@zincapp/zn-vault-agent 1.3.0

package/dist/commands/sync.js

@@ -0,0 +1,126 @@
+import ora from 'ora';
+import chalk from 'chalk';
+import { isConfigured, getTargets } from '../lib/config.js';
+import { deployCertificate } from '../lib/deployer.js';
+export function registerSyncCommand(program) {
+    program
+        .command('sync')
+        .description('Sync certificates to configured targets')
+        .option('-f, --force', 'Force sync even if certificate unchanged')
+        .option('-t, --target <name>', 'Sync specific target only')
+        .option('--dry-run', 'Show what would be done without making changes')
+        .addHelpText('after', `
+Examples:
+  # Sync all configured certificates
+  zn-vault-agent sync
+
+  # Force sync (even if unchanged)
+  zn-vault-agent sync --force
+
+  # Sync only a specific target
+  zn-vault-agent sync --target haproxy-frontend
+
+  # Preview what would be synced
+  zn-vault-agent sync --dry-run
+`)
+        .action(async (options) => {
+        if (!isConfigured()) {
+            console.error(chalk.red('Not configured. Run: zn-vault-agent login'));
+            process.exit(1);
+        }
+        const targets = getTargets();
+        if (targets.length === 0) {
+            console.log('No certificate targets configured.');
+            console.log('Run ' + chalk.cyan('zn-vault-agent add') + ' to add one.');
+            return;
+        }
+        // Filter to specific target if requested
+        const targetsToSync = options.target
+            ? targets.filter(t => t.name === options.target || t.certId === options.target)
+            : targets;
+        if (options.target && targetsToSync.length === 0) {
+            console.error(chalk.red(`Target "${options.target}" not found`));
+            process.exit(1);
+        }
+        if (options.dryRun) {
+            console.log();
+            console.log(chalk.bold('Dry run - would sync:'));
+            console.log();
+            for (const target of targetsToSync) {
+                console.log(`  ${chalk.cyan(target.name)}`);
+                console.log(`    Certificate: ${target.certId.substring(0, 8)}...`);
+                console.log(`    Outputs:`);
+                for (const [type, path] of Object.entries(target.outputs)) {
+                    if (path)
+                        console.log(`      ${type}: ${path}`);
+                }
+                if (target.reloadCmd) {
+                    console.log(`    Reload: ${target.reloadCmd}`);
+                }
+                console.log();
+            }
+            return;
+        }
+        console.log();
+        console.log(chalk.bold('Syncing Certificates'));
+        console.log();
+        let successCount = 0;
+        let failCount = 0;
+        let unchangedCount = 0;
+        for (const target of targetsToSync) {
+            const spinner = ora(`Syncing ${target.name}...`).start();
+            try {
+                const result = await deployCertificate(target, options.force);
+                if (result.success) {
+                    if (result.message === 'Certificate unchanged') {
+                        spinner.info(`${target.name}: unchanged`);
+                        unchangedCount++;
+                    }
+                    else {
+                        spinner.succeed(`${target.name}: ${result.message}`);
+                        successCount++;
+                        // Show details
+                        if (result.filesWritten && result.filesWritten.length > 0) {
+                            for (const file of result.filesWritten) {
+                                console.log(`    ${chalk.gray('→')} ${file}`);
+                            }
+                        }
+                        if (result.reloadOutput) {
+                            console.log(`    ${chalk.gray('reload:')} ${result.reloadOutput.trim()}`);
+                        }
+                        if (result.healthCheckPassed !== undefined) {
+                            const status = result.healthCheckPassed
+                                ? chalk.green('passed')
+                                : chalk.red('failed');
+                            console.log(`    ${chalk.gray('health:')} ${status}`);
+                        }
+                    }
+                }
+                else {
+                    spinner.fail(`${target.name}: ${result.message}`);
+                    failCount++;
