAwsSecurityCredentialsSupplier=class{regionUrl;securityCredentialsUrl;imdsV2SessionTokenUrl;additionalGaxiosOptions;constructor(e){this.regionUrl=e.regionUrl,this.securityCredentialsUrl=e.securityCredentialsUrl,this.imdsV2SessionTokenUrl=e.imdsV2SessionTokenUrl,this.additionalGaxiosOptions=e.additionalGaxiosOptions}async getAwsRegion(e){if(this.#r)return this.#r;let n=new Headers;if(!this.#r&&this.imdsV2SessionTokenUrl&&n.set(`x-aws-ec2-metadata-token`,await this.#e(e.transporter)),!this.regionUrl)throw RangeError(`Unable to determine AWS region due to missing "options.credential_source.region_url"`);let r={...this.additionalGaxiosOptions,url:this.regionUrl,method:`GET`,responseType:`text`,headers:n};t.AuthClient.setMethodName(r,`getAwsRegion`);let i=await e.transporter.request(r);return i.data.substr(0,i.data.length-1)}async getAwsSecurityCredentials(e){if(this.#i)return this.#i;let t=new Headers;this.imdsV2SessionTokenUrl&&t.set(`x-aws-ec2-metadata-token`,await this.#e(e.transporter));let n=await this.#t(t,e.transporter),r=await this.#n(n,t,e.transporter);return{accessKeyId:r.AccessKeyId,secretAccessKey:r.SecretAccessKey,token:r.Token}}async#e(e){let n={...this.additionalGaxiosOptions,url:this.imdsV2SessionTokenUrl,method:`PUT`,responseType:`text`,headers:{"x-aws-ec2-metadata-token-ttl-seconds":`300`}};return t.AuthClient.setMethodName(n,`#getImdsV2SessionToken`),(await e.request(n)).data}async#t(e,n){if(!this.securityCredentialsUrl)throw Error(`Unable to determine AWS role name due to missing "options.credential_source.url"`);let r={...this.additionalGaxiosOptions,url:this.securityCredentialsUrl,method:`GET`,responseType:`text`,headers:e};return t.AuthClient.setMethodName(r,`#getAwsRoleName`),(await n.request(r)).data}async#n(e,n,r){let i={...this.additionalGaxiosOptions,url:`${this.securityCredentialsUrl}/${e}`,headers:n,responseType:`json`};return t.AuthClient.setMethodName(i,`#retrieveAwsSecurityCredentials`),(await r.request(i)).data}get#r(){return process.env.AWS_REGION||process.env.AWS_DEFAULT_REGION||null}get#i(){return process.env.AWS_ACCESS_KEY_ID&&process.env.AWS_SECRET_ACCESS_KEY?{accessKeyId:process.env.AWS_ACCESS_KEY_ID,secretAccessKey:process.env.AWS_SECRET_ACCESS_KEY,token:process.env.AWS_SESSION_TOKEN}:null}}})),Ne=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.AwsClient=void 0;let t=je(),n=Ee(),r=Me(),i=j(),a=D();e.AwsClient=class e extends n.BaseExternalAccountClient{environmentId;awsSecurityCredentialsSupplier;regionalCredVerificationUrl;awsRequestSigner;region;static#e=`https://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15`;static AWS_EC2_METADATA_IPV4_ADDRESS=`169.254.169.254`;static AWS_EC2_METADATA_IPV6_ADDRESS=`fd00:ec2::254`;constructor(t){super(t);let n=(0,i.originalOrCamelOptions)(t),a=n.get(`credential_source`),o=n.get(`aws_security_credentials_supplier`);if(!a&&!o)throw Error(`A credential source or AWS security credentials supplier must be specified.`);if(a&&o)throw Error(`Only one of credential source or AWS security credentials supplier can be specified.`);if(o)this.awsSecurityCredentialsSupplier=o,this.regionalCredVerificationUrl=e.#e,this.credentialSourceType=`programmatic`;else{let e=(0,i.originalOrCamelOptions)(a);this.environmentId=e.get(`environment_id`);let t=e.get(`region_url`),n=e.get(`url`),o=e.get(`imdsv2_session_token_url`);this.awsSecurityCredentialsSupplier=new r.DefaultAwsSecurityCredentialsSupplier({regionUrl:t,securityCredentialsUrl:n,imdsV2SessionTokenUrl:o}),this.regionalCredVerificationUrl=e.get(`regional_cred_verification_url`),this.credentialSourceType=`aws`,this.validateEnvironmentId()}this.awsRequestSigner=null,this.region=``}validateEnvironmentId(){let e=this.environmentId?.match(/^(aws)(\d+)$/);if(!e||!this.regionalCredVerificationUrl)throw Error(`No valid AWS "credential_source" provided`);if(parseInt(e[2],10)!==1)throw Error(`aws version "${e[2]}" is not supported in the current build.`)}async retrieveSubjectToken(){this.awsRequestSigner||=(this.region=await this.awsSecurityCredentialsSupplier.getAwsRegion(this.supplierContext),new t.AwsRequestSigner(async()=>this.awsSecurityCredentialsSupplier.getAwsSecurityCredentials(this.supplierContext),this.region));let n=await this.awsRequestSigner.getRequestOptions({...e.RETRY_CONFIG,url:this.regionalCredVerificationUrl.replace(`{region}`,this.region),method:`POST`}),r=[];return a.Gaxios.mergeHeaders({"x-goog-cloud-target-resource":this.audience},n.headers).forEach((e,t)=>r.push({key:t,value:e})),encodeURIComponent(JSON.stringify({url:n.url,method:n.method,headers:r}))}}})),Pe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.InvalidSubjectTokenError=e.InvalidMessageFieldError=e.InvalidCodeFieldError=e.InvalidTokenTypeFieldError=e.InvalidExpirationTimeFieldError=e.InvalidSuccessFieldError=e.InvalidVersionFieldError=e.ExecutableResponseError=e.ExecutableResponse=void 0;let t=`urn:ietf:params:oauth:token-type:saml2`,n=`urn:ietf:params:oauth:token-type:id_token`,r=`urn:ietf:params:oauth:token-type:jwt`;e.ExecutableResponse=class{version;success;expirationTime;tokenType;errorCode;errorMessage;subjectToken;constructor(e){if(!e.version)throw new a(`Executable response must contain a 'version' field.`);if(e.success===void 0)throw new o(`Executable response must contain a 'success' field.`);if(this.version=e.version,this.success=e.success,this.success){if(this.expirationTime=e.expiration_time,this.tokenType=e.token_type,this.tokenType!==t&&this.tokenType!==n&&this.tokenType!==r)throw new s(`Executable response must contain a 'token_type' field when successful and it must be one of ${n}, ${r}, or ${t}.`);if(this.tokenType===t){if(!e.saml_response)throw new u(`Executable response must contain a 'saml_response' field when token_type=${t}.`);this.subjectToken=e.saml_response}else{if(!e.id_token)throw new u(`Executable response must contain a 'id_token' field when token_type=${n} or ${r}.`);this.subjectToken=e.id_token}}else{if(!e.code)throw new c(`Executable response must contain a 'code' field when unsuccessful.`);if(!e.message)throw new l(`Executable response must contain a 'message' field when unsuccessful.`);this.errorCode=e.code,this.errorMessage=e.message}}isValid(){return!this.isExpired()&&this.success}isExpired(){return this.expirationTime!==void 0&&this.expirationTime<Math.round(Date.now()/1e3)}};var i=class extends Error{constructor(e){super(e),Object.setPrototypeOf(this,new.target.prototype)}};e.ExecutableResponseError=i;var a=class extends i{};e.InvalidVersionFieldError=a;var o=class extends i{};e.InvalidSuccessFieldError=o,e.InvalidExpirationTimeFieldError=class extends i{};var s=class extends i{};e.InvalidTokenTypeFieldError=s;var c=class extends i{};e.InvalidCodeFieldError=c;var l=class extends i{};e.InvalidMessageFieldError=l;var u=class extends i{};e.InvalidSubjectTokenError=u})),Fe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.PluggableAuthHandler=e.ExecutableError=void 0;let n=Pe(),r=t(`child_process`),i=t(`fs`);var a=class extends Error{code;constructor(e,t){super(`The executable failed with exit code: ${t} and error message: ${e}.`),this.code=t,Object.setPrototypeOf(this,new.target.prototype)}};e.ExecutableError=a,e.PluggableAuthHandler=class e{commandComponents;timeoutMillis;outputFile;constructor(t){if(!t.command)throw Error(`No command provided.`);if(this.commandComponents=e.parseCommand(t.command),this.timeoutMillis=t.timeoutMillis,!this.timeoutMillis)throw Error(`No timeoutMillis provided.`);this.outputFile=t.outputFile}retrieveResponseFromExecutable(e){return new Promise((t,i)=>{let o=r.spawn(this.commandComponents[0],this.commandComponents.slice(1),{env:{...process.env,...Object.fromEntries(e)}}),s=``;o.stdout.on(`data`,e=>{s+=e}),o.stderr.on(`data`,e=>{s+=e});let c=setTimeout(()=>(o.removeAllListeners(),o.kill(),i(Error(`The executable failed to finish within the timeout specified.`))),this.timeoutMillis);o.on(`close`,e=>{if(clearTimeout(c),e===0)try{let e=JSON.parse(s);return t(new n.ExecutableResponse(e))}catch(e){return e instanceof n.ExecutableResponseError?i(e):i(new n.ExecutableResponseError(`The executable returned an invalid response: ${s}`))}else return i(new a(s,e.toString()))})})}async retrieveCachedResponse(){if(!this.outputFile||this.outputFile.length===0)return;let e;try{e=await i.promises.realpath(this.outputFile)}catch{return}if(!(await i.promises.lstat(e)).isFile())return;let t=await i.promises.readFile(e,{encoding:`utf8`});if(t!==``)try{let e=JSON.parse(t);return new n.ExecutableResponse(e).isValid()?new n.ExecutableResponse(e):void 0}catch(e){throw e instanceof n.ExecutableResponseError?e:new n.ExecutableResponseError(`The output file contained an invalid response: ${t}`)}}static parseCommand(e){let t=e.match(/(?:[^\s"]+|"[^"]*")+/g);if(!t)throw Error(`Provided command: "${e}" could not be parsed.`);for(let e=0;e<t.length;e++)t[e][0]===`"`&&t[e].slice(-1)===`"`&&(t[e]=t[e].slice(1,-1));return t}}})),Ie=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.PluggableAuthClient=e.ExecutableError=void 0;let t=Ee(),n=Pe(),r=Fe();var i=Fe();Object.defineProperty(e,`ExecutableError`,{enumerable:!0,get:function(){return i.ExecutableError}});let a=5*1e3,o=120*1e3;e.PluggableAuthClient=class extends t.BaseExternalAccountClient{command;timeoutMillis;outputFile;handler;constructor(e){if(super(e),!e.credential_source.executable||(this.command=e.credential_source.executable.command,!this.command))throw Error(`No valid Pluggable Auth "credential_source" provided.`);if(e.credential_source.executable.timeout_millis===void 0)this.timeoutMillis=3e4;else if(this.timeoutMillis=e.credential_source.executable.timeout_millis,this.timeoutMillis<a||this.timeoutMillis>o)throw Error(`Timeout must be between ${a} and ${o} milliseconds.`);this.outputFile=e.credential_source.executable.output_file,this.handler=new r.PluggableAuthHandler({command:this.command,timeoutMillis:this.timeoutMillis,outputFile:this.outputFile}),this.credentialSourceType=`executable`}async retrieveSubjectToken(){if(process.env.GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES!==`1`)throw Error(`Pluggable Auth executables need to be explicitly allowed to run by setting the GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES environment Variable to 1.`);let e;if(this.outputFile&&(e=await this.handler.retrieveCachedResponse()),!e){let t=new Map;t.set(`GOOGLE_EXTERNAL_ACCOUNT_AUDIENCE`,this.audience),t.set(`GOOGLE_EXTERNAL_ACCOUNT_TOKEN_TYPE`,this.subjectTokenType),t.set(`GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVE`,`0`),this.outputFile&&t.set(`GOOGLE_EXTERNAL_ACCOUNT_OUTPUT_FILE`,this.outputFile);let n=this.getServiceAccountEmail();n&&t.set(`GOOGLE_EXTERNAL_ACCOUNT_IMPERSONATED_EMAIL`,n),e=await this.handler.retrieveResponseFromExecutable(t)}if(e.version>1)throw Error(`Version of executable is not currently supported, maximum supported version is 1.`);if(!e.success)throw new r.ExecutableError(e.errorMessage,e.errorCode);if(this.outputFile&&!e.expirationTime)throw new n.InvalidExpirationTimeFieldError("The executable response must contain the `expiration_time` field for successful responses when an output_file has been specified in the configuration.");if(e.isExpired())throw Error(`Executable response is expired.`);return e.subjectToken}}})),Le=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.ExternalAccountClient=void 0;let t=Ee(),n=Ae(),r=Ne(),i=Ie();e.ExternalAccountClient=class{constructor(){throw Error(`ExternalAccountClients should be initialized via: ExternalAccountClient.fromJSON(), directly via explicit constructors, eg. new AwsClient(options), new IdentityPoolClient(options), newPluggableAuthClientOptions, or via new GoogleAuth(options).getClient()`)}static fromJSON(e){return e&&e.type===t.EXTERNAL_ACCOUNT_TYPE?e.credential_source?.environment_id?new r.AwsClient(e):e.credential_source?.executable?new i.PluggableAuthClient(e):new n.IdentityPoolClient(e):null}}})),Re=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.ExternalAccountAuthorizedUserClient=e.EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE=void 0;let n=M(),r=we(),i=D(),a=t(`stream`),o=Ee();e.EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE=`external_account_authorized_user`;var s=class e extends r.OAuthClientAuthHandler{#e;constructor(e){super(e),this.#e=e.tokenRefreshEndpoint}async refreshToken(t,a){let o={...e.RETRY_CONFIG,url:this.#e,method:`POST`,headers:a,data:new URLSearchParams({grant_type:`refresh_token`,refresh_token:t}),responseType:`json`};n.AuthClient.setMethodName(o,`refreshToken`),this.applyClientAuthenticationOptions(o);try{let e=await this.transporter.request(o),t=e.data;return t.res=e,t}catch(e){throw e instanceof i.GaxiosError&&e.response?(0,r.getErrorFromOAuthErrorResponse)(e.response.data,e):e}}};e.ExternalAccountAuthorizedUserClient=class extends n.AuthClient{cachedAccessToken;externalAccountAuthorizedUserHandler;refreshToken;constructor(e){super(e),e.universe_domain&&(this.universeDomain=e.universe_domain),this.refreshToken=e.refresh_token;let t={confidentialClientType:`basic`,clientId:e.client_id,clientSecret:e.client_secret};this.externalAccountAuthorizedUserHandler=new s({tokenRefreshEndpoint:e.token_url??`https://sts.{universeDomain}/v1/oauthtoken`.replace(`{universeDomain}`,this.universeDomain),transporter:this.transporter,clientAuthentication:t}),this.cachedAccessToken=null,this.quotaProjectId=e.quota_project_id,typeof e?.eagerRefreshThresholdMillis==`number`?this.eagerRefreshThresholdMillis=e.eagerRefreshThresholdMillis:this.eagerRefreshThresholdMillis=o.EXPIRATION_TIME_OFFSET,this.forceRefreshOnFailure=!!e?.forceRefreshOnFailure}async getAccessToken(){return(!this.cachedAccessToken||this.isExpired(this.cachedAccessToken))&&await this.refreshAccessTokenAsync(),{token:this.cachedAccessToken.access_token,res:this.cachedAccessToken.res}}async getRequestHeaders(){let e=await this.getAccessToken(),t=new Headers({authorization:`Bearer ${e.token}`});return this.addSharedMetadataHeaders(t)}request(e,t){if(t)this.requestAsync(e).then(e=>t(null,e),e=>t(e,e.response));else return this.requestAsync(e)}async requestAsync(e,t=!1){let n;try{let t=await this.getRequestHeaders();e.headers=i.Gaxios.mergeHeaders(e.headers),this.addUserProjectAndAuthHeaders(e.headers,t),n=await this.transporter.request(e)}catch(n){let r=n.response;if(r){let n=r.status,i=r.config.data instanceof a.Readable;if(!t&&(n===401||n===403)&&!i&&this.forceRefreshOnFailure)return await this.refreshAccessTokenAsync(),await this.requestAsync(e,!0)}throw n}return n}async refreshAccessTokenAsync(){let e=await this.externalAccountAuthorizedUserHandler.refreshToken(this.refreshToken);return this.cachedAccessToken={access_token:e.access_token,expiry_date:new Date().getTime()+e.expires_in*1e3,res:e.res},e.refresh_token!==void 0&&(this.refreshToken=e.refresh_token),this.cachedAccessToken}isExpired(e){let t=new Date().getTime();return e.expiry_date?t>=e.expiry_date-this.eagerRefreshThresholdMillis:!1}}})),ze=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.GoogleAuth=e.GoogleAuthExceptionMessages=void 0;let n=t(`child_process`),r=t(`fs`),i=D(),a=A(),o=t(`os`),s=t(`path`),c=ae(),l=ue(),u=de(),d=fe(),f=xe(),p=Se(),m=Ce(),h=Le(),g=Ee(),_=M(),v=Re(),y=j();e.GoogleAuthExceptionMessages={API_KEY_WITH_CREDENTIALS:`API Keys and Credentials are mutually exclusive authentication methods and cannot be used together.`,NO_PROJECT_ID_FOUND:`Unable to detect a Project Id in the current environment.
