npm - @zuplo/runtime - Versions diffs - 6.43.16 → 6.43.17 - Mend

@zuplo/runtime 6.43.16 → 6.43.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/out/esm/index.js +24 -24
package/package.json +1 -1

package/out/esm/index.js CHANGED Viewed

@@ -22,17 +22,17 @@
  *  DEALINGS IN THE SOFTWARE.
  *--------------------------------------------------------------------------------------------*/
-import{a as y,b as Fe,e as fe,f as Mu,g as dr,h as pr,i as qu,j as Uu}from"./chunk-GPCONSBV.js";import{a as i,b as Nu,c as Du}from"./chunk-PPV7V43C.js";var Ks=Nu(Dn=>{"use strict";Object.defineProperty(Dn,"__esModule",{value:!0});Dn.parse=vc;Dn.serialize=Sc;var Pc=/^[\u0021-\u003A\u003C\u003E-\u007E]+$/,Ic=/^[\u0021-\u003A\u003C-\u007E]*$/,Ec=/^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i,xc=/^[\u0020-\u003A\u003D-\u007E]*$/,Tc=Object.prototype.toString,Cc=(()=>{let n=i(function(){},"C");return n.prototype=Object.create(null),n})();function vc(n,e){let t=new Cc,r=n.length;if(r<2)return t;let o=e?.decode||Ac,s=0;do{let a=n.indexOf("=",s);if(a===-1)break;let u=n.indexOf(";",s),c=u===-1?r:u;if(a>c){s=n.lastIndexOf(";",a-1)+1;continue}let l=Ws(n,s,a),d=Js(n,a,l),p=n.slice(l,d);if(t[p]===void 0){let m=Ws(n,a+1,c),h=Js(n,c,m),I=o(n.slice(m,h));t[p]=I}s=c+1}while(s<r);return t}i(vc,"parse");function Ws(n,e,t){do{let r=n.charCodeAt(e);if(r!==32&&r!==9)return e}while(++e<t);return t}i(Ws,"startIndex");function Js(n,e,t){for(;e>t;){let r=n.charCodeAt(--e);if(r!==32&&r!==9)return e+1}return t}i(Js,"endIndex");function Sc(n,e,t){let r=t?.encode||encodeURIComponent;if(!Pc.test(n))throw new TypeError(`argument name is invalid: ${n}`);let o=r(e);if(!Ic.test(o))throw new TypeError(`argument val is invalid: ${e}`);let s=n+"="+o;if(!t)return s;if(t.maxAge!==void 0){if(!Number.isInteger(t.maxAge))throw new TypeError(`option maxAge is invalid: ${t.maxAge}`);s+="; Max-Age="+t.maxAge}if(t.domain){if(!Ec.test(t.domain))throw new TypeError(`option domain is invalid: ${t.domain}`);s+="; Domain="+t.domain}if(t.path){if(!xc.test(t.path))throw new TypeError(`option path is invalid: ${t.path}`);s+="; Path="+t.path}if(t.expires){if(!Oc(t.expires)||!Number.isFinite(t.expires.valueOf()))throw new TypeError(`option expires is invalid: ${t.expires}`);s+="; Expires="+t.expires.toUTCString()}if(t.httpOnly&&(s+="; HttpOnly"),t.secure&&(s+="; Secure"),t.partitioned&&(s+="; Partitioned"),t.priority)switch(typeof t.priority=="string"?t.priority.toLowerCase():void 0){case"low":s+="; Priority=Low";break;case"medium":s+="; Priority=Medium";break;case"high":s+="; Priority=High";break;default:throw new TypeError(`option priority is invalid: ${t.priority}`)}if(t.sameSite)switch(typeof t.sameSite=="string"?t.sameSite.toLowerCase():t.sameSite){case!0:case"strict":s+="; SameSite=Strict";break;case"lax":s+="; SameSite=Lax";break;case"none":s+="; SameSite=None";break;default:throw new TypeError(`option sameSite is invalid: ${t.sameSite}`)}return s}i(Sc,"serialize");function Ac(n){if(n.indexOf("%")===-1)return n;try{return decodeURIComponent(n)}catch{return n}}i(Ac,"decode");function Oc(n){return Tc.call(n)==="[object Date]"}i(Oc,"isDate")});var Hu=!1;function dt(n,e){return{open:`\x1B[${n.join(";")}m`,close:`\x1B[${e}m`,regexp:new RegExp(`\\x1b\\[${e}m`,"g")}}i(dt,"code");function pt(n,e){return Hu?`${e.open}${n.replace(e.regexp,e.open)}${e.close}`:n}i(pt,"run");function $u(n){return pt(n,dt([31],39))}i($u,"red");function Zu(n){return pt(n,dt([32],39))}i(Zu,"green");function Fu(n){return pt(n,dt([33],39))}i(Fu,"yellow");function ju(n){return pt(n,dt([34],39))}i(ju,"blue");function zu(n){return pt(n,dt([35],39))}i(zu,"magenta");function Bu(n){return pt(n,dt([36],39))}i(Bu,"cyan");var jp=new RegExp(["[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)","(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))"].join("|"),"g");var Qi=[$u,Zu,Fu,ju,zu,Bu];function Gu(n){let e=0,t=n.length,r=0;if(t>0)for(;r<t;)e=(e<<5)-e+n.charCodeAt(r++)|0;return e}i(Gu,"hashCode");function Yi(n){let e=Math.abs(Gu(n));return Qi[e%Qi.length]}i(Yi,"generateColor");function Xi(n,e,...t){let r=0,o=t.length,s=String(e).replace(/%[sdjoO%]/g,a=>{if(a==="%%")return"%";if(r>=o)return a;switch(a){case"%s":return String(t[r++]);case"%d":return Number(t[r++]).toString();case"%o":return n(t[r++]).split(`
-`).map(u=>u.trim()).join(" ");case"%O":return n(t[r++]);case"%j":try{return JSON.stringify(t[r++])}catch{return"[Circular]"}default:return a}});for(let a of t.splice(r))a===null||!(typeof a=="object"&&a!==null)?s+=" "+a:s+=" "+n(a);return s}i(Xi,"format");function je(n,e,t,r){let o={seen:[],stylize:Vu,showHidden:e??!1,depth:t??2,colors:r??!1,customInspect:!0};return o.colors&&(o.stylize=Ju),pn(o,n,o.depth)}i(je,"inspect");je.colors={bold:[1,22],italic:[3,23],underline:[4,24],inverse:[7,27],white:[37,39],grey:[90,39],black:[30,39],blue:[34,39],cyan:[36,39],green:[32,39],magenta:[35,39],red:[31,39],yellow:[33,39]};je.styles={special:"cyan",number:"yellow",boolean:"yellow",undefined:"grey",null:"bold",string:"green",date:"magenta",regexp:"red"};function Vu(n,e){return n}i(Vu,"stylizeNoColor");function Wu(n){return typeof n=="boolean"}i(Wu,"isBoolean");function ts(n){return n===void 0}i(ts,"isUndefined");function Ju(n,e){let t=je.styles[e];return t?"\x1B["+je.colors[t][0]+"m"+n+"\x1B["+je.colors[t][1]+"m":n}i(Ju,"stylizeWithColor");function mr(n){return typeof n=="function"}i(mr,"isFunction");function ns(n){return typeof n=="string"}i(ns,"isString");function Ku(n){return typeof n=="number"}i(Ku,"isNumber");function rs(n){return n===null}i(rs,"isNull");function os(n,e){return Object.prototype.hasOwnProperty.call(n,e)}i(os,"hasOwn");function gr(n){return br(n)&&wr(n)==="[object RegExp]"}i(gr,"isRegExp");function br(n){return typeof n=="object"&&n!==null}i(br,"isObject");function fr(n){return br(n)&&(wr(n)==="[object Error]"||n instanceof Error)}i(fr,"isError");function es(n){return br(n)&&wr(n)==="[object Date]"}i(es,"isDate");function wr(n){return Object.prototype.toString.call(n)}i(wr,"objectToString");function Qu(n){let e={};return n.forEach(function(t,r){e[t]=!0}),e}i(Qu,"arrayToHash");function Yu(n,e,t,r,o){let s=[];for(let a=0,u=e.length;a<u;++a)os(e,String(a))?s.push(yr(n,e,t,r,String(a),!0)):s.push("");return o.forEach(function(a){a.match(/^\d+$/)||s.push(yr(n,e,t,r,a,!0))}),s}i(Yu,"formatArray");function hr(n){return"["+Error.prototype.toString.call(n)+"]"}i(hr,"formatError");function pn(n,e,t){if(n.customInspect&&e&&mr(e.inspect)&&e.inspect!==je&&!(e.constructor&&e.constructor.prototype===e)){let d=e.inspect(t,n);return ns(d)||(d=pn(n,d,t)),d}let r=Xu(n,e);if(r)return r;let o=Object.keys(e),s=Qu(o);try{n.showHidden&&Object.getOwnPropertyNames&&(o=Object.getOwnPropertyNames(e))}catch{}if(fr(e)&&(o.indexOf("message")>=0||o.indexOf("description")>=0))return hr(e);if(o.length===0){if(mr(e)){let d=e.name?": "+e.name:"";return n.stylize("[Function"+d+"]","special")}if(gr(e))return n.stylize(RegExp.prototype.toString.call(e),"regexp");if(es(e))return n.stylize(Date.prototype.toString.call(e),"date");if(fr(e))return hr(e)}let a="",u=!1,c=["{","}"];if(Array.isArray(e)&&(u=!0,c=["[","]"]),mr(e)&&(a=" [Function"+(e.name?": "+e.name:"")+"]"),gr(e)&&(a=" "+RegExp.prototype.toString.call(e)),es(e)&&(a=" "+Date.prototype.toUTCString.call(e)),fr(e)&&(a=" "+hr(e)),o.length===0&&(!u||e.length==0))return c[0]+a+c[1];if(t<0)return gr(e)?n.stylize(RegExp.prototype.toString.call(e),"regexp"):n.stylize("[Object]","special");n.seen.push(e);let l;return u?l=Yu(n,e,t,s,o):l=o.map(function(d){return yr(n,e,t,s,d,u)}),n.seen.pop(),ec(l,a,c)}i(pn,"formatValue");function yr(n,e,t,r,o,s){let a,u,c;c={value:void 0};try{c.value=e[o]}catch{}try{Object.getOwnPropertyDescriptor&&(c=Object.getOwnPropertyDescriptor(e,o)||c)}catch{}if(c.get?c.set?u=n.stylize("[Getter/Setter]","special"):u=n.stylize("[Getter]","special"):c.set&&(u=n.stylize("[Setter]","special")),os(r,o)||(a="["+o+"]"),u||(n.seen.indexOf(c.value)<0?(rs(t)?u=pn(n,c.value,null):u=pn(n,c.value,t-1),u.indexOf(`
+import{a as y,b as Fe,e as fe,f as Uu,g as dr,h as pr,i as $u,j as Hu}from"./chunk-GPCONSBV.js";import{a as i,b as Mu,c as qu}from"./chunk-PPV7V43C.js";var Ks=Mu(Dn=>{"use strict";Object.defineProperty(Dn,"__esModule",{value:!0});Dn.parse=Ac;Dn.serialize=Oc;var Ec=/^[\u0021-\u003A\u003C\u003E-\u007E]+$/,xc=/^[\u0021-\u003A\u003C-\u007E]*$/,Tc=/^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i,vc=/^[\u0020-\u003A\u003D-\u007E]*$/,Cc=Object.prototype.toString,Sc=(()=>{let n=i(function(){},"C");return n.prototype=Object.create(null),n})();function Ac(n,e){let t=new Sc,r=n.length;if(r<2)return t;let o=e?.decode||kc,s=0;do{let a=n.indexOf("=",s);if(a===-1)break;let u=n.indexOf(";",s),c=u===-1?r:u;if(a>c){s=n.lastIndexOf(";",a-1)+1;continue}let l=Ws(n,s,a),d=Js(n,a,l),p=n.slice(l,d);if(t[p]===void 0){let m=Ws(n,a+1,c),h=Js(n,c,m),I=o(n.slice(m,h));t[p]=I}s=c+1}while(s<r);return t}i(Ac,"parse");function Ws(n,e,t){do{let r=n.charCodeAt(e);if(r!==32&&r!==9)return e}while(++e<t);return t}i(Ws,"startIndex");function Js(n,e,t){for(;e>t;){let r=n.charCodeAt(--e);if(r!==32&&r!==9)return e+1}return t}i(Js,"endIndex");function Oc(n,e,t){let r=t?.encode||encodeURIComponent;if(!Ec.test(n))throw new TypeError(`argument name is invalid: ${n}`);let o=r(e);if(!xc.test(o))throw new TypeError(`argument val is invalid: ${e}`);let s=n+"="+o;if(!t)return s;if(t.maxAge!==void 0){if(!Number.isInteger(t.maxAge))throw new TypeError(`option maxAge is invalid: ${t.maxAge}`);s+="; Max-Age="+t.maxAge}if(t.domain){if(!Tc.test(t.domain))throw new TypeError(`option domain is invalid: ${t.domain}`);s+="; Domain="+t.domain}if(t.path){if(!vc.test(t.path))throw new TypeError(`option path is invalid: ${t.path}`);s+="; Path="+t.path}if(t.expires){if(!Lc(t.expires)||!Number.isFinite(t.expires.valueOf()))throw new TypeError(`option expires is invalid: ${t.expires}`);s+="; Expires="+t.expires.toUTCString()}if(t.httpOnly&&(s+="; HttpOnly"),t.secure&&(s+="; Secure"),t.partitioned&&(s+="; Partitioned"),t.priority)switch(typeof t.priority=="string"?t.priority.toLowerCase():void 0){case"low":s+="; Priority=Low";break;case"medium":s+="; Priority=Medium";break;case"high":s+="; Priority=High";break;default:throw new TypeError(`option priority is invalid: ${t.priority}`)}if(t.sameSite)switch(typeof t.sameSite=="string"?t.sameSite.toLowerCase():t.sameSite){case!0:case"strict":s+="; SameSite=Strict";break;case"lax":s+="; SameSite=Lax";break;case"none":s+="; SameSite=None";break;default:throw new TypeError(`option sameSite is invalid: ${t.sameSite}`)}return s}i(Oc,"serialize");function kc(n){if(n.indexOf("%")===-1)return n;try{return decodeURIComponent(n)}catch{return n}}i(kc,"decode");function Lc(n){return Cc.call(n)==="[object Date]"}i(Lc,"isDate")});var Zu=!1;function dt(n,e){return{open:`\x1B[${n.join(";")}m`,close:`\x1B[${e}m`,regexp:new RegExp(`\\x1b\\[${e}m`,"g")}}i(dt,"code");function pt(n,e){return Zu?`${e.open}${n.replace(e.regexp,e.open)}${e.close}`:n}i(pt,"run");function Fu(n){return pt(n,dt([31],39))}i(Fu,"red");function ju(n){return pt(n,dt([32],39))}i(ju,"green");function zu(n){return pt(n,dt([33],39))}i(zu,"yellow");function Bu(n){return pt(n,dt([34],39))}i(Bu,"blue");function Gu(n){return pt(n,dt([35],39))}i(Gu,"magenta");function Vu(n){return pt(n,dt([36],39))}i(Vu,"cyan");var Bp=new RegExp(["[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)","(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))"].join("|"),"g");var Qi=[Fu,ju,zu,Bu,Gu,Vu];function Wu(n){let e=0,t=n.length,r=0;if(t>0)for(;r<t;)e=(e<<5)-e+n.charCodeAt(r++)|0;return e}i(Wu,"hashCode");function Yi(n){let e=Math.abs(Wu(n));return Qi[e%Qi.length]}i(Yi,"generateColor");function Xi(n,e,...t){let r=0,o=t.length,s=String(e).replace(/%[sdjoO%]/g,a=>{if(a==="%%")return"%";if(r>=o)return a;switch(a){case"%s":return String(t[r++]);case"%d":return Number(t[r++]).toString();case"%o":return n(t[r++]).split(`
+`).map(u=>u.trim()).join(" ");case"%O":return n(t[r++]);case"%j":try{return JSON.stringify(t[r++])}catch{return"[Circular]"}default:return a}});for(let a of t.splice(r))a===null||!(typeof a=="object"&&a!==null)?s+=" "+a:s+=" "+n(a);return s}i(Xi,"format");function je(n,e,t,r){let o={seen:[],stylize:Ju,showHidden:e??!1,depth:t??2,colors:r??!1,customInspect:!0};return o.colors&&(o.stylize=Qu),pn(o,n,o.depth)}i(je,"inspect");je.colors={bold:[1,22],italic:[3,23],underline:[4,24],inverse:[7,27],white:[37,39],grey:[90,39],black:[30,39],blue:[34,39],cyan:[36,39],green:[32,39],magenta:[35,39],red:[31,39],yellow:[33,39]};je.styles={special:"cyan",number:"yellow",boolean:"yellow",undefined:"grey",null:"bold",string:"green",date:"magenta",regexp:"red"};function Ju(n,e){return n}i(Ju,"stylizeNoColor");function Ku(n){return typeof n=="boolean"}i(Ku,"isBoolean");function ts(n){return n===void 0}i(ts,"isUndefined");function Qu(n,e){let t=je.styles[e];return t?"\x1B["+je.colors[t][0]+"m"+n+"\x1B["+je.colors[t][1]+"m":n}i(Qu,"stylizeWithColor");function mr(n){return typeof n=="function"}i(mr,"isFunction");function ns(n){return typeof n=="string"}i(ns,"isString");function Yu(n){return typeof n=="number"}i(Yu,"isNumber");function rs(n){return n===null}i(rs,"isNull");function os(n,e){return Object.prototype.hasOwnProperty.call(n,e)}i(os,"hasOwn");function gr(n){return br(n)&&wr(n)==="[object RegExp]"}i(gr,"isRegExp");function br(n){return typeof n=="object"&&n!==null}i(br,"isObject");function fr(n){return br(n)&&(wr(n)==="[object Error]"||n instanceof Error)}i(fr,"isError");function es(n){return br(n)&&wr(n)==="[object Date]"}i(es,"isDate");function wr(n){return Object.prototype.toString.call(n)}i(wr,"objectToString");function Xu(n){let e={};return n.forEach(function(t,r){e[t]=!0}),e}i(Xu,"arrayToHash");function ec(n,e,t,r,o){let s=[];for(let a=0,u=e.length;a<u;++a)os(e,String(a))?s.push(yr(n,e,t,r,String(a),!0)):s.push("");return o.forEach(function(a){a.match(/^\d+$/)||s.push(yr(n,e,t,r,a,!0))}),s}i(ec,"formatArray");function hr(n){return"["+Error.prototype.toString.call(n)+"]"}i(hr,"formatError");function pn(n,e,t){if(n.customInspect&&e&&mr(e.inspect)&&e.inspect!==je&&!(e.constructor&&e.constructor.prototype===e)){let d=e.inspect(t,n);return ns(d)||(d=pn(n,d,t)),d}let r=tc(n,e);if(r)return r;let o=Object.keys(e),s=Xu(o);try{n.showHidden&&Object.getOwnPropertyNames&&(o=Object.getOwnPropertyNames(e))}catch{}if(fr(e)&&(o.indexOf("message")>=0||o.indexOf("description")>=0))return hr(e);if(o.length===0){if(mr(e)){let d=e.name?": "+e.name:"";return n.stylize("[Function"+d+"]","special")}if(gr(e))return n.stylize(RegExp.prototype.toString.call(e),"regexp");if(es(e))return n.stylize(Date.prototype.toString.call(e),"date");if(fr(e))return hr(e)}let a="",u=!1,c=["{","}"];if(Array.isArray(e)&&(u=!0,c=["[","]"]),mr(e)&&(a=" [Function"+(e.name?": "+e.name:"")+"]"),gr(e)&&(a=" "+RegExp.prototype.toString.call(e)),es(e)&&(a=" "+Date.prototype.toUTCString.call(e)),fr(e)&&(a=" "+hr(e)),o.length===0&&(!u||e.length==0))return c[0]+a+c[1];if(t<0)return gr(e)?n.stylize(RegExp.prototype.toString.call(e),"regexp"):n.stylize("[Object]","special");n.seen.push(e);let l;return u?l=ec(n,e,t,s,o):l=o.map(function(d){return yr(n,e,t,s,d,u)}),n.seen.pop(),nc(l,a,c)}i(pn,"formatValue");function yr(n,e,t,r,o,s){let a,u,c;c={value:void 0};try{c.value=e[o]}catch{}try{Object.getOwnPropertyDescriptor&&(c=Object.getOwnPropertyDescriptor(e,o)||c)}catch{}if(c.get?c.set?u=n.stylize("[Getter/Setter]","special"):u=n.stylize("[Getter]","special"):c.set&&(u=n.stylize("[Setter]","special")),os(r,o)||(a="["+o+"]"),u||(n.seen.indexOf(c.value)<0?(rs(t)?u=pn(n,c.value,null):u=pn(n,c.value,t-1),u.indexOf(`
 `)>-1&&(s?u=u.split(`
 `).map(function(l){return"  "+l}).join(`
 `).substr(2):u=`
 `+u.split(`
 `).map(function(l){return"   "+l}).join(`
-`))):u=n.stylize("[Circular]","special")),ts(a)){if(s&&o.match(/^\d+$/))return u;a=JSON.stringify(""+o),a.match(/^"([a-zA-Z_][a-zA-Z_0-9]*)"$/)?(a=a.substr(1,a.length-2),a=n.stylize(a,"name")):(a=a.replace(/'/g,"\\'").replace(/\\"/g,'"').replace(/(^"|"$)/g,"'"),a=n.stylize(a,"string"))}return a+": "+u}i(yr,"formatProperty");function Xu(n,e){if(ts(e))return n.stylize("undefined","undefined");if(ns(e)){let t="'"+JSON.stringify(e).replace(/^"|"$/g,"").replace(/'/g,"\\'").replace(/\\"/g,'"')+"'";return n.stylize(t,"string")}if(Ku(e))return n.stylize(""+e,"number");if(Wu(e))return n.stylize(""+e,"boolean");if(rs(e))return n.stylize("null","null")}i(Xu,"formatPrimitive");function ec(n,e,t){let r=0;return n.reduce(function(s,a){return r++,a.indexOf(`
+`))):u=n.stylize("[Circular]","special")),ts(a)){if(s&&o.match(/^\d+$/))return u;a=JSON.stringify(""+o),a.match(/^"([a-zA-Z_][a-zA-Z_0-9]*)"$/)?(a=a.substr(1,a.length-2),a=n.stylize(a,"name")):(a=a.replace(/'/g,"\\'").replace(/\\"/g,'"').replace(/(^"|"$)/g,"'"),a=n.stylize(a,"string"))}return a+": "+u}i(yr,"formatProperty");function tc(n,e){if(ts(e))return n.stylize("undefined","undefined");if(ns(e)){let t="'"+JSON.stringify(e).replace(/^"|"$/g,"").replace(/'/g,"\\'").replace(/\\"/g,'"')+"'";return n.stylize(t,"string")}if(Yu(e))return n.stylize(""+e,"number");if(Ku(e))return n.stylize(""+e,"boolean");if(rs(e))return n.stylize("null","null")}i(tc,"formatPrimitive");function nc(n,e,t){let r=0;return n.reduce(function(s,a){return r++,a.indexOf(`
 `)>=0&&r++,s+a.replace(/\u001b\[\d\d?m/g,"").length+1},0)>60?t[0]+(e===""?"":e+`
  `)+" "+n.join(`,
-  `)+" "+t[1]:t[0]+e+" "+n.join(", ")+" "+t[1]}i(ec,"reduceToSingleString");var is=i((n,...e)=>Xi(je,n,e),"format");var Rr=class{static{i(this,"Debugger")}manager;ns;color;last;enabled;constructor(e,t){this.manager=e,this.ns=t,this.color=Yi(t),this.last=0,this.enabled=e.enabled.some(r=>r.test(t))}log(...e){if(!this.enabled)return;let t,r=e[0];typeof r=="function"?t=r():t=String(r);let o=Date.now()-(this.last||Date.now());t=is(t,...e);let s=`${this.color(this.ns)} ${t} ${this.color(`+${o}ms`)}`;console.log(s),this.last=Date.now()}},Pr=class{static{i(this,"DebugManager")}debuggers;enabled;constructor(e){this.debuggers=new Map,this.enabled=e??[]}};function tc(n){return!n||n.length===0?[]:(n=n.replace(/\s/g,"").replace(/\*/g,".+"),n.split(",").map(e=>new RegExp(`^${e}$`)))}i(tc,"extract");var mn;function be(n){let e=globalThis.DEBUG;mn||(mn=new Pr(tc(e)));let t=new Rr(mn,n);return mn.debuggers.set(n,t),Object.assign(t.log.bind(t),{self:t})}i(be,"debug");var K=class extends Error{static{i(this,"SystemError")}constructor(e,t){super(e,t),this.name="InternalError"}},k=class extends Error{static{i(this,"RuntimeError")}extensionMembers;constructor(e,t){typeof e=="string"?super(e,t):(super(e.message,t),this.extensionMembers=e.extensionMembers),this.name="RuntimeError"}},g=class extends k{static{i(this,"ConfigurationError")}constructor(e,t){super(e,t),this.name="ConfigurationError"}};var tt=be("zuplo:runtime:external-service");function nc(){let n,{__ZUPLO_EXTERNAL_SERVICE_TOKEN:e}=y.instance.runtime;if(e&&e!=="undefined")try{let t=atob(e);n=JSON.parse(t)}catch{}return n}i(nc,"getServiceAuth");async function ss(n,e){let t=nc();if(t)if(tt(`Using external service auth. ClientId: ${t.clientId})`),typeof n=="string"){let r=new URL(n),o=r.hostname,s=e??{},a=new Headers(s.headers||{});a.set("CF-Access-Client-Id",t.clientId),a.set("CF-Access-Client-Secret",t.clientSecret),s.headers=a;let u;if(t.customServiceMapping&&t.customServiceMapping[o])u=`https://${t.customServiceMapping[o]}`;else if(y.instance.useLegacyServiceRouting)u=`https://${o}.zuptunnel.com`;else{tt("Using sha256 service routing");let d=y.instance.build;if(d.ACCOUNT_NAME&&d.PROJECT_NAME&&d.ENVIRONMENT_TYPE){let p=await rc(o,d.ACCOUNT_NAME,d.PROJECT_NAME,d.ENVIRONMENT_TYPE),m=as(d.ENVIRONMENT_TYPE),h=await Ir(`${d.ACCOUNT_NAME}-${d.PROJECT_NAME}-${m}`);h==="40d7ad502f5d743997999594c177184a00161a77865423511f3a1ea21eb5a5e"||h==="d05bffe8fa91a300187d2cf43e8aa4a56bd809c442ae10d1ee49af7d29a5a11"?u=`https://${p}.zuptunnel.com`:u=`https://${p}.t.zuplo.app`}else throw tt("Cannot use sha256 service routing, missing build variables"),new k("Failed to generate fully qualified tunnel url.")}let c=new URL(`${u}${r.pathname}${r.search}`);tt(`Calling external service: ${c.toString()}`);let l=await gn(c.toString(),s);if(l.status===403&&l.headers.get("cf-access-domain")!==null)throw console.error("403 Forbidden when calling external service.",{clientId:t.clientId,tunnelHost:u}),new k("Could not connect to secure tunnel.");return l}else throw tt("Cannot call external service with Request object"),new k("Currently, we only support fetch(<some_string>, ...).");else throw tt("There is no external service auth configured for this zup."),new k("There are no external services configured for this zup.")}i(ss,"externalServiceHandler");async function rc(n,e,t,r){let o=n.toLowerCase(),s=e.toLowerCase(),a=t.toLowerCase(),u=as(r);tt(`Hashing service name: ${s}-${o}.${s}-${a}-${u}`);let c=await Ir(`${s}-${o}`),l=await Ir(`${s}-${a}-${u}`);return`${c}.${l}`}i(rc,"hashServiceName");async function Ir(n){let e=new TextEncoder().encode(n),t=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(t)).map(s=>s.toString(16).padStart(2,"0")).join("").slice(0,-1)}i(Ir,"hashSegment");function as(n){let e=n.toLowerCase();switch(e){case"production":case"preview":return e;default:return"working-copy"}}i(as,"sanitizeEnvironmentType");var us=new Map;us.set("service:",ss);var gn=globalThis.fetch;function Er(n,e){let t=oc(e);if(typeof n=="string"){let r=new URL(n),o=us.get(r.protocol);return o?o(n,t):gn(n,t)}else return gn(n,t)}i(Er,"internalFetch");globalThis.fetch=Er;var oc=i(n=>{if(!n||n instanceof Request)return n;let e=n;if(!e.zuplo)return n;let t=n;return t.cf={cacheEverything:e.zuplo?.cacheEverything,cacheTtl:e.zuplo?.cacheTtlSeconds},delete n.zuplo,n},"transformInit");var ic={fetch:Er},z=ic;Function.prototype.toString=function(){return"[native code]"};var fn=globalThis,cs=fn.caches;if(cs){let n=cs.open;fn.caches.open=function(e){let t=y.instance.deploymentName??y.instance.build.BUILD_ID;return n.call(this,`${t}-${e}`)},delete fn.caches.default,Object.freeze(fn.caches)}var hn=new Set,ls=new Set;function f(n){ls.has(n)||(ls.add(n),hn.add(n))}i(f,"trackFeature");function ds(){let n=[...hn];return hn.clear(),n}i(ds,"getUnsentFeatures");function ps(n){for(let e of n)hn.add(e)}i(ps,"restoreFeatures");function _e(n,e){n.has("Authorization")||n.set("Authorization",`Bearer ${y.instance.authApiJWT}`),n.set("zp-rid",e??`global-${crypto.randomUUID()}`),n.set("zp-dn",y.instance.deploymentName??"unknown"),n.set("User-Agent",y.instance.systemUserAgent),n.set("zp-compat-date",y.instance.build.COMPATIBILITY_DATE??"none")}i(_e,"setZuploHeaders");async function sc(n,e={}){f("utility.zuplo-api-services");let{method:t="GET",data:r}=e,o=new URL(n,y.instance.zuploEdgeApiUrl),s=new Headers(e.headers);_e(s),s.set("Content-Type","application/json");let a={method:t,headers:s};r&&(a.body=JSON.stringify(r));let u=await z.fetch(o,a),c;try{if(!u.ok)throw c=await u.clone().json(),new Error(`Error ${u.status}: ${JSON.stringify(c)||"Request failed"}`);if(u.status===204)return;c=await u.clone().json()}catch(l){throw new Error(l.message)}return c}i(sc,"apiServices");var ms=new Map,xr=class{static{i(this,"InnerCache")}constructor(e){this.#e=e.maxSize}#e;#t=0;#n=new Map;#r=[];get(e){let t=this.#n.get(e);if(!t)return;let r=Date.now();if(r>t.expiresAt){this.#n.delete(e);return}return t.lastUsed=r,this.#o(),t?.data}put(e,t,r){if(r<=0)return;if(this.#n.size>=this.#e){let a=this.#r.shift();a&&this.#n.delete(a)}let o=Date.now(),s={created:o,lastUsed:o,expiresAt:o+r*1e3,data:t};this.#r.push(e),this.#n.set(e,s)}delete(e){let t=this.#r.indexOf(e);t>=0&&this.#r.slice(t,1),this.#n.delete(e)}get size(){return this.#n.size}#o(){let e=Date.now();this.#t+1e4*1e3>e&&(this.purge(),this.#t=e)}purge(){let e=Date.now();this.#n.forEach((t,r)=>{t.expiresAt>=e&&this.#n.delete(r)})}},ze=class{static{i(this,"MemoryCache")}constructor(e,t={maxSize:1e3}){this.name=e;let r=ms.get(e);r||(r=new xr(t),ms.set(e,r)),this.#e=r}name;#e;get(e){return this.#e.get(e)}put(e,t,r){return this.#e.put(e,t,r)}delete(e){return this.#e.delete(e)}get size(){return this.#e.size}purge(){this.#e.purge()}};var Tr="__zuplo-expiry-header",Nt=class{static{i(this,"ZoneCache")}constructor(e,t){this.#t=e,this.#e=t}#e;#t;#n;async#r(){return this.#n||(this.#n=await caches.open(this.#t)),this.#n}#o(e){return new Request(`https://zone-cache.zuplo.app/${encodeURIComponent(e)}`)}async get(e){try{let t=await this.#r(),r=this.#o(e),o=await t.match(r);if(!o)return;let s=o.headers.get(Tr);if(!s){try{await t.delete(r)}catch(c){this.logDebug("Handled failure to delete with CF cache because of missing expiryHeader",c),await this.deleteFallback(e)}return}let a=parseInt(s);if(Date.now()>=a){try{await t.delete(r)}catch(c){this.logDebug("Handled failure to delete with CF cache because of expiration",c),await this.deleteFallback(e)}return}return await o.json()}catch(t){this.logDebug(t)}}async put(e,t,r){let o=new Headers({"cache-control":`s-maxage=${r}, must-revalidate`,"content-type":"application/json"});o.set(Tr,`${Date.now()+r*1e3}`);let s=await this.#r(),a=this.#o(e),u=new Response(JSON.stringify(t),{headers:o});await s.put(a,u)}async delete(e){let t=await this.#r(),r=this.#o(e);try{await t.delete(r)}catch(o){this.logDebug("Handled failure to delete with CF cache due to explicit delete call",o),await this.deleteFallback(e)}}async deleteFallback(e){let t=new Headers({"Cache-Control":"s-maxage=0, must-revalidate"});t.set(Tr,`${Date.now()}`);let r=await this.#r(),o=this.#o(e),s=new Response("",{headers:t});await r.put(o,s)}logDebug(...e){"logger"in this.#e?this.#e.logger?.debug(`Error in ZoneCache: '${this.#t}'`,e):"log"in this.#e&&this.#e.log.debug(`Error in ZoneCache: '${this.#t}'`,e)}};var oe=class{static{i(this,"MemoryZoneReadThroughCache")}constructor(e,t){let r=`f6726488-fd18-4b7f-9c30-6070565e8042-${e}`;this.#e=e,this.#t=new ze(r),this.#n=new Nt(r,t),this.#r=t}#e;#t;#n;#r;async get(e){let t=this.#t.get(e);if(t)return t;let r=await this.#n.get(e);if(r){let o=Math.floor((r.expires-Date.now())/1e3);if(o>0)return this.#t.put(e,r.data,o),r.data}}put(e,t,r){this.#t.put(e,t,r);let o={data:t,expires:Date.now()+r*1e3},s=this.#n.put(e,o,r).catch(a=>{this.#r.log.error(`Error in MemoryZoneReadThroughCache: '${this.#e}'`,a)});this.#r.waitUntil(s)}};var Cr="__zuplo-expiry-header",vr=class{static{i(this,"StreamingZoneCache")}constructor(e,t){this.#t=e,this.#e=t}#e;#t;#n;async#r(){return this.#n||(this.#n=await caches.open(this.#t)),this.#n}#o(e){return new Request(`https://streaming-zone-cache.zuplo.app/${encodeURIComponent(e)}`)}async get(e){try{let t=await this.#r(),r=this.#o(e),o=await t.match(r);if(!o)return;let s=o.headers.get(Cr);if(!s){await t.delete(r).catch(u=>{this.logDebug(`StreamingZoneCache: error deleting missing expiry entry ${e}`,u)});return}let a=parseInt(s,10);if(Date.now()>=a){await t.delete(r).catch(u=>{this.logDebug(`StreamingZoneCache: error deleting expired entry ${e}`,u)});return}return o.body??void 0}catch(t){this.logDebug(`get(${e}) failed`,t);return}}async put(e,t,r){let o=new Headers({"cache-control":`s-maxage=${r}, must-revalidate`});o.set(Cr,`${Date.now()+r*1e3}`);let s=new Response(t,{headers:o}),a=await this.#r(),u=this.#o(e);await a.put(u,s)}async delete(e){try{await(await this.#r()).delete(this.#o(e))}catch(t){this.logDebug(`delete(${e}) fallback needed`,t),await this.deleteFallback(e)}}async deleteFallback(e){let t=new Headers({"Cache-Control":"s-maxage=0, must-revalidate",[Cr]:`${Date.now()}`}),r=new Response("",{headers:t}),o=await this.#r(),s=this.#o(e);await o.put(s,r)}logDebug(...e){"logger"in this.#e?this.#e.logger?.debug(`StreamingZoneCache(${this.#t}):`,...e):"log"in this.#e&&this.#e.log.debug(`StreamingZoneCache(${this.#t}):`,...e)}};var gs="zuplo-request-id",mt="zp-rid",Sr="zp-body-removed",nt="cf-ray",fs="x-real-ip",Ar="cf-ipcity",Or="cf-ipcontinent",kr="cf-ipcountry",Lr="cf-iplongitude",_r="cf-iplatitude",hs="cf-region",ys="cf-region-code",bs="cf-metro-code",ws="cf-postal-code",Rs="cf-timezone",yn="zp-ipcity",bn="zp-ipcontinent",wn="zp-ipcountry",Rn="zp-iplongitude",Pn="zp-iplatitude",Ps="true-client-ip",Dt="zp-asn",Nr="zp-asorg",Dr="zp-colo",Mt="zp-postalcode",qt="zp-metrocode",Mr="zp-region",Ut="zp-regioncode",Ht="zp-timezone",qr="x-akamai-edgescape",Is=[Ar,Or,kr,Lr,_r,Dt,Nr,Dr,Mt,qt,Mr,Ut,Ht,qr],Es=["zp-","cf-"],xs=[mt,nt,Sr];var $t=Symbol("zuplo_meters"),Zt=Symbol("zuplo_dynamic_meters"),In="system-logger";var te=class n{static{i(this,"ContextData")}static#e;#t;constructor(e){this.#t=e}set(e,t){n.set(e,this.#t,t)}get(e){return n.get(e,this.#t)}static set(e,t,r){n.#e||(n.#e=new WeakMap);let o=n.#e.get(e);o||(o=new Map),o.set(t,r),n.#e.set(e,o)}static get(e,t){return n.#e||(n.#e=new WeakMap),n.#e.get(e)?.get(t)}};import{trace as Qc}from"@opentelemetry/api";import{SpanStatusCode as ac,trace as uc}from"@opentelemetry/api";import{SpanStatusCode as Cn,trace as vn}from"@opentelemetry/api";var Ts=i(n=>(e,t)=>n(e,t),"globalRequestHandlerProxy");function Cs(n){Ts=n}i(Cs,"setTelemetryInitFunction");var vs=i(n=>Ts(n),"proxyHandler");var Be=class{static{i(this,"RuntimePlugin")}},me=class extends Be{static{i(this,"SystemRuntimePlugin")}async initialize(e){return Promise.resolve()}registerRoutes(e,t){}},En=class extends me{static{i(this,"MeteringPlugin")}},Ft=class extends Be{static{i(this,"TelemetryPlugin")}};var jt=class n{static{i(this,"InternalProblemResponseFormatter")}static problemResponseFormat=i(async e=>{let t=e.problem,r=JSON.stringify(t,null,2);return new Response(r,{status:e.problem.status,statusText:e.statusText,headers:{...e.additionalHeaders,"content-type":"application/problem+json"}})},"problemResponseFormat");static setProblemResponseFormat(e){e&&(f("runtime.problem-response-formatter"),n.problemResponseFormat=(t,r,o)=>{try{return e(t,r,o)}catch(s){throw new k("Error in custom 'problemResponseFormat'",{cause:s})}})}},rt=class{static{i(this,"ProblemResponseFormatter")}static async format(e,t,r){return await jt.problemResponseFormat(e,t,r)}};function xn(n){for(let e in n){let t=n[e];t&&typeof t=="object"&&xn(t)}return Object.freeze(n)}i(xn,"deepFreeze");var re=class n extends Request{static{i(this,"ZuploRequest")}#e=void 0;#t;constructor(e,t){super(e,t);let r=t?.params;r?this.#t=r:e instanceof n?this.#t=e.#t:this.#t={};let o=t?.user;o?this.user=o:e instanceof n&&(this.user=e.user)}get query(){if(this.#e===void 0){let e={},t=new URL(this.url).searchParams;for(let[r,o]of t.entries())e[r]=o;this.#e=e}return xn(this.#e)}get params(){return xn(this.#t)}user};var Fr={},Ue=[],Ur=[],Hr=[],$r=[],Zr=[];var Tn={addPlugin(n){Ue.push(n)},addRequestHook(n){Ur.push(n)},addResponseSendingHook(n){Hr.push(n)},addResponseSendingFinalHook(n){$r.push(n)},addPreRoutingHook(n){Zr.push(n)}},As=i(async(n,e)=>{if(Ur.length===0)return n;let t=vn.getTracer("extension");return t.startActiveSpan("hook:onRequest",async r=>{try{let o=n;for(let s of Ur){let a=await t.startActiveSpan(s.name,async u=>{let c=await s(o,e);if(c instanceof re||c instanceof Response)return u.end(),c;{let l=new g(`Invalid state - the OnRequest hook must return a ZuploRequest or Response. Received ${typeof o}.`);throw u.end(),u.recordException(l),u.setStatus({code:Cn.ERROR}),l}});if(a instanceof re)o=a;else return a}return o}finally{r.end()}})},"invokeOnRequestExtensions"),Os=i(async(n,e,t)=>{if(Hr.length===0)return n;let r=vn.getTracer("extension");return r.startActiveSpan("hook:onResponseSending",async o=>{try{let s=n;for(let a of Hr)await r.startActiveSpan(a.name,async u=>{let c=await a(n,e,t);if(c instanceof Response)s=c,u.end();else{let l=new g(`Invalid state - the OnResponseSending hook must return a Response. Received ${typeof s}.`);throw u.recordException(l),u.setStatus({code:Cn.ERROR}),u.end(),l}});return s}finally{o.end()}})},"invokeOnResponseSendingExtensions"),ks=i(async(n,e,t)=>{if($r.length===0)return;let r=vn.getTracer("extension");return r.startActiveSpan("hook:onResponseSendingFinal",async o=>{try{for(let s of $r)await r.startActiveSpan(s.name,async a=>{try{await s(n,e,t)}catch(u){throw a.recordException(u),a.setStatus({code:Cn.ERROR}),a.end(),u}a.end()})}finally{o.end()}})},"invokeOnResponseSendingFinalExtensions"),Ls=i(async n=>{if(Zr.length===0)return n;let e=vn.getTracer("extension");return e.startActiveSpan("hook:preRouting",async t=>{try{let r=n;for(let o of Zr)r=await e.startActiveSpan(o.name,async a=>{try{let u=await o(r);if(u instanceof Request)return u;{let c=new k(`Invalid state - the PreRouting hook must return a Request. Received ${typeof u}.`);throw a.recordException(c),a.setStatus({code:Cn.ERROR}),c}}finally{a.end()}});return r}finally{t.end()}})},"invokePreRoutingHooks"),Ss=!1;async function _s(n){if(!Ss){n&&(f("runtime.extensions"),await n(Tn)),Fr.value=Tn;for(let e of Ue)if(e instanceof Ft){let{requestHandlerProxy:t}=e.instrument({accountName:y.instance.build.ACCOUNT_NAME,projectName:y.instance.build.PROJECT_NAME,buildId:y.instance.build.BUILD_ID,zuploVersion:y.instance.build.ZUPLO_VERSION,compatibilityDate:y.instance.build.COMPATIBILITY_DATE,instanceId:y.instance.instanceId,environmentType:y.instance.loggingEnvironmentType,environmentStage:y.instance.loggingEnvironmentStage,deploymentName:y.instance.deploymentName});Cs(t)}await Promise.all(Ue.map(async e=>{e instanceof me&&await e.initialize(Tn)})),jt.setProblemResponseFormat(Tn.problemResponseFormat),Ss=!0}}i(_s,"initializeRuntime");var jr={Json:"application/json",Form:"application/x-www-form-urlencoded"};function zr(n,e){if(n!==null)return e&&typeof n=="string"?n:typeof n=="object"&&e?.startsWith(jr.Form)?new URLSearchParams(n).toString():typeof n=="object"&&e?.startsWith(jr.Json)||!e?JSON.stringify(n):n}i(zr,"serialize");function gt(n){return he.instance.runtimeSettings.developerPortal.enabled&&n.pathname.startsWith(he.instance.runtimeSettings.developerPortal.sitePathname)||n.pathname.startsWith("/__zuplo/")||n.pathname.startsWith("/__/zuplo/")}i(gt,"isSystemRoute");var ge=class{static{i(this,"Pipeline")}constructor(e){this.execute=this.#t(e)}execute;#e=i((e,t)=>async(r,o)=>uc.getTracer("pipeline").startActiveSpan(`handler:${o.route.handler.export}`,async a=>{try{return await e(r,o)}catch(u){let c=t.errorHandler(r,o,"Error executing request handler.",u);return a.setStatus({code:ac.ERROR}),c}finally{a.end()}}),"#errorWrappedHandler");#t=i(({processors:e,gateway:t,handler:r})=>async(o,s)=>{let a=[...e],u=i(async b=>{let v=a.pop();return v?v(o,s,t,u):await this.#e(async $=>{let Z=await r($,s);return cc(Z)},t)(b,s)},"nextPipe"),l=await u(o),d=new URL(o.url);if(gt(d)&&y.instance.build.COMPATIBILITY_FLAGS.doNotRunHooksOnSystemRoutes)return l;let p=new zt(o,l);s.dispatchEvent(p);let m=Ee.getContextExtensions(s),h=m.latestRequest,I;try{I=await p.mutableResponse}catch(b){return t.errorHandler(o,s,"Error retrieving mutableResponse",b)}try{I=await m.onResponseSending(I,h,s)}catch(b){return t.errorHandler(o,s,"Error invoking 'context.onResponseSending' hook",b)}try{I=await Os(I,h,s)}catch(b){return t.errorHandler(o,s,"Error invoking 'context.onResponseSending' hook",b)}s.dispatchEvent(new Bt(o,I));try{await m.onResponseSendingFinal(l,h,s)}catch(b){throw s.log.error("Error invoking 'runtime.onResponseSending' hook",b),b}try{await ks(l,h,s)}catch(b){throw s.log.error("Error invoking 'runtime.onResponseSending' hook",b),b}return I},"#toZuploPipeline")};function cc(n){return n instanceof Response?n:typeof n>"u"?new Response:new Response(zr(n),{headers:{"content-type":"application/json"}})}i(cc,"resultToResponse");var Ge=class extends Be{static{i(this,"MetricsPlugin")}};var Q=class n{static{i(this,"SystemLogMap")}static#e=new WeakMap;static getLogger(e){let t=n.#e.get(e);if(!t){let r=`No system logger found for context with requestId '${e.requestId}'`;throw console.error(r),new K(r)}return t}static addLogger(e,t){n.#e.set(e,t)}};var Y=class{static{i(this,"BatchDispatch")}constructor(e,t,r,o){this.#t=e,this.#i=t,this.#r=r,this.#n=o??console}#e=void 0;#t;#n;#r;#o=[];#i;enqueue=i(e=>{this.#o.push(e),this.#e||(this.#e=new Promise(t=>{setTimeout(()=>{if(this.#o.length>0){let r=[...this.#o];this.#o.length=0,this.#e=void 0,this.#r(r).catch(o=>{this.#n.error(`Uncaught error in BatchDispatcher named '${this.#t}'}`,o.message,o.stack)}).finally(()=>{t()})}},this.#i)}))},"enqueue");waitUntilFlushed=i(async()=>{if(this.#e)return this.#e},"waitUntilFlushed")};var Sn=class{static{i(this,"ZuploMetricsTransport")}#e;#t;constructor(e){this.#e=e,this.#t=new Y("zuplo-metrics-transport",10,this.dispatchFunction,Q.getLogger(e))}pushMetrics(e,t){this.#t.enqueue(e),t.waitUntil(this.#t.waitUntilFlushed())}dispatchFunction=i(async e=>{if(e.length!==0)try{let{remoteLogURL:t,deploymentName:r}=y.instance,{ACCOUNT_NAME:o,PROJECT_NAME:s}=y.instance.build,a=e.map(p=>{let m=Object.assign({},p);return delete m.requestContentLength,delete m.responseContentLength,m}),u=ds(),c={metadata:{timestamp:new Date,accountName:o,projectName:s,deploymentName:r},metrics:a,features:u},l=new Headers({"content-type":"application/json"});_e(l);let d=await z.fetch(`${t}/v2/runtime/metrics`,{method:"POST",body:JSON.stringify(c),headers:l});if(!d.ok){let p=await d.text();Q.getLogger(this.#e).error(`Metrics POST responded ${d.status}: ${d.statusText}`,p),ps(u)}}catch(t){Q.getLogger(this.#e).error("Failed to send Zuplo metrics.",t)}},"dispatchFunction")};var de=class{static{i(this,"SystemRouteConfiguration")}constructor({label:e,path:t,methods:r,systemRouteName:o,corsPolicy:s="none"}){this.label=e,this.path=t,this.methods=r,this.corsPolicy=s,this.handler={export:"SYSTEM_IGNORED",module:"SYSTEM_IGNORED"},this.systemRouteName=o}label;path;methods;handler;corsPolicy;policies;systemRouteName;raw(){return{}}};var Re=i(async(n,e,t,r)=>{let o=new Date,s=Date.now(),a=await r(n),u=n.headers.get(nt)??void 0,c=n.headers.get(Ps)??void 0,l=e.incomingRequestProperties,d;e.route instanceof de&&(d=e.route.systemRouteName);let p=Ee.getContextExtensions(e).latestRequest,m={timestamp:o,statusCode:a.status,durationMs:Date.now()-s,requestContentLength:n.headers.get("content-length")?Number(n.headers.get("content-length")):void 0,responseContentLength:a.headers.get("content-length")?Number(a.headers.get("content-length")):void 0,routePath:e.route?.path??"SYSTEM_OR_NOT_FOUND",systemRouteName:d,requestId:e.requestId,method:n.method,asn:l.asn,asOrganization:l.asOrganization,colo:l.colo,continent:l.continent,country:l.country,city:l.city,latitude:l.latitude,longitude:l.longitude,rayId:u,instanceId:y.instance.instanceId,userSub:p.user?.sub,clientIp:c},h=[];return!y.instance.isLocalDevelopment&&y.instance.remoteLogURL&&y.instance.remoteLogToken&&y.instance.loggingId&&h.push(new Sn(e)),Ue.forEach(I=>{if(I instanceof Ge){let b=I.getTransport();h.push(b)}}),h.forEach(I=>{I.pushMetrics(m,e)}),a},"metricsProcessor");var Br=i((n,e)=>{let t=i(async(s,a)=>{let u=new URL(s.url),c=y.instance.build,l={buildId:c.BUILD_ID,zuploVersion:c.ZUPLO_VERSION,compatibilityDate:c.COMPATIBILITY_DATE,apiVersion:c.API_VERSION,gitSha:c.GIT_SHA,timestamp:c.TIMESTAMP,isProduction:c.ENVIRONMENT_TYPE==="PRODUCTION"};if(u.searchParams.get("system_log")==="true"&&Q.getLogger(a).error("Test System Log",l),u.searchParams.get("error")==="true")throw new Error("this is an unhandled error");return new Response(JSON.stringify(l,null,2),{status:200,headers:{"content-type":"application/json"}})},"buildRouteHandler"),r=new ge({processors:[Re],handler:t,gateway:e}),o=new de({label:"SYSTEM_BUILD_ROUTE",methods:["GET"],path:"/__zuplo/build",systemRouteName:"build-data"});n.addRoute(o,r.execute)},"registerBuildRoute");var An=(R=>(R[R.CONTINUE=100]="CONTINUE",R[R.SWITCHING_PROTOCOLS=101]="SWITCHING_PROTOCOLS",R[R.PROCESSING=102]="PROCESSING",R[R.EARLY_HINTS=103]="EARLY_HINTS",R[R.OK=200]="OK",R[R.CREATED=201]="CREATED",R[R.ACCEPTED=202]="ACCEPTED",R[R.NON_AUTHORITATIVE_INFORMATION=203]="NON_AUTHORITATIVE_INFORMATION",R[R.NO_CONTENT=204]="NO_CONTENT",R[R.RESET_CONTENT=205]="RESET_CONTENT",R[R.PARTIAL_CONTENT=206]="PARTIAL_CONTENT",R[R.MULTI_STATUS=207]="MULTI_STATUS",R[R.ALREADY_REPORTED=208]="ALREADY_REPORTED",R[R.IM_USED=226]="IM_USED",R[R.MULTIPLE_CHOICES=300]="MULTIPLE_CHOICES",R[R.MOVED_PERMANENTLY=301]="MOVED_PERMANENTLY",R[R.FOUND=302]="FOUND",R[R.SEE_OTHER=303]="SEE_OTHER",R[R.NOT_MODIFIED=304]="NOT_MODIFIED",R[R.USE_PROXY=305]="USE_PROXY",R[R.SWITCH_PROXY=306]="SWITCH_PROXY",R[R.TEMPORARY_REDIRECT=307]="TEMPORARY_REDIRECT",R[R.PERMANENT_REDIRECT=308]="PERMANENT_REDIRECT",R[R.BAD_REQUEST=400]="BAD_REQUEST",R[R.UNAUTHORIZED=401]="UNAUTHORIZED",R[R.PAYMENT_REQUIRED=402]="PAYMENT_REQUIRED",R[R.FORBIDDEN=403]="FORBIDDEN",R[R.NOT_FOUND=404]="NOT_FOUND",R[R.METHOD_NOT_ALLOWED=405]="METHOD_NOT_ALLOWED",R[R.NOT_ACCEPTABLE=406]="NOT_ACCEPTABLE",R[R.PROXY_AUTHENTICATION_REQUIRED=407]="PROXY_AUTHENTICATION_REQUIRED",R[R.REQUEST_TIMEOUT=408]="REQUEST_TIMEOUT",R[R.CONFLICT=409]="CONFLICT",R[R.GONE=410]="GONE",R[R.LENGTH_REQUIRED=411]="LENGTH_REQUIRED",R[R.PRECONDITION_FAILED=412]="PRECONDITION_FAILED",R[R.CONTENT_TOO_LARGE=413]="CONTENT_TOO_LARGE",R[R.PAYLOAD_TOO_LARGE=413]="PAYLOAD_TOO_LARGE",R[R.URI_TOO_LONG=414]="URI_TOO_LONG",R[R.UNSUPPORTED_MEDIA_TYPE=415]="UNSUPPORTED_MEDIA_TYPE",R[R.RANGE_NOT_SATISFIABLE=416]="RANGE_NOT_SATISFIABLE",R[R.EXPECTATION_FAILED=417]="EXPECTATION_FAILED",R[R.I_AM_A_TEAPOT=418]="I_AM_A_TEAPOT",R[R.MISDIRECTED_REQUEST=421]="MISDIRECTED_REQUEST",R[R.UNPROCESSABLE_ENTITY=422]="UNPROCESSABLE_ENTITY",R[R.UNPROCESSABLE_CONTENT=422]="UNPROCESSABLE_CONTENT",R[R.LOCKED=423]="LOCKED",R[R.FAILED_DEPENDENCY=424]="FAILED_DEPENDENCY",R[R.TOO_EARLY=425]="TOO_EARLY",R[R.UPGRADE_REQUIRED=426]="UPGRADE_REQUIRED",R[R.PRECONDITION_REQUIRED=428]="PRECONDITION_REQUIRED",R[R.TOO_MANY_REQUESTS=429]="TOO_MANY_REQUESTS",R[R.REQUEST_HEADER_FIELDS_TOO_LARGE=431]="REQUEST_HEADER_FIELDS_TOO_LARGE",R[R.UNAVAILABLE_FOR_LEGAL_REASONS=451]="UNAVAILABLE_FOR_LEGAL_REASONS",R[R.INTERNAL_SERVER_ERROR=500]="INTERNAL_SERVER_ERROR",R[R.NOT_IMPLEMENTED=501]="NOT_IMPLEMENTED",R[R.BAD_GATEWAY=502]="BAD_GATEWAY",R[R.SERVICE_UNAVAILABLE=503]="SERVICE_UNAVAILABLE",R[R.GATEWAY_TIMEOUT=504]="GATEWAY_TIMEOUT",R[R.HTTP_VERSION_NOT_SUPPORTED=505]="HTTP_VERSION_NOT_SUPPORTED",R[R.VARIANT_ALSO_NEGOTIATES=506]="VARIANT_ALSO_NEGOTIATES",R[R.INSUFFICIENT_STORAGE=507]="INSUFFICIENT_STORAGE",R[R.LOOP_DETECTED=508]="LOOP_DETECTED",R[R.NOT_EXTENDED=510]="NOT_EXTENDED",R[R.NETWORK_AUTHENTICATION_REQUIRED=511]="NETWORK_AUTHENTICATION_REQUIRED",R))(An||{}),Ns={100:"Continue",101:"Switching Protocols",102:"Processing",103:"Early Hints",200:"OK",201:"Created",202:"Accepted",203:"Non-Authoritative Information",204:"No Content",205:"Reset Content",206:"Partial Content",207:"Multi-Status",208:"Already Reported",226:"IM Used",300:"Multiple Choices",301:"Moved Permanently",302:"Found",303:"See Other",304:"Not Modified",305:"Use Proxy",306:"Switch Proxy",307:"Temporary Redirect",308:"Permanent Redirect",400:"Bad Request",401:"Unauthorized",402:"Payment Required",403:"Forbidden",404:"Not Found",405:"Method Not Allowed",406:"Not Acceptable",407:"Proxy Authentication Required",408:"Request Timeout",409:"Conflict",410:"Gone",411:"Length Required",412:"Precondition Failed",413:"Content Too Large",414:"URI Too Long",415:"Unsupported Media Type",416:"Range Not Satisfiable",417:"Expectation Failed",418:"I'm a teapot",421:"Misdirected Request",422:"Unprocessable Content",423:"Locked",424:"Failed Dependency",425:"Too Early",426:"Upgrade Required",428:"Precondition Required",429:"Too Many Requests",431:"Request Header Fields Too Large",451:"Unavailable For Legal Reasons",500:"Internal Server Error",501:"Not Implemented",502:"Bad Gateway",503:"Service Unavailable",504:"Gateway Timeout",505:"HTTP Version Not Supported",506:"Variant Also Negotiates",507:"Insufficient Storage",508:"Loop Detected",510:"Not Extended",511:"Network Authentication Required"};var lc={100:"Continue",101:"Switching Protocols",102:"Processing",103:"Early Hints",200:"OK",201:"Created",202:"Accepted",203:"Non-Authoritative Information",204:"No Content",205:"Reset Content",206:"Partial Content",207:"Multi-Status",208:"Already Reported",226:"IM Used",300:"Multiple Choices",301:"Moved Permanently",302:"Found",303:"See Other",304:"Not Modified",305:"Use Proxy",307:"Temporary Redirect",308:"Permanent Redirect",400:"Bad Request",401:"Unauthorized",402:"Payment Required",403:"Forbidden",404:"Not Found",405:"Method Not Allowed",406:"Not Acceptable",407:"Proxy Authentication Required",408:"Request Timeout",409:"Conflict",410:"Gone",411:"Length Required",412:"Precondition Failed",413:"Payload Too Large",414:"URI Too Long",415:"Unsupported Media Type",416:"Range Not Satisfiable",417:"Expectation Failed",418:"I'm a Teapot",421:"Misdirected Request",422:"Unprocessable Entity",423:"Locked",424:"Failed Dependency",425:"Too Early",426:"Upgrade Required",428:"Precondition Required",429:"Too Many Requests",431:"Request Header Fields Too Large",451:"Unavailable For Legal Reasons",500:"Internal Server Error",501:"Not Implemented",502:"Bad Gateway",503:"Service Unavailable",504:"Gateway Timeout",505:"HTTP Version Not Supported",506:"Variant Also Negotiates",507:"Insufficient Storage",508:"Loop Detected",509:"Bandwidth Limit Exceeded",510:"Not Extended",511:"Network Authentication Required"},Gr=lc;function dc(n){return`${new URL(n.url).pathname}`}i(dc,"instance");function pc(n,e){let t={timestamp:new Date().toISOString(),requestId:e.requestId,buildId:y.instance.build.BUILD_ID},r=n.headers.get(nt);return r&&(t.rayId=r),t}i(pc,"trace");var mc=i((n,e,t,r,o)=>({problem:{type:n.type,title:n.title,status:n.status,detail:n.detail,instance:dc(e),trace:pc(e,t),...r},additionalHeaders:o,statusText:Gr[n.status]}),"merge"),Vr=class{static{i(this,"HttpProblemsBase")}static format=i((e,t,r)=>"problem"in e?rt.format(e,t,r):rt.format({problem:e},t,r),"format");static getProblemFromStatus(e,t){return{type:`https://httpproblems.com/http-status/${e}`,status:e,title:Ns[e],...t}}},x=class extends Vr{static{i(this,"HttpProblems")}static#e(e,t,r,o,s){let a=mc(this.getProblemFromStatus(e),t,r,o,s);return rt.format(a,t,r)}static continue=i((e,t,r,o)=>this.#e(200,e,t,r,o),"continue");static switchingProtocols=i((e,t,r,o)=>this.#e(101,e,t,r,o),"switchingProtocols");static processing=i((e,t,r,o)=>this.#e(102,e,t,r,o),"processing");static earlyHints=i((e,t,r,o)=>this.#e(103,e,t,r,o),"earlyHints");static ok=i((e,t,r,o)=>this.#e(200,e,t,r,o),"ok");static created=i((e,t,r,o)=>this.#e(201,e,t,r,o),"created");static accepted=i((e,t,r,o)=>this.#e(202,e,t,r,o),"accepted");static nonAuthoritativeInformation=i((e,t,r,o)=>this.#e(203,e,t,r,o),"nonAuthoritativeInformation");static noContent=i((e,t,r,o)=>this.#e(204,e,t,r,o),"noContent");static resetContent=i((e,t,r,o)=>this.#e(205,e,t,r,o),"resetContent");static partialContent=i((e,t,r,o)=>this.#e(206,e,t,r,o),"partialContent");static multiStatus=i((e,t,r,o)=>this.#e(207,e,t,r,o),"multiStatus");static alreadyReported=i((e,t,r,o)=>this.#e(208,e,t,r,o),"alreadyReported");static imUsed=i((e,t,r,o)=>this.#e(226,e,t,r,o),"imUsed");static multipleChoices=i((e,t,r,o)=>this.#e(300,e,t,r,o),"multipleChoices");static movedPermanently=i((e,t,r,o)=>this.#e(301,e,t,r,o),"movedPermanently");static found=i((e,t,r,o)=>this.#e(302,e,t,r,o),"found");static seeOther=i((e,t,r,o)=>this.#e(303,e,t,r,o),"seeOther");static notModified=i((e,t,r,o)=>this.#e(304,e,t,r,o),"notModified");static useProxy=i((e,t,r,o)=>this.#e(305,e,t,r,o),"useProxy");static switchProxy=i((e,t,r,o)=>this.#e(306,e,t,r,o),"switchProxy");static temporaryRedirect=i((e,t,r,o)=>this.#e(307,e,t,r,o),"temporaryRedirect");static permanentRedirect=i((e,t,r,o)=>this.#e(308,e,t,r,o),"permanentRedirect");static badRequest=i((e,t,r,o)=>this.#e(400,e,t,r,o),"badRequest");static unauthorized=i((e,t,r,o)=>this.#e(401,e,t,r,o),"unauthorized");static paymentRequired=i((e,t,r,o)=>this.#e(402,e,t,r,o),"paymentRequired");static forbidden=i((e,t,r,o)=>this.#e(403,e,t,r,o),"forbidden");static notFound=i((e,t,r,o)=>this.#e(404,e,t,r,o),"notFound");static methodNotAllowed=i((e,t,r,o)=>this.#e(405,e,t,r,o),"methodNotAllowed");static notAcceptable=i((e,t,r,o)=>this.#e(406,e,t,r,o),"notAcceptable");static proxyAuthenticationRequired=i((e,t,r,o)=>this.#e(407,e,t,r,o),"proxyAuthenticationRequired");static requestTimeout=i((e,t,r,o)=>this.