+                    if (result.rolledBack) {
+                        console.log(`    ${chalk.yellow('→ Rolled back to previous certificate')}`);
+                    }
+                }
+            }
+            catch (err) {
+                spinner.fail(`${target.name}: ${err instanceof Error ? err.message : String(err)}`);
+                failCount++;
+            }
+        }
+        console.log();
+        console.log(chalk.bold('Summary:'));
+        if (successCount > 0)
+            console.log(`  ${chalk.green('✓')} ${successCount} updated`);
+        if (unchangedCount > 0)
+            console.log(`  ${chalk.gray('○')} ${unchangedCount} unchanged`);
+        if (failCount > 0)
+            console.log(`  ${chalk.red('✗')} ${failCount} failed`);
+        console.log();
+        if (failCount > 0) {
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=sync.js.map

package/dist/commands/sync.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sync.js","sourceRoot":"","sources":["../../src/commands/sync.ts"],"names":[],"mappings":"AACA,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAyB,MAAM,oBAAoB,CAAC;AAE9E,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,yCAAyC,CAAC;SACtD,MAAM,CAAC,aAAa,EAAE,0CAA0C,CAAC;SACjE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,CAAC;SAC1D,MAAM,CAAC,WAAW,EAAE,gDAAgD,CAAC;SACrE,WAAW,CAAC,OAAO,EAAE;;;;;;;;;;;;;CAazB,CAAC;SACG,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC,CAAC;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAE7B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;YAClD,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,cAAc,CAAC,CAAC;YACxE,OAAO;QACT,CAAC;QAED,yCAAyC;QACzC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM;YAClC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC;YAC/E,CAAC,CAAC,OAAO,CAAC;QAEZ,IAAI,OAAO,CAAC,MAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,OAAO,CAAC,MAAM,aAAa,CAAC,CAAC,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;gBACnC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC5C,OAAO,CAAC,GAAG,CAAC,oBAAoB,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;gBACpE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;gBAC5B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC1D,IAAI,IAAI;wBAAE,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,KAAK,IAAI,EAAE,CAAC,CAAC;gBAClD,CAAC;gBACD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;oBACrB,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;gBACjD,CAAC;gBACD,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,CAAC;YACD,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,EAAE,CAAC;QAEd,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,cAAc,GAAG,CAAC,CAAC;QAEvB,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,MAAM,CAAC,IAAI,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC;YAEzD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;gBAE9D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACnB,IAAI,MAAM,CAAC,OAAO,KAAK,uBAAuB,EAAE,CAAC;wBAC/C,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,aAAa,CAAC,CAAC;wBAC1C,cAAc,EAAE,CAAC;oBACnB,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;wBACrD,YAAY,EAAE,CAAC;wBAEf,eAAe;wBACf,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BAC1D,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gCACvC,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;4BAChD,CAAC;wBACH,CAAC;wBACD,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;4BACxB,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;wBAC5E,CAAC;wBACD,IAAI,MAAM,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;4BAC3C,MAAM,MAAM,GAAG,MAAM,CAAC,iBAAiB;gCACrC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC;gCACvB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;4BACxB,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC;wBACxD,CAAC;oBACH,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;oBAClD,SAAS,EAAE,CAAC;oBAEZ,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;wBACtB,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,MAAM,CAAC,uCAAuC,CAAC,EAAE,CAAC,CAAC;oBAC9E,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACpF,SAAS,EAAE,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QACpC,IAAI,YAAY,GAAG,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,YAAY,UAAU,CAAC,CAAC;QACnF,IAAI,cAAc,GAAG,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,cAAc,YAAY,CAAC,CAAC;QACxF,IAAI,SAAS,GAAG,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,SAAS,SAAS,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,EAAE,CAAC;QAEd,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+import { registerLoginCommand } from './commands/login.js';