3
+ `;yield n}static#a;static#o;static async#s(){return this.#a||=(await import(`./dist-BUE_cxIa.mjs`).then(t=>e(t.t()))).HttpsProxyAgent,this.#a}static async#c(){let e=typeof window<`u`&&!!window;return this.#o||=e?window.fetch:(await import(`./src-C9CsRdwI.mjs`)).default,this.#o}static mergeHeaders(e,...t){e=e instanceof Headers?e:new Headers(e);for(let n of t)(n instanceof Headers?n:new Headers(n)).forEach((t,n)=>{n===`set-cookie`?e.append(n,t):e.set(n,t)});return e}};n.Gaxios=p,i=p})),D=n((e=>{var t=e&&e.__createBinding||(Object.create?(function(e,t,n,r){r===void 0&&(r=n);var i=Object.getOwnPropertyDescriptor(t,n);(!i||(`get`in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,i)}):(function(e,t,n,r){r===void 0&&(r=n),e[r]=t[n]})),n=e&&e.__exportStar||function(e,n){for(var r in e)r!==`default`&&!Object.prototype.hasOwnProperty.call(n,r)&&t(n,e,r)};Object.defineProperty(e,`__esModule`,{value:!0}),e.instance=e.Gaxios=e.GaxiosError=void 0,e.request=a;let r=E();Object.defineProperty(e,`Gaxios`,{enumerable:!0,get:function(){return r.Gaxios}});var i=C();Object.defineProperty(e,`GaxiosError`,{enumerable:!0,get:function(){return i.GaxiosError}}),n(T(),e),e.instance=new r.Gaxios;async function a(t){return e.instance.request(t)}})),O=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.GCE_LINUX_BIOS_PATHS=void 0,e.isGoogleCloudServerless=a,e.isGoogleComputeEngineLinux=o,e.isGoogleComputeEngineMACAddress=s,e.isGoogleComputeEngine=c,e.detectGCPResidency=l;let n=t(`fs`),r=t(`os`);e.GCE_LINUX_BIOS_PATHS={BIOS_DATE:`/sys/class/dmi/id/bios_date`,BIOS_VENDOR:`/sys/class/dmi/id/bios_vendor`};let i=/^42:01/;function a(){return!!(process.env.CLOUD_RUN_JOB||process.env.FUNCTION_NAME||process.env.K_SERVICE)}function o(){if((0,r.platform)()!==`linux`)return!1;try{(0,n.statSync)(e.GCE_LINUX_BIOS_PATHS.BIOS_DATE);let t=(0,n.readFileSync)(e.GCE_LINUX_BIOS_PATHS.BIOS_VENDOR,`utf8`);return/Google/.test(t)}catch{return!1}}function s(){let e=(0,r.networkInterfaces)();for(let t of Object.values(e))if(t){for(let{mac:e}of t)if(i.test(e))return!0}return!1}function c(){return o()||s()}function l(){return a()||c()}})),k=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.Colours=void 0;var t=class e{static isEnabled(e){return e&&e.isTTY&&(typeof e.getColorDepth==`function`?e.getColorDepth()>2:!0)}static refresh(){e.enabled=e.isEnabled(process==null?void 0:process.stderr),this.enabled?(e.reset=`\x1B[0m`,e.bright=`\x1B[1m`,e.dim=`\x1B[2m`,e.red=`\x1B[31m`,e.green=`\x1B[32m`,e.yellow=`\x1B[33m`,e.blue=`\x1B[34m`,e.magenta=`\x1B[35m`,e.cyan=`\x1B[36m`,e.white=`\x1B[37m`,e.grey=`\x1B[90m`):(e.reset=``,e.bright=``,e.dim=``,e.red=``,e.green=``,e.yellow=``,e.blue=``,e.magenta=``,e.cyan=``,e.white=``,e.grey=``)}};e.Colours=t,t.enabled=!1,t.reset=``,t.bright=``,t.dim=``,t.red=``,t.green=``,t.yellow=``,t.blue=``,t.magenta=``,t.cyan=``,t.white=``,t.grey=``,t.refresh()})),ee=n((e=>{var n=e&&e.__createBinding||(Object.create?(function(e,t,n,r){r===void 0&&(r=n);var i=Object.getOwnPropertyDescriptor(t,n);(!i||(`get`in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,i)}):(function(e,t,n,r){r===void 0&&(r=n),e[r]=t[n]})),r=e&&e.__setModuleDefault||(Object.create?(function(e,t){Object.defineProperty(e,`default`,{enumerable:!0,value:t})}):function(e,t){e.default=t}),i=e&&e.__importStar||(function(){var e=function(t){return e=Object.getOwnPropertyNames||function(e){var t=[];for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[t.length]=n);return t},e(t)};return function(t){if(t&&t.__esModule)return t;var i={};if(t!=null)for(var a=e(t),o=0;o<a.length;o++)a[o]!==`default`&&n(i,t,a[o]);return r(i,t),i}})();Object.defineProperty(e,`__esModule`,{value:!0}),e.env=e.DebugLogBackendBase=e.placeholder=e.AdhocDebugLogger=e.LogSeverity=void 0,e.getNodeBackend=p,e.getDebugBackend=h,e.getStructuredBackend=_,e.setBackend=b,e.log=x;let a=t(`events`),o=i(t(`process`)),s=i(t(`util`)),c=k();var l;(function(e){e.DEFAULT=`DEFAULT`,e.DEBUG=`DEBUG`,e.INFO=`INFO`,e.WARNING=`WARNING`,e.ERROR=`ERROR`})(l||(e.LogSeverity=l={}));var u=class extends a.EventEmitter{constructor(e,t){super(),this.namespace=e,this.upstream=t,this.func=Object.assign(this.invoke.bind(this),{instance:this,on:(e,t)=>this.on(e,t)}),this.func.debug=(...e)=>this.invokeSeverity(l.DEBUG,...e),this.func.info=(...e)=>this.invokeSeverity(l.INFO,...e),this.func.warn=(...e)=>this.invokeSeverity(l.WARNING,...e),this.func.error=(...e)=>this.invokeSeverity(l.ERROR,...e),this.func.sublog=e=>x(e,this.func)}invoke(e,...t){if(this.upstream)try{this.upstream(e,...t)}catch{}try{this.emit(`log`,e,t)}catch{}}invokeSeverity(e,...t){this.invoke({severity:e},...t)}};e.AdhocDebugLogger=u,e.placeholder=new u(``,()=>{}).func;var d=class{constructor(){this.cached=new Map,this.filters=[],this.filtersSet=!1;let t=o.env[e.env.nodeEnables]??`*`;t===`all`&&(t=`*`),this.filters=t.split(`,`)}log(e,t,...n){try{this.filtersSet||=(this.setFilters(),!0);let r=this.cached.get(e);r||(r=this.makeLogger(e),this.cached.set(e,r)),r(t,...n)}catch(e){console.error(e)}}};e.DebugLogBackendBase=d;var f=class extends d{constructor(){super(...arguments),this.enabledRegexp=/.*/g}isEnabled(e){return this.enabledRegexp.test(e)}makeLogger(e){return this.enabledRegexp.test(e)?(t,...n)=>{let r=`${c.Colours.green}${e}${c.Colours.reset}`,i=`${c.Colours.yellow}${o.pid}${c.Colours.reset}`,a;switch(t.severity){case l.ERROR:a=`${c.Colours.red}${t.severity}${c.Colours.reset}`;break;case l.INFO:a=`${c.Colours.magenta}${t.severity}${c.Colours.reset}`;break;case l.WARNING:a=`${c.Colours.yellow}${t.severity}${c.Colours.reset}`;break;default:a=t.severity??l.DEFAULT;break}let u=s.formatWithOptions({colors:c.Colours.enabled},...n),d=Object.assign({},t);delete d.severity;let f=Object.getOwnPropertyNames(d).length?JSON.stringify(d):``,p=f?`${c.Colours.grey}${f}${c.Colours.reset}`:``;console.error(`%s [%s|%s] %s%s`,i,r,a,u,f?` ${p}`:``)}:()=>{}}setFilters(){let e=this.filters.join(`,`).replace(/[|\\{}()[\]^$+?.]/g,`\\$&`).replace(/\*/g,`.*`).replace(/,/g,`$|^`);this.enabledRegexp=RegExp(`^${e}$`,`i`)}};function p(){return new f}var m=class extends d{constructor(e){super(),this.debugPkg=e}makeLogger(e){let t=this.debugPkg(e);return(e,...n)=>{t(n[0],...n.slice(1))}}setFilters(){let e=o.env.NODE_DEBUG??``;o.env.NODE_DEBUG=`${e}${e?`,`:``}${this.filters.join(`,`)}`}};function h(e){return new m(e)}var g=class extends d{constructor(e){super(),this.upstream=e??void 0}makeLogger(e){let t=this.upstream?.makeLogger(e);return(e,...n)=>{let r=e.severity??l.INFO,i=Object.assign({severity:r,message:s.format(...n)},e),a=JSON.stringify(i);t?t(e,a):console.log(`%s`,a)}}setFilters(){var e;(e=this.upstream)==null||e.setFilters()}};function _(e){return new g(e)}e.env={nodeEnables:`GOOGLE_SDK_NODE_LOGGING`};let v=new Map,y;function b(e){y=e,v.clear()}function x(t,n){if(!y&&!o.env[e.env.nodeEnables]||!t)return e.placeholder;n&&(t=`${n.instance.namespace}:${t}`);let r=v.get(t);if(r)return r.func;if(y===null)return e.placeholder;y===void 0&&(y=p());let i=(()=>{let e;return new u(t,(n,...r)=>{if(e!==y){if(y===null)return;y===void 0&&(y=p()),e=y}y?.log(t,n,...r)})})();return v.set(t,i),i.func}})),te=n((e=>{var t=e&&e.__createBinding||(Object.create?(function(e,t,n,r){r===void 0&&(r=n);var i=Object.getOwnPropertyDescriptor(t,n);(!i||(`get`in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,i)}):(function(e,t,n,r){r===void 0&&(r=n),e[r]=t[n]})),n=e&&e.__exportStar||function(e,n){for(var r in e)r!==`default`&&!Object.prototype.hasOwnProperty.call(n,r)&&t(n,e,r)};Object.defineProperty(e,`__esModule`,{value:!0}),n(ee(),e)})),A=n((e=>{var t=e&&e.__createBinding||(Object.create?(function(e,t,n,r){r===void 0&&(r=n);var i=Object.getOwnPropertyDescriptor(t,n);(!i||(`get`in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,i)}):(function(e,t,n,r){r===void 0&&(r=n),e[r]=t[n]})),n=e&&e.__setModuleDefault||(Object.create?(function(e,t){Object.defineProperty(e,`default`,{enumerable:!0,value:t})}):function(e,t){e.default=t}),r=e&&e.__importStar||(function(){var e=function(t){return e=Object.getOwnPropertyNames||function(e){var t=[];for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[t.length]=n);return t},e(t)};return function(r){if(r&&r.__esModule)return r;var i={};if(r!=null)for(var a=e(r),o=0;o<a.length;o++)a[o]!==`default`&&t(i,r,a[o]);return n(i,r),i}})(),i=e&&e.__exportStar||function(e,n){for(var r in e)r!==`default`&&!Object.prototype.hasOwnProperty.call(n,r)&&t(n,e,r)};Object.defineProperty(e,`__esModule`,{value:!0}),e.gcpResidencyCache=e.METADATA_SERVER_DETECTION=e.HEADERS=e.HEADER_VALUE=e.HEADER_NAME=e.SECONDARY_HOST_ADDRESS=e.HOST_ADDRESS=e.BASE_PATH=void 0,e.instance=h,e.project=g,e.universe=_,e.bulk=v,e.isAvailable=x,e.resetIsAvailableCache=S,e.getGCPResidency=C,e.setGCPResidency=w,e.requestTimeout=T;let a=D(),s=o(),c=O(),l=r(te());e.BASE_PATH=`/computeMetadata/v1`,e.HOST_ADDRESS=`http://169.254.169.254`,e.SECONDARY_HOST_ADDRESS=`http://metadata.google.internal.`,e.HEADER_NAME=`Metadata-Flavor`,e.HEADER_VALUE=`Google`,e.HEADERS=Object.freeze({[e.HEADER_NAME]:e.HEADER_VALUE});let u=l.log(`gcp-metadata`);e.METADATA_SERVER_DETECTION=Object.freeze({"assume-present":`don't try to ping the metadata server, but assume it's present`,none:`don't try to ping the metadata server, but don't try to use it either`,"bios-only":`treat the result of a BIOS probe as canonical (don't fall back to pinging)`,"ping-only":`skip the BIOS probe, and go straight to pinging`});function d(t){return t||=process.env.GCE_METADATA_IP||process.env.GCE_METADATA_HOST||e.HOST_ADDRESS,/^https?:\/\//.test(t)||(t=`http://${t}`),new URL(e.BASE_PATH,t).href}function f(e){Object.keys(e).forEach(e=>{switch(e){case`params`:case`property`:case`headers`:break;case`qs`:throw Error(`'qs' is not a valid configuration option. Please use 'params' instead.`);default:throw Error(`'${e}' is not a valid configuration option.`)}})}async function p(t,n={},r=3,i=!1){let o=new Headers(e.HEADERS),c=``,l={};if(typeof t==`object`){let e=t;new Headers(e.headers).forEach((e,t)=>o.set(t,e)),c=e.metadataKey,l=e.params||l,r=e.noResponseRetries||r,i=e.fastFail||i}else c=t;typeof n==`string`?c+=`/${n}`:(f(n),n.property&&(c+=`/${n.property}`),new Headers(n.headers).forEach((e,t)=>o.set(t,e)),l=n.params||l);let p=i?m:a.request,h={url:`${d()}/${c}`,headers:o,retryConfig:{noResponseRetries:r},params:l,responseType:`text`,timeout:T()};u.info(`instance request %j`,h);let g=await p(h);u.info(`instance metadata is %s`,g.data);let _=g.headers.get(e.HEADER_NAME);if(_!==e.HEADER_VALUE)throw RangeError(`Invalid response from metadata service: incorrect ${e.HEADER_NAME} header. Expected '${e.HEADER_VALUE}', got ${_?`'${_}'`:`no header`}`);if(typeof g.data==`string`)try{return s.parse(g.data)}catch{}return g.data}async function m(t){let n={...t,url:t.url?.toString().replace(d(),d(e.SECONDARY_HOST_ADDRESS))},r=(0,a.request)(t),i=(0,a.request)(n);return Promise.any([r,i])}function h(e){return p(`instance`,e)}function g(e){return p(`project`,e)}function _(e){return p(`universe`,e)}async function v(e){let t={};return await Promise.all(e.map(e=>(async()=>{let n=await p(e),r=e.metadataKey;t[r]=n})())),t}function y(){return process.env.DETECT_GCP_RETRIES?Number(process.env.DETECT_GCP_RETRIES):0}let b;async function x(){if(process.env.METADATA_SERVER_DETECTION){let t=process.env.METADATA_SERVER_DETECTION.trim().toLocaleLowerCase();if(!(t in e.METADATA_SERVER_DETECTION))throw RangeError(`Unknown \`METADATA_SERVER_DETECTION\` env variable. Got \`${t}\`, but it should be \`${Object.keys(e.METADATA_SERVER_DETECTION).join("`, `")}\`, or unset`);switch(t){case`assume-present`:return!0;case`none`:return!1;case`bios-only`:return C();case`ping-only`:}}try{return b===void 0&&(b=p(`instance`,void 0,y(),!(process.env.GCE_METADATA_IP||process.env.GCE_METADATA_HOST))),await b,!0}catch(e){let t=e;if(process.env.DEBUG_AUTH&&console.info(t),t.type===`request-timeout`||t.response&&t.response.status===404)return!1;if(!(t.response&&t.response.status===404)&&(!t.code||![`EHOSTDOWN`,`EHOSTUNREACH`,`ENETUNREACH`,`ENOENT`,`ENOTFOUND`,`ECONNREFUSED`].includes(t.code.toString()))){let e=`UNKNOWN`;t.code&&(e=t.code.toString()),process.emitWarning(`received unexpected error = ${t.message} code = ${e}`,`MetadataLookupWarning`)}return!1}}function S(){b=void 0}e.gcpResidencyCache=null;function C(){return e.gcpResidencyCache===null&&w(),e.gcpResidencyCache}function w(t=null){e.gcpResidencyCache=t===null?(0,c.detectGCPResidency)():t}function T(){return C()?0:3e3}i(O(),e)})),ne=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.fromArrayBufferToHex=t;function t(e){return Array.from(new Uint8Array(e)).map(e=>e.toString(16).padStart(2,`0`)).join(``)}})),re=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.BrowserCrypto=void 0;let t=c(),n=ne();e.BrowserCrypto=class e{constructor(){if(typeof window>`u`||window.crypto===void 0||window.crypto.subtle===void 0)throw Error(`SubtleCrypto not found. Make sure it's an https:// website.`)}async sha256DigestBase64(e){let n=new TextEncoder().encode(e),r=await window.crypto.subtle.digest(`SHA-256`,n);return t.fromByteArray(new Uint8Array(r))}randomBytesBase64(e){let n=new Uint8Array(e);return window.crypto.getRandomValues(n),t.fromByteArray(n)}static padBase64(e){for(;e.length%4!=0;)e+=`=`;return e}async verify(n,r,i){let a={name:`RSASSA-PKCS1-v1_5`,hash:{name:`SHA-256`}},o=new TextEncoder().encode(r),s=t.toByteArray(e.padBase64(i)),c=await window.crypto.subtle.importKey(`jwk`,n,a,!0,[`verify`]);return await window.crypto.subtle.verify(a,c,Buffer.from(s),o)}async sign(e,n){let r={name:`RSASSA-PKCS1-v1_5`,hash:{name:`SHA-256`}},i=new TextEncoder().encode(n),a=await window.crypto.subtle.importKey(`jwk`,e,r,!0,[`sign`]),o=await window.crypto.subtle.sign(r,a,i);return t.fromByteArray(new Uint8Array(o))}decodeBase64StringUtf8(n){let r=t.toByteArray(e.padBase64(n));return new TextDecoder().decode(r)}encodeBase64StringUtf8(e){let n=new TextEncoder().encode(e);return t.fromByteArray(n)}async sha256DigestHex(e){let t=new TextEncoder().encode(e),r=await window.crypto.subtle.digest(`SHA-256`,t);return(0,n.fromArrayBufferToHex)(r)}async signWithHmacSha256(e,t){let n=typeof e==`string`?e:String.fromCharCode(...new Uint16Array(e)),r=new TextEncoder,i=await window.crypto.subtle.importKey(`raw`,r.encode(n),{name:`HMAC`,hash:{name:`SHA-256`}},!1,[`sign`]);return window.crypto.subtle.sign(`HMAC`,i,r.encode(t))}}})),ie=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.NodeCrypto=void 0;let n=t(`crypto`);e.NodeCrypto=class{async sha256DigestBase64(e){return n.createHash(`sha256`).update(e).digest(`base64`)}randomBytesBase64(e){return n.randomBytes(e).toString(`base64`)}async verify(e,t,r){let i=n.createVerify(`RSA-SHA256`);return i.update(t),i.end(),i.verify(e,r,`base64`)}async sign(e,t){let r=n.createSign(`RSA-SHA256`);return r.update(t),r.end(),r.sign(e,`base64`)}decodeBase64StringUtf8(e){return Buffer.from(e,`base64`).toString(`utf-8`)}encodeBase64StringUtf8(e){return Buffer.from(e,`utf-8`).toString(`base64`)}async sha256DigestHex(e){return n.createHash(`sha256`).update(e).digest(`hex`)}async signWithHmacSha256(e,t){let a=typeof e==`string`?e:i(e);return r(n.createHmac(`sha256`,a).update(t).digest())}};function r(e){let t=new ArrayBuffer(e.length),n=new Uint8Array(t);for(let t=0;t<e.length;++t)n[t]=e[t];return t}function i(e){return Buffer.from(e)}})),ae=n((e=>{var t=e&&e.__createBinding||(Object.create?(function(e,t,n,r){r===void 0&&(r=n);var i=Object.getOwnPropertyDescriptor(t,n);(!i||(`get`in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,i)}):(function(e,t,n,r){r===void 0&&(r=n),e[r]=t[n]})),n=e&&e.__exportStar||function(e,n){for(var r in e)r!==`default`&&!Object.prototype.hasOwnProperty.call(n,r)&&t(n,e,r)};Object.defineProperty(e,`__esModule`,{value:!0}),e.createCrypto=a,e.hasBrowserCrypto=o;let r=re(),i=ie();n(ne(),e);function a(){return o()?new r.BrowserCrypto:new i.NodeCrypto}function o(){return typeof window<`u`&&window.crypto!==void 0&&window.crypto.subtle!==void 0}})),j=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.LRUCache=void 0,e.snakeToCamel=o,e.originalOrCamelOptions=s,e.removeUndefinedValuesInObject=c,e.isValidFile=l,e.getWellKnownCertificateConfigFileLocation=u;let n=t(`fs`),r=t(`os`),i=t(`path`),a=`gcloud`;function o(e){return e.replace(/([_][^_])/g,e=>e.slice(1).toUpperCase())}function s(e){function t(t){let n=e||{};return n[t]??n[o(t)]}return{get:t}}e.LRUCache=class{capacity;#e=new Map;maxAge;constructor(e){this.capacity=e.capacity,this.maxAge=e.maxAge}#t(e,t){this.