#e(408,e,t,r,o),"requestTimeout");static conflict=i((e,t,r,o)=>this.#e(409,e,t,r,o),"conflict");static gone=i((e,t,r,o)=>this.#e(410,e,t,r,o),"gone");static lengthRequired=i((e,t,r,o)=>this.#e(411,e,t,r,o),"lengthRequired");static preconditionFailed=i((e,t,r,o)=>this.#e(412,e,t,r,o),"preconditionFailed");static contentTooLarge=i((e,t,r,o)=>this.#e(413,e,t,r,o),"contentTooLarge");static uriTooLong=i((e,t,r,o)=>this.#e(414,e,t,r,o),"uriTooLong");static unsupportedMediaType=i((e,t,r,o)=>this.#e(415,e,t,r,o),"unsupportedMediaType");static rangeNotSatisfiable=i((e,t,r,o)=>this.#e(416,e,t,r,o),"rangeNotSatisfiable");static expectationFailed=i((e,t,r,o)=>this.#e(417,e,t,r,o),"expectationFailed");static imATeapot=i((e,t,r,o)=>this.#e(418,e,t,r,o),"imATeapot");static misdirectedRequest=i((e,t,r,o)=>this.#e(421,e,t,r,o),"misdirectedRequest");static unprocessableContent=i((e,t,r,o)=>this.#e(422,e,t,r,o),"unprocessableContent");static locked=i((e,t,r,o)=>this.#e(423,e,t,r,o),"locked");static failedDependency=i((e,t,r,o)=>this.#e(424,e,t,r,o),"failedDependency");static tooEarly=i((e,t,r,o)=>this.#e(425,e,t,r,o),"tooEarly");static upgradeRequired=i((e,t,r,o)=>this.#e(426,e,t,r,o),"upgradeRequired");static preconditionRequired=i((e,t,r,o)=>this.#e(428,e,t,r,o),"preconditionRequired");static tooManyRequests=i((e,t,r,o)=>this.#e(429,e,t,r,o),"tooManyRequests");static requestHeaderFieldsTooLarge=i((e,t,r,o)=>this.#e(431,e,t,r,o),"requestHeaderFieldsTooLarge");static unavailableForLegalReasons=i((e,t,r,o)=>this.#e(451,e,t,r,o),"unavailableForLegalReasons");static internalServerError=i((e,t,r,o)=>this.#e(500,e,t,r,o),"internalServerError");static notImplemented=i((e,t,r,o)=>this.#e(501,e,t,r,o),"notImplemented");static badGateway=i((e,t,r,o)=>this.#e(502,e,t,r,o),"badGateway");static serviceUnavailable=i((e,t,r,o)=>this.#e(503,e,t,r,o),"serviceUnavailable");static gatewayTimeout=i((e,t,r,o)=>this.#e(504,e,t,r,o),"gatewayTimeout");static httpVersionNotSupported=i((e,t,r,o)=>this.#e(505,e,t,r,o),"httpVersionNotSupported");static variantAlsoNegotiates=i((e,t,r,o)=>this.#e(506,e,t,r,o),"variantAlsoNegotiates");static insufficientStorage=i((e,t,r,o)=>this.#e(507,e,t,r,o),"insufficientStorage");static loopDetected=i((e,t,r,o)=>this.#e(508,e,t,r,o),"loopDetected");static notExtended=i((e,t,r,o)=>this.#e(510,e,t,r,o),"notExtended");static networkAuthenticationRequired=i((e,t,r,o)=>this.#e(511,e,t,r,o),"networkAuthenticationRequired")};var{toString:gc}=Object.prototype,{propertyIsEnumerable:fc}=Object.prototype;function Wr(n){return gc.call(n)}i(Wr,"toString");function xe(n){return typeof n=="string"}i(xe,"isString");function ft(n){return xe(n)&&n!==""}i(ft,"isNonEmptyString");function Ds(n){return Wr(n)==="[object RegExp]"}i(Ds,"isRegexp");function Ms(n){return[...Object.keys(n),...Object.getOwnPropertySymbols(n).filter(e=>fc.call(n,e))]}i(Ms,"getOwnEnumerableKeys");function ot(n){return typeof n=="object"&&n!==null&&!Array.isArray(n)&&!(n instanceof RegExp)&&!(n instanceof Date)}i(ot,"isObject");function Jr(n){return typeof n=="number"&&!isNaN(n)}i(Jr,"isNumber");function Kr(n){return n===!0||n===!1}i(Kr,"isBoolean");function qs(n){return typeof n>"u"}i(qs,"isUndefined");function Us(n){return qs(n)||n===null}i(Us,"isUndefinedOrNull");function Gt(n){return!!n&&typeof n=="object"&&"name"in n&&"message"in n&&"stack"in n}i(Gt,"isErrorLike");var Hs=new Map;function Ve(n){if(Array.isArray(n)&&!n.some(o=>typeof o!="number"))return n;if(typeof n!="string")throw new Error("Input must be a string or an array of numbers");if(!/^\d+(?:-\d+)?(?:,\s*\d+(?:-\d+)?)*$/.test(n))throw new g("Malformed input string");let e=Hs.get(n);if(e)return e;let t=n.split(","),r=[];for(let o of t){let s=o.split("-");if(s.length===2){let a=parseInt(s[0],10),u=parseInt(s[1],10);for(let c=a;c<=u;c++)r.push(c)}else r.push(parseInt(o,10))}return Hs.set(n,r),r}i(Ve,"statusCodesStringToNumberArray");function He(n,e,t){if(!e.startsWith("."))throw new g(`Invalid ${t} - must start with '.' - '${e}' does not`);let r=e.split(".").splice(1),o=n;return r.forEach(s=>{if(o===void 0)throw new k(`Error applying ${t} '${e}', reading '${s}'`);o=o[s]}),`${o}`}i(He,"getValueFromRequestUser");function it(n){if(Array.isArray(n)){if(n.includes(t=>typeof t!="string"))throw new g("Received an array that contains non-string values.");return n}if(xe(n))return n.includes(",")?n.split(",").map(t=>t.trim()).filter(t=>t!==","&&t!==""):[n];throw new g(`Expected type of string, received type '${typeof n}'`)}i(it,"parseValueToStringArray");function $s(n){if(n==null)return[];if(!Array.isArray(n))throw new g(`Invalid corsPolicy configuration. Expected an array of objects, received '${typeof n}'`);return n.map(t=>{if(!ot(t))throw new g(`Invalid custom cors policy is set. Expected an object, received '${typeof t}'`);if(!ft(t.name))throw new g("Value of 'name' on custom cors policies must be a non-empty string.");if(t.maxAge!==void 0&&!Jr(t.maxAge))throw new g(`Value of 'maxAge' on custom cors policies must be a non-empty string. Received type '${typeof t.maxAge}'`);if(t.allowCredentials!==void 0&&!Kr(t.allowCredentials))throw new g("Value of 'allowCredentials' on custom cors policies must be a boolean or not be set. If using an environment variable, check that it is set correctly.");let r=Qr(t,"allowedHeaders"),o=Qr(t,"allowedMethods"),s=Qr(t,"exposeHeaders"),a;try{a=it(t.allowedOrigins)}catch(c){throw new g(`Value of 'allowedOrigins' on custom cors policies is invalid. ${c.message} If using an environment variable, check that it is set correctly.`)}return{name:t.name,allowCredentials:typeof t.allowCredentials=="boolean"?String(t.allowCredentials):void 0,allowedOrigins:a,allowedHeaders:r?r.join(", "):void 0,allowedMethods:o?o.join(", "):void 0,exposeHeaders:s?s.join(", "):void 0,maxAge:typeof t.maxAge=="number"?t.maxAge.toString():void 0}})}i($s,"parseCorsPolicies");function Qr(n,e){let t;if(n[e]!==void 0)try{t=it(n[e])}catch(r){throw new g(`Value of '${e}' on custom cors policies is invalid. ${r.message} If using an environment variable, check that it is set correctly.`)}return t}i(Qr,"parseOptionalProperty");var On=i((n,e)=>{if(e===null)return;if(n.find(a=>a==="*"))return e;let r=n.map(a=>a.trim().toLowerCase()),o=e.toLowerCase();return r.find(a=>a===o)},"findMatchingOrigin"),kn=i((n,e)=>{let t={"access-control-allow-origin":e};n.allowedHeaders&&(t["access-control-allow-headers"]=n.allowedHeaders),n.allowedMethods&&(t["access-control-allow-methods"]=n.allowedMethods),n.exposeHeaders&&(t["access-control-expose-headers"]=n.exposeHeaders);let r=n.allowCredentials;r&&(t["access-control-allow-credentials"]=r);let o=n.maxAge?.toString()??void 0;return o&&(t["access-control-max-age"]=o),t},"generateCorsHeaders");var Yr=i((n,e)=>{let t=e.routeData.corsPolicies,r=i(async(a,u)=>{let c=new URL(a.url.toString()).pathname,l=a.headers.get("access-control-request-method"),d=a.headers.get("access-control-request-headers"),p=a.headers.get("origin");if(p===null||l===null)return x.badRequest(a,u,{detail:"Expect headers origin and access-control-request-method"});let m=n.lookup(c,l);if(!m)return x.notFound(a,u);let h=m.routeConfiguration,I=hc(l,d,p,h,t);return I.isValid?new Response(void 0,{status:200,statusText:"OK",headers:I.headers}):(I.error&&u.log.warn(I.error),x.notFound(a,u))},"optionsHandler"),o=new ge({processors:[Re],handler:r,gateway:e}),s=new de({label:"SYSTEM_CORS_ROUTE",methods:["OPTIONS"],path:"/(.*)",systemRouteName:"cors-preflight"});n.addRoute(s,o.execute)},"registerCorsRoute"),hc=i((n,e,t,r,o)=>{let s={isValid:!1,headers:{}};if(r.corsPolicy==="anything-goes")return{isValid:!0,headers:{"access-control-allow-origin":t,"access-control-allow-methods":n,"access-control-allow-headers":e??"*","access-control-expose-headers":"*","access-control-allow-credentials":"true","access-control-max-age":"600"}};if(r.corsPolicy==="none")return{...s,error:`No CORS policy set for the route '${r.pathPattern}'`};let a=o?.find(l=>l.name===r.corsPolicy);if(!a)throw new g(`Invalid Configuration - corsPolicy '${r.corsPolicy}' not found in *.oas.json 'corsPolicies' section.`);let u=On(a.allowedOrigins,t);return u?{isValid:!0,headers:kn(a,u)}:{...s,error:`The CORS policy '${a.name}' does not allow the origin '${t}'`}},"validateAndBuildResponseHeaders");var Zs=i((n,e)=>{let t=i(async()=>new Response("You have no routes. Add a route in routes.oas.json to get started",{status:200}),"noRoutesHandler"),r=new ge({processors:[Re],handler:t,gateway:e}),o=new de({label:"SYSTEM_NO_ROUTES",methods:["CONNECT","DELETE","GET","HEAD","OPTIONS","PATCH","POST","PUT","TRACE"],path:"/(.*)",systemRouteName:"empty-gateway-catchall"});n.addRoute(o,r.execute)},"registerNoRoutes");var We=class{static{i(this,"UserRouteConfiguration")}constructor(e){this.path=e.path,this.methods=e.methods,this.label=e.label,this.key=e.key,this.handler=e.handler,this.corsPolicy=e.corsPolicy,this.custom=e.custom,this.policies=e.policies,this.excludeFromOpenApi=e.excludeFromOpenApi,this.pathPattern=e.pathPattern,this.raw=e.raw}raw;get summary(){return this.raw()?.summary}get operationId(){return this.raw()?.operationId}get tags(){return this.raw()?.tags}get parameters(){return this.raw()?.parameters}get responses(){return this.raw()?.responses}label;key;path;excludeFromOpenApi;pathPattern;custom;methods;handler;corsPolicy;policies};var yc=new de({label:"SYSTEM_NOT_FOUND_ROUTE",methods:["CONNECT","DELETE","GET","HEAD","OPTIONS","PATCH","POST","PUT","TRACE"],path:"/(.*)",systemRouteName:"unmatched-path"}),Fs=i((n,e)=>{let t=i(async(o,s)=>{let a=Fr.value?.notFoundHandler;if(a){let u=new URL(o.url);return a(o,s,{get routesMatchedByPathOnly(){return n.lookupByPathOnly(u.pathname).map(l=>l.routeConfiguration).filter(l=>l instanceof We)}})}return x.notFound(o,s)},"notFoundHandler"),r=new ge({processors:[Re],handler:t,gateway:e});n.addRoute(yc,r.execute)},"registerNotMatchedHandler");var bc=["access-control-allow-origin","access-control-allow-headers","access-control-expose-headers","access-control-allow-credentials","access-control-max-age"],js=i(n=>{bc.forEach(e=>n.delete(e))},"stripCorsHeaders"),Ln=i(async(n,e,t,r)=>{let o=e.route;if(!o.corsPolicy||o.corsPolicy==="none"){let d=await r(n),p=new Headers(d.headers);return js(p),new Response(d.body,{status:d.status,statusText:d.statusText,headers:p,webSocket:d.webSocket})}let s=await r(n);if(!(s instanceof Response))throw new K(`The CorsProcessor is in the wrong place in the pipeline. It should only receive HttpResponse type but got '${typeof s}'`);let a=wc(o,t.routeData.corsPolicies),u=Rc(n,a),c=new Headers(s.headers);return js(c),Object.entries(u).forEach(([d,p])=>{c.set(d,p)}),new Response(s.body,{status:s.status,statusText:s.statusText,headers:c,webSocket:s.webSocket})},"corsProcessor"),wc=i((n,e)=>{if(n.corsPolicy==="anything-goes")return{name:"anything-goes",allowedHeaders:"*",allowedOrigins:["*"],allowedMethods:n.methods.join(", "),exposeHeaders:"*",allowCredentials:"true",maxAge:"600"};let t=e?.find(r=>r.name===n.corsPolicy);if(t===void 0)throw new g(`Invalid Configuration - no corsPolicy '${n.corsPolicy}' found in *.oas.json`);return t},"getCorsPolicy"),Rc=i((n,e)=>{let t=On(e.allowedOrigins,n.headers.get("origin"));return t?kn(e,t):{}},"getCorsHeaders");var Xr=i((n,e)=>{let t=i(async()=>new Response(JSON.stringify({buildId:y.instance.build.BUILD_ID}),{status:200,headers:{"content-type":"application/json"}}),"pingRouteHandler"),r=new ge({processors:[Ln],handler:t,gateway:e}),o=new de({corsPolicy:"anything-goes",label:"SYSTEM_PING_ROUTE",methods:["GET"],path:"/__zuplo/ping",systemRouteName:"ping"});n.addRoute(o,r.execute)},"registerPingRoute");import{SpanStatusCode as zs,trace as Bs}from"@opentelemetry/api";var $e={RoutePathPattern:"zuplo.route.path_pattern",RouteOperationId:"zuplo.route.operation_id",RouteTrace:"zuplo.route.trace",RouteSystem:"zuplo.route.system",SystemTrace:"zuplo.system",PolicyName:"zuplo.policy.name",PolicyType:"zuplo.policy.type",ZuploBuildId:"zuplo.build.id",ZuploBuildVersion:"zuplo.build.version",ZuploBuildCompatibilityDate:"zuplo.build.compatibility_date",ZuploEnvironmentType:"zuplo.environment_type"};var _n=class{static{i(this,"PolicyBase")}options;policyName;policyType;constructor(e,t){if(!xe(t))throw new k(`The name of a policy must be a string. Received '${t}' of type '${typeof t}'`);this.options=e,this.policyName=t,this.policyType=Object.getPrototypeOf(this).constructor.name}},ae=class extends _n{static{i(this,"InboundPolicy")}},Je=class extends _n{static{i(this,"OutboundPolicy")}};var no=class extends ae{static{i(this,"InboundFunctionOnlyPolicy")}#e;constructor(e,t,r){super(t,r),this.policyType=e.name,this.#e=e}handler(e,t){return this.#e(e,t,this.options,this.policyName)}},ro=class extends Je{static{i(this,"OutboundFunctionOnlyPolicy")}#e;constructor(e,t,r){super(t,r),this.policyType=e.name,this.#e=e}handler(e,t,r){return this.#e(e,t,r,this.options,this.policyName)}},eo=new Map;function Vt(n,e){let t,r;return Array.isArray(n)?t=n:(t=n.policies?.inbound??[],r=n.path),t.filter(s=>!eo.has(s)).forEach(s=>{let a=e?.find(l=>l.name===s);if(!a)throw new g(`Invalid state - no Policy with the name '${s}' ${r&&`on route '${r}'`} was found in the policies configuration (check case).`);if(typeof a.handler?.module!="object")throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof policy '${typeof a.handler?.module}')`);let u=a.handler?.module[a.handler.export];if(typeof u!="function")throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof module '${typeof u}')`);let c;if(typeof u!="function")throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof module '${typeof u}')`);if(u.prototype instanceof ae)c=new u(a.handler.options,a.name);else if(typeof u=="function")c=new no(u,a.handler.options,a.name);else throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof policy '${typeof u}')`);if(typeof c.handler!="function")throw new g(`Invalid state - invalid handler on policy '${s}' on route '${r}' (typeof handler '${typeof c.handler}')`);eo.set(a.name,c)}),t.map(s=>{let a=eo.get(s);if(a===void 0)throw new k("Internal error. Policy not found in cache.");return a})}i(Vt,"getInboundPolicyInstances");var to=new Map;function Wt(n,e){let t,r;return Array.isArray(n)?t=n:(t=n.policies?.outbound??[],r=n.path),t.filter(s=>!to.has(s)).forEach(s=>{let a=e?.find(l=>l.name===s);if(!a)throw new g(`Invalid state - no Policy with the name '${s}' on route '${r}' was found in the policies configuration (check case).`);if(typeof a.handler?.module!="object")throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof policy '${typeof a.handler?.module}')`);let u=a.handler?.module[a.handler.export],c;if(typeof u!="function")throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof module '${typeof u}')`);if(u.prototype instanceof Je)c=new u(a.handler.options??{},a.name);else if(typeof u=="function")c=new ro(u,a.handler.options??{},a.name);else throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof policy '${typeof u}')`);if(typeof c.handler!="function")throw new g(`Invalid state - invalid handler on policy '${s}' on route '${r}'`);to.set(a.name,c)}),t.map(s=>{let a=to.get(s);if(a===void 0)throw new k("Internal error. Policy not found in cache.");return a})}i(Wt,"getOutboundPolicyInstances");var oo=i(n=>async(e,t)=>{let r=Ee.getContextExtensions(t),o=Bs.getTracer("pipeline");return await o.startActiveSpan("policies:inbound",async s=>{try{let a=[...n],u=e;for(;a.length>0;){let c=a.shift();if(!c)return u;let l=await o.startActiveSpan(`policy:${c.policyName}`,async d=>{let p=await c.handler(u,t);if(p instanceof Request||p instanceof re||p instanceof Response)return d.end(),p;{let m=new g(`Invalid state - invalid handler on policy '${c.policyName}' on route '${t.route.path}. The result of an inbound policy must be a Response or Request.`);throw d.end(),d.setStatus({code:zs.ERROR}),d.recordException(m),m}});if(l instanceof re)u=l;else if(l instanceof Request)u=new re(l);else if(l instanceof Response)return l;r.latestRequest=u}return u}finally{s.end()}})},"toStackedInboundHandler"),io=i(n=>async(e,t,r)=>{let o=Bs.getTracer("pipeline");return await o.startActiveSpan("policies:outbound",async s=>{try{let a=[...n],u=e;for(;a.length>0;){let c=a.shift();if(!c)return u;u=await o.startActiveSpan(`policy:${c.policyName}`,async d=>{try{d.setAttribute($e.PolicyName,c.policyName),d.setAttribute($e.PolicyType,c.policyType);let p=await c.handler(u,t,r);if(p instanceof Response)return p;{let m=new g(`Invalid state - invalid handler on policy '${c.policyName}' on route '${r.route.path}. The result of an outbound policy must be a Response.`);throw d.setStatus({code:zs.ERROR}),d.recordException(m),m}}finally{d.end()}})}return u}finally{s.end()}})},"toStackedOutboundHandler"),Nn=i(async(n,e,t,r)=>{let o=Vt(e.route,t.routeData.policies),s=Wt(e.route,t.routeData.policies);return Vs({request:n,context:e,inboundPolicies:o,outboundPolicies:s,gateway:t,next:r})},"policyProcessor");function Gs({inboundPolicies:n=[],outboundPolicies:e=[]}){return i(async(r,o,s,a)=>Vs({request:r,context:o,inboundPolicies:n,outboundPolicies:e,gateway:s,next:a}),"policyProcessor")}i(Gs,"createInternalPolicyProcessor");async function Vs({request:n,context:e,inboundPolicies:t,outboundPolicies:r,gateway:o,next:s}){let a=oo(t);try{let u=await a(n,e);if(u instanceof Response)return u;let c=await s(u),l=io(r),d;return y.instance.build.COMPATIBILITY_FLAGS.runOutboundPoliciesOnHandlerOnAllStatuses?d=l(c,n,e):d=c.ok?l(c,n,e):c,d}catch(u){return o.errorHandler(n,e,"Error executing policies",u)}}i(Vs,"executePolicyProcessor");var Qs=Du(Ks(),1);function Ys(n,e){try{let t=/v\d+(-\d+)?/g,o=(0,Qs.parse)(e.get("Cookie")||"")["zp-dev-portal"];return o!==null&&o&&t.test(o)?`https://dev-portal-${o}.zuplo.com`:n}catch{}return n}i(Ys,"devPortalBaseURL");var Xs="/__zuplo/dev-portal",kc="dev-portal-id",Lc="dev-portal-host",_c="zp-account",Nc="zp-project",Dc="dev-portal-build",Mc=`
+  `)+" "+t[1]:t[0]+e+" "+n.join(", ")+" "+t[1]}i(nc,"reduceToSingleString");var is=i((n,...e)=>Xi(je,n,e),"format");var Rr=class{static{i(this,"Debugger")}manager;ns;color;last;enabled;constructor(e,t){this.manager=e,this.ns=t,this.color=Yi(t),this.last=0,this.enabled=e.enabled.some(r=>r.test(t))}log(...e){if(!this.enabled)return;let t,r=e[0];typeof r=="function"?t=r():t=String(r);let o=Date.now()-(this.last||Date.now());t=is(t,...e);let s=`${this.color(this.ns)} ${t} ${this.color(`+${o}ms`)}`;console.log(s),this.last=Date.now()}},Pr=class{static{i(this,"DebugManager")}debuggers;enabled;constructor(e){this.debuggers=new Map,this.enabled=e??[]}};function rc(n){return!n||n.length===0?[]:(n=n.replace(/\s/g,"").replace(/\*/g,".+"),n.split(",").map(e=>new RegExp(`^${e}$`)))}i(rc,"extract");var mn;function be(n){let e=globalThis.DEBUG;mn||(mn=new Pr(rc(e)));let t=new Rr(mn,n);return mn.debuggers.set(n,t),Object.assign(t.log.bind(t),{self:t})}i(be,"debug");var K=class extends Error{static{i(this,"SystemError")}constructor(e,t){super(e,t),this.name="InternalError"}},k=class extends Error{static{i(this,"RuntimeError")}extensionMembers;constructor(e,t){typeof e=="string"?super(e,t):(super(e.message,t),this.extensionMembers=e.extensionMembers),this.name="RuntimeError"}},g=class extends k{static{i(this,"ConfigurationError")}constructor(e,t){super(e,t),this.name="ConfigurationError"}};var tt=be("zuplo:runtime:external-service");function oc(){let n,{__ZUPLO_EXTERNAL_SERVICE_TOKEN:e}=y.instance.runtime;if(e&&e!=="undefined")try{let t=atob(e);n=JSON.parse(t)}catch{}return n}i(oc,"getServiceAuth");async function ss(n,e){let t=oc();if(t)if(tt(`Using external service auth. ClientId: ${t.clientId})`),typeof n=="string"){let r=new URL(n),o=r.hostname,s=e??{},a=new Headers(s.headers||{});a.set("CF-Access-Client-Id",t.clientId),a.set("CF-Access-Client-Secret",t.clientSecret),s.headers=a;let u;if(t.customServiceMapping&&t.customServiceMapping[o])u=`https://${t.customServiceMapping[o]}`;else if(y.instance.useLegacyServiceRouting)u=`https://${o}.zuptunnel.com`;else{tt("Using sha256 service routing");let d=y.instance.build;if(d.ACCOUNT_NAME&&d.PROJECT_NAME&&d.ENVIRONMENT_TYPE){let p=await ic(o,d.ACCOUNT_NAME,d.PROJECT_NAME,d.ENVIRONMENT_TYPE),m=as(d.ENVIRONMENT_TYPE),h=await Ir(`${d.ACCOUNT_NAME}-${d.PROJECT_NAME}-${m}`);h==="40d7ad502f5d743997999594c177184a00161a77865423511f3a1ea21eb5a5e"||h==="d05bffe8fa91a300187d2cf43e8aa4a56bd809c442ae10d1ee49af7d29a5a11"?u=`https://${p}.zuptunnel.com`:u=`https://${p}.t.zuplo.app`}else throw tt("Cannot use sha256 service routing, missing build variables"),new k("Failed to generate fully qualified tunnel url.")}let c=new URL(`${u}${r.pathname}${r.search}`);tt(`Calling external service: ${c.toString()}`);let l=await gn(c.toString(),s);if(l.status===403&&l.headers.get("cf-access-domain")!==null)throw console.error("403 Forbidden when calling external service.",{clientId:t.clientId,tunnelHost:u}),new k("Could not connect to secure tunnel.");return l}else throw tt("Cannot call external service with Request object"),new k("Currently, we only support fetch(<some_string>, ...).");else throw tt("There is no external service auth configured for this zup."),new k("There are no external services configured for this zup.")}i(ss,"externalServiceHandler");async function ic(n,e,t,r){let o=n.toLowerCase(),s=e.toLowerCase(),a=t.toLowerCase(),u=as(r);tt(`Hashing service name: ${s}-${o}.${s}-${a}-${u}`);let c=await Ir(`${s}-${o}`),l=await Ir(`${s}-${a}-${u}`);return`${c}.${l}`}i(ic,"hashServiceName");async function Ir(n){let e=new TextEncoder().encode(n),t=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(t)).map(s=>s.toString(16).padStart(2,"0")).join("").slice(0,-1)}i(Ir,"hashSegment");function as(n){let e=n.toLowerCase();switch(e){case"production":case"preview":return e;default:return"working-copy"}}i(as,"sanitizeEnvironmentType");var us=new Map;us.set("service:",ss);var gn=globalThis.fetch;function Er(n,e){let t=sc(e);if(typeof n=="string"){let r=new URL(n),o=us.get(r.protocol);return o?o(n,t):gn(n,t)}else return gn(n,t)}i(Er,"internalFetch");globalThis.fetch=Er;var sc=i(n=>{if(!n||n instanceof Request)return n;let e=n;if(!e.zuplo)return n;let t=n;return t.cf={cacheEverything:e.zuplo?.cacheEverything,cacheTtl:e.zuplo?.cacheTtlSeconds},delete n.zuplo,n},"transformInit");var ac={fetch:Er},z=ac;Function.prototype.toString=function(){return"[native code]"};var fn=globalThis,cs=fn.caches;if(cs){let n=cs.open;fn.caches.open=function(e){let t=y.instance.deploymentName??y.instance.build.BUILD_ID;return n.call(this,`${t}-${e}`)},delete fn.caches.default,Object.freeze(fn.caches)}var hn=new Set,ls=new Set;function f(n){ls.has(n)||(ls.add(n),hn.add(n))}i(f,"trackFeature");function ds(){let n=[...hn];return hn.clear(),n}i(ds,"getUnsentFeatures");function ps(n){for(let e of n)hn.add(e)}i(ps,"restoreFeatures");function _e(n,e){n.has("Authorization")||n.set("Authorization",`Bearer ${y.instance.authApiJWT}`),n.set("zp-rid",e??`global-${crypto.randomUUID()}`),n.set("zp-dn",y.instance.deploymentName??"unknown"),n.set("User-Agent",y.instance.systemUserAgent),n.set("zp-compat-date",y.instance.build.COMPATIBILITY_DATE??"none")}i(_e,"setZuploHeaders");async function uc(n,e={}){f("utility.zuplo-api-services");let{method:t="GET",data:r}=e,o=new URL(n,y.instance.zuploEdgeApiUrl),s=new Headers(e.headers);_e(s),s.set("Content-Type","application/json");let a={method:t,headers:s};r&&(a.body=JSON.stringify(r));let u=await z.fetch(o,a),c;try{if(!u.ok)throw c=await u.clone().json(),new Error(`Error ${u.status}: ${JSON.stringify(c)||"Request failed"}`);if(u.status===204)return;c=await u.clone().json()}catch(l){throw new Error(l.message)}return c}i(uc,"apiServices");var ms=new Map,xr=class{static{i(this,"InnerCache")}constructor(e){this.#e=e.maxSize}#e;#t=0;#n=new Map;#r=[];get(e){let t=this.#n.get(e);if(!t)return;let r=Date.now();if(r>t.expiresAt){this.#n.delete(e);return}return t.lastUsed=r,this.#o(),t?.data}put(e,t,r){if(r<=0)return;if(this.#n.size>=this.#e){let a=this.#r.shift();a&&this.#n.delete(a)}let o=Date.now(),s={created:o,lastUsed:o,expiresAt:o+r*1e3,data:t};this.#r.push(e),this.#n.set(e,s)}delete(e){let t=this.#r.indexOf(e);t>=0&&this.#r.slice(t,1),this.#n.delete(e)}get size(){return this.#n.size}#o(){let e=Date.now();this.#t+1e4*1e3>e&&(this.purge(),this.#t=e)}purge(){let e=Date.now();this.#n.forEach((t,r)=>{t.expiresAt>=e&&this.#n.delete(r)})}},ze=class{static{i(this,"MemoryCache")}constructor(e,t={maxSize:1e3}){this.name=e;let r=ms.get(e);r||(r=new xr(t),ms.set(e,r)),this.#e=r}name;#e;get(e){return this.#e.get(e)}put(e,t,r){return this.#e.put(e,t,r)}delete(e){return this.#e.delete(e)}get size(){return this.#e.size}purge(){this.#e.purge()}};var Tr="__zuplo-expiry-header",Nt=class{static{i(this,"ZoneCache")}constructor(e,t){this.#t=e,this.#e=t}#e;#t;#n;async#r(){return this.#n||(this.#n=await caches.open(this.#t)),this.#n}#o(e){return new Request(`https://zone-cache.zuplo.app/${encodeURIComponent(e)}`)}async get(e){try{let t=await this.#r(),r=this.#o(e),o=await t.match(r);if(!o)return;let s=o.headers.get(Tr);if(!s){try{await t.delete(r)}catch(c){this.logDebug("Handled failure to delete with CF cache because of missing expiryHeader",c),await this.deleteFallback(e)}return}let a=parseInt(s);if(Date.now()>=a){try{await t.delete(r)}catch(c){this.logDebug("Handled failure to delete with CF cache because of expiration",c),await this.deleteFallback(e)}return}return await o.json()}catch(t){this.logDebug(t)}}async put(e,t,r){let o=new Headers({"cache-control":`s-maxage=${r}, must-revalidate`,"content-type":"application/json"});o.set(Tr,`${Date.now()+r*1e3}`);let s=await this.#r(),a=this.#o(e),u=new Response(JSON.stringify(t),{headers:o});await s.put(a,u)}async delete(e){let t=await this.#r(),r=this.#o(e);try{await t.delete(r)}catch(o){this.logDebug("Handled failure to delete with CF cache due to explicit delete call",o),await this.deleteFallback(e)}}async deleteFallback(e){let t=new Headers({"Cache-Control":"s-maxage=0, must-revalidate"});t.set(Tr,`${Date.now()}`);let r=await this.#r(),o=this.#o(e),s=new Response("",{headers:t});await r.put(o,s)}logDebug(...e){"logger"in this.#e?this.#e.logger?.debug(`Error in ZoneCache: '${this.#t}'`,e):"log"in this.#e&&this.#e.log.debug(`Error in ZoneCache: '${this.#t}'`,e)}};var oe=class{static{i(this,"MemoryZoneReadThroughCache")}constructor(e,t){let r=`f6726488-fd18-4b7f-9c30-6070565e8042-${e}`;this.#e=e,this.#t=new ze(r),this.#n=new Nt(r,t),this.#r=t}#e;#t;#n;#r;async get(e){let t=this.#t.get(e);if(t)return t;let r=await this.#n.get(e);if(r){let o=Math.floor((r.expires-Date.now())/1e3);if(o>0)return this.#t.put(e,r.data,o),r.data}}put(e,t,r){this.#t.put(e,t,r);let o={data:t,expires:Date.now()+r*1e3},s=this.#n.put(e,o,r).catch(a=>{this.#r.log.error(`Error in MemoryZoneReadThroughCache: '${this.#e}'`,a)});this.#r.waitUntil(s)}};var vr="__zuplo-expiry-header",Cr=class{static{i(this,"StreamingZoneCache")}constructor(e,t){this.#t=e,this.#e=t}#e;#t;#n;async#r(){return this.#n||(this.#n=await caches.open(this.#t)),this.#n}#o(e){return new Request(`https://streaming-zone-cache.zuplo.app/${encodeURIComponent(e)}`)}async get(e){try{let t=await this.#r(),r=this.#o(e),o=await t.match(r);if(!o)return;let s=o.headers.get(vr);if(!s){await t.delete(r).catch(u=>{this.logDebug(`StreamingZoneCache: error deleting missing expiry entry ${e}`,u)});return}let a=parseInt(s,10);if(Date.now()>=a){await t.delete(r).catch(u=>{this.logDebug(`StreamingZoneCache: error deleting expired entry ${e}`,u)});return}return o.body??void 0}catch(t){this.logDebug(`get(${e}) failed`,t);return}}async put(e,t,r){let o=new Headers({"cache-control":`s-maxage=${r}, must-revalidate`});o.set(vr,`${Date.now()+r*1e3}`);let s=new Response(t,{headers:o}),a=await this.#r(),u=this.#o(e);await a.put(u,s)}async delete(e){try{await(await this.#r()).delete(this.#o(e))}catch(t){this.logDebug(`delete(${e}) fallback needed`,t),await this.deleteFallback(e)}}async deleteFallback(e){let t=new Headers({"Cache-Control":"s-maxage=0, must-revalidate",[vr]:`${Date.now()}`}),r=new Response("",{headers:t}),o=await this.#r(),s=this.#o(e);await o.put(s,r)}logDebug(...e){"logger"in this.#e?this.#e.logger?.debug(`StreamingZoneCache(${this.#t}):`,...e):"log"in this.#e&&this.#e.log.debug(`StreamingZoneCache(${this.#t}):`,...e)}};var gs="zuplo-request-id",mt="zp-rid",Sr="zp-body-removed",nt="cf-ray",fs="x-real-ip",Ar="cf-ipcity",Or="cf-ipcontinent",kr="cf-ipcountry",Lr="cf-iplongitude",_r="cf-iplatitude",hs="cf-region",ys="cf-region-code",bs="cf-metro-code",ws="cf-postal-code",Rs="cf-timezone",yn="zp-ipcity",bn="zp-ipcontinent",wn="zp-ipcountry",Rn="zp-iplongitude",Pn="zp-iplatitude",Ps="true-client-ip",Dt="zp-asn",Nr="zp-asorg",Dr="zp-colo",Mt="zp-postalcode",qt="zp-metrocode",Mr="zp-region",Ut="zp-regioncode",$t="zp-timezone",qr="x-akamai-edgescape",Is=[Ar,Or,kr,Lr,_r,Dt,Nr,Dr,Mt,qt,Mr,Ut,$t,qr],Es=["zp-","cf-"],xs=[mt,nt,Sr];var Ht=Symbol("zuplo_meters"),Zt=Symbol("zuplo_dynamic_meters"),In="system-logger";var ne=class n{static{i(this,"ContextData")}static#e;#t;constructor(e){this.#t=e}set(e,t){n.set(e,this.#t,t)}get(e){return n.get(e,this.#t)}static set(e,t,r){n.#e||(n.#e=new WeakMap);let o=n.#e.get(e);o||(o=new Map),o.set(t,r),n.#e.set(e,o)}static get(e,t){return n.#e||(n.#e=new WeakMap),n.#e.get(e)?.get(t)}};import{SpanStatusCode as ma,trace as ga}from"@opentelemetry/api";import{trace as Xc}from"@opentelemetry/api";import{SpanStatusCode as cc,trace as lc}from"@opentelemetry/api";import{SpanStatusCode as vn,trace as Cn}from"@opentelemetry/api";var Ts=i(n=>(e,t)=>n(e,t),"globalRequestHandlerProxy");function vs(n){Ts=n}i(vs,"setTelemetryInitFunction");var Cs=i(n=>Ts(n),"proxyHandler");var Be=class{static{i(this,"RuntimePlugin")}},me=class extends Be{static{i(this,"SystemRuntimePlugin")}async initialize(e){return Promise.resolve()}registerRoutes(e,t){}},En=class extends me{static{i(this,"MeteringPlugin")}},Ft=class extends Be{static{i(this,"TelemetryPlugin")}};var jt=class n{static{i(this,"InternalProblemResponseFormatter")}static problemResponseFormat=i(async e=>{let t=e.problem,r=JSON.stringify(t,null,2);return new Response(r,{status:e.problem.status,statusText:e.statusText,headers:{...e.additionalHeaders,"content-type":"application/problem+json"}})},"problemResponseFormat");static setProblemResponseFormat(e){e&&(f("runtime.problem-response-formatter"),n.problemResponseFormat=(t,r,o)=>{try{return e(t,r,o)}catch(s){throw new k("Error in custom 'problemResponseFormat'",{cause:s})}})}},rt=class{static{i(this,"ProblemResponseFormatter")}static async format(e,t,r){return await jt.problemResponseFormat(e,t,r)}};function xn(n){for(let e in n){let t=n[e];t&&typeof t=="object"&&xn(t)}return Object.freeze(n)}i(xn,"deepFreeze");var Y=class n extends Request{static{i(this,"ZuploRequest")}#e=void 0;#t;constructor(e,t){super(e,t);let r=t?.params;r?this.#t=r:e instanceof n?this.#t=e.#t:this.#t={};let o=t?.user;o?this.user=o:e instanceof n&&(this.user=e.user)}get query(){if(this.#e===void 0){let e={},t=new URL(this.url).searchParams;for(let[r,o]of t.entries())e[r]=o;this.#e=e}return xn(this.#e)}get params(){return xn(this.#t)}user};var Fr={},Ue=[],Ur=[],$r=[],Hr=[],Zr=[];var Tn={addPlugin(n){Ue.push(n)},addRequestHook(n){Ur.push(n)},addResponseSendingHook(n){$r.push(n)},addResponseSendingFinalHook(n){Hr.push(n)},addPreRoutingHook(n){Zr.push(n)}},As=i(async(n,e)=>{if(Ur.length===0)return n;let t=Cn.getTracer("extension");return t.startActiveSpan("hook:onRequest",async r=>{try{let o=n;for(let s of Ur){let a=await t.startActiveSpan(s.name,async u=>{let c=await s(o,e);if(c instanceof Y||c instanceof Response)return u.end(),c;{let l=new g(`Invalid state - the OnRequest hook must return a ZuploRequest or Response. Received ${typeof o}.`);throw u.end(),u.recordException(l),u.setStatus({code:vn.ERROR}),l}});if(a instanceof Y)o=a;else return a}return o}finally{r.end()}})},"invokeOnRequestExtensions"),Os=i(async(n,e,t)=>{if($r.length===0)return n;let r=Cn.getTracer("extension");return r.startActiveSpan("hook:onResponseSending",async o=>{try{let s=n;for(let a of $r)await r.startActiveSpan(a.name,async u=>{let c=await a(n,e,t);if(c instanceof Response)s=c,u.end();else{let l=new g(`Invalid state - the OnResponseSending hook must return a Response. Received ${typeof s}.`);throw u.recordException(l),u.setStatus({code:vn.ERROR}),u.end(),l}});return s}finally{o.end()}})},"invokeOnResponseSendingExtensions"),ks=i(async(n,e,t)=>{if(Hr.length===0)return;let r=Cn.getTracer("extension");return r.startActiveSpan("hook:onResponseSendingFinal",async o=>{try{for(let s of Hr)await r.startActiveSpan(s.name,async a=>{try{await s(n,e,t)}catch(u){throw a.recordException(u),a.setStatus({code:vn.ERROR}),a.end(),u}a.end()})}finally{o.end()}})},"invokeOnResponseSendingFinalExtensions"),Ls=i(async n=>{if(Zr.length===0)return n;let e=Cn.getTracer("extension");return e.startActiveSpan("hook:preRouting",async t=>{try{let r=n;for(let o of Zr)r=await e.startActiveSpan(o.name,async a=>{try{let u=await o(r);if(u instanceof Request)return u;{let c=new k(`Invalid state - the PreRouting hook must return a Request. Received ${typeof u}.`);throw a.recordException(c),a.setStatus({code:vn.ERROR}),c}}finally{a.end()}});return r}finally{t.end()}})},"invokePreRoutingHooks"),Ss=!1;async function _s(n){if(!Ss){n&&(f("runtime.extensions"),await n(Tn)),Fr.value=Tn;for(let e of Ue)if(e instanceof Ft){let{requestHandlerProxy:t}=e.instrument({accountName:y.instance.build.ACCOUNT_NAME,projectName:y.instance.build.PROJECT_NAME,buildId:y.instance.build.BUILD_ID,zuploVersion:y.instance.build.ZUPLO_VERSION,compatibilityDate:y.instance.build.COMPATIBILITY_DATE,instanceId:y.instance.instanceId,environmentType:y.instance.loggingEnvironmentType,environmentStage:y.instance.loggingEnvironmentStage,deploymentName:y.instance.deploymentName});vs(t)}await Promise.all(Ue.map(async e=>{e instanceof me&&await e.initialize(Tn)})),jt.setProblemResponseFormat(Tn.problemResponseFormat),Ss=!0}}i(_s,"initializeRuntime");var jr={Json:"application/json",Form:"application/x-www-form-urlencoded"};function zr(n,e){if(n!==null)return e&&typeof n=="string"?n:typeof n=="object"&&e?.startsWith(jr.Form)?new URLSearchParams(n).toString():typeof n=="object"&&e?.startsWith(jr.Json)||!e?JSON.stringify(n):n}i(zr,"serialize");function gt(n){return he.instance.runtimeSettings.developerPortal.enabled&&n.pathname.startsWith(he.instance.runtimeSettings.developerPortal.sitePathname)||n.pathname.startsWith("/__zuplo/")||n.pathname.startsWith("/__/zuplo/")}i(gt,"isSystemRoute");var ge=class{static{i(this,"Pipeline")}constructor(e){this.execute=this.#t(e)}execute;#e=i((e,t)=>async(r,o)=>lc.getTracer("pipeline").startActiveSpan(`handler:${o.route.handler.export}`,async a=>{try{return await e(r,o)}catch(u){let c=t.errorHandler(r,o,"Error executing request handler.",u);return a.setStatus({code:cc.ERROR}),c}finally{a.end()}}),"#errorWrappedHandler");#t=i(({processors:e,gateway:t,handler:r})=>async(o,s)=>{let a=[...e],u=i(async b=>{let C=a.pop();return C?C(o,s,t,u):await this.#e(async H=>{let Z=await r(H,s);return dc(Z)},t)(b,s)},"nextPipe"),l=await u(o),d=new URL(o.url);if(gt(d)&&y.instance.build.COMPATIBILITY_FLAGS.doNotRunHooksOnSystemRoutes)return l;let p=new zt(o,l);s.dispatchEvent(p);let m=Ee.getContextExtensions(s),h=m.latestRequest,I;try{I=await p.mutableResponse}catch(b){return t.errorHandler(o,s,"Error retrieving mutableResponse",b)}try{I=await m.onResponseSending(I,h,s)}catch(b){return t.errorHandler(o,s,"Error invoking 'context.onResponseSending' hook",b)}try{I=await Os(I,h,s)}catch(b){return t.errorHandler(o,s,"Error invoking 'context.onResponseSending' hook",b)}s.dispatchEvent(new Bt(o,I));try{await m.onResponseSendingFinal(l,h,s)}catch(b){throw s.log.error("Error invoking 'runtime.onResponseSending' hook",b),b}try{await ks(l,h,s)}catch(b){throw s.log.error("Error invoking 'runtime.onResponseSending' hook",b),b}return I},"#toZuploPipeline")};function dc(n){return n instanceof Response?n:typeof n>"u"?new Response:new Response(zr(n),{headers:{"content-type":"application/json"}})}i(dc,"resultToResponse");var Ge=class extends Be{static{i(this,"MetricsPlugin")}};var Q=class n{static{i(this,"SystemLogMap")}static#e=new WeakMap;static getLogger(e){let t=n.#e.get(e);if(!t){let r=`No system logger found for context with requestId '${e.requestId}'`;throw console.error(r),new K(r)}return t}static addLogger(e,t){n.#e.set(e,t)}};var X=class{static{i(this,"BatchDispatch")}constructor(e,t,r,o){this.#t=e,this.#i=t,this.#r=r,this.#n=o??console}#e=void 0;#t;#n;#r;#o=[];#i;enqueue=i(e=>{this.#o.push(e),this.#e||(this.#e=new Promise(t=>{setTimeout(()=>{if(this.#o.length>0){let r=[...this.#o];this.#o.length=0,this.#e=void 0,this.#r(r).catch(o=>{this.#n.error(`Uncaught error in BatchDispatcher named '${this.#t}'}`,o.message,o.stack)}).finally(()=>{t()})}},this.#i)}))},"enqueue");waitUntilFlushed=i(async()=>{if(this.#e)return this.#e},"waitUntilFlushed")};var Sn=class{static{i(this,"ZuploMetricsTransport")}#e;#t;constructor(e){this.#e=e,this.#t=new X("zuplo-metrics-transport",10,this.dispatchFunction,Q.getLogger(e))}pushMetrics(e,t){this.#t.enqueue(e),t.waitUntil(this.#t.waitUntilFlushed())}dispatchFunction=i(async e=>{if(e.length!==0)try{let{remoteLogURL:t,deploymentName:r}=y.instance,{ACCOUNT_NAME:o,PROJECT_NAME:s}=y.instance.build,a=e.map(p=>{let m=Object.assign({},p);return delete m.requestContentLength,delete m.responseContentLength,m}),u=ds(),c={metadata:{timestamp:new Date,accountName:o,projectName:s,deploymentName:r},metrics:a,features:u},l=new Headers({"content-type":"application/json"});_e(l);let d=await z.fetch(`${t}/v2/runtime/metrics`,{method:"POST",body:JSON.stringify(c),headers:l});if(!d.ok){let p=await d.text();Q.getLogger(this.#e).error(`Metrics POST responded ${d.status}: ${d.statusText}`,p),ps(u)}}catch(t){Q.getLogger(this.#e).error("Failed to send Zuplo metrics.",t)}},"dispatchFunction")};var de=class{static{i(this,"SystemRouteConfiguration")}constructor({label:e,path:t,methods:r,systemRouteName:o,corsPolicy:s="none"}){this.label=e,this.path=t,this.methods=r,this.corsPolicy=s,this.handler={export:"SYSTEM_IGNORED",module:"SYSTEM_IGNORED"},this.systemRouteName=o}label;path;methods;handler;corsPolicy;policies;systemRouteName;raw(){return{}}};var Re=i(async(n,e,t,r)=>{let o=new Date,s=Date.now(),a=await r(n),u=n.headers.get(nt)??void 0,c=n.headers.get(Ps)??void 0,l=e.incomingRequestProperties,d;e.route instanceof de&&(d=e.route.systemRouteName);let p=Ee.getContextExtensions(e).latestRequest,m={timestamp:o,statusCode:a.status,durationMs:Date.now()-s,requestContentLength:n.headers.get("content-length")?Number(n.headers.get("content-length")):void 0,responseContentLength:a.headers.get("content-length")?Number(a.headers.get("content-length")):void 0,routePath:e.route?.path??"SYSTEM_OR_NOT_FOUND",systemRouteName:d,requestId:e.requestId,method:n.method,asn:l.asn,asOrganization:l.asOrganization,colo:l.colo,continent:l.continent,country:l.country,city:l.city,latitude:l.latitude,longitude:l.longitude,rayId:u,instanceId:y.instance.instanceId,userSub:p.user?.sub,clientIp:c},h=[];return!y.instance.isLocalDevelopment&&y.instance.remoteLogURL&&y.instance.remoteLogToken&&y.instance.loggingId&&h.push(new Sn(e)),Ue.forEach(I=>{if(I instanceof Ge){let b=I.getTransport();h.push(b)}}),h.forEach(I=>{I.pushMetrics(m,e)}),a},"metricsProcessor");var Br=i((n,e)=>{let t=i(async(s,a)=>{let u=new URL(s.url),c=y.instance.build,l={buildId:c.BUILD_ID,zuploVersion:c.ZUPLO_VERSION,compatibilityDate:c.COMPATIBILITY_DATE,apiVersion:c.API_VERSION,gitSha:c.GIT_SHA,timestamp:c.TIMESTAMP,isProduction:c.ENVIRONMENT_TYPE==="PRODUCTION"};if(u.searchParams.get("system_log")==="true"&&Q.getLogger(a).error("Test System Log",l),u.searchParams.get("error")==="true")throw new Error("this is an unhandled error");return new Response(JSON.stringify(l,null,2),{status:200,headers:{"content-type":"application/json"}})},"buildRouteHandler"),r=new ge({processors:[Re],handler:t,gateway:e}),o=new de({label:"SYSTEM_BUILD_ROUTE",methods:["GET"],path:"/__zuplo/build",systemRouteName:"build-data"});n.addRoute(o,r.execute)},"registerBuildRoute");var An=(R=>(R[R.CONTINUE=100]="CONTINUE",R[R.SWITCHING_PROTOCOLS=101]="SWITCHING_PROTOCOLS",R[R.PROCESSING=102]="PROCESSING",R[R.EARLY_HINTS=103]="EARLY_HINTS",R[R.OK=200]="OK",R[R.CREATED=201]="CREATED",R[R.ACCEPTED=202]="ACCEPTED",R[R.NON_AUTHORITATIVE_INFORMATION=203]="NON_AUTHORITATIVE_INFORMATION",R[R.NO_CONTENT=204]="NO_CONTENT",R[R.RESET_CONTENT=205]="RESET_CONTENT",R[R.PARTIAL_CONTENT=206]="PARTIAL_CONTENT",R[R.MULTI_STATUS=207]="MULTI_STATUS",R[R.ALREADY_REPORTED=208]="ALREADY_REPORTED",R[R.IM_USED=226]="IM_USED",R[R.MULTIPLE_CHOICES=300]="MULTIPLE_CHOICES",R[R.MOVED_PERMANENTLY=301]="MOVED_PERMANENTLY",R[R.FOUND=302]="FOUND",R[R.SEE_OTHER=303]="SEE_OTHER",R[R.NOT_MODIFIED=304]="NOT_MODIFIED",R[R.USE_PROXY=305]="USE_PROXY",R[R.SWITCH_PROXY=306]="SWITCH_PROXY",R[R.TEMPORARY_REDIRECT=307]="TEMPORARY_REDIRECT",R[R.PERMANENT_REDIRECT=308]="PERMANENT_REDIRECT",R[R.BAD_REQUEST=400]="BAD_REQUEST",R[R.UNAUTHORIZED=401]="UNAUTHORIZED",R[R.PAYMENT_REQUIRED=402]="PAYMENT_REQUIRED",R[R.FORBIDDEN=403]="FORBIDDEN",R[R.NOT_FOUND=404]="NOT_FOUND",R[R.METHOD_NOT_ALLOWED=405]="METHOD_NOT_ALLOWED",R[R.NOT_ACCEPTABLE=406]="NOT_ACCEPTABLE",R[R.PROXY_AUTHENTICATION_REQUIRED=407]="PROXY_AUTHENTICATION_REQUIRED",R[R.REQUEST_TIMEOUT=408]="REQUEST_TIMEOUT",R[R.CONFLICT=409]="CONFLICT",R[R.GONE=410]="GONE",R[R.LENGTH_REQUIRED=411]="LENGTH_REQUIRED",R[R.PRECONDITION_FAILED=412]="PRECONDITION_FAILED",R[R.CONTENT_TOO_LARGE=413]="CONTENT_TOO_LARGE",R[R.PAYLOAD_TOO_LARGE=413]="PAYLOAD_TOO_LARGE",R[R.URI_TOO_LONG=414]="URI_TOO_LONG",R[R.UNSUPPORTED_MEDIA_TYPE=415]="UNSUPPORTED_MEDIA_TYPE",R[R.RANGE_NOT_SATISFIABLE=416]="RANGE_NOT_SATISFIABLE",R[R.EXPECTATION_FAILED=417]="EXPECTATION_FAILED",R[R.I_AM_A_TEAPOT=418]="I_AM_A_TEAPOT",R[R.MISDIRECTED_REQUEST=421]="MISDIRECTED_REQUEST",R[R.UNPROCESSABLE_ENTITY=422]="UNPROCESSABLE_ENTITY",R[R.UNPROCESSABLE_CONTENT=422]="UNPROCESSABLE_CONTENT",R[R.LOCKED=423]="LOCKED",R[R.FAILED_DEPENDENCY=424]="FAILED_DEPENDENCY",R[R.TOO_EARLY=425]="TOO_EARLY",R[R.UPGRADE_REQUIRED=426]="UPGRADE_REQUIRED",R[R.PRECONDITION_REQUIRED=428]="PRECONDITION_REQUIRED",R[R.TOO_MANY_REQUESTS=429]="TOO_MANY_REQUESTS",R[R.REQUEST_HEADER_FIELDS_TOO_LARGE=431]="REQUEST_HEADER_FIELDS_TOO_LARGE",R[R.UNAVAILABLE_FOR_LEGAL_REASONS=451]="UNAVAILABLE_FOR_LEGAL_REASONS",R[R.INTERNAL_SERVER_ERROR=500]="INTERNAL_SERVER_ERROR",R[R.NOT_IMPLEMENTED=501]="NOT_IMPLEMENTED",R[R.BAD_GATEWAY=502]="BAD_GATEWAY",R[R.SERVICE_UNAVAILABLE=503]="SERVICE_UNAVAILABLE",R[R.GATEWAY_TIMEOUT=504]="GATEWAY_TIMEOUT",R[R.HTTP_VERSION_NOT_SUPPORTED=505]="HTTP_VERSION_NOT_SUPPORTED",R[R.VARIANT_ALSO_NEGOTIATES=506]="VARIANT_ALSO_NEGOTIATES",R[R.INSUFFICIENT_STORAGE=507]="INSUFFICIENT_STORAGE",R[R.LOOP_DETECTED=508]="LOOP_DETECTED",R[R.NOT_EXTENDED=510]="NOT_EXTENDED",R[R.NETWORK_AUTHENTICATION_REQUIRED=511]="NETWORK_AUTHENTICATION_REQUIRED",R))(An||{}),Ns={100:"Continue",101:"Switching Protocols",102:"Processing",103:"Early Hints",200:"OK",201:"Created",202:"Accepted",203:"Non-Authoritative Information",204:"No Content",205:"Reset Content",206:"Partial Content",207:"Multi-Status",208:"Already Reported",226:"IM Used",300:"Multiple Choices",301:"Moved Permanently",302:"Found",303:"See Other",304:"Not Modified",305:"Use Proxy",306:"Switch Proxy",307:"Temporary Redirect",308:"Permanent Redirect",400:"Bad Request",401:"Unauthorized",402:"Payment Required",403:"Forbidden",404:"Not Found",405:"Method Not Allowed",406:"Not Acceptable",407:"Proxy Authentication Required",408:"Request Timeout",409:"Conflict",410:"Gone",411:"Length Required",412:"Precondition Failed",413:"Content Too Large",414:"URI Too Long",415:"Unsupported Media Type",416:"Range Not Satisfiable",417:"Expectation Failed",418:"I'm a teapot",421:"Misdirected Request",422:"Unprocessable Content",423:"Locked",424:"Failed Dependency",425:"Too Early",426:"Upgrade Required",428:"Precondition Required",429:"Too Many Requests",431:"Request Header Fields Too Large",451:"Unavailable For Legal Reasons",500:"Internal Server Error",501:"Not Implemented",502:"Bad Gateway",503:"Service Unavailable",504:"Gateway Timeout",505:"HTTP Version Not Supported",506:"Variant Also Negotiates",507:"Insufficient Storage",508:"Loop Detected",510:"Not Extended",511:"Network Authentication Required"};var pc={100:"Continue",101:"Switching Protocols",102:"Processing",103:"Early Hints",200:"OK",201:"Created",202:"Accepted",203:"Non-Authoritative Information",204:"No Content",205:"Reset Content",206:"Partial Content",207:"Multi-Status",208:"Already Reported",226:"IM Used",300:"Multiple Choices",301:"Moved Permanently",302:"Found",303:"See Other",304:"Not Modified",305:"Use Proxy",307:"Temporary Redirect",308:"Permanent Redirect",400:"Bad Request",401:"Unauthorized",402:"Payment Required",403:"Forbidden",404:"Not Found",405:"Method Not Allowed",406:"Not Acceptable",407:"Proxy Authentication Required",408:"Request Timeout",409:"Conflict",410:"Gone",411:"Length Required",412:"Precondition Failed",413:"Payload Too Large",414:"URI Too Long",415:"Unsupported Media Type",416:"Range Not Satisfiable",417:"Expectation Failed",418:"I'm a Teapot",421:"Misdirected Request",422:"Unprocessable Entity",423:"Locked",424:"Failed Dependency",425:"Too Early",426:"Upgrade Required",428:"Precondition Required",429:"Too Many Requests",431:"Request Header Fields Too Large",451:"Unavailable For Legal Reasons",500:"Internal Server Error",501:"Not Implemented",502:"Bad Gateway",503:"Service Unavailable",504:"Gateway Timeout",505:"HTTP Version Not Supported",506:"Variant Also Negotiates",507:"Insufficient Storage",508:"Loop Detected",509:"Bandwidth Limit Exceeded",510:"Not Extended",511:"Network Authentication Required"},Gr=pc;function mc(n){return`${new URL(n.url).pathname}`}i(mc,"instance");function gc(n,e){let t={timestamp:new Date().toISOString(),requestId:e.requestId,buildId:y.instance.build.BUILD_ID},r=n.headers.get(nt);return r&&(t.rayId=r),t}i(gc,"trace");var fc=i((n,e,t,r,o)=>({problem:{type:n.type,title:n.title,status:n.status,detail:n.detail,instance:mc(e),trace:gc(e,t),...r},additionalHeaders:o,statusText:Gr[n.status]}),"merge"),Vr=class{static{i(this,"HttpProblemsBase")}static format=i((e,t,r)=>"problem"in e?rt.format(e,t,r):rt.format({problem:e},t,r),"format");static getProblemFromStatus(e,t){return{type:`https://httpproblems.com/http-status/${e}`,status:e,title:Ns[e],...t}}},x=class extends Vr{static{i(this,"HttpProblems")}static#e(e,t,r,o,s){let a=fc(this.getProblemFromStatus(e),t,r,o,s);return rt.format(a,t,r)}static continue=i((e,t,r,o)=>this.#e(200,e,t,r,o),"continue");static switchingProtocols=i((e,t,r,o)=>this.#e(101,e,t,r,o),"switchingProtocols");static processing=i((e,t,r,o)=>this.#e(102,e,t,r,o),"processing");static earlyHints=i((e,t,r,o)=>this.#e(103,e,t,r,o),"earlyHints");static ok=i((e,t,r,o)=>this.#e(200,e,t,r,o),"ok");static created=i((e,t,r,o)=>this.#e(201,e,t,r,o),"created");static accepted=i((e,t,r,o)=>this.#e(202,e,t,r,o),"accepted");static nonAuthoritativeInformation=i((e,t,r,o)=>this.#e(203,e,t,r,o),"nonAuthoritativeInformation");static noContent=i((e,t,r,o)=>this.#e(204,e,t,r,o),"noContent");static resetContent=i((e,t,r,o)=>this.#e(205,e,t,r,o),"resetContent");static partialContent=i((e,t,r,o)=>this.#e(206,e,t,r,o),"partialContent");static multiStatus=i((e,t,r,o)=>this.#e(207,e,t,r,o),"multiStatus");static alreadyReported=i((e,t,r,o)=>this.#e(208,e,t,r,o),"alreadyReported");static imUsed=i((e,t,r,o)=>this.#e(226,e,t,r,o),"imUsed");static multipleChoices=i((e,t,r,o)=>this.#e(300,e,t,r,o),"multipleChoices");static movedPermanently=i((e,t,r,o)=>this.#e(301,e,t,r,o),"movedPermanently");static found=i((e,t,r,o)=>this.#e(302,e,t,r,o),"found");static seeOther=i((e,t,r,o)=>this.#e(303,e,t,r,o),"seeOther");static notModified=i((e,t,r,o)=>this.#e(304,e,t,r,o),"notModified");static useProxy=i((e,t,r,o)=>this.#e(305,e,t,r,o),"useProxy");static switchProxy=i((e,t,r,o)=>this.#e(306,e,t,r,o),"switchProxy");static temporaryRedirect=i((e,t,r,o)=>this.