+import { registerCertsCommands } from './commands/certs.js';
+import { registerSecretsCommands } from './commands/secrets.js';
+import { registerSyncCommand } from './commands/sync.js';
+import { registerStartCommand } from './commands/start.js';
+import { registerStatusCommand } from './commands/status.js';
+import { registerExecCommand } from './commands/exec.js';
+import { registerSetupCommand } from './commands/setup.js';
+const version = typeof __VERSION__ !== 'undefined' ? __VERSION__ : '0.0.0-dev';
+const program = new Command();
+program
+    .name('zn-vault-agent')
+    .description('ZN-Vault Agent - Sync certificates and secrets from vault')
+    .version(version);
+// Register commands
+registerLoginCommand(program);
+registerCertsCommands(program);
+registerSecretsCommands(program);
+registerSyncCommand(program);
+registerStartCommand(program);
+registerStatusCommand(program);
+registerExecCommand(program);
+registerSetupCommand(program);
+// Parse arguments
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAI3D,MAAM,OAAO,GAAG,OAAO,WAAW,KAAK,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC;AAE/E,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,gBAAgB,CAAC;KACtB,WAAW,CAAC,2DAA2D,CAAC;KACxE,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,oBAAoB;AACpB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,uBAAuB,CAAC,OAAO,CAAC,CAAC;AACjC,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAE9B,kBAAkB;AAClB,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/lib/api.d.ts

@@ -0,0 +1,104 @@
+interface LoginResponse {
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    user: {
+        id: string;
+        username: string;
+        role: string;
+        tenantId: string | null;
+    };
+}
+export interface CertificateMetadata {
+    id: string;
+    tenantId: string;
+    clientId: string;
+    kind: string;
+    alias: string;
+    certificateType: 'PEM' | 'P12' | 'DER';
+    fingerprintSha256: string;
+    subjectCn: string;
+    issuerCn: string;
+    notBefore: string;
+    notAfter: string;
+    status: string;
+    version: number;
+    daysUntilExpiry: number;
+}
+export interface DecryptedCertificate {
+    id: string;
+    certificateData: string;
+    certificateType: 'PEM' | 'P12' | 'DER';
+    fingerprintSha256: string;
+}
+export interface SecretMetadata {
+    id: string;
+    alias: string;
+    tenantId: string;
+    type: string;
+    version: number;
+    createdAt: string;
+    updatedAt: string;
+    expiresAt?: string;
+    tags?: string[];
+}
+export interface DecryptedSecret {
+    id: string;
+    alias: string;
+    type: string;
+    version: number;
+    data: Record<string, unknown>;
+}
+/**
+ * Login and get access token
+ */
+export declare function login(username: string, password: string): Promise<LoginResponse>;
+/**
+ * List certificates
+ */
+export declare function listCertificates(): Promise<{
+    items: CertificateMetadata[];
+    total: number;
+}>;
+/**
+ * Get certificate metadata
+ */
+export declare function getCertificate(certId: string): Promise<CertificateMetadata>;
+/**
+ * Decrypt certificate (get actual cert data)
+ */
+export declare function decryptCertificate(certId: string, purpose: string): Promise<DecryptedCertificate>;
+/**
+ * Acknowledge certificate delivery (for tracking)
+ */
+export declare function ackDelivery(certId: string, hostname: string, version: number): Promise<void>;
+/**
+ * List secrets
+ */
+export declare function listSecrets(): Promise<{
+    items: SecretMetadata[];
+    total: number;
+}>;
+/**
+ * Get secret by ID or alias
+ * @param secretId - UUID or alias (e.g., "alias:db/credentials")
+ */
+export declare function getSecret(secretId: string): Promise<DecryptedSecret>;
+/**
+ * Get secret metadata only (without decrypting)
+ */
+export declare function getSecretMetadata(secretId: string): Promise<SecretMetadata>;
+/**
+ * Check vault connectivity
+ */
+export declare function checkHealth(): Promise<boolean>;
+/**
+ * Clear cached token
+ */
+export declare function clearToken(): void;
+/**
+ * Check if we have a valid cached token
+ */
+export declare function hasValidToken(): boolean;
+export {};
+//# sourceMappingURL=api.d.ts.map