#e.delete(e),this.#e.set(e,{value:t,lastAccessed:Date.now()})}set(e,t){this.#t(e,t),this.#n()}get(e){let t=this.#e.get(e);if(t)return this.#t(e,t.value),this.#n(),t.value}#n(){let e=this.maxAge?Date.now()-this.maxAge:0,t=this.#e.entries().next();for(;!t.done&&(this.#e.size>this.capacity||t.value[1].lastAccessed<e);)this.#e.delete(t.value[0]),t=this.#e.entries().next()}};function c(e){return Object.entries(e).forEach(([t,n])=>{(n===void 0||n===`undefined`)&&delete e[t]}),e}async function l(e){try{return(await n.promises.lstat(e)).isFile()}catch{return!1}}function u(){let e=process.env.CLOUDSDK_CONFIG||(d()?i.join(process.env.APPDATA||``,a):i.join(process.env.HOME||``,`.config`,a));return i.join(e,`certificate_config.json`)}function d(){return r.platform().startsWith(`win`)}})),oe=n(((e,t)=>{t.exports={name:`google-auth-library`,version:`10.6.2`,author:`Google Inc.`,description:`Google APIs Authentication Client Library for Node.js`,engines:{node:`>=18`},main:`./build/src/index.js`,types:`./build/src/index.d.ts`,repository:{type:`git`,directory:`packages/google-auth-library-nodejs`,url:`https://github.com/googleapis/google-cloud-node-core.git`},keywords:[`google`,`api`,`google apis`,`client`,`client library`],dependencies:{"base64-js":`^1.3.0`,"ecdsa-sig-formatter":`^1.0.11`,gaxios:`^7.1.4`,"gcp-metadata":`8.1.2`,"google-logging-utils":`1.1.3`,jws:`^4.0.0`},devDependencies:{"@types/base64-js":`^1.2.5`,"@types/jws":`^3.1.0`,"@types/mocha":`^10.0.10`,"@types/mv":`^2.1.0`,"@types/ncp":`^2.0.8`,"@types/node":`^24.0.0`,"@types/sinon":`^21.0.0`,"assert-rejects":`^1.0.0`,c8:`^10.1.3`,codecov:`^3.8.3`,gts:`^6.0.2`,"is-docker":`^3.0.0`,jsdoc:`^4.0.4`,"jsdoc-fresh":`^5.0.0`,"jsdoc-region-tag":`^4.0.0`,karma:`^6.0.0`,"karma-chrome-launcher":`^3.0.0`,"karma-coverage":`^2.0.0`,"karma-firefox-launcher":`^2.0.0`,"karma-mocha":`^2.0.0`,"karma-sourcemap-loader":`^0.4.0`,"karma-webpack":`^5.0.1`,keypair:`^1.0.4`,mocha:`^11.1.0`,mv:`^2.1.1`,ncp:`^2.0.0`,nock:`^14.0.5`,"null-loader":`^4.0.1`,puppeteer:`^24.0.0`,sinon:`^21.0.0`,"ts-loader":`^9.5.2`,typescript:`5.8.3`,webpack:`^5.97.1`,"webpack-cli":`^6.0.1`},files:[`build/src`,`!build/src/**/*.map`],scripts:{test:`c8 mocha build/test`,clean:`gts clean`,prepare:`npm run compile`,lint:`gts check --no-inline-config`,compile:`tsc -p .`,fix:`gts fix`,pretest:`npm run compile -- --sourceMap`,docs:`jsdoc -c .jsdoc.js`,"samples-setup":`cd samples/ && npm link ../ && npm run setup && cd ../`,"samples-test":`cd samples/ && npm link ../ && npm test && cd ../`,"system-test":`mocha build/system-test --timeout 60000`,"presystem-test":`npm run compile -- --sourceMap`,webpack:`webpack`,"browser-test":`karma start`,"docs-test":`echo 'disabled until linkinator is fixed'`,"predocs-test":`npm run docs`,prelint:`cd samples; npm link ../; npm install`},license:`Apache-2.0`,homepage:`https://github.com/googleapis/google-cloud-node-core/tree/main/packages/google-auth-library-nodejs`}})),se=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.USER_AGENT=e.PRODUCT_NAME=e.pkg=void 0;let t=oe();e.pkg=t;let n=`google-api-nodejs-client`;e.PRODUCT_NAME=n,e.USER_AGENT=`${n}/${t.version}`})),M=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.AuthClient=e.DEFAULT_EAGER_REFRESH_THRESHOLD_MILLIS=e.DEFAULT_UNIVERSE=void 0;let n=t(`events`),r=D(),i=j(),a=te(),o=se();e.DEFAULT_UNIVERSE=`googleapis.com`,e.DEFAULT_EAGER_REFRESH_THRESHOLD_MILLIS=300*1e3,e.AuthClient=class t extends n.EventEmitter{apiKey;projectId;quotaProjectId;transporter;credentials={};eagerRefreshThresholdMillis=e.DEFAULT_EAGER_REFRESH_THRESHOLD_MILLIS;forceRefreshOnFailure=!1;universeDomain=e.DEFAULT_UNIVERSE;static RequestMethodNameSymbol=Symbol(`request method name`);static RequestLogIdSymbol=Symbol(`request log id`);constructor(n={}){super();let a=(0,i.originalOrCamelOptions)(n);this.apiKey=n.apiKey,this.projectId=a.get(`project_id`)??null,this.quotaProjectId=a.get(`quota_project_id`),this.credentials=a.get(`credentials`)??{},this.universeDomain=a.get(`universe_domain`)??e.DEFAULT_UNIVERSE,this.transporter=n.transporter??new r.Gaxios(n.transporterOptions),a.get(`useAuthRequestParameters`)!==!1&&(this.transporter.interceptors.request.add(t.DEFAULT_REQUEST_INTERCEPTOR),this.transporter.interceptors.response.add(t.DEFAULT_RESPONSE_INTERCEPTOR)),n.eagerRefreshThresholdMillis&&(this.eagerRefreshThresholdMillis=n.eagerRefreshThresholdMillis),this.forceRefreshOnFailure=n.forceRefreshOnFailure??!1}fetch(...e){let t=e[0],n=e[1],i,a=new Headers;return typeof t==`string`?i=new URL(t):t instanceof URL?i=t:t&&t.url&&(i=new URL(t.url)),t&&typeof t==`object`&&`headers`in t&&r.Gaxios.mergeHeaders(a,t.headers),n&&r.Gaxios.mergeHeaders(a,new Headers(n.headers)),typeof t==`object`&&!(t instanceof URL)?this.request({...n,...t,headers:a,url:i}):this.request({...n,headers:a,url:i})}setCredentials(e){this.credentials=e}addSharedMetadataHeaders(e){return!e.has(`x-goog-user-project`)&&this.quotaProjectId&&e.set(`x-goog-user-project`,this.quotaProjectId),e}addUserProjectAndAuthHeaders(e,t){let n=t.get(`x-goog-user-project`),r=t.get(`authorization`);return n&&e.set(`x-goog-user-project`,n),r&&e.set(`authorization`,r),e}static log=(0,a.log)(`auth`);static DEFAULT_REQUEST_INTERCEPTOR={resolved:async e=>{if(!e.headers.has(`x-goog-api-client`)){let t=process.version.replace(/^v/,``);e.headers.set(`x-goog-api-client`,`gl-node/${t}`)}let n=e.headers.get(`User-Agent`);n?n.includes(`${o.PRODUCT_NAME}/`)||e.headers.set(`User-Agent`,`${n} ${o.USER_AGENT}`):e.headers.set(`User-Agent`,o.USER_AGENT);try{let n=e,r=n[t.RequestMethodNameSymbol],i=`${Math.floor(Math.random()*1e3)}`;n[t.RequestLogIdSymbol]=i;let a={url:e.url,headers:e.headers};r?t.log.info(`%s [%s] request %j`,r,i,a):t.log.info(`[%s] request %j`,i,a)}catch{}return e}};static DEFAULT_RESPONSE_INTERCEPTOR={resolved:async e=>{try{let n=e.config,r=n[t.RequestMethodNameSymbol],i=n[t.RequestLogIdSymbol];r?t.log.info(`%s [%s] response %j`,r,i,e.data):t.log.info(`[%s] response %j`,i,e.data)}catch{}return e},rejected:async e=>{try{let n=e.config,r=n[t.RequestMethodNameSymbol],i=n[t.RequestLogIdSymbol];r?t.log.info(`%s [%s] error %j`,r,i,e.response?.data):t.log.error(`[%s] error %j`,i,e.response?.data)}catch{}throw e}};static setMethodName(e,n){try{let r=e;r[t.RequestMethodNameSymbol]=n}catch{}}static get RETRY_CONFIG(){return{retry:!0,retryConfig:{httpMethodsToRetry:[`GET`,`PUT`,`POST`,`HEAD`,`OPTIONS`,`DELETE`]}}}}})),ce=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.LoginTicket=void 0,e.LoginTicket=class{envelope;payload;constructor(e,t){this.envelope=e,this.payload=t}getEnvelope(){return this.envelope}getPayload(){return this.payload}getUserId(){let e=this.getPayload();return e&&e.sub?e.sub:null}getAttributes(){return{envelope:this.getEnvelope(),payload:this.getPayload()}}}})),le=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.OAuth2Client=e.ClientAuthentication=e.CertificateFormat=e.CodeChallengeMethod=void 0;let n=D(),r=t(`querystring`),i=t(`stream`),a=s(),o=j(),c=ae(),l=M(),u=ce();var d;(function(e){e.Plain=`plain`,e.S256=`S256`})(d||(e.CodeChallengeMethod=d={}));var f;(function(e){e.PEM=`PEM`,e.JWK=`JWK`})(f||(e.CertificateFormat=f={}));var p;(function(e){e.ClientSecretPost=`ClientSecretPost`,e.ClientSecretBasic=`ClientSecretBasic`,e.None=`None`})(p||(e.ClientAuthentication=p={})),e.OAuth2Client=class e extends l.AuthClient{redirectUri;certificateCache={};certificateExpiry=null;certificateCacheFormat=f.PEM;refreshTokenPromises=new Map;endpoints;issuers;clientAuthentication;_clientId;_clientSecret;refreshHandler;constructor(e={},t,n){super(typeof e==`object`?e:{}),typeof e!=`object`&&(e={clientId:e,clientSecret:t,redirectUri:n}),this._clientId=e.clientId||e.client_id,this._clientSecret=e.clientSecret||e.client_secret,this.redirectUri=e.redirectUri||e.redirect_uris?.[0],this.endpoints={tokenInfoUrl:`https://oauth2.googleapis.com/tokeninfo`,oauth2AuthBaseUrl:`https://accounts.google.com/o/oauth2/v2/auth`,oauth2TokenUrl:`https://oauth2.googleapis.com/token`,oauth2RevokeUrl:`https://oauth2.googleapis.com/revoke`,oauth2FederatedSignonPemCertsUrl:`https://www.googleapis.com/oauth2/v1/certs`,oauth2FederatedSignonJwkCertsUrl:`https://www.googleapis.com/oauth2/v3/certs`,oauth2IapPublicKeyUrl:`https://www.gstatic.com/iap/verify/public_key`,...e.endpoints},this.clientAuthentication=e.clientAuthentication||p.ClientSecretPost,this.issuers=e.issuers||[`accounts.google.com`,`https://accounts.google.com`,this.universeDomain]}static GOOGLE_TOKEN_INFO_URL=`https://oauth2.googleapis.com/tokeninfo`;static CLOCK_SKEW_SECS_=300;static DEFAULT_MAX_TOKEN_LIFETIME_SECS_=86400;generateAuthUrl(e={}){if(e.code_challenge_method&&!e.code_challenge)throw Error(`If a code_challenge_method is provided, code_challenge must be included.`);return e.response_type=e.response_type||`code`,e.client_id=e.client_id||this._clientId,e.redirect_uri=e.redirect_uri||this.redirectUri,Array.isArray(e.scope)&&(e.scope=e.scope.join(` `)),this.endpoints.oauth2AuthBaseUrl.toString()+`?`+r.stringify(e)}generateCodeVerifier(){throw Error(`generateCodeVerifier is removed, please use generateCodeVerifierAsync instead.`)}async generateCodeVerifierAsync(){let e=(0,c.createCrypto)(),t=e.randomBytesBase64(96).replace(/\+/g,`~`).replace(/=/g,`_`).replace(/\//g,`-`);return{codeVerifier:t,codeChallenge:(await e.sha256DigestBase64(t)).split(`=`)[0].replace(/\+/g,`-`).replace(/\//g,`_`)}}getToken(e,t){let n=typeof e==`string`?{code:e}:e;if(t)this.getTokenAsync(n).then(e=>t(null,e.tokens,e.res),e=>t(e,null,e.response));else return this.getTokenAsync(n)}async getTokenAsync(t){let n=this.endpoints.oauth2TokenUrl.toString(),r=new Headers,i={client_id:t.client_id||this._clientId,code_verifier:t.codeVerifier,code:t.code,grant_type:`authorization_code`,redirect_uri:t.redirect_uri||this.redirectUri};if(this.clientAuthentication===p.ClientSecretBasic){let e=Buffer.from(`${this._clientId}:${this._clientSecret}`);r.set(`authorization`,`Basic ${e.toString(`base64`)}`)}this.clientAuthentication===p.ClientSecretPost&&(i.client_secret=this._clientSecret);let a={...e.RETRY_CONFIG,method:`POST`,url:n,data:new URLSearchParams((0,o.removeUndefinedValuesInObject)(i)),headers:r};l.AuthClient.setMethodName(a,`getTokenAsync`);let s=await this.transporter.request(a),c=s.data;return s.data&&s.data.expires_in&&(c.expiry_date=new Date().getTime()+s.data.expires_in*1e3,delete c.expires_in),this.emit(`tokens`,c),{tokens:c,res:s}}async refreshToken(e){if(!e)return this.refreshTokenNoCache(e);if(this.refreshTokenPromises.has(e))return this.refreshTokenPromises.get(e);let t=this.refreshTokenNoCache(e).then(t=>(this.refreshTokenPromises.delete(e),t),t=>{throw this.refreshTokenPromises.delete(e),t});return this.refreshTokenPromises.set(e,t),t}async refreshTokenNoCache(t){if(!t)throw Error(`No refresh token is set.`);let r=this.endpoints.oauth2TokenUrl.toString(),i={refresh_token:t,client_id:this._clientId,client_secret:this._clientSecret,grant_type:`refresh_token`},a;try{let t={...e.RETRY_CONFIG,method:`POST`,url:r,data:new URLSearchParams((0,o.removeUndefinedValuesInObject)(i))};l.AuthClient.setMethodName(t,`refreshTokenNoCache`),a=await this.transporter.request(t)}catch(e){throw e instanceof n.GaxiosError&&e.message===`invalid_grant`&&e.response?.data&&/ReAuth/i.test(e.response.data.error_description)&&(e.message=JSON.stringify(e.response.data)),e}let s=a.data;return a.data&&a.data.expires_in&&(s.expiry_date=new Date().getTime()+a.data.expires_in*1e3,delete s.expires_in),this.emit(`tokens`,s),{tokens:s,res:a}}refreshAccessToken(e){if(e)this.refreshAccessTokenAsync().then(t=>e(null,t.credentials,t.res),e);else return this.refreshAccessTokenAsync()}async refreshAccessTokenAsync(){let e=await this.refreshToken(this.credentials.refresh_token),t=e.tokens;return t.refresh_token=this.credentials.refresh_token,this.credentials=t,{credentials:this.credentials,res:e.res}}getAccessToken(e){if(e)this.getAccessTokenAsync().then(t=>e(null,t.token,t.res),e);else return this.getAccessTokenAsync()}async getAccessTokenAsync(){if(!this.credentials.access_token||this.isTokenExpiring()){if(!this.credentials.refresh_token)if(this.refreshHandler){let e=await this.processAndValidateRefreshHandler();if(e?.access_token)return this.setCredentials(e),{token:this.credentials.access_token}}else throw Error(`No refresh token or refresh handler callback is set.`);let e=await this.refreshAccessTokenAsync();if(!e.credentials||e.credentials&&!e.credentials.access_token)throw Error(`Could not refresh access token.`);return{token:e.credentials.access_token,res:e.res}}else return{token:this.credentials.access_token}}async getRequestHeaders(e){return(await this.getRequestMetadataAsync(e)).headers}async getRequestMetadataAsync(e){let t=this.credentials;if(!t.access_token&&!t.refresh_token&&!this.apiKey&&!this.refreshHandler)throw Error(`No access, refresh token, API key or refresh handler callback is set.`);if(t.access_token&&!this.isTokenExpiring()){t.token_type=t.token_type||`Bearer`;let e=new Headers({authorization:t.token_type+` `+t.access_token});return{headers:this.addSharedMetadataHeaders(e)}}if(this.refreshHandler){let e=await this.processAndValidateRefreshHandler();if(e?.access_token){this.setCredentials(e);let t=new Headers({authorization:`Bearer `+this.credentials.access_token});return{headers:this.addSharedMetadataHeaders(t)}}}if(this.apiKey)return{headers:new Headers({"X-Goog-Api-Key":this.apiKey})};let n=null,r=null;try{n=await this.refreshToken(t.refresh_token),r=n.tokens}catch(e){let t=e;throw t.response&&(t.response.status===403||t.response.status===404)&&(t.message=`Could not refresh access token: ${t.message}`),t}let i=this.credentials;i.token_type=i.token_type||`Bearer`,r.refresh_token=i.refresh_token,this.credentials=r;let a=new Headers({authorization:i.token_type+` `+r.access_token});return{headers:this.addSharedMetadataHeaders(a),res:n.res}}static getRevokeTokenUrl(t){return new e().getRevokeTokenURL(t).toString()}getRevokeTokenURL(e){let t=new URL(this.endpoints.oauth2RevokeUrl);return t.searchParams.append(`token`,e),t}revokeToken(t,n){let r={...e.RETRY_CONFIG,url:this.getRevokeTokenURL(t).toString(),method:`POST`};if(l.AuthClient.setMethodName(r,`revokeToken`),n)this.transporter.request(r).then(e=>n(null,e),n);else return this.transporter.request(r)}revokeCredentials(e){if(e)this.revokeCredentialsAsync().then(t=>e(null,t),e);else return this.revokeCredentialsAsync()}async revokeCredentialsAsync(){let e=this.credentials.access_token;if(this.credentials={},e)return this.revokeToken(e);throw Error(`No access token to revoke.`)}request(e,t){if(t)this.requestAsync(e).then(e=>t(null,e),e=>t(e,e.response));else return this.requestAsync(e)}async requestAsync(e,t=!1){try{let t=await this.getRequestMetadataAsync();return e.headers=n.Gaxios.mergeHeaders(e.headers),this.addUserProjectAndAuthHeaders(e.headers,t.headers),this.apiKey&&e.headers.set(`X-Goog-Api-Key`,this.apiKey),await this.transporter.request(e)}catch(n){let r=n.response;if(r){let n=r.status,a=this.credentials&&this.credentials.access_token&&this.credentials.refresh_token&&(!this.credentials.expiry_date||this.forceRefreshOnFailure),o=this.credentials&&this.credentials.access_token&&!this.credentials.refresh_token&&(!this.credentials.expiry_date||this.forceRefreshOnFailure)&&this.refreshHandler,s=r.config.data instanceof i.Readable,c=n===401||n===403;if(!t&&c&&!s&&a)return await this.refreshAccessTokenAsync(),this.requestAsync(e,!0);if(!t&&c&&!s&&o){let t=await this.processAndValidateRefreshHandler();return t?.access_token&&this.setCredentials(t),this.requestAsync(e,!0)}}throw n}}verifyIdToken(e,t){if(t&&typeof t!=`function`)throw Error(`This method accepts an options object as the first parameter, which includes the idToken, audience, and maxExpiry.