@zincapp/zn-vault-agent 1.3.1 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +149 -10
- package/dist/commands/certs.d.ts +1 -1
- package/dist/commands/certs.d.ts.map +1 -1
- package/dist/commands/exec.d.ts +1 -1
- package/dist/commands/exec.d.ts.map +1 -1
- package/dist/commands/exec.js +12 -79
- package/dist/commands/exec.js.map +1 -1
- package/dist/commands/login.d.ts +1 -1
- package/dist/commands/login.d.ts.map +1 -1
- package/dist/commands/secrets.d.ts +1 -1
- package/dist/commands/secrets.d.ts.map +1 -1
- package/dist/commands/setup.d.ts +1 -1
- package/dist/commands/setup.d.ts.map +1 -1
- package/dist/commands/start.d.ts +1 -1
- package/dist/commands/start.d.ts.map +1 -1
- package/dist/commands/start.js +84 -3
- package/dist/commands/start.js.map +1 -1
- package/dist/commands/status.d.ts +1 -1
- package/dist/commands/status.d.ts.map +1 -1
- package/dist/commands/sync.d.ts +1 -1
- package/dist/commands/sync.d.ts.map +1 -1
- package/dist/lib/api.d.ts +19 -0
- package/dist/lib/api.d.ts.map +1 -1
- package/dist/lib/api.js +22 -9
- package/dist/lib/api.js.map +1 -1
- package/dist/lib/config.d.ts +27 -0
- package/dist/lib/config.d.ts.map +1 -1
- package/dist/lib/config.js +10 -0
- package/dist/lib/config.js.map +1 -1
- package/dist/lib/deployer.js +1 -1
- package/dist/lib/deployer.js.map +1 -1
- package/dist/lib/health.d.ts +6 -0
- package/dist/lib/health.d.ts.map +1 -1
- package/dist/lib/health.js +26 -1
- package/dist/lib/health.js.map +1 -1
- package/dist/lib/logger.js +1 -1
- package/dist/lib/logger.js.map +1 -1
- package/dist/lib/metrics.js +5 -5
- package/dist/lib/metrics.js.map +1 -1
- package/dist/lib/secret-env.d.ts +58 -0
- package/dist/lib/secret-env.d.ts.map +1 -0
- package/dist/lib/secret-env.js +167 -0
- package/dist/lib/secret-env.js.map +1 -0
- package/dist/lib/websocket.d.ts +5 -1
- package/dist/lib/websocket.d.ts.map +1 -1
- package/dist/lib/websocket.js +95 -16
- package/dist/lib/websocket.js.map +1 -1
- package/dist/services/child-process-manager.d.ts +97 -0
- package/dist/services/child-process-manager.d.ts.map +1 -0
- package/dist/services/child-process-manager.js +304 -0
- package/dist/services/child-process-manager.js.map +1 -0
- package/dist/services/npm-auto-update.d.ts +1 -1
- package/dist/services/npm-auto-update.d.ts.map +1 -1
- package/dist/services/npm-auto-update.js.map +1 -1
- package/dist/types/update.d.ts +1 -4
- package/dist/types/update.d.ts.map +1 -1
- package/dist/types/update.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -21,6 +21,12 @@ Real-time certificate distribution agent for ZN-Vault. Automatically syncs TLS c
|
|
|
21
21
|
- **No file writes**: Secrets exist only in process memory
|
|
22
22
|
- **Signal forwarding**: Graceful shutdown of child processes
|
|
23
23
|
|
|
24
|
+
### Combined Mode (NEW)
|
|
25
|
+
- **Daemon + Exec**: Single instance handles both cert sync and child process management
|
|
26
|
+
- **Auto-restart**: Child process restarts automatically when certs or secrets change
|
|
27
|
+
- **Crash recovery**: Automatic restart with rate limiting on child crashes
|
|
28
|
+
- **Unified health**: Single health endpoint showing daemon and child status
|
|
29
|
+
|
|
24
30
|
### General
|
|
25
31
|
- **Prometheus metrics**: Full observability via `/metrics` endpoint
|
|
26
32
|
- **Graceful shutdown**: Completes in-flight deployments before exit
|
|
@@ -370,10 +376,16 @@ Environment variables override config file values:
|
|
|
370
376
|
zn-vault-agent start [options]
|
|
371
377
|
|
|
372
378
|
Options:
|
|
373
|
-
-v, --verbose
|
|
374
|
-
--health-port <port>
|
|
375
|
-
--validate
|
|
376
|
-
--auto-update
|
|
379
|
+
-v, --verbose Enable debug logging
|
|
380
|
+
--health-port <port> Enable health/metrics HTTP server
|
|
381
|
+
--validate Validate config before starting
|
|
382
|
+
--auto-update Enable automatic updates
|
|
383
|
+
--exec <command> Command to execute (combined mode)
|
|
384
|
+
-s, --secret <mapping> Secret mapping for exec (repeatable)
|
|
385
|
+
--restart-on-change Restart child on cert/secret changes
|
|
386
|
+
--restart-delay <ms> Delay before restart (default: 5000)
|
|
387
|
+
--max-restarts <n> Max restarts in window (default: 10)
|
|
388
|
+
--restart-window <ms> Restart count window (default: 300000)
|
|
377
389
|
```
|
|
378
390
|
|
|
379
391
|
## Secret Sync
|
|
@@ -454,17 +466,59 @@ zn-vault-agent exec \
|
|
|
454
466
|
zn-vault-agent exec \
|
|
455
467
|
-s CONFIG=alias:app/config \
|
|
456
468
|
-- node -e "console.log(JSON.parse(process.env.CONFIG))"
|
|
469
|
+