package/dist/lib/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../src/lib/api.ts"],"names":[],"mappings":"AAyBA,UAAU,aAAa;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IACvC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IACvC,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AA8MD;;GAEG;AACH,wBAAsB,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAmBtF;AAED;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC;IAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAMjG;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAMjF;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAOvG;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAalG;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC;IAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CASvF;AAED;;;GAGG;AACH,wBAAsB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAqB1E;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAiBjF;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CAcpD;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,IAAI,CAIjC;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,OAAO,CAEvC"}

package/dist/lib/api.js

@@ -0,0 +1,338 @@
+// Path: src/lib/api.ts
+// Vault API client with retry logic and observability
+import https from 'node:https';
+import http from 'node:http';
+import { loadConfig } from './config.js';
+import { apiLogger as log } from './logger.js';
+import { metrics } from './metrics.js';
+import { setVaultReachable } from './health.js';
+// Token cache
+let cachedToken = null;
+let tokenExpiry = 0;
+// Retry configuration
+const MAX_RETRIES = 3;
+const INITIAL_RETRY_DELAY = 1000; // 1 second
+const MAX_RETRY_DELAY = 10000; // 10 seconds
+/**
+ * Check if an error is retryable
+ */
+function isRetryableError(statusCode, error) {
+    // Network errors are retryable
+    if (error.message.includes('ECONNREFUSED') ||
+        error.message.includes('ENOTFOUND') ||
+        error.message.includes('ETIMEDOUT') ||
+        error.message.includes('timeout') ||
+        error.message.includes('socket hang up')) {
+        return true;
+    }
+    // 5xx errors are retryable
+    if (statusCode && statusCode >= 500 && statusCode < 600) {
+        return true;
+    }
+    // 429 Too Many Requests is retryable
+    if (statusCode === 429) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Calculate retry delay with exponential backoff and jitter
+ */
+function getRetryDelay(attempt) {
+    const baseDelay = INITIAL_RETRY_DELAY * Math.pow(2, attempt);
+    const jitter = Math.random() * 1000;
+    return Math.min(baseDelay + jitter, MAX_RETRY_DELAY);
+}
+/**
+ * Sleep for specified milliseconds
+ */
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/**
+ * Make HTTP request to vault API with retry logic
+ */
+async function request(options) {
+    const config = loadConfig();
+    const startTime = Date.now();
+    if (!config.vaultUrl) {
+        throw new Error('Vault URL not configured. Run: zn-vault-agent login');
+    }
+    const url = new URL(config.vaultUrl);
+    url.pathname = options.path;
+    const headers = {
+        'Content-Type': 'application/json',
+        'Accept': 'application/json',
+    };
+    // Add authentication
+    if (options.token && options.token !== 'skip') {
+        headers['Authorization'] = `Bearer ${options.token}`;
+    }
+    else if (options.token !== 'skip') {
+        if (config.auth.apiKey) {
+            headers['X-API-Key'] = config.auth.apiKey;
+        }
+        else if (cachedToken && Date.now() < tokenExpiry) {
+            headers['Authorization'] = `Bearer ${cachedToken}`;
+        }
+        else if (config.auth.username && config.auth.password) {
+            // Need to login first
+            log.debug('Token expired or missing, logging in');
+            await login(config.auth.username, config.auth.password);
+            if (cachedToken) {
+                headers['Authorization'] = `Bearer ${cachedToken}`;
+            }
+        }
+    }
+    const requestOptions = {
+        hostname: url.hostname,
+        port: url.port || (url.protocol === 'https:' ? 443 : 80),
+        path: url.pathname + url.search,
+        method: options.method,
+        headers,
+        timeout: 30000,
+        rejectUnauthorized: !config.insecure,
+    };
+    let lastError = null;
+    let lastStatusCode;
+    const maxAttempts = options.noRetry ? 1 : MAX_RETRIES;