`);if(t)this.verifyIdTokenAsync(e).then(e=>t(null,e),t);else return this.verifyIdTokenAsync(e)}async verifyIdTokenAsync(e){if(!e.idToken)throw Error(`The verifyIdToken method requires an ID Token`);let t=await this.getFederatedSignonCertsAsync();return await this.verifySignedJwtWithCertsAsync(e.idToken,t.certs,e.audience,this.issuers,e.maxExpiry)}async getTokenInfo(t){let{data:n}=await this.transporter.request({...e.RETRY_CONFIG,method:`POST`,headers:{"content-type":`application/x-www-form-urlencoded;charset=UTF-8`,authorization:`Bearer ${t}`},url:this.endpoints.tokenInfoUrl.toString()}),r=Object.assign({expiry_date:new Date().getTime()+n.expires_in*1e3,scopes:n.scope.split(` `)},n);return delete r.expires_in,delete r.scope,r}getFederatedSignonCerts(e){if(e)this.getFederatedSignonCertsAsync().then(t=>e(null,t.certs,t.res),e);else return this.getFederatedSignonCertsAsync()}async getFederatedSignonCertsAsync(){let t=new Date().getTime(),n=(0,c.hasBrowserCrypto)()?f.JWK:f.PEM;if(this.certificateExpiry&&t<this.certificateExpiry.getTime()&&this.certificateCacheFormat===n)return{certs:this.certificateCache,format:n};let r,i;switch(n){case f.PEM:i=this.endpoints.oauth2FederatedSignonPemCertsUrl.toString();break;case f.JWK:i=this.endpoints.oauth2FederatedSignonJwkCertsUrl.toString();break;default:throw Error(`Unsupported certificate format ${n}`)}try{let t={...e.RETRY_CONFIG,url:i};l.AuthClient.setMethodName(t,`getFederatedSignonCertsAsync`),r=await this.transporter.request(t)}catch(e){throw e instanceof Error&&(e.message=`Failed to retrieve verification certificates: ${e.message}`),e}let a=r?.headers.get(`cache-control`),o=-1;if(a){let e=/max-age=(?<maxAge>[0-9]+)/.exec(a)?.groups?.maxAge;e&&(o=Number(e)*1e3)}let s={};switch(n){case f.PEM:s=r.data;break;case f.JWK:for(let e of r.data.keys)s[e.kid]=e;break;default:throw Error(`Unsupported certificate format ${n}`)}let u=new Date;return this.certificateExpiry=o===-1?null:new Date(u.getTime()+o),this.certificateCache=s,this.certificateCacheFormat=n,{certs:s,format:n,res:r}}getIapPublicKeys(e){if(e)this.getIapPublicKeysAsync().then(t=>e(null,t.pubkeys,t.res),e);else return this.getIapPublicKeysAsync()}async getIapPublicKeysAsync(){let t,n=this.endpoints.oauth2IapPublicKeyUrl.toString();try{let r={...e.RETRY_CONFIG,url:n};l.AuthClient.setMethodName(r,`getIapPublicKeysAsync`),t=await this.transporter.request(r)}catch(e){throw e instanceof Error&&(e.message=`Failed to retrieve verification certificates: ${e.message}`),e}return{pubkeys:t.data,res:t}}verifySignedJwtWithCerts(){throw Error(`verifySignedJwtWithCerts is removed, please use verifySignedJwtWithCertsAsync instead.`)}async verifySignedJwtWithCertsAsync(t,n,r,i,o){let s=(0,c.createCrypto)();o||=e.DEFAULT_MAX_TOKEN_LIFETIME_SECS_;let l=t.split(`.`);if(l.length!==3)throw Error(`Wrong number of segments in token: `+t);let d=l[0]+`.`+l[1],f=l[2],p,m;try{p=JSON.parse(s.decodeBase64StringUtf8(l[0]))}catch(e){throw e instanceof Error&&(e.message=`Can't parse token envelope: ${l[0]}': ${e.message}`),e}if(!p)throw Error(`Can't parse token envelope: `+l[0]);try{m=JSON.parse(s.decodeBase64StringUtf8(l[1]))}catch(e){throw e instanceof Error&&(e.message=`Can't parse token payload '${l[0]}`),e}if(!m)throw Error(`Can't parse token payload: `+l[1]);if(!Object.prototype.hasOwnProperty.call(n,p.kid))throw Error(`No pem found for envelope: `+JSON.stringify(p));let h=n[p.kid];if(p.alg===`ES256`&&(f=a.joseToDer(f,`ES256`).toString(`base64`)),!await s.verify(h,d,f))throw Error(`Invalid token signature: `+t);if(!m.iat)throw Error(`No issue time in token: `+JSON.stringify(m));if(!m.exp)throw Error(`No expiration time in token: `+JSON.stringify(m));let g=Number(m.iat);if(isNaN(g))throw Error(`iat field using invalid format`);let _=Number(m.exp);if(isNaN(_))throw Error(`exp field using invalid format`);let v=new Date().getTime()/1e3;if(_>=v+o)throw Error(`Expiration time too far in future: `+JSON.stringify(m));let y=g-e.CLOCK_SKEW_SECS_,b=_+e.CLOCK_SKEW_SECS_;if(v<y)throw Error(`Token used too early, `+v+` < `+y+`: `+JSON.stringify(m));if(v>b)throw Error(`Token used too late, `+v+` > `+b+`: `+JSON.stringify(m));if(i&&i.indexOf(m.iss)<0)throw Error(`Invalid issuer, expected one of [`+i+`], but got `+m.iss);if(r!=null){let e=m.aud,t=!1;if(t=r.constructor===Array?r.indexOf(e)>-1:e===r,!t)throw Error(`Wrong recipient, payload audience != requiredAudience`)}return new u.LoginTicket(p,m)}async processAndValidateRefreshHandler(){if(this.refreshHandler){let e=await this.refreshHandler();if(!e.access_token)throw Error(`No access token is returned by the refreshHandler callback.`);return e}}isTokenExpiring(){let e=this.credentials.expiry_date;return e?e<=new Date().getTime()+this.eagerRefreshThresholdMillis:!1}}})),ue=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.Compute=void 0;let t=D(),n=A(),r=le();e.Compute=class extends r.OAuth2Client{serviceAccountEmail;scopes;constructor(e={}){super(e),this.credentials={expiry_date:1,refresh_token:`compute-placeholder`},this.serviceAccountEmail=e.serviceAccountEmail||`default`,this.scopes=Array.isArray(e.scopes)?e.scopes:e.scopes?[e.scopes]:[]}async refreshTokenNoCache(){let e=`service-accounts/${this.serviceAccountEmail}/token`,r;try{let t={property:e};this.scopes.length>0&&(t.params={scopes:this.scopes.join(`,`)}),r=await n.instance(t)}catch(e){throw e instanceof t.GaxiosError&&(e.message=`Could not refresh access token: ${e.message}`,this.wrapError(e)),e}let i=r;return r&&r.expires_in&&(i.expiry_date=new Date().getTime()+r.expires_in*1e3,delete i.expires_in),this.emit(`tokens`,i),{tokens:i,res:null}}async fetchIdToken(e){let t=`service-accounts/${this.serviceAccountEmail}/identity?format=full&audience=${e}`,r;try{let e={property:t};r=await n.instance(e)}catch(e){throw e instanceof Error&&(e.message=`Could not fetch ID token: ${e.message}`),e}return r}wrapError(e){let t=e.response;t&&t.status&&(e.status=t.status,t.status===403?e.message=`A Forbidden error was returned while attempting to retrieve an access token for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have the correct permission scopes specified: `+e.message:t.status===404&&(e.message=`A Not Found error was returned while attempting to retrieve an accesstoken for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have any permission scopes specified: `+e.message))}}})),de=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.IdTokenClient=void 0;let t=le();e.IdTokenClient=class extends t.OAuth2Client{targetAudience;idTokenProvider;constructor(e){super(e),this.targetAudience=e.targetAudience,this.idTokenProvider=e.idTokenProvider}async getRequestMetadataAsync(){if(!this.credentials.id_token||!this.credentials.expiry_date||this.isTokenExpiring()){let e=await this.idTokenProvider.fetchIdToken(this.targetAudience);this.credentials={id_token:e,expiry_date:this.getIdTokenExpiryDate(e)}}return{headers:new Headers({authorization:`Bearer `+this.credentials.id_token})}}getIdTokenExpiryDate(e){let t=e.split(`.`)[1];if(t)return JSON.parse(Buffer.from(t,`base64`).toString(`ascii`)).exp*1e3}}})),fe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.GCPEnv=void 0,e.clear=i,e.getEnv=a;let t=A();var n;(function(e){e.APP_ENGINE=`APP_ENGINE`,e.KUBERNETES_ENGINE=`KUBERNETES_ENGINE`,e.CLOUD_FUNCTIONS=`CLOUD_FUNCTIONS`,e.COMPUTE_ENGINE=`COMPUTE_ENGINE`,e.CLOUD_RUN=`CLOUD_RUN`,e.CLOUD_RUN_JOBS=`CLOUD_RUN_JOBS`,e.NONE=`NONE`})(n||(e.GCPEnv=n={}));let r;function i(){r=void 0}async function a(){return r||(r=o(),r)}async function o(){let e=n.NONE;return e=s()?n.APP_ENGINE:c()?n.CLOUD_FUNCTIONS:await f()?await d()?n.KUBERNETES_ENGINE:l()?n.CLOUD_RUN:u()?n.CLOUD_RUN_JOBS:n.COMPUTE_ENGINE:n.NONE,e}function s(){return!!(process.env.GAE_SERVICE||process.env.GAE_MODULE_NAME)}function c(){return!!(process.env.FUNCTION_NAME||process.env.FUNCTION_TARGET)}function l(){return!!process.env.K_CONFIGURATION}function u(){return!!process.env.CLOUD_RUN_JOB}async function d(){try{return await t.instance(`attributes/cluster-name`),!0}catch{return!1}}async function f(){return t.isAvailable()}})),pe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.buildPayloadForJwsSign=n,e.getJwsSign=r;let t=l();function n(e){let t=Math.floor(new Date().getTime()/1e3);return{iss:e.iss,scope:e.scope,aud:`https://oauth2.googleapis.com/token`,exp:t+3600,iat:t,sub:e.sub,...e.additionalClaims}}function r(e){let r=n(e);return(0,t.sign)({header:{alg:`RS256`},payload:r,secret:e.key})}})),me=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.getToken=r;let t=pe(),n=e=>({method:`POST`,url:`https://oauth2.googleapis.com/token`,data:new URLSearchParams({grant_type:`urn:ietf:params:oauth:grant-type:jwt-bearer`,assertion:(0,t.getJwsSign)(e)}),responseType:`json`,retryConfig:{httpMethodsToRetry:[`POST`]}});async function r(e){if(!e.transporter)throw Error(`No transporter set.`);try{let t=n(e);return(await e.transporter.request(t)).data}catch(e){let t=e,n=t.response?.data;throw n?.error&&(t.message=`${n.error}: ${n.error_description}`),t}}})),he=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.ErrorWithCode=void 0,e.ErrorWithCode=class extends Error{code;constructor(e,t){super(e),this.code=t}}})),ge=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.getCredentials=f;let n=t(`path`),r=t(`fs`),i=t(`util`),a=he(),o=r.readFile?(0,i.promisify)(r.readFile):async()=>{throw new a.ErrorWithCode(`use key rather than keyFile.`,`MISSING_CREDENTIALS`)};var s;(function(e){e.JSON=`.json`,e.DER=`.der`,e.CRT=`.crt`,e.PEM=`.pem`,e.P12=`.p12`,e.PFX=`.pfx`})(s||={});var c=class{keyFilePath;constructor(e){this.keyFilePath=e}async getCredentials(){let e=await o(this.keyFilePath,`utf8`),t;try{t=JSON.parse(e)}catch(e){throw Error(`Invalid JSON key file: ${e.message}`)}let n=t.private_key,r=t.client_email;if(!n||!r)throw new a.ErrorWithCode(`private_key and client_email are required.`,`MISSING_CREDENTIALS`);return{privateKey:n,clientEmail:r}}},l=class{keyFilePath;constructor(e){this.keyFilePath=e}async getCredentials(){return{privateKey:await o(this.keyFilePath,`utf8`)}}},u=class{async getCredentials(){throw new a.ErrorWithCode(`*.p12 certificates are not supported after v6.1.2. Consider utilizing *.json format or converting *.p12 to *.pem using the OpenSSL CLI.`,`UNKNOWN_CERTIFICATE_TYPE`)}},d=class{static create(e){switch(n.extname(e)){case s.JSON:return new c(e);case s.DER:case s.CRT:case s.PEM:return new l(e);case s.P12:case s.PFX:return new u;default:throw new a.ErrorWithCode(`Unknown certificate type. Type is determined based on file extension. Current supported extensions are *.json, and *.pem.`,`UNKNOWN_CERTIFICATE_TYPE`)}}};async function f(e){return d.create(e).getCredentials()}})),_e=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.TokenHandler=void 0;let t=me(),n=ge();e.TokenHandler=class{token;tokenExpiresAt;inFlightRequest;tokenOptions;constructor(e){this.tokenOptions=e}async processCredentials(){if(!this.tokenOptions.key&&!this.tokenOptions.keyFile)throw Error(`No key or keyFile set.`);if(!this.tokenOptions.key&&this.tokenOptions.keyFile){let e=await(0,n.getCredentials)(this.tokenOptions.keyFile);this.tokenOptions.key=e.privateKey,this.tokenOptions.email=e.clientEmail}}isTokenExpiring(){if(!this.token||!this.tokenExpiresAt)return!0;let e=new Date().getTime(),t=this.tokenOptions.eagerRefreshThresholdMillis??0;return this.tokenExpiresAt<=e+t}hasExpired(){return new Date().getTime(),this.token&&this.tokenExpiresAt?new Date().getTime()>=this.tokenExpiresAt:!0}async getToken(e){if(await this.processCredentials(),this.inFlightRequest&&!e)return this.inFlightRequest;if(this.token&&!this.isTokenExpiring()&&!e)return this.token;try{this.inFlightRequest=(0,t.getToken)(this.tokenOptions);let e=await this.inFlightRequest;return this.token=e,this.tokenExpiresAt=new Date().getTime()+(e.expires_in??0)*1e3,e}finally{this.inFlightRequest=void 0}}}})),ve=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.revokeToken=t;async function t(e,t){let n=`https://oauth2.googleapis.com/revoke?token=`+e;return await t.request({url:n,retry:!0})}})),ye=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.GoogleToken=void 0;let t=D(),n=_e(),r=ve();e.GoogleToken=class{tokenOptions;tokenHandler;constructor(e){this.tokenOptions=e||{},this.tokenOptions.transporter=this.tokenOptions.transporter||{request:e=>(0,t.request)(e)},this.tokenOptions.iss||(this.tokenOptions.iss=this.tokenOptions.email),typeof this.tokenOptions.scope==`object`&&(this.tokenOptions.scope=this.tokenOptions.scope.join(` `)),this.tokenHandler=new n.TokenHandler(this.tokenOptions)}get expiresAt(){return this.tokenHandler.tokenExpiresAt}get accessToken(){return this.tokenHandler.token?.access_token}get idToken(){return this.tokenHandler.token?.id_token}get tokenType(){return this.tokenHandler.token?.token_type}get refreshToken(){return this.tokenHandler.token?.refresh_token}hasExpired(){return this.tokenHandler.hasExpired()}isTokenExpiring(){return this.tokenHandler.isTokenExpiring()}getToken(e,t={forceRefresh:!1}){let n;typeof e==`function`?n=e:typeof e==`object`&&(t=e);let r=this.tokenHandler.getToken(t.forceRefresh??!1);return n&&r.then(e=>n(null,e),n),r}revokeToken(e){if(!this.accessToken)return Promise.reject(Error(`No token to revoke.`));let t=(0,r.revokeToken)(this.accessToken,this.tokenOptions.transporter);e&&t.then(()=>e(),e),this.tokenHandler=new n.TokenHandler(this.tokenOptions)}get googleTokenOptions(){return this.tokenOptions}}})),be=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.JWTAccess=void 0;let t=l(),n=j(),r={alg:`RS256`,typ:`JWT`};e.JWTAccess=class e{email;key;keyId;projectId;eagerRefreshThresholdMillis;cache=new n.LRUCache({capacity:500,maxAge:3600*1e3});constructor(e,t,n,r){this.email=e,this.key=t,this.keyId=n,this.eagerRefreshThresholdMillis=r??300*1e3}getCachedKey(e,t){let n=e;if(t&&Array.isArray(t)&&t.length?n=e?`${e}_${t.join(`_`)}`:`${t.join(`_`)}`:typeof t==`string`&&(n=e?`${e}_${t}`:t),!n)throw Error(`Scopes or url must be provided`);return n}getRequestHeaders(n,i,a){let o=this.getCachedKey(n,a),s=this.cache.get(o),c=Date.now();if(s&&s.expiration-c>this.eagerRefreshThresholdMillis)return new Headers(s.headers);let l=Math.floor(Date.now()/1e3),u=e.getExpirationTime(l),d;if(Array.isArray(a)&&(a=a.join(` `)),d=a?{iss:this.email,sub:this.email,scope:a,exp:u,iat:l}:{iss:this.email,sub:this.email,aud:n,exp:u,iat:l},i){for(let e in d)if(i[e])throw Error(`The '${e}' property is not allowed when passing additionalClaims. This claim is included in the JWT by default.`)}let f=this.keyId?{...r,kid:this.keyId}:r,p=Object.assign(d,i),m=t.sign({header:f,payload:p,secret:this.key}),h=new Headers({authorization:`Bearer ${m}`});return this.cache.set(o,{expiration:u*1e3,headers:h}),h}static getExpirationTime(e){return e+3600}fromJSON(e){if(!e)throw Error(`Must pass in a JSON object containing the service account auth settings.`);if(!e.client_email)throw Error(`The incoming JSON object does not contain a client_email field`);if(!e.private_key)throw Error(`The incoming JSON object does not contain a private_key field`);this.email=e.client_email,this.key=e.private_key,this.keyId=e.private_key_id,this.projectId=e.project_id}fromStream(e,t){if(t)this.fromStreamAsync(e).then(()=>t(),t);else return this.fromStreamAsync(e)}fromStreamAsync(e){return new Promise((t,n)=>{e||n(Error(`Must pass in a stream containing the service account auth settings.`));let r=``;e.setEncoding(`utf8`).on(`data`,e=>r+=e).on(`error`,n).on(`end`,()=>{try{let e=JSON.parse(r);this.fromJSON(e),t()}catch(e){n(e)}})})}}})),xe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.JWT=void 0;let t=ye(),n=ge(),r=be(),i=le(),a=M();e.JWT=class e extends i.OAuth2Client{email;keyFile;key;keyId;defaultScopes;scopes;scope;subject;gtoken;additionalClaims;useJWTAccessWithScope;defaultServicePath;access;constructor(e={}){super(e),this.email=e.email,this.keyFile=e.keyFile,this.key=e.key,this.keyId=e.keyId,this.scopes=e.scopes,this.subject=e.subject,this.additionalClaims=e.additionalClaims,this.credentials={refresh_token:`jwt-placeholder`,expiry_date:1}}createScoped(t){let n=new e(this);return n.scopes=t,n}async getRequestMetadataAsync(e){e=this.defaultServicePath?`https://${this.defaultServicePath}/`:e;let t=!this.hasUserScopes()&&e||this.useJWTAccessWithScope&&this.hasAnyScopes()||this.universeDomain!==a.DEFAULT_UNIVERSE;if(this.subject&&this.universeDomain!==a.DEFAULT_UNIVERSE)throw RangeError(`Service Account user is configured for the credential. Domain-wide delegation is not supported in universes other than ${a.DEFAULT_UNIVERSE}`);if(!this.apiKey&&t)if(this.additionalClaims&&this.additionalClaims.target_audience){let{tokens:e}=await this.refreshToken();return{headers:this.addSharedMetadataHeaders(new Headers({authorization:`Bearer ${e.id_token}`}))}}else{this.access||=new r.JWTAccess(this.email,this.key,this.keyId,this.eagerRefreshThresholdMillis);let t;this.hasUserScopes()?t=this.scopes:e||(t=this.defaultScopes);let n=this.useJWTAccessWithScope||this.universeDomain!