|
|
470
|
+
# Use a managed API key (auto-rotating)
|
|
471
|
+
zn-vault-agent exec \
|
|
472
|
+
-s VAULT_API_KEY=api-key:my-service-key \
|
|
473
|
+
-- ./my-app
|
|
474
|
+
|
|
475
|
+
# Mix secrets, managed keys, and literal values
|
|
476
|
+
zn-vault-agent exec \
|
|
477
|
+
-s DB_PASSWORD=alias:db/prod.password \
|
|
478
|
+
-s VAULT_KEY=api-key:my-managed-key \
|
|
479
|
+
-s ENV_NAME=literal:production \
|
|
480
|
+
-- ./start.sh
|
|
457
481
|
```
|
|
458
482
|
|
|
459
|
-
### Mapping
|
|
483
|
+
### Mapping Formats
|
|
484
|
+
|
|
485
|
+
| Format | Description | Example |
|
|
486
|
+
|--------|-------------|---------|
|
|
487
|
+
| `alias:path/to/secret` | Entire secret as JSON | `CONFIG=alias:app/config` |
|
|
488
|
+
| `alias:path/to/secret.key` | Specific field from secret | `DB_PASS=alias:db/creds.password` |
|
|
489
|
+
| `uuid.key` | UUID with specific field | `DB_PASS=abc123.password` |
|
|
490
|
+
| `api-key:name` | Managed API key (binds and gets current value) | `VAULT_KEY=api-key:my-key` |
|
|
491
|
+
| `literal:value` | Literal value (no vault fetch) | `ENV=literal:production` |
|
|
492
|
+
|
|
493
|
+
#### Managed API Keys (`api-key:`)
|
|
494
|
+
|
|
495
|
+
Managed API keys are auto-rotating keys created in the vault. When you use `api-key:name`:
|
|
496
|
+
|
|
497
|
+
1. The agent calls the vault's `/auth/api-keys/managed/:name/bind` endpoint
|
|
498
|
+
2. Returns the current key value based on rotation mode (scheduled, on-use, on-bind)
|
|
499
|
+
3. The key is injected as an environment variable
|
|
500
|
+
|
|
501
|
+
This is useful for applications that need to authenticate with the vault themselves:
|
|
460
502
|
|
|
503
|
+
```bash
|
|
504
|
+
# Your app gets a fresh vault API key at startup
|
|
505
|
+
zn-vault-agent exec \
|
|
506
|
+
-s ZINC_CONFIG_VAULT_API_KEY=api-key:my-app-key \
|
|
507
|
+
-- ./my-app
|
|
461
508
|
```
|
|
462
|
-
ENV_VAR=secret-id[.key]
|
|
463
509
|
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
510
|
+
#### Literal Values (`literal:`)
|
|
511
|
+
|
|
512
|
+
Literal values are passed through without any vault fetch. Useful for:
|
|
513
|
+
- Static configuration values
|
|
514
|
+
- Feature flags
|
|
515
|
+
- Environment identifiers
|
|
516
|
+
|
|
517
|
+
```bash
|
|
518
|
+
zn-vault-agent exec \
|
|
519
|
+
-s DEBUG=literal:true \
|
|
520
|
+
-s ENV=literal:production \
|
|
521
|
+
-- ./my-app
|
|
468
522
|
```
|
|
469
523
|
|
|
470
524
|
### Export to File
|
|
@@ -473,9 +527,49 @@ Examples:
|
|
|
473
527
|
# Write secrets to env file (without running a command)
|
|
474
528
|
zn-vault-agent exec \
|
|
475
529
|
-s DB_PASSWORD=alias:db/prod.password \
|
|
530
|
+
-s VAULT_KEY=api-key:my-key \
|
|
531
|
+
-s ENV=literal:prod \
|
|
476
532
|
-o /tmp/secrets.env
|
|
477
533
|
```
|
|
478
534
|
|
|
535
|
+
## Combined Mode
|
|
536
|
+
|
|
537
|
+
Run the daemon (cert/secret sync) AND manage a child process with injected secrets in a single instance. This eliminates the need for two separate services.
|
|
538
|
+
|
|
539
|
+
### Quick Start
|
|
540
|
+
|
|
541
|
+
```bash
|
|
542
|
+
# Combined mode: daemon + exec in one
|
|
543
|
+
zn-vault-agent start \
|
|
544
|
+
--exec "payara start-domain domain1" \
|
|
545
|
+
-s ZINC_CONFIG_USE_VAULT=literal:true \
|
|
546
|
+
-s ZINC_CONFIG_API_KEY=alias:infra/prod.apiKey \
|
|
547
|
+
--restart-on-change \
|
|
548
|
+
--health-port 9100
|
|
549
|
+
```
|
|
550
|
+
|
|
551
|
+
### Benefits
|
|
552
|
+
|
|
553
|
+
- **Single WebSocket connection** to vault (reduced load)
|
|
554
|
+
- **Automatic child restart** when certs or exec secrets change
|
|
555
|
+
- **Unified health endpoint** showing both daemon and child status
|
|
556
|
+
- **Simpler systemd config** (one service instead of two)
|
|
557
|
+
- **Signal forwarding** to child process
|
|
558
|
+
- **Crash recovery** with rate limiting
|
|
559
|
+
|
|
560
|
+
### Options
|
|
561
|
+
|
|
562
|
+
| Option | Default | Description |
|
|
563
|
+
|--------|---------|-------------|
|
|
564
|
+
| `--exec <cmd>` | - | Command to execute with secrets |
|
|
565
|
+
| `-s <mapping>` | - | Secret mapping (repeatable) |
|
|
566
|
+
| `--restart-on-change` | true | Restart child on changes |
|
|
567
|
+
| `--restart-delay <ms>` | 5000 | Delay before restart |
|
|
568
|
+
| `--max-restarts <n>` | 10 | Max restarts in window |
|
|
569
|
+
| `--restart-window <ms>` | 300000 | Restart count reset window (5 min) |
|
|
570
|
+
|
|
571
|
+
See [Combined Mode in GUIDE.md](docs/GUIDE.md#combined-mode) for complete documentation.