#e(307,e,t,r,o),"temporaryRedirect");static permanentRedirect=i((e,t,r,o)=>this.#e(308,e,t,r,o),"permanentRedirect");static badRequest=i((e,t,r,o)=>this.#e(400,e,t,r,o),"badRequest");static unauthorized=i((e,t,r,o)=>this.#e(401,e,t,r,o),"unauthorized");static paymentRequired=i((e,t,r,o)=>this.#e(402,e,t,r,o),"paymentRequired");static forbidden=i((e,t,r,o)=>this.#e(403,e,t,r,o),"forbidden");static notFound=i((e,t,r,o)=>this.#e(404,e,t,r,o),"notFound");static methodNotAllowed=i((e,t,r,o)=>this.#e(405,e,t,r,o),"methodNotAllowed");static notAcceptable=i((e,t,r,o)=>this.#e(406,e,t,r,o),"notAcceptable");static proxyAuthenticationRequired=i((e,t,r,o)=>this.#e(407,e,t,r,o),"proxyAuthenticationRequired");static requestTimeout=i((e,t,r,o)=>this.#e(408,e,t,r,o),"requestTimeout");static conflict=i((e,t,r,o)=>this.#e(409,e,t,r,o),"conflict");static gone=i((e,t,r,o)=>this.#e(410,e,t,r,o),"gone");static lengthRequired=i((e,t,r,o)=>this.#e(411,e,t,r,o),"lengthRequired");static preconditionFailed=i((e,t,r,o)=>this.#e(412,e,t,r,o),"preconditionFailed");static contentTooLarge=i((e,t,r,o)=>this.#e(413,e,t,r,o),"contentTooLarge");static uriTooLong=i((e,t,r,o)=>this.#e(414,e,t,r,o),"uriTooLong");static unsupportedMediaType=i((e,t,r,o)=>this.#e(415,e,t,r,o),"unsupportedMediaType");static rangeNotSatisfiable=i((e,t,r,o)=>this.#e(416,e,t,r,o),"rangeNotSatisfiable");static expectationFailed=i((e,t,r,o)=>this.#e(417,e,t,r,o),"expectationFailed");static imATeapot=i((e,t,r,o)=>this.#e(418,e,t,r,o),"imATeapot");static misdirectedRequest=i((e,t,r,o)=>this.#e(421,e,t,r,o),"misdirectedRequest");static unprocessableContent=i((e,t,r,o)=>this.#e(422,e,t,r,o),"unprocessableContent");static locked=i((e,t,r,o)=>this.#e(423,e,t,r,o),"locked");static failedDependency=i((e,t,r,o)=>this.#e(424,e,t,r,o),"failedDependency");static tooEarly=i((e,t,r,o)=>this.#e(425,e,t,r,o),"tooEarly");static upgradeRequired=i((e,t,r,o)=>this.#e(426,e,t,r,o),"upgradeRequired");static preconditionRequired=i((e,t,r,o)=>this.#e(428,e,t,r,o),"preconditionRequired");static tooManyRequests=i((e,t,r,o)=>this.#e(429,e,t,r,o),"tooManyRequests");static requestHeaderFieldsTooLarge=i((e,t,r,o)=>this.#e(431,e,t,r,o),"requestHeaderFieldsTooLarge");static unavailableForLegalReasons=i((e,t,r,o)=>this.#e(451,e,t,r,o),"unavailableForLegalReasons");static internalServerError=i((e,t,r,o)=>this.#e(500,e,t,r,o),"internalServerError");static notImplemented=i((e,t,r,o)=>this.#e(501,e,t,r,o),"notImplemented");static badGateway=i((e,t,r,o)=>this.#e(502,e,t,r,o),"badGateway");static serviceUnavailable=i((e,t,r,o)=>this.#e(503,e,t,r,o),"serviceUnavailable");static gatewayTimeout=i((e,t,r,o)=>this.#e(504,e,t,r,o),"gatewayTimeout");static httpVersionNotSupported=i((e,t,r,o)=>this.#e(505,e,t,r,o),"httpVersionNotSupported");static variantAlsoNegotiates=i((e,t,r,o)=>this.#e(506,e,t,r,o),"variantAlsoNegotiates");static insufficientStorage=i((e,t,r,o)=>this.#e(507,e,t,r,o),"insufficientStorage");static loopDetected=i((e,t,r,o)=>this.#e(508,e,t,r,o),"loopDetected");static notExtended=i((e,t,r,o)=>this.#e(510,e,t,r,o),"notExtended");static networkAuthenticationRequired=i((e,t,r,o)=>this.#e(511,e,t,r,o),"networkAuthenticationRequired")};var{toString:hc}=Object.prototype,{propertyIsEnumerable:yc}=Object.prototype;function Wr(n){return hc.call(n)}i(Wr,"toString");function xe(n){return typeof n=="string"}i(xe,"isString");function ft(n){return xe(n)&&n!==""}i(ft,"isNonEmptyString");function Ds(n){return Wr(n)==="[object RegExp]"}i(Ds,"isRegexp");function Ms(n){return[...Object.keys(n),...Object.getOwnPropertySymbols(n).filter(e=>yc.call(n,e))]}i(Ms,"getOwnEnumerableKeys");function ot(n){return typeof n=="object"&&n!==null&&!Array.isArray(n)&&!(n instanceof RegExp)&&!(n instanceof Date)}i(ot,"isObject");function Jr(n){return typeof n=="number"&&!isNaN(n)}i(Jr,"isNumber");function Kr(n){return n===!0||n===!1}i(Kr,"isBoolean");function qs(n){return typeof n>"u"}i(qs,"isUndefined");function Us(n){return qs(n)||n===null}i(Us,"isUndefinedOrNull");function Gt(n){return!!n&&typeof n=="object"&&"name"in n&&"message"in n&&"stack"in n}i(Gt,"isErrorLike");var $s=new Map;function Ve(n){if(Array.isArray(n)&&!n.some(o=>typeof o!="number"))return n;if(typeof n!="string")throw new Error("Input must be a string or an array of numbers");if(!/^\d+(?:-\d+)?(?:,\s*\d+(?:-\d+)?)*$/.test(n))throw new g("Malformed input string");let e=$s.get(n);if(e)return e;let t=n.split(","),r=[];for(let o of t){let s=o.split("-");if(s.length===2){let a=parseInt(s[0],10),u=parseInt(s[1],10);for(let c=a;c<=u;c++)r.push(c)}else r.push(parseInt(o,10))}return $s.set(n,r),r}i(Ve,"statusCodesStringToNumberArray");function $e(n,e,t){if(!e.startsWith("."))throw new g(`Invalid ${t} - must start with '.' - '${e}' does not`);let r=e.split(".").splice(1),o=n;return r.forEach(s=>{if(o===void 0)throw new k(`Error applying ${t} '${e}', reading '${s}'`);o=o[s]}),`${o}`}i($e,"getValueFromRequestUser");function it(n){if(Array.isArray(n)){if(n.includes(t=>typeof t!="string"))throw new g("Received an array that contains non-string values.");return n}if(xe(n))return n.includes(",")?n.split(",").map(t=>t.trim()).filter(t=>t!==","&&t!==""):[n];throw new g(`Expected type of string, received type '${typeof n}'`)}i(it,"parseValueToStringArray");function Hs(n){if(n==null)return[];if(!Array.isArray(n))throw new g(`Invalid corsPolicy configuration. Expected an array of objects, received '${typeof n}'`);return n.map(t=>{if(!ot(t))throw new g(`Invalid custom cors policy is set. Expected an object, received '${typeof t}'`);if(!ft(t.name))throw new g("Value of 'name' on custom cors policies must be a non-empty string.");if(t.maxAge!==void 0&&!Jr(t.maxAge))throw new g(`Value of 'maxAge' on custom cors policies must be a non-empty string. Received type '${typeof t.maxAge}'`);if(t.allowCredentials!==void 0&&!Kr(t.allowCredentials))throw new g("Value of 'allowCredentials' on custom cors policies must be a boolean or not be set. If using an environment variable, check that it is set correctly.");let r=Qr(t,"allowedHeaders"),o=Qr(t,"allowedMethods"),s=Qr(t,"exposeHeaders"),a;try{a=it(t.allowedOrigins)}catch(c){throw new g(`Value of 'allowedOrigins' on custom cors policies is invalid. ${c.message} If using an environment variable, check that it is set correctly.`)}return{name:t.name,allowCredentials:typeof t.allowCredentials=="boolean"?String(t.allowCredentials):void 0,allowedOrigins:a,allowedHeaders:r?r.join(", "):void 0,allowedMethods:o?o.join(", "):void 0,exposeHeaders:s?s.join(", "):void 0,maxAge:typeof t.maxAge=="number"?t.maxAge.toString():void 0}})}i(Hs,"parseCorsPolicies");function Qr(n,e){let t;if(n[e]!==void 0)try{t=it(n[e])}catch(r){throw new g(`Value of '${e}' on custom cors policies is invalid. ${r.message} If using an environment variable, check that it is set correctly.`)}return t}i(Qr,"parseOptionalProperty");var On=i((n,e)=>{if(e===null)return;if(n.find(a=>a==="*"))return e;let r=n.map(a=>a.trim().toLowerCase()),o=e.toLowerCase();return r.find(a=>a===o)},"findMatchingOrigin"),kn=i((n,e)=>{let t={"access-control-allow-origin":e};n.allowedHeaders&&(t["access-control-allow-headers"]=n.allowedHeaders),n.allowedMethods&&(t["access-control-allow-methods"]=n.allowedMethods),n.exposeHeaders&&(t["access-control-expose-headers"]=n.exposeHeaders);let r=n.allowCredentials;r&&(t["access-control-allow-credentials"]=r);let o=n.maxAge?.toString()??void 0;return o&&(t["access-control-max-age"]=o),t},"generateCorsHeaders");var Yr=i((n,e)=>{let t=e.routeData.corsPolicies,r=i(async(a,u)=>{let c=new URL(a.url.toString()).pathname,l=a.headers.get("access-control-request-method"),d=a.headers.get("access-control-request-headers"),p=a.headers.get("origin");if(p===null||l===null)return x.badRequest(a,u,{detail:"Expect headers origin and access-control-request-method"});let m=n.lookup(c,l);if(!m)return x.notFound(a,u);let h=m.routeConfiguration,I=bc(l,d,p,h,t);return I.isValid?new Response(void 0,{status:200,statusText:"OK",headers:I.headers}):(I.error&&u.log.warn(I.error),x.notFound(a,u))},"optionsHandler"),o=new ge({processors:[Re],handler:r,gateway:e}),s=new de({label:"SYSTEM_CORS_ROUTE",methods:["OPTIONS"],path:"/(.*)",systemRouteName:"cors-preflight"});n.addRoute(s,o.execute)},"registerCorsRoute"),bc=i((n,e,t,r,o)=>{let s={isValid:!1,headers:{}};if(r.corsPolicy==="anything-goes")return{isValid:!0,headers:{"access-control-allow-origin":t,"access-control-allow-methods":n,"access-control-allow-headers":e??"*","access-control-expose-headers":"*","access-control-allow-credentials":"true","access-control-max-age":"600"}};if(r.corsPolicy==="none")return{...s,error:`No CORS policy set for the route '${r.pathPattern}'`};let a=o?.find(l=>l.name===r.corsPolicy);if(!a)throw new g(`Invalid Configuration - corsPolicy '${r.corsPolicy}' not found in *.oas.json 'corsPolicies' section.`);let u=On(a.allowedOrigins,t);return u?{isValid:!0,headers:kn(a,u)}:{...s,error:`The CORS policy '${a.name}' does not allow the origin '${t}'`}},"validateAndBuildResponseHeaders");var Zs=i((n,e)=>{let t=i(async()=>new Response("You have no routes. Add a route in routes.oas.json to get started",{status:200}),"noRoutesHandler"),r=new ge({processors:[Re],handler:t,gateway:e}),o=new de({label:"SYSTEM_NO_ROUTES",methods:["CONNECT","DELETE","GET","HEAD","OPTIONS","PATCH","POST","PUT","TRACE"],path:"/(.*)",systemRouteName:"empty-gateway-catchall"});n.addRoute(o,r.execute)},"registerNoRoutes");var We=class{static{i(this,"UserRouteConfiguration")}constructor(e){this.path=e.path,this.methods=e.methods,this.label=e.label,this.key=e.key,this.handler=e.handler,this.corsPolicy=e.corsPolicy,this.custom=e.custom,this.policies=e.policies,this.excludeFromOpenApi=e.excludeFromOpenApi,this.pathPattern=e.pathPattern,this.raw=e.raw}raw;get summary(){return this.raw()?.summary}get operationId(){return this.raw()?.operationId}get tags(){return this.raw()?.tags}get parameters(){return this.raw()?.parameters}get responses(){return this.raw()?.responses}label;key;path;excludeFromOpenApi;pathPattern;custom;methods;handler;corsPolicy;policies};var wc=new de({label:"SYSTEM_NOT_FOUND_ROUTE",methods:["CONNECT","DELETE","GET","HEAD","OPTIONS","PATCH","POST","PUT","TRACE"],path:"/(.*)",systemRouteName:"unmatched-path"}),Fs=i((n,e)=>{let t=i(async(o,s)=>{let a=Fr.value?.notFoundHandler;if(a){let u=new URL(o.url);return a(o,s,{get routesMatchedByPathOnly(){return n.lookupByPathOnly(u.pathname).map(l=>l.routeConfiguration).filter(l=>l instanceof We)}})}return x.notFound(o,s)},"notFoundHandler"),r=new ge({processors:[Re],handler:t,gateway:e});n.addRoute(wc,r.execute)},"registerNotMatchedHandler");var Rc=["access-control-allow-origin","access-control-allow-headers","access-control-expose-headers","access-control-allow-credentials","access-control-max-age"],js=i(n=>{Rc.forEach(e=>n.delete(e))},"stripCorsHeaders"),Ln=i(async(n,e,t,r)=>{let o=e.route;if(!o.corsPolicy||o.corsPolicy==="none"){let d=await r(n),p=new Headers(d.headers);return js(p),new Response(d.body,{status:d.status,statusText:d.statusText,headers:p,webSocket:d.webSocket})}let s=await r(n);if(!(s instanceof Response))throw new K(`The CorsProcessor is in the wrong place in the pipeline. It should only receive HttpResponse type but got '${typeof s}'`);let a=Pc(o,t.routeData.corsPolicies),u=Ic(n,a),c=new Headers(s.headers);return js(c),Object.entries(u).forEach(([d,p])=>{c.set(d,p)}),new Response(s.body,{status:s.status,statusText:s.statusText,headers:c,webSocket:s.webSocket})},"corsProcessor"),Pc=i((n,e)=>{if(n.corsPolicy==="anything-goes")return{name:"anything-goes",allowedHeaders:"*",allowedOrigins:["*"],allowedMethods:n.methods.join(", "),exposeHeaders:"*",allowCredentials:"true",maxAge:"600"};let t=e?.find(r=>r.name===n.corsPolicy);if(t===void 0)throw new g(`Invalid Configuration - no corsPolicy '${n.corsPolicy}' found in *.oas.json`);return t},"getCorsPolicy"),Ic=i((n,e)=>{let t=On(e.allowedOrigins,n.headers.get("origin"));return t?kn(e,t):{}},"getCorsHeaders");var Xr=i((n,e)=>{let t=i(async()=>new Response(JSON.stringify({buildId:y.instance.build.BUILD_ID}),{status:200,headers:{"content-type":"application/json"}}),"pingRouteHandler"),r=new ge({processors:[Ln],handler:t,gateway:e}),o=new de({corsPolicy:"anything-goes",label:"SYSTEM_PING_ROUTE",methods:["GET"],path:"/__zuplo/ping",systemRouteName:"ping"});n.addRoute(o,r.execute)},"registerPingRoute");import{SpanStatusCode as zs,trace as Bs}from"@opentelemetry/api";var He={RoutePathPattern:"zuplo.route.path_pattern",RouteOperationId:"zuplo.route.operation_id",RouteTrace:"zuplo.route.trace",RouteSystem:"zuplo.route.system",SystemTrace:"zuplo.system",PolicyName:"zuplo.policy.name",PolicyType:"zuplo.policy.type",ZuploBuildId:"zuplo.build.id",ZuploBuildVersion:"zuplo.build.version",ZuploBuildCompatibilityDate:"zuplo.build.compatibility_date",ZuploEnvironmentType:"zuplo.environment_type"};var _n=class{static{i(this,"PolicyBase")}options;policyName;policyType;constructor(e,t){if(!xe(t))throw new k(`The name of a policy must be a string. Received '${t}' of type '${typeof t}'`);this.options=e,this.policyName=t,this.policyType=Object.getPrototypeOf(this).constructor.name}},ae=class extends _n{static{i(this,"InboundPolicy")}},Je=class extends _n{static{i(this,"OutboundPolicy")}};var no=class extends ae{static{i(this,"InboundFunctionOnlyPolicy")}#e;constructor(e,t,r){super(t,r),this.policyType=e.name,this.#e=e}handler(e,t){return this.#e(e,t,this.options,this.policyName)}},ro=class extends Je{static{i(this,"OutboundFunctionOnlyPolicy")}#e;constructor(e,t,r){super(t,r),this.policyType=e.name,this.#e=e}handler(e,t,r){return this.#e(e,t,r,this.options,this.policyName)}},eo=new Map;function Vt(n,e){let t,r;return Array.isArray(n)?t=n:(t=n.policies?.inbound??[],r=n.path),t.filter(s=>!eo.has(s)).forEach(s=>{let a=e?.find(l=>l.name===s);if(!a)throw new g(`Invalid state - no Policy with the name '${s}' ${r&&`on route '${r}'`} was found in the policies configuration (check case).`);if(typeof a.handler?.module!="object")throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof policy '${typeof a.handler?.module}')`);let u=a.handler?.module[a.handler.export];if(typeof u!="function")throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof module '${typeof u}')`);let c;if(typeof u!="function")throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof module '${typeof u}')`);if(u.prototype instanceof ae)c=new u(a.handler.options,a.name);else if(typeof u=="function")c=new no(u,a.handler.options,a.name);else throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof policy '${typeof u}')`);if(typeof c.handler!="function")throw new g(`Invalid state - invalid handler on policy '${s}' on route '${r}' (typeof handler '${typeof c.handler}')`);eo.set(a.name,c)}),t.map(s=>{let a=eo.get(s);if(a===void 0)throw new k("Internal error. Policy not found in cache.");return a})}i(Vt,"getInboundPolicyInstances");var to=new Map;function Wt(n,e){let t,r;return Array.isArray(n)?t=n:(t=n.policies?.outbound??[],r=n.path),t.filter(s=>!to.has(s)).forEach(s=>{let a=e?.find(l=>l.name===s);if(!a)throw new g(`Invalid state - no Policy with the name '${s}' on route '${r}' was found in the policies configuration (check case).`);if(typeof a.handler?.module!="object")throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof policy '${typeof a.handler?.module}')`);let u=a.handler?.module[a.handler.export],c;if(typeof u!="function")throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof module '${typeof u}')`);if(u.prototype instanceof Je)c=new u(a.handler.options??{},a.name);else if(typeof u=="function")c=new ro(u,a.handler.options??{},a.name);else throw new g(`Invalid state - invalid policy '${s}' on route '${r}' (typeof policy '${typeof u}')`);if(typeof c.handler!="function")throw new g(`Invalid state - invalid handler on policy '${s}' on route '${r}'`);to.set(a.name,c)}),t.map(s=>{let a=to.get(s);if(a===void 0)throw new k("Internal error. Policy not found in cache.");return a})}i(Wt,"getOutboundPolicyInstances");var oo=i(n=>async(e,t)=>{let r=Ee.getContextExtensions(t),o=Bs.getTracer("pipeline");return await o.startActiveSpan("policies:inbound",async s=>{try{let a=[...n],u=e;for(;a.length>0;){let c=a.shift();if(!c)return u;let l=await o.startActiveSpan(`policy:${c.policyName}`,async d=>{let p=await c.handler(u,t);if(p instanceof Request||p instanceof Y||p instanceof Response)return d.end(),p instanceof Response||p instanceof Y?p:new Y(p);{let m=new g(`Invalid state - invalid handler on policy '${c.policyName}' on route '${t.route.path}. The result of an inbound policy must be a Response or Request.`);throw d.end(),d.setStatus({code:zs.ERROR}),d.recordException(m),m}});if(l instanceof Y)u=l;else if(l instanceof Request)u=new Y(l);else if(l instanceof Response)return l;r.latestRequest=u}return u}finally{s.end()}})},"toStackedInboundHandler"),io=i(n=>async(e,t,r)=>{let o=Bs.getTracer("pipeline");return await o.startActiveSpan("policies:outbound",async s=>{try{let a=[...n],u=e;for(;a.length>0;){let c=a.shift();if(!c)return u;u=await o.startActiveSpan(`policy:${c.policyName}`,async d=>{try{d.setAttribute(He.PolicyName,c.policyName),d.setAttribute(He.PolicyType,c.policyType);let p=await c.handler(u,t,r);if(p instanceof Response)return p;{let m=new g(`Invalid state - invalid handler on policy '${c.policyName}' on route '${r.route.path}. The result of an outbound policy must be a Response.`);throw d.setStatus({code:zs.ERROR}),d.recordException(m),m}}finally{d.end()}})}return u}finally{s.end()}})},"toStackedOutboundHandler"),Nn=i(async(n,e,t,r)=>{let o=Vt(e.route,t.routeData.policies),s=Wt(e.route,t.routeData.policies);return Vs({request:n,context:e,inboundPolicies:o,outboundPolicies:s,gateway:t,next:r})},"policyProcessor");function Gs({inboundPolicies:n=[],outboundPolicies:e=[]}){return i(async(r,o,s,a)=>Vs({request:r,context:o,inboundPolicies:n,outboundPolicies:e,gateway:s,next:a}),"policyProcessor")}i(Gs,"createInternalPolicyProcessor");async function Vs({request:n,context:e,inboundPolicies:t,outboundPolicies:r,gateway:o,next:s}){let a=oo(t);try{let u=await a(n,e);if(u instanceof Response)return u;let c=await s(u),l=io(r),d;return y.instance.build.COMPATIBILITY_FLAGS.runOutboundPoliciesOnHandlerOnAllStatuses?d=l(c,n,e):d=c.ok?l(c,n,e):c,d}catch(u){return o.errorHandler(n,e,"Error executing policies",u)}}i(Vs,"executePolicyProcessor");var Qs=qu(Ks(),1);function Ys(n,e){try{let t=/v\d+(-\d+)?/g,o=(0,Qs.parse)(e.get("Cookie")||"")["zp-dev-portal"];return o!==null&&o&&t.test(o)?`https://dev-portal-${o}.zuplo.com`:n}catch{}return n}i(Ys,"devPortalBaseURL");var Xs="/__zuplo/dev-portal",_c="dev-portal-id",Nc="dev-portal-host",Dc="zp-account",Mc="zp-project",qc="dev-portal-build",Uc=`
 <!DOCTYPE html>
 <html lang="en">
 <head>
@@ -55,27 +55,27 @@ import{a as y,b as Fe,e as fe,f as Mu,g as dr,h as pr,i as qu,j as Uu}from"./chu
   </div>
 </body>
 </html>
-`,ea=i((n,e)=>{let{sitePathname:t}=e.runtimeSettings.developerPortal,r=y.instance.deploymentName,o=y.instance.devPortalBaseUrl,s=i(async(c,l)=>{if(y.instance.isLocalDevelopment)return new Response(Mc,{headers:{"content-type":"text/html"}});if(!r)return x.internalServerError(c,l,{detail:"Unable to retrieve deployment name. Please contact support for assistance."});let d=new URL(c.url),p=Ys(o,c.headers),m=new URL(`${d.pathname}${d.search}`,p),{headers:h,method:I,body:b}=c;return y.instance.build.ACCOUNT_NAME&&h.set(_c,y.instance.build.ACCOUNT_NAME),y.instance.build.PROJECT_NAME&&h.set(Nc,y.instance.build.PROJECT_NAME),h.set(kc,r),h.set(Lc,d.host),h.set(Dc,y.instance.build.BUILD_ID),await z.fetch(m.toString(),{headers:h,method:I,body:b,redirect:"manual"})},"devPortalRoute"),a=new ge({processors:[Re,Nn],handler:s,gateway:e}),u=new de({label:"SYSTEM_API_DOCS_V3_ROUTE",methods:["GET","PUT","POST","DELETE","PATCH","HEAD"],path:`(${t}|/_next)(.*)`,systemRouteName:"developer-portal"});n.addRoute(u,a.execute)},"registerDevPortalV3Route"),ta=i((n,e)=>{let{sitePathname:t}=e.runtimeSettings.developerPortal,r=i(async a=>{let u=new URL(a.url);return u.pathname=`${t}${u.pathname.substring(Xs.length)}`,Response.redirect(u.toString(),302)},"devPortalRedirectRoute"),o=new ge({processors:[Re],handler:r,gateway:e}),s=new de({label:"SYSTEM_API_DOCS_REDIRECT_ROUTE",methods:["GET"],path:`${Xs}(.*)`,systemRouteName:"developer-portal-legacy"});n.addRoute(s,o.execute)},"registerDevPortalLegacyRedirectRoute");var so=0,Jt=class{static{i(this,"CoreLogger")}constructor(e,t,r,o,s){this.#n=t,this.#r=r??"local",this.#o=o,this.#i=s,this.#e(e)}#e=i(e=>{let t=["error","warn","info","debug"],r=!1,o=i(()=>{},"emptyFunction"),s=i((a,u)=>{this.#i.forEach(c=>{c.log(a,u)})},"pushFunction");t.forEach(a=>{this.#t[a]=r?o:s,a==e&&(r=!0)})},"#setupMethods");#t={};#n;#r;#o;#i;log(e,t,r,o,s,a){so>=Number.MAX_SAFE_INTEGER&&(so=0);let u={logId:crypto.randomUUID(),requestId:r,rayId:o,level:e,logSource:t,messages:s,timestamp:new Date,logOwner:this.#n,loggingId:this.#r,buildId:this.#o,vectorClock:so++};this.#t[e](u,a)}};var ye=class extends Be{static{i(this,"LogPlugin")}};var Mn=class{static{i(this,"LoggingContext")}constructor(e,t,r,o){this.#e=e,this.custom=t,this.originalRequest=r,this.route=o}#e;custom;originalRequest;route;waitUntil=i(e=>{this.#e.waitUntil(e)},"waitUntil")};var Kt=class{static{i(this,"RequestLogger")}constructor(e,t,r,o){this.#t=e,this.#n=t,this.#r=r,this.#o=o}#e="request";#t;#n;#r;#o;debug=i((...e)=>{this.#r.log("debug",this.#e,this.#t,this.#n,e,this.#o)},"debug");info=i((...e)=>{this.#r.log("info",this.#e,this.#t,this.#n,e,this.#o)},"info");log=i((...e)=>{this.#r.log("info",this.#e,this.#t,this.#n,e,this.#o)},"log");warn=i((...e)=>{this.#r.log("warn",this.#e,this.#t,this.#n,e,this.#o)},"warn");error=i((...e)=>{this.#r.log("error",this.#e,this.#t,this.#n,e,this.#o)},"error")};var qc=[EvalError,RangeError,ReferenceError,SyntaxError,TypeError,URIError].filter(Boolean).map(n=>[n.name,n]),Uc=new Map(qc);var Hc=[{property:"name",enumerable:!1},{property:"message",enumerable:!1},{property:"stack",enumerable:!1},{property:"code",enumerable:!0},{property:"cause",enumerable:!1}],ao=Symbol(".toJSON was called"),$c=i(n=>{n[ao]=!0;let e=n.toJSON();return delete n[ao],e},"toJSON"),Zc=i(n=>Uc.get(n)??Error,"getErrorConstructor"),na=i(({from:n,seen:e,to:t,forceEnumerable:r,maxDepth:o,depth:s,useToJSON:a,serialize:u})=>{if(!t)if(Array.isArray(n))t=[];else if(!u&&Gt(n)){let l=Zc(n.name);t=new l}else t={};if(e.push(n),s>=o)return t;if(a&&typeof n.toJSON=="function"&&n[ao]!==!0)return $c(n);let c=i(l=>na({from:l,seen:[...e],forceEnumerable:r,maxDepth:o,depth:s,useToJSON:a,serialize:u}),"continueDestroyCircular");for(let[l,d]of Object.entries(n)){if(typeof Buffer=="function"&&Buffer.isBuffer(d)){t[l]="[object Buffer]";continue}if(d!==null&&typeof d=="object"&&typeof d.pipe=="function"){t[l]="[object Stream]";continue}if(typeof d!="function"){if(!d||typeof d!="object"){t[l]=d;continue}if(!e.includes(n[l])){s++,t[l]=c(n[l]);continue}t[l]="[Circular]"}}for(let{property:l,enumerable:d}of Hc)typeof n[l]<"u"&&n[l]!==null&&Object.defineProperty(t,l,{value:Gt(n[l])?c(n[l]):n[l],enumerable:r?!0:d,configurable:!0,writable:!0});return t},"destroyCircular");function st(n,e){let t=e?.maxDepth??Number.POSITIVE_INFINITY,r=e?.useToJSON??!0;return typeof n=="object"&&n!==null?na({from:n,seen:[],forceEnumerable:!0,maxDepth:t,depth:0,useToJSON:r,serialize:!0}):typeof n=="function"?`[Function: ${n.name??"anonymous"}]`:n}i(st,"serializeError");var Fc=/file:\/\/\/(.*?)\/dist\//g,jc="at async Event.respondWith";function uo(n){return typeof n!="string"?n:n.split(`
-`).filter(e=>!e.trim().startsWith("at async file")).map((e,t)=>{let r=e.replaceAll(Fc,"").replaceAll(jc,"").trim();return t===0||r.length===0?r:`    ${r}`}).filter(e=>e.length>0).join(`
+`,ea=i((n,e)=>{let{sitePathname:t}=e.runtimeSettings.developerPortal,r=y.instance.deploymentName,o=y.instance.devPortalBaseUrl,s=i(async(c,l)=>{if(y.instance.isLocalDevelopment)return new Response(Uc,{headers:{"content-type":"text/html"}});if(!r)return x.internalServerError(c,l,{detail:"Unable to retrieve deployment name. Please contact support for assistance."});let d=new URL(c.url),p=Ys(o,c.headers),m=new URL(`${d.pathname}${d.search}`,p),{headers:h,method:I,body:b}=c;return y.instance.build.ACCOUNT_NAME&&h.set(Dc,y.instance.build.ACCOUNT_NAME),y.instance.build.PROJECT_NAME&&h.set(Mc,y.instance.build.PROJECT_NAME),h.set(_c,r),h.set(Nc,d.host),h.set(qc,y.instance.build.BUILD_ID),await z.fetch(m.toString(),{headers:h,method:I,body:b,redirect:"manual"})},"devPortalRoute"),a=new ge({processors:[Re,Nn],handler:s,gateway:e}),u=new de({label:"SYSTEM_API_DOCS_V3_ROUTE",methods:["GET","PUT","POST","DELETE","PATCH","HEAD"],path:`(${t}|/_next)(.*)`,systemRouteName:"developer-portal"});n.addRoute(u,a.execute)},"registerDevPortalV3Route"),ta=i((n,e)=>{let{sitePathname:t}=e.runtimeSettings.developerPortal,r=i(async a=>{let u=new URL(a.url);return u.pathname=`${t}${u.pathname.substring(Xs.length)}`,Response.redirect(u.toString(),302)},"devPortalRedirectRoute"),o=new ge({processors:[Re],handler:r,gateway:e}),s=new de({label:"SYSTEM_API_DOCS_REDIRECT_ROUTE",methods:["GET"],path:`${Xs}(.*)`,systemRouteName:"developer-portal-legacy"});n.addRoute(s,o.execute)},"registerDevPortalLegacyRedirectRoute");var so=0,Jt=class{static{i(this,"CoreLogger")}constructor(e,t,r,o,s){this.#n=t,this.#r=r??"local",this.#o=o,this.#i=s,this.#e(e)}#e=i(e=>{let t=["error","warn","info","debug"],r=!1,o=i(()=>{},"emptyFunction"),s=i((a,u)=>{this.#i.forEach(c=>{c.log(a,u)})},"pushFunction");t.forEach(a=>{this.#t[a]=r?o:s,a==e&&(r=!0)})},"#setupMethods");#t={};#n;#r;#o;#i;log(e,t,r,o,s,a){so>=Number.MAX_SAFE_INTEGER&&(so=0);let u={logId:crypto.randomUUID(),requestId:r,rayId:o,level:e,logSource:t,messages:s,timestamp:new Date,logOwner:this.#n,loggingId:this.#r,buildId:this.#o,vectorClock:so++};this.#t[e](u,a)}};var ye=class extends Be{static{i(this,"LogPlugin")}};var Mn=class{static{i(this,"LoggingContext")}constructor(e,t,r,o){this.#e=e,this.custom=t,this.originalRequest=r,this.route=o}#e;custom;originalRequest;route;waitUntil=i(e=>{this.#e.waitUntil(e)},"waitUntil")};var Kt=class{static{i(this,"RequestLogger")}constructor(e,t,r,o){this.#t=e,this.#n=t,this.#r=r,this.#o=o}#e="request";#t;#n;#r;#o;debug=i((...e)=>{this.#r.log("debug",this.#e,this.#t,this.#n,e,this.#o)},"debug");info=i((...e)=>{this.#r.log("info",this.#e,this.#t,this.#n,e,this.#o)},"info");log=i((...e)=>{this.#r.log("info",this.#e,this.#t,this.#n,e,this.#o)},"log");warn=i((...e)=>{this.#r.log("warn",this.#e,this.#t,this.#n,e,this.#o)},"warn");error=i((...e)=>{this.#r.log("error",this.#e,this.#t,this.#n,e,this.#o)},"error")};var $c=[EvalError,RangeError,ReferenceError,SyntaxError,TypeError,URIError].filter(Boolean).map(n=>[n.name,n]),Hc=new Map($c);var Zc=[{property:"name",enumerable:!1},{property:"message",enumerable:!1},{property:"stack",enumerable:!1},{property:"code",enumerable:!0},{property:"cause",enumerable:!1}],ao=Symbol(".toJSON was called"),Fc=i(n=>{n[ao]=!0;let e=n.toJSON();return delete n[ao],e},"toJSON"),jc=i(n=>Hc.get(n)??Error,"getErrorConstructor"),na=i(({from:n,seen:e,to:t,forceEnumerable:r,maxDepth:o,depth:s,useToJSON:a,serialize:u})=>{if(!t)if(Array.isArray(n))t=[];else if(!u&&Gt(n)){let l=jc(n.name);t=new l}else t={};if(e.push(n),s>=o)return t;if(a&&typeof n.toJSON=="function"&&n[ao]!==!0)return Fc(n);let c=i(l=>na({from:l,seen:[...e],forceEnumerable:r,maxDepth:o,depth:s,useToJSON:a,serialize:u}),"continueDestroyCircular");for(let[l,d]of Object.entries(n)){if(typeof Buffer=="function"&&Buffer.isBuffer(d)){t[l]="[object Buffer]";continue}if(d!==null&&typeof d=="object"&&typeof d.pipe=="function"){t[l]="[object Stream]";continue}if(typeof d!="function"){if(!d||typeof d!="object"){t[l]=d;continue}if(!e.includes(n[l])){s++,t[l]=c(n[l]);continue}t[l]="[Circular]"}}for(let{property:l,enumerable:d}of Zc)typeof n[l]<"u"&&n[l]!==null&&Object.defineProperty(t,l,{value:Gt(n[l])?c(n[l]):n[l],enumerable:r?!0:d,configurable:!0,writable:!0});return t},"destroyCircular");function st(n,e){let t=e?.maxDepth??Number.POSITIVE_INFINITY,r=e?.useToJSON??!0;return typeof n=="object"&&n!==null?na({from:n,seen:[],forceEnumerable:!0,maxDepth:t,depth:0,useToJSON:r,serialize:!0}):typeof n=="function"?`[Function: ${n.name??"anonymous"}]`:n}i(st,"serializeError");var zc=/file:\/\/\/(.*?)\/dist\//g,Bc="at async Event.respondWith";function uo(n){return typeof n!="string"?n:n.split(`
+`).filter(e=>!e.trim().startsWith("at async file")).map((e,t)=>{let r=e.replaceAll(zc,"").replaceAll(Bc,"").trim();return t===0||r.length===0?r:`    ${r}`}).filter(e=>e.length>0).join(`
 `)}i(uo,"cleanStack");function qn(n,e,t=""){let r=[],o=e?.maxDepth??3;return i(function s(a,u={},c,l){let d=u.indent||"  ",p;u.inlineCharacterLimit===void 0?p={newline:`
 `,newlineOrSpace:`
 `,pad:c,indent:c+d}:p={newline:"@@__STRINGIFY_OBJECT_NEW_LINE__@@",newlineOrSpace:"@@__STRINGIFY_OBJECT_NEW_LINE_OR_SPACE__@@",pad:"@@__STRINGIFY_OBJECT_PAD__@@",indent:"@@__STRINGIFY_OBJECT_INDENT__@@"};let m=i(h=>{if(u.inlineCharacterLimit===void 0)return h;let I=h.replace(new RegExp(p.newline,"g"),"").replace(new RegExp(p.newlineOrSpace,"g")," ").replace(new RegExp(p.pad+"|"+p.indent,"g"),"");return I.length<=u.inlineCharacterLimit?I:h.replace(new RegExp(p.newline+"|"+p.newlineOrSpace,"g"),`
-`).replace(new RegExp(p.pad,"g"),c).replace(new RegExp(p.indent,"g"),c+d)},"expandWhiteSpace");if(r.includes(a))return'"[Circular]"';if(a==null||typeof a=="number"||typeof a=="boolean"||typeof a=="function"||typeof a=="symbol"||Ds(a))return String(a);if(a instanceof Date)return`new Date('${a.toISOString()}')`;if(l>o)return"...";if(Array.isArray(a)){if(a.length===0)return"[]";r.push(a);let h="["+p.newline+a.map((I,b)=>{let v=a.length-1===b?p.newline:","+p.newlineOrSpace,L=s(I,u,c+d,l+1);return u.transform&&(L=u.transform(a,b,L)),p.indent+L+v}).join("")+p.pad+"]";return r.pop(),m(h)}if(ot(a)){let h=Ms(a);if(u.filter&&(h=h.filter(b=>u.filter?.(a,b))),h.length===0)return"{}";r.push(a);let I="{"+p.newline+h.map((b,v)=>{let L=h.length-1===v?p.newline:","+p.newlineOrSpace,S=typeof b=="symbol",$=!S&&/^[a-z$_][$\w]*$/i.test(b),Z=S||$?b:s(b,u,"",l+1),q=s(a[b],u,c+d,l+1);return u.transform&&(q=u.transform(a,b,q)),p.indent+String(Z)+": "+q+L}).join("")+p.pad+"}";return r.pop(),m(I)}return a=a.replace(/\\/g,"\\\\"),a=String(a).replace(/[\r\n]/g,h=>h===`
+`).replace(new RegExp(p.pad,"g"),c).replace(new RegExp(p.indent,"g"),c+d)},"expandWhiteSpace");if(r.includes(a))return'"[Circular]"';if(a==null||typeof a=="number"||typeof a=="boolean"||typeof a=="function"||typeof a=="symbol"||Ds(a))return String(a);if(a instanceof Date)return`new Date('${a.toISOString()}')`;if(l>o)return"...";if(Array.isArray(a)){if(a.length===0)return"[]";r.push(a);let h="["+p.newline+a.map((I,b)=>{let C=a.length-1===b?p.newline:","+p.newlineOrSpace,L=s(I,u,c+d,l+1);return u.transform&&(L=u.transform(a,b,L)),p.indent+L+C}).join("")+p.pad+"]";return r.pop(),m(h)}if(ot(a)){let h=Ms(a);if(u.filter&&(h=h.filter(b=>u.filter?.(a,b))),h.length===0)return"{}";r.push(a);let I="{"+p.newline+h.map((b,C)=>{let L=h.length-1===C?p.newline:","+p.newlineOrSpace,S=typeof b=="symbol",H=!S&&/^[a-z$_][$\w]*$/i.test(b),Z=S||H?b:s(b,u,"",l+1),q=s(a[b],u,c+d,l+1);return u.transform&&(q=u.transform(a,b,q)),p.indent+String(Z)+": "+q+L}).join("")+p.pad+"}";return r.pop(),m(I)}return a=a.replace(/\\/g,"\\\\"),a=String(a).replace(/[\r\n]/g,h=>h===`
 `?"\\n":"\\r"),u.singleQuotes===!1?(a=a.replace(/"/g,'\\"'),`"${a}"`):(a=a.replace(/'/g,"\\'"),`'${a}'`)},"stringify")(n,e,t,0)}i(qn,"stringifyObject");function Ze(n){return oa(st(n))}i(Ze,"serializeMessage");function Ne(n){return n.map(e=>Ze(e))}i(Ne,"serializeMessages");function ht(n){if(n.length===0)return"<no data provided to log>";let e=n[0];return typeof e=="string"?e:e instanceof Error?e.message:oa(st(e))}i(ht,"extractBestMessage");function ra(n){let e=[];return n.forEach(t=>{if(typeof t=="string")e.push(t);else if(Gt(t))if(t.stack)e.push(t.stack);else{let r=qn(st(t));e.push(r)}else if(typeof t=="object"){let r=qn(t);e.push(r)}else{let r=co(t);e.push(r)}}),e.join(`
-`)}i(ra,"messagesToMultilineText");function oa(n){return typeof n=="string"?n:JSON.stringify(n)}i(oa,"stringifyNonString");function co(n){return typeof n=="string"?n:n===null?"null":typeof n>"u"?"undefined":typeof n=="number"||typeof n=="boolean"||typeof n=="bigint"||typeof n=="symbol"?n.toString():typeof n=="function"?`[function ${n.name}]`:typeof n=="object"&&Array.isArray(n)?`[array ${n.length}]`:n instanceof Error?`${n.name??"Error"}: ${n.message??"unknown"}`:typeof n=="object"?Wr(n):"unknown"}i(co,"stringifyNonStringToText");import{importPKCS8 as zc,SignJWT as Bc}from"jose";async function we(n,e,t){for(let r=0;r<=n.retries;r++){let o=z.fetch(e,t);if(r===n.retries)return o;let s=await o;if(s.status<500&&s.status!==429)return s;n?.logger?.error("Request failed, retrying",{method:typeof e=="string"?"GET":e.method,url:typeof e=="string"?e:e.url,status:s.status}),await new Promise(a=>setTimeout(a,n.retryDelayMs*Math.pow(2,r)))}throw new g("An unknown error occurred, ensure retries is not negative")}i(we,"fetchRetry");async function De({serviceAccount:n,audience:e,expirationTime:t="1h",payload:r={}}){let{clientEmail:o,privateKeyId:s,privateKey:a}=n;return await new Bc(r).setProtectedHeader({alg:"RS256",kid:s}).setIssuer(o).setSubject(o).setAudience(e).setIssuedAt().setExpirationTime(t).sign(a)}i(De,"getTokenFromGcpServiceAccount");async function ia(n,e,t){if(!n.startsWith("projects/"))throw new g(`The provided audience is invalid: ${n}. It must start with 'projects/'.`);return lo("https://sts.googleapis.com/v1/token",{audience:`//iam.googleapis.com/${n}`,grant_type:"urn:ietf:params:oauth:grant-type:token-exchange",subject_token_type:"urn:ietf:params:oauth:token-type:jwt",requested_token_type:"urn:ietf:params:oauth:token-type:access_token",subject_token:e,scope:"https://www.googleapis.com/auth/cloud-platform"},t)}i(ia,"exchangeIDTokenForGcpWorkloadToken");async function sa({serviceAccountEmailOrIdentifier:n,audience:e,accessToken:t},r){let o={audience:e,includeEmail:!0};return ua(`https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${encodeURIComponent(n)}:generateIdToken`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${t}`},redirect:"follow",body:JSON.stringify(o)},r)}i(sa,"generateServiceAccountIDToken");async function aa(n,e,t){return lo(n,{token:e,returnSecureToken:!0},t)}i(aa,"exchangeFirebaseJwtForIdToken");async function Un(n,e,t){return lo(n,{grant_type:"urn:ietf:params:oauth:grant-type:jwt-bearer",assertion:e},t)}i(Un,"exchangeGgpJwtForIdToken");async function lo(n,e,t){let r={method:"POST",headers:{"Content-Type":"application/json"},redirect:"follow",body:JSON.stringify(e)};return ua(n,r,t)}i(lo,"fetchTokenFromBody");async function ua(n,e,t){let r=await we(t,n,e);if(r.status!==200){let s;try{let a=await r.text(),u=JSON.parse(a);s={cause:u.error_description??u.error??u}}catch{}throw new k({message:"Could not get token from Google Identity",extensionMembers:s})}return await r.json()}i(ua,"fetchToken");var Te=class n{static{i(this,"GcpServiceAccount")}#e;#t;constructor({serviceAccount:e,privateKey:t}){this.#t=e,this.#e=t}static async init(e){let t=JSON.parse(e),r=await zc(t.private_key.trim(),"RS256");return new n({serviceAccount:t,privateKey:r})}get type(){return this.#t.type}get projectId(){return this.#t.project_id}get privateKeyId(){return this.#t.private_key_id}get privateKey(){return this.#e}get clientEmail(){return this.#t.client_email}get clientId(){return this.#t.client_id}get authUri(){return this.#t.auth_uri}get tokenUrl(){return this.#t.token_url}get authProviderX509CertUrl(){return this.#t.auth_provider_x509_cert_url}get clientX509CertUrl(){return this.#t.client_x509_cert_url}get universalDomain(){return this.#t.universe_domain}};var Gc={internal:1,trace:2,debug:5,info:9,warn:13,error:17,fatal:21},ca=i(n=>e=>{let t={};return t.accountName=n.build.ACCOUNT_NAME,t.projectName=n.build.PROJECT_NAME,t.deploymentName=n.deploymentName,t.environmentType=n.loggingEnvironmentStage,t.labels={requestId:e.requestId,source:e.logSource,logOwner:e.logOwner},t.rayId=e.rayId??"",t.runtime={buildId:n.build.BUILD_ID,buildTimestamp:n.build.TIMESTAMP,gitSHA:n.build.GIT_SHA,version:n.build.ZUPLO_VERSION},t.atomicCounter=e.vectorClock,{logId:e.logId,timestamp:e.timestamp,observerdTimestamp:e.timestamp,traceId:e.requestId,severityText:e.level,severityNumber:Gc[e.level],body:Ne(e.messages),attributes:t}},"unifiedFormatter");async function ne(n,e){if(n.level==="error"&&console.error(n.messages),!y.instance.remoteLogURL||!y.instance.loggingId||!y.instance.remoteLogToken)return;let t;try{t=await e?.text()}catch{}try{let r={...n,messages:[...n.messages,...t?[t]:[]],logId:crypto.randomUUID(),logOwner:"user",logSource:"runtime",rayId:null,requestId:`global-${crypto.randomUUID()}`,timestamp:new Date,buildId:y.instance.build.BUILD_ID,loggingId:y.instance.loggingId,vectorClock:0};await la(y.instance,[r])}catch(r){console.error(r)}}i(ne,"sendRemoteGlobalLog");async function la(n,e){let t=ca(n);try{let r=new Headers({"content-type":"application/json",authentication:`Bearer ${n.remoteLogToken}`});_e(r),await z.fetch(`${n.remoteLogURL}/v1/runtime-logs`,{method:"POST",body:JSON.stringify({entries:e.map(t)}),headers:{"content-type":"application/json","user-agent":y.instance.systemUserAgent,"zp-dn":y.instance.deploymentName??"unknown"}})}catch(r){console.error(r)}}i(la,"sendLogs");var Vc=i(n=>async e=>{e.length!==0&&await la(n,e)},"dispatchFunction"),Hn,Qt=class{static{i(this,"UnifiedLogTransport")}constructor(e){Hn||(Hn=new Y("unified-log-transport",1,Vc(e)))}log(e,t){Hn.enqueue(e),t.waitUntil(Hn.waitUntilFlushed())}};var po=class extends ye{constructor(t){super();this.options=t}static{i(this,"GoogleCloudLoggingPlugin")}getTransport(){return new Yt(this.options)}},Wc="https://logging.googleapis.com/v2/entries:write?alt=json",mo={error:"ERROR",warn:"WARNING",info:"INFO",debug:"DEBUG"},Yt=class{static{i(this,"GoogleLogTransport")}constructor(e){f("logging.google-cloud"),this.#n=e.logName,this.#e=e.serviceAccountJson,this.#o=y.instance.loggingEnvironmentType,this.#i=y.instance.loggingEnvironmentStage,this.#r=y.instance.deploymentName,this.#s=e.fields??{}}#e;#t;#n;#r;#o;#i;#s;async init(){this.#t=await Te.init(this.#e)}log(e,t){if(!this.#t)throw new K("Invalid state - Google log transport is not initialized");if(e.messages.length===0)return;let r=Object.assign({allMessages:Ne(e.messages)},this.#s),o=this.#t.projectId??"zuplo-production",s={logName:this.#n,resource:{type:"global"},severity:mo[e.level],timestamp:e.timestamp,trace:`projects/${o}/traces/${e.requestId}`,labels:{requestId:e.requestId,buildId:e.buildId,source:e.logSource,loggingId:e.loggingId,logOwner:e.logOwner,environment:this.#r,environmentType:this.#o,environmentStage:this.#i}};e.rayId&&(s.labels.rayId=e.rayId);let a=ht(r.allMessages);s.jsonPayload={...r,message:a},this.batcher.enqueue(s),t.waitUntil(this.batcher.waitUntilFlushed())}dispatchFunction=i(async e=>{if(e.length===0)return;this.#t||(this.#t=await Te.init(this.#e));let t=await De({serviceAccount:this.#t,audience:"https://logging.googleapis.com/google.logging.v2.LoggingServiceV2"});try{let r=await z.fetch(Wc,{method:"POST",body:JSON.stringify({entries:e}),headers:{Authorization:`Bearer ${t}`,"content-type":"application/json;charset=UTF-8"}});r.ok||await ne({level:"error",messages:[`Failed to send logs to Google: ${r.status} - ${r.statusText}`]},r)}catch{await ne({level:"error",messages:["Failed to connect to Google logging service. Check that the URL is correct."]})}},"dispatchFunction");batcher=new Y("google-log-transport",1,this.dispatchFunction)};var $n="gcp";function Zn(n){let e={allMessages:Ne(n.messages)},t="zuplo-production",r=ht(e.allMessages),o={logName:`projects/${t}/logs/runtime-user`,message:r,severity:mo[n.level],timestamp:n.timestamp,"logging.googleapis.com/labels":{buildId:n.buildId,source:n.logSource,loggingId:n.loggingId,logOwner:n.logOwner},"logging.googleapis.com/trace":`projects/${t}/traces/${n.requestId}`,allMessages:e.allMessages};return n.rayId&&(o["logging.googleapis.com/labels"].rayId=n.rayId),o}i(Zn,"gcpLogFormat");var Xt=class{static{i(this,"ConsoleTransport")}constructor(e,t){this.#e=e??console,this.#t=t}#e;#t;log(e,t){if(this.#t===$n){if(e.messages.length===0)return;this.#e[e.level](Zn(e))}else{let r={...e,url:t.originalRequest.url,method:t.originalRequest.method,route:t.route.pathPattern??t.route.path,messages:Ne(e.messages)};this.#e[e.level](JSON.stringify(r))}}};var yo=class extends ye{constructor(t){super();this.options=t}static{i(this,"DataDogLoggingPlugin")}getTransport(){return new en(this.options)}},go="__ddtags",fo="__ddattr",ho=i(n=>n.replaceAll(",","_").replaceAll(":","_"),"cleanTagText"),Jc=i(n=>{let e=Object.keys(n),t=[];return e.forEach(r=>{let o=n[r];o==null?t.push(ho(r)):t.push(`${ho(r)}:${ho(o.toString())}`)}),t.join(",")},"formatTags"),en=class{static{i(this,"DataDogTransport")}constructor(e){f("logging.datadog"),this.#e=e.apiKey,this.#t=e.url??"https://http-intake.logs.datadoghq.com/api/v2/logs",this.#r=y.instance.loggingEnvironmentType,this.#o=y.instance.loggingEnvironmentStage,this.#n=y.instance.deploymentName,this.#i=e.fields??{},this.#s=e.tags??{},this.#a=e.source??"Zuplo"}#e;#t;#n;#r;#o;#i;#s;#a;log(e,t){let r=Object.assign({},this.#s),o=t.custom[go];o&&typeof o=="object"&&Object.assign(r,o);let s=[...e.messages],a=e.messages.findIndex(h=>h[go]!==void 0);a>-1&&(Object.assign(r,s[a][go]),s.splice(a,1));let u={},c=t.custom[fo];c&&typeof c=="object"&&Object.assign(u,c);let l=e.messages.findIndex(h=>h[fo]!==void 0);l>-1&&(Object.assign(u,s[l][fo]),s.splice(l,1));let d=Ne(s),p={...e,activityId:e.requestId,trace:e.requestId},m=Object.assign({message:{...p,messages:d},ddsource:this.#a,hostname:new URL(t.originalRequest.url).hostname,msg:ht(d),atomic_counter:e.vectorClock,service:e.loggingId,ddtags:Jc(r),environment:this.#n,environment_type:this.#r,environment_stage:this.#o,ray_id:e.rayId,request_id:e.requestId},this.#i);Object.assign(m,u),this.batcher.enqueue(m),t.waitUntil(this.batcher.waitUntilFlushed())}dispatchFunction=i(async e=>{if(e.length!==0)try{let t=await z.fetch(this.#t,{method:"POST",body:JSON.stringify([...e]),headers:{"content-type":"application/json","DD-API-KEY":this.#e}});t.ok||await ne({level:"error",messages:[`Failed to send logs to DataDog: ${t.status} - ${t.statusText}`]},t)}catch{await ne({level:"error",messages:["Failed to connect to DataDog logging service. Check that the URL is correct."]})}},"dispatchFunction");batcher=new Y("data-dog-transport",10,this.dispatchFunction)};var tn=class{static{i(this,"ProcessTransport")}constructor(e,t){this.#e=e,this.#t=t}#e;#t;log(e){if(this.#t===$n){if(e.messages.length===0)return;this.#e[e.level].apply(null,[Zn(e)])}else this.#e[e.level].apply(null,[...e.messages,{logOwner:e.logOwner,logSource:e.logSource,timestamp:e.timestamp,loggingId:e.loggingId,rayId:e.rayId,requestId:e.requestId,buildId:e.buildId,vectorClock:e.vectorClock}])}};var bo=be("zuplo:logging"),Fn=class n{static{i(this,"LogInitializer")}systemCoreLogger;userCoreLogger;constructor({systemCoreLogger:e,userCoreLogger:t}){this.systemCoreLogger=e,this.userCoreLogger=t}static async init(e){let t=await n.setupSystemCoreLogger(y.instance,e),r=await n.setupUserCoreLogger(y.instance,e);return new n({systemCoreLogger:t,userCoreLogger:r})}static async setupSystemCoreLogger(e,t){let{build:r}=e;bo("Gateway.setupSystemCoreLogger");let o=[],s=t.getService(In);return s?o.push(new tn(s.logger,e.logFormat)):e.isLocalDevelopment&&o.push(new Xt(console,e.logFormat)),e.isCloudflare&&e.deploymentName&&e.remoteLogToken&&o.push(new Qt(e)),await Promise.all(o.map(async a=>{a.init&&await a.init()})),new Jt(e.systemLogLevel,"system",e.loggingId,r.BUILD_ID,o)}static async setupUserCoreLogger(e,t){bo("Gateway.setupUserCoreLogger");let r=[],{runtime:o,build:s}=e,a=t.getService(In);if(a&&a.captureUserLogs===!0?r.push(new tn(a.logger,e.logFormat)):e.isLocalDevelopment&&r.push(new Xt(console,e.logFormat)),e.isCloudflare&&e.deploymentName&&e.remoteLogToken&&r.push(new Qt(e)),o.GCP_USER_LOG_NAME&&o.GCP_USER_LOG_SVC_ACCT_JSON&&(f("logging.google.legacy-initialization"),r.push(new Yt({serviceAccountJson:o.GCP_USER_LOG_SVC_ACCT_JSON,logName:o.GCP_USER_LOG_NAME}))),o.ZUPLO_USER_LOGGER_DATA_DOG_API_KEY){f("logging.datadog.legacy-initialization");let u=o.ZUPLO_USER_LOGGER_DATA_DOG_URL;r.push(new en({apiKey:o.ZUPLO_USER_LOGGER_DATA_DOG_API_KEY,url:u}))}return Ue.forEach(u=>{u instanceof ye&&r.push(u.getTransport())}),await Promise.all(r.map(async u=>{u.init&&await u.init()})),new Jt(e.userLogLevel,"user",e.loggingId,s.BUILD_ID,r)}createRequestLoggers(e,t,r,o,s,a){bo("Gateway.createRequestLoggers");let u=new Mn(r,o,s,a),c=new Kt(e,t,this.systemCoreLogger,u);return{userRequestLogger:new Kt(e,t,this.userCoreLogger,u),systemRequestLogger:c}}};var yt=class{static{i(this,"LookupResult")}constructor(e,t,r){this.routeConfiguration=e,this.params=r??{},this.executableHandler=t}executableHandler;routeConfiguration;params},jn=class extends Error{static{i(this,"RouterError")}constructor(e,t){super(e,t)}};var wo=class{static{i(this,"UrlPatternRouterEntry")}constructor(e,t,r){this.fullPath=e,this.config=t,this.executableHandler=r,this.urlPattern=new URLPattern({pathname:this.fullPath})}urlPattern;fullPath;config;executableHandler},zn=class{static{i(this,"UrlPatternRouter")}routeEntries=[];addRoute(e,t){if(!(e instanceof We||e instanceof de))throw new K("Config must be a UserRouteConfiguration or SystemRouteConfiguration");let r;"pathPattern"in e&&e.pathPattern?r=e.pathPattern:r=e.path;try{let o=new wo(r,e,t);Object.freeze(o.config),this.routeEntries.push(o)}catch(o){throw new jn(`addRoute-error: Invalid path '${r}'. '${o.message}'`,{cause:o})}}lookup(e,t){if(typeof t>"u")throw new g(`Invalid request - Method was undefined. Path: '${e}'`);for(let r=0;r<this.routeEntries.length;r++){let o=this.routeEntries[r];if(o.config.methods.includes(t)){let s=o.urlPattern.exec({pathname:e});if(s!==null)return new yt(o.config,o.executableHandler,s.pathname.groups)}}}lookupByPathOnly(e){let t=[];for(let r=0;r<this.routeEntries.length;r++){let o=this.routeEntries[r],s=o.urlPattern.exec({pathname:e});if(s!==null){let a=new yt(o.config,o.executableHandler,s.pathname.groups);t.push(a)}}return t}};import{AsyncLocalStorage as Kc}from"node:async_hooks";var Bn={context:new Kc};var Ro;function da(n){Ro=n}i(da,"setGlobalZuploEventContext");function Ke(){if(Ro===void 0)throw new Error("global ZuploEventContext has not been defined - invalid runtime state");return Ro}i(Ke,"getGlobalZuploEventContext");function pa({headers:n,removeAllVendorHeadersExceptListed:e}){let t=new Headers(n);if(e){for(let[r]of n){let o=r.substring(0,3);Es.includes(o.toLowerCase())&&!xs.includes(r.toLowerCase())&&t.delete(r)}t.delete(fs)}else Is.forEach(r=>{t.delete(r)});return t}i(pa,"normalizeIncomingRequestHeaders");var Qe=be("zuplo:runtime"),he=class n{constructor(e,t,r,o){this.routeData=e;this.runtimeSettings=t;this.schemaValidator=o;Qe("Gateway.constructor"),this.#n=this.setupRoutes(),this.#t=r}static{i(this,"Gateway")}static#e;static async initialize(e,t,r,o){if(Qe("Gateway.initialize"),!n.#e){let s=await Fn.init(r),a=await e(),u={...a,corsPolicies:$s(a.corsPolicies)},c=new n(u,t,s,o);n.#e=c}if(!n.#e)throw new K("Invalid state - Gateway not initialized after trace call. The trace provider is likely not functioning correctly.");return n.#e}static purgeGatewayCache(){Qe("Gateway.purgeGatewayCache"),n.#e=void 0}static get instance(){if(!n.#e)throw new K("Gateway cannot be used before it is initialized");return n.#e}#t;#n;#r=[Nn,Ln,Re];setupRoutes=i(()=>{Qe("Gateway.setupRoutes");let e=this.routeData,t=new zn;if(e.routes.length===0)return Br(t,this),Xr(t,this),Yr(t,this),Zs(t,this),t;let{enabled:r,version:o}=this.runtimeSettings.developerPortal;r&&o==="legacy"&&(ta(t,this),ea(t,this)),Br(t,this),Xr(t,this),Yr(t,this);for(let s of Ue)s instanceof me&&s.registerRoutes(t,this);return e.routes.forEach(s=>{let a;if(typeof s.handler?.module=="object"&&(a=s.handler?.module[s.handler.export]),typeof a!