==a.DEFAULT_UNIVERSE,i=await this.access.getRequestHeaders(e??void 0,this.additionalClaims,n?t:void 0);return{headers:this.addSharedMetadataHeaders(i)}}else if(this.hasAnyScopes()||this.apiKey)return super.getRequestMetadataAsync(e);else return{headers:new Headers}}async fetchIdToken(e){let n=new t.GoogleToken({iss:this.email,sub:this.subject,scope:this.scopes||this.defaultScopes,keyFile:this.keyFile,key:this.key,additionalClaims:{target_audience:e},transporter:this.transporter});if(await n.getToken({forceRefresh:!0}),!n.idToken)throw Error(`Unknown error: Failed to fetch ID token`);return n.idToken}hasUserScopes(){return this.scopes?this.scopes.length>0:!1}hasAnyScopes(){return!!(this.scopes&&this.scopes.length>0||this.defaultScopes&&this.defaultScopes.length>0)}authorize(e){if(e)this.authorizeAsync().then(t=>e(null,t),e);else return this.authorizeAsync()}async authorizeAsync(){let e=await this.refreshToken();if(!e)throw Error(`No result returned`);return this.credentials=e.tokens,this.credentials.refresh_token=`jwt-placeholder`,this.key=this.gtoken.googleTokenOptions?.key,this.email=this.gtoken.googleTokenOptions?.iss,e.tokens}async refreshTokenNoCache(){let e=this.createGToken(),t={access_token:(await e.getToken({forceRefresh:this.isTokenExpiring()})).access_token,token_type:`Bearer`,expiry_date:e.expiresAt,id_token:e.idToken};return this.emit(`tokens`,t),{res:null,tokens:t}}createGToken(){return this.gtoken||=new t.GoogleToken({iss:this.email,sub:this.subject,scope:this.scopes||this.defaultScopes,keyFile:this.keyFile,key:this.key,additionalClaims:this.additionalClaims,transporter:this.transporter}),this.gtoken}fromJSON(e){if(!e)throw Error(`Must pass in a JSON object containing the service account auth settings.`);if(!e.client_email)throw Error(`The incoming JSON object does not contain a client_email field`);if(!e.private_key)throw Error(`The incoming JSON object does not contain a private_key field`);this.email=e.client_email,this.key=e.private_key,this.keyId=e.private_key_id,this.projectId=e.project_id,this.quotaProjectId=e.quota_project_id,this.universeDomain=e.universe_domain||this.universeDomain}fromStream(e,t){if(t)this.fromStreamAsync(e).then(()=>t(),t);else return this.fromStreamAsync(e)}fromStreamAsync(e){return new Promise((t,n)=>{if(!e)throw Error(`Must pass in a stream containing the service account auth settings.`);let r=``;e.setEncoding(`utf8`).on(`error`,n).on(`data`,e=>r+=e).on(`end`,()=>{try{let e=JSON.parse(r);this.fromJSON(e),t()}catch(e){n(e)}})})}fromAPIKey(e){if(typeof e!=`string`)throw Error(`Must provide an API Key string.`);this.apiKey=e}async getCredentials(){if(this.key)return{private_key:this.key,client_email:this.email};if(this.keyFile){this.createGToken();let e=await(0,n.getCredentials)(this.keyFile);return{private_key:e.privateKey,client_email:e.clientEmail}}throw Error(`A key or a keyFile must be provided to getCredentials.`)}}})),Se=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.UserRefreshClient=e.USER_REFRESH_ACCOUNT_TYPE=void 0;let t=le(),n=M();e.USER_REFRESH_ACCOUNT_TYPE=`authorized_user`,e.UserRefreshClient=class e extends t.OAuth2Client{_refreshToken;constructor(e,t,n,r,i){let a=e&&typeof e==`object`?e:{clientId:e,clientSecret:t,refreshToken:n,eagerRefreshThresholdMillis:r,forceRefreshOnFailure:i};super(a),this._refreshToken=a.refreshToken,this.credentials.refresh_token=a.refreshToken}async refreshTokenNoCache(){return super.refreshTokenNoCache(this._refreshToken)}async fetchIdToken(t){let r={...e.RETRY_CONFIG,url:this.endpoints.oauth2TokenUrl,method:`POST`,data:new URLSearchParams({client_id:this._clientId,client_secret:this._clientSecret,grant_type:`refresh_token`,refresh_token:this._refreshToken,target_audience:t}),responseType:`json`};return n.AuthClient.setMethodName(r,`fetchIdToken`),(await this.transporter.request(r)).data.id_token}fromJSON(e){if(!e)throw Error(`Must pass in a JSON object containing the user refresh token`);if(e.type!==`authorized_user`)throw Error(`The incoming JSON object does not have the "authorized_user" type`);if(!e.client_id)throw Error(`The incoming JSON object does not contain a client_id field`);if(!e.client_secret)throw Error(`The incoming JSON object does not contain a client_secret field`);if(!e.refresh_token)throw Error(`The incoming JSON object does not contain a refresh_token field`);this._clientId=e.client_id,this._clientSecret=e.client_secret,this._refreshToken=e.refresh_token,this.credentials.refresh_token=e.refresh_token,this.quotaProjectId=e.quota_project_id,this.universeDomain=e.universe_domain||this.universeDomain}fromStream(e,t){if(t)this.fromStreamAsync(e).then(()=>t(),t);else return this.fromStreamAsync(e)}async fromStreamAsync(e){return new Promise((t,n)=>{if(!e)return n(Error(`Must pass in a stream containing the user refresh token.`));let r=``;e.setEncoding(`utf8`).on(`error`,n).on(`data`,e=>r+=e).on(`end`,()=>{try{let e=JSON.parse(r);return this.fromJSON(e),t()}catch(e){return n(e)}})})}static fromJSON(t){let n=new e;return n.fromJSON(t),n}}})),Ce=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.Impersonated=e.IMPERSONATED_ACCOUNT_TYPE=void 0;let t=le(),n=D(),r=j();e.IMPERSONATED_ACCOUNT_TYPE=`impersonated_service_account`,e.Impersonated=class e extends t.OAuth2Client{sourceClient;targetPrincipal;targetScopes;delegates;lifetime;endpoint;constructor(e={}){if(super(e),this.credentials={expiry_date:1,refresh_token:`impersonated-placeholder`},this.sourceClient=e.sourceClient??new t.OAuth2Client,this.targetPrincipal=e.targetPrincipal??``,this.delegates=e.delegates??[],this.targetScopes=e.targetScopes??[],this.lifetime=e.lifetime??3600,!(0,r.originalOrCamelOptions)(e).get(`universe_domain`))this.universeDomain=this.sourceClient.universeDomain;else if(this.sourceClient.universeDomain!==this.universeDomain)throw RangeError(`Universe domain ${this.sourceClient.universeDomain} in source credentials does not match ${this.universeDomain} universe domain set for impersonated credentials.`);this.endpoint=e.endpoint??`https://iamcredentials.${this.universeDomain}`}async sign(t){await this.sourceClient.getAccessToken();let n=`projects/-/serviceAccounts/${this.targetPrincipal}`,r=`${this.endpoint}/v1/${n}:signBlob`,i={delegates:this.delegates,payload:Buffer.from(t).toString(`base64`)};return(await this.sourceClient.request({...e.RETRY_CONFIG,url:r,data:i,method:`POST`})).data}getTargetPrincipal(){return this.targetPrincipal}async refreshToken(){try{await this.sourceClient.getAccessToken();let t=`projects/-/serviceAccounts/`+this.targetPrincipal,n=`${this.endpoint}/v1/${t}:generateAccessToken`,r={delegates:this.delegates,scope:this.targetScopes,lifetime:this.lifetime+`s`},i=await this.sourceClient.request({...e.RETRY_CONFIG,url:n,data:r,method:`POST`}),a=i.data;return this.credentials.access_token=a.accessToken,this.credentials.expiry_date=Date.parse(a.expireTime),{tokens:this.credentials,res:i}}catch(e){if(!(e instanceof Error))throw e;let t=0,r=``;throw e instanceof n.GaxiosError&&(t=e?.response?.data?.error?.status,r=e?.response?.data?.error?.message),t&&r?(e.message=`${t}: unable to impersonate: ${r}`,e):(e.message=`unable to impersonate: ${e}`,e)}}async fetchIdToken(t,n){await this.sourceClient.getAccessToken();let r=`projects/-/serviceAccounts/${this.targetPrincipal}`,i=`${this.endpoint}/v1/${r}:generateIdToken`,a={delegates:this.delegates,audience:t,includeEmail:n?.includeEmail??!0,useEmailAzp:n?.includeEmail??!0};return(await this.sourceClient.request({...e.RETRY_CONFIG,url:i,data:a,method:`POST`})).data.token}}})),we=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.OAuthClientAuthHandler=void 0,e.getErrorFromOAuthErrorResponse=i;let t=D(),n=ae(),r=[`PUT`,`POST`,`PATCH`];e.OAuthClientAuthHandler=class{#e=(0,n.createCrypto)();#t;transporter;constructor(e){e&&`clientId`in e?(this.#t=e,this.transporter=new t.Gaxios):(this.#t=e?.clientAuthentication,this.transporter=e?.transporter||new t.Gaxios)}applyClientAuthenticationOptions(e,n){e.headers=t.Gaxios.mergeHeaders(e.headers),this.injectAuthenticatedHeaders(e,n),n||this.injectAuthenticatedRequestBody(e)}injectAuthenticatedHeaders(e,n){if(n)e.headers=t.Gaxios.mergeHeaders(e.headers,{authorization:`Bearer ${n}`});else if(this.#t?.confidentialClientType===`basic`){e.headers=t.Gaxios.mergeHeaders(e.headers);let n=this.#t.clientId,r=this.#t.clientSecret||``,i=this.#e.encodeBase64StringUtf8(`${n}:${r}`);t.Gaxios.mergeHeaders(e.headers,{authorization:`Basic ${i}`})}}injectAuthenticatedRequestBody(e){if(this.#t?.confidentialClientType===`request-body`){let t=(e.method||`GET`).toUpperCase();if(!r.includes(t))throw Error(`${t} HTTP method does not support ${this.#t.confidentialClientType} client authentication`);let n=new Headers(e.headers).get(`content-type`);if(n?.startsWith(`application/x-www-form-urlencoded`)||e.data instanceof URLSearchParams){let t=new URLSearchParams(e.data??``);t.append(`client_id`,this.#t.clientId),t.append(`client_secret`,this.#t.clientSecret||``),e.data=t}else if(n?.startsWith(`application/json`))e.data=e.data||{},Object.assign(e.data,{client_id:this.#t.clientId,client_secret:this.#t.clientSecret||``});else throw Error(`${n} content-types are not supported with ${this.#t.confidentialClientType} client authentication`)}}static get RETRY_CONFIG(){return{retry:!0,retryConfig:{httpMethodsToRetry:[`GET`,`PUT`,`POST`,`HEAD`,`OPTIONS`,`DELETE`]}}}};function i(e,t){let n=e.error,r=e.error_description,i=e.error_uri,a=`Error code ${n}`;r!==void 0&&(a+=`: ${r}`),i!==void 0&&(a+=` - ${i}`);let o=Error(a);if(t){let e=Object.keys(t);t.stack&&e.push(`stack`),e.forEach(e=>{e!==`message`&&Object.defineProperty(o,e,{value:t[e],writable:!1,enumerable:!0})})}return o}})),Te=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.StsCredentials=void 0;let t=D(),n=M(),r=we(),i=j();e.StsCredentials=class e extends r.OAuthClientAuthHandler{#e;constructor(e={tokenExchangeEndpoint:``},t){(typeof e!=`object`||e instanceof URL)&&(e={tokenExchangeEndpoint:e,clientAuthentication:t}),super(e),this.#e=e.tokenExchangeEndpoint}async exchangeToken(a,o,s){let c={grant_type:a.grantType,resource:a.resource,audience:a.audience,scope:a.scope?.join(` `),requested_token_type:a.requestedTokenType,subject_token:a.subjectToken,subject_token_type:a.subjectTokenType,actor_token:a.actingParty?.actorToken,actor_token_type:a.actingParty?.actorTokenType,options:s&&JSON.stringify(s)},l={...e.RETRY_CONFIG,url:this.#e.toString(),method:`POST`,headers:o,data:new URLSearchParams((0,i.removeUndefinedValuesInObject)(c)),responseType:`json`};n.AuthClient.setMethodName(l,`exchangeToken`),this.applyClientAuthenticationOptions(l);try{let e=await this.transporter.request(l),t=e.data;return t.res=e,t}catch(e){throw e instanceof t.GaxiosError&&e.response?(0,r.getErrorFromOAuthErrorResponse)(e.response.data,e):e}}}})),Ee=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.BaseExternalAccountClient=e.CLOUD_RESOURCE_MANAGER=e.EXTERNAL_ACCOUNT_TYPE=e.EXPIRATION_TIME_OFFSET=void 0;let n=D(),r=t(`stream`),i=M(),a=Te(),o=j(),s=se(),c=`https://www.googleapis.com/auth/cloud-platform`;e.EXPIRATION_TIME_OFFSET=300*1e3,e.EXTERNAL_ACCOUNT_TYPE=`external_account`,e.CLOUD_RESOURCE_MANAGER=`https://cloudresourcemanager.googleapis.com/v1/projects/`,e.BaseExternalAccountClient=class t extends i.AuthClient{scopes;projectNumber;audience;subjectTokenType;stsCredential;clientAuth;credentialSourceType;cachedAccessToken;serviceAccountImpersonationUrl;serviceAccountImpersonationLifetime;workforcePoolUserProject;configLifetimeRequested;tokenUrl;cloudResourceManagerURL;supplierContext;#e=null;constructor(t){super(t);let n=(0,o.originalOrCamelOptions)(t),r=n.get(`type`);if(r&&r!==e.EXTERNAL_ACCOUNT_TYPE)throw Error(`Expected "${e.EXTERNAL_ACCOUNT_TYPE}" type but received "${t.type}"`);let i=n.get(`client_id`),s=n.get(`client_secret`);this.tokenUrl=n.get(`token_url`)??`https://sts.{universeDomain}/v1/token`.replace(`{universeDomain}`,this.universeDomain);let l=n.get(`subject_token_type`),u=n.get(`workforce_pool_user_project`),d=n.get(`service_account_impersonation_url`),f=n.get(`service_account_impersonation`),p=(0,o.originalOrCamelOptions)(f).get(`token_lifetime_seconds`);this.cloudResourceManagerURL=new URL(n.get(`cloud_resource_manager_url`)||`https://cloudresourcemanager.${this.universeDomain}/v1/projects/`),i&&(this.clientAuth={confidentialClientType:`basic`,clientId:i,clientSecret:s}),this.stsCredential=new a.StsCredentials({tokenExchangeEndpoint:this.tokenUrl,clientAuthentication:this.clientAuth}),this.scopes=n.get(`scopes`)||[c],this.cachedAccessToken=null,this.audience=n.get(`audience`),this.subjectTokenType=l,this.workforcePoolUserProject=u;let m=RegExp(`//iam\\.googleapis\\.com/locations/[^/]+/workforcePools/[^/]+/providers/.+`);if(this.workforcePoolUserProject&&!this.audience.match(m))throw Error(`workforcePoolUserProject should not be set for non-workforce pool credentials.`);this.serviceAccountImpersonationUrl=d,this.serviceAccountImpersonationLifetime=p,this.serviceAccountImpersonationLifetime?this.configLifetimeRequested=!0:(this.configLifetimeRequested=!1,this.serviceAccountImpersonationLifetime=3600),this.projectNumber=this.getProjectNumber(this.audience),this.supplierContext={audience:this.audience,subjectTokenType:this.subjectTokenType,transporter:this.transporter}}getServiceAccountEmail(){if(this.serviceAccountImpersonationUrl){if(this.serviceAccountImpersonationUrl.length>256)throw RangeError(`URL is too long: ${this.serviceAccountImpersonationUrl}`);return/serviceAccounts\/(?<email>[^:]+):generateAccessToken$/.exec(this.serviceAccountImpersonationUrl)?.groups?.email||null}return null}setCredentials(e){super.setCredentials(e),this.cachedAccessToken=e}async getAccessToken(){return(!this.cachedAccessToken||this.isExpired(this.cachedAccessToken))&&await this.refreshAccessTokenAsync(),{token:this.cachedAccessToken.access_token,res:this.cachedAccessToken.res}}async getRequestHeaders(){let e=await this.getAccessToken(),t=new Headers({authorization:`Bearer ${e.token}`});return this.addSharedMetadataHeaders(t)}request(e,t){if(t)this.requestAsync(e).then(e=>t(null,e),e=>t(e,e.response));else return this.requestAsync(e)}async getProjectId(){let e=this.projectNumber||this.workforcePoolUserProject;if(this.projectId)return this.projectId;if(e){let n=await this.getRequestHeaders(),r={...t.RETRY_CONFIG,headers:n,url:`${this.cloudResourceManagerURL.toString()}${e}`,responseType:`json`};i.AuthClient.setMethodName(r,`getProjectId`);let a=await this.transporter.request(r);return this.projectId=a.data.projectId,this.projectId}return null}async requestAsync(e,t=!1){let i;try{let t=await this.getRequestHeaders();e.headers=n.Gaxios.mergeHeaders(e.headers),this.addUserProjectAndAuthHeaders(e.headers,t),i=await this.transporter.request(e)}catch(n){let i=n.response;if(i){let n=i.status,a=i.config.data instanceof r.Readable;if(!t&&(n===401||n===403)&&!a&&this.forceRefreshOnFailure)return await this.refreshAccessTokenAsync(),await this.requestAsync(e,!0)}throw n}return i}async refreshAccessTokenAsync(){this.#e=this.#e||this.#t();try{return await this.#e}finally{this.#e=null}}async#t(){let e=await this.retrieveSubjectToken(),t={grantType:`urn:ietf:params:oauth:grant-type:token-exchange`,audience:this.audience,requestedTokenType:`urn:ietf:params:oauth:token-type:access_token`,subjectToken:e,subjectTokenType:this.subjectTokenType,scope:this.serviceAccountImpersonationUrl?[c]:this.getScopesArray()},n=!this.clientAuth&&this.workforcePoolUserProject?{userProject:this.workforcePoolUserProject}:void 0,r=new Headers({"x-goog-api-client":this.getMetricsHeaderValue()}),i=await this.stsCredential.exchangeToken(t,r,n);return this.serviceAccountImpersonationUrl?this.cachedAccessToken=await this.getImpersonatedAccessToken(i.access_token):i.expires_in?this.cachedAccessToken={access_token:i.access_token,expiry_date:new Date().getTime()+i.expires_in*1e3,res:i.res}:this.cachedAccessToken={access_token:i.access_token,res:i.res},this.credentials={},Object.assign(this.credentials,this.cachedAccessToken),delete this.credentials.res,this.emit(`tokens`,{refresh_token:null,expiry_date:this.cachedAccessToken.expiry_date,access_token:this.cachedAccessToken.access_token,token_type:`Bearer`,id_token:null}),this.cachedAccessToken}getProjectNumber(e){let t=e.match(/\/projects\/([^/]+)/);return t?t[1]:null}async getImpersonatedAccessToken(e){let n={...t.RETRY_CONFIG,url:this.serviceAccountImpersonationUrl,method:`POST`,headers:{"content-type":`application/json`,authorization:`Bearer ${e}`},data:{scope:this.getScopesArray(),lifetime:this.serviceAccountImpersonationLifetime+`s`},responseType:`json`};i.AuthClient.setMethodName(n,`getImpersonatedAccessToken`);let r=await this.transporter.request(n),a=r.data;return{access_token:a.accessToken,expiry_date:new Date(a.expireTime).getTime(),res:r}}isExpired(e){let t=new Date().getTime();return e.expiry_date?t>=e.expiry_date-this.eagerRefreshThresholdMillis:!1}getScopesArray(){return typeof this.scopes==`string`?