|
|
572
|
+
|
|
479
573
|
### CLI Commands (`znvault agent`)
|
|
480
574
|
|
|
481
575
|
The CLI provides the same configuration commands:
|
|
@@ -696,6 +790,51 @@ npm test # Test
|
|
|
696
790
|
npm run test:coverage
|
|
697
791
|
```
|
|
698
792
|
|
|
793
|
+
## Releases
|
|
794
|
+
|
|
795
|
+
This package uses GitHub Actions for CI/CD with npm's OIDC trusted publishing.
|
|
796
|
+
|
|
797
|
+
### CI Pipeline
|
|
798
|
+
|
|
799
|
+
On every push to `main` or pull request:
|
|
800
|
+
- Linting and type checking
|
|
801
|
+
- Build verification
|
|
802
|
+
- Unit tests on Node.js 18, 20, 22
|
|
803
|
+
|
|
804
|
+
### Publishing to npm
|
|
805
|
+
|
|
806
|
+
Releases are automated via git tags:
|
|
807
|
+
|
|
808
|
+
```bash
|
|
809
|
+
# 1. Bump version in package.json
|
|
810
|
+
npm version patch # or minor/major
|
|
811
|
+
|
|
812
|
+
# 2. Push changes and tag
|
|
813
|
+
git push && git push --tags
|
|
814
|
+
|
|
815
|
+
# GitHub Actions will automatically:
|
|
816
|
+
# - Run tests
|
|
817
|
+
# - Build the package
|
|
818
|
+
# - Publish to npm with provenance
|
|
819
|
+
```
|
|
820
|
+
|
|
821
|
+
**Available channels (npm dist-tags):**
|
|
822
|
+
|
|
823
|
+
| Tag | Purpose | Install Command |
|
|
824
|
+
|-----|---------|-----------------|
|
|
825
|
+
| `latest` | Stable releases | `npm install -g @zincapp/zn-vault-agent` |
|
|
826
|
+
| `beta` | Pre-release testing | `npm install -g @zincapp/zn-vault-agent@beta` |
|
|
827
|
+
| `next` | Development builds | `npm install -g @zincapp/zn-vault-agent@next` |
|
|
828
|
+
|
|
829
|
+
Pre-release versions (e.g., `1.3.0-beta.1`) are automatically tagged as `beta` or `next`.
|
|
830
|
+
|
|
831
|
+
### Manual Release (if needed)
|
|
832
|
+
|
|
833
|
+
```bash
|
|
834
|
+
npm login
|
|
835
|
+
npm publish --access public
|
|
836
|
+
```
|
|
837
|
+
|
|
699
838
|
## License
|
|
700
839
|
|
|
701
840
|
MIT
|
package/dist/commands/certs.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certs.d.ts","sourceRoot":"","sources":["../../src/commands/certs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"certs.d.ts","sourceRoot":"","sources":["../../src/commands/certs.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAczC,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAsY5D"}
|
package/dist/commands/exec.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/commands/exec.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/commands/exec.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAMzC,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA+H1D"}
|
package/dist/commands/exec.js
CHANGED
|
@@ -3,85 +3,7 @@
|
|
|
3
3
|
import chalk from 'chalk';
|
|
4
4
|
import { spawn } from 'node:child_process';
|
|
5
5
|
import { isConfigured } from '../lib/config.js';
|
|
6
|
-
import {
|
|
7
|
-
/**
|
|
8
|
-
* Parse secret mapping from CLI argument
|
|
9
|
-
* Formats:
|
|
10
|
-
* ENV_VAR=alias:secret/path -> entire secret as JSON
|
|
11
|
-
* ENV_VAR=alias:secret/path.key -> specific key from secret
|
|
12
|
-
* ENV_VAR=uuid -> entire secret as JSON
|
|
13
|
-
* ENV_VAR=uuid.key -> specific key from secret
|
|
14
|
-
*/
|
|
15
|
-
function parseSecretMapping(mapping) {
|
|
16
|
-
const eqIndex = mapping.indexOf('=');
|
|
17
|
-
if (eqIndex === -1) {
|
|
18
|
-
throw new Error(`Invalid mapping format: ${mapping}. Expected: ENV_VAR=secret-id[.key]`);
|
|
19
|
-
}
|
|
20
|
-
const envVar = mapping.substring(0, eqIndex);
|
|
21
|
-
let secretPath = mapping.substring(eqIndex + 1);
|
|
22
|
-
if (!envVar || !secretPath) {
|
|
23
|
-
throw new Error(`Invalid mapping format: ${mapping}. Expected: ENV_VAR=secret-id[.key]`);
|
|
24
|
-
}
|
|
25
|
-
// Check if there's a key after the secret ID
|
|
26
|
-
// For alias format: alias:path/to/secret.key
|
|
27
|
-
// For UUID format: uuid.key
|
|
28
|
-
let key;
|
|
29
|
-
if (secretPath.startsWith('alias:')) {
|
|
30
|
-
// Handle alias:path/to/secret.key
|
|
31
|
-
const lastDotIndex = secretPath.lastIndexOf('.');
|
|
32
|
-
if (lastDotIndex > secretPath.indexOf(':') + 1) {
|
|
33
|
-
// There's a dot after the alias prefix
|
|
34
|
-
const potentialKey = secretPath.substring(lastDotIndex + 1);
|
|
35
|
-
// Check if this looks like a key (not a file extension or path segment)
|
|
36
|
-
if (potentialKey && !potentialKey.includes('/')) {
|
|
37
|
-
key = potentialKey;
|
|
38
|
-
secretPath = secretPath.substring(0, lastDotIndex);
|
|
39
|
-
}
|
|
40
|
-
}
|
|
41
|
-
}
|
|
42
|
-
else {
|
|
43
|
-
// Handle uuid.key or uuid
|
|
44
|
-
const dotIndex = secretPath.indexOf('.');
|
|
45
|
-
if (dotIndex !== -1) {
|
|
46
|
-
key = secretPath.substring(dotIndex + 1);
|
|
47
|
-
secretPath = secretPath.substring(0, dotIndex);
|
|
48
|
-
}
|
|
49
|
-
}
|
|
50
|