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+        if (attempt > 0) {
+            const delay = getRetryDelay(attempt - 1);
+            log.debug({ attempt, delay, path: options.path }, 'Retrying request');
+            await sleep(delay);
+        }
+        try {
+            const result = await executeRequest(requestOptions, options.body, url.protocol === 'https:');
+            const duration = Date.now() - startTime;
+            // Record metrics
+            metrics.apiRequest(options.method, result.statusCode, duration);
+            setVaultReachable(true);
+            if (result.statusCode >= 400) {
+                const error = result.data;
+                const errorMessage = error?.message || `Request failed with status ${result.statusCode}`;
+                lastStatusCode = result.statusCode;
+                lastError = new Error(errorMessage);
+                // Don't retry auth errors
+                if (result.statusCode === 401 || result.statusCode === 403) {
+                    log.warn({ path: options.path, status: result.statusCode }, 'Authentication failed');
+                    throw lastError;
+                }
+                // Check if retryable
+                if (!isRetryableError(result.statusCode, lastError)) {
+                    log.warn({ path: options.path, status: result.statusCode, error: errorMessage }, 'Request failed');
+                    throw lastError;
+                }
+                log.debug({ attempt, status: result.statusCode }, 'Retryable error');
+                continue;
+            }
+            log.debug({ path: options.path, status: result.statusCode, duration }, 'Request completed');
+            return result.data;
+        }
+        catch (err) {
+            const error = err instanceof Error ? err : new Error(String(err));
+            lastError = error;
+            const duration = Date.now() - startTime;
+            metrics.apiRequest(options.method, 0, duration);
+            // Network error - vault may be unreachable
+            if (error.message.includes('ECONNREFUSED') || error.message.includes('ENOTFOUND')) {
+                setVaultReachable(false);
+            }
+            if (!isRetryableError(undefined, error)) {
+                log.error({ path: options.path, err: error }, 'Non-retryable error');
+                throw error;
+            }
+            log.debug({ attempt, err: error.message }, 'Retryable network error');
+        }
+    }
+    // All retries exhausted
+    log.error({ path: options.path, attempts: maxAttempts, lastStatus: lastStatusCode }, 'Request failed after retries');
+    throw lastError || new Error('Request failed after retries');
+}
+/**
+ * Execute a single HTTP request
+ */
+function executeRequest(requestOptions, body, useHttps) {
+    return new Promise((resolve, reject) => {
+        const protocol = useHttps ? https : http;
+        const req = protocol.request(requestOptions, (res) => {
+            let data = '';
+            res.on('data', (chunk) => (data += chunk));
+            res.on('end', () => {
+                try {
+                    const parsed = data ? JSON.parse(data) : {};
+                    resolve({ statusCode: res.statusCode || 0, data: parsed });
+                }
+                catch {
+                    resolve({ statusCode: res.statusCode || 0, data: data });
+                }
+            });
+        });
+        req.on('error', reject);
+        req.on('timeout', () => {
+            req.destroy();
+            reject(new Error('Request timeout'));
+        });
+        if (body) {
+            req.write(JSON.stringify(body));
+        }
+        req.end();
+    });
+}
+/**
+ * Login and get access token
+ */
+export async function login(username, password) {
+    log.info({ username }, 'Logging in to vault');
+    const response = await request({
+        method: 'POST',
+        path: '/auth/login',
+        body: { username, password },
+        token: 'skip', // Don't try to auto-auth
+        noRetry: true, // Don't retry login (could lock account)
+    });
+    // Cache the token
+    cachedToken = response.accessToken;
+    tokenExpiry = Date.now() + (response.expiresIn * 1000) - 60000; // 1 min buffer
+    log.info({ username, expiresIn: response.expiresIn }, 'Login successful');
+    setVaultReachable(true);
+    return response;
+}
+/**
+ * List certificates
+ */
+export async function listCertificates() {