[this.scopes]:this.scopes||[c]}getMetricsHeaderValue(){let e=process.version.replace(/^v/,``),t=this.serviceAccountImpersonationUrl!==void 0,n=this.credentialSourceType?this.credentialSourceType:`unknown`;return`gl-node/${e} auth/${s.pkg.version} google-byoid-sdk source/${n} sa-impersonation/${t} config-lifetime/${this.configLifetimeRequested}`}getTokenUrl(){return this.tokenUrl}}})),De=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.FileSubjectTokenSupplier=void 0;let n=t(`util`),r=t(`fs`),i=(0,n.promisify)(r.readFile??(()=>{})),a=(0,n.promisify)(r.realpath??(()=>{})),o=(0,n.promisify)(r.lstat??(()=>{}));e.FileSubjectTokenSupplier=class{filePath;formatType;subjectTokenFieldName;constructor(e){this.filePath=e.filePath,this.formatType=e.formatType,this.subjectTokenFieldName=e.subjectTokenFieldName}async getSubjectToken(){let e=this.filePath;try{if(e=await a(e),!(await o(e)).isFile())throw Error()}catch(t){throw t instanceof Error&&(t.message=`The file at ${e} does not exist, or it is not a file. ${t.message}`),t}let t,n=await i(e,{encoding:`utf8`});if(this.formatType===`text`?t=n:this.formatType===`json`&&this.subjectTokenFieldName&&(t=JSON.parse(n)[this.subjectTokenFieldName]),!t)throw Error(`Unable to parse the subject_token from the credential_source file`);return t}}})),Oe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.UrlSubjectTokenSupplier=void 0;let t=M();e.UrlSubjectTokenSupplier=class{url;headers;formatType;subjectTokenFieldName;additionalGaxiosOptions;constructor(e){this.url=e.url,this.formatType=e.formatType,this.subjectTokenFieldName=e.subjectTokenFieldName,this.headers=e.headers,this.additionalGaxiosOptions=e.additionalGaxiosOptions}async getSubjectToken(e){let n={...this.additionalGaxiosOptions,url:this.url,method:`GET`,headers:this.headers,responseType:this.formatType};t.AuthClient.setMethodName(n,`getSubjectToken`);let r;if(this.formatType===`text`?r=(await e.transporter.request(n)).data:this.formatType===`json`&&this.subjectTokenFieldName&&(r=(await e.transporter.request(n)).data[this.subjectTokenFieldName]),!r)throw Error(`Unable to parse the subject_token from the credential_source URL`);return r}}})),ke=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.CertificateSubjectTokenSupplier=e.InvalidConfigurationError=e.CertificateSourceUnavailableError=e.CERTIFICATE_CONFIGURATION_ENV_VARIABLE=void 0;let n=j(),r=t(`fs`),i=t(`crypto`),a=t(`https`);e.CERTIFICATE_CONFIGURATION_ENV_VARIABLE=`GOOGLE_API_CERTIFICATE_CONFIG`;var o=class extends Error{constructor(e){super(e),this.name=`CertificateSourceUnavailableError`}};e.CertificateSourceUnavailableError=o;var s=class extends Error{constructor(e){super(e),this.name=`InvalidConfigurationError`}};e.InvalidConfigurationError=s,e.CertificateSubjectTokenSupplier=class{certificateConfigPath;trustChainPath;cert;key;constructor(e){if(!e.useDefaultCertificateConfig&&!e.certificateConfigLocation)throw new s("Either `useDefaultCertificateConfig` must be true or a `certificateConfigLocation` must be provided.");if(e.useDefaultCertificateConfig&&e.certificateConfigLocation)throw new s("Both `useDefaultCertificateConfig` and `certificateConfigLocation` cannot be provided.");this.trustChainPath=e.trustChainPath,this.certificateConfigPath=e.certificateConfigLocation??``}async createMtlsHttpsAgent(){if(!this.key||!this.cert)throw new s(`Cannot create mTLS Agent with missing certificate or key`);return new a.Agent({key:this.key,cert:this.cert})}async getSubjectToken(){this.certificateConfigPath=await this.#e();let{certPath:e,keyPath:t}=await this.#t();return{cert:this.cert,key:this.key}=await this.#n(e,t),await this.#r(this.cert)}async#e(){let t=this.certificateConfigPath;if(t){if(await(0,n.isValidFile)(t))return t;throw new o(`Provided certificate config path is invalid: ${t}`)}let r=process.env[e.CERTIFICATE_CONFIGURATION_ENV_VARIABLE];if(r){if(await(0,n.isValidFile)(r))return r;throw new o(`Path from environment variable "${e.CERTIFICATE_CONFIGURATION_ENV_VARIABLE}" is invalid: ${r}`)}let i=(0,n.getWellKnownCertificateConfigFileLocation)();if(await(0,n.isValidFile)(i))return i;throw new o(`Could not find certificate configuration file. Searched override path, the "${e.CERTIFICATE_CONFIGURATION_ENV_VARIABLE}" env var, and the gcloud path (${i}).`)}async#t(){let e=this.certificateConfigPath,t;try{t=await r.promises.readFile(e,`utf8`)}catch{throw new o(`Failed to read certificate config file at: ${e}`)}try{let n=JSON.parse(t),r=n?.cert_configs?.workload?.cert_path,i=n?.cert_configs?.workload?.key_path;if(!r||!i)throw new s(`Certificate config file (${e}) is missing required "cert_path" or "key_path" in the workload config.`);return{certPath:r,keyPath:i}}catch(t){throw t instanceof s?t:new s(`Failed to parse certificate config from ${e}: ${t.message}`)}}async#n(e,t){let n,a;try{n=await r.promises.readFile(e),new i.X509Certificate(n)}catch(t){throw new o(`Failed to read certificate file at ${e}: ${t instanceof Error?t.message:String(t)}`)}try{a=await r.promises.readFile(t),(0,i.createPrivateKey)(a)}catch(e){throw new o(`Failed to read private key file at ${t}: ${e instanceof Error?e.message:String(e)}`)}return{cert:n,key:a}}async#r(e){let t=new i.X509Certificate(e);if(!this.trustChainPath)return JSON.stringify([t.raw.toString(`base64`)]);try{let e=((await r.promises.readFile(this.trustChainPath,`utf8`)).match(/-----BEGIN CERTIFICATE-----[^-]+-----END CERTIFICATE-----/g)??[]).map((e,t)=>{try{return new i.X509Certificate(e)}catch(e){let n=e instanceof Error?e.message:String(e);throw new s(`Failed to parse certificate at index ${t} in trust chain file ${this.trustChainPath}: ${n}`)}}),n=e.findIndex(e=>t.raw.equals(e.raw)),a;if(n===-1)a=[t,...e];else if(n===0)a=e;else throw new s(`Leaf certificate exists in the trust chain but is not the first entry (found at index ${n}).`);return JSON.stringify(a.map(e=>e.raw.toString(`base64`)))}catch(e){if(e instanceof s)throw e;let t=e instanceof Error?e.message:String(e);throw new o(`Failed to process certificate chain from ${this.trustChainPath}: ${t}`)}}}})),Ae=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.IdentityPoolClient=void 0;let t=Ee(),n=j(),r=De(),i=Oe(),a=ke(),o=Te(),s=D();e.IdentityPoolClient=class e extends t.BaseExternalAccountClient{subjectTokenSupplier;constructor(t){super(t);let o=(0,n.originalOrCamelOptions)(t),s=o.get(`credential_source`),c=o.get(`subject_token_supplier`);if(!s&&!c)throw Error(`A credential source or subject token supplier must be specified.`);if(s&&c)throw Error(`Only one of credential source or subject token supplier can be specified.`);if(c)this.subjectTokenSupplier=c,this.credentialSourceType=`programmatic`;else{let t=(0,n.originalOrCamelOptions)(s),o=(0,n.originalOrCamelOptions)(t.get(`format`)),c=o.get(`type`)||`text`,l=o.get(`subject_token_field_name`);if(c!==`json`&&c!==`text`)throw Error(`Invalid credential_source format "${c}"`);if(c===`json`&&!l)throw Error(`Missing subject_token_field_name for JSON credential_source format`);let u=t.get(`file`),d=t.get(`url`),f=t.get(`certificate`),p=t.get(`headers`);if(u&&d||d&&f||u&&f)throw Error(`No valid Identity Pool "credential_source" provided, must be either file, url, or certificate.`);if(u)this.credentialSourceType=`file`,this.subjectTokenSupplier=new r.FileSubjectTokenSupplier({filePath:u,formatType:c,subjectTokenFieldName:l});else if(d)this.credentialSourceType=`url`,this.subjectTokenSupplier=new i.UrlSubjectTokenSupplier({url:d,formatType:c,subjectTokenFieldName:l,headers:p,additionalGaxiosOptions:e.RETRY_CONFIG});else if(f){this.credentialSourceType=`certificate`;let e=new a.CertificateSubjectTokenSupplier({useDefaultCertificateConfig:f.use_default_certificate_config,certificateConfigLocation:f.certificate_config_location,trustChainPath:f.trust_chain_path});this.subjectTokenSupplier=e}else throw Error(`No valid Identity Pool "credential_source" provided, must be either file, url, or certificate.`)}}async retrieveSubjectToken(){let e=await this.subjectTokenSupplier.getSubjectToken(this.supplierContext);if(this.subjectTokenSupplier instanceof a.CertificateSubjectTokenSupplier){let e=await this.subjectTokenSupplier.createMtlsHttpsAgent();this.stsCredential=new o.StsCredentials({tokenExchangeEndpoint:this.getTokenUrl(),clientAuthentication:this.clientAuth,transporter:new s.Gaxios({agent:e})}),this.transporter=new s.Gaxios({...this.transporter.defaults||{},agent:e})}return e}}})),je=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.AwsRequestSigner=void 0;let t=D(),n=ae(),r=`AWS4-HMAC-SHA256`;e.AwsRequestSigner=class{getCredentials;region;crypto;constructor(e,t){this.getCredentials=e,this.region=t,this.crypto=(0,n.createCrypto)()}async getRequestOptions(e){if(!e.url)throw RangeError(`"url" is required in "amzOptions"`);let n=typeof e.data==`object`?JSON.stringify(e.data):e.data,r=e.url,i=e.method||`GET`,a=e.body||n,s=e.headers,c=await this.getCredentials(),l=new URL(r);if(typeof a!=`string`&&a!==void 0)throw TypeError(`'requestPayload' is expected to be a string if provided. Got: ${a}`);let u=await o({crypto:this.crypto,host:l.host,canonicalUri:l.pathname,canonicalQuerystring:l.search.slice(1),method:i,region:this.region,securityCredentials:c,requestPayload:a,additionalAmzHeaders:s}),d=t.Gaxios.mergeHeaders(u.amzDate?{"x-amz-date":u.amzDate}:{},{authorization:u.authorizationHeader,host:l.host},s||{});c.token&&t.Gaxios.mergeHeaders(d,{"x-amz-security-token":c.token});let f={url:r,method:i,headers:d};return a!==void 0&&(f.body=a),f}};async function i(e,t,n){return await e.signWithHmacSha256(t,n)}async function a(e,t,n,r,a){return await i(e,await i(e,await i(e,await i(e,`AWS4${t}`,n),r),a),`aws4_request`)}async function o(e){let o=t.Gaxios.mergeHeaders(e.additionalAmzHeaders),s=e.requestPayload||``,c=e.host.split(`.`)[0],l=new Date,u=l.toISOString().replace(/[-:]/g,``).replace(/\.[0-9]+/,``),d=l.toISOString().replace(/[-]/g,``).replace(/T.*/,``);e.securityCredentials.token&&o.set(`x-amz-security-token`,e.securityCredentials.token);let f=t.Gaxios.mergeHeaders({host:e.host},o.has(`date`)?{}:{"x-amz-date":u},o),p=``,m=[...f.keys()].sort();m.forEach(e=>{p+=`${e}:${f.get(e)}\n`});let h=m.join(`;`),g=await e.crypto.sha256DigestHex(s),_=`${e.method.toUpperCase()}\n${e.canonicalUri}\n${e.canonicalQuerystring}\n${p}\n${h}\n${g}`,v=`${d}/${e.region}/${c}/aws4_request`,y=`${r}\n${u}\n${v}\n`+await e.crypto.sha256DigestHex(_),b=await a(e.crypto,e.securityCredentials.secretAccessKey,d,e.region,c),x=await i(e.crypto,b,y),S=`${r} Credential=${e.securityCredentials.accessKeyId}/${v}, SignedHeaders=${h}, Signature=${(0,n.fromArrayBufferToHex)(x)}`;return{amzDate:o.has(`date`)?void 0:u,authorizationHeader:S,canonicalQuerystring:e.canonicalQuerystring}}})),Me=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.DefaultAwsSecurityCredentialsSupplier=void 0;let t=M();e.DefaultAwsSecurityCredentialsSupplier=class{regionUrl;securityCredentialsUrl;imdsV2SessionTokenUrl;additionalGaxiosOptions;constructor(e){this.regionUrl=e.regionUrl,this.securityCredentialsUrl=e.securityCredentialsUrl,this.imdsV2SessionTokenUrl=e.imdsV2SessionTokenUrl,this.additionalGaxiosOptions=e.additionalGaxiosOptions}async getAwsRegion(e){if(this.#r)return this.#r;let n=new Headers;if(!this.#r&&this.imdsV2SessionTokenUrl&&n.set(`x-aws-ec2-metadata-token`,await this.#e(e.transporter)),!this.regionUrl)throw RangeError(`Unable to determine AWS region due to missing "options.credential_source.region_url"`);let r={...this.additionalGaxiosOptions,url:this.regionUrl,method:`GET`,responseType:`text`,headers:n};t.AuthClient.setMethodName(r,`getAwsRegion`);let i=await e.transporter.request(r);return i.data.substr(0,i.data.length-1)}async getAwsSecurityCredentials(e){if(this.#i)return this.#i;let t=new Headers;this.imdsV2SessionTokenUrl&&t.set(`x-aws-ec2-metadata-token`,await this.#e(e.transporter));let n=await this.#t(t,e.transporter),r=await this.#n(n,t,e.transporter);return{accessKeyId:r.AccessKeyId,secretAccessKey:r.SecretAccessKey,token:r.Token}}async#e(e){let n={...this.additionalGaxiosOptions,url:this.imdsV2SessionTokenUrl,method:`PUT`,responseType:`text`,headers:{"x-aws-ec2-metadata-token-ttl-seconds":`300`}};return t.AuthClient.setMethodName(n,`#getImdsV2SessionToken`),(await e.request(n)).data}async#t(e,n){if(!this.securityCredentialsUrl)throw Error(`Unable to determine AWS role name due to missing "options.credential_source.url"`);let r={...this.additionalGaxiosOptions,url:this.securityCredentialsUrl,method:`GET`,responseType:`text`,headers:e};return t.AuthClient.setMethodName(r,`#getAwsRoleName`),(await n.request(r)).data}async#n(e,n,r){let i={...this.additionalGaxiosOptions,url:`${this.securityCredentialsUrl}/${e}`,headers:n,responseType:`json`};return t.AuthClient.setMethodName(i,`#retrieveAwsSecurityCredentials`),(await r.request(i)).data}get#r(){return process.env.AWS_REGION||process.env.AWS_DEFAULT_REGION||null}get#i(){return process.env.AWS_ACCESS_KEY_ID&&process.env.AWS_SECRET_ACCESS_KEY?{accessKeyId:process.env.AWS_ACCESS_KEY_ID,secretAccessKey:process.env.AWS_SECRET_ACCESS_KEY,token:process.env.AWS_SESSION_TOKEN}:null}}})),Ne=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.AwsClient=void 0;let t=je(),n=Ee(),r=Me(),i=j(),a=D();e.AwsClient=class e extends n.BaseExternalAccountClient{environmentId;awsSecurityCredentialsSupplier;regionalCredVerificationUrl;awsRequestSigner;region;static#e=`https://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15`;static AWS_EC2_METADATA_IPV4_ADDRESS=`169.254.169.254`;static AWS_EC2_METADATA_IPV6_ADDRESS=`fd00:ec2::254`;constructor(t){super(t);let n=(0,i.originalOrCamelOptions)(t),a=n.get(`credential_source`),o=n.get(`aws_security_credentials_supplier`);if(!a&&!o)throw Error(`A credential source or AWS security credentials supplier must be specified.`);if(a&&o)throw Error(`Only one of credential source or AWS security credentials supplier can be specified.`);if(o)this.awsSecurityCredentialsSupplier=o,this.regionalCredVerificationUrl=e.#e,this.credentialSourceType=`programmatic`;else{let e=(0,i.originalOrCamelOptions)(a);this.environmentId=e.get(`environment_id`);let t=e.get(`region_url`),n=e.get(`url`),o=e.get(`imdsv2_session_token_url`);this.awsSecurityCredentialsSupplier=new r.DefaultAwsSecurityCredentialsSupplier({regionUrl:t,securityCredentialsUrl:n,imdsV2SessionTokenUrl:o}),this.regionalCredVerificationUrl=e.get(`regional_cred_verification_url`),this.credentialSourceType=`aws`,this.validateEnvironmentId()}this.awsRequestSigner=null,this.region=``}validateEnvironmentId(){let e=this.environmentId?.match(/^(aws)(\d+)$/);if(!e||!this.regionalCredVerificationUrl)throw Error(`No valid AWS "credential_source" provided`);if(parseInt(e[2],10)!==1)throw Error(`aws version "${e[2]}" is not supported in the current build.`)}async retrieveSubjectToken(){this.awsRequestSigner||=(this.region=await this.awsSecurityCredentialsSupplier.getAwsRegion(this.supplierContext),new t.AwsRequestSigner(async()=>this.awsSecurityCredentialsSupplier.getAwsSecurityCredentials(this.supplierContext),this.region));let n=await this.awsRequestSigner.getRequestOptions({...e.RETRY_CONFIG,url:this.regionalCredVerificationUrl.replace(`{region}`,this.region),method:`POST`}),r=[];return a.Gaxios.mergeHeaders({"x-goog-cloud-target-resource":this.audience},n.headers).forEach((e,t)=>r.push({key:t,value:e})),encodeURIComponent(JSON.stringify({url:n.url,method:n.method,headers:r}))}}})),Pe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.InvalidSubjectTokenError=e.InvalidMessageFieldError=e.InvalidCodeFieldError=e.InvalidTokenTypeFieldError=e.InvalidExpirationTimeFieldError=e.InvalidSuccessFieldError=e.InvalidVersionFieldError=e.ExecutableResponseError=e.ExecutableResponse=void 0;let t=`urn:ietf:params:oauth:token-type:saml2`,n=`urn:ietf:params:oauth:token-type:id_token`,r=`urn:ietf:params:oauth:token-type:jwt`;e.ExecutableResponse=class{version;success;expirationTime;tokenType;errorCode;errorMessage;subjectToken;constructor(e){if(!e.version)throw new a(`Executable response must contain a 'version' field.