-
return {
|
|
51
|
-
envVar,
|
|
52
|
-
secretId: secretPath,
|
|
53
|
-
key,
|
|
54
|
-
};
|
|
55
|
-
}
|
|
56
|
-
/**
|
|
57
|
-
* Fetch secrets and build environment variables
|
|
58
|
-
*/
|
|
59
|
-
async function buildSecretEnv(mappings) {
|
|
60
|
-
const env = {};
|
|
61
|
-
// Group by secretId to minimize API calls
|
|
62
|
-
const secretCache = new Map();
|
|
63
|
-
for (const mapping of mappings) {
|
|
64
|
-
let data = secretCache.get(mapping.secretId);
|
|
65
|
-
if (!data) {
|
|
66
|
-
const secret = await getSecret(mapping.secretId);
|
|
67
|
-
data = secret.data;
|
|
68
|
-
secretCache.set(mapping.secretId, data);
|
|
69
|
-
}
|
|
70
|
-
if (mapping.key) {
|
|
71
|
-
// Get specific key
|
|
72
|
-
const value = data[mapping.key];
|
|
73
|
-
if (value === undefined) {
|
|
74
|
-
throw new Error(`Key "${mapping.key}" not found in secret "${mapping.secretId}"`);
|
|
75
|
-
}
|
|
76
|
-
env[mapping.envVar] = typeof value === 'string' ? value : JSON.stringify(value);
|
|
77
|
-
}
|
|
78
|
-
else {
|
|
79
|
-
// Get entire secret as JSON
|
|
80
|
-
env[mapping.envVar] = JSON.stringify(data);
|
|
81
|
-
}
|
|
82
|
-
}
|
|
83
|
-
return env;
|
|
84
|
-
}
|
|
6
|
+
import { parseSecretMapping, buildSecretEnv } from '../lib/secret-env.js';
|
|
85
7
|
export function registerExecCommand(program) {
|
|
86
8
|
program
|
|
87
9
|
.command('exec')
|
|
@@ -95,6 +17,12 @@ export function registerExecCommand(program) {
|
|
|
95
17
|
.option('--no-inherit', 'Do not inherit current environment variables')
|
|
96
18
|
.argument('[command...]', 'Command to execute')
|
|
97
19
|
.addHelpText('after', `
|
|
20
|
+
Secret Mapping Formats:
|
|
21
|
+
ENV_VAR=alias:path/to/secret Entire secret as JSON
|
|
22
|
+
ENV_VAR=alias:path/to/secret.key Specific field from secret
|
|
23
|
+
ENV_VAR=api-key:name Managed API key (binds and gets current value)
|
|
24
|
+
ENV_VAR=literal:value Literal value (no vault fetch)
|
|
25
|
+
|
|
98
26
|
Examples:
|
|
99
27
|
# Run node with database password
|
|
100
28
|
zn-vault-agent exec -s DB_PASSWORD=alias:db/prod.password -- node server.js
|
|
@@ -106,6 +34,11 @@ Examples:
|
|
|
106
34
|
-s API_KEY=alias:api/key.value \\
|
|
107
35
|
-- ./start.sh
|
|
108
36
|
|
|
37
|
+
# Use a managed API key (auto-rotating)
|
|
38
|
+
zn-vault-agent exec \\
|
|
39
|
+
-s ZINC_CONFIG_VAULT_API_KEY=api-key:my-api-key \\
|
|
40
|
+
-- ./my-app
|
|
41
|
+
|
|
109
42
|
# Export to env file
|
|
110
43
|
zn-vault-agent exec \\
|
|
111
44
|
-s DB_PASSWORD=alias:db/prod.password \\
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exec.js","sourceRoot":"","sources":["../../src/commands/exec.ts"],"names":[],"mappings":"AAAA,6BAA6B;AAC7B,kEAAkE;AAGlE,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"exec.js","sourceRoot":"","sources":["../../src/commands/exec.ts"],"names":[],"mappings":"AAAA,6BAA6B;AAC7B,kEAAkE;AAGlE,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAsB,MAAM,sBAAsB,CAAC;AAE9F,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,qDAAqD,CAAC;SAClE,MAAM,CAAC,wBAAwB,EAAE,0CAA0C,EAAE,CAAC,GAAG,EAAE,GAAa,EAAE,EAAE;QACnG,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACd,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAE,CAAC;SACL,MAAM,CAAC,qBAAqB,EAAE,sDAAsD,CAAC;SACrF,MAAM,CAAC,WAAW,EAAE,uDAAuD,EAAE,IAAI,CAAC;SAClF,MAAM,CAAC,cAAc,EAAE,8CAA8C,CAAC;SACtE,QAAQ,CAAC,cAAc,EAAE,oBAAoB,CAAC;SAC9C,WAAW,CAAC,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8BzB,CAAC;SACG,MAAM,CAAC,KAAK,EAAE,OAAiB,EAAE,OAAO,EAAE,EAAE;QAC3C,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC,CAAC;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC,CAAC;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,iBAAiB;QACjB,IAAI,QAAyB,CAAC;QAC9B,IAAI,CAAC;YACH,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YACrF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,gBAAgB;QAChB,IAAI,SAAiC,CAAC;QACtC,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,0BAA0B,CAAC,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YACvG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,gDAAgD;QAChD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;YACnC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;iBACtC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC;iBACnD,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;YAErB,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,uBAAuB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACxE,OAAO;QACT,CAAC;QAED,6BAA6B;QAC7B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC,CAAC;YAC7E,OAAO,CAAC,KAAK,CAAC,4DAA4D,CAAC,CAAC;YAC5E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,oBAAoB;QACpB,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO;YACzB,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