+    log.debug('Listing certificates');
+    return request({
+        method: 'GET',
+        path: '/v1/certificates',
+    });
+}
+/**
+ * Get certificate metadata
+ */
+export async function getCertificate(certId) {
+    log.debug({ certId }, 'Getting certificate metadata');
+    return request({
+        method: 'GET',
+        path: `/v1/certificates/${certId}`,
+    });
+}
+/**
+ * Decrypt certificate (get actual cert data)
+ */
+export async function decryptCertificate(certId, purpose) {
+    log.debug({ certId, purpose }, 'Decrypting certificate');
+    return request({
+        method: 'POST',
+        path: `/v1/certificates/${certId}/decrypt`,
+        body: { purpose },
+    });
+}
+/**
+ * Acknowledge certificate delivery (for tracking)
+ */
+export async function ackDelivery(certId, hostname, version) {
+    try {
+        await request({
+            method: 'POST',
+            path: `/v1/certificates/${certId}/ack`,
+            body: { hostname, version, timestamp: new Date().toISOString() },
+            noRetry: true, // ACK is best-effort
+        });
+        log.debug({ certId, hostname, version }, 'Delivery acknowledged');
+    }
+    catch (err) {
+        // ACK is best-effort, don't fail if endpoint doesn't exist yet
+        log.debug({ certId, err }, 'Failed to acknowledge delivery (best-effort)');
+    }
+}
+/**
+ * List secrets
+ */
+export async function listSecrets() {
+    log.debug('Listing secrets');
+    const response = await request({
+        method: 'GET',
+        path: '/v1/secrets',
+    });
+    // API returns array directly, normalize to { items, total }
+    const items = Array.isArray(response) ? response : [];
+    return { items, total: items.length };
+}
+/**
+ * Get secret by ID or alias
+ * @param secretId - UUID or alias (e.g., "alias:db/credentials")
+ */
+export async function getSecret(secretId) {
+    log.debug({ secretId }, 'Getting secret');
+    let id = secretId;
+    // Handle alias format - resolve to UUID first
+    if (secretId.startsWith('alias:')) {
+        const aliasPath = secretId.substring(6); // Remove "alias:" prefix
+        const metadata = await request({
+            method: 'GET',
+            path: `/v1/secrets/alias/${encodeURIComponent(aliasPath)}`,
+        });
+        id = metadata.id;
+    }
+    // Decrypt using UUID
+    return request({
+        method: 'POST',
+        path: `/v1/secrets/${id}/decrypt`,
+        body: {}, // Empty body required for POST
+    });
+}
+/**
+ * Get secret metadata only (without decrypting)
+ */
+export async function getSecretMetadata(secretId) {
+    log.debug({ secretId }, 'Getting secret metadata');
+    // Handle alias format
+    if (secretId.startsWith('alias:')) {
+        const aliasPath = secretId.substring(6); // Remove "alias:" prefix
+        return request({
+            method: 'GET',
+            path: `/v1/secrets/alias/${encodeURIComponent(aliasPath)}`,
+        });
+    }
+    // Use UUID metadata endpoint
+    return request({
+        method: 'GET',
+        path: `/v1/secrets/${secretId}/meta`,
+    });
+}
+/**
+ * Check vault connectivity
+ */
+export async function checkHealth() {
+    try {
+        await request({
+            method: 'GET',
+            path: '/v1/health',
+            token: 'skip',
+            noRetry: true,
+        });
+        setVaultReachable(true);
+        return true;
+    }
+    catch {
+        setVaultReachable(false);
+        return false;
+    }
+}
+/**
+ * Clear cached token
+ */
+export function clearToken() {
+    cachedToken = null;
+    tokenExpiry = 0;
+    log.debug('Token cache cleared');
+}
+/**
+ * Check if we have a valid cached token
+ */
+export function hasValidToken() {
+    return cachedToken !== null && Date.now() < tokenExpiry;
+}
+//# sourceMappingURL=api.js.map