="function")throw new g(`Invalid state - No handler on route for path '${s.path}'`);let u=new ge({processors:this.#r,handler:a,gateway:this}),c=new We(s);t.addRoute(c,u.execute)}),Fs(t,this),t},"setupRoutes");errorHandler(e,t,r,o){Qe("Gateway.internalErrorResponse"),t.log.error(r,o);let s={};if(y.instance.isLocalDevelopment||y.instance.isWorkingCopy)if(o instanceof k&&o.extensionMembers)s=o.extensionMembers;else if(o.cause){let a=st(o.cause);"stack"in a&&(a.stack=uo(a.stack)),s={cause:a}}else{let a=st(o);"stack"in a&&(a.stack=uo(a.stack)),s={cause:a}}return x.internalServerError(e,t,{detail:o.message,...s})}async handleRequest(e,t){let r=e.headers.get(mt)??e.headers.get(gs)??crypto.randomUUID(),o=e.headers.get(nt);da(t);let s=pa({headers:e.headers,removeAllVendorHeadersExceptListed:y.instance.build.COMPATIBILITY_FLAGS.removeAllVendorHeadersExceptListed});s.set(mt,r);let a=new Request(e,{headers:s});if(["GET","HEAD"].includes(a.method)&&a.body){let S=new Headers(a.headers);S.set(Sr,"true"),a=new Request(a,{headers:S,body:null})}a=await Ls(a);let u=new URL(a.url),c=u.pathname,l=this.#n.lookup(c,a.method);if(!l)throw new K(`Invalid state - no route match - should have been picked up by the not found handler, path: '${c}'`);let d={},{userRequestLogger:p,systemRequestLogger:m}=this.#t.createRequestLoggers(r,o,t,d,a,l.routeConfiguration),h=new Gn(e.headers),I=new re(a,{params:l.params}),b=new Vn({logger:p,route:l.routeConfiguration,requestId:r,event:t,custom:d,incomingRequestProperties:h}),v=Bn.context.getStore();v&&(v.context=b);let L=l.routeConfiguration.raw();Qc.getActiveSpan()?.setAttributes({"http.route":b.route.path??b.route.pathPattern,"cloud.region":b.incomingRequestProperties.colo,[$e.RoutePathPattern]:b.route.pathPattern,[$e.RouteOperationId]:L.operationId,[$e.RouteTrace]:L["x-zuplo-trace"],[$e.RouteSystem]:gt(u)?!0:void 0}),Ee.initialize(b,I);try{if(Q.addLogger(b,m),y.instance.build.COMPATIBILITY_FLAGS.doNotRunHooksOnSystemRoutes?!gt(u):!u.pathname.startsWith("/__zuplo")){let q=await As(I,b);if(q instanceof Response)return q;{let A=Ee.getContextExtensions(b);I=q,A.latestRequest=I}}gt(u)||p.debug(`Request received '${u.pathname}'`,{method:a.method,url:u.pathname,hostname:u.hostname,route:l.routeConfiguration.path});let S=l.executableHandler;Yc(S,l,a),Qe("Gateway.handleRequest - call user handler");let $=await S(I,b);if(Qe("Gateway.handleRequest - user handler"),!($ instanceof Response))throw new k(`Invalid Response type from the request handler: ${typeof $}`);if($.bodyUsed)throw new k("The response object has already been used. Return a new response instead.");let Z;if($.headers.get(mt)===null&&!$.webSocket){let q=new Headers($.headers);q.set(mt,r),Z=new Response($.body,{status:$.status,statusText:$.statusText,headers:q,cf:$.cf})}else Z=$;return Z}catch(S){return S instanceof k?(p.error(S),m.warn(S)):m.error(S),await this.errorHandler(I,b,"Error executing handler",S)}}};function Yc(n,e,t){if(Qe("Gateway.checkHandler"),!n)throw typeof e.routeConfiguration>"u"?new g(`Invalid state - no routeConfiguration for '${t.method}:${t.url}`):new g(`Invalid state. No handler for request '${t.method}':'${e.routeConfiguration.path}'`)}i(Yc,"checkHandler");var ma=i(async(n,e,t)=>{let r=he.instance.routeData.policies,o=Vt([n],r);if(o.length===0)throw new k(`Invalid 'invokeInboundPolicy call' - no policy '${n}' found.`);return o[0].handler(e,t)},"invokeInboundPolicy"),ga=i(async(n,e,t,r)=>{let o=he.instance.routeData.policies,s=Wt([n],o);if(s.length===0)throw new k(`Invalid 'invokeOutboundPolicy call' - no policy '${n}' found.`);return s[0].handler(e,t,r)},"invokeOutboundPolicy");function Xc(n){let e={};if(!n)return e;try{let t=n.split(","),r={};return t.forEach(o=>{let[s,a]=o.split("=");s&&a&&(r[s.trim()]=a.trim())}),r.asnum&&(e[Dt]=r.asnum),r.zip&&(e[Mt]=r.zip.split("+")[0]),r.dma&&(e[qt]=r.dma),r.region_code&&(e[Ut]=r.region_code),r.timezone&&(e[Ht]=r.timezone),r.city&&(e[yn]=r.city),r.continent&&(e[bn]=r.continent),r.country_code&&(e[wn]=r.country_code),r.long&&(e[Rn]=r.long),r.lat&&(e[Pn]=r.lat),e}catch{return{}}}i(Xc,"parseEdgeScapeHeader");function fa(n,e){let t=Xc(e);for(let[r,o]of Object.entries(t))n.has(r)||n.set(r,o)}i(fa,"setZpHeadersFromAkamaiEdgeScapeHeader");var Gn=class{static{i(this,"HeaderIncomingRequestProperties")}#e;constructor(e){this.#e=e;let t=e.get(qr);if(t){let r=new Headers(e);fa(r,t),this.#e=r}}get asn(){try{let e=this.#e.get(Dt);if(typeof e=="string")return parseInt(e)}catch{}}get asOrganization(){return this.#e.get(Nr)??void 0}get city(){return this.#e.get(Ar)??this.#e.get(yn)??void 0}get continent(){return this.#e.get(Or)??this.#e.get(bn)??void 0}get country(){return this.#e.get(kr)??this.#e.get(wn)??void 0}get latitude(){return this.#e.get(_r)??this.#e.get(Pn)??void 0}get longitude(){return this.#e.get(Lr)??this.#e.get(Rn)??void 0}get colo(){return this.#e.get(Dr)??void 0}get postalCode(){return this.#e.get(ws)??this.#e.get(Mt)??void 0}get metroCode(){return this.#e.get(bs)??this.#e.get(qt)??void 0}get region(){return this.#e.get(hs)??this.#e.get(Mr)??void 0}get regionCode(){return this.#e.get(ys)??this.#e.get(Ut)??void 0}get timezone(){return this.#e.get(Rs)??this.#e.get(Ht)??void 0}toJSON(){return{asn:this.asn,asOrganization:this.asOrganization,city:this.city,continent:this.continent,country:this.country,latitude:this.latitude,longitude:this.longitude,colo:this.colo,postalCode:this.postalCode,metroCode:this.metroCode,region:this.region,regionCode:this.regionCode,timezone:this.timezone}}},zt=class extends Event{static{i(this,"ResponseSendingEvent")}constructor(e,t){super("responseSending"),this.request=e,this.mutableResponse=t}request;mutableResponse},Bt=class extends Event{static{i(this,"ResponseSentEvent")}constructor(e,t){super("responseSent"),this.request=e,this.response=t}request;response},Ee=class n{static{i(this,"ZuploContextExtensions")}static#e=new WeakMap;static initialize(e,t){if(!n.#e.has(e)){let r=new n(t);return n.#e.set(e,r),r}throw new Error(`ZuploContextExtensions already initialized for context with requestId '${e.requestId}'`)}static getContextExtensions(e){let t=n.#e.get(e);if(!t)throw new k(`Invalid state, could not get ZuploContext extensions for context with requestId '${e.requestId}'`);return t}latestRequest;#t;#n;constructor(e){this.latestRequest=e,this.#t=[],this.#n=[]}addResponseSendingHook(e){this.#n.push(e)}addResponseSendingFinalHook(e){this.#t.push(e)}onResponseSendingFinal=i(async(e,t,r)=>{for(let o of this.#t)await o(e,t,r)},"onResponseSendingFinal");onResponseSending=i(async(e,t,r)=>{let o=e;for(let s of this.#n)o=await s(e,t,r);return o},"onResponseSending")},Vn=class extends EventTarget{static{i(this,"SystemZuploContext")}constructor({logger:e,route:t,requestId:r,event:o,custom:s,incomingRequestProperties:a}){super(),this.log=Object.freeze(e),this.route=t,this.requestId=r,this.custom=s,this.incomingRequestProperties=a,this.#e=o,this.invokeInboundPolicy=(u,c)=>ma(u,c,this),this.invokeOutboundPolicy=(u,c,l)=>ga(u,c,l,this),this.waitUntil=u=>{this.#e.waitUntil(u)},this.addResponseSendingHook=u=>{Ee.getContextExtensions(this).addResponseSendingHook(u)},this.addResponseSendingFinalHook=u=>{Ee.getContextExtensions(this).addResponseSendingFinalHook(u)},Object.freeze(this)}#e;requestId;log;route;custom;incomingRequestProperties;invokeInboundPolicy;invokeOutboundPolicy;waitUntil;addResponseSendingHook;addResponseSendingFinalHook;addEventListener(e,t,r){let o=i(s=>{try{typeof t=="function"?t(s):t.handleEvent(s)}catch(a){throw this.log.error(`Error invoking event ${e}. See following logs for details.`),a}},"wrapped");super.addEventListener(e,o,r)}};var el="Error initializing gateway. Check your configuration for errors or contact support.",tl="Error initializing gateway. Check your 'zuplo.runtime.ts' for errors or contact support.",Po=class{constructor(e,t,r,o,s,a){this.routeLoader=e;this.buildEnvironment=t;this.runtimeSettings=r;this.serviceProvider=o;this.schemaValidations=s;this.runtimeInit=a}static{i(this,"Handler")}requestHandler=i(async(e,t,r)=>{y.initialize({build:this.buildEnvironment,runtime:t});try{await _s(this.runtimeInit)}catch(s){this.handleError(s,tl,e)}return vs(i(async(s,a)=>{let u;try{u=await he.initialize(this.routeLoader,this.runtimeSettings,this.serviceProvider,this.schemaValidations)}catch(l){return this.handleError(l,el,s)}let c={context:void 0};return Bn.context.run(c,async()=>u.handleRequest(s,a))},"innerHandler"))(e,r)},"requestHandler");handleError(e,t,r){console.error("Error initializing gateway.",e),e instanceof g&&(t=e.message);let o={status:500,title:"Gateway Initialization Error",type:"https://httpproblems.com/http-status/500",detail:t,instance:r.url,trace:{timestamp:Date.now(),rayId:r.headers.get("cf-ray")??void 0,buildId:this.buildEnvironment.BUILD_ID},message:y.instance.isWorkingCopy?e.message:void 0};return new Response(JSON.stringify(o,null,2),{status:500,headers:{"content-type":"application/json"}})}};function nl(n){for(var e=[],t=0;t<n.length;){var r=n[t];if(r==="*"||r==="+"||r==="?"){e.push({type:"MODIFIER",index:t,value:n[t++]});continue}if(r==="\\"){e.push({type:"ESCAPED_CHAR",index:t++,value:n[t++]});continue}if(r==="{"){e.push({type:"OPEN",index:t,value:n[t++]});continue}if(r==="}"){e.push({type:"CLOSE",index:t,value:n[t++]});continue}if(r===":"){for(var o="",s=t+1;s<n.length;){var a=n.charCodeAt(s);if(a>=48&&a<=57||a>=65&&a<=90||a>=97&&a<=122||a===95){o+=n[s++];continue}break}if(!o)throw new TypeError("Missing parameter name at ".concat(t));e.push({type:"NAME",index:t,value:o}),t=s;continue}if(r==="("){var u=1,c="",s=t+1;if(n[s]==="?")throw new TypeError('Pattern cannot start with "?" at '.concat(s));for(;s<n.length;){if(n[s]==="\\"){c+=n[s++]+n[s++];continue}if(n[s]===")"){if(u--,u===0){s++;break}}else if(n[s]==="("&&(u++,n[s+1]!=="?"))throw new TypeError("Capturing groups are not allowed at ".concat(s));c+=n[s++]}if(u)throw new TypeError("Unbalanced pattern at ".concat(t));if(!c)throw new TypeError("Missing pattern at ".concat(t));e.push({type:"PATTERN",index:t,value:c}),t=s;continue}e.push({type:"CHAR",index:t,value:n[t++]})}return e.push({type:"END",index:t,value:""}),e}i(nl,"lexer");function Eo(n,e){e===void 0&&(e={});for(var t=nl(n),r=e.prefixes,o=r===void 0?"./":r,s=e.delimiter,a=s===void 0?"/#?":s,u=[],c=0,l=0,d="",p=i(function(F){if(l<t.length&&t[l].type===F)return t[l++].value},"tryConsume"),m=i(function(F){var T=p(F);if(T!==void 0)return T;var E=t[l],M=E.type,ce=E.index;throw new TypeError("Unexpected ".concat(M," at ").concat(ce,", expected ").concat(F))},"mustConsume"),h=i(function(){for(var F="",T;T=p("CHAR")||p("ESCAPED_CHAR");)F+=T;return F},"consumeText"),I=i(function(F){for(var T=0,E=a;T<E.length;T++){var M=E[T];if(F.indexOf(M)>-1)return!0}return!1},"isSafe"),b=i(function(F){var T=u[u.length-1],E=F||(T&&typeof T=="string"?T:"");if(T&&!E)throw new TypeError('Must have text between two parameters, missing text after "'.concat(T.name,'"'));return!E||I(E)?"[^".concat(Io(a),"]+?"):"(?:(?!".concat(Io(E),")[^").concat(Io(a),"])+?")},"safePattern");l<t.length;){var v=p("CHAR"),L=p("NAME"),S=p("PATTERN");if(L||S){var $=v||"";o.indexOf($)===-1&&(d+=$,$=""),d&&(u.push(d),d=""),u.push({name:L||c++,prefix:$,suffix:"",pattern:S||b($),modifier:p("MODIFIER")||""});continue}var Z=v||p("ESCAPED_CHAR");if(Z){d+=Z;continue}d&&(u.push(d),d="");var q=p("OPEN");if(q){var $=h(),A=p("NAME")||"",H=p("PATTERN")||"",V=h();m("CLOSE"),u.push({name:A||(H?c++:""),pattern:A&&!H?b($):H,prefix:$,suffix:V,modifier:p("MODIFIER")||""});continue}m("END")}return u}i(Eo,"parse");function ha(n,e){return rl(Eo(n,e),e)}i(ha,"compile");function rl(n,e){e===void 0&&(e={});var t=ol(e),r=e.encode,o=r===void 0?function(c){return c}:r,s=e.validate,a=s===void 0?!0:s,u=n.map(function(c){if(typeof c=="object")return new RegExp("^(?:".concat(c.pattern,")$"),t)});return function(c){for(var l="",d=0;d<n.length;d++){var p=n[d];if(typeof p=="string"){l+=p;continue}var m=c?c[p.name]:void 0,h=p.modifier==="?"||p.modifier==="*",I=p.modifier==="*"||p.modifier==="+";if(Array.isArray(m)){if(!I)throw new TypeError('Expected "'.concat(p.name,'" to not repeat, but got an array'));if(m.length===0){if(h)continue;throw new TypeError('Expected "'.concat(p.name,'" to not be empty'))}for(var b=0;b<m.length;b++){var v=o(m[b],p);if(a&&!u[d].test(v))throw new TypeError('Expected all "'.concat(p.name,'" to match "').concat(p.pattern,'", but got "').concat(v,'"'));l+=p.prefix+v+p.suffix}continue}if(typeof m=="string"||typeof m=="number"){var v=o(String(m),p);if(a&&!u[d].test(v))throw new TypeError('Expected "'.concat(p.name,'" to match "').concat(p.pattern,'", but got "').concat(v,'"'));l+=p.prefix+v+p.suffix;continue}if(!h){var L=I?"an array":"a string";throw new TypeError('Expected "'.concat(p.name,'" to be ').concat(L))}}return l}}i(rl,"tokensToFunction");function Io(n){return n.replace(/([.+*?=^!:${}()[\]|/\\])/g,"\\$1")}i(Io,"escapeString");function ol(n){return n&&n.sensitive?"":"i"}i(ol,"flags");var il=be("zuplo:runtime"),To=new TextEncoder,ya={appstream2:"appstream",cloudhsmv2:"cloudhsm",email:"ses",marketplace:"aws-marketplace",mobile:"AWSMobileHubService",pinpoint:"mobiletargeting",queue:"sqs","git-codecommit":"codecommit","mturk-requester-sandbox":"mturk-requester","personalize-runtime":"personalize"},sl=["authorization","content-type","content-length","user-agent","presigned-expires","expect","x-amzn-trace-id","range","connection"],bt=class{static{i(this,"AwsClient")}accessKeyId;secretAccessKey;sessionToken;service;region;cache;retries;initRetryMs;constructor({accessKeyId:e,secretAccessKey:t,sessionToken:r,service:o,region:s,cache:a,retries:u,initRetryMs:c}){if(e==null)throw new TypeError("accessKeyId is a required option");if(t==null)throw new TypeError("secretAccessKey is a required option");this.accessKeyId=e,this.secretAccessKey=t,this.sessionToken=r,this.service=o,this.region=s,this.cache=a||new Map,this.retries=u??0,this.initRetryMs=c||50}async sign(e,t){let r=new Co(Object.assign({url:e},t,this,t&&t.aws)),o=Object.assign({},t,await r.sign());return delete o.aws,{url:o.url.toString(),request:o}}async fetch(e,t){il("AWS fetch",e);for(let r=0;r<=this.retries;r++){let{url:o,request:s}=await this.sign(e,t),a=z.fetch(o,s);if(r===this.retries)return a;let u=await a;if(u.status<500&&u.status!==429)return u;await new Promise(c=>setTimeout(c,Math.random()*this.initRetryMs*Math.pow(2,r)))}throw new g("An unknown error occurred, ensure retries is not negative")}},Co=class{static{i(this,"AwsV4Signer")}method;url;headers;body;accessKeyId;secretAccessKey;sessionToken;service;region;cache;datetime;signQuery;appendSessionToken;signableHeaders;signedHeaders;canonicalHeaders;credentialString;encodedPath;encodedSearch;constructor({method:e,url:t,headers:r,body:o,accessKeyId:s,secretAccessKey:a,sessionToken:u,service:c,region:l,cache:d,datetime:p,signQuery:m,appendSessionToken:h,allHeaders:I,singleEncode:b}){if(t==null)throw new TypeError("url is a required option");if(s==null)throw new TypeError("accessKeyId is a required option");if(a==null)throw new TypeError("secretAccessKey is a required option");this.method=e||(o?"POST":"GET"),this.url=new URL(t),this.headers=new Headers(r||{}),this.body=o,this.accessKeyId=s,this.secretAccessKey=a,this.sessionToken=u;let v,L;(!c||!l)&&([v,L]=al(this.url,this.headers)),this.service=c||v||"",this.region=l||L||"us-east-1",this.cache=d||new Map,this.datetime=p||new Date().toISOString().replace(/[:-]|\.\d{3}/g,""),this.signQuery=m,this.appendSessionToken=h||this.service==="iotdevicegateway",this.headers.delete("Host");let S=this.signQuery?this.url.searchParams:this.headers;if(this.service==="s3"&&!this.headers.has("X-Amz-Content-Sha256")&&this.headers.set("X-Amz-Content-Sha256","UNSIGNED-PAYLOAD"),S.set("X-Amz-Date",this.datetime),this.sessionToken&&!this.appendSessionToken&&S.set("X-Amz-Security-Token",this.sessionToken),this.signableHeaders=["host",...this.headers.keys()].filter(Z=>I||!sl.includes(Z)).sort(),this.signedHeaders=this.signableHeaders.join(";"),this.canonicalHeaders=this.signableHeaders.map(Z=>Z+":"+(Z==="host"?this.url.host:(this.headers.get(Z)||"").replace(/\s+/g," "))).join(`
-`),this.credentialString=[this.datetime.slice(0,8),this.region,this.service,"aws4_request"].join("/"),this.signQuery&&(this.service==="s3"&&!S.has("X-Amz-Expires")&&S.set("X-Amz-Expires","86400"),S.set("X-Amz-Algorithm","AWS4-HMAC-SHA256"),S.set("X-Amz-Credential",this.accessKeyId+"/"+this.credentialString),S.set("X-Amz-SignedHeaders",this.signedHeaders)),this.service==="s3")try{this.encodedPath=decodeURIComponent(this.url.pathname.replace(/\+/g," "))}catch{this.encodedPath=this.url.pathname}else this.encodedPath=this.url.pathname.replace(/\/+/g,"/");b||(this.encodedPath=encodeURIComponent(this.encodedPath).replace(/%2F/g,"/")),this.encodedPath=wa(this.encodedPath);let $=new Set;this.encodedSearch=[...this.url.searchParams].filter(([Z])=>{if(!Z)return!1;if(this.service==="s3"){if($.has(Z))return!1;$.add(Z)}return!0}).map(Z=>Z.map(q=>wa(encodeURIComponent(q)))).sort(([Z,q],[A,H])=>Z<A?-1:Z>A?1:q<H?-1:q>H?1:0).map(Z=>Z.join("=")).join("&")}async sign(){return this.signQuery?(this.url.searchParams.set("X-Amz-Signature",await this.signature()),this.sessionToken&&this.appendSessionToken&&this.url.searchParams.set("X-Amz-Security-Token",this.sessionToken)):this.headers.set("Authorization",await this.authHeader()),{method:this.method,url:this.url,headers:this.headers,body:this.body}}async authHeader(){return["AWS4-HMAC-SHA256 Credential="+this.accessKeyId+"/"+this.credentialString,"SignedHeaders="+this.signedHeaders,"Signature="+await this.signature()].join(", ")}async signature(){let e=this.datetime.slice(0,8),t=[this.secretAccessKey,e,this.region,this.service].join(),r=this.cache.get(t);if(!r){let o=await nn("AWS4"+this.secretAccessKey,e),s=await nn(o,this.region),a=await nn(s,this.service);r=await nn(a,"aws4_request"),this.cache.set(t,r)}return xo(await nn(r,await this.stringToSign()))}async stringToSign(){return["AWS4-HMAC-SHA256",this.datetime,this.credentialString,xo(await ba(await this.canonicalString()))].join(`
+`)}i(ra,"messagesToMultilineText");function oa(n){return typeof n=="string"?n:JSON.stringify(n)}i(oa,"stringifyNonString");function co(n){return typeof n=="string"?n:n===null?"null":typeof n>"u"?"undefined":typeof n=="number"||typeof n=="boolean"||typeof n=="bigint"||typeof n=="symbol"?n.toString():typeof n=="function"?`[function ${n.name}]`:typeof n=="object"&&Array.isArray(n)?`[array ${n.length}]`:n instanceof Error?`${n.name??"Error"}: ${n.message??"unknown"}`:typeof n=="object"?Wr(n):"unknown"}i(co,"stringifyNonStringToText");import{importPKCS8 as Gc,SignJWT as Vc}from"jose";async function we(n,e,t){for(let r=0;r<=n.retries;r++){let o=z.fetch(e,t);if(r===n.retries)return o;let s=await o;if(s.status<500&&s.status!==429)return s;n?.logger?.error("Request failed, retrying",{method:typeof e=="string"?"GET":e.method,url:typeof e=="string"?e:e.url,status:s.status}),await new Promise(a=>setTimeout(a,n.retryDelayMs*Math.pow(2,r)))}throw new g("An unknown error occurred, ensure retries is not negative")}i(we,"fetchRetry");async function De({serviceAccount:n,audience:e,expirationTime:t="1h",payload:r={}}){let{clientEmail:o,privateKeyId:s,privateKey:a}=n;return await new Vc(r).setProtectedHeader({alg:"RS256",kid:s}).setIssuer(o).setSubject(o).setAudience(e).setIssuedAt().setExpirationTime(t).sign(a)}i(De,"getTokenFromGcpServiceAccount");async function ia(n,e,t){if(!n.startsWith("projects/"))throw new g(`The provided audience is invalid: ${n}. It must start with 'projects/'.`);return lo("https://sts.googleapis.com/v1/token",{audience:`//iam.googleapis.com/${n}`,grant_type:"urn:ietf:params:oauth:grant-type:token-exchange",subject_token_type:"urn:ietf:params:oauth:token-type:jwt",requested_token_type:"urn:ietf:params:oauth:token-type:access_token",subject_token:e,scope:"https://www.googleapis.com/auth/cloud-platform"},t)}i(ia,"exchangeIDTokenForGcpWorkloadToken");async function sa({serviceAccountEmailOrIdentifier:n,audience:e,accessToken:t},r){let o={audience:e,includeEmail:!0};return ua(`https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${encodeURIComponent(n)}:generateIdToken`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${t}`},redirect:"follow",body:JSON.stringify(o)},r)}i(sa,"generateServiceAccountIDToken");async function aa(n,e,t){return lo(n,{token:e,returnSecureToken:!0},t)}i(aa,"exchangeFirebaseJwtForIdToken");async function Un(n,e,t){return lo(n,{grant_type:"urn:ietf:params:oauth:grant-type:jwt-bearer",assertion:e},t)}i(Un,"exchangeGgpJwtForIdToken");async function lo(n,e,t){let r={method:"POST",headers:{"Content-Type":"application/json"},redirect:"follow",body:JSON.stringify(e)};return ua(n,r,t)}i(lo,"fetchTokenFromBody");async function ua(n,e,t){let r=await we(t,n,e);if(r.status!==200){let s;try{let a=await r.text(),u=JSON.parse(a);s={cause:u.error_description??u.error??u}}catch{}throw new k({message:"Could not get token from Google Identity",extensionMembers:s})}return await r.json()}i(ua,"fetchToken");var Te=class n{static{i(this,"GcpServiceAccount")}#e;#t;constructor({serviceAccount:e,privateKey:t}){this.#t=e,this.#e=t}static async init(e){let t=JSON.parse(e),r=await Gc(t.private_key.trim(),"RS256");return new n({serviceAccount:t,privateKey:r})}get type(){return this.#t.type}get projectId(){return this.#t.project_id}get privateKeyId(){return this.#t.private_key_id}get privateKey(){return this.#e}get clientEmail(){return this.#t.client_email}get clientId(){return this.#t.client_id}get authUri(){return this.#t.auth_uri}get tokenUrl(){return this.#t.token_url}get authProviderX509CertUrl(){return this.#t.auth_provider_x509_cert_url}get clientX509CertUrl(){return this.#t.client_x509_cert_url}get universalDomain(){return this.#t.universe_domain}};var Wc={internal:1,trace:2,debug:5,info:9,warn:13,error:17,fatal:21},ca=i(n=>e=>{let t={};return t.accountName=n.build.ACCOUNT_NAME,t.projectName=n.build.PROJECT_NAME,t.deploymentName=n.deploymentName,t.environmentType=n.loggingEnvironmentStage,t.labels={requestId:e.requestId,source:e.logSource,logOwner:e.logOwner},t.rayId=e.rayId??"",t.runtime={buildId:n.build.BUILD_ID,buildTimestamp:n.build.TIMESTAMP,gitSHA:n.build.GIT_SHA,version:n.build.ZUPLO_VERSION},t.atomicCounter=e.vectorClock,{logId:e.logId,timestamp:e.timestamp,observerdTimestamp:e.timestamp,traceId:e.requestId,severityText:e.level,severityNumber:Wc[e.level],body:Ne(e.messages),attributes:t}},"unifiedFormatter");async function re(n,e){if(n.level==="error"&&console.error(n.messages),!y.instance.remoteLogURL||!y.instance.loggingId||!y.instance.remoteLogToken)return;let t;try{t=await e?.text()}catch{}try{let r={...n,messages:[...n.messages,...t?[t]:[]],logId:crypto.randomUUID(),logOwner:"user",logSource:"runtime",rayId:null,requestId:`global-${crypto.randomUUID()}`,timestamp:new Date,buildId:y.instance.build.BUILD_ID,loggingId:y.instance.loggingId,vectorClock:0};await la(y.instance,[r])}catch(r){console.error(r)}}i(re,"sendRemoteGlobalLog");async function la(n,e){let t=ca(n);try{let r=new Headers({"content-type":"application/json",authentication:`Bearer ${n.remoteLogToken}`});_e(r),await z.fetch(`${n.remoteLogURL}/v1/runtime-logs`,{method:"POST",body:JSON.stringify({entries:e.map(t)}),headers:{"content-type":"application/json","user-agent":y.instance.systemUserAgent,"zp-dn":y.instance.deploymentName??"unknown"}})}catch(r){console.error(r)}}i(la,"sendLogs");var Jc=i(n=>async e=>{e.length!==0&&await la(n,e)},"dispatchFunction"),$n,Qt=class{static{i(this,"UnifiedLogTransport")}constructor(e){$n||($n=new X("unified-log-transport",1,Jc(e)))}log(e,t){$n.enqueue(e),t.waitUntil($n.waitUntilFlushed())}};var po=class extends ye{constructor(t){super();this.options=t}static{i(this,"GoogleCloudLoggingPlugin")}getTransport(){return new Yt(this.options)}},Kc="https://logging.googleapis.com/v2/entries:write?alt=json",mo={error:"ERROR",warn:"WARNING",info:"INFO",debug:"DEBUG"},Yt=class{static{i(this,"GoogleLogTransport")}constructor(e){f("logging.google-cloud"),this.#n=e.logName,this.#e=e.serviceAccountJson,this.#o=y.instance.loggingEnvironmentType,this.#i=y.instance.loggingEnvironmentStage,this.#r=y.instance.deploymentName,this.#s=e.fields??{}}#e;#t;#n;#r;#o;#i;#s;async init(){this.#t=await Te.init(this.#e)}log(e,t){if(!this.#t)throw new K("Invalid state - Google log transport is not initialized");if(e.messages.length===0)return;let r=Object.assign({allMessages:Ne(e.messages)},this.#s),o=this.#t.projectId??"zuplo-production",s={logName:this.#n,resource:{type:"global"},severity:mo[e.level],timestamp:e.timestamp,trace:`projects/${o}/traces/${e.requestId}`,labels:{requestId:e.requestId,buildId:e.buildId,source:e.logSource,loggingId:e.loggingId,logOwner:e.logOwner,environment:this.#r,environmentType:this.#o,environmentStage:this.#i}};e.rayId&&(s.labels.rayId=e.rayId);let a=ht(r.allMessages);s.jsonPayload={...r,message:a},this.batcher.enqueue(s),t.waitUntil(this.batcher.waitUntilFlushed())}dispatchFunction=i(async e=>{if(e.length===0)return;this.#t||(this.#t=await Te.init(this.#e));let t=await De({serviceAccount:this.#t,audience:"https://logging.googleapis.com/google.logging.v2.LoggingServiceV2"});try{let r=await z.fetch(Kc,{method:"POST",body:JSON.stringify({entries:e}),headers:{Authorization:`Bearer ${t}`,"content-type":"application/json;charset=UTF-8"}});r.ok||await re({level:"error",messages:[`Failed to send logs to Google: ${r.status} - ${r.statusText}`]},r)}catch{await re({level:"error",messages:["Failed to connect to Google logging service. Check that the URL is correct."]})}},"dispatchFunction");batcher=new X("google-log-transport",1,this.dispatchFunction)};var Hn="gcp";function Zn(n){let e={allMessages:Ne(n.messages)},t="zuplo-production",r=ht(e.allMessages),o={logName:`projects/${t}/logs/runtime-user`,message:r,severity:mo[n.level],timestamp:n.timestamp,"logging.googleapis.com/labels":{buildId:n.buildId,source:n.logSource,loggingId:n.loggingId,logOwner:n.logOwner},"logging.googleapis.com/trace":`projects/${t}/traces/${n.requestId}`,allMessages:e.allMessages};return n.rayId&&(o["logging.googleapis.com/labels"].rayId=n.rayId),o}i(Zn,"gcpLogFormat");var Xt=class{static{i(this,"ConsoleTransport")}constructor(e,t){this.#e=e??console,this.#t=t}#e;#t;log(e,t){if(this.#t===Hn){if(e.messages.length===0)return;this.#e[e.level](Zn(e))}else{let r={...e,url:t.originalRequest.url,method:t.originalRequest.method,route:t.route.pathPattern??t.route.path,messages:Ne(e.messages)};this.#e[e.level](JSON.stringify(r))}}};var yo=class extends ye{constructor(t){super();this.options=t}static{i(this,"DataDogLoggingPlugin")}getTransport(){return new en(this.options)}},go="__ddtags",fo="__ddattr",ho=i(n=>n.replaceAll(",","_").replaceAll(":","_"),"cleanTagText"),Qc=i(n=>{let e=Object.keys(n),t=[];return e.forEach(r=>{let o=n[r];o==null?t.push(ho(r)):t.push(`${ho(r)}:${ho(o.toString())}`)}),t.join(",")},"formatTags"),en=class{static{i(this,"DataDogTransport")}constructor(e){f("logging.datadog"),this.#e=e.apiKey,this.#t=e.url??"https://http-intake.logs.datadoghq.com/api/v2/logs",this.#r=y.instance.loggingEnvironmentType,this.#o=y.instance.loggingEnvironmentStage,this.#n=y.instance.deploymentName,this.#i=e.fields??{},this.#s=e.tags??{},this.#a=e.source??"Zuplo"}#e;#t;#n;#r;#o;#i;#s;#a;log(e,t){let r=Object.assign({},this.#s),o=t.custom[go];o&&typeof o=="object"&&Object.assign(r,o);let s=[...e.messages],a=e.messages.findIndex(h=>h[go]!==void 0);a>-1&&(Object.assign(r,s[a][go]),s.splice(a,1));let u={},c=t.custom[fo];c&&typeof c=="object"&&Object.assign(u,c);let l=e.messages.findIndex(h=>h[fo]!==void 0);l>-1&&(Object.assign(u,s[l][fo]),s.splice(l,1));let d=Ne(s),p={...e,activityId:e.requestId,trace:e.requestId},m=Object.assign({message:{...p,messages:d},ddsource:this.#a,hostname:new URL(t.originalRequest.url).hostname,msg:ht(d),atomic_counter:e.vectorClock,service:e.loggingId,ddtags:Qc(r),environment:this.#n,environment_type:this.#r,environment_stage:this.#o,ray_id:e.rayId,request_id:e.requestId},this.#i);Object.assign(m,u),this.batcher.enqueue(m),t.waitUntil(this.batcher.waitUntilFlushed())}dispatchFunction=i(async e=>{if(e.length!==0)try{let t=await z.fetch(this.#t,{method:"POST",body:JSON.stringify([...e]),headers:{"content-type":"application/json","DD-API-KEY":this.#e}});t.ok||await re({level:"error",messages:[`Failed to send logs to DataDog: ${t.status} - ${t.statusText}`]},t)}catch{await re({level:"error",messages:["Failed to connect to DataDog logging service. Check that the URL is correct."]})}},"dispatchFunction");batcher=new X("data-dog-transport",10,this.dispatchFunction)};var tn=class{static{i(this,"ProcessTransport")}constructor(e,t){this.#e=e,this.#t=t}#e;#t;log(e){if(this.#t===Hn){if(e.messages.length===0)return;this.#e[e.level].apply(null,[Zn(e)])}else this.#e[e.level].apply(null,[...e.messages,{logOwner:e.logOwner,logSource:e.logSource,timestamp:e.timestamp,loggingId:e.loggingId,rayId:e.rayId,requestId:e.requestId,buildId:e.buildId,vectorClock:e.vectorClock}])}};var bo=be("zuplo:logging"),Fn=class n{static{i(this,"LogInitializer")}systemCoreLogger;userCoreLogger;constructor({systemCoreLogger:e,userCoreLogger:t}){this.systemCoreLogger=e,this.userCoreLogger=t}static async init(e){let t=await n.setupSystemCoreLogger(y.instance,e),r=await n.setupUserCoreLogger(y.instance,e);return new n({systemCoreLogger:t,userCoreLogger:r})}static async setupSystemCoreLogger(e,t){let{build:r}=e;bo("Gateway.setupSystemCoreLogger");let o=[],s=t.getService(In);return s?o.push(new tn(s.logger,e.logFormat)):e.isLocalDevelopment&&o.push(new Xt(console,e.logFormat)),e.isCloudflare&&e.deploymentName&&e.remoteLogToken&&o.push(new Qt(e)),await Promise.all(o.map(async a=>{a.init&&await a.init()})),new Jt(e.systemLogLevel,"system",e.loggingId,r.BUILD_ID,o)}static async setupUserCoreLogger(e,t){bo("Gateway.setupUserCoreLogger");let r=[],{runtime:o,build:s}=e,a=t.getService(In);if(a&&a.captureUserLogs===!0?r.push(new tn(a.logger,e.logFormat)):e.isLocalDevelopment&&r.push(new Xt(console,e.logFormat)),e.isCloudflare&&e.deploymentName&&e.remoteLogToken&&r.push(new Qt(e)),o.GCP_USER_LOG_NAME&&o.GCP_USER_LOG_SVC_ACCT_JSON&&(f("logging.google.legacy-initialization"),r.push(new Yt({serviceAccountJson:o.GCP_USER_LOG_SVC_ACCT_JSON,logName:o.GCP_USER_LOG_NAME}))),o.ZUPLO_USER_LOGGER_DATA_DOG_API_KEY){f("logging.datadog.legacy-initialization");let u=o.ZUPLO_USER_LOGGER_DATA_DOG_URL;r.push(new en({apiKey:o.ZUPLO_USER_LOGGER_DATA_DOG_API_KEY,url:u}))}return Ue.forEach(u=>{u instanceof ye&&r.push(u.getTransport())}),await Promise.all(r.map(async u=>{u.init&&await u.init()})),new Jt(e.userLogLevel,"user",e.loggingId,s.BUILD_ID,r)}createRequestLoggers(e,t,r,o,s,a){bo("Gateway.createRequestLoggers");let u=new Mn(r,o,s,a),c=new Kt(e,t,this.systemCoreLogger,u);return{userRequestLogger:new Kt(e,t,this.userCoreLogger,u),systemRequestLogger:c}}};var yt=class{static{i(this,"LookupResult")}constructor(e,t,r){this.routeConfiguration=e,this.params=r??{},this.executableHandler=t}executableHandler;routeConfiguration;params},jn=class extends Error{static{i(this,"RouterError")}constructor(e,t){super(e,t)}};var wo=class{static{i(this,"UrlPatternRouterEntry")}constructor(e,t,r){this.fullPath=e,this.config=t,this.executableHandler=r,this.urlPattern=new URLPattern({pathname:this.fullPath})}urlPattern;fullPath;config;executableHandler},zn=class{static{i(this,"UrlPatternRouter")}routeEntries=[];addRoute(e,t){if(!(e instanceof We||e instanceof de))throw new K("Config must be a UserRouteConfiguration or SystemRouteConfiguration");let r;"pathPattern"in e&&e.pathPattern?r=e.pathPattern:r=e.path;try{let o=new wo(r,e,t);Object.freeze(o.config),this.routeEntries.push(o)}catch(o){throw new jn(`addRoute-error: Invalid path '${r}'. '${o.message}'`,{cause:o})}}lookup(e,t){if(typeof t>"u")throw new g(`Invalid request - Method was undefined. Path: '${e}'`);for(let r=0;r<this.routeEntries.length;r++){let o=this.routeEntries[r];if(o.config.methods.includes(t)){let s=o.urlPattern.exec({pathname:e});if(s!==null)return new yt(o.config,o.executableHandler,s.pathname.groups)}}}lookupByPathOnly(e){let t=[];for(let r=0;r<this.routeEntries.length;r++){let o=this.routeEntries[r],s=o.urlPattern.exec({pathname:e});if(s!==null){let a=new yt(o.config,o.executableHandler,s.pathname.groups);t.push(a)}}return t}};import{AsyncLocalStorage as Yc}from"node:async_hooks";var Bn={context:new Yc};var Ro;function da(n){Ro=n}i(da,"setGlobalZuploEventContext");function Ke(){if(Ro===void 0)throw new Error("global ZuploEventContext has not been defined - invalid runtime state");return Ro}i(Ke,"getGlobalZuploEventContext");function pa({headers:n,removeAllVendorHeadersExceptListed:e}){let t=new Headers(n);if(e){for(let[r]of n){let o=r.substring(0,3);Es.includes(o.toLowerCase())&&!xs.includes(r.toLowerCase())&&t.delete(r)}t.delete(fs)}else Is.forEach(r=>{t.delete(r)});return t}i(pa,"normalizeIncomingRequestHeaders");var Qe=be("zuplo:runtime"),he=class n{constructor(e,t,r,o){this.routeData=e;this.runtimeSettings=t;this.schemaValidator=o;Qe("Gateway.constructor"),this.#n=this.setupRoutes(),this.#t=r}static{i(this,"Gateway")}static#e;static async initialize(e,t,r,o){if(Qe("Gateway.initialize"),!n.#e){let s=await Fn.init(r),a=await e(),u={...a,corsPolicies:Hs(a.corsPolicies)},c=new n(u,t,s,o);n.#e=c}if(!n.#e)throw new K("Invalid state - Gateway not initialized after trace call. The trace provider is likely not functioning correctly.");return n.#e}static purgeGatewayCache(){Qe("Gateway.purgeGatewayCache"),n.#e=void 0}static get instance(){if(!n.#e)throw new K("Gateway cannot be used before it is initialized");return n.#e}#t;#n;#r=[Nn,Ln,Re];setupRoutes=i(()=>{Qe("Gateway.setupRoutes");let e=this.routeData,t=new zn;if(e.routes.length===0)return Br(t,this),Xr(t,this),Yr(t,this),Zs(t,this),t;let{enabled:r,version:o}=this.runtimeSettings.developerPortal;r&&o==="legacy"&&(ta(t,this),ea(t,this)),Br(t,this),Xr(t,this),Yr(t,this);for(let s of Ue)s instanceof me&&s.registerRoutes(t,this);return e.routes.forEach(s=>{let a;if(typeof s.handler?.module=="object"&&(a=s.handler?.module[s.handler.export]),typeof a!="function")throw new g(`Invalid state - No handler on route for path '${s.path}'`);let u=new ge({processors:this.#r,handler:a,gateway:this}),c=new We(s);t.addRoute(c,u.execute)}),Fs(t,this),t},"setupRoutes");errorHandler(e,t,r,o){Qe("Gateway.internalErrorResponse"),t.log.error(r,o);let s={};if(y.instance.isLocalDevelopment||y.instance.isWorkingCopy)if(o instanceof k&&o.extensionMembers)s=o.extensionMembers;else if(o.cause){let a=st(o.cause);"stack"in a&&(a.stack=uo(a.stack)),s={cause:a}}else{let a=st(o);"stack"in a&&(a.stack=uo(a.stack)),s={cause:a}}return x.internalServerError(e,t,{detail:o.message,...s})}async handleRequest(e,t){let r=e.headers.get(mt)??e.headers.get(gs)??crypto.randomUUID(),o=e.headers.get(nt);da(t);let s=pa({headers:e.headers,removeAllVendorHeadersExceptListed:y.instance.build.COMPATIBILITY_FLAGS.removeAllVendorHeadersExceptListed});s.set(mt,r);let a=new Request(e,{headers:s});if(["GET","HEAD"].includes(a.method)&&a.body){let S=new Headers(a.headers);S.set(Sr,"true"),a=new Request(a,{headers:S,body:null})}a=await Ls(a);let u=new URL(a.url),c=u.pathname,l=this.#n.lookup(c,a.method);if(!l)throw new K(`Invalid state - no route match - should have been picked up by the not found handler, path: '${c}'`);let d={},{userRequestLogger:p,systemRequestLogger:m}=this.#t.createRequestLoggers(r,o,t,d,a,l.routeConfiguration),h=new Gn(e.headers),I=new Y(a,{params:l.params}),b=new Vn({logger:p,route:l.routeConfiguration,requestId:r,event:t,custom:d,incomingRequestProperties:h}),C=Bn.context.getStore();C&&(C.context=b);let L=l.routeConfiguration.raw();Xc.getActiveSpan()?.setAttributes({"http.route":b.route.path??b.route.pathPattern,"cloud.region":b.incomingRequestProperties.colo,[He.RoutePathPattern]:b.route.pathPattern,[He.RouteOperationId]:L.operationId,[He.RouteTrace]:L["x-zuplo-trace"],[He.RouteSystem]:gt(u)?!0:void 0}),Ee.initialize(b,I);try{if(Q.addLogger(b,m),y.instance.build.COMPATIBILITY_FLAGS.doNotRunHooksOnSystemRoutes?!gt(u):!u.pathname.startsWith("/__zuplo")){let q=await As(I,b);if(q instanceof Response)return q;{let A=Ee.getContextExtensions(b);I=q,A.latestRequest=I}}gt(u)||p.debug(`Request received '${u.pathname}'`,{method:a.method,url:u.pathname,hostname:u.hostname,route:l.routeConfiguration.path});let S=l.executableHandler;el(S,l,a),Qe("Gateway.handleRequest - call user handler");let H=await S(I,b);if(Qe("Gateway.handleRequest - user handler"),!(H instanceof Response))throw new k(`Invalid Response type from the request handler: ${typeof H}`);if(H.bodyUsed)throw new k("The response object has already been used. Return a new response instead.");let Z;if(H.headers.get(mt)===null&&!H.webSocket){let q=new Headers(H.headers);q.set(mt,r),Z=new Response(H.body,{status:H.status,statusText:H.statusText,headers:q,cf:H.cf})}else Z=H;return Z}catch(S){return S instanceof k?(p.error(S),m.warn(S)):m.error(S),await this.errorHandler(I,b,"Error executing handler",S)}}};function el(n,e,t){if(Qe("Gateway.checkHandler"),!n)throw typeof e.routeConfiguration>"u"?new g(`Invalid state - no routeConfiguration for '${t.method}:${t.url}`):new g(`Invalid state. No handler for request '${t.method}':'${e.routeConfiguration.path}'`)}i(el,"checkHandler");var fa=i(async(n,e,t)=>{let r=he.instance.routeData.policies,o=Vt([n],r);if(o.length===0)throw new k(`Invalid 'invokeInboundPolicy call' - no policy '${n}' found.`);let s=o[0];return await ga.getTracer("pipeline").startActiveSpan(`policy:${s.policyName}`,async c=>{try{let l=await s.handler(e,t);if(l instanceof Request||l instanceof Y||l instanceof Response)return l instanceof Response||l instanceof Y?l:new Y(l);{let d=new g(`Invalid state - invalid handler on policy '${s.policyName}' invoked via 'invokeInboundPolicy' on route '${t.route.path}'. The result of an inbound policy must be a Response or Request.`);throw c.setStatus({code:ma.ERROR}),c.recordException(d),d}}finally{c.end()}})},"invokeInboundPolicy"),ha=i(async(n,e,t,r)=>{let o=he.instance.routeData.policies,s=Wt([n],o);if(s.length===0)throw new k(`Invalid 'invokeOutboundPolicy call' - no policy '${n}' found.`);let a=s[0];return await ga.getTracer("pipeline").startActiveSpan(`policy:${a.policyName}`,async l=>{try{let d=await a.handler(e,t,r);if(d instanceof Response)return d;{let p=new g(`Invalid state - invalid handler on policy '${a.policyName}' invoked via 'invokeOutboundPolicy' on route '${r.route.path}. The result of an outbound policy must be a Response.`);throw l.setStatus({code:ma.ERROR}),l.recordException(p),p}}finally{l.end()}})},"invokeOutboundPolicy");function tl(n){let e={};if(!n)return e;try{let t=n.split(","),r={};return t.forEach(o=>{let[s,a]=o.split("=");s&&a&&(r[s.trim()]=a.trim())}),r.asnum&&(e[Dt]=r.asnum),r.zip&&(e[Mt]=r.zip.split("+")[0]),r.dma&&(e[qt]=r.dma),r.region_code&&(e[Ut]=r.region_code),r.timezone&&(e[$t]=r.timezone),r.city&&(e[yn]=r.city),r.continent&&(e[bn]=r.continent),r.country_code&&(e[wn]=r.country_code),r.long&&(e[Rn]=r.long),r.lat&&(e[Pn]=r.lat),e}catch{return{}}}i(tl,"parseEdgeScapeHeader");function ya(n,e){let t=tl(e);for(let[r,o]of Object.entries(t))n.has(r)||n.set(r,o)}i(ya,"setZpHeadersFromAkamaiEdgeScapeHeader");var Gn=class{static{i(this,"HeaderIncomingRequestProperties")}#e;constructor(e){this.#e=e;let t=e.get(qr);if(t){let r=new Headers(e);ya(r,t),this.#e=r}}get asn(){try{let e=this.#e.get(Dt);if(typeof e=="string")return parseInt(e)}catch{}}get asOrganization(){return this.#e.get(Nr)??void 0}get city(){return this.#e.get(Ar)??this.#e.get(yn)??void 0}get continent(){return this.#e.get(Or)??this.#e.get(bn)??void 0}get country(){return this.#e.get(kr)??this.#e.get(wn)??void 0}get latitude(){return this.#e.get(_r)??this.#e.get(Pn)??void 0}get longitude(){return this.#e.get(Lr)??this.#e.get(Rn)??void 0}get colo(){return this.#e.get(Dr)??void 0}get postalCode(){return this.#e.get(ws)??this.#e.get(Mt)??void 0}get metroCode(){return this.#e.get(bs)??this.#e.get(qt)??void 0}get region(){return this.#e.get(hs)??this.#e.get(Mr)??void 0}get regionCode(){return this.#e.get(ys)??this.#e.get(Ut)??void 0}get timezone(){return this.#e.get(Rs)??this.#e.get($t)??void 0}toJSON(){return{asn:this.asn,asOrganization:this.asOrganization,city:this.city,continent:this.continent,country:this.country,latitude:this.latitude,longitude:this.longitude,colo:this.colo,postalCode:this.postalCode,metroCode:this.metroCode,region:this.region,regionCode:this.regionCode,timezone:this.timezone}}},zt=class extends Event{static{i(this,"ResponseSendingEvent")}constructor(e,t){super("responseSending"),this.request=e,this.mutableResponse=t}request;mutableResponse},Bt=class extends Event{static{i(this,"ResponseSentEvent")}constructor(e,t){super("responseSent"),this.request=e,this.response=t}request;response},Ee=class n{static{i(this,"ZuploContextExtensions")}static#e=new WeakMap;static initialize(e,t){if(!n.#e.has(e)){let r=new n(t);return n.#e.set(e,r),r}throw new Error(`ZuploContextExtensions already initialized for context with requestId '${e.requestId}'`)}static getContextExtensions(e){let t=n.#e.get(e);if(!t)throw new k(`Invalid state, could not get ZuploContext extensions for context with requestId '${e.requestId}'`);return t}latestRequest;#t;#n;constructor(e){this.latestRequest=e,this.#t=[],this.#n=[]}addResponseSendingHook(e){this.#n.push(e)}addResponseSendingFinalHook(e){this.#t.push(e)}onResponseSendingFinal=i(async(e,t,r)=>{for(let o of this.#t)await o(e,t,r)},"onResponseSendingFinal");onResponseSending=i(async(e,t,r)=>{let o=e;for(let s of this.#n)o=await s(e,t,r);return o},"onResponseSending")},Vn=class extends EventTarget{static{i(this,"SystemZuploContext")}constructor({logger:e,route:t,requestId:r,event:o,custom:s,incomingRequestProperties:a}){super(),this.log=Object.freeze(e),this.route=t,this.requestId=r,this.custom=s,this.incomingRequestProperties=a,this.#e=o,this.invokeInboundPolicy=(u,c)=>fa(u,c,this),this.invokeOutboundPolicy=(u,c,l)=>ha(u,c,l,this),this.waitUntil=u=>{this.#e.waitUntil(u)},this.addResponseSendingHook=u=>{Ee.getContextExtensions(this).addResponseSendingHook(u)},this.addResponseSendingFinalHook=u=>{Ee.getContextExtensions(this).addResponseSendingFinalHook(u)},Object.freeze(this)}#e;requestId;log;route;custom;incomingRequestProperties;invokeInboundPolicy;invokeOutboundPolicy;waitUntil;addResponseSendingHook;addResponseSendingFinalHook;addEventListener(e,t,r){let o=i(s=>{try{typeof t=="function"?t(s):t.handleEvent(s)}catch(a){throw this.log.error(`Error invoking event ${e}. See following logs for details.`),a}},"wrapped");super.addEventListener(e,o,r)}};var nl="Error initializing gateway. Check your configuration for errors or contact support.",rl="Error initializing gateway. Check your 'zuplo.runtime.ts' for errors or contact support.",Po=class{constructor(e,t,r,o,s,a){this.routeLoader=e;this.buildEnvironment=t;this.runtimeSettings=r;this.serviceProvider=o;this.schemaValidations=s;this.runtimeInit=a}static{i(this,"Handler")}requestHandler=i(async(e,t,r)=>{y.initialize({build:this.buildEnvironment,runtime:t});try{await _s(this.runtimeInit)}catch(s){this.handleError(s,rl,e)}return Cs(i(async(s,a)=>{let u;try{u=await he.initialize(this.routeLoader,this.runtimeSettings,this.serviceProvider,this.schemaValidations)}catch(l){return this.handleError(l,nl,s)}let c={context:void 0};return Bn.context.run(c,async()=>u.handleRequest(s,a))},"innerHandler"))(e,r)},"requestHandler");handleError(e,t,r){console.error("Error initializing gateway.",e),e instanceof g&&(t=e.message);let o={status:500,title:"Gateway Initialization Error",type:"https://httpproblems.com/http-status/500",detail:t,instance:r.url,trace:{timestamp:Date.now(),rayId:r.headers.get("cf-ray")??void 0,buildId:this.buildEnvironment.BUILD_ID},message:y.instance.isWorkingCopy?e.message:void 0};return new Response(JSON.stringify(o,null,2),{status:500,headers:{"content-type":"application/json"}})}};function ol(n){for(var e=[],t=0;t<n.length;){var r=n[t];if(r==="*"||r==="+"||r==="?"){e.push({type:"MODIFIER",index:t,value:n[t++]});continue}if(r==="\\"){e.push({type:"ESCAPED_CHAR",index:t++,value:n[t++]});continue}if(r==="{"){e.push({type:"OPEN",index:t,value:n[t++]});continue}if(r==="}"){e.push({type:"CLOSE",index:t,value:n[t++]});continue}if(r===":"){for(var o="",s=t+1;s<n.length;){var a=n.charCodeAt(s);if(a>=48&&a<=57||a>=65&&a<=90||a>=97&&a<=122||a===95){o+=n[s++];continue}break}if(!o)throw new TypeError("Missing parameter name at ".concat(t));e.push({type:"NAME",index:t,value:o}),t=s;continue}if(r==="("){var u=1,c="",s=t+1;if(n[s]==="?")throw new TypeError('Pattern cannot start with "?" at '.concat(s));for(;s<n.length;){if(n[s]==="\\"){c+=n[s++]+n[s++];continue}if(n[s]===")"){if(u--,u===0){s++;break}}else if(n[s]==="("&&(u++,n[s+1]!=="?"))throw new TypeError("Capturing groups are not allowed at ".concat(s));c+=n[s++]}if(u)throw new TypeError("Unbalanced pattern at ".concat(t));if(!c)throw new TypeError("Missing pattern at ".concat(t));e.push({type:"PATTERN",index:t,value:c}),t=s;continue}e.push({type:"CHAR",index:t,value:n[t++]})}return e.push({type:"END",index:t,value:""}),e}i(ol,"lexer");function Eo(n,e){e===void 0&&(e={});for(var t=ol(n),r=e.prefixes,o=r===void 0?"./":r,s=e.delimiter,a=s===void 0?"/#?":s,u=[],c=0,l=0,d="",p=i(function(F){if(l<t.length&&t[l].type===F)return t[l++].value},"tryConsume"),m=i(function(F){var T=p(F);if(T!==void 0)return T;var E=t[l],M=E.type,ce=E.index;throw new TypeError("Unexpected ".concat(M," at ").concat(ce,", expected ").concat(F))},"mustConsume"),h=i(function(){for(var F="",T;T=p("CHAR")||p("ESCAPED_CHAR");)F+=T;return F},"consumeText"),I=i(function(F){for(var T=0,E=a;T<E.length;T++){var M=E[T];if(F.indexOf(M)>-1)return!0}return!1},"isSafe"),b=i(function(F){var T=u[u.length-1],E=F||(T&&typeof T=="string"?T:"");if(T&&!E)throw new TypeError('Must have text between two parameters, missing text after "'.concat(T.name,'"'));return!E||I(E)?"[^".concat(Io(a),"]+?"):"(?:(?!".concat(Io(E),")[^").concat(Io(a),"])+?")},"safePattern");l<t.length;){var C=p("CHAR"),L=p("NAME"),S=p("PATTERN");if(L||S){var H=C||"";o.indexOf(H)===-1&&(d+=H,H=""),d&&(u.push(d),d=""),u.push({name:L||c++,prefix:H,suffix:"",pattern:S||b(H),modifier:p("MODIFIER")||""});continue}var Z=C||p("ESCAPED_CHAR");if(Z){d+=Z;continue}d&&(u.push(d),d="");var q=p("OPEN");if(q){var H=h(),A=p("NAME")||"",$=p("PATTERN")||"",V=h();m("CLOSE"),u.push({name:A||($?c++:""),pattern:A&&!$?b(H):$,prefix:H,suffix:V,modifier:p("MODIFIER")||""});continue}m("END")}return u}i(Eo,"parse");function ba(n,e){return il(Eo(n,e),e)}i(ba,"compile");function il(n,e){e===void 0&&(e={});var t=sl(e),r=e.encode,o=r===void 0?function(c){return c}:r,s=e.validate,a=s===void 0?!0:s,u=n.map(function(c){if(typeof c=="object")return new RegExp("^(?:".concat(c.pattern,")$"),t)});return function(c){for(var l="",d=0;d<n.length;d++){var p=n[d];if(typeof p=="string"){l+=p;continue}var m=c?c[p.name]:void 0,h=p.modifier==="?"||p.modifier==="*",I=p.modifier==="*"||p.modifier==="+";if(Array.isArray(m)){if(!I)throw new TypeError('Expected "'.concat(p.name,'" to not repeat, but got an array'));if(m.length===0){if(h)continue;throw new TypeError('Expected "'.concat(p.name,'" to not be empty'))}for(var b=0;b<m.length;b++){var C=o(m[b],p);if(a&&!u[d].test(C))throw new TypeError('Expected all "'.concat(p.name,'" to match "').concat(p.pattern,'", but got "').concat(C,'"'));l+=p.prefix+C+p.suffix}continue}if(typeof m=="string"||typeof m=="number"){var C=o(String(m),p);if(a&&!u[d].test(C))throw new TypeError('Expected "'.concat(p.name,'" to match "').concat(p.pattern,'", but got "').concat(C,'"'));l+=p.prefix+C+p.suffix;continue}if(!h){var L=I?"an array":"a string";throw new TypeError('Expected "'.concat(p.name,'" to be ').concat(L))}}return l}}i(il,"tokensToFunction");function Io(n){return n.replace(/([.+*?=^!:${}()[\]|/\\])/g,"\\$1")}i(Io,"escapeString");function sl(n){return n&&n.sensitive?"":"i"}i(sl,"flags");var al=be("zuplo:runtime"),To=new TextEncoder,wa={appstream2:"appstream",cloudhsmv2:"cloudhsm",email:"ses",marketplace:"aws-marketplace",mobile:"AWSMobileHubService",pinpoint:"mobiletargeting",queue:"sqs","git-codecommit":"codecommit","mturk-requester-sandbox":"mturk-requester","personalize-runtime":"personalize"},ul=["authorization","content-type","content-length","user-agent","presigned-expires","expect","x-amzn-trace-id","range","connection"],bt=class{static{i(this,"AwsClient")}accessKeyId;secretAccessKey;sessionToken;service;region;cache;retries;initRetryMs;constructor({accessKeyId:e,secretAccessKey:t,sessionToken:r,service:o,region:s,cache:a,retries:u,initRetryMs:c}){if(e==null)throw new TypeError("accessKeyId is a required option");if(t==null)throw new TypeError("secretAccessKey is a required option");this.accessKeyId=e,this.secretAccessKey=t,this.sessionToken=r,this.service=o,this.region=s,this.cache=a||new Map,this.retries=u??0,this.initRetryMs=c||50}async sign(e,t){let r=new vo(Object.assign({url:e},t,this,t&&t.aws)),o=Object.assign({},t,await r.sign());return delete o.aws,{url:o.url.toString(),request:o}}async fetch(e,t){al("AWS fetch",e);for(let r=0;r<=this.retries;r++){let{url:o,request:s}=await this.sign(e,t),a=z.fetch(o,s);if(r===this.retries)return a;let u=await a;if(u.status<500&&u.status!==429)return u;await new Promise(c=>setTimeout(c,Math.random()*this.initRetryMs*Math.pow(2,r)))}throw new g("An unknown error occurred, ensure retries is not negative")}},vo=class{static{i(this,"AwsV4Signer")}method;url;headers;body;accessKeyId;secretAccessKey;sessionToken;service;region;cache;datetime;signQuery;appendSessionToken;signableHeaders;signedHeaders;canonicalHeaders;credentialString;encodedPath;encodedSearch;constructor({method:e,url:t,headers:r,body:o,accessKeyId:s,secretAccessKey:a,sessionToken:u,service:c,region:l,cache:d,datetime:p,signQuery:m,appendSessionToken:h,allHeaders:I,singleEncode:b}){if(t==null)throw new TypeError("url is a required option");if(s==null)throw new TypeError("accessKeyId is a required option");if(a==null)throw new TypeError("secretAccessKey is a required option");this.method=e||(o?"POST":"GET"),this.url=new URL(t),this.headers=new Headers(r||{}),this.body=o,this.accessKeyId=s,this.secretAccessKey=a,this.sessionToken=u;let C,L;(!c||!l)&&([C,L]=cl(this.url,this.headers)),this.service=c||C||"",this.region=l||L||"us-east-1",this.cache=d||new Map,this.datetime=p||new Date().toISOString().replace(/[:-]|\.\d{3}/g,""),this.signQuery=m,this.appendSessionToken=h||this.service==="iotdevicegateway",this.headers.delete("Host");let S=this.signQuery?this.url.searchParams:this.headers;if(this.service==="s3"&&!this.headers.has("X-Amz-Content-Sha256")&&this.headers.set("X-Amz-Content-Sha256","UNSIGNED-PAYLOAD"),S.set("X-Amz-Date",this.datetime),this.sessionToken&&!this.appendSessionToken&&S.set("X-Amz-Security-Token",this.sessionToken),this.signableHeaders=["host",...this.headers.keys()].filter(Z=>I||!ul.includes(Z)).sort(),this.signedHeaders=this.signableHeaders.join(";"),this.canonicalHeaders=this.signableHeaders.map(Z=>Z+":"+(Z==="host"?this.url.host:(this.headers.get(Z)||"").replace(/\s+/g," "))).join(`