,SAAS,EAAE;YAClC,CAAC,CAAC,SAAS,CAAC;QAEd,kBAAkB;QAClB,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC;QAE/B,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;YAC7B,GAAG;YACH,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO;SACpC,CAAC,CAAC;QAEH,2BAA2B;QAC3B,MAAM,OAAO,GAAqB,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QAClE,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;gBACtB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrB,CAAC,CAAC,CAAC;QACL,CAAC;QAED,8BAA8B;QAC9B,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;YAChC,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,0BAA0B,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAClE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACP,CAAC"}
|
package/dist/commands/login.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA0CzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAyN3D"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/commands/secrets.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/commands/secrets.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAqKzC,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA0V9D"}
|
package/dist/commands/setup.d.ts
CHANGED
|
@@ -4,6 +4,6 @@
|
|
|
4
4
|
* Installs systemd service and creates necessary directories
|
|
5
5
|
* for running zn-vault-agent as a system daemon.
|
|
6
6
|
*/
|
|
7
|
-
import { Command } from 'commander';
|
|
7
|
+
import type { Command } from 'commander';
|
|
8
8
|
export declare function registerSetupCommand(program: Command): void;
|
|
9
9
|
//# sourceMappingURL=setup.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/commands/setup.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/commands/setup.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAezC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAgC3D"}
|
package/dist/commands/start.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"start.d.ts","sourceRoot":"","sources":["../../src/commands/start.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"start.d.ts","sourceRoot":"","sources":["../../src/commands/start.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAoBzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAiM3D"}
|
package/dist/commands/start.js
CHANGED
|
@@ -1,11 +1,16 @@
|
|
|
1
1
|
// Path: src/commands/start.ts
|
|
2
2
|
// Start command - runs the agent daemon
|
|
3
3
|
import chalk from 'chalk';
|
|
4
|
-
import { isConfigured, loadConfig, getTargets } from '../lib/config.js';
|
|
4
|
+
import { isConfigured, loadConfig, getTargets, DEFAULT_EXEC_CONFIG, } from '../lib/config.js';
|
|
5
5
|
import { validateConfig, formatValidationResult } from '../lib/validation.js';
|
|
6
6
|
import { startDaemon } from '../lib/websocket.js';
|
|
7
7
|
import { logger } from '../lib/logger.js';
|
|
8
8
|
import { NpmAutoUpdateService, loadUpdateConfig } from '../services/npm-auto-update.js';
|
|
9
|
+
import { parseSecretMapping } from '../lib/secret-env.js';
|
|
10
|
+
// Helper to collect repeatable options
|
|
11
|
+
function collect(value, previous) {
|
|
12
|
+
return previous.concat([value]);
|
|
13
|
+
}
|
|
9
14
|
export function registerStartCommand(program) {
|
|
10
15
|
program
|
|
11
16
|
.command('start')
|
|
@@ -16,6 +21,14 @@ export function registerStartCommand(program) {
|
|
|
16
21
|
.option('--foreground', 'Run in foreground (default)')
|
|
17
22
|
.option('--auto-update', 'Enable automatic updates (uses saved config)')
|
|
18
23
|
.option('--no-auto-update', 'Disable automatic updates')
|
|
24
|
+
// Exec mode options
|
|
25
|
+
.option('--exec <command>', 'Command to execute with secrets (combined mode)')
|
|
26
|
+
.option('-s, --secret <mapping>', 'Secret mapping for exec (ENV=secret, repeatable)', collect, [])
|
|
27
|
+
.option('--restart-on-change', 'Restart child on cert/secret changes (default: true)')
|
|
28
|
+
.option('--no-restart-on-change', 'Do not restart child on cert/secret changes')
|
|
29
|
+
.option('--restart-delay <ms>', 'Delay in ms before restarting child (default: 5000)', parseInt)
|
|
30
|
+
.option('--max-restarts <n>', 'Max restarts in window (default: 10)', parseInt)
|
|
31
|
+
.option('--restart-window <ms>', 'Restart count window in ms (default: 300000)', parseInt)
|
|
19
32
|
.addHelpText('after', `
|
|
20
33
|
Examples:
|
|
21
34
|
# Start in foreground (default)
|
|
@@ -33,6 +46,13 @@ Examples:
|
|
|
33
46
|
# With auto-updates enabled
|
|
34
47
|
zn-vault-agent start --health-port 9100 --auto-update
|
|
35
48
|
|
|
49
|
+
# Combined mode: cert sync + exec with secrets
|
|
50
|
+
zn-vault-agent start \\
|
|
51
|
+
--exec "payara start-domain domain1" \\
|
|
52
|
+
-s ZINC_CONFIG_USE_VAULT=literal:true \\
|
|
53
|
+