`);if(e.success===void 0)throw new o(`Executable response must contain a 'success' field.`);if(this.version=e.version,this.success=e.success,this.success){if(this.expirationTime=e.expiration_time,this.tokenType=e.token_type,this.tokenType!==t&&this.tokenType!==n&&this.tokenType!==r)throw new s(`Executable response must contain a 'token_type' field when successful and it must be one of ${n}, ${r}, or ${t}.`);if(this.tokenType===t){if(!e.saml_response)throw new u(`Executable response must contain a 'saml_response' field when token_type=${t}.`);this.subjectToken=e.saml_response}else{if(!e.id_token)throw new u(`Executable response must contain a 'id_token' field when token_type=${n} or ${r}.`);this.subjectToken=e.id_token}}else{if(!e.code)throw new c(`Executable response must contain a 'code' field when unsuccessful.`);if(!e.message)throw new l(`Executable response must contain a 'message' field when unsuccessful.`);this.errorCode=e.code,this.errorMessage=e.message}}isValid(){return!this.isExpired()&&this.success}isExpired(){return this.expirationTime!==void 0&&this.expirationTime<Math.round(Date.now()/1e3)}};var i=class extends Error{constructor(e){super(e),Object.setPrototypeOf(this,new.target.prototype)}};e.ExecutableResponseError=i;var a=class extends i{};e.InvalidVersionFieldError=a;var o=class extends i{};e.InvalidSuccessFieldError=o,e.InvalidExpirationTimeFieldError=class extends i{};var s=class extends i{};e.InvalidTokenTypeFieldError=s;var c=class extends i{};e.InvalidCodeFieldError=c;var l=class extends i{};e.InvalidMessageFieldError=l;var u=class extends i{};e.InvalidSubjectTokenError=u})),Fe=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.PluggableAuthHandler=e.ExecutableError=void 0;let n=Pe(),r=t(`child_process`),i=t(`fs`);var a=class extends Error{code;constructor(e,t){super(`The executable failed with exit code: ${t} and error message: ${e}.`),this.code=t,Object.setPrototypeOf(this,new.target.prototype)}};e.ExecutableError=a,e.PluggableAuthHandler=class e{commandComponents;timeoutMillis;outputFile;constructor(t){if(!t.command)throw Error(`No command provided.`);if(this.commandComponents=e.parseCommand(t.command),this.timeoutMillis=t.timeoutMillis,!this.timeoutMillis)throw Error(`No timeoutMillis provided.`);this.outputFile=t.outputFile}retrieveResponseFromExecutable(e){return new Promise((t,i)=>{let o=r.spawn(this.commandComponents[0],this.commandComponents.slice(1),{env:{...process.env,...Object.fromEntries(e)}}),s=``;o.stdout.on(`data`,e=>{s+=e}),o.stderr.on(`data`,e=>{s+=e});let c=setTimeout(()=>(o.removeAllListeners(),o.kill(),i(Error(`The executable failed to finish within the timeout specified.`))),this.timeoutMillis);o.on(`close`,e=>{if(clearTimeout(c),e===0)try{let e=JSON.parse(s);return t(new n.ExecutableResponse(e))}catch(e){return e instanceof n.ExecutableResponseError?i(e):i(new n.ExecutableResponseError(`The executable returned an invalid response: ${s}`))}else return i(new a(s,e.toString()))})})}async retrieveCachedResponse(){if(!this.outputFile||this.outputFile.length===0)return;let e;try{e=await i.promises.realpath(this.outputFile)}catch{return}if(!(await i.promises.lstat(e)).isFile())return;let t=await i.promises.readFile(e,{encoding:`utf8`});if(t!==``)try{let e=JSON.parse(t);return new n.ExecutableResponse(e).isValid()?new n.ExecutableResponse(e):void 0}catch(e){throw e instanceof n.ExecutableResponseError?e:new n.ExecutableResponseError(`The output file contained an invalid response: ${t}`)}}static parseCommand(e){let t=e.match(/(?:[^\s"]+|"[^"]*")+/g);if(!t)throw Error(`Provided command: "${e}" could not be parsed.`);for(let e=0;e<t.length;e++)t[e][0]===`"`&&t[e].slice(-1)===`"`&&(t[e]=t[e].slice(1,-1));return t}}})),Ie=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.PluggableAuthClient=e.ExecutableError=void 0;let t=Ee(),n=Pe(),r=Fe();var i=Fe();Object.defineProperty(e,`ExecutableError`,{enumerable:!0,get:function(){return i.ExecutableError}});let a=5*1e3,o=120*1e3;e.PluggableAuthClient=class extends t.BaseExternalAccountClient{command;timeoutMillis;outputFile;handler;constructor(e){if(super(e),!e.credential_source.executable||(this.command=e.credential_source.executable.command,!this.command))throw Error(`No valid Pluggable Auth "credential_source" provided.`);if(e.credential_source.executable.timeout_millis===void 0)this.timeoutMillis=3e4;else if(this.timeoutMillis=e.credential_source.executable.timeout_millis,this.timeoutMillis<a||this.timeoutMillis>o)throw Error(`Timeout must be between ${a} and ${o} milliseconds.`);this.outputFile=e.credential_source.executable.output_file,this.handler=new r.PluggableAuthHandler({command:this.command,timeoutMillis:this.timeoutMillis,outputFile:this.outputFile}),this.credentialSourceType=`executable`}async retrieveSubjectToken(){if(process.env.GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES!==`1`)throw Error(`Pluggable Auth executables need to be explicitly allowed to run by setting the GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES environment Variable to 1.`);let e;if(this.outputFile&&(e=await this.handler.retrieveCachedResponse()),!e){let t=new Map;t.set(`GOOGLE_EXTERNAL_ACCOUNT_AUDIENCE`,this.audience),t.set(`GOOGLE_EXTERNAL_ACCOUNT_TOKEN_TYPE`,this.subjectTokenType),t.set(`GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVE`,`0`),this.outputFile&&t.set(`GOOGLE_EXTERNAL_ACCOUNT_OUTPUT_FILE`,this.outputFile);let n=this.getServiceAccountEmail();n&&t.set(`GOOGLE_EXTERNAL_ACCOUNT_IMPERSONATED_EMAIL`,n),e=await this.handler.retrieveResponseFromExecutable(t)}if(e.version>1)throw Error(`Version of executable is not currently supported, maximum supported version is 1.`);if(!e.success)throw new r.ExecutableError(e.errorMessage,e.errorCode);if(this.outputFile&&!e.expirationTime)throw new n.InvalidExpirationTimeFieldError("The executable response must contain the `expiration_time` field for successful responses when an output_file has been specified in the configuration.");if(e.isExpired())throw Error(`Executable response is expired.`);return e.subjectToken}}})),Le=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.ExternalAccountClient=void 0;let t=Ee(),n=Ae(),r=Ne(),i=Ie();e.ExternalAccountClient=class{constructor(){throw Error(`ExternalAccountClients should be initialized via: ExternalAccountClient.fromJSON(), directly via explicit constructors, eg. new AwsClient(options), new IdentityPoolClient(options), newPluggableAuthClientOptions, or via new GoogleAuth(options).getClient()`)}static fromJSON(e){return e&&e.type===t.EXTERNAL_ACCOUNT_TYPE?e.credential_source?.environment_id?new r.AwsClient(e):e.credential_source?.executable?new i.PluggableAuthClient(e):new n.IdentityPoolClient(e):null}}})),Re=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.ExternalAccountAuthorizedUserClient=e.EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE=void 0;let n=M(),r=we(),i=D(),a=t(`stream`),o=Ee();e.EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE=`external_account_authorized_user`;var s=class e extends r.OAuthClientAuthHandler{#e;constructor(e){super(e),this.#e=e.tokenRefreshEndpoint}async refreshToken(t,a){let o={...e.RETRY_CONFIG,url:this.#e,method:`POST`,headers:a,data:new URLSearchParams({grant_type:`refresh_token`,refresh_token:t}),responseType:`json`};n.AuthClient.setMethodName(o,`refreshToken`),this.applyClientAuthenticationOptions(o);try{let e=await this.transporter.request(o),t=e.data;return t.res=e,t}catch(e){throw e instanceof i.GaxiosError&&e.response?(0,r.getErrorFromOAuthErrorResponse)(e.response.data,e):e}}};e.ExternalAccountAuthorizedUserClient=class extends n.AuthClient{cachedAccessToken;externalAccountAuthorizedUserHandler;refreshToken;constructor(e){super(e),e.universe_domain&&(this.universeDomain=e.universe_domain),this.refreshToken=e.refresh_token;let t={confidentialClientType:`basic`,clientId:e.client_id,clientSecret:e.client_secret};this.externalAccountAuthorizedUserHandler=new s({tokenRefreshEndpoint:e.token_url??`https://sts.{universeDomain}/v1/oauthtoken`.replace(`{universeDomain}`,this.universeDomain),transporter:this.transporter,clientAuthentication:t}),this.cachedAccessToken=null,this.quotaProjectId=e.quota_project_id,typeof e?.eagerRefreshThresholdMillis==`number`?this.eagerRefreshThresholdMillis=e.eagerRefreshThresholdMillis:this.eagerRefreshThresholdMillis=o.EXPIRATION_TIME_OFFSET,this.forceRefreshOnFailure=!!e?.forceRefreshOnFailure}async getAccessToken(){return(!this.cachedAccessToken||this.isExpired(this.cachedAccessToken))&&await this.refreshAccessTokenAsync(),{token:this.cachedAccessToken.access_token,res:this.cachedAccessToken.res}}async getRequestHeaders(){let e=await this.getAccessToken(),t=new Headers({authorization:`Bearer ${e.token}`});return this.addSharedMetadataHeaders(t)}request(e,t){if(t)this.requestAsync(e).then(e=>t(null,e),e=>t(e,e.response));else return this.requestAsync(e)}async requestAsync(e,t=!1){let n;try{let t=await this.getRequestHeaders();e.headers=i.Gaxios.mergeHeaders(e.headers),this.addUserProjectAndAuthHeaders(e.headers,t),n=await this.transporter.request(e)}catch(n){let r=n.response;if(r){let n=r.status,i=r.config.data instanceof a.Readable;if(!t&&(n===401||n===403)&&!i&&this.forceRefreshOnFailure)return await this.refreshAccessTokenAsync(),await this.requestAsync(e,!0)}throw n}return n}async refreshAccessTokenAsync(){let e=await this.externalAccountAuthorizedUserHandler.refreshToken(this.refreshToken);return this.cachedAccessToken={access_token:e.access_token,expiry_date:new Date().getTime()+e.expires_in*1e3,res:e.res},e.refresh_token!==void 0&&(this.refreshToken=e.refresh_token),this.cachedAccessToken}isExpired(e){let t=new Date().getTime();return e.expiry_date?t>=e.expiry_date-this.eagerRefreshThresholdMillis:!1}}})),ze=n((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.GoogleAuth=e.GoogleAuthExceptionMessages=void 0;let n=t(`child_process`),r=t(`fs`),i=D(),a=A(),o=t(`os`),s=t(`path`),c=ae(),l=ue(),u=de(),d=fe(),f=xe(),p=Se(),m=Ce(),h=Le(),g=Ee(),_=M(),v=Re(),y=j();e.GoogleAuthExceptionMessages={API_KEY_WITH_CREDENTIALS:`API Keys and Credentials are mutually exclusive authentication methods and cannot be used together.`,NO_PROJECT_ID_FOUND:`Unable to detect a Project Id in the current environment.
4
4
  To learn more about authentication and Google APIs, visit:
5
5
  https://cloud.google.com/docs/authentication/getting-started`,NO_CREDENTIALS_FOUND:`Unable to find credentials in current environment.
6
6
  To learn more about authentication and Google APIs, visit:
@@ -1 +1 @@
1
- import{r as e,t}from"./event-stream-B7Ei41Bu.mjs";import{a as n,i as r,r as i}from"./transform-messages-BTA3xbAI.mjs";import{c as a,i as o,l as s,n as c,o as l,r as u,s as d,t as f}from"./google-shared-C60sNhwd.mjs";const p={THINKING_LEVEL_UNSPECIFIED:s.THINKING_LEVEL_UNSPECIFIED,MINIMAL:s.MINIMAL,LOW:s.LOW,MEDIUM:s.MEDIUM,HIGH:s.HIGH};let m=0;const h=(n,r,i)=>{let a=new t;return(async()=>{let t={role:`assistant`,content:[],api:`google-vertex`,provider:n.provider,model:n.id,usage:{input:0,output:0,cacheRead:0,cacheWrite:0,totalTokens:0,cost:{input:0,output:0,cacheRead:0,cacheWrite:0,total:0}},stopReason:`stop`,timestamp:Date.now()};try{let s=y(i),c=s?v(n,s,i?.headers):_(n,x(i),S(i),i?.headers),l=C(n,r,i),f=await i?.onPayload?.(l,n);f!==void 0&&(l=f);let p=await c.models.generateContentStream(l);a.push({type:`start`,partial:t});let h=null,g=t.content,b=()=>g.length-1;for await(let r of p){t.responseId||=r.responseId;let i=r.candidates?.[0];if(i?.content?.parts)for(let e of i.content.parts){if(e.text!==void 0){let n=u(e);(!h||n&&h.type!==`thinking`||!n&&h.type!==`text`)&&(h&&(h.type===`text`?a.push({type:`text_end`,contentIndex:g.length-1,content:h.text,partial:t}):a.push({type:`thinking_end`,contentIndex:b(),content:h.thinking,partial:t})),n?(h={type:`thinking`,thinking:``,thinkingSignature:void 0},t.content.push(h),a.push({type:`thinking_start`,contentIndex:b(),partial:t})):(h={type:`text`,text:``},t.content.push(h),a.push({type:`text_start`,contentIndex:b(),partial:t}))),h.type===`thinking`?(h.thinking+=e.text,h.thinkingSignature=d(h.thinkingSignature,e.thoughtSignature),a.push({type:`thinking_delta`,contentIndex:b(),delta:e.text,partial:t})):(h.text+=e.text,h.textSignature=d(h.textSignature,e.thoughtSignature),a.push({type:`text_delta`,contentIndex:b(),delta:e.text,partial:t}))}if(e.functionCall){h&&=(h.type===`text`?a.push({type:`text_end`,contentIndex:b(),content:h.text,partial:t}):a.push({type:`thinking_end`,contentIndex:b(),content:h.thinking,partial:t}),null);let n=e.functionCall.id,r={type:`toolCall`,id:!n||t.content.some(e=>e.type===`toolCall`&&e.id===n)?`${e.functionCall.name}_${Date.now()}_${++m}`:n,name:e.functionCall.name||``,arguments:e.functionCall.args??{},...e.thoughtSignature&&{thoughtSignature:e.thoughtSignature}};t.content.push(r),a.push({type:`toolcall_start`,contentIndex:b(),partial:t}),a.push({type:`toolcall_delta`,contentIndex:b(),delta:JSON.stringify(r.arguments),partial:t}),a.push({type:`toolcall_end`,contentIndex:b(),toolCall:r,partial:t})}}i?.finishReason&&(t.stopReason=o(i.finishReason),t.content.some(e=>e.type===`toolCall`)&&(t.stopReason=`toolUse`)),r.usageMetadata&&(t.usage={input:(r.usageMetadata.promptTokenCount||0)-(r.usageMetadata.cachedContentTokenCount||0),output:(r.usageMetadata.candidatesTokenCount||0)+(r.usageMetadata.thoughtsTokenCount||0),cacheRead:r.usageMetadata.cachedContentTokenCount||0,cacheWrite:0,totalTokens:r.usageMetadata.totalTokenCount||0,cost:{input:0,output:0,cacheRead:0,cacheWrite:0,total:0}},e(n,t.usage))}if(h&&(h.type===`text`?a.push({type:`text_end`,contentIndex:b(),content:h.text,partial:t}):a.push({type:`thinking_end`,contentIndex:b(),content:h.thinking,partial:t})),i?.signal?.aborted)throw Error(`Request was aborted`);if(t.stopReason===`aborted`||t.stopReason===`error`)throw Error(`An unknown error occurred`);a.push({type:`done`,reason:t.stopReason,message:t}),a.end()}catch(e){for(let e of t.content)`index`in e&&delete e.index;t.stopReason=i?.signal?.aborted?`aborted`:`error`,t.errorMessage=e instanceof Error?e.message:JSON.stringify(e),a.push({type:`error`,reason:t.stopReason,error:t}),a.end()}})(),a},g=(e,t,n)=>{let a=i(e,n,void 0);if(!n?.reasoning)return h(e,t,{...a,thinking:{enabled:!1}});let o=r(n.reasoning),s=e;return w(s)||T(s)?h(e,t,{...a,thinking:{enabled:!0,level:D(o,s)}}):h(e,t,{...a,thinking:{enabled:!0,budgetTokens:O(s,o,n.thinkingBudgets)}})};function _(e,t,n,r){let i={};return(e.headers||r)&&(i.headers={...e.headers,...r}),new a({vertexai:!0,project:t,location:n,apiVersion:`v1`,httpOptions:Object.values(i).some(Boolean)?i:void 0})}function v(e,t,n){let r={};return(e.headers||n)&&(r.headers={...e.headers,...n}),new a({vertexai:!0,apiKey:t,apiVersion:`v1`,httpOptions:Object.values(r).some(Boolean)?r:void 0})}function y(e){let t=e?.apiKey?.trim()||process.env.GOOGLE_CLOUD_API_KEY?.trim();if(!(!t||t===`gcp-vertex-credentials`||b(t)))return t}function b(e){return/^<[^>]+>$/.test(e)}function x(e){let t=e?.project||process.env.GOOGLE_CLOUD_PROJECT||process.env.GCLOUD_PROJECT;if(!t)throw Error(`Vertex AI requires a project ID. Set GOOGLE_CLOUD_PROJECT/GCLOUD_PROJECT or pass project in options.`);return t}function S(e){let t=e?.location||process.env.GOOGLE_CLOUD_LOCATION;if(!t)throw Error(`Vertex AI requires a location. Set GOOGLE_CLOUD_LOCATION or pass location in options.`);return t}function C(e,t,r={}){let i=f(e,t),a={};r.temperature!==void 0&&(a.temperature=r.temperature),r.maxTokens!==void 0&&(a.maxOutputTokens=r.maxTokens);let o={...Object.keys(a).length>0&&a,...t.systemPrompt&&{systemInstruction:n(t.systemPrompt)},...t.tools&&t.tools.length>0&&{tools:c(t.tools)}};if(t.tools&&t.tools.length>0&&r.toolChoice?o.toolConfig={functionCallingConfig:{mode:l(r.toolChoice)}}:o.toolConfig=void 0,r.thinking?.enabled&&e.reasoning){let e={includeThoughts:!0};r.thinking.level===void 0?r.thinking.budgetTokens!==void 0&&(e.thinkingBudget=r.thinking.budgetTokens):e.thinkingLevel=p[r.thinking.level],o.thinkingConfig=e}else e.reasoning&&r.thinking&&!r.thinking.enabled&&(o.thinkingConfig=E(e));if(r.signal){if(r.signal.aborted)throw Error(`Request aborted`);o.abortSignal=r.signal}return{model:e.id,contents:i,config:o}}function w(e){return/gemini-3(?:\.\d+)?-pro/.test(e.id.toLowerCase())}function T(e){return/gemini-3(?:\.\d+)?-flash/.test(e.id.toLowerCase())}function E(e){let t=e;return w(t)?{thinkingLevel:s.LOW}:T(t)?{thinkingLevel:s.MINIMAL}:{thinkingBudget:0}}function D(e,t){if(w(t))switch(e){case`minimal`:case`low`:return`LOW`;case`medium`:case`high`:return`HIGH`}switch(e){case`minimal`:return`MINIMAL`;case`low`:return`LOW`;case`medium`:return`MEDIUM`;case`high`:return`HIGH`}}function O(e,t,n){return n?.[t]===void 0?e.id.includes(`2.5-pro`)?{minimal:128,low:2048,medium:8192,high:32768}[t]:e.id.includes(`2.5-flash`)?{minimal:128,low:2048,medium:8192,high:24576}[t]:-1:n[t]}export{h as streamGoogleVertex,g as streamSimpleGoogleVertex};