package/dist/lib/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/lib/api.ts"],"names":[],"mappings":"AAAA,uBAAuB;AACvB,sDAAsD;AAEtD,OAAO,KAAK,MAAM,YAAY,CAAC;AAC/B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,SAAS,IAAI,GAAG,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAyEhD,cAAc;AACd,IAAI,WAAW,GAAkB,IAAI,CAAC;AACtC,IAAI,WAAW,GAAW,CAAC,CAAC;AAE5B,sBAAsB;AACtB,MAAM,WAAW,GAAG,CAAC,CAAC;AACtB,MAAM,mBAAmB,GAAG,IAAI,CAAC,CAAC,WAAW;AAC7C,MAAM,eAAe,GAAG,KAAK,CAAC,CAAC,aAAa;AAE5C;;GAEG;AACH,SAAS,gBAAgB,CAAC,UAA8B,EAAE,KAAY;IACpE,+BAA+B;IAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;QACtC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;QACnC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;QACnC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;QACjC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,2BAA2B;IAC3B,IAAI,UAAU,IAAI,UAAU,IAAI,GAAG,IAAI,UAAU,GAAG,GAAG,EAAE,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qCAAqC;IACrC,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,OAAe;IACpC,MAAM,SAAS,GAAG,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC;IACpC,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,MAAM,EAAE,eAAe,CAAC,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,OAAO,CAAI,OAAuB;IAC/C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACrC,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAE5B,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;QAClC,QAAQ,EAAE,kBAAkB;KAC7B,CAAC;IAEF,qBAAqB;IACrB,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;QAC9C,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,OAAO,CAAC,KAAK,EAAE,CAAC;IACvD,CAAC;SAAM,IAAI,OAAO,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;QACpC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACvB,OAAO,CAAC,WAAW,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;QAC5C,CAAC;aAAM,IAAI,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,EAAE,CAAC;YACnD,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,WAAW,EAAE,CAAC;QACrD,CAAC;aAAM,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxD,sBAAsB;YACtB,GAAG,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAClD,MAAM,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,WAAW,EAAE,CAAC;YACrD,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAyB;QAC3C,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,IAAI,EAAE,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM;QAC/B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO;QACP,OAAO,EAAE,KAAK;QACd,kBAAkB,EAAE,CAAC,MAAM,CAAC,QAAQ;KACrC,CAAC;IAEF,IAAI,SAAS,GAAiB,IAAI,CAAC;IACnC,IAAI,cAAkC,CAAC;IACvC,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IAEtD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,WAAW,EAAE,OAAO,EAAE,EAAE,CAAC;QACvD,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;YACzC,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,EAAE,kBAAkB,CAAC,CAAC;YACtE,MAAM,KAAK,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAI,cAAc,EAAE,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;YAChG,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAExC,iBAAiB;YACjB,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YAChE,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAExB,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,IAA2B,CAAC;gBACjD,MAAM,YAAY,GAAG,KAAK,EAAE,OAAO,IAAI,8BAA8B,MAAM,CAAC,UAAU,EAAE,CAAC;gBAEzF,cAAc,GAAG,MAAM,CAAC,UAAU,CAAC;gBACnC,SAAS,GAAG,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;gBAEpC,0BAA0B;gBAC1B,IAAI,MAAM,CAAC,UAAU,KAAK,GAAG,IAAI,MAAM,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;oBAC3D,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,EAAE,uBAAuB,CAAC,CAAC;oBACrF,MAAM,SAAS,CAAC;gBAClB,CAAC;gBAED,qBAAqB;gBACrB,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,EAAE,CAAC;oBACpD,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,gBAAgB,CAAC,CAAC;oBACnG,MAAM,SAAS,CAAC;gBAClB,CAAC;gBAED,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,EAAE,iBAAiB,CAAC,CAAC;gBACrE,SAAS;YACX,CAAC;YAED,GAAG,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,QAAQ,EAAE,EAAE,mBAAmB,CAAC,CAAC;YAC5F,OAAO,MAAM,CAAC,IAAI,CAAC;QACrB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAClE,SAAS,GAAG,KAAK,CAAC;YAElB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YACxC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC;YAEhD,2CAA2C;YAC3C,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClF,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAC3B,CAAC;YAED,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;gBACxC,GAAG,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,qBAAqB,CAAC,CAAC;gBACrE,MAAM,KAAK,CAAC;YACd,CAAC;YAED,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,yBAAyB,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,GAAG,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,cAAc,EAAE,EAAE,8BAA8B,CAAC,CAAC;IACrH,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACrB,cAAoC,EACpC,IAAa,EACb,QAAiB;IAEjB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACzC,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,GAAG,EAAE,EAAE;YACnD,