+`),this.credentialString=[this.datetime.slice(0,8),this.region,this.service,"aws4_request"].join("/"),this.signQuery&&(this.service==="s3"&&!S.has("X-Amz-Expires")&&S.set("X-Amz-Expires","86400"),S.set("X-Amz-Algorithm","AWS4-HMAC-SHA256"),S.set("X-Amz-Credential",this.accessKeyId+"/"+this.credentialString),S.set("X-Amz-SignedHeaders",this.signedHeaders)),this.service==="s3")try{this.encodedPath=decodeURIComponent(this.url.pathname.replace(/\+/g," "))}catch{this.encodedPath=this.url.pathname}else this.encodedPath=this.url.pathname.replace(/\/+/g,"/");b||(this.encodedPath=encodeURIComponent(this.encodedPath).replace(/%2F/g,"/")),this.encodedPath=Pa(this.encodedPath);let H=new Set;this.encodedSearch=[...this.url.searchParams].filter(([Z])=>{if(!Z)return!1;if(this.service==="s3"){if(H.has(Z))return!1;H.add(Z)}return!0}).map(Z=>Z.map(q=>Pa(encodeURIComponent(q)))).sort(([Z,q],[A,$])=>Z<A?-1:Z>A?1:q<$?-1:q>$?1:0).map(Z=>Z.join("=")).join("&")}async sign(){return this.signQuery?(this.url.searchParams.set("X-Amz-Signature",await this.signature()),this.sessionToken&&this.appendSessionToken&&this.url.searchParams.set("X-Amz-Security-Token",this.sessionToken)):this.headers.set("Authorization",await this.authHeader()),{method:this.method,url:this.url,headers:this.headers,body:this.body}}async authHeader(){return["AWS4-HMAC-SHA256 Credential="+this.accessKeyId+"/"+this.credentialString,"SignedHeaders="+this.signedHeaders,"Signature="+await this.signature()].join(", ")}async signature(){let e=this.datetime.slice(0,8),t=[this.secretAccessKey,e,this.region,this.service].join(),r=this.cache.get(t);if(!r){let o=await nn("AWS4"+this.secretAccessKey,e),s=await nn(o,this.region),a=await nn(s,this.service);r=await nn(a,"aws4_request"),this.cache.set(t,r)}return xo(await nn(r,await this.stringToSign()))}async stringToSign(){return["AWS4-HMAC-SHA256",this.datetime,this.credentialString,xo(await Ra(await this.canonicalString()))].join(`
 `)}async canonicalString(){return[this.method.toUpperCase(),this.encodedPath,this.encodedSearch,this.canonicalHeaders+`
 `,this.signedHeaders,await this.hexBodyHash()].join(`
-`)}async hexBodyHash(){let e=this.headers.get("X-Amz-Content-Sha256");if(e==null){if(this.body&&typeof this.body!="string"&&!("byteLength"in this.body))throw new k("body must be a string, ArrayBuffer or ArrayBufferView, unless you include the X-Amz-Content-Sha256 header");e=xo(await ba(this.body||""))}return e}};async function nn(n,e){let t=await crypto.subtle.importKey("raw",typeof n=="string"?To.encode(n):n,{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]);return crypto.subtle.sign("HMAC",t,To.encode(e))}i(nn,"hmac");async function ba(n){return crypto.subtle.digest("SHA-256",typeof n=="string"?To.encode(n):n)}i(ba,"hash");function xo(n){return Array.prototype.map.call(new Uint8Array(n),e=>("0"+e.toString(16)).slice(-2)).join("")}i(xo,"buf2hex");function wa(n){return n.replace(/[!'()*]/g,e=>"%"+e.charCodeAt(0).toString(16).toUpperCase())}i(wa,"encodeRfc3986");function al(n,e){let{hostname:t,pathname:r}=n,o=t.replace("dualstack.","").match(/([^.]+)\.(?:([^.]*)\.)?amazonaws\.com(?:\.cn)?$/),[s,a]=(o||["",""]).slice(1,3);if(a==="us-gov")a="us-gov-west-1";else if(a==="s3"||a==="s3-accelerate")a="us-east-1",s="s3";else if(s==="iot")t.startsWith("iot.")?s="execute-api":t.startsWith("data.jobs.iot.")?s="iot-jobs-data":s=r==="/mqtt"?"iotdevicegateway":"iotdata";else if(s==="autoscaling"){let u=(e.get("X-Amz-Target")||"").split(".")[0];u==="AnyScaleFrontendService"?s="application-autoscaling":u==="AnyScaleScalingPlannerFrontendService"&&(s="autoscaling-plans")}else a==null&&s.startsWith("s3-")?(a=s.slice(3).replace(/^fips-|^external-1/,""),s="s3"):s.endsWith("-fips")?s=s.slice(0,-5):a&&/-\d$/.test(s)&&!/-\d$/.test(a)&&([s,a]=[a,s]);return s in ya?[ya[s],a]:[s,a]}i(al,"guessServiceRegion");function ul(n){return n>64&&n<91?n-65:n>96&&n<123?n-71:n>47&&n<58?n+4:n===43?62:n===47?63:0}i(ul,"b64ToUint6");function Ra(n,e){let t=n.replace(/[^A-Za-z0-9+/]/g,""),r=t.length,o=e?Math.ceil((r*3+1>>2)/e)*e:r*3+1>>2,s=new Uint8Array(o),a,u,c=0,l=0;for(let d=0;d<r;d++)if(u=d&3,c|=ul(t.charCodeAt(d))<<6*(3-u),u===3||r-d===1){for(a=0;a<3&&l<o;)s[l]=c>>>(16>>>a&24)&255,a++,l++;c=0}return s}i(Ra,"base64Decode");function Wn(n){return n<26?n+65:n<52?n+71:n<62?n-4:n===62?43:n===63?47:65}i(Wn,"uint6ToB64");function Pa(n){let e=2,t="",r=n.length,o=0;for(let s=0;s<r;s++)e=s%3,o|=n[s]<<(16>>>e&24),(e===2||n.length-s===1)&&(t+=String.fromCodePoint(Wn(o>>>18&63),Wn(o>>>12&63),Wn(o>>>6&63),Wn(o&63)),o=0);return t.substring(0,t.length-2+e)+(e===2?"":e===1?"=":"==")}i(Pa,"base64Encode");function wt(n){let e=n.toString();return`${e.length===1?"0":""}${e}`}i(wt,"numberToString");function cl(n){let e=n.getTimezoneOffset(),t=Math.abs(e),r=e>0?"-":"+",o=wt(Math.floor(t/60)),s=wt(t%60);return`${r}${o}${s}`}i(cl,"getCLFOffset");function vo(n=new Date){if(!(n instanceof Date))throw new Error("clf-date: invalid parameter");let e=["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],t=wt(n.getDate()),r=e[n.getMonth()],o=n.getFullYear(),s=wt(n.getHours()),a=wt(n.getMinutes()),u=wt(n.getSeconds()),c=cl(n);return`${t}/${r}/${o}:${s}:${a}:${u} ${c}`}i(vo,"toCLFDate");var Ia=be("zuplo:runtime"),ll="X-Amzn-Trace-Id",dl="x-amzn-errortype",Ea=[],pl=i(async(n,e,t)=>{let r=t;for await(let o of Ea)r=await o(n,e,t);return r},"onSendingAwsLambdaEvent"),Ce=class extends k{static{i(this,"AwsLambdaError")}traceId;errorType;constructor(e,t){super(`Failed to invoke AWS Lambda function. ${e}`),this.traceId=t.get(ll)??void 0,this.errorType=t.get(dl)??void 0}},ml={addSendingAwsLambdaEventHook:i(n=>{Ea.push(n)},"addSendingAwsLambdaEventHook")};async function gl(n,e){f("handler.aws-lambda");let{accessKeyId:t,secretAccessKey:r,region:o,functionName:s,useLambdaProxyIntegration:a=!0,useAwsResourcePathStyle:u=!1,binaryMediaTypes:c}=e.route.handler.options;if(!t)throw new g("awsAccessKeyId is not set in the handler options");if(!r)throw new g("secretAccessKey is not set in the handler options");if(!o)throw new g("region is not set in the handler options");if(!s)throw new g("functionName is not set in the handler options");let l=new bt({accessKeyId:t,secretAccessKey:r}),d=`https://lambda.${o}.amazonaws.com/2015-03-31/functions/${s}/invocations`;if(Ia(`AWS Lambda URL: ${d}`),!a)return l.fetch(d,{body:await n.arrayBuffer()});let[p,m]=await bl(n,{binaryMediaTypes:c}),{options:h}=e.route.handler,I;h&&typeof h=="object"&&"payloadFormatVersion"in h&&h.payloadFormatVersion==="2.0"?I=yl(n,e):I=await hl(n,e,{useAwsResourcePathStyle:u}),Ia("Calling onSendingAwsLambdaEvent hook");let b=await pl(n,e,I);b.body=p,b.isBase64Encoded=m;let v=await l.fetch(d,{body:JSON.stringify(b)});try{return fl(v)}catch(L){if(L instanceof Ce){let S=h&&typeof h=="object"&&"returnAmazonTraceIdHeader"in h&&h.returnAmazonTraceIdHeader&&L.traceId?{AMZN_TRACE_ID_HEADER:L.traceId}:void 0;return x.internalServerError(n,e,void 0,S)}throw L}}i(gl,"awsLambdaHandler");async function fl(n){let e;try{e=await n.json()}catch{throw new Ce("Lambda response did not contain valid JSON",n.headers)}if(n.status!==200)throw e&&typeof e=="object"&&"message"in e&&typeof e.message=="string"?new Ce(e.message,n.headers):new Ce(`Status: ${n.statusText}`,n.headers);if(e&&typeof e=="object"&&"errorMessage"in e&&typeof e.errorMessage=="string")throw new Ce(e.errorMessage,n.headers);if(!e||typeof e!="object"||!("statusCode"in e)||typeof e.statusCode!="number")return new Response(JSON.stringify(e),{status:n.status,headers:{"content-type":"application/json"}});let t=new Headers;if("headers"in e&&e.headers){if(typeof e.headers!="object")throw new Ce(`Response headers must be an object. Received ${typeof e.headers}`,n.headers);for(let[o,s]of Object.entries(e.headers))t.set(o,s)}if("cookies"in e&&e.cookies){if(!Array.isArray(e.cookies))throw new Ce(`Response cookies must be an array. Received ${typeof e.cookies}`,n.headers);t.set("cookie",e.cookies.join(";"))}let r;if("isBase64Encoded"in e&&typeof e.isBase64Encoded!="boolean")throw new Ce(`Response property isBase64Encoded must be a boolean. Received ${typeof e.isBase64Encoded}`,n.headers);if("isBase64Encoded"in e&&e.isBase64Encoded===!0){if(!("body"in e))throw new Ce("Response was set to base64 encoded but no body was set",n.headers);if(typeof e.body!="string")throw new Ce("Response was set to base64 encoded but body was not a string",n.headers);r=Ra(e.body)}else"body"in e&&typeof e.body=="string"?r=e.statusCode===204&&e.body===""?null:e.body:"body"in e&&e.body!==null&&e.body!==void 0?r=JSON.stringify(e.body):r=null;if(r!==null&&"bodyEncoding"in e){if(typeof e.bodyEncoding!="string"||!(e.bodyEncoding==="gzip"||e.bodyEncoding==="deflate"))throw new Ce(`Response property bodyEncoding can only be set to 'gzip' or 'deflate'. Received ${e.bodyEncoding}`,n.headers);let o=new Blob([r]).stream().pipeThrough(new DecompressionStream(e.bodyEncoding));r=await new Response(o).arrayBuffer()}return new Response(r,{headers:t,status:e.statusCode})}i(fl,"getResponse");async function hl(n,e,{useAwsResourcePathStyle:t}){let r={},o={};n.headers.forEach((l,d)=>{r[d]=l,o[d]=[l]});let s=n.query,a={};for(let[l,d]of Object.entries(s))a[l]=[d];let u=new URL(n.url);return{version:"1.0",resource:u.pathname,path:u.pathname,httpMethod:n.method,headers:r,multiValueHeaders:o,queryStringParameters:s,multiValueQueryStringParameters:a,requestContext:{accountId:null,apiId:null,authorizer:{claims:{},scopes:[]},domainName:u.hostname,domainPrefix:null,extendedRequestId:e.requestId,httpMethod:n.method,identity:{accessKey:null,accountId:null,caller:null,cognitoAuthenticationProvider:null,cognitoAuthenticationType:null,cognitoIdentityId:null,cognitoIdentityPoolId:null,principalOrgId:null,sourceIp:n.headers.get("CF-Connecting-IP"),user:null,userAgent:n.headers.get("user-agent"),userArn:null,clientCert:{clientCertPem:null,subjectDN:null,issuerDN:null,serialNumber:null,validity:{notBefore:null,notAfter:null}}},path:u.pathname,protocol:"HTTP/1.1",requestId:e.requestId,requestTime:vo(),requestTimeEpoch:new Date().valueOf(),resourceId:e.route.operationId??null,resourcePath:Rl(e.route.path,t),stage:null},pathParameters:n.params,stageVariables:null}}i(hl,"buildEventVersion1");function yl(n,e){let t={};n.headers.forEach((s,a)=>{t[a]=s});let r=new URL(n.url);return{version:"2.0",routeKey:null,rawPath:r.pathname,rawQueryString:r.search,cookies:[],headers:t,queryStringParameters:n.query,requestContext:{accountId:null,apiId:null,authentication:{clientCert:{clientCertPem:null,subjectDN:null,issuerDN:null,serialNumber:null,validity:{notBefore:null,notAfter:null}}},authorizer:{jwt:{claims:{},scopes:[]}},domainName:r.hostname,domainPrefix:null,http:{method:n.method,path:r.pathname,protocol:"HTTP/1.1",sourceIp:n.headers.get("CF-Connecting-IP"),userAgent:n.headers.get("user-agent")},requestId:e.requestId,routeKey:null,stage:null,time:vo(),timeEpoch:new Date().valueOf()},pathParameters:n.params,stageVariables:null}}i(yl,"buildEventVersion2");async function bl(n,{binaryMediaTypes:e}){let t,r=!1,o=n.headers.get("content-type");if(n.method==="GET"||n.method==="HEAD")t=null;else if(e&&o&&wl(e,o)){let s=await n.arrayBuffer();t=Pa(new Uint8Array(s)),r=!0}else t=await n.clone().text();return[t,r]}i(bl,"getBodyResult");function wl(n,e){let t=e.split(";")[0].trim().toLowerCase();return n.findIndex(r=>r==="*/*"?!0:r.toLowerCase()===t)>-1}i(wl,"matchesContentType");function Rl(n,e=!1){if(!e)return n;let t=Eo(n),r=ha(n),o={};return t.forEach(s=>{typeof s=="string"?o[s]=`{${s}}`:o[s.name]=`{${s.name}}`}),r(o)}i(Rl,"getResourcePath");var Pl=[502,503,504];async function Rt(n,e){if(Pl.includes(n.status)){let t=Q.getLogger(e),o=await n.clone().text(),s={};for(let[a,u]of n.headers)s[a]=u;t.warn(`BadGatewayResponse ${n.status}`,{status:n.status,statusText:n.statusText,body:o,headers:s})}}i(Rt,"logBadGatewayResponses");var So;function Ye(n){if(So===void 0){let t=y.instance.runtime.ZUPLO_HANDLER_WRITE_LOG_LEVEL;["debug","info","warn","error"].includes(t??"")||(t="debug"),So=t}return n.log[So]}i(Ye,"getHandlerUserLogFunction");async function Il(n,e){f("handler.open-api");let t=y.instance.build.BUILD_ID,{buildAssetsUrl:r}=y.instance,o=e.route.handler.options,{openApiFilePath:s}=o;if(!s)throw new g("Open API Spec Handler must have 'openApiFilePath' specified");let a=El(s);if(!a.isValid)throw new g(a.error);let u=`${r}/${t}${s.substring(1)}`,c=await z.fetch(u,{method:n.method,body:n.body,headers:n.headers});if(c.status!==200)return x.notFound(n,e,{detail:"OpenAPI file could not be found."});let l=new Response(c.body,{headers:{"content-type":"application/json","content-encoding":c.headers.get("content-encoding")||"",vary:"Accept-Encoding"},status:c.status,statusText:c.statusText});return Rt(l,e),l}i(Il,"openApiSpecHandler");var El=i(n=>n.startsWith("./")?n.startsWith("./config")?n.endsWith(".oas.json")?{isValid:!0}:{isValid:!1,error:"'openApiFilePath' must point to a file ending in '.oas.json'"}:{isValid:!1,error:"'openApiFilePath' must point to a file in your /config directory"}:{isValid:!1,error:"'openApiFilePath' must start with './'"},"validateOpenApiPath");async function xl(n,e){f("handler.redirect");let t=e.route.handler.options;if(!t.location)throw new g("Redirect Handler must have 'location' specified");let r=t.status??302;return new Response(null,{status:r,headers:{location:t.location}})}i(xl,"redirectHandler");async function Tl(n){if(f("handler.zuplo-service-proxy"),Object.entries(n.params).length!==1)throw new g("The service proxy handler only supports one wildcard path parameter. Change your url to something like '/service/{path}'");let e=new URL(n.params.path,y.instance.zuploEdgeApiUrl),t=new Headers(n.headers);return t.set("Authorization",`Bearer ${y.instance.authApiJWT}`),z.fetch(e,{method:n.method,headers:t,body:n.body})}i(Tl,"zuploServiceProxy");function Cl(n,e){let t=n.endsWith("/"),r=e.startsWith("/");return t&&r?`${n.substring(0,n.length-1)}${e}`:!t&&!r?`${n}/${e}`:`${n}${e}`}i(Cl,"join");async function vl(n,e){f("handler.url-forward");let t=Ye(e),r=e.route.handler.options,o=r.forwardSearch!==!1;if(!r.baseUrl)throw new Error("URL Forward Handler must have 'baseUrl' specified");if(!r||typeof r.__rewriteFunction!="function")throw new g("Invalid options for this route");let s={incomingRequestProperties:e.incomingRequestProperties,requestId:e.requestId,route:e.route,custom:e.custom},a=new URL(n.url),u=r.__rewriteFunction(n,s),c=Cl(u,a.pathname),l=o?`${c}${a.search}`:c.toString(),d=Date.now();t(`URL Forwarding to '${l}'`);let p=await fetch(l,{method:n.method,body:n.body,headers:n.headers}),m=Date.now()-d;return t(`URL Forward received response ${p.status} - ${p.statusText} in ${m}ms`),Rt(p,e),p}i(vl,"urlForwardHandler");var Sl=i((n,e)=>{let t=new URL(n),r=new URL(e);for(let[o,s]of r.searchParams.entries())t.searchParams.append(o,s);return t.toString()},"addQuery");async function Al(n,e){f("handler.url-rewrite");let t=Ye(e),r=e.route.handler.options,o=r.forwardSearch!==!1,s=r.followRedirects??!1;if(!r||typeof r.__rewriteFunction!="function")throw new g("Invalid options for this route");let a={incomingRequestProperties:e.incomingRequestProperties,requestId:e.requestId,route:e.route,custom:e.custom},u=r.__rewriteFunction(n,a),c=o?Sl(u,n.url):u,l=Date.now();t(`URL Rewriting to '${c}'`);let d=await fetch(c.toString(),{method:n.method,body:n.body,headers:n.headers,redirect:s?"follow":"manual"}),p=Date.now()-l;return t(`URL Rewrite received response ${d.status} - ${d.statusText} in ${p}ms`),Rt(d,e),d}i(Al,"urlRewriteHandler");async function Ol(n,e){f("handler.websocket");let t=e.route.handler.options,r=Ye(e);if(!t||!t.rewritePattern)throw new g("WebSocket Handler must have option 'rewritePattern' specified");let o=n.headers.get("Upgrade");if(!o||o!=="websocket")return x.badRequest(n,e,{detail:"Request must include header 'Upgrade: websocket'"});if(!t||typeof t.__rewriteFunction!="function")throw new g("Invalid options for this route");let s={incomingRequestProperties:e.incomingRequestProperties,requestId:e.requestId,route:e.route,custom:e.custom},a=t.__rewriteFunction(n,s),u=Date.now();r(`Attempting WebSocket connection to '${a}'`),a=a.replace(/^(ws)/,"http");let c=await fetch(a,{method:n.method,headers:n.headers,body:n.body});if(c.status!==101||!c.webSocket){let d=await c.text(),p=`WebSocket connection error - ${c.status}: ${c.statusText}, content: '${d}'`;throw new Error(p)}let l=Date.now()-u;return r(`WebSocket connected, received response ${c.status} - ${c.statusText} in ${l}ms`),new Response(null,{status:101,webSocket:c.webSocket})}i(Ol,"webSocketHandler");var Ao=i((n,e)=>n.map((r,o)=>{let s;if(typeof r.module=="object"&&(s=r.module[r.export]),!s||typeof s!="function"){let a=e==="inbound"?"WebSocketInboundPolicy":"WebSocketOutboundPolicy",u=`policy in position: ${o+1}, export name: ${r.export}`;throw new g(`${a} - Websocket policy must be a valid function (${u})`)}return s}),"getWebSocketPolicyFunctions"),xa=i(async(n,e,t,r,o,s)=>{let a=n.data;if(s&&s.length>0){let u=[...s];for(;u.length>0;){let c=u.shift();if(!c)return a;if(a=await c(a,t,e,r,o),a===void 0)return}}return a},"webSocketPolicyProcessor");function Ta(n,e,t,r,o){n.addEventListener("close",()=>{e.close()}),n.addEventListener("error",s=>{r.log.error("WebSocket error: ",s),e.send(JSON.stringify(s))}),n.addEventListener("message",s=>{try{let u=i(async c=>{let l=await xa(c,n,e,t,r,o);l!==void 0&&e.send(l)},"innerPipeline")(s).catch(r.log.error);r.waitUntil(u)}catch(a){r.log.error(a)}})}i(Ta,"wireUpListeners");async function kl(n,e){f("handler.websocket-pipeline");let t=e.route.handler.options,r=Ye(e);if(!t||!t.rewritePattern)throw new g("WebSocket Pipeline Handler must have option 'rewritePattern' specified");let o=n.headers.get("Upgrade");if(!o||o!=="websocket")return x.badRequest(n,e,{detail:"Request must include header 'Upgrade: websocket'"});if(!t||typeof t.__rewriteFunction!="function")throw new g("Invalid options for this route");let s={incomingRequestProperties:e.incomingRequestProperties,requestId:e.requestId,route:e.route,custom:e.custom},a=t.__rewriteFunction(n,s),u=Date.now();r(`Attempting WebSocket connection to '${a}'`),a=a.replace(/^(ws)/,"http");let c=await fetch(a,{method:n.method,headers:n.headers,body:n.body});if(c.status!==101||!c.webSocket){let v=await c.text(),L=`WebSocket connection error - ${c.status}: ${c.statusText}, content: '${v}'`;throw new Error(L)}let l=new WebSocketPair,[d,p]=Object.values(l),m=Date.now()-u;r(`WebSocket connected, received response ${c.status} - ${c.statusText} in ${m}ms`);let h=c.webSocket;h.accept(),p.accept();let I=t.policies&&t.policies.inbound?Ao(t.policies.inbound,"inbound"):[],b=t.policies&&t.policies.outbound?Ao(t.policies.outbound,"outbound"):[];return Ta(p,h,n,e,I),Ta(h,p,n,e,b),new Response(null,{status:101,webSocket:d})}i(kl,"webSocketPipelineHandler");var Oo=class extends ye{constructor(t){super();this.options=t}static{i(this,"DynaTraceLoggingPlugin")}getTransport(){return new ko(this.options)}},ko=class{static{i(this,"DynaTraceTransport")}constructor(e){f("logging.dynatrace"),this.#e=e.url,this.#t=e.apiToken,this.#r=y.instance.loggingEnvironmentType,this.#o=y.instance.loggingEnvironmentStage,this.#n=y.instance.deploymentName,this.#i=e.fields??{}}#e;#t;#n;#r;#o;#i;log(e,t){e.messages.forEach(r=>{let o=Object.assign({timestamp:new Date().toISOString(),message:Ze(r),severity:e.level,"log.source":e.logSource,requestId:e.requestId,"custom.atomicCounter":e.vectorClock,"custom.environment":this.#n,"custom.environmentStage":this.#o,"custom.environmentType":this.#r,"custom.loggingId":e.loggingId,"custom.rayId":e.rayId===null?void 0:e.rayId},this.#i);this.batcher.enqueue(o)}),t.waitUntil(this.batcher.waitUntilFlushed())}#s=i(async e=>{if(e.length!==0)try{let t=await z.fetch(this.#e,{method:"POST",body:JSON.stringify(e),headers:{"content-type":"application/json; charset=utf-8",authorization:`Api-Token ${this.#t}`}});t.ok||await ne({level:"error",messages:[`Failed to send logs to Dynatrace: ${t.status} - ${t.statusText}`]},t)}catch{await ne({level:"error",messages:["Failed to connect to Dynatrace logging service. Check that the URL is correct."]})}},"#dispatchFunction");batcher=new Y("dyna-trace-log-transport",10,this.#s)};var Lo=class extends ye{constructor(t){super();this.options=t}static{i(this,"LokiLoggingPlugin")}getTransport(){return new No(this.options)}},_o=class{static{i(this,"LokiStream")}constructor(e,t,r,o,s,a){this.level=e,this.environment=t,this.environmentType=r,this.environmentStage=o,this.requestId=a,this.job=s}job;level;environment;environmentType;environmentStage;requestId;equals=i(e=>this.level===e.level&&this.requestId===e.requestId,"equals")};function Ll(n,e){return btoa(`${n}:${e}`)}i(Ll,"createBasicDigest");var No=class{static{i(this,"LokiTransport")}constructor(e){f("logging.loki"),this.#n=e.url,this.#r=Ll(e.username,e.password),this.#i=y.instance.loggingEnvironmentType,this.#s=y.instance.loggingEnvironmentStage,this.#o=y.instance.deploymentName,this.#e=e.version??1,this.#t=e.job??"zuplo",this.#a=e.fields??{}}#e;#t;#n;#r;#o;#i;#s;#a;log(e,t){let r=new _o(e.level,this.#o,this.#i,this.#s,this.#t,this.#e===1?e.requestId:void 0);e.messages.forEach(o=>{let s=Object.assign({stream:r,requestId:e.requestId,rayId:e.rayId,atomicCounter:e.vectorClock,message:Ze(o),nanoSecondEpoch:`${e.timestamp.getTime()}000000`},this.#a);this.batcher.enqueue(s)}),t.waitUntil(this.batcher.waitUntilFlushed())}#u=i(e=>{let t={streams:[]};return e.forEach(r=>{let o=t.streams.find(s=>s.stream.equals(r.stream));o||(o={stream:r.stream,values:[]},t.streams.push(o)),o.values.push(this.#e>1?[r.nanoSecondEpoch,r.message,{requestId:r.requestId,rayId:r.rayId,atomicCounter:JSON.stringify(r.atomicCounter)}]:[r.nanoSecondEpoch,r.message])}),t},"#convertToLokiStreamsBatch");#c=i(async e=>{if(e.length===0)return;let t=this.#u(e);try{let r=await z.fetch(this.#n,{method:"POST",body:JSON.stringify(t),headers:{"content-type":"application/json",authorization:`Basic ${this.#r}`}});r.ok||await ne({level:"error",messages:[`Failed to send logs to Loki: ${r.status} - ${r.statusText}`]},r)}catch{await ne({level:"error",messages:["Failed to connect to Loki logging service. Check that the URL is correct."]})}},"#dispatchFunction");batcher=new Y("loki-log-transport",10,this.#c)};var Do=class extends ye{constructor(t){super();this.options=t}static{i(this,"SumoLogicLoggingPlugin")}getTransport(){return new Mo(this.options)}},Mo=class{static{i(this,"SumoLogicTransport")}constructor(e){f("logging.sumologic"),this.#e=e.url,this.#o=e.category,this.#i=e.name,this.#n=y.instance.loggingEnvironmentType,this.#r=y.instance.loggingEnvironmentStage,this.#t=y.instance.deploymentName,this.#s=e.fields??{}}#e;#t;#n;#r;#o;#i;#s;log(e,t){e.messages.forEach(r=>{let o=Object.assign({timestamp:new Date().toISOString(),message:Ze(r),severity:e.level,source:e.logSource,requestId:e.requestId,environment:this.#t,environmentType:this.#n,environmentStage:this.#r,rayId:e.rayId===null?void 0:e.rayId},this.#s);this.batcher.enqueue(o)}),t.waitUntil(this.batcher.waitUntilFlushed())}#a=i(async e=>{if(e.length===0)return;let t=e.map(o=>JSON.stringify(o)).join(`
-`),r=new Headers({"content-type":"application/json; charset=utf-8"});this.#i&&r.set("X-Sumo-Name",this.#i),this.#o&&r.set("X-Sumo-Category",this.#o);try{let o=await z.fetch(this.#e,{method:"POST",body:t,headers:r});o.ok||await ne({level:"error",messages:[`Failed to send logs to Sumologic: ${o.status} - ${o.statusText}`]},o)}catch{await ne({level:"error",messages:["Failed to connect to Sumologic logging service. Check that the URL is correct."]})}},"#dispatchFunction");batcher=new Y("sumo-logic-log-transport",10,this.#a)};var _l="d3a5b78f823648f5b1df4fe269d41172",qo=class extends ye{constructor(t){super();this.options=t}static{i(this,"VMWareLogInsightLoggingPlugin")}getTransport(){return new Uo(this.options)}},Uo=class{static{i(this,"VMWareLogInsightTransport")}constructor(e){f("logging.vmware-loginsight");let t;try{t=new URL(e.url),t.pathname==="/"&&(t.pathname=`/api/v1/events/ingest/${e.agentId??_l}`)}catch{throw new g(`Invalid option 'url' on 'VMWareLogInsightTransport' plugin. Must be a valid URL, received '${e.url}'`)}this.#e=t.toString(),this.#r=y.instance.loggingEnvironmentType,this.#o=y.instance.loggingEnvironmentStage,this.#n=y.instance.deploymentName,this.#i=e.onMessageSending,this.#t=e.textReplacements,e.fields&&(this.#s=Object.entries(e.fields).map(([r,o])=>({name:r,content:o})))}#e;#t;#n;#r;#o;#i;#s;log(e,t){let r=this.buildEntry(e,t);this.batcher.enqueue(r),t.waitUntil(this.batcher.waitUntilFlushed())}buildEntry(e,t){let r=ra(e.messages);this.#t?.forEach(s=>{r=r.replaceAll(s[0],s[1])});let o={timestamp:Date.now(),text:r,fields:[{name:"severity",content:e.level.toUpperCase()},{name:"request_id",content:e.requestId},{name:"environment_type",content:this.#r},{name:"environment_stage",content:this.#o},{name:"log_source",content:e.logSource},{name:"atomic_counter",content:e.vectorClock}]};return e.rayId&&o.fields.push({name:"request_ray_id",content:e.rayId}),this.#n&&o.fields.push({name:"environment",content:this.#n}),this.#s&&o.fields.push(...this.#s),t.custom&&Object.entries(t.custom).forEach(([s,a])=>{let u=co(a);u&&o.fields.push({name:s,content:u})}),this.#i&&(o=this.#i(o)),o}#a=i(async e=>{if(e.length!==0)try{let t=await z.fetch(this.#e,{method:"POST",body:JSON.stringify({events:e}),headers:{"content-type":"application/json; charset=utf-8"}});t.ok||await ne({level:"error",messages:[`Failed to send logs to Log Insight: ${t.status} - ${t.statusText}`]},t)}catch{await ne({level:"error",messages:["Failed to connect to Log Insight logging service. Check that the URL is correct."]})}},"#dispatchFunction");batcher=new Y("vmware-log-insights-log-transport",10,this.#a)};var Ho=class extends ye{constructor(t){super();this.options=t}static{i(this,"AWSLoggingPlugin")}getTransport(){return new $o(this.options)}},$o=class{static{i(this,"AWSLogTransport")}awsClient;environment;environmentType;environmentStage;logGroupName;logStreamName;region;fields;batcher=new Y("aws-log-transport",10,async e=>{if(e.length===0)return;let t=JSON.stringify({logGroupName:this.logGroupName,logStreamName:this.logStreamName,logEvents:e});try{let r=await this.awsClient.fetch(`https://logs.${this.region}.amazonaws.com`,{headers:{"Content-Type":"application/x-amz-json-1.1","x-amz-Target":"Logs_20140328.PutLogEvents"},body:t,aws:{accessKeyId:this.awsClient.accessKeyId,secretAccessKey:this.awsClient.secretAccessKey,service:this.awsClient.service,region:this.awsClient.region}});r.ok||await ne({level:"error",messages:[`Failed to send logs to AWS: ${r.status} - ${r.statusText}`]},r)}catch{await ne({level:"error",messages:["Failed to connect to AWS logging service. Check that the URL is correct."]})}});constructor({accessKeyId:e,logStreamName:t,logGroupName:r,secretAccessKey:o,region:s,fields:a}){f("logging.aws"),this.awsClient=new bt({accessKeyId:e,secretAccessKey:o,service:"logs",region:s}),this.logGroupName=r,this.logStreamName=t,this.region=s,this.environmentType=y.instance.loggingEnvironmentType,this.environmentStage=y.instance.loggingEnvironmentStage,this.environment=y.instance.deploymentName,this.fields=a??{}}log(e,t){e.messages.forEach(r=>{let o={timestamp:new Date().getTime(),message:JSON.stringify(Object.assign({data:Ze(r),severity:e.level,source:e.logSource,environment:this.environment,atomicCounter:e.vectorClock,requestId:e.requestId,environmentType:this.environmentType,environmentStage:this.environmentStage,rayId:e.rayId===null?void 0:e.rayId},this.fields))};this.batcher.enqueue(o)}),t.waitUntil(this.batcher.waitUntilFlushed())}};var Zo=new WeakMap,Nl={tags:[]},Fo=class extends Ge{constructor(t){super();this.options=t;f("metrics.datadog")}static{i(this,"DataDogMetricsPlugin")}getTransport(){return new jo(this.options)}static setContext(t,r){let o=Zo.get(t);o||(o=Nl);let s=Object.assign({...o},r);Zo.set(t,s)}},jo=class{static{i(this,"DataDogMetricsTransport")}#e;#t;#n;#r;#o;#i=void 0;constructor(e){this.#e=e.apiKey,this.#t=e.url??"https://api.datadoghq.com/api/v2/series",this.#n=Object.assign({latency:!0,requestContentLength:!0,responseContentLength:!0},e.metrics),this.#o=e.include??{},this.#r=e.tags??[]}pushMetrics(e,t){this.#i===void 0&&(this.#i=new Y("data-dog-metrics-transport",10,this.dispatchFunction,Q.getLogger(t)));let r=Math.floor(e.timestamp.getTime()/1e3),o=this.#r.concat(Zo.get(t)?.tags??[]);if(this.#o.country&&o.push(`country:${e.country}`),this.#o.httpMethod&&o.push(`httpMethod:${e.method}`),this.#o.statusCode&&o.push(`statusCode:${e.statusCode}`),this.#o.path){let s=e.systemRouteName||e.routePath;o.push(`path:${s}`)}this.#n.latency&&this.#i.enqueue({metric:"zuplo.request.latency",type:3,points:[{timestamp:r,value:e.durationMs}],tags:o}),this.#n.requestContentLength&&e.requestContentLength&&this.#i.enqueue({metric:"zuplo.request.content_length",type:3,points:[{timestamp:r,value:e.requestContentLength}],tags:o}),this.#n.responseContentLength&&e.responseContentLength&&this.#i.enqueue({metric:"zuplo.response.content_length",type:3,points:[{timestamp:r,value:e.responseContentLength}],tags:o}),t.waitUntil(this.#i.waitUntilFlushed())}dispatchFunction=i(async e=>{if(e.length!==0)try{let t=JSON.stringify({series:e}),r=await z.fetch(this.#t,{method:"POST",body:t,headers:{"content-type":"application/json","DD-API-KEY":this.#e}});r.ok||await ne({level:"error",messages:["Failed to send metrics to DataDog."]},r)}catch{await ne({level:"error",messages:["Failed to connect to DataDog metrics service. Check that the URL is correct."]})}},"dispatchFunction")};var zo=new WeakMap,Dl={dimensions:[]},Bo=class extends Ge{constructor(t){super();this.options=t;f("metrics.dynatrace")}static{i(this,"DynatraceMetricsPlugin")}getTransport(){return new Go(this.options)}static setContext(t,r){let o=zo.get(t);o||(o=Dl);let s=Object.assign({...o},r);zo.set(t,s)}},Go=class{static{i(this,"DynaTraceMetricsTransport")}apiToken;#e;#t;dimensions;#n;#r=void 0;constructor(e){this.apiToken=e.apiToken,this.#e=e.url,this.#t=Object.assign({latency:!0,requestContentLength:!0,responseContentLength:!0},e.metrics),this.#n=e.include??{},this.dimensions=e.dimensions??[]}pushMetrics(e,t){this.#r===void 0&&(this.#r=new Y("dynatrace-metrics-transport",10,this.dispatchFunction,Q.getLogger(t)));let r=Math.floor(e.timestamp.getTime()),o=this.dimensions.concat(zo.get(t)?.dimensions??[]);if(this.#n.country&&o.push(`country="${e.country}"`),this.#n.httpMethod&&o.push(`http_method="${e.method}"`),this.#n.statusCode&&o.push(`status_code="${e.statusCode}"`),this.#n.path){let a=e.systemRouteName||e.routePath;o.push(`path="${a}"`)}let s=o.join(",");this.#t.latency&&this.#r.enqueue(`zuplo.request.latency,${s} ${e.durationMs} ${r}`),this.#t.requestContentLength&&e.requestContentLength&&this.#r.enqueue(`zuplo.request.content_length,${s} ${e.requestContentLength} ${r}`),this.#t.responseContentLength&&e.responseContentLength&&this.#r.enqueue(`zuplo.response.content_length,${s} ${e.responseContentLength} ${r}`),t.waitUntil(this.#r.waitUntilFlushed())}dispatchFunction=i(async e=>{if(e.length!==0)try{let t=e.join(`
-`),r=await z.fetch(this.#e,{method:"POST",body:t,headers:{"content-type":"text/plain",Authorization:`Api-Token ${this.apiToken}`}});r.ok||await ne({level:"error",messages:["Failed to send metrics to Dynatrace."]},r)}catch{await ne({level:"error",messages:["Failed to connect to Dynatrace metrics service. Check that the URL is correct."]})}},"dispatchFunction")};var Vo=class{static{i(this,"AuditLogDataStaxProvider")}constructor(e){this.#e=e,f("audit-logs.datastax")}#e;writeLogBatch=i(async e=>{await Promise.allSettled(e.map(async t=>{await z.fetch(this.#e.url,{method:"POST",headers:{"X-Cassandra-Token":this.#e.xCassandraToken,"content-type":"application/json"},body:JSON.stringify(t)})}))},"writeLogBatch")};var Wo=class extends me{static{i(this,"AuditLogPlugin")}constructor(e,t){super(),this.#e=e,this.#t=t,f("audit-logs")}#e;#t;async initialize(e){new Jo(e,this.#e,this.#t)}},Ca=i(n=>{let e={};return n.forEach((t,r)=>{e[r]=t}),e},"serializableHeaders"),Ml={requestFilter:i(async()=>!0,"requestFilter"),include:{request:{headers:!0,body:!0},response:{headers:!0,body:!0}}},Jo=class{static{i(this,"AuditPluginImpl")}constructor(e,t,r){this.#t=t;let o={...Ml};r?.requestFilter&&(o.requestFilter=r.requestFilter),r?.include?.request&&Object.assign(o,r.include.request),r?.include?.response&&Object.assign(o,r.include.response),this.#e=o,e.addRequestHook(this.#i),this.#n=new Y("audit-log",10,this.#r)}#e;#t;#n;#r=i(async e=>{await this.#t.writeLogBatch(e)},"#dispatch");#o=i(async(e,t,r,o,s,a)=>{try{let u={timestamp:o,durationMs:s,routePath:r.route.path,requestId:r.requestId,userSub:a,request:{url:t.url,method:t.method,headers:this.#e.include?.request?.headers?Ca(t.headers):void 0,body:this.#e.include?.request?.body?await t.text():void 0},response:{status:e.status,statusText:e.statusText,headers:this.#e.include?.response?.headers?Ca(e.headers):void 0,body:this.#e.include?.response?.body?await e.text():void 0}};this.#n.enqueue(u),r.waitUntil(this.#n.waitUntilFlushed())}catch(u){r.log.error(u)}},"#asyncPrepLogs");#i=i(async(e,t)=>{try{if(!await this.#e.requestFilter(e,t))return e;let o=new Date,s=Date.now(),a=e.clone();return t.addResponseSendingFinalHook(async(u,c)=>{let l=Date.now(),d=u.clone(),p=this.#o(d,a,t,o,l-s,c.user?.sub).catch(m=>{t.log.error(m)});t.waitUntil(p)}),e}catch(r){return t.log.error(r),e}},"#auditHook")};var at={None:0,Base64Encode:1},Ko={None:0,JsonEscape:1},rn=class{constructor(e,t=at.None){this.stream=e;this.flags=t;this.placeholder=`__STREAM_TOKEN_${crypto.randomUUID()}__`}static{i(this,"StreamToken")}placeholder;getRawStream(){return this.stream}getFlags(){return this.flags}getSafeToken(){return this.placeholder}async getContent(){if(!this.stream)return null;let e=this.stream.getReader(),t=[];try{for(;;){let{done:u,value:c}=await e.read();if(u)break;t.push(c)}}finally{e.releaseLock()}let r=t.reduce((u,c)=>u+c.length,0),o=new Uint8Array(r),s=0;for(let u of t)o.set(u,s),s+=u.length;let a=new TextDecoder().decode(o);return this.flags&at.Base64Encode&&(a=btoa(a)),a}},Jn=class{static{i(this,"StreamBuilder")}template;tokens;flags;constructor(e){this.template=e.template,this.tokens=e.tokens,this.flags=e.flags}escapeJsonString(e){return e.replace(/[\\\"\n\r\t\f\b]/g,t=>{switch(t){case"\\":return"\\\\";case'"':return'\\"';case`
-`:return"\\n";case"\r":return"\\r";case"	":return"\\t";case"\f":return"\\f";case"\b":return"\\b";default:return t}})}async toString(){let t=this.getStream().getReader(),r=new TextDecoder,o="";for(;;){let{done:s,value:a}=await t.read();if(s)break;o+=r.decode(a,{stream:!0})}return o+=r.decode(),o}getStream(){let e=this.template,t=this.flags,r=new TextEncoder,o=new Map;for(let m of this.tokens)o.set(m.getSafeToken(),m);let s=/"(__STREAM_TOKEN_[^"]+__)"|(__STREAM_TOKEN_[^"]+__)/g,a=[],u=0,c;for(;(c=s.exec(e))!==null;){if(c.index>u&&a.push({type:"literal",value:e.substring(u,c.index)}),c[1]){let m=o.get(c[1]);m?a.push({type:"token",token:m,isQuoted:!0}):a.push({type:"literal",value:c[0]})}else if(c[2]){let m=o.get(c[2]);m?a.push({type:"token",token:m,isQuoted:!1}):a.push({type:"literal",value:c[0]})}u=s.lastIndex}u<e.length&&a.push({type:"literal",value:e.substring(u)});function l(){let m="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",h=new Uint8Array(0);return new TransformStream({transform(I,b){let v=new Uint8Array(h.length+I.length);v.set(h),v.set(I,h.length);let L=v.length%3,S=v.length-L;if(S>0){let $=v.subarray(0,S),Z="";for(let q=0;q<$.length;q+=3){let A=$[q],H=$[q+1],V=$[q+2],F=A<<16|H<<8|V;Z+=m[F>>18&63],Z+=m[F>>12&63],Z+=m[F>>6&63],Z+=m[F&63]}b.enqueue(Z)}h=v.subarray(v.length-L)},flush(I){if(h.length>0){let b=h[0],v=h.length>1?h[1]:0,L=b<<16|v<<8,S="";S+=m[L>>18&63],S+=m[L>>12&63],S+=h.length===2?m[L>>6&63]:"=",S+="=",I.enqueue(S)}}})}i(l,"createBase64EncodeTransformStream");function d(){return new TransformStream({transform(m,h){let I=m.replace(/[\\\"\n\r\t\f\b]/g,b=>{switch(b){case"\\":return"\\\\";case'"':return'\\"';case`
-`:return"\\n";case"\r":return"\\r";case"	":return"\\t";case"\f":return"\\f";case"\b":return"\\b";default:return b}});h.enqueue(I)}})}i(d,"createJsonEscapeTransformStream");async function*p(){for(let m of a)if(m.type==="literal")yield r.encode(m.value);else{let h=m.token,I=h.getRawStream();if(!I){yield r.encode(m.isQuoted?"null":"");continue}let b;h.getFlags()&at.Base64Encode?b=I.pipeThrough(l()):b=I.pipeThrough(new TextDecoderStream),!(h.getFlags()&at.Base64Encode)&&t&Ko.JsonEscape&&(b=b.pipeThrough(d())),m.isQuoted&&(yield r.encode('"'));let v="";try{let L=b.getReader(),S=await L.read();if(S.done)throw new Error("Token stream already exhausted.");for(v+=S.value;;){let{done:$,value:Z}=await L.read();if($)break;v+=Z}}catch(L){v=`Error: reading stream failed - ${L instanceof Error?L.message:String(L)}`}yield r.encode(v),m.isQuoted&&(yield r.encode('"'))}}return i(p,"generateChunks"),new ReadableStream({async start(m){for await(let h of p())m.enqueue(h);m.close()}})}};function Kn(n,e,t){return new Promise((r,o)=>{let s=setTimeout(()=>{o(new Error(t||`Operation timed out after ${e} second(s)`))},e*1e3);n.then(a=>{clearTimeout(s),r(a)}).catch(a=>{clearTimeout(s),o(a)})})}i(Kn,"withTimeout");async function ql(n,e,t,r){let o;for(let s=0;s<t;s++)try{let a=fetch(n,e),u=r?await Kn(a,r,"Fetch timed out"):await a;if(u.ok)return u;o=new Error(`Fetch returned status ${u.status}`)}catch(a){o=a}throw o||new Error("Fetch failed without a response.")}i(ql,"fetchWithRetry");async function Ul(n,e,t,r,o){let s;for(let a=0;a<r;a++)try{let u=new Headers(e.headers||{});u.set("Authorization",`Bearer ${t}`);let c={...e,headers:u},l=fetch(n,c),d=o?await Kn(l,o,"Fetch timed out"):await l;if(d.status===401||d.ok)return d;s=new Error(`Fetch returned status ${d.status}`)}catch(u){s=u}throw s||new Error("Fetch with token failed without a response.")}i(Ul,"fetchWithToken");async function on(n,e={}){let{retries:t=3,timeoutSeconds:r,auth:o,...s}=e;if(!o)return await ql(n,s,t,r);let a=o.retries??3,u=o.timeoutSeconds,c;for(let l=0;l<a;l++)try{let d=o.callback();if(c=u?await Kn(d,u,"Auth token acquisition timed out"):await d,c)break}catch(d){if(l===a-1)throw d}if(!c)throw new Error("Failed to acquire token after maximum retries.");for(let l=0;l<a;l++){let d=await Ul(n,s,c,t,r);if(d.status!==401)return d;for(let p=0;p<a;p++)try{let m=o.callback();if(c=u?await Kn(m,u,"Auth token acquisition timed out"):await m,c)break}catch(m){if(p===a-1)throw m}if(!c)throw new Error("Failed to refresh token after receiving a 401.")}throw new Error("Authentication failed after maximum token retries.")}i(on,"supafetch");function va(n){try{let e=n.split(".")[1],t=Buffer.from(e,"base64").toString("utf8");return JSON.parse(t)}catch{return null}}i(va,"decodeJWT");function Sa(n,e,t){if(n.IP&&t&&n.IP[t])return{blocked:!0,id:n.IP[t],source:`IP/${t}`};if(n.Header)for(let[r,o]of Object.entries(n.Header)){let s=e.headers.get(r);if(s){if(o.RAW&&o.RAW[s])return{blocked:!0,id:o.RAW[s],source:`Header/${r}/RAW/${s}`};if(o.JWT){let a=s;if(r.toLowerCase()==="authorization"){let c=s.split(" ");c.length===2&&c[0].toLowerCase()==="bearer"&&(a=c[1])}let u=va(a);if(u){for(let[c,l]of Object.entries(o.JWT))if(u[c]&&l[u[c]])return{blocked:!0,id:l[u[c]],source:`Header/${r}/JWT/${c}/${u[c]}`}}}if(r.toLowerCase()==="cookie"&&o.COOKIE){let a=s.split(";").reduce((u,c)=>{let[l,d]=c.trim().split("=");return u[l]=d,u},{});for(let[u,c]of Object.entries(o.COOKIE))if(a[u]&&c[a[u]])return{blocked:!0,id:c[a[u]],source:`Header/Cookie/${u}/${a[u]}`}}}}if(n.Query){let r=new URL(e.url);for(let[o,s]of Object.entries(n.Query)){let a=r.searchParams.get(o);if(a){if(s.RAW&&s.RAW[a])return{blocked:!0,id:s.RAW[a],source:`Query/${o}/RAW/${a}`};if(s.JWT){let u=va(a);if(u){for(let[c,l]of Object.entries(s.JWT))if(u[c]&&l[u[c]])return{blocked:!0,id:l[u[c]],source:`Query/${o}/JWT/${c}/${u[c]}`}}}}}}return{blocked:!1}}i(Sa,"checkRequest");var Hl=1048576;function Aa(n,e){if(!n.body||n.body===null)return!1;let t=n.headers.get("content-length");return!(t&&Number(t)>Hl||(n.headers.get("content-type")??"").includes("stream")||e!=null&&e===101)}i(Aa,"shouldGatherBody");var $l="unused",Qo={type:63,version:"3.0.1"},Oa,Zl="plugin.akamai-api-security-plugin",Yo=class extends me{static{i(this,"AkamaiApiSecurityPlugin")}constructor(e){super(),this.#n=e,f(Zl)}async initialize(e){e.addRequestHook(async(t,r)=>{if(Oa=r,this.#n.enableProtection===!0)try{let u=await this.#t.get($l);this.#n.debug&&r.log.debug("AkamaiApiSecurityPlugin: Loaded ProtectionResponse",u);let c=Sa(u,t);if(c.blocked===!0)return r.log.debug(`AkamaiApiSecurityPlugin: Request Blocked by rule '${c.source}':'${c.id}'`),x.forbidden(t,r,{detail:"Access to this resource has been forbidden"})}catch(u){r.log.error(`AkamaiApiSecurityPlugin: Error loading ProtectionResponse '${u.message}'`)}if(this.#n.shouldLog&&!await this.#n.shouldLog(t,r))return t;let o=Date.now(),s;return Aa(t)&&(s=t.clone()),r.addResponseSendingFinalHook(async(u,c,l)=>{let d=null;if(s!==void 0&&s.body!==null){let m=await s.arrayBuffer(),h=new Uint8Array(m);d=new ReadableStream({start(I){I.enqueue(h),I.close()}})}let p=null;Aa(u)&&(p=u.clone().body),this.#r(d,p,c,u,l,o)}),t})}#e=i(async()=>{let e=await on(`https://${this.#n.hostname}/integrations-adapter/get-prevention-rules?source-index=${this.#n.index}&source-key=${this.#n.key}&source-type=${Qo.type}`);if(e.status!==200)throw new Error(`Unexpected response from protection endpoint ${e.status}: ${await e.text()}`);let t=await e.text();try{return JSON.parse(t)}catch(r){throw new Error(`Error parsing response from protection endpoint '${r}' in '${t}'`)}},"#protectionFetch");#t=new sn(this.#e,{ttlSeconds:60,loaderTimeoutSeconds:60});#n;#r=i(async(e,t,r,o,s,a)=>{let u=new rn(e,at.Base64Encode),c=new rn(t,at.Base64Encode),l=await this.#o(o,r,c,u,s,a),p=new Jn({template:JSON.stringify(l),tokens:[u,c],flags:Ko.JsonEscape}).getStream(),m;this.#n.debug&&([,m]=p.tee());let h=await on(`https://${this.#n.hostname}/engine?structure=base64-payload`,{method:"POST",headers:{"content-type":"application/json"},body:p,retries:1});this.#n.debug&&Oa.log.debug({message:"AkamaiApiSecurityPlugin: Dispatched entry",status:h.status,requestBody:m,responseText:await h.text()})},"#finalizeDispatch");#o=i(async(e,t,r,o,s,a)=>{let u=new URL(t.url),c=t.headers.get("true-client-ip")??"";return{ip:{v:jl(c),src:c},tcp:{dst:Fl(u)},http:{request:{ts:a,method:t.method,url:u.pathname,headers:Object.fromEntries(t.headers.entries()),body:o.getSafeToken()},response:{ts:Date.now(),status:e.status,headers:Object.fromEntries(e.headers.entries()),body:r.getSafeToken()}},source:{type:Qo.type,index:this.#n.index,version:Qo.version,key:this.#n.key,resource:{type:"ZUPLO",properties:{account:fe.ZUPLO_ACCOUNT_NAME??"",project:fe.ZUPLO_PROJECT_NAME??"",environment:fe.ZUPLO_ENVIRONMENT_NAME??"",route:s.route.path}}}}},"#generateStreamTemplate")};function Fl(n){return n.port?parseInt(n.port):n.protocol==="https:"?443:80}i(Fl,"guessPort");function jl(n){return n.includes("::")||(n.match(/:/g)||[]).length>1?"6":"4"}i(jl,"detectIPVersion");var an=class{static{i(this,"BackgroundDispatcher")}#e;constructor(e,t){if(!t||t.msDelay===void 0)throw new g("BackgroundDispatcher: options.msDelay is required");this.#e=new Y(t.name??"",t.msDelay,e)}enqueue=i(e=>{this.#e.enqueue(e),Ke().waitUntil(this.#e.waitUntilFlushed())},"enqueue")};var Xo,Me=class{static{i(this,"RequestLoggerCore")}constructor(e,t){let o=(e.batchPeriodSeconds??.01)*1e3;this.#n=new an(this.#t,{msDelay:o}),this.#e=e,this.initialize(t)}initialize(e){e.addRequestHook((t,r)=>{Xo=r;let o=Date.now();return r.addResponseSendingFinalHook(async s=>{let a={deploymentName:y.instance.deploymentName??"",instanceId:y.instance.instanceId,systemUserAgent:y.instance.systemUserAgent,requestStartTime:new Date(o),durationMs:Date.now()-o},u=await this.#e.generateLogEntry(s,t,r,a);this.#n.enqueue(u)}),t})}#e;#t=i(async e=>{if(e.length!==0)try{await this.#e.dispatchFunction(e)}catch(t){zl(t,this.#e.name)}},"#dispatch");#n};function zl(n,e){if(!Xo){let r=Ke(),o=ne({level:"error",messages:[`RequestLoggerCore '${e}': No context available to log user errors`]});r.waitUntil(o);return}let t;n instanceof Error?t={message:n.message,status:-1,details:n.stack??""}:t=n,Xo.log.error(`RequestLoggerCore '${e}': Error dispatching log entries.`,t)}i(zl,"logError");var ka="plugin.azure-blob-request-logger",Bl=i(()=>`${new Date().toISOString().replace(/[:-]/g,"-").replace("T","-").split(".")[0]}-${y.instance.instanceId}.csv`,"defaultGenerateBlobName"),La,ti=class extends me{static{i(this,"AzureBlobPlugin")}constructor(e){super(),this.#e=e,f(ka)}async initialize(e){new Me({name:ka,generateLogEntry:this.#e.generateLogEntry,batchPeriodSeconds:this.#e.batchPeriodSeconds,dispatchFunction:this.#t},e)}#e;#t=i(async e=>{if(e.length===0)return;let t=Gl(e[0]),r=Wl(e,t),s=(this.#e.generateBlobName??Bl)(e);await Jl(r,this.#e,s)},"#dispatch")};function Gl(n){return Object.keys(n)}i(Gl,"getHeaders");function Vl(n){if(n==null)return"";let e=String(n);return(e.includes('"')||e.includes(",")||e.includes(`