1
+ import{r as e,t}from"./event-stream-JP51qlT7.mjs";import{a as n,i as r,r as i}from"./transform-messages-B6RF0Czv.mjs";import{c as a,i as o,l as s,n as c,o as l,r as u,s as d,t as f}from"./google-shared-DDK4NMAJ.mjs";const p={THINKING_LEVEL_UNSPECIFIED:s.THINKING_LEVEL_UNSPECIFIED,MINIMAL:s.MINIMAL,LOW:s.LOW,MEDIUM:s.MEDIUM,HIGH:s.HIGH};let m=0;const h=(n,r,i)=>{let a=new t;return(async()=>{let t={role:`assistant`,content:[],api:`google-vertex`,provider:n.provider,model:n.id,usage:{input:0,output:0,cacheRead:0,cacheWrite:0,totalTokens:0,cost:{input:0,output:0,cacheRead:0,cacheWrite:0,total:0}},stopReason:`stop`,timestamp:Date.now()};try{let s=y(i),c=s?v(n,s,i?.headers):_(n,x(i),S(i),i?.headers),l=C(n,r,i),f=await i?.onPayload?.(l,n);f!==void 0&&(l=f);let p=await c.models.generateContentStream(l);a.push({type:`start`,partial:t});let h=null,g=t.content,b=()=>g.length-1;for await(let r of p){t.responseId||=r.responseId;let i=r.candidates?.[0];if(i?.content?.parts)for(let e of i.content.parts){if(e.text!==void 0){let n=u(e);(!h||n&&h.type!==`thinking`||!n&&h.type!==`text`)&&(h&&(h.type===`text`?a.push({type:`text_end`,contentIndex:g.length-1,content:h.text,partial:t}):a.push({type:`thinking_end`,contentIndex:b(),content:h.thinking,partial:t})),n?(h={type:`thinking`,thinking:``,thinkingSignature:void 0},t.content.push(h),a.push({type:`thinking_start`,contentIndex:b(),partial:t})):(h={type:`text`,text:``},t.content.push(h),a.push({type:`text_start`,contentIndex:b(),partial:t}))),h.type===`thinking`?(h.thinking+=e.text,h.thinkingSignature=d(h.thinkingSignature,e.thoughtSignature),a.push({type:`thinking_delta`,contentIndex:b(),delta:e.text,partial:t})):(h.text+=e.text,h.textSignature=d(h.textSignature,e.thoughtSignature),a.push({type:`text_delta`,contentIndex:b(),delta:e.text,partial:t}))}if(e.functionCall){h&&=(h.type===`text`?a.push({type:`text_end`,contentIndex:b(),content:h.text,partial:t}):a.push({type:`thinking_end`,contentIndex:b(),content:h.thinking,partial:t}),null);let n=e.functionCall.id,r={type:`toolCall`,id:!n||t.content.some(e=>e.type===`toolCall`&&e.id===n)?`${e.functionCall.name}_${Date.now()}_${++m}`:n,name:e.functionCall.name||``,arguments:e.functionCall.args??{},...e.thoughtSignature&&{thoughtSignature:e.thoughtSignature}};t.content.push(r),a.push({type:`toolcall_start`,contentIndex:b(),partial:t}),a.push({type:`toolcall_delta`,contentIndex:b(),delta:JSON.stringify(r.arguments),partial:t}),a.push({type:`toolcall_end`,contentIndex:b(),toolCall:r,partial:t})}}i?.finishReason&&(t.stopReason=o(i.finishReason),t.content.some(e=>e.type===`toolCall`)&&(t.stopReason=`toolUse`)),r.usageMetadata&&(t.usage={input:(r.usageMetadata.promptTokenCount||0)-(r.usageMetadata.cachedContentTokenCount||0),output:(r.usageMetadata.candidatesTokenCount||0)+(r.usageMetadata.thoughtsTokenCount||0),cacheRead:r.usageMetadata.cachedContentTokenCount||0,cacheWrite:0,totalTokens:r.usageMetadata.totalTokenCount||0,cost:{input:0,output:0,cacheRead:0,cacheWrite:0,total:0}},e(n,t.usage))}if(h&&(h.type===`text`?a.push({type:`text_end`,contentIndex:b(),content:h.text,partial:t}):a.push({type:`thinking_end`,contentIndex:b(),content:h.thinking,partial:t})),i?.signal?.aborted)throw Error(`Request was aborted`);if(t.stopReason===`aborted`||t.stopReason===`error`)throw Error(`An unknown error occurred`);a.push({type:`done`,reason:t.stopReason,message:t}),a.end()}catch(e){for(let e of t.content)`index`in e&&delete e.index;t.stopReason=i?.signal?.aborted?`aborted`:`error`,t.errorMessage=e instanceof Error?e.message:JSON.stringify(e),a.push({type:`error`,reason:t.stopReason,error:t}),a.end()}})(),a},g=(e,t,n)=>{let a=i(e,n,void 0);if(!n?.reasoning)return h(e,t,{...a,thinking:{enabled:!1}});let o=r(n.reasoning),s=e;return w(s)||T(s)?h(e,t,{...a,thinking:{enabled:!0,level:D(o,s)}}):h(e,t,{...a,thinking:{enabled:!0,budgetTokens:O(s,o,n.thinkingBudgets)}})};function _(e,t,n,r){let i={};return(e.headers||r)&&(i.headers={...e.headers,...r}),new a({vertexai:!0,project:t,location:n,apiVersion:`v1`,httpOptions:Object.values(i).some(Boolean)?i:void 0})}function v(e,t,n){let r={};return(e.headers||n)&&(r.headers={...e.headers,...n}),new a({vertexai:!0,apiKey:t,apiVersion:`v1`,httpOptions:Object.values(r).some(Boolean)?r:void 0})}function y(e){let t=e?.apiKey?.trim()||process.env.GOOGLE_CLOUD_API_KEY?.trim();if(!(!t||t===`gcp-vertex-credentials`||b(t)))return t}function b(e){return/^<[^>]+>$/.test(e)}function x(e){let t=e?.project||process.env.GOOGLE_CLOUD_PROJECT||process.env.GCLOUD_PROJECT;if(!t)throw Error(`Vertex AI requires a project ID. Set GOOGLE_CLOUD_PROJECT/GCLOUD_PROJECT or pass project in options.`);return t}function S(e){let t=e?.location||process.env.GOOGLE_CLOUD_LOCATION;if(!t)throw Error(`Vertex AI requires a location. Set GOOGLE_CLOUD_LOCATION or pass location in options.`);return t}function C(e,t,r={}){let i=f(e,t),a={};r.temperature!==void 0&&(a.temperature=r.temperature),r.maxTokens!==void 0&&(a.maxOutputTokens=r.maxTokens);let o={...Object.keys(a).length>0&&a,...t.systemPrompt&&{systemInstruction:n(t.systemPrompt)},...t.tools&&t.tools.length>0&&{tools:c(t.tools)}};if(t.tools&&t.tools.length>0&&r.toolChoice?o.toolConfig={functionCallingConfig:{mode:l(r.toolChoice)}}:o.toolConfig=void 0,r.thinking?.enabled&&e.reasoning){let e={includeThoughts:!0};r.thinking.level===void 0?r.thinking.budgetTokens!==void 0&&(e.thinkingBudget=r.thinking.budgetTokens):e.thinkingLevel=p[r.thinking.level],o.thinkingConfig=e}else e.reasoning&&r.thinking&&!r.thinking.enabled&&(o.thinkingConfig=E(e));if(r.signal){if(r.signal.aborted)throw Error(`Request aborted`);o.abortSignal=r.signal}return{model:e.id,contents:i,config:o}}function w(e){return/gemini-3(?:\.\d+)?-pro/.test(e.id.toLowerCase())}function T(e){return/gemini-3(?:\.\d+)?-flash/.test(e.id.toLowerCase())}function E(e){let t=e;return w(t)?{thinkingLevel:s.LOW}:T(t)?{thinkingLevel:s.MINIMAL}:{thinkingBudget:0}}function D(e,t){if(w(t))switch(e){case`minimal`:case`low`:return`LOW`;case`medium`:case`high`:return`HIGH`}switch(e){case`minimal`:return`MINIMAL`;case`low`:return`LOW`;case`medium`:return`MEDIUM`;case`high`:return`HIGH`}}function O(e,t,n){return n?.[t]===void 0?e.id.includes(`2.5-pro`)?{minimal:128,low:2048,medium:8192,high:32768}[t]:e.id.includes(`2.5-flash`)?{minimal:128,low:2048,medium:8192,high:24576}[t]:-1:n[t]}export{h as streamGoogleVertex,g as streamSimpleGoogleVertex};
@@ -1 +1 @@
1
- import{s as e}from"./home-dir-C44RaPME-B5iLWwCq.mjs";import{n as t,t as n}from"./bundled-dir-U738ay4K-BxbzrJOo.mjs";import r from"node:fs";import i from"node:path";const a=i.join(`dist`,`channel-catalog.json`);function o(){return[t({cwd:process.cwd()}),t({moduleUrl:import.meta.url})].filter((e,t,n)=>!!e&&n.indexOf(e)===t)}function s(e=process.env){let t=n(e);if(!t)return[];try{return r.readdirSync(t,{withFileTypes:!0}).filter(e=>e.isDirectory()).map(e=>i.join(t,e.name,`package.json`)).filter(e=>r.existsSync(e))}catch{return[]}}function c(){let e=[];for(let t of s())try{let n=JSON.parse(r.readFileSync(t,`utf8`));e.push(n)}catch{continue}return e}function l(){for(let e of o()){let t=i.join(e,a);if(r.existsSync(t))try{let e=JSON.parse(r.readFileSync(t,`utf8`));return Array.isArray(e.entries)?e.entries:[]}catch{continue}}return[]}function u(t){let n=t.openclaw?.channel,r=e(n?.id);return!r||!n?null:{id:r,channel:n,aliases:Array.isArray(n.aliases)?n.aliases.map(t=>e(t)).filter(e=>!!e):[],order:typeof n.order==`number`&&Number.isFinite(n.order)?n.order:2**53-1}}function d(){let e=c().map(e=>u(e)).filter(e=>!!e);return e.length>0?e:l().map(e=>u(e)).filter(e=>!!e)}function f(){return d().map(t=>({id:e(t.id)??t.id,aliases:t.aliases,order:t.order})).toSorted((e,t)=>e.order-t.order||e.id.localeCompare(t.id,`en`,{sensitivity:`base`}))}const p=Object.freeze(f()),m=new Set(p.map(e=>e.id)),h=Object.freeze(p.map(e=>e.id)),g=h,_=Object.freeze(Object.fromEntries(p.flatMap(e=>e.aliases.map(t=>[t,e.id]))));function v(t){let n=e(t);if(!n)return null;let r=_[n]??n;return m.has(r)?r:null}export{v as i,h as n,d as r,g as t};
1
+ import{s as e}from"./home-dir-C44RaPME-BqOMy1pu.mjs";import{n as t,t as n}from"./bundled-dir-U738ay4K-DxHVp4u1.mjs";import r from"node:fs";import i from"node:path";const a=i.join(`dist`,`channel-catalog.json`);function o(){return[t({cwd:process.cwd()}),t({moduleUrl:import.meta.url})].filter((e,t,n)=>!!e&&n.indexOf(e)===t)}function s(e=process.env){let t=n(e);if(!t)return[];try{return r.readdirSync(t,{withFileTypes:!0}).filter(e=>e.isDirectory()).map(e=>i.join(t,e.name,`package.json`)).filter(e=>r.existsSync(e))}catch{return[]}}function c(){let e=[];for(let t of s())try{let n=JSON.parse(r.readFileSync(t,`utf8`));e.push(n)}catch{continue}return e}function l(){for(let e of o()){let t=i.join(e,a);if(r.existsSync(t))try{let e=JSON.parse(r.readFileSync(t,`utf8`));return Array.isArray(e.entries)?e.entries:[]}catch{continue}}return[]}function u(t){let n=t.openclaw?.channel,r=e(n?.id);return!r||!n?null:{id:r,channel:n,aliases:Array.isArray(n.aliases)?n.aliases.map(t=>e(t)).filter(e=>!!e):[],order:typeof n.order==`number`&&Number.isFinite(n.order)?n.order:2**53-1}}function d(){let e=c().map(e=>u(e)).filter(e=>!!e);return e.length>0?e:l().map(e=>u(e)).filter(e=>!!e)}function f(){return d().map(t=>({id:e(t.id)??t.id,aliases:t.aliases,order:t.order})).toSorted((e,t)=>e.order-t.order||e.id.localeCompare(t.id,`en`,{sensitivity:`base`}))}const p=Object.freeze(f()),m=new Set(p.map(e=>e.id)),h=Object.freeze(p.map(e=>e.id)),g=h,_=Object.freeze(Object.fromEntries(p.flatMap(e=>e.aliases.map(t=>[t,e.id]))));function v(t){let n=e(t);if(!n)return null;let r=_[n]??n;return m.has(r)?r:null}export{v as i,h as n,d as r,g as t};
@@ -1,3 +1,3 @@
1
- import{d as e}from"./io-CH2g3vsv-JJtUIa_U.mjs";import{n as t,r as n,t as r}from"./models-config-BmpSQJQF-BL6S5qAo.mjs";import{s as i}from"./oauth-25y2wc7K.mjs";import{a,c as o,i as s,l as c,n as l,r as u,t as d}from"./provider-stream-COLujAAo-Dpq1DSIk.mjs";let f=null;function p(){return f??=import(`./pi-model-discovery-runtime-PrjWOmsV.mjs`),f}function m(e,t=4096){return typeof e!=`number`||!Number.isFinite(e)||e<=0?t:Math.min(t,e)}function h(e){return!!e&&typeof e==`object`&&!Array.isArray(e)}function g(t){return t.api!==`openai-responses`&&t.api!==`azure-openai-responses`&&t.api!==`openai-codex-responses`?!1:e({provider:t.provider,api:t.api,baseUrl:t.baseUrl,capability:`image`,transport:`media-understanding`}).usesKnownNativeOpenAIRoute}function _(e){if(!Array.isArray(e))return e;let t=e.filter(e=>e!==`reasoning.encrypted_content`);return t.length>0?t:void 0}function v(e,t){if(!h(e))return;let n={...e};delete n.reasoning,delete n.reasoning_effort;let r=_(n.include);return r===void 0?delete n.include:n.include=r,g(t)&&(n.reasoning={effort:`none`}),n}function y(e){return e instanceof Error&&/^Image model returned no text\b/.test(e.message)}async function b(e){await r(e.cfg,e.agentDir);let{discoverAuthStorage:i,discoverModels:a}=await p(),s=i(e.agentDir),c=a(s,e.agentDir),l=n(e.provider,e.model),u=c.find(l.provider,l.model);if(!u)throw Error(`Unknown model: ${l.provider}/${l.model}`);if(!u.input?.includes(`image`))throw Error(`Model does not support images: ${e.provider}/${e.model}`);let d=t(await o({model:u,cfg:e.cfg,agentDir:e.agentDir,profileId:e.profile,preferredProfile:e.preferredProfile,store:e.authStore}),u.provider);return s.setRuntimeApiKey(u.provider,d),{apiKey:d,model:u}}function x(e,t){return{systemPrompt:e,messages:[{role:`user`,content:t.map(e=>({type:`image`,data:e.buffer.toString(`base64`),mimeType:e.mime??`image/jpeg`})),timestamp:Date.now()}]}}async function S(e){let t=[];for(let[n,r]of e.images.entries()){let i=e.images.length>1?`${e.prompt}\n\nDescribe image ${n+1} of ${e.images.length} independently.`:e.prompt,o=await a({apiKey:e.apiKey,prompt:i,imageDataUrl:`data:${r.mime??`image/jpeg`};base64,${r.buffer.toString(`base64`)}`,modelBaseUrl:e.modelBaseUrl});t.push(e.images.length>1?`Image ${n+1}:\n${o.trim()}`:o.trim())}return{text:t.join(`
1
+ import{d as e}from"./io-CH2g3vsv-BevbMdi6.mjs";import{n as t,r as n,t as r}from"./models-config-BmpSQJQF-Bwnt6IgA.mjs";import{s as i}from"./oauth-TYJ7I-Cs.mjs";import{a,c as o,i as s,l as c,n as l,r as u,t as d}from"./provider-stream-COLujAAo-BtNcIBP4.mjs";let f=null;function p(){return f??=import(`./pi-model-discovery-runtime-DnW_CaR2.mjs`),f}function m(e,t=4096){return typeof e!=`number`||!Number.isFinite(e)||e<=0?t:Math.min(t,e)}function h(e){return!!e&&typeof e==`object`&&!Array.isArray(e)}function g(t){return t.api!==`openai-responses`&&t.api!==`azure-openai-responses`&&t.api!==`openai-codex-responses`?!1:e({provider:t.provider,api:t.api,baseUrl:t.baseUrl,capability:`image`,transport:`media-understanding`}).usesKnownNativeOpenAIRoute}function _(e){if(!Array.isArray(e))return e;let t=e.filter(e=>e!==`reasoning.encrypted_content`);return t.length>0?t:void 0}function v(e,t){if(!h(e))return;let n={...e};delete n.reasoning,delete n.reasoning_effort;let r=_(n.include);return r===void 0?delete n.include:n.include=r,g(t)&&(n.reasoning={effort:`none`}),n}function y(e){return e instanceof Error&&/^Image model returned no text\b/.test(e.message)}async function b(e){await r(e.cfg,e.agentDir);let{discoverAuthStorage:i,discoverModels:a}=await p(),s=i(e.agentDir),c=a(s,e.agentDir),l=n(e.provider,e.model),u=c.find(l.provider,l.model);if(!u)throw Error(`Unknown model: ${l.provider}/${l.model}`);if(!u.input?.includes(`image`))throw Error(`Model does not support images: ${e.provider}/${e.model}`);let d=t(await o({model:u,cfg:e.cfg,agentDir:e.agentDir,profileId:e.profile,preferredProfile:e.preferredProfile,store:e.authStore}),u.provider);return s.setRuntimeApiKey(u.provider,d),{apiKey:d,model:u}}function x(e,t){return{systemPrompt:e,messages:[{role:`user`,content:t.map(e=>({type:`image`,data:e.buffer.toString(`base64`),mimeType:e.mime??`image/jpeg`})),timestamp:Date.now()}]}}async function S(e){let t=[];for(let[n,r]of e.images.entries()){let i=e.images.length>1?`${e.prompt}\n\nDescribe image ${n+1} of ${e.images.length} independently.`:e.prompt,o=await a({apiKey:e.apiKey,prompt:i,imageDataUrl:`data:${r.mime??`image/jpeg`};base64,${r.buffer.toString(`base64`)}`,modelBaseUrl:e.modelBaseUrl});t.push(e.images.length>1?`Image ${n+1}:\n${o.trim()}`:o.trim())}return{text:t.join(`
2
2
 
3
3
  `).trim(),model:e.modelId}}function C(e){return e instanceof Error&&/^Unknown model:/i.test(e.message)}function w(e,t){let n=e.models?.providers?.[t];if(typeof n?.baseUrl==`string`&&n.baseUrl.trim())return n.baseUrl.trim()}async function T(e){return{apiKey:t(await c({provider:e.provider,cfg:e.cfg,profileId:e.profile,preferredProfile:e.preferredProfile,agentDir:e.agentDir}),e.provider),modelBaseUrl:w(e.cfg,e.provider)}}async function E(e){let t=e.prompt??`Describe the image.`,n,r;try{let t=await b(e);n=t.apiKey,r=t.model}catch(n){if(!s(e.provider,e.model)||!C(n))throw n;let r=await T(e);return await S({apiKey:r.apiKey,modelId:e.model,modelBaseUrl:r.modelBaseUrl,prompt:t,images:e.images})}if(s(r.provider,r.id))return await S({apiKey:n,modelId:r.id,modelBaseUrl:r.baseUrl,prompt:t,images:e.images});d({model:r,cfg:e.cfg,agentDir:e.agentDir});let a=x(t,e.images),o=new AbortController,c=typeof e.timeoutMs==`number`&&Number.isFinite(e.timeoutMs)&&e.timeoutMs>0?setTimeout(()=>o.abort(),e.timeoutMs):void 0,f=m(r.maxTokens,e.maxTokens??512),p=async e=>await i(r,a,{apiKey:n,maxTokens:f,signal:o.signal,...e?{onPayload:e}:{}});try{let e=await p();try{return{text:l({message:e,provider:r.provider,model:r.id}),model:r.id}}catch(t){if(!y(t)||!u(e))throw t}return{text:l({message:await p(v),provider:r.provider,model:r.id}),model:r.id}}finally{clearTimeout(c)}}async function D(e){return await E({images:[{buffer:e.buffer,fileName:e.fileName,mime:e.mime}],model:e.model,provider:e.provider,prompt:e.prompt,maxTokens:e.maxTokens,timeoutMs:e.timeoutMs,profile:e.profile,preferredProfile:e.preferredProfile,authStore:e.authStore,agentDir:e.agentDir,cfg:e.cfg})}export{D as describeImageWithModel,E as describeImagesWithModel};