-s ZINC_CONFIG_API_KEY=alias:infra/prod.apiKey \\
|
|
54
|
+
--health-port 9100
|
|
55
|
+
|
|
36
56
|
# Production setup (systemd)
|
|
37
57
|
# See docs/GUIDE.md for systemd service file
|
|
38
58
|
`)
|
|
@@ -44,6 +64,50 @@ Examples:
|
|
|
44
64
|
}
|
|
45
65
|
const config = loadConfig();
|
|
46
66
|
const targets = getTargets();
|
|
67
|
+
// Build exec config from CLI options or config file
|
|
68
|
+
let execConfig;
|
|
69
|
+
if (options.exec) {
|
|
70
|
+
// CLI options take precedence
|
|
71
|
+
const secrets = [];
|
|
72
|
+
// Parse -s/--secret mappings
|
|
73
|
+
for (const mapping of options.secret) {
|
|
74
|
+
try {
|
|
75
|
+
const parsed = parseSecretMapping(mapping);
|
|
76
|
+
if (parsed.literal !== undefined) {
|
|
77
|
+
secrets.push({ env: parsed.envVar, literal: parsed.literal });
|
|
78
|
+
}
|
|
79
|
+
else {
|
|
80
|
+
// Reconstruct the secret reference (with key if present)
|
|
81
|
+
const secretRef = parsed.key
|
|
82
|
+
? `${parsed.secretId}.${parsed.key}`
|
|
83
|
+
: parsed.secretId;
|
|
84
|
+
secrets.push({ env: parsed.envVar, secret: secretRef });
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
catch (err) {
|
|
88
|
+
console.error(chalk.red('Invalid secret mapping:'), mapping);
|
|
89
|
+
console.error(err instanceof Error ? err.message : String(err));
|
|
90
|
+
process.exit(1);
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
// Parse exec command (split on spaces if needed)
|
|
94
|
+
const command = options.exec.includes(' ')
|
|
95
|
+
? options.exec.split(/\s+/)
|
|
96
|
+
: [options.exec];
|
|
97
|
+
execConfig = {
|
|
98
|
+
command,
|
|
99
|
+
secrets,
|
|
100
|
+
inheritEnv: true, // Always inherit for CLI
|
|
101
|
+
restartOnChange: options.restartOnChange !== false,
|
|
102
|
+
restartDelayMs: options.restartDelay ?? DEFAULT_EXEC_CONFIG.restartDelayMs,
|
|
103
|
+
maxRestarts: options.maxRestarts ?? DEFAULT_EXEC_CONFIG.maxRestarts,
|
|
104
|
+
restartWindowMs: options.restartWindow ?? DEFAULT_EXEC_CONFIG.restartWindowMs,
|
|
105
|
+
};
|
|
106
|
+
}
|
|
107
|
+
else if (config.exec) {
|
|
108
|
+
// Use exec config from config file
|
|
109
|
+
execConfig = config.exec;
|
|
110
|
+
}
|
|
47
111
|
// Validate configuration if requested
|
|
48
112
|
if (options.validate) {
|
|
49
113
|
const result = validateConfig(config);
|
|
@@ -54,8 +118,8 @@ Examples:
|
|
|
54
118
|
process.exit(1);
|
|
55
119
|
}
|
|
56
120
|
}
|
|
57
|
-
// Warn if no targets
|
|
58
|
-
if (targets.length === 0) {
|
|
121
|
+
// Warn if no targets and no exec
|
|
122
|
+
if (targets.length === 0 && !execConfig) {
|
|
59
123
|
console.log(chalk.yellow('Warning: No certificate targets configured.'));
|
|
60
124
|
console.log('Run ' + chalk.cyan('zn-vault-agent add') + ' to add certificates to sync.');
|
|
61
125
|
console.log();
|
|
@@ -80,6 +144,14 @@ Examples:
|
|
|
80
144
|
const updateConfig = loadUpdateConfig();
|
|
81
145
|
const autoUpdateEnabled = options.autoUpdate !== false && updateConfig.enabled;
|
|
82
146
|
console.log(` Auto-update: ${autoUpdateEnabled ? chalk.green('enabled') : 'disabled'}`);
|
|
147
|
+
// Exec mode status
|
|
148
|
+
if (execConfig) {
|
|
149
|
+
console.log(` Exec: ${chalk.cyan(execConfig.command.join(' '))}`);
|
|
150
|
+
console.log(` Exec secrets: ${execConfig.secrets.length} env var(s)`);
|
|
151
|
+
if (execConfig.restartOnChange) {
|
|
152
|
+
console.log(` Restart: on cert/secret change (delay: ${execConfig.restartDelayMs}ms)`);
|
|
153
|
+
}
|
|
154
|
+
}
|
|
83
155
|
console.log();
|
|
84
156
|
if (targets.length > 0) {
|
|
85
157
|
console.log(chalk.gray('Subscribed certificates:'));
|
|
@@ -88,6 +160,14 @@ Examples:
|
|
|
88
160
|
}
|
|
89
161
|
console.log();
|
|
90
162
|
}
|
|
163
|
+
if (execConfig && execConfig.secrets.length > 0) {
|
|
164
|
+
console.log(chalk.gray('Exec environment variables:'));
|
|
165
|
+
for (const s of execConfig.secrets) {
|
|
166
|
+
const source = s.literal !== undefined ? 'literal' : s.secret;
|
|
167
|
+
console.log(` - ${s.env} = ${source}`);
|
|
168
|
+
}
|
|
169
|
+
console.log();
|
|
170
|
+
}
|
|
91
171
|
console.log(chalk.gray('Starting daemon...'));
|
|
92
172
|
console.log();
|
|
93
173
|
// Start auto-update service if enabled
|
|
@@ -101,6 +181,7 @@ Examples:
|
|
|
101
181
|
await startDaemon({
|
|
102
182
|
verbose: options.verbose,
|
|
103
183
|
healthPort: options.healthPort,
|
|
184
|
+
exec: execConfig,
|
|
104
185
|
});
|
|
105
186
|
}
|
|
106
187
|
catch (err) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"start.js","sourceRoot":"","sources":["../../src/commands/start.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,wCAAwC;AAGxC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,
|
|
1
|
+