-`)||e.includes("\r"))&&(e=e.replace(/"/g,'""'),e=`"${e}"`),e}i(Vl,"escapeCsvValue");function Wl(n,e){let t=[];t.push(e.join(","));for(let r of n){let o=[];for(let s of e){let a=r[s];o.push(Vl(a))}t.push(o.join(","))}return t.join(`
-`)}i(Wl,"generateCsvContent");async function Jl(n,e,t){let{sasUrl:r}=e,o=r.split("?"),s=`${o[0]}/${t}?${o[1]}`;try{let a=await z.fetch(s,{method:"PUT",headers:{"x-ms-blob-type":"BlockBlob","Content-Type":"text/csv"},body:n});a.ok||(ei({message:a.statusText,status:a.status,details:await a.text()}),ei({message:a.statusText,status:a.status,details:await a.text()}))}catch(a){ei(a)}}i(Jl,"uploadToAzureBlobStorage");function ei(n){if(!La){let t=Ke(),r=ne({level:"error",messages:["AzureBlobCsvPlugin: No context available to log user errors"]});t.waitUntil(r);return}let e;n instanceof Error?e={message:n.message,status:-1,details:n.stack??""}:e=n,La.log.error("AzureBlobCsvPlugin: Error uploading to Azure Blob Storage",e)}i(ei,"logError");var _a="plugin.azure-event-hubs-request-logger",Kl=60*60,Ql=5*60;function Na(){return Math.floor(Date.now()/1e3)}i(Na,"nowEpochSeconds");var ni=class extends me{static{i(this,"AzureEventHubsRequestLoggerPlugin")}#e;#t;#n=null;constructor(e){super(),this.#e=e,this.#t=this.#r(e.connectionString),f(_a)}#r(e){let t=e.split(";"),r=new Map;for(let s of t){let[a,...u]=s.split("=");a&&u.length>0&&r.set(a,u.join("="))}return{endpoint:r.get("Endpoint")||"",sharedAccessKeyName:r.get("SharedAccessKeyName")||"",sharedAccessKey:r.get("SharedAccessKey")||"",entityPath:r.get("EntityPath")||""}}async#o(e,t,r){let o=new TextEncoder,s=e.replace(/^https?:\/\//,""),a=encodeURIComponent(s),c=Na()+Kl,l=`${a}
-${c}`,d={name:"HMAC",hash:{name:"SHA-256"}},p=await crypto.subtle.importKey("raw",o.encode(r),d,!1,["sign"]),m=await crypto.subtle.sign("HMAC",p,o.encode(l)),h=new Uint8Array(m),I=btoa(String.fromCharCode(...h)),b=encodeURIComponent(I);return{token:`SharedAccessSignature sr=${a}&sig=${b}&se=${c}&skn=${t}`,expiryEpochSeconds:c}}async#i(){let e=Na();if(this.#n&&e<this.#n.expiryEpochSeconds-Ql)return this.#n.token;let t=this.#t.entityPath?this.#t.entityPath:(this.#e.eventHubName??"").trim();if(!t)throw new Error("No entity path - either set EntityPath in the connection string or supply eventHubName");let o=`${this.#t.endpoint.replace(/\/$/,"").toLowerCase()}/${t}`,s=await this.#o(o,this.#t.sharedAccessKeyName,this.#t.sharedAccessKey);return this.#n=s,s.token}async initialize(e){new Me({name:_a,generateLogEntry:this.#e.generateLogEntry,batchPeriodSeconds:this.#e.batchPeriodSeconds,dispatchFunction:this.#s},e)}#s=i(async e=>{if(e.length===0)return;let t=this.#t.entityPath?this.#t.entityPath:(this.#e.eventHubName??"").trim(),o=`https://${this.#t.endpoint.replace(/\/$/,"").replace(/^sb:\/\//,"")}/${t}/messages?timeout=60`,s=await this.#i(),a=await fetch(o,{method:"POST",headers:{Authorization:s,"Content-Type":"application/json"},body:JSON.stringify(e)});if(!a.ok)throw new Error(`AzureEventHubsRequestLoggerPlugin: Failed to send logs to ${o}
+`)}async hexBodyHash(){let e=this.headers.get("X-Amz-Content-Sha256");if(e==null){if(this.body&&typeof this.body!="string"&&!("byteLength"in this.body))throw new k("body must be a string, ArrayBuffer or ArrayBufferView, unless you include the X-Amz-Content-Sha256 header");e=xo(await Ra(this.body||""))}return e}};async function nn(n,e){let t=await crypto.subtle.importKey("raw",typeof n=="string"?To.encode(n):n,{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]);return crypto.subtle.sign("HMAC",t,To.encode(e))}i(nn,"hmac");async function Ra(n){return crypto.subtle.digest("SHA-256",typeof n=="string"?To.encode(n):n)}i(Ra,"hash");function xo(n){return Array.prototype.map.call(new Uint8Array(n),e=>("0"+e.toString(16)).slice(-2)).join("")}i(xo,"buf2hex");function Pa(n){return n.replace(/[!'()*]/g,e=>"%"+e.charCodeAt(0).toString(16).toUpperCase())}i(Pa,"encodeRfc3986");function cl(n,e){let{hostname:t,pathname:r}=n,o=t.replace("dualstack.","").match(/([^.]+)\.(?:([^.]*)\.)?amazonaws\.com(?:\.cn)?$/),[s,a]=(o||["",""]).slice(1,3);if(a==="us-gov")a="us-gov-west-1";else if(a==="s3"||a==="s3-accelerate")a="us-east-1",s="s3";else if(s==="iot")t.startsWith("iot.")?s="execute-api":t.startsWith("data.jobs.iot.")?s="iot-jobs-data":s=r==="/mqtt"?"iotdevicegateway":"iotdata";else if(s==="autoscaling"){let u=(e.get("X-Amz-Target")||"").split(".")[0];u==="AnyScaleFrontendService"?s="application-autoscaling":u==="AnyScaleScalingPlannerFrontendService"&&(s="autoscaling-plans")}else a==null&&s.startsWith("s3-")?(a=s.slice(3).replace(/^fips-|^external-1/,""),s="s3"):s.endsWith("-fips")?s=s.slice(0,-5):a&&/-\d$/.test(s)&&!/-\d$/.test(a)&&([s,a]=[a,s]);return s in wa?[wa[s],a]:[s,a]}i(cl,"guessServiceRegion");function ll(n){return n>64&&n<91?n-65:n>96&&n<123?n-71:n>47&&n<58?n+4:n===43?62:n===47?63:0}i(ll,"b64ToUint6");function Ia(n,e){let t=n.replace(/[^A-Za-z0-9+/]/g,""),r=t.length,o=e?Math.ceil((r*3+1>>2)/e)*e:r*3+1>>2,s=new Uint8Array(o),a,u,c=0,l=0;for(let d=0;d<r;d++)if(u=d&3,c|=ll(t.charCodeAt(d))<<6*(3-u),u===3||r-d===1){for(a=0;a<3&&l<o;)s[l]=c>>>(16>>>a&24)&255,a++,l++;c=0}return s}i(Ia,"base64Decode");function Wn(n){return n<26?n+65:n<52?n+71:n<62?n-4:n===62?43:n===63?47:65}i(Wn,"uint6ToB64");function Ea(n){let e=2,t="",r=n.length,o=0;for(let s=0;s<r;s++)e=s%3,o|=n[s]<<(16>>>e&24),(e===2||n.length-s===1)&&(t+=String.fromCodePoint(Wn(o>>>18&63),Wn(o>>>12&63),Wn(o>>>6&63),Wn(o&63)),o=0);return t.substring(0,t.length-2+e)+(e===2?"":e===1?"=":"==")}i(Ea,"base64Encode");function wt(n){let e=n.toString();return`${e.length===1?"0":""}${e}`}i(wt,"numberToString");function dl(n){let e=n.getTimezoneOffset(),t=Math.abs(e),r=e>0?"-":"+",o=wt(Math.floor(t/60)),s=wt(t%60);return`${r}${o}${s}`}i(dl,"getCLFOffset");function Co(n=new Date){if(!(n instanceof Date))throw new Error("clf-date: invalid parameter");let e=["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],t=wt(n.getDate()),r=e[n.getMonth()],o=n.getFullYear(),s=wt(n.getHours()),a=wt(n.getMinutes()),u=wt(n.getSeconds()),c=dl(n);return`${t}/${r}/${o}:${s}:${a}:${u} ${c}`}i(Co,"toCLFDate");var xa=be("zuplo:runtime"),pl="X-Amzn-Trace-Id",ml="x-amzn-errortype",Ta=[],gl=i(async(n,e,t)=>{let r=t;for await(let o of Ta)r=await o(n,e,t);return r},"onSendingAwsLambdaEvent"),ve=class extends k{static{i(this,"AwsLambdaError")}traceId;errorType;constructor(e,t){super(`Failed to invoke AWS Lambda function. ${e}`),this.traceId=t.get(pl)??void 0,this.errorType=t.get(ml)??void 0}},fl={addSendingAwsLambdaEventHook:i(n=>{Ta.push(n)},"addSendingAwsLambdaEventHook")};async function hl(n,e){f("handler.aws-lambda");let{accessKeyId:t,secretAccessKey:r,region:o,functionName:s,useLambdaProxyIntegration:a=!0,useAwsResourcePathStyle:u=!1,binaryMediaTypes:c}=e.route.handler.options;if(!t)throw new g("awsAccessKeyId is not set in the handler options");if(!r)throw new g("secretAccessKey is not set in the handler options");if(!o)throw new g("region is not set in the handler options");if(!s)throw new g("functionName is not set in the handler options");let l=new bt({accessKeyId:t,secretAccessKey:r}),d=`https://lambda.${o}.amazonaws.com/2015-03-31/functions/${s}/invocations`;if(xa(`AWS Lambda URL: ${d}`),!a)return l.fetch(d,{body:await n.arrayBuffer()});let[p,m]=await Rl(n,{binaryMediaTypes:c}),{options:h}=e.route.handler,I;h&&typeof h=="object"&&"payloadFormatVersion"in h&&h.payloadFormatVersion==="2.0"?I=wl(n,e):I=await bl(n,e,{useAwsResourcePathStyle:u}),xa("Calling onSendingAwsLambdaEvent hook");let b=await gl(n,e,I);b.body=p,b.isBase64Encoded=m;let C=await l.fetch(d,{body:JSON.stringify(b)});try{return yl(C)}catch(L){if(L instanceof ve){let S=h&&typeof h=="object"&&"returnAmazonTraceIdHeader"in h&&h.returnAmazonTraceIdHeader&&L.traceId?{AMZN_TRACE_ID_HEADER:L.traceId}:void 0;return x.internalServerError(n,e,void 0,S)}throw L}}i(hl,"awsLambdaHandler");async function yl(n){let e;try{e=await n.json()}catch{throw new ve("Lambda response did not contain valid JSON",n.headers)}if(n.status!==200)throw e&&typeof e=="object"&&"message"in e&&typeof e.message=="string"?new ve(e.message,n.headers):new ve(`Status: ${n.statusText}`,n.headers);if(e&&typeof e=="object"&&"errorMessage"in e&&typeof e.errorMessage=="string")throw new ve(e.errorMessage,n.headers);if(!e||typeof e!="object"||!("statusCode"in e)||typeof e.statusCode!="number")return new Response(JSON.stringify(e),{status:n.status,headers:{"content-type":"application/json"}});let t=new Headers;if("headers"in e&&e.headers){if(typeof e.headers!="object")throw new ve(`Response headers must be an object. Received ${typeof e.headers}`,n.headers);for(let[o,s]of Object.entries(e.headers))t.set(o,s)}if("cookies"in e&&e.cookies){if(!Array.isArray(e.cookies))throw new ve(`Response cookies must be an array. Received ${typeof e.cookies}`,n.headers);t.set("cookie",e.cookies.join(";"))}let r;if("isBase64Encoded"in e&&typeof e.isBase64Encoded!="boolean")throw new ve(`Response property isBase64Encoded must be a boolean. Received ${typeof e.isBase64Encoded}`,n.headers);if("isBase64Encoded"in e&&e.isBase64Encoded===!0){if(!("body"in e))throw new ve("Response was set to base64 encoded but no body was set",n.headers);if(typeof e.body!="string")throw new ve("Response was set to base64 encoded but body was not a string",n.headers);r=Ia(e.body)}else"body"in e&&typeof e.body=="string"?r=e.statusCode===204&&e.body===""?null:e.body:"body"in e&&e.body!==null&&e.body!==void 0?r=JSON.stringify(e.body):r=null;if(r!==null&&"bodyEncoding"in e){if(typeof e.bodyEncoding!="string"||!(e.bodyEncoding==="gzip"||e.bodyEncoding==="deflate"))throw new ve(`Response property bodyEncoding can only be set to 'gzip' or 'deflate'. Received ${e.bodyEncoding}`,n.headers);let o=new Blob([r]).stream().pipeThrough(new DecompressionStream(e.bodyEncoding));r=await new Response(o).arrayBuffer()}return new Response(r,{headers:t,status:e.statusCode})}i(yl,"getResponse");async function bl(n,e,{useAwsResourcePathStyle:t}){let r={},o={};n.headers.forEach((l,d)=>{r[d]=l,o[d]=[l]});let s=n.query,a={};for(let[l,d]of Object.entries(s))a[l]=[d];let u=new URL(n.url);return{version:"1.0",resource:u.pathname,path:u.pathname,httpMethod:n.method,headers:r,multiValueHeaders:o,queryStringParameters:s,multiValueQueryStringParameters:a,requestContext:{accountId:null,apiId:null,authorizer:{claims:{},scopes:[]},domainName:u.hostname,domainPrefix:null,extendedRequestId:e.requestId,httpMethod:n.method,identity:{accessKey:null,accountId:null,caller:null,cognitoAuthenticationProvider:null,cognitoAuthenticationType:null,cognitoIdentityId:null,cognitoIdentityPoolId:null,principalOrgId:null,sourceIp:n.headers.get("CF-Connecting-IP"),user:null,userAgent:n.headers.get("user-agent"),userArn:null,clientCert:{clientCertPem:null,subjectDN:null,issuerDN:null,serialNumber:null,validity:{notBefore:null,notAfter:null}}},path:u.pathname,protocol:"HTTP/1.1",requestId:e.requestId,requestTime:Co(),requestTimeEpoch:new Date().valueOf(),resourceId:e.route.operationId??null,resourcePath:Il(e.route.path,t),stage:null},pathParameters:n.params,stageVariables:null}}i(bl,"buildEventVersion1");function wl(n,e){let t={};n.headers.forEach((s,a)=>{t[a]=s});let r=new URL(n.url);return{version:"2.0",routeKey:null,rawPath:r.pathname,rawQueryString:r.search,cookies:[],headers:t,queryStringParameters:n.query,requestContext:{accountId:null,apiId:null,authentication:{clientCert:{clientCertPem:null,subjectDN:null,issuerDN:null,serialNumber:null,validity:{notBefore:null,notAfter:null}}},authorizer:{jwt:{claims:{},scopes:[]}},domainName:r.hostname,domainPrefix:null,http:{method:n.method,path:r.pathname,protocol:"HTTP/1.1",sourceIp:n.headers.get("CF-Connecting-IP"),userAgent:n.headers.get("user-agent")},requestId:e.requestId,routeKey:null,stage:null,time:Co(),timeEpoch:new Date().valueOf()},pathParameters:n.params,stageVariables:null}}i(wl,"buildEventVersion2");async function Rl(n,{binaryMediaTypes:e}){let t,r=!1,o=n.headers.get("content-type");if(n.method==="GET"||n.method==="HEAD")t=null;else if(e&&o&&Pl(e,o)){let s=await n.arrayBuffer();t=Ea(new Uint8Array(s)),r=!0}else t=await n.clone().text();return[t,r]}i(Rl,"getBodyResult");function Pl(n,e){let t=e.split(";")[0].trim().toLowerCase();return n.findIndex(r=>r==="*/*"?!0:r.toLowerCase()===t)>-1}i(Pl,"matchesContentType");function Il(n,e=!1){if(!e)return n;let t=Eo(n),r=ba(n),o={};return t.forEach(s=>{typeof s=="string"?o[s]=`{${s}}`:o[s.name]=`{${s.name}}`}),r(o)}i(Il,"getResourcePath");var El=[502,503,504];async function Rt(n,e){if(El.includes(n.status)){let t=Q.getLogger(e),o=await n.clone().text(),s={};for(let[a,u]of n.headers)s[a]=u;t.warn(`BadGatewayResponse ${n.status}`,{status:n.status,statusText:n.statusText,body:o,headers:s})}}i(Rt,"logBadGatewayResponses");var So;function Ye(n){if(So===void 0){let t=y.instance.runtime.ZUPLO_HANDLER_WRITE_LOG_LEVEL;["debug","info","warn","error"].includes(t??"")||(t="debug"),So=t}return n.log[So]}i(Ye,"getHandlerUserLogFunction");async function xl(n,e){f("handler.open-api");let t=y.instance.build.BUILD_ID,{buildAssetsUrl:r}=y.instance,o=e.route.handler.options,{openApiFilePath:s}=o;if(!s)throw new g("Open API Spec Handler must have 'openApiFilePath' specified");let a=Tl(s);if(!a.isValid)throw new g(a.error);let u=`${r}/${t}${s.substring(1)}`,c=await z.fetch(u,{method:n.method,body:n.body,headers:n.headers});if(c.status!==200)return x.notFound(n,e,{detail:"OpenAPI file could not be found."});let l=new Response(c.body,{headers:{"content-type":"application/json","content-encoding":c.headers.get("content-encoding")||"",vary:"Accept-Encoding"},status:c.status,statusText:c.statusText});return Rt(l,e),l}i(xl,"openApiSpecHandler");var Tl=i(n=>n.startsWith("./")?n.startsWith("./config")?n.endsWith(".oas.json")?{isValid:!0}:{isValid:!1,error:"'openApiFilePath' must point to a file ending in '.oas.json'"}:{isValid:!1,error:"'openApiFilePath' must point to a file in your /config directory"}:{isValid:!1,error:"'openApiFilePath' must start with './'"},"validateOpenApiPath");async function vl(n,e){f("handler.redirect");let t=e.route.handler.options;if(!t.location)throw new g("Redirect Handler must have 'location' specified");let r=t.status??302;return new Response(null,{status:r,headers:{location:t.location}})}i(vl,"redirectHandler");async function Cl(n){if(f("handler.zuplo-service-proxy"),Object.entries(n.params).length!==1)throw new g("The service proxy handler only supports one wildcard path parameter. Change your url to something like '/service/{path}'");let e=new URL(n.params.path,y.instance.zuploEdgeApiUrl),t=new Headers(n.headers);return t.set("Authorization",`Bearer ${y.instance.authApiJWT}`),z.fetch(e,{method:n.method,headers:t,body:n.body})}i(Cl,"zuploServiceProxy");function Sl(n,e){let t=n.endsWith("/"),r=e.startsWith("/");return t&&r?`${n.substring(0,n.length-1)}${e}`:!t&&!r?`${n}/${e}`:`${n}${e}`}i(Sl,"join");async function Al(n,e){f("handler.url-forward");let t=Ye(e),r=e.route.handler.options,o=r.forwardSearch!==!1;if(r.followRedirects&&f("handler.url-forward.follow-redirects"),!r.baseUrl)throw new Error("URL Forward Handler must have 'baseUrl' specified");if(!r||typeof r.__rewriteFunction!="function")throw new g("Invalid options for this route");let s={incomingRequestProperties:e.incomingRequestProperties,requestId:e.requestId,route:e.route,custom:e.custom},a=new URL(n.url),u=r.__rewriteFunction(n,s),c=Sl(u,a.pathname),l=o?`${c}${a.search}`:c.toString(),d=Date.now();t(`URL Forwarding to '${l}'`);let p=await fetch(l,{method:n.method,body:n.body,headers:n.headers}),m=Date.now()-d;return t(`URL Forward received response ${p.status} - ${p.statusText} in ${m}ms`),Rt(p,e),p}i(Al,"urlForwardHandler");var Ol=i((n,e)=>{let t=new URL(n),r=new URL(e);for(let[o,s]of r.searchParams.entries())t.searchParams.append(o,s);return t.toString()},"addQuery");async function kl(n,e){f("handler.url-rewrite");let t=Ye(e),r=e.route.handler.options,o=r.forwardSearch!==!1,s=r.followRedirects??!1;if(!r||typeof r.__rewriteFunction!="function")throw new g("Invalid options for this route");let a={incomingRequestProperties:e.incomingRequestProperties,requestId:e.requestId,route:e.route,custom:e.custom},u=r.__rewriteFunction(n,a),c=o?Ol(u,n.url):u,l=Date.now();t(`URL Rewriting to '${c}'`);let d=await fetch(c.toString(),{method:n.method,body:n.body,headers:n.headers,redirect:s?"follow":"manual"}),p=Date.now()-l;return t(`URL Rewrite received response ${d.status} - ${d.statusText} in ${p}ms`),Rt(d,e),d}i(kl,"urlRewriteHandler");async function Ll(n,e){f("handler.websocket");let t=e.route.handler.options,r=Ye(e);if(!t||!t.rewritePattern)throw new g("WebSocket Handler must have option 'rewritePattern' specified");let o=n.headers.get("Upgrade");if(!o||o!=="websocket")return x.badRequest(n,e,{detail:"Request must include header 'Upgrade: websocket'"});if(!t||typeof t.__rewriteFunction!="function")throw new g("Invalid options for this route");let s={incomingRequestProperties:e.incomingRequestProperties,requestId:e.requestId,route:e.route,custom:e.custom},a=t.__rewriteFunction(n,s),u=Date.now();r(`Attempting WebSocket connection to '${a}'`),a=a.replace(/^(ws)/,"http");let c=await fetch(a,{method:n.method,headers:n.headers,body:n.body});if(c.status!==101||!c.webSocket){let d=await c.text(),p=`WebSocket connection error - ${c.status}: ${c.statusText}, content: '${d}'`;throw new Error(p)}let l=Date.now()-u;return r(`WebSocket connected, received response ${c.status} - ${c.statusText} in ${l}ms`),new Response(null,{status:101,webSocket:c.webSocket})}i(Ll,"webSocketHandler");var Ao=i((n,e)=>n.map((r,o)=>{let s;if(typeof r.module=="object"&&(s=r.module[r.export]),!s||typeof s!="function"){let a=e==="inbound"?"WebSocketInboundPolicy":"WebSocketOutboundPolicy",u=`policy in position: ${o+1}, export name: ${r.export}`;throw new g(`${a} - Websocket policy must be a valid function (${u})`)}return s}),"getWebSocketPolicyFunctions"),va=i(async(n,e,t,r,o,s)=>{let a=n.data;if(s&&s.length>0){let u=[...s];for(;u.length>0;){let c=u.shift();if(!c)return a;if(a=await c(a,t,e,r,o),a===void 0)return}}return a},"webSocketPolicyProcessor");function Ca(n,e,t,r,o){n.addEventListener("close",()=>{e.close()}),n.addEventListener("error",s=>{r.log.error("WebSocket error: ",s),e.send(JSON.stringify(s))}),n.addEventListener("message",s=>{try{let u=i(async c=>{let l=await va(c,n,e,t,r,o);l!==void 0&&e.send(l)},"innerPipeline")(s).catch(r.log.error);r.waitUntil(u)}catch(a){r.log.error(a)}})}i(Ca,"wireUpListeners");async function _l(n,e){f("handler.websocket-pipeline");let t=e.route.handler.options,r=Ye(e);if(!t||!t.rewritePattern)throw new g("WebSocket Pipeline Handler must have option 'rewritePattern' specified");let o=n.headers.get("Upgrade");if(!o||o!=="websocket")return x.badRequest(n,e,{detail:"Request must include header 'Upgrade: websocket'"});if(!t||typeof t.__rewriteFunction!="function")throw new g("Invalid options for this route");let s={incomingRequestProperties:e.incomingRequestProperties,requestId:e.requestId,route:e.route,custom:e.custom},a=t.__rewriteFunction(n,s),u=Date.now();r(`Attempting WebSocket connection to '${a}'`),a=a.replace(/^(ws)/,"http");let c=await fetch(a,{method:n.method,headers:n.headers,body:n.body});if(c.status!==101||!c.webSocket){let C=await c.text(),L=`WebSocket connection error - ${c.status}: ${c.statusText}, content: '${C}'`;throw new Error(L)}let l=new WebSocketPair,[d,p]=Object.values(l),m=Date.now()-u;r(`WebSocket connected, received response ${c.status} - ${c.statusText} in ${m}ms`);let h=c.webSocket;h.accept(),p.accept();let I=t.policies&&t.policies.inbound?Ao(t.policies.inbound,"inbound"):[],b=t.policies&&t.policies.outbound?Ao(t.policies.outbound,"outbound"):[];return Ca(p,h,n,e,I),Ca(h,p,n,e,b),new Response(null,{status:101,webSocket:d})}i(_l,"webSocketPipelineHandler");var Oo=class extends ye{constructor(t){super();this.options=t}static{i(this,"DynaTraceLoggingPlugin")}getTransport(){return new ko(this.options)}},ko=class{static{i(this,"DynaTraceTransport")}constructor(e){f("logging.dynatrace"),this.#e=e.url,this.#t=e.apiToken,this.#r=y.instance.loggingEnvironmentType,this.#o=y.instance.loggingEnvironmentStage,this.#n=y.instance.deploymentName,this.#i=e.fields??{}}#e;#t;#n;#r;#o;#i;log(e,t){e.messages.forEach(r=>{let o=Object.assign({timestamp:new Date().toISOString(),message:Ze(r),severity:e.level,"log.source":e.logSource,requestId:e.requestId,"custom.atomicCounter":e.vectorClock,"custom.environment":this.#n,"custom.environmentStage":this.#o,"custom.environmentType":this.#r,"custom.loggingId":e.loggingId,"custom.rayId":e.rayId===null?void 0:e.rayId},this.#i);this.batcher.enqueue(o)}),t.waitUntil(this.batcher.waitUntilFlushed())}#s=i(async e=>{if(e.length!==0)try{let t=await z.fetch(this.#e,{method:"POST",body:JSON.stringify(e),headers:{"content-type":"application/json; charset=utf-8",authorization:`Api-Token ${this.#t}`}});t.ok||await re({level:"error",messages:[`Failed to send logs to Dynatrace: ${t.status} - ${t.statusText}`]},t)}catch{await re({level:"error",messages:["Failed to connect to Dynatrace logging service. Check that the URL is correct."]})}},"#dispatchFunction");batcher=new X("dyna-trace-log-transport",10,this.#s)};var Lo=class extends ye{constructor(t){super();this.options=t}static{i(this,"LokiLoggingPlugin")}getTransport(){return new No(this.options)}},_o=class{static{i(this,"LokiStream")}constructor(e,t,r,o,s,a){this.level=e,this.environment=t,this.environmentType=r,this.environmentStage=o,this.requestId=a,this.job=s}job;level;environment;environmentType;environmentStage;requestId;equals=i(e=>this.level===e.level&&this.requestId===e.requestId,"equals")};function Nl(n,e){return btoa(`${n}:${e}`)}i(Nl,"createBasicDigest");var No=class{static{i(this,"LokiTransport")}constructor(e){f("logging.loki"),this.#n=e.url,this.#r=Nl(e.username,e.password),this.#i=y.instance.loggingEnvironmentType,this.#s=y.instance.loggingEnvironmentStage,this.#o=y.instance.deploymentName,this.#e=e.version??1,this.#t=e.job??"zuplo",this.#a=e.fields??{}}#e;#t;#n;#r;#o;#i;#s;#a;log(e,t){let r=new _o(e.level,this.#o,this.#i,this.#s,this.#t,this.#e===1?e.requestId:void 0);e.messages.forEach(o=>{let s=Object.assign({stream:r,requestId:e.requestId,rayId:e.rayId,atomicCounter:e.vectorClock,message:Ze(o),nanoSecondEpoch:`${e.timestamp.getTime()}000000`},this.#a);this.batcher.enqueue(s)}),t.waitUntil(this.batcher.waitUntilFlushed())}#u=i(e=>{let t={streams:[]};return e.forEach(r=>{let o=t.streams.find(s=>s.stream.equals(r.stream));o||(o={stream:r.stream,values:[]},t.streams.push(o)),o.values.push(this.#e>1?[r.nanoSecondEpoch,r.message,{requestId:r.requestId,rayId:r.rayId,atomicCounter:JSON.stringify(r.atomicCounter)}]:[r.nanoSecondEpoch,r.message])}),t},"#convertToLokiStreamsBatch");#c=i(async e=>{if(e.length===0)return;let t=this.#u(e);try{let r=await z.fetch(this.#n,{method:"POST",body:JSON.stringify(t),headers:{"content-type":"application/json",authorization:`Basic ${this.#r}`}});r.ok||await re({level:"error",messages:[`Failed to send logs to Loki: ${r.status} - ${r.statusText}`]},r)}catch{await re({level:"error",messages:["Failed to connect to Loki logging service. Check that the URL is correct."]})}},"#dispatchFunction");batcher=new X("loki-log-transport",10,this.#c)};var Do=class extends ye{constructor(t){super();this.options=t}static{i(this,"SumoLogicLoggingPlugin")}getTransport(){return new Mo(this.options)}},Mo=class{static{i(this,"SumoLogicTransport")}constructor(e){f("logging.sumologic"),this.#e=e.url,this.#o=e.category,this.#i=e.name,this.#n=y.instance.loggingEnvironmentType,this.#r=y.instance.loggingEnvironmentStage,this.#t=y.instance.deploymentName,this.#s=e.fields??{}}#e;#t;#n;#r;#o;#i;#s;log(e,t){e.messages.forEach(r=>{let o=Object.assign({timestamp:new Date().toISOString(),message:Ze(r),severity:e.level,source:e.logSource,requestId:e.requestId,environment:this.#t,environmentType:this.#n,environmentStage:this.#r,rayId:e.rayId===null?void 0:e.rayId},this.#s);this.batcher.enqueue(o)}),t.waitUntil(this.batcher.waitUntilFlushed())}#a=i(async e=>{if(e.length===0)return;let t=e.map(o=>JSON.stringify(o)).join(`
+`),r=new Headers({"content-type":"application/json; charset=utf-8"});this.#i&&r.set("X-Sumo-Name",this.#i),this.#o&&r.set("X-Sumo-Category",this.#o);try{let o=await z.fetch(this.#e,{method:"POST",body:t,headers:r});o.ok||await re({level:"error",messages:[`Failed to send logs to Sumologic: ${o.status} - ${o.statusText}`]},o)}catch{await re({level:"error",messages:["Failed to connect to Sumologic logging service. Check that the URL is correct."]})}},"#dispatchFunction");batcher=new X("sumo-logic-log-transport",10,this.#a)};var Dl="d3a5b78f823648f5b1df4fe269d41172",qo=class extends ye{constructor(t){super();this.options=t}static{i(this,"VMWareLogInsightLoggingPlugin")}getTransport(){return new Uo(this.options)}},Uo=class{static{i(this,"VMWareLogInsightTransport")}constructor(e){f("logging.vmware-loginsight");let t;try{t=new URL(e.url),t.pathname==="/"&&(t.pathname=`/api/v1/events/ingest/${e.agentId??Dl}`)}catch{throw new g(`Invalid option 'url' on 'VMWareLogInsightTransport' plugin. Must be a valid URL, received '${e.url}'`)}this.#e=t.toString(),this.#r=y.instance.loggingEnvironmentType,this.#o=y.instance.loggingEnvironmentStage,this.#n=y.instance.deploymentName,this.#i=e.onMessageSending,this.#t=e.textReplacements,e.fields&&(this.#s=Object.entries(e.fields).map(([r,o])=>({name:r,content:o})))}#e;#t;#n;#r;#o;#i;#s;log(e,t){let r=this.buildEntry(e,t);this.batcher.enqueue(r),t.waitUntil(this.batcher.waitUntilFlushed())}buildEntry(e,t){let r=ra(e.messages);this.#t?.forEach(s=>{r=r.replaceAll(s[0],s[1])});let o={timestamp:Date.now(),text:r,fields:[{name:"severity",content:e.level.toUpperCase()},{name:"request_id",content:e.requestId},{name:"environment_type",content:this.#r},{name:"environment_stage",content:this.#o},{name:"log_source",content:e.logSource},{name:"atomic_counter",content:e.vectorClock}]};return e.rayId&&o.fields.push({name:"request_ray_id",content:e.rayId}),this.#n&&o.fields.push({name:"environment",content:this.#n}),this.#s&&o.fields.push(...this.#s),t.custom&&Object.entries(t.custom).forEach(([s,a])=>{let u=co(a);u&&o.fields.push({name:s,content:u})}),this.#i&&(o=this.#i(o)),o}#a=i(async e=>{if(e.length!==0)try{let t=await z.fetch(this.#e,{method:"POST",body:JSON.stringify({events:e}),headers:{"content-type":"application/json; charset=utf-8"}});t.ok||await re({level:"error",messages:[`Failed to send logs to Log Insight: ${t.status} - ${t.statusText}`]},t)}catch{await re({level:"error",messages:["Failed to connect to Log Insight logging service. Check that the URL is correct."]})}},"#dispatchFunction");batcher=new X("vmware-log-insights-log-transport",10,this.#a)};var $o=class extends ye{constructor(t){super();this.options=t}static{i(this,"AWSLoggingPlugin")}getTransport(){return new Ho(this.options)}},Ho=class{static{i(this,"AWSLogTransport")}awsClient;environment;environmentType;environmentStage;logGroupName;logStreamName;region;fields;batcher=new X("aws-log-transport",10,async e=>{if(e.length===0)return;let t=JSON.stringify({logGroupName:this.logGroupName,logStreamName:this.logStreamName,logEvents:e});try{let r=await this.awsClient.fetch(`https://logs.${this.region}.amazonaws.com`,{headers:{"Content-Type":"application/x-amz-json-1.1","x-amz-Target":"Logs_20140328.PutLogEvents"},body:t,aws:{accessKeyId:this.awsClient.accessKeyId,secretAccessKey:this.awsClient.secretAccessKey,service:this.awsClient.service,region:this.awsClient.region}});r.ok||await re({level:"error",messages:[`Failed to send logs to AWS: ${r.status} - ${r.statusText}`]},r)}catch{await re({level:"error",messages:["Failed to connect to AWS logging service. Check that the URL is correct."]})}});constructor({accessKeyId:e,logStreamName:t,logGroupName:r,secretAccessKey:o,region:s,fields:a}){f("logging.aws"),this.awsClient=new bt({accessKeyId:e,secretAccessKey:o,service:"logs",region:s}),this.logGroupName=r,this.logStreamName=t,this.region=s,this.environmentType=y.instance.loggingEnvironmentType,this.environmentStage=y.instance.loggingEnvironmentStage,this.environment=y.instance.deploymentName,this.fields=a??{}}log(e,t){e.messages.forEach(r=>{let o={timestamp:new Date().getTime(),message:JSON.stringify(Object.assign({data:Ze(r),severity:e.level,source:e.logSource,environment:this.environment,atomicCounter:e.vectorClock,requestId:e.requestId,environmentType:this.environmentType,environmentStage:this.environmentStage,rayId:e.rayId===null?void 0:e.rayId},this.fields))};this.batcher.enqueue(o)}),t.waitUntil(this.batcher.waitUntilFlushed())}};var Zo=new WeakMap,Ml={tags:[]},Fo=class extends Ge{constructor(t){super();this.options=t;f("metrics.datadog")}static{i(this,"DataDogMetricsPlugin")}getTransport(){return new jo(this.options)}static setContext(t,r){let o=Zo.get(t);o||(o=Ml);let s=Object.assign({...o},r);Zo.set(t,s)}},jo=class{static{i(this,"DataDogMetricsTransport")}#e;#t;#n;#r;#o;#i=void 0;constructor(e){this.#e=e.apiKey,this.#t=e.url??"https://api.datadoghq.com/api/v2/series",this.#n=Object.assign({latency:!0,requestContentLength:!0,responseContentLength:!0},e.metrics),this.#o=e.include??{},this.#r=e.tags??[]}pushMetrics(e,t){this.#i===void 0&&(this.#i=new X("data-dog-metrics-transport",10,this.dispatchFunction,Q.getLogger(t)));let r=Math.floor(e.timestamp.getTime()/1e3),o=this.#r.concat(Zo.get(t)?.tags??[]);if(this.#o.country&&o.push(`country:${e.country}`),this.#o.httpMethod&&o.push(`httpMethod:${e.method}`),this.#o.statusCode&&o.push(`statusCode:${e.statusCode}`),this.#o.path){let s=e.systemRouteName||e.routePath;o.push(`path:${s}`)}this.#n.latency&&this.#i.enqueue({metric:"zuplo.request.latency",type:3,points:[{timestamp:r,value:e.durationMs}],tags:o}),this.#n.requestContentLength&&e.requestContentLength&&this.#i.enqueue({metric:"zuplo.request.content_length",type:3,points:[{timestamp:r,value:e.requestContentLength}],tags:o}),this.#n.responseContentLength&&e.responseContentLength&&this.#i.enqueue({metric:"zuplo.response.content_length",type:3,points:[{timestamp:r,value:e.responseContentLength}],tags:o}),t.waitUntil(this.#i.waitUntilFlushed())}dispatchFunction=i(async e=>{if(e.length!==0)try{let t=JSON.stringify({series:e}),r=await z.fetch(this.#t,{method:"POST",body:t,headers:{"content-type":"application/json","DD-API-KEY":this.#e}});r.ok||await re({level:"error",messages:["Failed to send metrics to DataDog."]},r)}catch{await re({level:"error",messages:["Failed to connect to DataDog metrics service. Check that the URL is correct."]})}},"dispatchFunction")};var zo=new WeakMap,ql={dimensions:[]},Bo=class extends Ge{constructor(t){super();this.options=t;f("metrics.dynatrace")}static{i(this,"DynatraceMetricsPlugin")}getTransport(){return new Go(this.options)}static setContext(t,r){let o=zo.get(t);o||(o=ql);let s=Object.assign({...o},r);zo.set(t,s)}},Go=class{static{i(this,"DynaTraceMetricsTransport")}apiToken;#e;#t;dimensions;#n;#r=void 0;constructor(e){this.apiToken=e.apiToken,this.#e=e.url,this.#t=Object.assign({latency:!0,requestContentLength:!0,responseContentLength:!0},e.metrics),this.#n=e.include??{},this.dimensions=e.dimensions??[]}pushMetrics(e,t){this.#r===void 0&&(this.#r=new X("dynatrace-metrics-transport",10,this.dispatchFunction,Q.getLogger(t)));let r=Math.floor(e.timestamp.getTime()),o=this.dimensions.concat(zo.get(t)?.dimensions??[]);if(this.#n.country&&o.push(`country="${e.country}"`),this.#n.httpMethod&&o.push(`http_method="${e.method}"`),this.#n.statusCode&&o.push(`status_code="${e.statusCode}"`),this.#n.path){let a=e.systemRouteName||e.routePath;o.push(`path="${a}"`)}let s=o.join(",");this.#t.latency&&this.#r.enqueue(`zuplo.request.latency,${s} ${e.durationMs} ${r}`),this.#t.requestContentLength&&e.requestContentLength&&this.#r.enqueue(`zuplo.request.content_length,${s} ${e.requestContentLength} ${r}`),this.#t.responseContentLength&&e.responseContentLength&&this.#r.enqueue(`zuplo.response.content_length,${s} ${e.responseContentLength} ${r}`),t.waitUntil(this.#r.waitUntilFlushed())}dispatchFunction=i(async e=>{if(e.length!==0)try{let t=e.join(`
+`),r=await z.fetch(this.#e,{method:"POST",body:t,headers:{"content-type":"text/plain",Authorization:`Api-Token ${this.apiToken}`}});r.ok||await re({level:"error",messages:["Failed to send metrics to Dynatrace."]},r)}catch{await re({level:"error",messages:["Failed to connect to Dynatrace metrics service. Check that the URL is correct."]})}},"dispatchFunction")};var Vo=class{static{i(this,"AuditLogDataStaxProvider")}constructor(e){this.#e=e,f("audit-logs.datastax")}#e;writeLogBatch=i(async e=>{await Promise.allSettled(e.map(async t=>{await z.fetch(this.#e.url,{method:"POST",headers:{"X-Cassandra-Token":this.#e.xCassandraToken,"content-type":"application/json"},body:JSON.stringify(t)})}))},"writeLogBatch")};var Wo=class extends me{static{i(this,"AuditLogPlugin")}constructor(e,t){super(),this.#e=e,this.#t=t,f("audit-logs")}#e;#t;async initialize(e){new Jo(e,this.#e,this.#t)}},Sa=i(n=>{let e={};return n.forEach((t,r)=>{e[r]=t}),e},"serializableHeaders"),Ul={requestFilter:i(async()=>!0,"requestFilter"),include:{request:{headers:!0,body:!0},response:{headers:!0,body:!0}}},Jo=class{static{i(this,"AuditPluginImpl")}constructor(e,t,r){this.#t=t;let o={...Ul};r?.requestFilter&&(o.requestFilter=r.requestFilter),r?.include?.request&&Object.assign(o,r.include.request),r?.include?.response&&Object.assign(o,r.include.response),this.#e=o,e.addRequestHook(this.#i),this.#n=new X("audit-log",10,this.#r)}#e;#t;#n;#r=i(async e=>{await this.#t.writeLogBatch(e)},"#dispatch");#o=i(async(e,t,r,o,s,a)=>{try{let u={timestamp:o,durationMs:s,routePath:r.route.path,requestId:r.requestId,userSub:a,request:{url:t.url,method:t.method,headers:this.#e.include?.request?.headers?Sa(t.headers):void 0,body:this.#e.include?.request?.body?await t.text():void 0},response:{status:e.status,statusText:e.statusText,headers:this.#e.include?.response?.headers?Sa(e.headers):void 0,body:this.#e.include?.response?.body?await e.text():void 0}};this.#n.enqueue(u),r.waitUntil(this.#n.waitUntilFlushed())}catch(u){r.log.error(u)}},"#asyncPrepLogs");#i=i(async(e,t)=>{try{if(!await this.#e.requestFilter(e,t))return e;let o=new Date,s=Date.now(),a=e.clone();return t.addResponseSendingFinalHook(async(u,c)=>{let l=Date.now(),d=u.clone(),p=this.#o(d,a,t,o,l-s,c.user?.sub).catch(m=>{t.log.error(m)});t.waitUntil(p)}),e}catch(r){return t.log.error(r),e}},"#auditHook")};var at={None:0,Base64Encode:1},Ko={None:0,JsonEscape:1},rn=class{constructor(e,t=at.None){this.stream=e;this.flags=t;this.placeholder=`__STREAM_TOKEN_${crypto.randomUUID()}__`}static{i(this,"StreamToken")}placeholder;getRawStream(){return this.stream}getFlags(){return this.flags}getSafeToken(){return this.placeholder}async getContent(){if(!this.stream)return null;let e=this.stream.getReader(),t=[];try{for(;;){let{done:u,value:c}=await e.read();if(u)break;t.push(c)}}finally{e.releaseLock()}let r=t.reduce((u,c)=>u+c.length,0),o=new Uint8Array(r),s=0;for(let u of t)o.set(u,s),s+=u.length;let a=new TextDecoder().decode(o);return this.flags&at.Base64Encode&&(a=btoa(a)),a}},Jn=class{static{i(this,"StreamBuilder")}template;tokens;flags;constructor(e){this.template=e.template,this.tokens=e.tokens,this.flags=e.flags}escapeJsonString(e){return e.replace(/[\\\"\n\r\t\f\b]/g,t=>{switch(t){case"\\":return"\\\\";case'"':return'\\"';case`
+`:return"\\n";case"\r":return"\\r";case"	":return"\\t";case"\f":return"\\f";case"\b":return"\\b";default:return t}})}async toString(){let t=this.getStream().getReader(),r=new TextDecoder,o="";for(;;){let{done:s,value:a}=await t.read();if(s)break;o+=r.decode(a,{stream:!0})}return o+=r.decode(),o}getStream(){let e=this.template,t=this.flags,r=new TextEncoder,o=new Map;for(let m of this.tokens)o.set(m.getSafeToken(),m);let s=/"(__STREAM_TOKEN_[^"]+__)"|(__STREAM_TOKEN_[^"]+__)/g,a=[],u=0,c;for(;(c=s.exec(e))!==null;){if(c.index>u&&a.push({type:"literal",value:e.substring(u,c.index)}),c[1]){let m=o.get(c[1]);m?a.push({type:"token",token:m,isQuoted:!0}):a.push({type:"literal",value:c[0]})}else if(c[2]){let m=o.get(c[2]);m?a.push({type:"token",token:m,isQuoted:!1}):a.push({type:"literal",value:c[0]})}u=s.lastIndex}u<e.length&&a.push({type:"literal",value:e.substring(u)});function l(){let m="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",h=new Uint8Array(0);return new TransformStream({transform(I,b){let C=new Uint8Array(h.length+I.length);C.set(h),C.set(I,h.length);let L=C.length%3,S=C.length-L;if(S>0){let H=C.subarray(0,S),Z="";for(let q=0;q<H.length;q+=3){let A=H[q],$=H[q+1],V=H[q+2],F=A<<16|$<<8|V;Z+=m[F>>18&63],Z+=m[F>>12&63],Z+=m[F>>6&63],Z+=m[F&63]}b.enqueue(Z)}h=C.subarray(C.length-L)},flush(I){if(h.length>0){let b=h[0],C=h.length>1?h[1]:0,L=b<<16|C<<8,S="";S+=m[L>>18&63],S+=m[L>>12&63],S+=h.length===2?m[L>>6&63]:"=",S+="=",I.enqueue(S)}}})}i(l,"createBase64EncodeTransformStream");function d(){return new TransformStream({transform(m,h){let I=m.replace(/[\\\"\n\r\t\f\b]/g,b=>{switch(b){case"\\":return"\\\\";case'"':return'\\"';case`
+`:return"\\n";case"\r":return"\\r";case"	":return"\\t";case"\f":return"\\f";case"\b":return"\\b";default:return b}});h.enqueue(I)}})}i(d,"createJsonEscapeTransformStream");async function*p(){for(let m of a)if(m.type==="literal")yield r.encode(m.value);else{let h=m.token,I=h.getRawStream();if(!I){yield r.encode(m.isQuoted?"null":"");continue}let b;h.getFlags()&at.Base64Encode?b=I.pipeThrough(l()):b=I.pipeThrough(new TextDecoderStream),!(h.getFlags()&at.Base64Encode)&&t&Ko.JsonEscape&&(b=b.pipeThrough(d())),m.isQuoted&&(yield r.encode('"'));let C="";try{let L=b.getReader(),S=await L.read();if(S.done)throw new Error("Token stream already exhausted.");for(C+=S.value;;){let{done:H,value:Z}=await L.read();if(H)break;C+=Z}}catch(L){C=`Error: reading stream failed - ${L instanceof Error?L.message:String(L)}`}yield r.encode(C),m.isQuoted&&(yield r.encode('"'))}}return i(p,"generateChunks"),new ReadableStream({async start(m){for await(let h of p())m.enqueue(h);m.close()}})}};function Kn(n,e,t){return new Promise((r,o)=>{let s=setTimeout(()=>{o(new Error(t||`Operation timed out after ${e} second(s)`))},e*1e3);n.then(a=>{clearTimeout(s),r(a)}).catch(a=>{clearTimeout(s),o(a)})})}i(Kn,"withTimeout");async function $l(n,e,t,r){let o;for(let s=0;s<t;s++)try{let a=fetch(n,e),u=r?await Kn(a,r,"Fetch timed out"):await a;if(u.ok)return u;o=new Error(`Fetch returned status ${u.status}`)}catch(a){o=a}throw o||new Error("Fetch failed without a response.")}i($l,"fetchWithRetry");async function Hl(n,e,t,r,o){let s;for(let a=0;a<r;a++)try{let u=new Headers(e.headers||{});u.set("Authorization",`Bearer ${t}`);let c={...e,headers:u},l=fetch(n,c),d=o?await Kn(l,o,"Fetch timed out"):await l;if(d.status===401||d.ok)return d;s=new Error(`Fetch returned status ${d.status}`)}catch(u){s=u}throw s||new Error("Fetch with token failed without a response.")}i(Hl,"fetchWithToken");async function on(n,e={}){let{retries:t=3,timeoutSeconds:r,auth:o,...s}=e;if(!o)return await $l(n,s,t,r);let a=o.retries??3,u=o.timeoutSeconds,c;for(let l=0;l<a;l++)try{let d=o.callback();if(c=u?await Kn(d,u,"Auth token acquisition timed out"):await d,c)break}catch(d){if(l===a-1)throw d}if(!c)throw new Error("Failed to acquire token after maximum retries.");for(let l=0;l<a;l++){let d=await Hl(n,s,c,t,r);if(d.status!==401)return d;for(let p=0;p<a;p++)try{let m=o.callback();if(c=u?await Kn(m,u,"Auth token acquisition timed out"):await m,c)break}catch(m){if(p===a-1)throw m}if(!c)throw new Error("Failed to refresh token after receiving a 401.")}throw new Error("Authentication failed after maximum token retries.")}i(on,"supafetch");function Aa(n){try{let e=n.split(".")[1],t=Buffer.from(e,"base64").toString("utf8");return JSON.parse(t)}catch{return null}}i(Aa,"decodeJWT");function Oa(n,e,t){if(n.IP&&t&&n.IP[t])return{blocked:!0,id:n.IP[t],source:`IP/${t}`};if(n.Header)for(let[r,o]of Object.entries(n.Header)){let s=e.headers.get(r);if(s){if(o.RAW&&o.RAW[s])return{blocked:!0,id:o.RAW[s],source:`Header/${r}/RAW/${s}`};if(o.JWT){let a=s;if(r.toLowerCase()==="authorization"){let c=s.split(" ");c.length===2&&c[0].toLowerCase()==="bearer"&&(a=c[1])}let u=Aa(a);if(u){for(let[c,l]of Object.entries(o.JWT))if(u[c]&&l[u[c]])return{blocked:!0,id:l[u[c]],source:`Header/${r}/JWT/${c}/${u[c]}`}}}if(r.toLowerCase()==="cookie"&&o.COOKIE){let a=s.split(";").reduce((u,c)=>{let[l,d]=c.trim().split("=");return u[l]=d,u},{});for(let[u,c]of Object.entries(o.COOKIE))if(a[u]&&c[a[u]])return{blocked:!0,id:c[a[u]],source:`Header/Cookie/${u}/${a[u]}`}}}}if(n.Query){let r=new URL(e.url);for(let[o,s]of Object.entries(n.Query)){let a=r.searchParams.get(o);if(a){if(s.RAW&&s.RAW[a])return{blocked:!0,id:s.RAW[a],source:`Query/${o}/RAW/${a}`};if(s.JWT){let u=Aa(a);if(u){for(let[c,l]of Object.entries(s.JWT))if(u[c]&&l[u[c]])return{blocked:!0,id:l[u[c]],source:`Query/${o}/JWT/${c}/${u[c]}`}}}}}}return{blocked:!1}}i(Oa,"checkRequest");var Zl=1048576;function ka(n,e){if(!n.body||n.body===null)return!1;let t=n.headers.get("content-length");return!(t&&Number(t)>Zl||(n.headers.get("content-type")??"").includes("stream")||e!=null&&e===101)}i(ka,"shouldGatherBody");var Fl="unused",Qo={type:63,version:"3.0.1"},La,jl="plugin.akamai-api-security-plugin",Yo=class extends me{static{i(this,"AkamaiApiSecurityPlugin")}constructor(e){super(),this.#n=e,f(jl)}async initialize(e){e.addRequestHook(async(t,r)=>{if(La=r,this.#n.enableProtection===!0)try{let u=await this.#t.get(Fl);this.#n.debug&&r.log.debug("AkamaiApiSecurityPlugin: Loaded ProtectionResponse",u);let c=Oa(u,t);if(c.blocked===!0)return r.log.debug(`AkamaiApiSecurityPlugin: Request Blocked by rule '${c.source}':'${c.id}'`),x.forbidden(t,r,{detail:"Access to this resource has been forbidden"})}catch(u){r.log.error(`AkamaiApiSecurityPlugin: Error loading ProtectionResponse '${u.message}'`)}if(this.#n.shouldLog&&!await this.#n.shouldLog(t,r))return t;let o=Date.now(),s;return ka(t)&&(s=t.clone()),r.addResponseSendingFinalHook(async(u,c,l)=>{let d=null;if(s!==void 0&&s.body!==null){let m=await s.arrayBuffer(),h=new Uint8Array(m);d=new ReadableStream({start(I){I.enqueue(h),I.close()}})}let p=null;ka(u)&&(p=u.clone().body),this.#r(d,p,c,u,l,o)}),t})}#e=i(async()=>{let e=await on(`https://${this.#n.hostname}/integrations-adapter/get-prevention-rules?source-index=${this.#n.index}&source-key=${this.#n.key}&source-type=${Qo.type}`);if(e.status!==200)throw new Error(`Unexpected response from protection endpoint ${e.status}: ${await e.text()}`);let t=await e.text();try{return JSON.parse(t)}catch(r){throw new Error(`Error parsing response from protection endpoint '${r}' in '${t}'`)}},"#protectionFetch");#t=new sn(this.#e,{ttlSeconds:60,loaderTimeoutSeconds:60});#n;#r=i(async(e,t,r,o,s,a)=>{let u=new rn(e,at.Base64Encode),c=new rn(t,at.Base64Encode),l=await this.#o(o,r,c,u,s,a),p=new Jn({template:JSON.stringify(l),tokens:[u,c],flags:Ko.JsonEscape}).getStream(),m;this.#n.debug&&([,m]=p.tee());let h=await on(`https://${this.#n.hostname}/engine?structure=base64-payload`,{method:"POST",headers:{"content-type":"application/json"},body:p,retries:1});this.#n.debug&&La.log.debug({message:"AkamaiApiSecurityPlugin: Dispatched entry",status:h.status,requestBody:m,responseText:await h.text()})},"#finalizeDispatch");#o=i(async(e,t,r,o,s,a)=>{let u=new URL(t.url),c=t.headers.get("true-client-ip")??"";return{ip:{v:Bl(c),src:c},tcp:{dst:zl(u)},http:{request:{ts:a,method:t.method,url:u.pathname,headers:Object.fromEntries(t.headers.entries()),body:o.getSafeToken()},response:{ts:Date.now(),status:e.status,headers:Object.fromEntries(e.headers.entries()),body:r.getSafeToken()}},source:{type:Qo.type,index:this.#n.index,version:Qo.version,key:this.#n.key,resource:{type:"ZUPLO",properties:{account:fe.ZUPLO_ACCOUNT_NAME??"",project:fe.ZUPLO_PROJECT_NAME??"",environment:fe.ZUPLO_ENVIRONMENT_NAME??"",route:s.route.path}}}}},"#generateStreamTemplate")};function zl(n){return n.port?parseInt(n.port):n.protocol==="https:"?443:80}i(zl,"guessPort");function Bl(n){return n.includes("::")||(n.match(/:/g)||[]).length>1?"6":"4"}i(Bl,"detectIPVersion");var an=class{static{i(this,"BackgroundDispatcher")}#e;constructor(e,t){if(!t||t.msDelay===void 0)throw new g("BackgroundDispatcher: options.msDelay is required");this.#e=new X(t.name??"",t.msDelay,e)}enqueue=i(e=>{this.#e.enqueue(e),Ke().waitUntil(this.#e.waitUntilFlushed())},"enqueue")};var Xo,Me=class{static{i(this,"RequestLoggerCore")}constructor(e,t){let o=(e.batchPeriodSeconds??.01)*1e3;this.#n=new an(this.#t,{msDelay:o}),this.#e=e,this.initialize(t)}initialize(e){e.addRequestHook((t,r)=>{Xo=r;let o=Date.now();return r.addResponseSendingFinalHook(async s=>{let a={deploymentName:y.instance.deploymentName??"",instanceId:y.instance.instanceId,systemUserAgent:y.instance.systemUserAgent,requestStartTime:new Date(o),durationMs:Date.now()-o},u=await this.#e.generateLogEntry(s,t,r,a);this.#n.enqueue(u)}),t})}#e;#t=i(async e=>{if(e.length!==0)try{await this.#e.dispatchFunction(e)}catch(t){Gl(t,this.#e.name)}},"#dispatch");#n};function Gl(n,e){if(!Xo){let r=Ke(),o=re({level:"error",messages:[`RequestLoggerCore '${e}': No context available to log user errors`]});r.waitUntil(o);return}let t;n instanceof Error?t={message:n.message,status:-1,details:n.stack??""}:t=n,Xo.log.error(`RequestLoggerCore '${e}': Error dispatching log entries.`,t)}i(Gl,"logError");var _a="plugin.azure-blob-request-logger",Vl=i(()=>`${new Date().toISOString().replace(/[:-]/g,"-").replace("T","-").split(".")[0]}-${y.instance.instanceId}.csv`,"defaultGenerateBlobName"),Na,ti=class extends me{static{i(this,"AzureBlobPlugin")}constructor(e){super(),this.#e=e,f(_a)}async initialize(e){new Me({name:_a,generateLogEntry:this.#e.generateLogEntry,batchPeriodSeconds:this.#e.batchPeriodSeconds,dispatchFunction:this.#t},e)}#e;#t=i(async e=>{if(e.length===0)return;let t=Wl(e[0]),r=Kl(e,t),s=(this.#e.generateBlobName??Vl)(e);await Ql(r,this.#e,s)},"#dispatch")};function Wl(n){return Object.keys(n)}i(Wl,"getHeaders");function Jl(n){if(n==null)return"";let e=String(n);return(e.includes('"')||e.includes(",")||e.includes(`
+`)||e.includes("\r"))&&(e=e.replace(/"/g,'""'),e=`"${e}"`),e}i(Jl,"escapeCsvValue");function Kl(n,e){let t=[];t.push(e.join(","));for(let r of n){let o=[];for(let s of e){let a=r[s];o.push(Jl(a))}t.push(o.join(","))}return t.join(`
+`)}i(Kl,"generateCsvContent");async function Ql(n,e,t){let{sasUrl:r}=e,o=r.split("?"),s=`${o[0]}/${t}?${o[1]}`;try{let a=await z.fetch(s,{method:"PUT",headers:{"x-ms-blob-type":"BlockBlob","Content-Type":"text/csv"},body:n});a.ok||(ei({message:a.statusText,status:a.status,details:await a.text()}),ei({message:a.statusText,status:a.status,details:await a.text()}))}catch(a){ei(a)}}i(Ql,"uploadToAzureBlobStorage");function ei(n){if(!Na){let t=Ke(),r=re({level:"error",messages:["AzureBlobCsvPlugin: No context available to log user errors"]});t.waitUntil(r);return}let e;n instanceof Error?e={message:n.message,status:-1,details:n.stack??""}:e=n,Na.log.error("AzureBlobCsvPlugin: Error uploading to Azure Blob Storage",e)}i(ei,"logError");var Da="plugin.azure-event-hubs-request-logger",Yl=60*60,Xl=5*60;function Ma(){return Math.floor(Date.now()/1e3)}i(Ma,"nowEpochSeconds");var ni=class extends me{static{i(this,"AzureEventHubsRequestLoggerPlugin")}#e;#t;#n=null;constructor(e){super(),this.#e=e,this.#t=this.#r(e.connectionString),f(Da)}#r(e){let t=e.split(";"),r=new Map;for(let s of t){let[a,...u]=s.split("=");a&&u.length>0&&r.set(a,u.join("="))}return{endpoint:r.get("Endpoint")||"",sharedAccessKeyName:r.get("SharedAccessKeyName")||"",sharedAccessKey:r.get("SharedAccessKey")||"",entityPath:r.get("EntityPath")||""}}async#o(e,t,r){let o=new TextEncoder,s=e.replace(/^https?:\/\//,""),a=encodeURIComponent(s),c=Ma()+Yl,l=`${a}