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC;YAC3C,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5C,OAAO,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,IAAI,CAAC,EAAE,IAAI,EAAE,MAAW,EAAE,CAAC,CAAC;gBAClE,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,IAAI,CAAC,EAAE,IAAI,EAAE,IAAoB,EAAE,CAAC,CAAC;gBAC3E,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACxB,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACrB,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,IAAI,IAAI,EAAE,CAAC;YACT,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;QAClC,CAAC;QACD,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,QAAgB,EAAE,QAAgB;IAC5D,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,qBAAqB,CAAC,CAAC;IAE9C,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAgB;QAC5C,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,aAAa;QACnB,IAAI,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE;QAC5B,KAAK,EAAE,MAAM,EAAE,yBAAyB;QACxC,OAAO,EAAE,IAAI,EAAE,yCAAyC;KACzD,CAAC,CAAC;IAEH,kBAAkB;IAClB,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;IACnC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,eAAe;IAE/E,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAC1E,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAExB,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,GAAG,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAClC,OAAO,OAAO,CAAC;QACb,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,kBAAkB;KACzB,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAAc;IACjD,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,EAAE,8BAA8B,CAAC,CAAC;IACtD,OAAO,OAAO,CAAC;QACb,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,oBAAoB,MAAM,EAAE;KACnC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAc,EAAE,OAAe;IACtE,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,wBAAwB,CAAC,CAAC;IACzD,OAAO,OAAO,CAAC;QACb,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,oBAAoB,MAAM,UAAU;QAC1C,IAAI,EAAE,EAAE,OAAO,EAAE;KAClB,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAc,EAAE,QAAgB,EAAE,OAAe;IACjF,IAAI,CAAC;QACH,MAAM,OAAO,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,oBAAoB,MAAM,MAAM;YACtC,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;YAChE,OAAO,EAAE,IAAI,EAAE,qBAAqB;SACrC,CAAC,CAAC;QACH,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,uBAAuB,CAAC,CAAC;IACpE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,+DAA+D;QAC/D,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,8CAA8C,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,GAAG,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAC7B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAmB;QAC/C,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,aAAa;KACpB,CAAC,CAAC;IACH,4DAA4D;IAC5D,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;IACtD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,QAAgB;IAC9C,GAAG,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,EAAE,gBAAgB,CAAC,CAAC;IAE1C,IAAI,EAAE,GAAG,QAAQ,CAAC;IAElB,8CAA8C;IAC9C,IAAI,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,yBAAyB;QAClE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAiB;YAC7C,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,qBAAqB,kBAAkB,CAAC,SAAS,CAAC,EAAE;SAC3D,CAAC,CAAC;QACH,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC;IACnB,CAAC;IAED,qBAAqB;IACrB,OAAO,OAAO,CAAC;QACb,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,eAAe,EAAE,UAAU;QACjC,IAAI,EAAE,EAAE,EAAG,+BAA+B;KAC3C,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAgB;IACtD,GAAG,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,EAAE,yBAAyB,CAAC,CAAC;IAEnD,sBAAsB;IACtB,IAAI,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,yBAAyB;QAClE,OAAO,OAAO,CAAC;YACb,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,qBAAqB,kBAAkB,CAAC,SAAS,CAAC,EAAE;SAC3D,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,OAAO,OAAO,CAAC;QACb,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,eAAe,QAAQ,OAAO;KACrC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,IAAI,CAAC;QACH,MAAM,OAAO,CAAC;YACZ,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,YAAY;YAClB,KAAK,EAAE,MAAM;YACb,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;QACH,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,WAAW,GAAG,IAAI,CAAC;IACnB,WAAW,GAAG,CAAC,CAAC;IAChB,GAAG,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,WAAW,KAAK,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;AAC1D,CAAC"}