{"version":3,"file":"start.js","sourceRoot":"","sources":["../../src/commands/start.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,wCAAwC;AAGxC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,UAAU,EACV,UAAU,EAEV,mBAAmB,GACpB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AACxF,OAAO,EAAE,kBAAkB,EAAmB,MAAM,sBAAsB,CAAC;AAE3E,uCAAuC;AACvC,SAAS,OAAO,CAAC,KAAa,EAAE,QAAkB;IAChD,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,mCAAmC,CAAC;SAChD,MAAM,CAAC,eAAe,EAAE,wBAAwB,CAAC;SACjD,MAAM,CAAC,sBAAsB,EAAE,qDAAqD,EAAE,QAAQ,CAAC;SAC/F,MAAM,CAAC,YAAY,EAAE,wCAAwC,CAAC;SAC9D,MAAM,CAAC,cAAc,EAAE,6BAA6B,CAAC;SACrD,MAAM,CAAC,eAAe,EAAE,8CAA8C,CAAC;SACvE,MAAM,CAAC,kBAAkB,EAAE,2BAA2B,CAAC;QACxD,oBAAoB;SACnB,MAAM,CAAC,kBAAkB,EAAE,iDAAiD,CAAC;SAC7E,MAAM,CAAC,wBAAwB,EAAE,kDAAkD,EAAE,OAAO,EAAE,EAAE,CAAC;SACjG,MAAM,CAAC,qBAAqB,EAAE,sDAAsD,CAAC;SACrF,MAAM,CAAC,wBAAwB,EAAE,6CAA6C,CAAC;SAC/E,MAAM,CAAC,sBAAsB,EAAE,qDAAqD,EAAE,QAAQ,CAAC;SAC/F,MAAM,CAAC,oBAAoB,EAAE,sCAAsC,EAAE,QAAQ,CAAC;SAC9E,MAAM,CAAC,uBAAuB,EAAE,8CAA8C,EAAE,QAAQ,CAAC;SACzF,WAAW,CAAC,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;CA0BzB,CAAC;SACG,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,sBAAsB;QACtB,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC,CAAC;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAE7B,oDAAoD;QACpD,IAAI,UAAkC,CAAC;QAEvC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,8BAA8B;YAC9B,MAAM,OAAO,GAAiB,EAAE,CAAC;YAEjC,6BAA6B;YAC7B,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,MAAkB,EAAE,CAAC;gBACjD,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;oBAC3C,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;wBACjC,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;oBAChE,CAAC;yBAAM,CAAC;wBACN,yDAAyD;wBACzD,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG;4BAC1B,CAAC,CAAC,GAAG,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,GAAG,EAAE;4BACpC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;wBACpB,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC,EAAE,OAAO,CAAC,CAAC;oBAC7D,OAAO,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;oBAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,iDAAiD;YACjD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACxC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;gBAC3B,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEnB,UAAU,GAAG;gBACX,OAAO;gBACP,OAAO;gBACP,UAAU,EAAE,IAAI,EAAE,yBAAyB;gBAC3C,eAAe,EAAE,OAAO,CAAC,eAAe,KAAK,KAAK;gBAClD,cAAc,EAAE,OAAO,CAAC,YAAY,IAAI,mBAAmB,CAAC,cAAc;gBAC1E,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB,CAAC,WAAW;gBACnE,eAAe,EAAE,OAAO,CAAC,aAAa,IAAI,mBAAmB,CAAC,eAAe;aAC9E,CAAC;QACJ,CAAC;aAAM,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YACvB,mCAAmC;YACnC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;QAC3B,CAAC;QAED,sCAAsC;QACtC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;YACtC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,EAAE,CAAC;YAEd,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC,CAAC;gBACzF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,6CAA6C,CAAC,CAAC,CAAC;YACzE,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,+BAA+B,CAAC,CAAC;YACzF,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,CAAC;QAED,sCAAsC;QACtC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,SAAS,GAAG,OAAO,CAAC;QAClC,CAAC;QAED,uBAAuB;QACvB,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,MAAM,iBAAiB,CAAC,CAAC;QAC/D,OAAO,CAAC,GAAG,CAAC,wBAAwB,MAAM,CAAC,YAAY,IAAI,IAAI,GAAG,CAAC,CAAC;QACpE,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,iCAAiC,OAAO,CAAC,UAAU,SAAS,CAAC,CAAC;YAC1E,OAAO,CAAC,GAAG,CAAC,iCAAiC,OAAO,CAAC,UAAU,UAAU,CAAC,CAAC;QAC7E,CAAC;QAED,qBAAqB;QACrB,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAC;QACxC,MAAM,iBAAiB,GAAG,OAAO,CAAC,UAAU,KAAK,KAAK,IAAI,YAAY,CAAC,OAAO,CAAC;QAC/E,OAAO,CAAC,GAAG,CAAC,kBAAkB,iBAAiB,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;QAEzF,mBAAmB;QACnB,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC;YAC1E,OAAO,CAAC,GAAG,CAAC,mBAAmB,UAAU,CAAC,OAAO,CAAC,MAAM,aAAa,CAAC,CAAC;YACvE,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC;gBAC/B,OAAO,CAAC,GAAG,CAAC,gDAAgD,UAAU,CAAC,cAAc,KAAK,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;QAEd,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CAAC;YACpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,OAAO,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;YAC1E,CAAC;YACD,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,CAAC;QAED,IAAI,UAAU,IAAI,UAAU,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC;YACvD,KAAK,MAAM,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;gBACnC,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,MAAM,MAAM,EAAE,CAAC,CAAC;YAC1C,CAAC;YACD,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,EAAE,CAAC;QAEd,uCAAuC;QACvC,IAAI,iBAAiB,GAAgC,IAAI,CAAC;QAC1D,IAAI,iBAAiB,EAAE,CAAC;YACtB,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;YACtD,iBAAiB,GAAG,IAAI,oBAAoB,CAAC,YAAY,CAAC,CAAC;YAC3D,iBAAiB,CAAC,KAAK,EAAE,CAAC;QAC5B,CAAC;QAED,IAAI,CAAC;YACH,MAAM,WAAW,CAAC;gBAChB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,IAAI,EAAE,UAAU;aACjB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;YACtC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../src/commands/status.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../src/commands/status.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIzC,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAuF5D"}