+${c}`,d={name:"HMAC",hash:{name:"SHA-256"}},p=await crypto.subtle.importKey("raw",o.encode(r),d,!1,["sign"]),m=await crypto.subtle.sign("HMAC",p,o.encode(l)),h=new Uint8Array(m),I=btoa(String.fromCharCode(...h)),b=encodeURIComponent(I);return{token:`SharedAccessSignature sr=${a}&sig=${b}&se=${c}&skn=${t}`,expiryEpochSeconds:c}}async#i(){let e=Ma();if(this.#n&&e<this.#n.expiryEpochSeconds-Xl)return this.#n.token;let t=this.#t.entityPath?this.#t.entityPath:(this.#e.eventHubName??"").trim();if(!t)throw new Error("No entity path - either set EntityPath in the connection string or supply eventHubName");let o=`${this.#t.endpoint.replace(/\/$/,"").toLowerCase()}/${t}`,s=await this.#o(o,this.#t.sharedAccessKeyName,this.#t.sharedAccessKey);return this.#n=s,s.token}async initialize(e){new Me({name:Da,generateLogEntry:this.#e.generateLogEntry,batchPeriodSeconds:this.#e.batchPeriodSeconds,dispatchFunction:this.#s},e)}#s=i(async e=>{if(e.length===0)return;let t=this.#t.entityPath?this.#t.entityPath:(this.#e.eventHubName??"").trim(),o=`https://${this.#t.endpoint.replace(/\/$/,"").replace(/^sb:\/\//,"")}/${t}/messages?timeout=60`,s=await this.#i(),a=await fetch(o,{method:"POST",headers:{Authorization:s,"Content-Type":"application/json"},body:JSON.stringify(e)});if(!a.ok)throw new Error(`AzureEventHubsRequestLoggerPlugin: Failed to send logs to ${o}
 Status: ${a.status} - ${a.statusText}
-Body: ${await a.text()}`)},"#dispatch")};var Yl=i(async(n,e,t,r)=>({deploymentName:r.deploymentName,timestamp:r.requestStartTime.toISOString(),requestId:t.requestId,routePath:t.route.path,url:e.url,colo:t.incomingRequestProperties.colo,city:t.incomingRequestProperties.city,country:t.incomingRequestProperties.country,continent:t.incomingRequestProperties.continent,latitude:t.incomingRequestProperties.latitude,longitude:t.incomingRequestProperties.longitude,postalCode:t.incomingRequestProperties.postalCode,metroCode:t.incomingRequestProperties.metroCode,region:t.incomingRequestProperties.region,regionCode:t.incomingRequestProperties.regionCode,timezone:t.incomingRequestProperties.timezone,asn:t.incomingRequestProperties.asn?.toString(),asOrganization:t.incomingRequestProperties.asOrganization,statusCode:n.status,durationMs:r.durationMs,method:e.method,userSub:e.user?.sub,instanceId:r.instanceId,clientIP:e.headers.get("true-client-ip")??void 0,zuploUserAgent:r.systemUserAgent}),"defaultGenerateHydrolixEntry"),Da="plugin.hydrolix-request-logger",ri=class extends me{static{i(this,"HydrolixRequestLoggerPlugin")}constructor(e){super(),e.batchPeriodSeconds||(e.batchPeriodSeconds=1),this.#e=e,f(Da)}async initialize(e){new Me({name:Da,generateLogEntry:this.#e.generateLogEntry,batchPeriodSeconds:this.#e.batchPeriodSeconds,dispatchFunction:this.#t},e)}#e;#t=i(async e=>{if(e.length===0)return;let t={"x-hdx-table":this.#e.table,"x-hdx-transform":this.#e.transform,"content-type":"application/json"};this.#e.token&&(t["x-hdx-token"]=this.#e.token,t.authorization=`Basic ${btoa(`${this.#e.username}:${this.#e.password}`)}`),await on(`https://${this.#e.hostname}/ingest/event`,{method:"POST",headers:t,body:JSON.stringify(e),retries:1})},"#dispatch")};var Xl="plugin.request-logger",oi=class extends me{static{i(this,"RequestLoggerPlugin")}constructor(e){super(),this.#e=e,f(Xl)}async initialize(e){new Me(this.#e,e)}#e};var ii=class extends Error{static{i(this,"StripeError")}message;type;raw;rawType;headers;requestId;code;doc_url;param;detail;statusCode;charge;decline_code;payment_method_type;payment_intent;payment_method;setup_intent;source;constructor(e={}){super(e.message),this.type=this.constructor.name,this.raw=e,this.rawType=e.type,this.code=e.code,this.doc_url=e.doc_url,this.param=e.param,this.detail=e.detail,this.headers=e.headers,this.requestId=e.requestId,this.statusCode=e.statusCode,this.message=e.message,this.charge=e.charge,this.decline_code=e.decline_code,this.payment_intent=e.payment_intent,this.payment_method=e.payment_method,this.payment_method_type=e.payment_method_type,this.setup_intent=e.setup_intent,this.source=e.source}},qe=class extends ii{static{i(this,"StripeSignatureVerificationError")}header;payload;constructor(e,t,r={}){super(r),this.header=e,this.payload=t}};var ed="v1",td=300;async function Ma(n,e,t,r=td,o){return await rd(n,e,t,r,o),n instanceof Uint8Array?JSON.parse(new TextDecoder("utf8").decode(n)):JSON.parse(n)}i(Ma,"constructEventAsync");function nd(n,e){return`${e.timestamp}.${n}`}i(nd,"makeHMACContent");async function rd(n,e,t,r,o){let{decodedHeader:s,decodedPayload:a,details:u,suspectPayloadType:c}=od(n,e,ed),l=/\s/.test(t),d=await ud(nd(a,u),t);return id(a,s,u,d,r,c,l,o)}i(rd,"verifyHeaderAsync");function od(n,e,t){if(!n)throw new qe(e,n,{message:"No webhook payload was provided."});let r=typeof n!="string"&&!(n instanceof Uint8Array),o=new TextDecoder("utf8"),s=n instanceof Uint8Array?o.decode(n):n;if(Array.isArray(e))throw new Error("Unexpected: An array was passed as a header, which should not be possible for the stripe-signature header.");if(e==null||e=="")throw new qe(e,n,{message:"No stripe-signature header value was provided."});let a=e instanceof Uint8Array?o.decode(e):e,u=sd(a,t);if(!u||u.timestamp===-1)throw new qe(a,s,{message:"Unable to extract timestamp and signatures from header"});if(!u.signatures.length)throw new qe(a,s,{message:"No signatures found with expected scheme"});return{decodedPayload:s,decodedHeader:a,details:u,suspectPayloadType:r}}i(od,"parseEventDetails");function id(n,e,t,r,o,s,a,u){let c=!!t.signatures.filter(m=>ad(m,r)).length,l=`
+Body: ${await a.text()}`)},"#dispatch")};var ed=i(async(n,e,t,r)=>({deploymentName:r.deploymentName,timestamp:r.requestStartTime.toISOString(),requestId:t.requestId,routePath:t.route.path,url:e.url,colo:t.incomingRequestProperties.colo,city:t.incomingRequestProperties.city,country:t.incomingRequestProperties.country,continent:t.incomingRequestProperties.continent,latitude:t.incomingRequestProperties.latitude,longitude:t.incomingRequestProperties.longitude,postalCode:t.incomingRequestProperties.postalCode,metroCode:t.incomingRequestProperties.metroCode,region:t.incomingRequestProperties.region,regionCode:t.incomingRequestProperties.regionCode,timezone:t.incomingRequestProperties.timezone,asn:t.incomingRequestProperties.asn?.toString(),asOrganization:t.incomingRequestProperties.asOrganization,statusCode:n.status,durationMs:r.durationMs,method:e.method,userSub:e.user?.sub,instanceId:r.instanceId,clientIP:e.headers.get("true-client-ip")??void 0,zuploUserAgent:r.systemUserAgent}),"defaultGenerateHydrolixEntry"),qa="plugin.hydrolix-request-logger",ri=class extends me{static{i(this,"HydrolixRequestLoggerPlugin")}constructor(e){super(),e.batchPeriodSeconds||(e.batchPeriodSeconds=1),this.#e=e,f(qa)}async initialize(e){new Me({name:qa,generateLogEntry:this.#e.generateLogEntry,batchPeriodSeconds:this.#e.batchPeriodSeconds,dispatchFunction:this.#t},e)}#e;#t=i(async e=>{if(e.length===0)return;let t={"x-hdx-table":this.#e.table,"x-hdx-transform":this.#e.transform,"content-type":"application/json"};this.#e.token&&(t["x-hdx-token"]=this.#e.token,t.authorization=`Basic ${btoa(`${this.#e.username}:${this.#e.password}`)}`),await on(`https://${this.#e.hostname}/ingest/event`,{method:"POST",headers:t,body:JSON.stringify(e),retries:1})},"#dispatch")};var td="plugin.request-logger",oi=class extends me{static{i(this,"RequestLoggerPlugin")}constructor(e){super(),this.#e=e,f(td)}async initialize(e){new Me(this.#e,e)}#e};var ii=class extends Error{static{i(this,"StripeError")}message;type;raw;rawType;headers;requestId;code;doc_url;param;detail;statusCode;charge;decline_code;payment_method_type;payment_intent;payment_method;setup_intent;source;constructor(e={}){super(e.message),this.type=this.constructor.name,this.raw=e,this.rawType=e.type,this.code=e.code,this.doc_url=e.doc_url,this.param=e.param,this.detail=e.detail,this.headers=e.headers,this.requestId=e.requestId,this.statusCode=e.statusCode,this.message=e.message,this.charge=e.charge,this.decline_code=e.decline_code,this.payment_intent=e.payment_intent,this.payment_method=e.payment_method,this.payment_method_type=e.payment_method_type,this.setup_intent=e.setup_intent,this.source=e.source}},qe=class extends ii{static{i(this,"StripeSignatureVerificationError")}header;payload;constructor(e,t,r={}){super(r),this.header=e,this.payload=t}};var nd="v1",rd=300;async function Ua(n,e,t,r=rd,o){return await id(n,e,t,r,o),n instanceof Uint8Array?JSON.parse(new TextDecoder("utf8").decode(n)):JSON.parse(n)}i(Ua,"constructEventAsync");function od(n,e){return`${e.timestamp}.${n}`}i(od,"makeHMACContent");async function id(n,e,t,r,o){let{decodedHeader:s,decodedPayload:a,details:u,suspectPayloadType:c}=sd(n,e,nd),l=/\s/.test(t),d=await ld(od(a,u),t);return ad(a,s,u,d,r,c,l,o)}i(id,"verifyHeaderAsync");function sd(n,e,t){if(!n)throw new qe(e,n,{message:"No webhook payload was provided."});let r=typeof n!="string"&&!(n instanceof Uint8Array),o=new TextDecoder("utf8"),s=n instanceof Uint8Array?o.decode(n):n;if(Array.isArray(e))throw new Error("Unexpected: An array was passed as a header, which should not be possible for the stripe-signature header.");if(e==null||e=="")throw new qe(e,n,{message:"No stripe-signature header value was provided."});let a=e instanceof Uint8Array?o.decode(e):e,u=ud(a,t);if(!u||u.timestamp===-1)throw new qe(a,s,{message:"Unable to extract timestamp and signatures from header"});if(!u.signatures.length)throw new qe(a,s,{message:"No signatures found with expected scheme"});return{decodedPayload:s,decodedHeader:a,details:u,suspectPayloadType:r}}i(sd,"parseEventDetails");function ad(n,e,t,r,o,s,a,u){let c=!!t.signatures.filter(m=>cd(m,r)).length,l=`
 Learn more about webhook signing and explore webhook integration examples for various frameworks at https://github.com/stripe/stripe-node#webhook-signing`,d=a?`
 Note: The provided signing secret contains whitespace. This often indicates an extra newline or space is in the value`:"";if(!c)throw s?new qe(e,n,{message:`Webhook payload must be provided as a string or a Buffer (https://nodejs.org/api/buffer.html) instance representing the _raw_ request body.Payload was provided as a parsed JavaScript object instead.
@@ -84,11 +84,11 @@ Signature verification is impossible without access to the original signed mater
 `+d}):new qe(e,n,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
  If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
 `+l+`
-`+d});let p=Math.floor((typeof u=="number"?u:Date.now())/1e3)-t.timestamp;if(o>0&&p>o)throw new qe(e,n,{message:"Timestamp outside the tolerance zone"});return!0}i(id,"validateComputedSignature");function sd(n,e){return typeof n!="string"?null:n.split(",").reduce((t,r)=>{let o=r.split("=");return o[0]==="t"&&(t.timestamp=parseInt(o[1],10)),o[0]===e&&t.signatures.push(o[1]),t},{timestamp:-1,signatures:[]})}i(sd,"parseHeader");function ad(n,e){if(n.length!==e.length)return!1;let t=n.length,r=0;for(let o=0;o<t;++o)r|=n.charCodeAt(o)^e.charCodeAt(o);return r===0}i(ad,"secureCompare");async function ud(n,e){let t=new TextEncoder,r=await crypto.subtle.importKey("raw",t.encode(e),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),o=await crypto.subtle.sign("hmac",r,t.encode(n)),s=new Uint8Array(o),a=new Array(s.length);for(let u=0;u<s.length;u++)a[u]=si[s[u]];return a.join("")}i(ud,"computeHMACSignatureAsync");var si=new Array(256);for(let n=0;n<si.length;n++)si[n]=n.toString(16).padStart(2,"0");function W(n,e,t="policy",r){let o=`${t} '${e}'`;if(!ot(n))throw new g(`Options on ${o} is expected to be an object. Received the type '${typeof n}'.`);let s=i((c,l,d)=>{let p=n[c],m=r?`${r}.${String(c)}`:String(c);if(!(d&&p===void 0)){if(p===void 0)throw new g(`Value of '${m}' on ${o} is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(l==="array"&&Array.isArray(p))throw new g(`Value of '${m}' on ${o} must be an array. Received type ${typeof p}.`);if(typeof p!==l)throw new g(`Value of '${m}' on ${o} must be of type ${l}. Received type ${typeof p}.`);if(typeof p=="string"&&p.length===0)throw new g(`Value of '${m}' on ${o} must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof p=="number"&&isNaN(p))throw new g(`Value of '${m}' on ${o} must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),a=i((c,l)=>(s(c,l,!0),{optional:a,required:u}),"optional"),u=i((c,l)=>(s(c,l,!1),{optional:a,required:u}),"required");return{optional:a,required:u}}i(W,"optionValidator");var un=class extends ae{static{i(this,"StripeWebhookVerificationInboundPolicy")}constructor(e,t){super(e,t),f("policy.inbound.stripe-webhook-verification")}async handler(e,t){W(this.options,this.policyName).required("signingSecret","string").optional("tolerance","number");let r=e.headers.get("stripe-signature");try{let o=await e.clone().text();await Ma(o,r,this.options.signingSecret)}catch(o){let s=o.message;if(o.type&&o.type==="StripeSignatureVerificationError"){let a=o.message,c=/Note:(.*)/g.exec(a);s=c?c[1].trim():a,s.startsWith("No signatures found matching the expected signature for payload")&&(s="The Stripe Webhook Signature Secret provided is incorrect and does not match to the signature on the event received. Make sure your Zuplo configuration is correct.")}return t.log.error("Error validating stripe webhook",s),x.badRequest(e,t,{title:"Webhook Error",detail:s})}return e}};function qa(n){return n!==null&&typeof n=="object"&&"id"in n&&xe(n.id)&&"type"in n&&xe(n.type)}i(qa,"isStripeWebhookEvent");var cd={getSubscription:i(async({subscriptionId:n,stripeSecretKey:e,logger:t})=>{let r=await z.fetch(`https://api.stripe.com/v1/subscriptions/${n}`,{headers:{Authorization:`Bearer ${e}`}}),o=await r.json();if(r.status!==200){let s="Error retrieving subscription from Stripe API.";throw t.error(s,o),new k(s)}return o},"getSubscription"),getCustomer:i(async({customerId:n,stripeSecretKey:e,logger:t})=>{let r=await z.fetch(`https://api.stripe.com/v1/customers/${n}`,{headers:{Authorization:`Bearer ${e}`}}),o=await r.json();if(r.status!==200){let s="Error retrieving customer from Stripe API.";throw t.error(s,o),new k(s)}return o},"getCustomer"),getUpcomingInvoice:i(async({customerId:n,stripeSecretKey:e,logger:t})=>{let r=await z.fetch(`https://api.stripe.com/v1/invoices/upcoming?customer=${n}`,{headers:{Authorization:`Bearer ${e}`}}),o=await r.json();if(r.status!==200){let s="Error retrieving customer upcoming invoice from Stripe API.";throw t.error(s,o),new k(s)}return o},"getUpcomingInvoice")},Qn=cd;var ai="https://api-key-management-service-eq7z4lly2a-ue.a.run.app",Ua="My API Key";async function Ha({apiKeyBucketName:n,stripeSubscriptionId:e,stripeProductId:t,stripeCustomerId:r,managerEmail:o,managerSub:s,context:a}){let{authApiJWT:u}=y.instance,c=new URL(`/v1/buckets/${n}/consumers`,ai);c.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:Ua,tags:{subscriptionExternalId:e,planExternalIds:[t]},metadata:{stripeSubscriptionId:e,stripeProductId:t,stripeCustomerId:r},managers:[{sub:s,email:o}]},p=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(a)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${u}`,"content-type":"application/json"},body:JSON.stringify(d)}),m=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,m),new k(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:e,stripeProductId:t}),l}i(Ha,"createConsumer");async function $a({apiKeyBucketName:n,stripeSubscriptionId:e,stripeProductId:t,stripeCustomerId:r,managerEmail:o,context:s}){let{authApiJWT:a}=y.instance,u=new URL(`/v1/buckets/${n}/consumers`,ai);u.searchParams.set("with-api-key","true");let c=crypto.randomUUID(),l={name:c,description:Ua,tags:{subscriptionExternalId:e,planExternalIds:[t]},metadata:{stripeSubscriptionId:e,stripeProductId:t,stripeCustomerId:r},managers:[o]},d=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(s)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let m="Error creating API Key Consumer";throw s.log.error(m,p),new k(m)}return s.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:c,stripeSubscriptionId:e,stripeProductId:t}),c}i($a,"createConsumerInvite");async function Za({apiKeyBucketName:n,consumerId:e,context:t}){let{authApiJWT:r}=y.instance,o=new URL(`/v1/buckets/${n}/consumers/${e}`,ai);o.searchParams.set("with-api-key","true");let s=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(t)},o.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${r}`,"content-type":"application/json"},body:JSON.stringify({})});if(s.status!==204){let a=await s.json(),u="Error invalidating API Key Consumer";throw t.log.error(u,a),new k(u)}return t.log.info(`Successfully invalidated API Key Consumer '${e}`),e}i(Za,"deleteConsumer");async function Fa({context:n,stripeSubscriptionId:e,stripeProductId:t,customerKey:r,meteringBucketId:o,meteringBucketRegion:s,customerExternalId:a,subscriptionStatus:u,metadata:c,trial:l}){let d={status:u,type:"periodic",renewalStrategy:"monthly",region:s,subscriptionExternalId:e,planExternalIds:[t],customerKey:r,customerExternalId:a,metadata:c,trialEndDate:l?l.trialEndDate:void 0,trialStartDate:l?l.trialStartDate:void 0,trialEndStatus:l?l.trialEndStatus:void 0},{authApiJWT:p,meteringServiceUrl:m}=y.instance;if(!ft(p))throw new K("No Zuplo JWT token set.");let h=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(n)},`${m}/internal/v1/metering/${o}/subscriptions`,{headers:{Authorization:`Bearer ${p}`,"Content-Type":"application/json","zp-rid":n.requestId},method:"POST",body:JSON.stringify(d)});if(!h.ok){let I=`Unable to create a monetization subscription for Stripe subscription '${e}'.`,b,v="";try{b=await h.json(),v=b.detail??b.title}catch{b={type:"https://zup.fail/http-status/500",title:"Internal Server Error",status:h.status,detail:h.statusText}}throw n.log.error(I,b),new k(`${I} ${v}`)}n.log.info("Successfully created monetization subscription.",d)}i(Fa,"createSubscription");async function Pt({context:n,meteringSubscriptionId:e,meteringBucketId:t,requestBody:r}){let{authApiJWT:o,meteringServiceUrl:s}=y.instance;if(!ft(o))throw new K("No Zuplo JWT token set.");let a=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(n)},`${s}/internal/v1/metering/${t}/subscriptions/${e}`,{headers:{Authorization:`Bearer ${o}`,"Content-Type":"application/json","zp-rid":n.requestId},method:"PATCH",body:JSON.stringify(r)});if(!a.ok){let u=`Unable to update monetization subscription with: '${JSON.stringify(r)}'.`,c,l="";try{c=await a.json(),l=c.detail??c.title}catch{c={type:"https://zup.fail/http-status/500",title:"Internal Server Error",status:a.status,detail:a.statusText}}throw n.log.error(u,c),new k(`${u} ${l}`)}n.log.info(`Successfully updated monetization subscription with: '${JSON.stringify(r)}'.`)}i(Pt,"updateSubscription");async function It({context:n,stripeSubscriptionId:e,stripeCustomerId:t,meteringBucketId:r}){let{authApiJWT:o,meteringServiceUrl:s}=y.instance;if(!ft(o))throw new K("No Zuplo JWT token set.");let a=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(n)},`${s}/internal/v1/metering/${r}/subscriptions?subscriptionExternalId=${e}`,{headers:{Authorization:`Bearer ${o}`,"zp-rid":n.requestId},method:"GET"});if(!a.ok){let c=`Unable to retrieve the monetization subscription for Stripe subscription '${e}'.`,l,d="";try{l=await a.json(),d=l.detail??l.title}catch{l={type:"https://zup.fail/http-status/500",title:"Internal Server Error",status:a.status,detail:a.statusText}}throw n.log.error(c,l),new k(`${c} ${d}`)}let u=await a.json();if(u.data.length===0){let c=`Subscription was not found for Stripe subscription '${e}' and the event was ignored by Zuplo.`;throw n.log.error(c),new k(c)}if(u.data[0].customerExternalId!==t){let c=`Subscription was not found for Stripe customer '${t}' and the event was ignored by Zuplo.`;throw n.log.error(c),new k(c)}return u.data[0]}i(It,"getSubscription");var ue="Skipping since we're unable to process the webhook event.",Xe="Successfully processed the webhook event",Ie="See https://zuplo.com/docs/articles/monetization-troubleshooting for more details.";function Yn(n){return n.replaceAll("_","-")}i(Yn,"stripeStatusToMeteringStatus");function ut(n){return new Date(n*1e3).toISOString()}i(ut,"unixTimestampToISOString");async function ui(n,e,t,r){let o=t.data.object.id;if(!o)return e.log.warn(`Invalid Stripe webhook event. Expected event '${t.id}' to have '.data.object.id' be the subscription ID.`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=t.data.object.plan;if(!s||!s.product)return e.log.warn(`Invalid Stripe API result. Expected event '${t.id}' to have a plan data.`),x.ok(n,e,{title:ue,detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=t.data.object.customer;if(!a)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${t.id}'`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(t.data.object.metadata&&t.data.object.metadata.zuplo_created_by_deploymentName&&t.data.object.metadata.zuplo_created_by_deploymentName!==y.instance.deploymentName)return e.log.warn(`Subscription event '${t.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'.`),x.ok(n,e,{title:ue,detail:`This subscription event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'. This can happen because of a misconfiguration of Stripe or your Zuplo API.`+Ie});let u=s.product,c,l,d;try{if(t.data.object.metadata&&t.data.object.metadata.zuplo_created_by_email&&t.data.object.metadata.zuplo_created_by_sub)l=t.data.object.metadata.zuplo_created_by_email,d=t.data.object.metadata.zuplo_created_by_sub,c=await Ha({apiKeyBucketName:r.apiKeyBucketName,stripeProductId:u,stripeSubscriptionId:o,stripeCustomerId:a,managerEmail:l,managerSub:d,context:e});else{let p=await Qn.getCustomer({logger:e.log,stripeSecretKey:r.stripeSecretKey,customerId:a});if(!p.email)return e.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),x.ok(n,e,{title:ue,detail:"Invalid Stripe API result. Expected customer to contain email address."});c=await $a({apiKeyBucketName:r.apiKeyBucketName,stripeProductId:u,stripeSubscriptionId:o,stripeCustomerId:a,managerEmail:p.email,context:e})}}catch(p){return e.log.warn(`Failed to create API Key Consumer. Error: ${p.message}`),x.ok(n,e,{title:ue,detail:p.message})}if(!c)return x.ok(n,e,{title:ue,detail:"No API Key Consumer was created, skipping creation of subscription."});try{let p=Yn(t.data.object.status),m;l&&d&&(m={subscriber:{sub:d,email:l}});let h;t.data.object.trial_end!==null&&t.data.object.trial_start!==null&&t.data.object.trial_settings&&t.data.object.trial_settings.end_behavior&&(t.data.object.trial_settings.end_behavior.missing_payment_method==="cancel"||t.data.object.trial_settings.end_behavior.missing_payment_method==="pause")&&(h={trialEndStatus:t.data.object.trial_settings.end_behavior.missing_payment_method,trialEndDate:ut(t.data.object.trial_end),trialStartDate:ut(t.data.object.trial_start)}),await Fa({context:e,stripeProductId:u,stripeSubscriptionId:o,customerKey:c,meteringBucketId:r.meteringBucketId,meteringBucketRegion:r.meteringBucketRegion,customerExternalId:a,subscriptionStatus:p,metadata:m,trial:h})}catch(p){return await Za({apiKeyBucketName:r.apiKeyBucketName,consumerId:c,context:e}),x.ok(n,e,{title:ue,detail:p.message})}return x.ok(n,e,{title:Xe})}i(ui,"onCustomerSubscriptionCreated");async function ci(n,e,t,r){let o=t.data.object.id;if(!o)return e.log.warn(`Invalid Stripe webhook event. Expected event '${t.id}' to have '.data.object.id' be the subscription ID.`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=t.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${t.id}'`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(t.data.object.metadata&&t.data.object.metadata.zuplo_created_by_deploymentName&&t.data.object.metadata.zuplo_created_by_deploymentName!==y.instance.deploymentName)return e.log.warn(`Subscription event '${t.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'.`),x.ok(n,e,{title:ue,detail:`This 'customer.subscription.deleted' event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'.This can happen because of a misconfiguration of Stripe or your Zuplo API.`+Ie});try{let a=await It({context:e,stripeSubscriptionId:o,stripeCustomerId:s,meteringBucketId:r.meteringBucketId});await Pt({context:e,meteringSubscriptionId:a.id,meteringBucketId:r.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}})}catch(a){return x.ok(n,e,{title:ue,detail:`The event 'customer.subscription.deleted' could not be processed. ${a.message} This can happen because of a misconfiguration of Stripe or your Zuplo API. `+Ie})}return x.ok(n,e,{title:Xe})}i(ci,"onCustomerSubscriptionDeleted");async function li(n,e,t,r){let o=t.data.object.id;if(!o)return e.log.warn(`Invalid Stripe webhook event. Expected event '${t.id}' to include '.data.object.id' as the subscription ID.`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=t.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${t.id}'`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(t.data.object.metadata&&t.data.object.metadata.zuplo_created_by_deploymentName&&t.data.object.metadata.zuplo_created_by_deploymentName!==y.instance.deploymentName)return e.log.warn(`Subscription event '${t.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'.`),x.ok(n,e,{title:ue,detail:`This 'customer.subscription.updated' event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'.This can happen because of a misconfiguration of Stripe or your Zuplo API.`+Ie});if(t.data.previous_attributes){let a=t.data.previous_attributes;if(a.status&&a.status!==t.data.object.status){try{e.log.debug(`Processing subscription status change from Stripe event '${t.id}'.`);let u=await It({context:e,stripeSubscriptionId:o,stripeCustomerId:s,meteringBucketId:r.meteringBucketId}),c=Yn(t.data.object.status),l;a.trial_end&&a.trial_end!==t.data.object.trial_end&&t.data.object.trial_end!==null&&(l=ut(t.data.object.trial_end)),await Pt({context:e,meteringSubscriptionId:u.id,meteringBucketId:r.meteringBucketId,requestBody:{status:c,planExternalIds:u.planExternalIds,trialEndDate:l}})}catch(u){return x.ok(n,e,{title:ue,detail:`The event 'customer.subscription.updated' could not be processed. ${u.message} This can happen because of a misconfiguration of Stripe or your Zuplo API. However, it also could be a temporary condition that happens when a subscription is created due to events being sent out of order. `+Ie})}return x.ok(n,e,{title:Xe})}if(a.plan&&a.plan.product!==t.data.object.plan.product){try{e.log.debug(`Processing subscription plan change from Stripe event '${t.id}'.`);let u=await It({context:e,stripeSubscriptionId:o,stripeCustomerId:s,meteringBucketId:r.meteringBucketId}),c=t.data.object.plan.product,d=(await Qn.getUpcomingInvoice({customerId:s,logger:e.log,stripeSecretKey:r.stripeSecretKey})).lines.data.filter(m=>m.proration&&m.price.product===c),p=0;d.length===0?e.log.warn(`The plan change does not include proration details. Subscription event '${t.id}'`):p=parseFloat(d[0].unit_amount_excluding_tax)/d[0].price.unit_amount,await Pt({context:e,meteringSubscriptionId:u.id,meteringBucketId:r.meteringBucketId,requestBody:{status:u.status,planExternalIds:[c],prorate:p}})}catch(u){return x.ok(n,e,{title:ue,detail:`The event 'customer.subscription.updated' could not be processed. ${u.message} This can happen because of a misconfiguration of Stripe or your Zuplo API. However, it also could be a temporary condition that happens when a subscription is created due to events being sent out of order. `+Ie})}return x.ok(n,e,{title:Xe})}if((a.cancel_at||a.cancel_at===null)&&a.cancel_at!==t.data.object.cancel_at&&a.cancel_at_period_end&&a.cancel_at_period_end!==t.data.object.cancel_at_period_end&&(a.canceled_at||a.canceled_at===null)&&a.canceled_at!==t.data.object.canceled_at||a.cancellation_details&&(a.cancellation_details.comment||a.cancellation_details.comment===null||a.cancellation_details.feedback||a.cancellation_details.feedback===null||a.cancellation_details.reason||a.cancellation_details.reason===null)){try{e.log.debug(`Processing subscription cancellation details from Stripe event '${t.id}'.`);let u=await It({context:e,stripeSubscriptionId:o,stripeCustomerId:s,meteringBucketId:r.meteringBucketId}),c={cancellation:{cancel_at:t.data.object.cancel_at?ut(t.data.object.cancel_at):null,cancel_at_period_end:t.data.object.cancel_at_period_end,canceled_at:t.data.object.canceled_at?ut(t.data.object.canceled_at):null,cancellation_details:t.data.object.cancellation_details}},l;u.metadata?l={...u.metadata,...c}:l=c,await Pt({context:e,meteringSubscriptionId:u.id,meteringBucketId:r.meteringBucketId,requestBody:{status:u.status,planExternalIds:u.planExternalIds,metadata:l}})}catch(u){return x.ok(n,e,{title:ue,detail:`The event 'customer.subscription.updated' could not be processed. ${u.message} This can happen because of a misconfiguration of Stripe or your Zuplo API. However, it also could be a temporary condition that happens when a subscription is created due to events being sent out of order. `+Ie})}return x.ok(n,e,{title:Xe})}}return e.log.warn(`This update event '${t.id}' is not supported by Stripe monetization plugin webhook.`),x.ok(n,e,{title:ue,detail:"This 'customer.subscription.updated' event could not be processed. The Stripe monetization plugin only supports update events for subscription plan changes or subscription status changes."+Ie})}i(li,"onCustomerSubscriptionUpdated");var ja=class extends En{constructor(t){super();this.options=t;f("monetization.stripe")}static{i(this,"StripeMonetizationPlugin")}registerRoutes(t,r){let o=i(async(c,l)=>{if(this.options.__testMode===!0)return l.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:d,apiKeyBucketName:p}=this.options;if(!d)if(fe.ZUPLO_METERING_SERVICE_BUCKET_ID)d=fe.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new g("StripeMonetizationPlugin - No 'meteringBucketId' property provided");if(!p)if(fe.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)p=fe.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new g("StripeMonetizationPlugin - No 'apiKeyBucketName' property provided");if(!y.instance.build.ACCOUNT_NAME)throw new K("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let m=this.options.primaryDataRegion??"us-central1";if(!ld(m))throw new g(`StripeMonetizationPlugin - The value '${m}' on the property 'primaryDataRegion' is invalid.`);let h=await c.json();if(!qa(h))return x.ok(c,l,{title:ue,detail:"The event payload received was not in the expected format. This can happen because of a misconfiguration of Stripe or your Zuplo API. "+Ie});switch(l.log.info(`Received Stripe webhook event of type '${h.type}' with ID '${h.id}'.`),h.type){case"customer.subscription.created":return await ui(c,l,h,{meteringBucketId:d,apiKeyBucketName:p,meteringBucketRegion:m,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await li(c,l,h,{meteringBucketId:d,apiKeyBucketName:p,meteringBucketRegion:m,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await ci(c,l,h,{meteringBucketId:d});default:return x.ok(c,l,{title:ue,detail:`Event '${h.type}' could not be processed because it is not supported by Stripe monetization plugin webhook. This can happen because of a misconfiguration of Stripe or your Zuplo API.`+Ie})}},"stripeWebhookHandler"),s=Gs({inboundPolicies:[new un({signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance},"stripe-webhook-verification")]});W(this.options.webhooks,"StripeMonetizationPlugin","plugin").required("signingSecret","string").optional("tolerance","number");let a=new ge({processors:[Re,s],handler:o,gateway:r}),u=new de({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:"stripe-plugin"});t.addRoute(u,a.execute)}};function ld(n){return n!==null&&typeof n=="string"&&["us-central1","us-east1","europe-west4"].includes(n)}i(ld,"isMetricsRegion");var Ba=new WeakMap,za={},di=class{static{i(this,"AmberfloMeteringPolicy")}static setRequestProperties(e,t){Ba.set(e,t)}};async function dd(n,e,t,r){if(f("policy.inbound.amberflo-metering"),!t.statusCodes)throw new g(`Invalid AmberfloMeterInboundPolicy '${r}': options.statusCodes must be an array of HTTP status code numbers`);let o=Ve(t.statusCodes);return e.addResponseSendingFinalHook(async s=>{if(o.includes(s.status)){let a=Ba.get(e),u=t.customerId;if(t.customerIdPropertyPath){if(!n.user)throw new k(`Unable to apply customerIdPropertyPath '${t.customerIdPropertyPath}' as request.user is 'undefined'.`);u=He(n.user,t.customerIdPropertyPath,"customerIdPropertyPath")}let c=a?.customerId??u;if(!c){e.log.error(`Error in AmberfloMeterInboundPolicy '${r}': customerId cannot be undefined`);return}let l=a?.meterApiName??t.meterApiName;if(!l){e.log.error(`Error in AmberfloMeterInboundPolicy '${r}': meterApiName cannot be undefined`);return}let d=a?.meterValue??t.meterValue;if(!d){e.log.error(`Error in AmberfloMeterInboundPolicy '${r}': meterValue cannot be undefined`);return}let p={customerId:c,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(t.dimensions??{},a?.dimensions)},m=za[t.apiKey];if(!m){let h=t.apiKey,I=n.headers.get("zm-test-id")??"";m=new Y("amberflo-ingest-meter",10,async b=>{try{let v=t.url??"https://app.amberflo.io/ingest",L=await z.fetch(v,{method:"POST",body:JSON.stringify(b),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":I}});L.ok||e.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${r}'. ${L.status}: ${await L.text()}`)}catch(v){throw e.log.error(`Error in AmberfloMeteringInboundPolicy '${r}': ${v.message}`),v}}),za[h]=m}m.enqueue(p),e.waitUntil(m.waitUntilFlushed())}}),n}i(dd,"AmberfloMeteringInboundPolicy");async function ct(n){let e=new TextEncoder().encode(n),t=await crypto.subtle.digest({name:"SHA-256"},e);return[...new Uint8Array(t)].map(o=>o.toString(16).padStart(2,"0")).join("")}i(ct,"sha256");var Ga=new Map;async function se(n,e,t){let r,o=`${n}-${e}`,s=Ga.get(o);return s!==void 0?r=s:(r=`zuplo-policy-${await ct(JSON.stringify({policyName:n,options:t}))}`,Ga.set(n,r)),r}i(se,"getPolicyCacheName");var Va="key-metadata-cache-type";function pd(n,e){return e.authScheme===""?n:n.replace(`${e.authScheme} `,"")}i(pd,"getKeyValue");async function pi(n,e,t,r){if(f("policy.inbound.api-key"),!t.bucketName)if(fe.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)t.bucketName=fe.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new g(`ApiKeyInboundPolicy '${r}' - no bucketName property provided`);let o={authHeader:t.authHeader??"authorization",authScheme:t.authScheme??"Bearer",bucketName:t.bucketName,cacheTtlSeconds:t.cacheTtlSeconds??60,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:t.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(o.cacheTtlSeconds<60)throw new g(`ApiKeyInboundPolicy '${r}' - minimum cacheTtlSeconds value is 60s, '${o.cacheTtlSeconds}' is invalid`);let s=i(L=>o.allowUnauthenticatedRequests?n:x.unauthorized(n,e,{detail:L}),"unauthorizedResponse"),a=n.headers.get(o.authHeader);if(!a)return s("No Authorization Header");if(!a.toLowerCase().startsWith(o.authScheme.toLowerCase()))return s("Invalid Authorization Scheme");let u=pd(a,o);if(!u||u==="")return s("No key present");let c=await md(u),l=await se(r,void 0,o),d=new oe(l,e),p=await d.get(c);if(p&&p.isValid===!0)return n.user=p.user,n;if(p&&!p.isValid)return p.typeId!==Va&&Q.getLogger(e).error(`ApiKeyInboundPolicy '${r}' - cached metadata has invalid typeId '${p.typeId}'`,p),s("Authorization Failed");let m={key:u},h=new Headers({"content-type":"application/json"});_e(h,e.requestId);let I=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(e)},`${y.instance.apiKeyServiceUrl}/v1/$validate/${o.bucketName}`,{method:"POST",headers:h,body:JSON.stringify(m)});if(I.status===401)return e.log.info(`ApiKeyInboundPolicy '${r}' - 401 response from Key Service`),s("Authorization Failed");if(I.status!==200){try{let L=await I.text(),S=JSON.parse(L);e.log.error("Unexpected response from key service",S)}catch{e.log.error("Invalid response from key service")}throw new k(`ApiKeyInboundPolicy '${r}' - unexpected response from Key Service. Status: ${I.status}`)}let b=await I.json(),v={isValid:!0,typeId:Va,user:{apiKeyId:b.id,sub:b.name,data:b.metadata}};return n.user=v.user,d.put(c,v,o.cacheTtlSeconds),n}i(pi,"ApiKeyInboundPolicy");async function md(n){let e=new TextEncoder().encode(n),t=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(t)).map(s=>s.toString(16).padStart(2,"0")).join("")}i(md,"hashValue");var gd=pi;var Wa=Symbol("aserto-authz-resource-context"),mi=class extends ae{static{i(this,"AsertoAuthZInboundPolicy")}cache;authorizationUrl;static setAuthorizationContext(e,t){te.set(e,Wa,t)}constructor(e,t){if(super(e,t),W(e,t).required("tenantId","string").required("authorizerApiKey","string").required("serviceName","string").optional("policyName","string").optional("authorizerApiUrl","string").optional("allowUnauthorizedRequests","boolean").optional("userSubPropertyPath","string"),this.options.authorizerApiUrl)try{new URL(this.options.authorizerApiUrl)}catch{throw new g(`${this.policyType} '${this.policyName}' - Value of 'authorizerApiUrl' is not a valid URL. If using an environment variable, check that it is set correctly.`)}this.authorizationUrl=new URL("/api/v2/authz/is",this.options.authorizerApiUrl??"https://authorizer.prod.aserto.com")}async handler(e,t){if(!this.cache){let c=await se(this.policyName,void 0,this.options);this.cache=new oe(c,t)}let r=i(c=>this.options.allowUnauthorizedRequests?e:x.forbidden(e,t,{detail:c}),"forbiddenResponse");if(!e.user)return t.log.error(`${this.policyType} '${this.policyName}' - User is not authenticated. An authentication policy must come before the authorization policy.`),x.unauthorized(e,t);let o=te.get(t,Wa),s;o?.policyInstance?s=o.policyInstance:this.options.policyName?s={name:this.options.policyName}:s={name:"api-auth"};let a=this.options.userSubPropertyPath&&e.user?He(e.user,this.options.userSubPropertyPath,"userSubPropertyPath"):e.user.sub,u={identityContext:o?.identityContext??{type:"IDENTITY_TYPE_SUB",identity:a},resourceContext:o?.resourceContext??{object_type:"endpoint",object_id:`${this.options.serviceName}:${e.method}:${t.route.path}`,relation:"can_invoke"},policyContext:o?.policyContext??{decisions:["allowed"],path:"rebac.check"},policyInstance:s};try{t.log.debug("Aserto Request",u);let c=await z.fetch(this.authorizationUrl,{headers:{"Content-Type":"application/json","Aserto-Tenant-ID":this.options.tenantId,Authorization:`basic ${this.options.authorizerApiKey}`},method:"POST",body:JSON.stringify(u)});if(c.status!==200){let d=`Error calling Aserto service. Status: ${c.status}`;try{d=(await c.json()).message}catch{}return t.log.error(`${this.policyType} '${this.policyName}' - ${d}`),c.status>=400&&c.status<500?r(d):x.internalServerError(e,t)}let l=await c.json();return t.log.debug("Aserto Response",l),l.decisions?.[0].is?e:(t.log.debug(`${this.policyType} '${this.policyName}' - The request was not authorized.`,l),r("The request was not authorized."))}catch(c){return t.log.error(`${this.policyType} '${this.policyName}' - Error calling Aserto service`,c),x.internalServerError(e,t)}}};import{createRemoteJWKSet as hd,jwtVerify as Ka}from"jose";import{createLocalJWKSet as fd}from"jose";var gi=class{constructor(e,t,r){this.cache=t;if(!(e instanceof URL))throw new TypeError("url must be an instance of URL");this.url=new URL(e.href),this.options={agent:r?.agent,headers:r?.headers},this.timeoutDuration=typeof r?.timeoutDuration=="number"?r?.timeoutDuration:5e3,this.cooldownDuration=typeof r?.cooldownDuration=="number"?r?.cooldownDuration:3e4,this.cacheMaxAge=typeof r?.cacheMaxAge=="number"?r?.cacheMaxAge:6e5}static{i(this,"RemoteJWKSet")}url;timeoutDuration;cooldownDuration;cacheMaxAge;jwksTimestamp;pendingFetch;options;local;coolingDown(){return typeof this.jwksTimestamp=="number"?Date.now()<this.jwksTimestamp+this.cooldownDuration:!1}fresh(){return typeof this.jwksTimestamp=="number"?Date.now()<this.jwksTimestamp+this.cacheMaxAge:!1}async getKey(e,t){(!this.local||!this.fresh())&&await this.reload();try{return await this.local(e,t)}catch(r){if(r instanceof fi&&this.coolingDown()===!1)return await this.reload(),this.local(e,t);throw r}}async reload(){this.pendingFetch&&(this.pendingFetch=void 0);let e=new Headers(this.options.headers);e.has("User-Agent")||(e.set("User-Agent",y.instance.systemUserAgent),this.options.headers=Object.fromEntries(e.entries())),this.pendingFetch||=this.fetchJwks(this.url,this.timeoutDuration,this.options).then(t=>{this.local=fd(t),this.jwksTimestamp=Date.now(),this.pendingFetch=void 0}).catch(t=>{throw this.pendingFetch=void 0,t}),await this.pendingFetch}async fetchJwks(e,t,r){let o=await this.cache.get(this.url.href);if(o)return o;let s,a,u=!1;typeof AbortController=="function"&&(s=new AbortController,a=setTimeout(()=>{u=!0,s.abort()},t));let c=await z.fetch(e.href,{signal:s?s.signal:void 0,redirect:"manual",headers:r.headers}).catch(l=>{throw u?new hi("JWKS fetch timed out"):l});if(a!==void 0&&clearTimeout(a),c.status!==200)throw new Et("Expected 200 OK from the JSON Web Key Set HTTP response");try{let l=await c.json();return this.cache.put(this.url.href,l,this.cacheMaxAge),l}catch{throw new Et("Failed to parse the JSON Web Key Set HTTP response as JSON")}}};function Ja(n,e,t){let r=new gi(n,e,t);return async(o,s)=>r.getKey(o,s)}i(Ja,"createRemoteJWKSet");var Et=class extends k{static{i(this,"JWKSError")}},fi=class extends Et{static{i(this,"JWKSNoMatchingKey")}},hi=class extends Et{static{i(this,"JWKSTimeout")}};var Xn={},yd=i((n,e)=>async(t,r)=>{if(!r.jwkUrl||typeof r.jwkUrl!="string")throw new g("Invalid State - jwkUrl not set");if(!Xn[r.jwkUrl]){let s=!1;if("useExperimentalInMemoryCache"in r&&typeof r.useExperimentalInMemoryCache=="boolean"&&(s=r.useExperimentalInMemoryCache),s){let a=await se(n,void 0,r),u=new oe(a,e);Xn[r.jwkUrl]=Ja(new URL(r.jwkUrl),u,r.headers?{headers:r.headers}:void 0)}else Xn[r.jwkUrl]=hd(new URL(r.jwkUrl),r.headers?{headers:r.headers}:void 0)}let{payload:o}=await Ka(t,Xn[r.jwkUrl],{issuer:r.issuer,audience:r.audience});return o},"createJwkVerifier"),bd=i(async(n,e)=>{let t;if(e.secret===void 0)throw new g("secretVerifier requires secret to be defined");if(typeof e.secret=="string"){let s=new TextEncoder().encode(e.secret);t=new Uint8Array(s)}else t=e.secret;let{payload:r}=await Ka(n,t,{issuer:e.issuer,audience:e.audience});return r},"secretVerifier"),Pe=i(async(n,e,t,r)=>{f("policy.inbound.open-id-jwt-auth");let o=t.authHeader??"Authorization",s=n.headers.get(o),a="bearer ",u=i(h=>x.unauthorized(n,e,{detail:h}),"unauthorizedResponse");if(!t.jwkUrl&&!t.secret)throw new g(`OpenIdJwtInboundPolicy policy '${r}': One of 'jwkUrl' or 'secret' options are required.`);if(t.jwkUrl&&t.secret)throw new g(`OpenIdJwtInboundPolicy policy '${r}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=t.jwkUrl?yd(r,e):bd,d=await i(async()=>{if(!s)return u("No authorization header");if(s.toLowerCase().indexOf(a)!==0)return u("Invalid bearer token format for authorization header");let h=s.substring(a.length);if(!h||h.length===0)return u("No bearer token on authorization header");try{return await c(h,t)}catch(I){let b=new URL(n.url);return"code"in I&&I.code==="ERR_JWT_EXPIRED"?e.log.warn(`Expired token used on url: ${b.pathname} `,I):e.log.warn(`Invalid token on: ${n.method} ${b.pathname}`,I),u("Invalid token")}},"getJwtOrRejectedResponse")();if(d instanceof Response)return t.allowUnauthenticatedRequests===!0?n:d;let p=t.subPropertyName??"sub",m=d[p];return m?(n.user={sub:m,data:d},n):u(`Token is not valid, no '${p}' property found.`)},"OpenIdJwtInboundPolicy");var wd=i(async(n,e,t,r)=>(f("policy.inbound.auth0-jwt-auth"),Pe(n,e,{issuer:`https://${t.auth0Domain}/`,audience:t.audience,jwkUrl:`https://${t.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests},r)),"Auth0JwtInboundPolicy");var Qa=new Map;function Rd(n){let e=[],t=0;for(;t<n.length;){if(n[t]==="."){t++;continue}if(n[t]==="["){for(t++;t<n.length&&/\s/.test(n[t]);)t++;let r=n[t];if(r!=='"'&&r!=="'"){for(;t<n.length&&n[t]!=="]";)t++;t++;continue}t++;let o=t;for(;t<n.length&&n[t]!==r;)t++;let s=n.substring(o,t);for(e.push(s),t++;t<n.length&&/\s/.test(n[t]);)t++;n[t]==="]"&&t++}else{let r=t;for(;t<n.length&&n[t]!=="."&&n[t]!=="[";)t++;let o=n.substring(r,t).trim();o.length>0&&e.push(o)}}return e}i(Rd,"parsePropertyPath");function er(n,e){let t="$authzen-prop(";if(!n.startsWith(t)||!n.endsWith(")"))return n;let r=n.slice(t.length,-1),o=Qa.get(r);o||(o=Rd(r),Qa.set(r,o));let s=e;for(let a of o){if(s==null)return;typeof s.get=="function"?s=s.get(a):s=s[a]}return s}i(er,"evaluateAuthzenProp");var Ya=Symbol("AUTHZEN_CONTEXT_DATA_52a5cf22-d922-4673-9815-6dc3d49071d9"),yi=class n extends ae{static{i(this,"AuthZenInboundPolicy")}#e;#t;constructor(e,t){if(super(e,t),W(e,t).required("authorizerHostname","string").optional("authorizerAuthorizationHeader","string").optional("subject","object").optional("resource","object").optional("action","object").optional("throwOnError","boolean"),e.subject&&!e.subject.type)throw new g(`${this.policyType} '${this.policyName}' - subject.type is required.`);if(e.subject&&!e.subject.id)throw new g(`${this.policyType} '${this.policyName}' - subject.id is required.`);if(e.resource&&!e.resource.type)throw new g(`${this.policyType} '${this.policyName}' - resource.type is required.`);if(e.resource&&!e.resource.id)throw new g(`${this.policyType} '${this.policyName}' - resource.id is required.`);if(e.action&&!e.action.name)throw new g(`${this.policyType} '${this.policyName}' - action.name is required.`);this.#e=(e.authorizerHostname.startsWith("https://")?e.authorizerHostname:`https://${e.authorizerHostname}`)+"/access/v1/evaluation";try{new URL(this.#e)}catch(r){throw new g(`${this.policyType} '${this.policyName}' - authorizerUrl '${this.#e}' is not valid