|
package/dist/commands/sync.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sync.d.ts","sourceRoot":"","sources":["../../src/commands/sync.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"sync.d.ts","sourceRoot":"","sources":["../../src/commands/sync.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAMzC,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA+H1D"}
|
package/dist/lib/api.d.ts
CHANGED
|
@@ -49,6 +49,19 @@ export interface DecryptedSecret {
|
|
|
49
49
|
version: number;
|
|
50
50
|
data: Record<string, unknown>;
|
|
51
51
|
}
|
|
52
|
+
export interface ManagedApiKeyBindResponse {
|
|
53
|
+
id: string;
|
|
54
|
+
key: string;
|
|
55
|
+
prefix: string;
|
|
56
|
+
name: string;
|
|
57
|
+
expiresAt: string;
|
|
58
|
+
gracePeriod: string;
|
|
59
|
+
graceExpiresAt?: string;
|
|
60
|
+
rotationMode: 'scheduled' | 'on-use' | 'on-bind';
|
|
61
|
+
permissions: string[];
|
|
62
|
+
nextRotationAt?: string;
|
|
63
|
+
_notice?: string;
|
|
64
|
+
}
|
|
52
65
|
/**
|
|
53
66
|
* Login and get access token
|
|
54
67
|
*/
|
|
@@ -100,5 +113,11 @@ export declare function clearToken(): void;
|
|
|
100
113
|
* Check if we have a valid cached token
|
|
101
114
|
*/
|
|
102
115
|
export declare function hasValidToken(): boolean;
|
|
116
|
+
/**
|
|
117
|
+
* Bind to a managed API key and get the current key value
|
|
118
|
+
* @param name - Managed API key name (e.g., "my-api-key")
|
|
119
|
+
* @returns The current API key value
|
|
120
|
+
*/
|
|
121
|
+
export declare function bindManagedApiKey(name: string): Promise<ManagedApiKeyBindResponse>;
|
|
103
122
|
export {};
|
|
104
123
|
//# sourceMappingURL=api.d.ts.map
|
package/dist/lib/api.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../src/lib/api.ts"],"names":[],"mappings":"AAyBA,UAAU,aAAa;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IACvC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IACvC,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AA8MD;;GAEG;AACH,wBAAsB,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAmBtF;AAED;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC;IAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAMjG;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAMjF;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAOvG;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAalG;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC;IAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CASvF;AAED;;;GAGG;AACH,wBAAsB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAqB1E;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAiBjF;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CAcpD;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,IAAI,CAIjC;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,OAAO,CAEvC"}
|
|
1
|
+
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../src/lib/api.ts"],"names":[],"mappings":"AAyBA,UAAU,aAAa;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IACvC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IACvC,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,yBAAyB;IACxC,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,WAAW,GAAG,QAAQ,GAAG,SAAS,CAAC;IACjD,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AA8MD;;GAEG;AACH,wBAAsB,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAmBtF;AAED;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC;IAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAMjG;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAMjF;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAOvG;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAalG;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC;IAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CASvF;AAED;;;GAGG;AACH,wBAAsB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAqB1E;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAiBjF;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CAcpD;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,IAAI,CAIjC;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAQxF"}
|