+`+d});let p=Math.floor((typeof u=="number"?u:Date.now())/1e3)-t.timestamp;if(o>0&&p>o)throw new qe(e,n,{message:"Timestamp outside the tolerance zone"});return!0}i(ad,"validateComputedSignature");function ud(n,e){return typeof n!="string"?null:n.split(",").reduce((t,r)=>{let o=r.split("=");return o[0]==="t"&&(t.timestamp=parseInt(o[1],10)),o[0]===e&&t.signatures.push(o[1]),t},{timestamp:-1,signatures:[]})}i(ud,"parseHeader");function cd(n,e){if(n.length!==e.length)return!1;let t=n.length,r=0;for(let o=0;o<t;++o)r|=n.charCodeAt(o)^e.charCodeAt(o);return r===0}i(cd,"secureCompare");async function ld(n,e){let t=new TextEncoder,r=await crypto.subtle.importKey("raw",t.encode(e),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),o=await crypto.subtle.sign("hmac",r,t.encode(n)),s=new Uint8Array(o),a=new Array(s.length);for(let u=0;u<s.length;u++)a[u]=si[s[u]];return a.join("")}i(ld,"computeHMACSignatureAsync");var si=new Array(256);for(let n=0;n<si.length;n++)si[n]=n.toString(16).padStart(2,"0");function W(n,e,t="policy",r){let o=`${t} '${e}'`;if(!ot(n))throw new g(`Options on ${o} is expected to be an object. Received the type '${typeof n}'.`);let s=i((c,l,d)=>{let p=n[c],m=r?`${r}.${String(c)}`:String(c);if(!(d&&p===void 0)){if(p===void 0)throw new g(`Value of '${m}' on ${o} is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(l==="array"&&Array.isArray(p))throw new g(`Value of '${m}' on ${o} must be an array. Received type ${typeof p}.`);if(typeof p!==l)throw new g(`Value of '${m}' on ${o} must be of type ${l}. Received type ${typeof p}.`);if(typeof p=="string"&&p.length===0)throw new g(`Value of '${m}' on ${o} must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof p=="number"&&isNaN(p))throw new g(`Value of '${m}' on ${o} must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),a=i((c,l)=>(s(c,l,!0),{optional:a,required:u}),"optional"),u=i((c,l)=>(s(c,l,!1),{optional:a,required:u}),"required");return{optional:a,required:u}}i(W,"optionValidator");var un=class extends ae{static{i(this,"StripeWebhookVerificationInboundPolicy")}constructor(e,t){super(e,t),f("policy.inbound.stripe-webhook-verification")}async handler(e,t){W(this.options,this.policyName).required("signingSecret","string").optional("tolerance","number");let r=e.headers.get("stripe-signature");try{let o=await e.clone().text();await Ua(o,r,this.options.signingSecret)}catch(o){let s=o.message;if(o.type&&o.type==="StripeSignatureVerificationError"){let a=o.message,c=/Note:(.*)/g.exec(a);s=c?c[1].trim():a,s.startsWith("No signatures found matching the expected signature for payload")&&(s="The Stripe Webhook Signature Secret provided is incorrect and does not match to the signature on the event received. Make sure your Zuplo configuration is correct.")}return t.log.error("Error validating stripe webhook",s),x.badRequest(e,t,{title:"Webhook Error",detail:s})}return e}};function $a(n){return n!==null&&typeof n=="object"&&"id"in n&&xe(n.id)&&"type"in n&&xe(n.type)}i($a,"isStripeWebhookEvent");var dd={getSubscription:i(async({subscriptionId:n,stripeSecretKey:e,logger:t})=>{let r=await z.fetch(`https://api.stripe.com/v1/subscriptions/${n}`,{headers:{Authorization:`Bearer ${e}`}}),o=await r.json();if(r.status!==200){let s="Error retrieving subscription from Stripe API.";throw t.error(s,o),new k(s)}return o},"getSubscription"),getCustomer:i(async({customerId:n,stripeSecretKey:e,logger:t})=>{let r=await z.fetch(`https://api.stripe.com/v1/customers/${n}`,{headers:{Authorization:`Bearer ${e}`}}),o=await r.json();if(r.status!==200){let s="Error retrieving customer from Stripe API.";throw t.error(s,o),new k(s)}return o},"getCustomer"),getUpcomingInvoice:i(async({customerId:n,stripeSecretKey:e,logger:t})=>{let r=await z.fetch(`https://api.stripe.com/v1/invoices/upcoming?customer=${n}`,{headers:{Authorization:`Bearer ${e}`}}),o=await r.json();if(r.status!==200){let s="Error retrieving customer upcoming invoice from Stripe API.";throw t.error(s,o),new k(s)}return o},"getUpcomingInvoice")},Qn=dd;var ai="https://api-key-management-service-eq7z4lly2a-ue.a.run.app",Ha="My API Key";async function Za({apiKeyBucketName:n,stripeSubscriptionId:e,stripeProductId:t,stripeCustomerId:r,managerEmail:o,managerSub:s,context:a}){let{authApiJWT:u}=y.instance,c=new URL(`/v1/buckets/${n}/consumers`,ai);c.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:Ha,tags:{subscriptionExternalId:e,planExternalIds:[t]},metadata:{stripeSubscriptionId:e,stripeProductId:t,stripeCustomerId:r},managers:[{sub:s,email:o}]},p=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(a)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${u}`,"content-type":"application/json"},body:JSON.stringify(d)}),m=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,m),new k(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:e,stripeProductId:t}),l}i(Za,"createConsumer");async function Fa({apiKeyBucketName:n,stripeSubscriptionId:e,stripeProductId:t,stripeCustomerId:r,managerEmail:o,context:s}){let{authApiJWT:a}=y.instance,u=new URL(`/v1/buckets/${n}/consumers`,ai);u.searchParams.set("with-api-key","true");let c=crypto.randomUUID(),l={name:c,description:Ha,tags:{subscriptionExternalId:e,planExternalIds:[t]},metadata:{stripeSubscriptionId:e,stripeProductId:t,stripeCustomerId:r},managers:[o]},d=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(s)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let m="Error creating API Key Consumer";throw s.log.error(m,p),new k(m)}return s.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:c,stripeSubscriptionId:e,stripeProductId:t}),c}i(Fa,"createConsumerInvite");async function ja({apiKeyBucketName:n,consumerId:e,context:t}){let{authApiJWT:r}=y.instance,o=new URL(`/v1/buckets/${n}/consumers/${e}`,ai);o.searchParams.set("with-api-key","true");let s=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(t)},o.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${r}`,"content-type":"application/json"},body:JSON.stringify({})});if(s.status!==204){let a=await s.json(),u="Error invalidating API Key Consumer";throw t.log.error(u,a),new k(u)}return t.log.info(`Successfully invalidated API Key Consumer '${e}`),e}i(ja,"deleteConsumer");async function za({context:n,stripeSubscriptionId:e,stripeProductId:t,customerKey:r,meteringBucketId:o,meteringBucketRegion:s,customerExternalId:a,subscriptionStatus:u,metadata:c,trial:l}){let d={status:u,type:"periodic",renewalStrategy:"monthly",region:s,subscriptionExternalId:e,planExternalIds:[t],customerKey:r,customerExternalId:a,metadata:c,trialEndDate:l?l.trialEndDate:void 0,trialStartDate:l?l.trialStartDate:void 0,trialEndStatus:l?l.trialEndStatus:void 0},{authApiJWT:p,meteringServiceUrl:m}=y.instance;if(!ft(p))throw new K("No Zuplo JWT token set.");let h=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(n)},`${m}/internal/v1/metering/${o}/subscriptions`,{headers:{Authorization:`Bearer ${p}`,"Content-Type":"application/json","zp-rid":n.requestId},method:"POST",body:JSON.stringify(d)});if(!h.ok){let I=`Unable to create a monetization subscription for Stripe subscription '${e}'.`,b,C="";try{b=await h.json(),C=b.detail??b.title}catch{b={type:"https://zup.fail/http-status/500",title:"Internal Server Error",status:h.status,detail:h.statusText}}throw n.log.error(I,b),new k(`${I} ${C}`)}n.log.info("Successfully created monetization subscription.",d)}i(za,"createSubscription");async function Pt({context:n,meteringSubscriptionId:e,meteringBucketId:t,requestBody:r}){let{authApiJWT:o,meteringServiceUrl:s}=y.instance;if(!ft(o))throw new K("No Zuplo JWT token set.");let a=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(n)},`${s}/internal/v1/metering/${t}/subscriptions/${e}`,{headers:{Authorization:`Bearer ${o}`,"Content-Type":"application/json","zp-rid":n.requestId},method:"PATCH",body:JSON.stringify(r)});if(!a.ok){let u=`Unable to update monetization subscription with: '${JSON.stringify(r)}'.`,c,l="";try{c=await a.json(),l=c.detail??c.title}catch{c={type:"https://zup.fail/http-status/500",title:"Internal Server Error",status:a.status,detail:a.statusText}}throw n.log.error(u,c),new k(`${u} ${l}`)}n.log.info(`Successfully updated monetization subscription with: '${JSON.stringify(r)}'.`)}i(Pt,"updateSubscription");async function It({context:n,stripeSubscriptionId:e,stripeCustomerId:t,meteringBucketId:r}){let{authApiJWT:o,meteringServiceUrl:s}=y.instance;if(!ft(o))throw new K("No Zuplo JWT token set.");let a=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(n)},`${s}/internal/v1/metering/${r}/subscriptions?subscriptionExternalId=${e}`,{headers:{Authorization:`Bearer ${o}`,"zp-rid":n.requestId},method:"GET"});if(!a.ok){let c=`Unable to retrieve the monetization subscription for Stripe subscription '${e}'.`,l,d="";try{l=await a.json(),d=l.detail??l.title}catch{l={type:"https://zup.fail/http-status/500",title:"Internal Server Error",status:a.status,detail:a.statusText}}throw n.log.error(c,l),new k(`${c} ${d}`)}let u=await a.json();if(u.data.length===0){let c=`Subscription was not found for Stripe subscription '${e}' and the event was ignored by Zuplo.`;throw n.log.error(c),new k(c)}if(u.data[0].customerExternalId!==t){let c=`Subscription was not found for Stripe customer '${t}' and the event was ignored by Zuplo.`;throw n.log.error(c),new k(c)}return u.data[0]}i(It,"getSubscription");var ue="Skipping since we're unable to process the webhook event.",Xe="Successfully processed the webhook event",Ie="See https://zuplo.com/docs/articles/monetization-troubleshooting for more details.";function Yn(n){return n.replaceAll("_","-")}i(Yn,"stripeStatusToMeteringStatus");function ut(n){return new Date(n*1e3).toISOString()}i(ut,"unixTimestampToISOString");async function ui(n,e,t,r){let o=t.data.object.id;if(!o)return e.log.warn(`Invalid Stripe webhook event. Expected event '${t.id}' to have '.data.object.id' be the subscription ID.`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=t.data.object.plan;if(!s||!s.product)return e.log.warn(`Invalid Stripe API result. Expected event '${t.id}' to have a plan data.`),x.ok(n,e,{title:ue,detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=t.data.object.customer;if(!a)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${t.id}'`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(t.data.object.metadata&&t.data.object.metadata.zuplo_created_by_deploymentName&&t.data.object.metadata.zuplo_created_by_deploymentName!==y.instance.deploymentName)return e.log.warn(`Subscription event '${t.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'.`),x.ok(n,e,{title:ue,detail:`This subscription event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'. This can happen because of a misconfiguration of Stripe or your Zuplo API.`+Ie});let u=s.product,c,l,d;try{if(t.data.object.metadata&&t.data.object.metadata.zuplo_created_by_email&&t.data.object.metadata.zuplo_created_by_sub)l=t.data.object.metadata.zuplo_created_by_email,d=t.data.object.metadata.zuplo_created_by_sub,c=await Za({apiKeyBucketName:r.apiKeyBucketName,stripeProductId:u,stripeSubscriptionId:o,stripeCustomerId:a,managerEmail:l,managerSub:d,context:e});else{let p=await Qn.getCustomer({logger:e.log,stripeSecretKey:r.stripeSecretKey,customerId:a});if(!p.email)return e.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),x.ok(n,e,{title:ue,detail:"Invalid Stripe API result. Expected customer to contain email address."});c=await Fa({apiKeyBucketName:r.apiKeyBucketName,stripeProductId:u,stripeSubscriptionId:o,stripeCustomerId:a,managerEmail:p.email,context:e})}}catch(p){return e.log.warn(`Failed to create API Key Consumer. Error: ${p.message}`),x.ok(n,e,{title:ue,detail:p.message})}if(!c)return x.ok(n,e,{title:ue,detail:"No API Key Consumer was created, skipping creation of subscription."});try{let p=Yn(t.data.object.status),m;l&&d&&(m={subscriber:{sub:d,email:l}});let h;t.data.object.trial_end!==null&&t.data.object.trial_start!==null&&t.data.object.trial_settings&&t.data.object.trial_settings.end_behavior&&(t.data.object.trial_settings.end_behavior.missing_payment_method==="cancel"||t.data.object.trial_settings.end_behavior.missing_payment_method==="pause")&&(h={trialEndStatus:t.data.object.trial_settings.end_behavior.missing_payment_method,trialEndDate:ut(t.data.object.trial_end),trialStartDate:ut(t.data.object.trial_start)}),await za({context:e,stripeProductId:u,stripeSubscriptionId:o,customerKey:c,meteringBucketId:r.meteringBucketId,meteringBucketRegion:r.meteringBucketRegion,customerExternalId:a,subscriptionStatus:p,metadata:m,trial:h})}catch(p){return await ja({apiKeyBucketName:r.apiKeyBucketName,consumerId:c,context:e}),x.ok(n,e,{title:ue,detail:p.message})}return x.ok(n,e,{title:Xe})}i(ui,"onCustomerSubscriptionCreated");async function ci(n,e,t,r){let o=t.data.object.id;if(!o)return e.log.warn(`Invalid Stripe webhook event. Expected event '${t.id}' to have '.data.object.id' be the subscription ID.`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=t.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${t.id}'`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(t.data.object.metadata&&t.data.object.metadata.zuplo_created_by_deploymentName&&t.data.object.metadata.zuplo_created_by_deploymentName!==y.instance.deploymentName)return e.log.warn(`Subscription event '${t.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'.`),x.ok(n,e,{title:ue,detail:`This 'customer.subscription.deleted' event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'.This can happen because of a misconfiguration of Stripe or your Zuplo API.`+Ie});try{let a=await It({context:e,stripeSubscriptionId:o,stripeCustomerId:s,meteringBucketId:r.meteringBucketId});await Pt({context:e,meteringSubscriptionId:a.id,meteringBucketId:r.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}})}catch(a){return x.ok(n,e,{title:ue,detail:`The event 'customer.subscription.deleted' could not be processed. ${a.message} This can happen because of a misconfiguration of Stripe or your Zuplo API. `+Ie})}return x.ok(n,e,{title:Xe})}i(ci,"onCustomerSubscriptionDeleted");async function li(n,e,t,r){let o=t.data.object.id;if(!o)return e.log.warn(`Invalid Stripe webhook event. Expected event '${t.id}' to include '.data.object.id' as the subscription ID.`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=t.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${t.id}'`),x.ok(n,e,{title:ue,detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(t.data.object.metadata&&t.data.object.metadata.zuplo_created_by_deploymentName&&t.data.object.metadata.zuplo_created_by_deploymentName!==y.instance.deploymentName)return e.log.warn(`Subscription event '${t.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'.`),x.ok(n,e,{title:ue,detail:`This 'customer.subscription.updated' event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${t.data.object.metadata.zuplo_created_by_deploymentName}'.This can happen because of a misconfiguration of Stripe or your Zuplo API.`+Ie});if(t.data.previous_attributes){let a=t.data.previous_attributes;if(a.status&&a.status!==t.data.object.status){try{e.log.debug(`Processing subscription status change from Stripe event '${t.id}'.`);let u=await It({context:e,stripeSubscriptionId:o,stripeCustomerId:s,meteringBucketId:r.meteringBucketId}),c=Yn(t.data.object.status),l;a.trial_end&&a.trial_end!==t.data.object.trial_end&&t.data.object.trial_end!==null&&(l=ut(t.data.object.trial_end)),await Pt({context:e,meteringSubscriptionId:u.id,meteringBucketId:r.meteringBucketId,requestBody:{status:c,planExternalIds:u.planExternalIds,trialEndDate:l}})}catch(u){return x.ok(n,e,{title:ue,detail:`The event 'customer.subscription.updated' could not be processed. ${u.message} This can happen because of a misconfiguration of Stripe or your Zuplo API. However, it also could be a temporary condition that happens when a subscription is created due to events being sent out of order. `+Ie})}return x.ok(n,e,{title:Xe})}if(a.plan&&a.plan.product!==t.data.object.plan.product){try{e.log.debug(`Processing subscription plan change from Stripe event '${t.id}'.`);let u=await It({context:e,stripeSubscriptionId:o,stripeCustomerId:s,meteringBucketId:r.meteringBucketId}),c=t.data.object.plan.product,d=(await Qn.getUpcomingInvoice({customerId:s,logger:e.log,stripeSecretKey:r.stripeSecretKey})).lines.data.filter(m=>m.proration&&m.price.product===c),p=0;d.length===0?e.log.warn(`The plan change does not include proration details. Subscription event '${t.id}'`):p=parseFloat(d[0].unit_amount_excluding_tax)/d[0].price.unit_amount,await Pt({context:e,meteringSubscriptionId:u.id,meteringBucketId:r.meteringBucketId,requestBody:{status:u.status,planExternalIds:[c],prorate:p}})}catch(u){return x.ok(n,e,{title:ue,detail:`The event 'customer.subscription.updated' could not be processed. ${u.message} This can happen because of a misconfiguration of Stripe or your Zuplo API. However, it also could be a temporary condition that happens when a subscription is created due to events being sent out of order. `+Ie})}return x.ok(n,e,{title:Xe})}if((a.cancel_at||a.cancel_at===null)&&a.cancel_at!==t.data.object.cancel_at&&a.cancel_at_period_end&&a.cancel_at_period_end!==t.data.object.cancel_at_period_end&&(a.canceled_at||a.canceled_at===null)&&a.canceled_at!==t.data.object.canceled_at||a.cancellation_details&&(a.cancellation_details.comment||a.cancellation_details.comment===null||a.cancellation_details.feedback||a.cancellation_details.feedback===null||a.cancellation_details.reason||a.cancellation_details.reason===null)){try{e.log.debug(`Processing subscription cancellation details from Stripe event '${t.id}'.`);let u=await It({context:e,stripeSubscriptionId:o,stripeCustomerId:s,meteringBucketId:r.meteringBucketId}),c={cancellation:{cancel_at:t.data.object.cancel_at?ut(t.data.object.cancel_at):null,cancel_at_period_end:t.data.object.cancel_at_period_end,canceled_at:t.data.object.canceled_at?ut(t.data.object.canceled_at):null,cancellation_details:t.data.object.cancellation_details}},l;u.metadata?l={...u.metadata,...c}:l=c,await Pt({context:e,meteringSubscriptionId:u.id,meteringBucketId:r.meteringBucketId,requestBody:{status:u.status,planExternalIds:u.planExternalIds,metadata:l}})}catch(u){return x.ok(n,e,{title:ue,detail:`The event 'customer.subscription.updated' could not be processed. ${u.message} This can happen because of a misconfiguration of Stripe or your Zuplo API. However, it also could be a temporary condition that happens when a subscription is created due to events being sent out of order. `+Ie})}return x.ok(n,e,{title:Xe})}}return e.log.warn(`This update event '${t.id}' is not supported by Stripe monetization plugin webhook.`),x.ok(n,e,{title:ue,detail:"This 'customer.subscription.updated' event could not be processed. The Stripe monetization plugin only supports update events for subscription plan changes or subscription status changes."+Ie})}i(li,"onCustomerSubscriptionUpdated");var Ba=class extends En{constructor(t){super();this.options=t;f("monetization.stripe")}static{i(this,"StripeMonetizationPlugin")}registerRoutes(t,r){let o=i(async(c,l)=>{if(this.options.__testMode===!0)return l.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:d,apiKeyBucketName:p}=this.options;if(!d)if(fe.ZUPLO_METERING_SERVICE_BUCKET_ID)d=fe.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new g("StripeMonetizationPlugin - No 'meteringBucketId' property provided");if(!p)if(fe.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)p=fe.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new g("StripeMonetizationPlugin - No 'apiKeyBucketName' property provided");if(!y.instance.build.ACCOUNT_NAME)throw new K("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let m=this.options.primaryDataRegion??"us-central1";if(!pd(m))throw new g(`StripeMonetizationPlugin - The value '${m}' on the property 'primaryDataRegion' is invalid.`);let h=await c.json();if(!$a(h))return x.ok(c,l,{title:ue,detail:"The event payload received was not in the expected format. This can happen because of a misconfiguration of Stripe or your Zuplo API. "+Ie});switch(l.log.info(`Received Stripe webhook event of type '${h.type}' with ID '${h.id}'.`),h.type){case"customer.subscription.created":return await ui(c,l,h,{meteringBucketId:d,apiKeyBucketName:p,meteringBucketRegion:m,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await li(c,l,h,{meteringBucketId:d,apiKeyBucketName:p,meteringBucketRegion:m,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await ci(c,l,h,{meteringBucketId:d});default:return x.ok(c,l,{title:ue,detail:`Event '${h.type}' could not be processed because it is not supported by Stripe monetization plugin webhook. This can happen because of a misconfiguration of Stripe or your Zuplo API.`+Ie})}},"stripeWebhookHandler"),s=Gs({inboundPolicies:[new un({signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance},"stripe-webhook-verification")]});W(this.options.webhooks,"StripeMonetizationPlugin","plugin").required("signingSecret","string").optional("tolerance","number");let a=new ge({processors:[Re,s],handler:o,gateway:r}),u=new de({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:"stripe-plugin"});t.addRoute(u,a.execute)}};function pd(n){return n!==null&&typeof n=="string"&&["us-central1","us-east1","europe-west4"].includes(n)}i(pd,"isMetricsRegion");var Va=new WeakMap,Ga={},di=class{static{i(this,"AmberfloMeteringPolicy")}static setRequestProperties(e,t){Va.set(e,t)}};async function md(n,e,t,r){if(f("policy.inbound.amberflo-metering"),!t.statusCodes)throw new g(`Invalid AmberfloMeterInboundPolicy '${r}': options.statusCodes must be an array of HTTP status code numbers`);let o=Ve(t.statusCodes);return e.addResponseSendingFinalHook(async s=>{if(o.includes(s.status)){let a=Va.get(e),u=t.customerId;if(t.customerIdPropertyPath){if(!n.user)throw new k(`Unable to apply customerIdPropertyPath '${t.customerIdPropertyPath}' as request.user is 'undefined'.`);u=$e(n.user,t.customerIdPropertyPath,"customerIdPropertyPath")}let c=a?.customerId??u;if(!c){e.log.error(`Error in AmberfloMeterInboundPolicy '${r}': customerId cannot be undefined`);return}let l=a?.meterApiName??t.meterApiName;if(!l){e.log.error(`Error in AmberfloMeterInboundPolicy '${r}': meterApiName cannot be undefined`);return}let d=a?.meterValue??t.meterValue;if(!d){e.log.error(`Error in AmberfloMeterInboundPolicy '${r}': meterValue cannot be undefined`);return}let p={customerId:c,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(t.dimensions??{},a?.dimensions)},m=Ga[t.apiKey];if(!m){let h=t.apiKey,I=n.headers.get("zm-test-id")??"";m=new X("amberflo-ingest-meter",10,async b=>{try{let C=t.url??"https://app.amberflo.io/ingest",L=await z.fetch(C,{method:"POST",body:JSON.stringify(b),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":I}});L.ok||e.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${r}'. ${L.status}: ${await L.text()}`)}catch(C){throw e.log.error(`Error in AmberfloMeteringInboundPolicy '${r}': ${C.message}`),C}}),Ga[h]=m}m.enqueue(p),e.waitUntil(m.waitUntilFlushed())}}),n}i(md,"AmberfloMeteringInboundPolicy");async function ct(n){let e=new TextEncoder().encode(n),t=await crypto.subtle.digest({name:"SHA-256"},e);return[...new Uint8Array(t)].map(o=>o.toString(16).padStart(2,"0")).join("")}i(ct,"sha256");var Wa=new Map;async function se(n,e,t){let r,o=`${n}-${e}`,s=Wa.get(o);return s!==void 0?r=s:(r=`zuplo-policy-${await ct(JSON.stringify({policyName:n,options:t}))}`,Wa.set(n,r)),r}i(se,"getPolicyCacheName");var Ja="key-metadata-cache-type";function gd(n,e){return e.authScheme===""?n:n.replace(`${e.authScheme} `,"")}i(gd,"getKeyValue");async function pi(n,e,t,r){if(f("policy.inbound.api-key"),!t.bucketName)if(fe.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)t.bucketName=fe.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new g(`ApiKeyInboundPolicy '${r}' - no bucketName property provided`);let o={authHeader:t.authHeader??"authorization",authScheme:t.authScheme??"Bearer",bucketName:t.bucketName,cacheTtlSeconds:t.cacheTtlSeconds??60,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:t.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(o.cacheTtlSeconds<60)throw new g(`ApiKeyInboundPolicy '${r}' - minimum cacheTtlSeconds value is 60s, '${o.cacheTtlSeconds}' is invalid`);let s=i(L=>o.allowUnauthenticatedRequests?n:x.unauthorized(n,e,{detail:L}),"unauthorizedResponse"),a=n.headers.get(o.authHeader);if(!a)return s("No Authorization Header");if(!a.toLowerCase().startsWith(o.authScheme.toLowerCase()))return s("Invalid Authorization Scheme");let u=gd(a,o);if(!u||u==="")return s("No key present");let c=await fd(u),l=await se(r,void 0,o),d=new oe(l,e),p=await d.get(c);if(p&&p.isValid===!0)return n.user=p.user,n;if(p&&!p.isValid)return p.typeId!==Ja&&Q.getLogger(e).error(`ApiKeyInboundPolicy '${r}' - cached metadata has invalid typeId '${p.typeId}'`,p),s("Authorization Failed");let m={key:u},h=new Headers({"content-type":"application/json"});_e(h,e.requestId);let I=await we({retryDelayMs:5,retries:2,logger:Q.getLogger(e)},`${y.instance.apiKeyServiceUrl}/v1/$validate/${o.bucketName}`,{method:"POST",headers:h,body:JSON.stringify(m)});if(I.status===401)return e.log.info(`ApiKeyInboundPolicy '${r}' - 401 response from Key Service`),s("Authorization Failed");if(I.status!==200){try{let L=await I.text(),S=JSON.parse(L);e.log.error("Unexpected response from key service",S)}catch{e.log.error("Invalid response from key service")}throw new k(`ApiKeyInboundPolicy '${r}' - unexpected response from Key Service. Status: ${I.status}`)}let b=await I.json(),C={isValid:!0,typeId:Ja,user:{apiKeyId:b.id,sub:b.name,data:b.metadata}};return n.user=C.user,d.put(c,C,o.cacheTtlSeconds),n}i(pi,"ApiKeyInboundPolicy");async function fd(n){let e=new TextEncoder().encode(n),t=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(t)).map(s=>s.toString(16).padStart(2,"0")).join("")}i(fd,"hashValue");var hd=pi;var Ka=Symbol("aserto-authz-resource-context"),mi=class extends ae{static{i(this,"AsertoAuthZInboundPolicy")}cache;authorizationUrl;static setAuthorizationContext(e,t){ne.set(e,Ka,t)}constructor(e,t){if(super(e,t),W(e,t).required("tenantId","string").required("authorizerApiKey","string").required("serviceName","string").optional("policyName","string").optional("authorizerApiUrl","string").optional("allowUnauthorizedRequests","boolean").optional("userSubPropertyPath","string"),this.options.authorizerApiUrl)try{new URL(this.options.authorizerApiUrl)}catch{throw new g(`${this.policyType} '${this.policyName}' - Value of 'authorizerApiUrl' is not a valid URL. If using an environment variable, check that it is set correctly.`)}this.authorizationUrl=new URL("/api/v2/authz/is",this.options.authorizerApiUrl??"https://authorizer.prod.aserto.com")}async handler(e,t){if(!this.cache){let c=await se(this.policyName,void 0,this.options);this.cache=new oe(c,t)}let r=i(c=>this.options.allowUnauthorizedRequests?e:x.forbidden(e,t,{detail:c}),"forbiddenResponse");if(!e.user)return t.log.error(`${this.policyType} '${this.policyName}' - User is not authenticated. An authentication policy must come before the authorization policy.`),x.unauthorized(e,t);let o=ne.get(t,Ka),s;o?.policyInstance?s=o.policyInstance:this.options.policyName?s={name:this.options.policyName}:s={name:"api-auth"};let a=this.options.userSubPropertyPath&&e.user?$e(e.user,this.options.userSubPropertyPath,"userSubPropertyPath"):e.user.sub,u={identityContext:o?.identityContext??{type:"IDENTITY_TYPE_SUB",identity:a},resourceContext:o?.resourceContext??{object_type:"endpoint",object_id:`${this.options.serviceName}:${e.method}:${t.route.path}`,relation:"can_invoke"},policyContext:o?.policyContext??{decisions:["allowed"],path:"rebac.check"},policyInstance:s};try{t.log.debug("Aserto Request",u);let c=await z.fetch(this.authorizationUrl,{headers:{"Content-Type":"application/json","Aserto-Tenant-ID":this.options.tenantId,Authorization:`basic ${this.options.authorizerApiKey}`},method:"POST",body:JSON.stringify(u)});if(c.status!==200){let d=`Error calling Aserto service. Status: ${c.status}`;try{d=(await c.json()).message}catch{}return t.log.error(`${this.policyType} '${this.policyName}' - ${d}`),c.status>=400&&c.status<500?r(d):x.internalServerError(e,t)}let l=await c.json();return t.log.debug("Aserto Response",l),l.decisions?.[0].is?e:(t.log.debug(`${this.policyType} '${this.policyName}' - The request was not authorized.`,l),r("The request was not authorized."))}catch(c){return t.log.error(`${this.policyType} '${this.policyName}' - Error calling Aserto service`,c),x.internalServerError(e,t)}}};import{createRemoteJWKSet as bd,jwtVerify as Ya}from"jose";import{createLocalJWKSet as yd}from"jose";var gi=class{constructor(e,t,r){this.cache=t;if(!(e instanceof URL))throw new TypeError("url must be an instance of URL");this.url=new URL(e.href),this.options={agent:r?.agent,headers:r?.headers},this.timeoutDuration=typeof r?.timeoutDuration=="number"?r?.timeoutDuration:5e3,this.cooldownDuration=typeof r?.cooldownDuration=="number"?r?.cooldownDuration:3e4,this.cacheMaxAge=typeof r?.cacheMaxAge=="number"?r?.cacheMaxAge:6e5}static{i(this,"RemoteJWKSet")}url;timeoutDuration;cooldownDuration;cacheMaxAge;jwksTimestamp;pendingFetch;options;local;coolingDown(){return typeof this.jwksTimestamp=="number"?Date.now()<this.jwksTimestamp+this.cooldownDuration:!1}fresh(){return typeof this.jwksTimestamp=="number"?Date.now()<this.jwksTimestamp+this.cacheMaxAge:!1}async getKey(e,t){(!this.local||!this.fresh())&&await this.reload();try{return await this.local(e,t)}catch(r){if(r instanceof fi&&this.coolingDown()===!1)return await this.reload(),this.local(e,t);throw r}}async reload(){this.pendingFetch&&(this.pendingFetch=void 0);let e=new Headers(this.options.headers);e.has("User-Agent")||(e.set("User-Agent",y.instance.systemUserAgent),this.options.headers=Object.fromEntries(e.entries())),this.pendingFetch||=this.fetchJwks(this.url,this.timeoutDuration,this.options).then(t=>{this.local=yd(t),this.jwksTimestamp=Date.now(),this.pendingFetch=void 0}).catch(t=>{throw this.pendingFetch=void 0,t}),await this.pendingFetch}async fetchJwks(e,t,r){let o=await this.cache.get(this.url.href);if(o)return o;let s,a,u=!1;typeof AbortController=="function"&&(s=new AbortController,a=setTimeout(()=>{u=!0,s.abort()},t));let c=await z.fetch(e.href,{signal:s?s.signal:void 0,redirect:"manual",headers:r.headers}).catch(l=>{throw u?new hi("JWKS fetch timed out"):l});if(a!==void 0&&clearTimeout(a),c.status!==200)throw new Et("Expected 200 OK from the JSON Web Key Set HTTP response");try{let l=await c.json();return this.cache.put(this.url.href,l,this.cacheMaxAge),l}catch{throw new Et("Failed to parse the JSON Web Key Set HTTP response as JSON")}}};function Qa(n,e,t){let r=new gi(n,e,t);return async(o,s)=>r.getKey(o,s)}i(Qa,"createRemoteJWKSet");var Et=class extends k{static{i(this,"JWKSError")}},fi=class extends Et{static{i(this,"JWKSNoMatchingKey")}},hi=class extends Et{static{i(this,"JWKSTimeout")}};var Xn={},wd=i((n,e)=>async(t,r)=>{if(!r.jwkUrl||typeof r.jwkUrl!="string")throw new g("Invalid State - jwkUrl not set");if(!Xn[r.jwkUrl]){let s=!1;if("useExperimentalInMemoryCache"in r&&typeof r.useExperimentalInMemoryCache=="boolean"&&(s=r.useExperimentalInMemoryCache),s){let a=await se(n,void 0,r),u=new oe(a,e);Xn[r.jwkUrl]=Qa(new URL(r.jwkUrl),u,r.headers?{headers:r.headers}:void 0)}else Xn[r.jwkUrl]=bd(new URL(r.jwkUrl),r.headers?{headers:r.headers}:void 0)}let{payload:o}=await Ya(t,Xn[r.jwkUrl],{issuer:r.issuer,audience:r.audience});return o},"createJwkVerifier"),Rd=i(async(n,e)=>{let t;if(e.secret===void 0)throw new g("secretVerifier requires secret to be defined");if(typeof e.secret=="string"){let s=new TextEncoder().encode(e.secret);t=new Uint8Array(s)}else t=e.secret;let{payload:r}=await Ya(n,t,{issuer:e.issuer,audience:e.audience});return r},"secretVerifier"),Pe=i(async(n,e,t,r)=>{f("policy.inbound.open-id-jwt-auth");let o=t.authHeader??"Authorization",s=n.headers.get(o),a="bearer ",u=i(h=>x.unauthorized(n,e,{detail:h}),"unauthorizedResponse");if(!t.jwkUrl&&!t.secret)throw new g(`OpenIdJwtInboundPolicy policy '${r}': One of 'jwkUrl' or 'secret' options are required.`);if(t.jwkUrl&&t.secret)throw new g(`OpenIdJwtInboundPolicy policy '${r}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=t.jwkUrl?wd(r,e):Rd,d=await i(async()=>{if(!s)return u("No authorization header");if(s.toLowerCase().indexOf(a)!==0)return u("Invalid bearer token format for authorization header");let h=s.substring(a.length);if(!h||h.length===0)return u("No bearer token on authorization header");try{return await c(h,t)}catch(I){let b=new URL(n.url);return"code"in I&&I.code==="ERR_JWT_EXPIRED"?e.log.warn(`Expired token used on url: ${b.pathname} `,I):e.log.warn(`Invalid token on: ${n.method} ${b.pathname}`,I),u("Invalid token")}},"getJwtOrRejectedResponse")();if(d instanceof Response)return t.allowUnauthenticatedRequests===!0?n:d;let p=t.subPropertyName??"sub",m=d[p];return m?(n.user={sub:m,data:d},n):u(`Token is not valid, no '${p}' property found.`)},"OpenIdJwtInboundPolicy");var Pd=i(async(n,e,t,r)=>(f("policy.inbound.auth0-jwt-auth"),Pe(n,e,{issuer:`https://${t.auth0Domain}/`,audience:t.audience,jwkUrl:`https://${t.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests},r)),"Auth0JwtInboundPolicy");var Xa=new Map;function Id(n){let e=[],t=0;for(;t<n.length;){if(n[t]==="."){t++;continue}if(n[t]==="["){for(t++;t<n.length&&/\s/.test(n[t]);)t++;let r=n[t];if(r!=='"'&&r!=="'"){for(;t<n.length&&n[t]!=="]";)t++;t++;continue}t++;let o=t;for(;t<n.length&&n[t]!==r;)t++;let s=n.substring(o,t);for(e.push(s),t++;t<n.length&&/\s/.test(n[t]);)t++;n[t]==="]"&&t++}else{let r=t;for(;t<n.length&&n[t]!=="."&&n[t]!=="[";)t++;let o=n.substring(r,t).trim();o.length>0&&e.push(o)}}return e}i(Id,"parsePropertyPath");function er(n,e){let t="$authzen-prop(";if(!n.startsWith(t)||!n.endsWith(")"))return n;let r=n.slice(t.length,-1),o=Xa.get(r);o||(o=Id(r),Xa.set(r,o));let s=e;for(let a of o){if(s==null)return;typeof s.get=="function"?s=s.get(a):s=s[a]}return s}i(er,"evaluateAuthzenProp");var eu=Symbol("AUTHZEN_CONTEXT_DATA_52a5cf22-d922-4673-9815-6dc3d49071d9"),yi=class n extends ae{static{i(this,"AuthZenInboundPolicy")}#e;#t;constructor(e,t){if(super(e,t),W(e,t).required("authorizerHostname","string").optional("authorizerAuthorizationHeader","string").optional("subject","object").optional("resource","object").optional("action","object").optional("throwOnError","boolean"),e.subject&&!e.subject.type)throw new g(`${this.policyType} '${this.policyName}' - subject.type is required.`);if(e.subject&&!e.subject.id)throw new g(`${this.policyType} '${this.policyName}' - subject.id is required.`);if(e.resource&&!e.resource.type)throw new g(`${this.policyType} '${this.policyName}' - resource.type is required.`);if(e.resource&&!e.resource.id)throw new g(`${this.policyType} '${this.policyName}' - resource.id is required.`);if(e.action&&!e.action.name)throw new g(`${this.policyType} '${this.policyName}' - action.name is required.`);this.#e=(e.authorizerHostname.startsWith("https://")?e.authorizerHostname:`https://${e.authorizerHostname}`)+"/access/v1/evaluation";try{new URL(this.#e)}catch(r){throw new g(`${this.policyType} '${this.policyName}' - authorizerUrl '${this.#e}' is not valid
   ${r}`)}}async handler(e,t){let r=this.options.throwOnError!==!1;try{await this.#o(t);let o=this.options.debug===!0,s={subject:Object.assign({},this.options.subject),resource:Object.assign({},this.options.resource),action:Object.assign({},this.options.action)},a={request:e,context:t};s.action?.name!==void 0&&(s.action.name=er(s.action.name,a)),s.subject?.id!==void 0&&(s.subject.id=er(s.subject.id,a)),s.resource?.id!==void 0&&(s.resource.id=er(s.resource.id,a)),o&&t.log.debug(`${this.policyType} '${this.policyName}' - Evaluated payload from options`,s);let u=n.getAuthorizationPayload(t);u&&Object.assign(s,u),o&&t.log.debug(`${this.policyType} '${this.policyName}' - Using context payload to override working payload`,{contextPayload:u,final:s}),this.#n(t,!s.subject?.type||!s.subject?.id,"Missing required subject type or id"),this.#n(t,!s.resource?.type||!s.resource?.id,"Missing required resource type or id"),this.#n(t,!s.action,"Missing required action");let c={"content-type":"application/json"};this.options.authorizerAuthorizationHeader&&(c.authorization=this.options.authorizerAuthorizationHeader);let l=await fetch(this.#e,{method:"POST",body:JSON.stringify(s),headers:c});if(!l.ok){let p=`${this.policyType} '${this.policyName}' - Unexpected response from PDP: ${l.status} - ${l.statusText}:
-${await l.text()}`;if(r)throw new Error(p);return t.log.error(p),e}let d=await l.json();if(o&&t.log.debug(`${this.policyType} '${this.policyName}' - PDP response`,d),d.decision!==!0)return this.#r(e,t,d.reason)}catch(o){if(r)throw o;t.log.error(`${this.policyType} '${this.policyName}' - Error in policy: ${o}`)}return e}#n(e,t,r){if(t){let o=`${this.policyType} '${this.policyName}' - ${r}`;if(this.options.throwOnError)throw new g(o);e.log.warn(o)}}async#r(e,t,r){return x.forbidden(e,t,{detail:r})}async#o(e){if(!this.#t){let t=await se(this.policyName,void 0,this.options);this.#t=new oe(t,e)}}static setAuthorizationPayload(e,t){te.set(e,Ya,t)}static getAuthorizationPayload(e){return te.get(e,Ya)}};var tr=class{constructor(e){this.options=e;this.authHeader=`Basic ${btoa(e.pdpUsername+":"+e.pdpPassword)}`,this.authorizationUrl=new URL("/authorize",e.pdpUrl).toString()}static{i(this,"PdpService")}authHeader;authorizationUrl;async makePdpRequest(e){let t=await z.fetch(this.authorizationUrl,{method:"POST",body:JSON.stringify(e),headers:{"Content-Type":"application/xacml+json; charset=UTF-8",[this.options.tokenHeaderName??"Authorization"]:this.authHeader}});if(!t.ok)throw new Error(`Request to PDP service failed with response status ${t.status}.`);return await t.json()}};var bi=class n extends ae{static{i(this,"AxiomaticsAuthZInboundPolicy")}pdpService;static#e;static setAuthAttributes(e,t){n.#e||(n.#e=new WeakMap),n.#e.set(e,{Request:t})}constructor(e,t){super(e,t),f("policy.inbound.axiomatics-authz"),W(e,t).required("pdpUrl","string").required("pdpUsername","string").required("pdpPassword","string"),this.pdpService=new tr(e)}async handler(e,t){let r=i(a=>this.options.allowUnauthorizedRequests?e:x.forbidden(e,t,{detail:a}),"forbiddenResponse"),o=new URL(e.url),s=n.#e?.get(t)??{Request:{}};if(this.options.includeDefaultSubjectAttributes!==!1&&e.user){let a=[{AttributeId:"request.user.sub",Value:e.user.sub}];this.addAttributesToCategory(s,"AccessSubject",a)}if(this.options.includeDefaultActionAttributes!==!1){let a=[{AttributeId:"request.method",Value:e.method}];this.addAttributesToCategory(s,"Action",a)}if(this.options.includeDefaultResourceAttributes!==!1){let a=[];a.push({AttributeId:"request.protocol",Value:o.protocol.substring(0,o.protocol.length-1)}),a.push({AttributeId:"request.host",Value:o.host}),a.push({AttributeId:"request.pathname",Value:o.pathname}),Object.entries(e.params).forEach(([u,c])=>{a.push({AttributeId:`request.params.${u}`,Value:c})}),o.searchParams.forEach((u,c)=>{a.push({AttributeId:`request.query.${c}`,Value:u})}),this.addAttributesToCategory(s,"Resource",a)}this.populateOptionAttributes({optionName:"resourceAttributes",authzRequestCategory:"Resource",authzRequest:s,context:t}),this.populateOptionAttributes({optionName:"actionAttributes",authzRequestCategory:"Action",authzRequest:s,context:t}),this.populateOptionAttributes({optionName:"accessSubjectAttributes",authzRequestCategory:"AccessSubject",authzRequest:s,context:t});try{t.log.debug("PDP Request",s);let a=await this.pdpService.makePdpRequest(s);return t.log.debug("PDP Response",a),a.Response.every(u=>u.Decision==="Permit")?e:(t.log.debug(`${this.policyType} '${this.policyName}' - The request was not authorized.`,a),r("The request was not authorized."))}catch(a){return t.log.error(`${this.policyType} '${this.policyName}' - Error calling PDP service`,a),x.internalServerError(e,t)}}populateOptionAttributes({optionName:e,authzRequestCategory:t,authzRequest:r,context:o}){let s=this.options[e];if(s){let a=[];s.forEach(u=>{u.value?a.push({AttributeId:u.attributeId,Value:u.value}):o.log.warn(`${this.policyType} '${this.policyName}' - The attribute ${u.attributeId} has no value. If using a selector, check that the selector is correct.`)}),this.addAttributesToCategory(r,t,a)}}addAttributesToCategory(e,t,r){e.Request[t]||(e.Request[t]=[]),e.Request[t].length===0?e.Request[t].push({Attribute:[]}):e.Request[t][0].Attribute=e.Request[t][0].Attribute??[],e.Request[t][0].Attribute.push(...r)}};var Pd=i(async(n,e,t)=>{f("policy.inbound.basic-auth");let r=n.headers.get("Authorization"),o="basic ",s=i(l=>x.unauthorized(n,e,{detail:l}),"unauthorizedResponse"),u=await i(async()=>{if(!r)return await s("No Authorization header");if(r.toLowerCase().indexOf(o)!==0)return await s("Invalid Basic token format for Authorization header");let l=r.substring(o.length);if(!l||l.length===0)return await s("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await s("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),I=t.accounts.find(b=>b.username===m&&b.password===h);return I||await s("Invalid username or password")},"getAccountOrRejectedResponse")();if(u instanceof Response)return t.allowUnauthenticatedRequests?n:u;let c=u.username;return n.user={sub:c,data:u.data},n},"BasicAuthInboundPolicy");function nr(n){return{second:n.getSeconds(),minute:n.getMinutes(),hour:n.getHours(),day:n.getDate(),month:n.getMonth(),weekday:n.getDay(),year:n.getFullYear()}}i(nr,"extractDateElements");function Xa(n,e){return new Date(n,e+1,0).getDate()}i(Xa,"getDaysInMonth");function wi(n,e){return n<=e?e-n:6-n+e+1}i(wi,"getDaysBetweenWeekdays");var rr=class{static{i(this,"Cron")}seconds;minutes;hours;days;months;weekdays;reversed;constructor({seconds:e,minutes:t,hours:r,days:o,months:s,weekdays:a}){if(!e||e.size===0)throw new Error("There must be at least one allowed second.");if(!t||t.size===0)throw new Error("There must be at least one allowed minute.");if(!r||r.size===0)throw new Error("There must be at least one allowed hour.");if(!s||s.size===0)throw new Error("There must be at least one allowed month.");if((!a||a.size===0)&&(!o||o.size===0))throw new Error("There must be at least one allowed day or weekday.");this.seconds=Array.from(e).sort((c,l)=>c-l),this.minutes=Array.from(t).sort((c,l)=>c-l),this.hours=Array.from(r).sort((c,l)=>c-l),this.days=Array.from(o).sort((c,l)=>c-l),this.months=Array.from(s).sort((c,l)=>c-l),this.weekdays=Array.from(a).sort((c,l)=>c-l);let u=i((c,l,d)=>{if(l.some(p=>typeof p!="number"||p%1!==0||p<d.min||p>d.max))throw new Error(`${c} must only consist of integers which are within the range of ${d.min} and ${d.max}`)},"validateData");u("seconds",this.seconds,{min:0,max:59}),u("minutes",this.minutes,{min:0,max:59}),u("hours",this.hours,{min:0,max:23}),u("days",this.days,{min:1,max:31}),u("months",this.months,{min:0,max:11}),u("weekdays",this.weekdays,{min:0,max:6}),this.reversed={seconds:this.seconds.map(c=>c).reverse(),minutes:this.minutes.map(c=>c).reverse(),hours:this.hours.map(c=>c).reverse(),days:this.days.map(c=>c).reverse(),months:this.months.map(c=>c).reverse(),weekdays:this.weekdays.map(c=>c).reverse()}}findAllowedHour(e,t){return e==="next"?this.hours.find(r=>r>=t):this.reversed.hours.find(r=>r<=t)}findAllowedMinute(e,t){return e==="next"?this.minutes.find(r=>r>=t):this.reversed.minutes.find(r=>r<=t)}findAllowedSecond(e,t){return e==="next"?this.seconds.find(r=>r>t):this.reversed.seconds.find(r=>r<t)}findAllowedTime(e,t){let r=this.findAllowedHour(e,t.hour);if(r!==void 0)if(r===t.hour){let o=this.findAllowedMinute(e,t.minute);if(o!==void 0)if(o===t.minute){let s=this.findAllowedSecond(e,t.second);if(s!==void 0)return{hour:r,minute:o,second:s};if(o=this.findAllowedMinute(e,e==="next"?t.minute+1:t.minute-1),o!==void 0)return{hour:r,minute:o,second:e==="next"?this.seconds[0]:this.reversed.seconds[0]}}else return{hour:r,minute:o,second:e==="next"?this.seconds[0]:this.reversed.seconds[0]};if(r=this.findAllowedHour(e,e==="next"?t.hour+1:t.hour-1),r!==void 0)return{hour:r,minute:e==="next"?this.minutes[0]:this.reversed.minutes[0],second:e==="next"?this.seconds[0]:this.reversed.seconds[0]}}else return{hour:r,minute:e==="next"?this.minutes[0]:this.reversed.minutes[0],second:e==="next"?this.seconds[0]:this.reversed.seconds[0]}}findAllowedDayInMonth(e,t,r,o){if(o<1)throw new Error("startDay must not be smaller than 1.");let s=Xa(t,r),a=this.days.length!==31,u=this.weekdays.length!==7;if(!a&&!u)return o>s?e==="next"?void 0:s:o;let c;a&&(c=e==="next"?this.days.find(d=>d>=o):this.reversed.days.find(d=>d<=o),c!==void 0&&c>s&&(c=void 0));let l;if(u){let d=new Date(t,r,o).getDay(),p=e==="next"?this.weekdays.find(m=>m>=d)??this.weekdays[0]:this.reversed.weekdays.find(m=>m<=d)??this.reversed.weekdays[0];if(p!==void 0){let m=e==="next"?wi(d,p):wi(p,d);l=e==="next"?o+m:o-m,(l>s||l<1)&&(l=void 0)}}if(c!==void 0&&l!==void 0)return e==="next"?Math.min(c,l):Math.max(c,l);if(c!==void 0)return c;if(l!==void 0)return l}getNextDate(e=new Date){let t=nr(e),r=t.year,o=this.months.findIndex(a=>a>=t.month);o===-1&&(o=0,r++);let s=this.months.length*5;for(let a=0;a<s;a++){let u=r+Math.floor((o+a)/this.months.length),c=this.months[(o+a)%this.months.length],l=u===t.year&&c===t.month,d=this.findAllowedDayInMonth("next",u,c,l?t.day:1),p=l&&d===t.day;if(d!==void 0&&p){let m=this.findAllowedTime("next",t);if(m!==void 0)return new Date(u,c,d,m.hour,m.minute,m.second);d=this.findAllowedDayInMonth("next",u,c,d+1),p=!1}if(d!==void 0&&!p)return new Date(u,c,d,this.hours[0],this.minutes[0],this.seconds[0])}throw new Error("No valid next date was found.")}getNextDates(e,t){let r=[],o;for(let s=0;s<e;s++)o=this.getNextDate(o??t),r.push(o);return r}*getNextDatesIterator(e,t){let r;for(;;){if(r=this.getNextDate(e),e=r,t&&t.getTime()<r.getTime())return;yield r}}getPrevDate(e=new Date){let t=nr(e),r=t.year,o=this.reversed.months.findIndex(a=>a<=t.month);o===-1&&(o=0,r--);let s=this.reversed.months.length*5;for(let a=0;a<s;a++){let u=r-Math.floor((o+a)/this.reversed.months.length),c=this.reversed.months[(o+a)%this.reversed.months.length],l=u===t.year&&c===t.month,d=this.findAllowedDayInMonth("prev",u,c,l?t.day:31),p=l&&d===t.day;if(d!==void 0&&p){let m=this.findAllowedTime("prev",t);if(m!==void 0)return new Date(u,c,d,m.hour,m.minute,m.second);d>1&&(d=this.findAllowedDayInMonth("prev",u,c,d-1),p=!1)}if(d!==void 0&&!p)return new Date(u,c,d,this.reversed.hours[0],this.reversed.minutes[0],this.reversed.seconds[0])}throw new Error("No valid previous date was found.")}getPrevDates(e,t){let r=[],o;for(let s=0;s<e;s++)o=this.getPrevDate(o??t),r.push(o);return r}*getPrevDatesIterator(e,t){let r;for(;;){if(r=this.getPrevDate(e),e=r,t&&t.getTime()>r.getTime())return;yield r}}matchDate(e){let{second:t,minute:r,hour:o,day:s,month:a,weekday:u}=nr(e);return this.seconds.indexOf(t)===-1||this.minutes.indexOf(r)===-1||this.hours.indexOf(o)===-1||this.months.indexOf(a)===-1?!1:this.days.length!==31&&this.weekdays.length!==7?this.days.indexOf(s)!==-1||this.weekdays.indexOf(u)!==-1:this.days.indexOf(s)!==-1&&this.weekdays.indexOf(u)!==-1}};var Id={min:0,max:59},Ed={min:0,max:59},xd={min:0,max:23},Td={min:1,max:31},Cd={min:1,max:12,aliases:{jan:"1",feb:"2",mar:"3",apr:"4",may:"5",jun:"6",jul:"7",aug:"8",sep:"9",oct:"10",nov:"11",dec:"12"}},vd={min:0,max:7,aliases:{mon:"1",tue:"2",wed:"3",thu:"4",fri:"5",sat:"6",sun:"7"}},Sd={"@yearly":"0 0 1 1 *","@annually":"0 0 1 1 *","@monthly":"0 0 1 1 *","@weekly":"0 0 * * 0","@daily":"0 0 * * *","@hourly":"0 * * * *","@minutely":"* * * * *"};function lt(n,e){let t=new Set;if(n==="*"){for(let d=e.min;d<=e.max;d=d+1)t.add(d);return t}let r=n.split(",");if(r.length>1)return r.forEach(d=>{lt(d,e).forEach(m=>t.add(m))}),t;let o=i(d=>{d=e.aliases?.[d.toLowerCase()]??d;let p=parseInt(d,10);if(Number.isNaN(p))throw new Error(`Failed to parse ${n}: ${d} is NaN.`);if(p<e.min||p>e.max)throw new Error(`Failed to parse ${n}: ${d} is outside of constraint range of ${e.min} - ${e.max}.`);return p},"parseSingleElement"),s=/^((([0-9a-zA-Z]+)-([0-9a-zA-Z]+))|\*)(\/([0-9]+))?$/.exec(n);if(s===null)return t.add(o(n)),t;let a=s[1]==="*"?e.min:o(s[3]),u=s[1]==="*"?e.max:o(s[4]);if(a>u)throw new Error(`Failed to parse ${n}: Invalid range (start: ${a}, end: ${u}).`);let c=s[6],l=1;if(c!==void 0){if(l=parseInt(c,10),Number.isNaN(l))throw new Error(`Failed to parse step: ${c} is NaN.`);if(l<1)throw new Error(`Failed to parse step: Expected ${c} to be greater than 0.`)}for(let d=a;d<=u;d=d+l)t.add(d);return t}i(lt,"parseElement");function Ri(n){if(typeof n!="string")throw new TypeError("Invalid cron expression: must be of type string.");n=Sd[n.toLowerCase()]??n;let e=n.split(" ");if(e.length<5||e.length>6)throw new Error("Invalid cron expression: expected 5 or 6 elements.");let t=e.length===6?e[0]:"0",r=e.length===6?e[1]:e[0],o=e.length===6?e[2]:e[1],s=e.length===6?e[3]:e[2],a=e.length===6?e[4]:e[3],u=e.length===6?e[5]:e[4];return new rr({seconds:lt(t,Id),minutes:lt(r,Ed),hours:lt(o,xd),days:lt(s,Td),months:new Set(Array.from(lt(a,Cd)).map(c=>c-1)),weekdays:new Set(Array.from(lt(u,vd)).map(c=>c%7))})}i(Ri,"parseCronExpression");var Pi=class extends ae{static{i(this,"BrownoutInboundPolicy")}crons;constructor(e,t){if(super(e,t),f("policy.inbound.brownout"),W(e,t).optional("problem","object"),e.problem&&W(e.problem,t,"policy","problem").optional("detail","string").optional("status","string").optional("title","string"),typeof e.cronSchedule!="string"&&!(typeof e.cronSchedule=="object"&&Array.isArray(e.cronSchedule)&&!e.cronSchedule.some(r=>typeof r!="string")))throw new g(`Value of 'cronSchedule' on policy '${t}' must be of type string or string[]. Received type ${typeof e.cronSchedule}.`);typeof this.options.cronSchedule=="string"?this.crons=[Ri(this.options.cronSchedule)]:this.crons=this.options.cronSchedule.map(r=>Ri(r))}async handler(e,t){let r=new Date;if(r.setSeconds(0),r.setMilliseconds(0),this.crons.some(s=>s.matchDate(r))){let s=x.getProblemFromStatus(this.options.problem?.status??400,{detail:"This API is performing a scheduled brownout in advance of its pending deprecation. Please upgrade to a later version.",...this.options.problem});return x.format(s,e,t)}return e}};var Ad=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function Od(n){let e=new TextEncoder().encode(n),t=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(t)).map(s=>s.toString(16).padStart(2,"0")).join("")}i(Od,"digestMessage");var kd=i(async(n,e)=>{let t=[...e.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...e.headers??[]],r=[];for(let[d,p]of n.headers.entries())t.includes(d)&&r.push({key:d.toLowerCase(),value:p});r.sort((d,p)=>d.key.localeCompare(p.key));let o=await Od(JSON.stringify(r)),s=new URL(n.url),a=new URLSearchParams(s.searchParams);a.set("_z-hdr-dgst",o);let u=e.cacheHttpMethods?.includes(n.method.toUpperCase())&&n.method.toUpperCase()!=="GET";u&&a.set("_z-original-method",n.method);let c=`${s.origin}${s.pathname}?${a}`;return new Request(c,{method:u?"GET":n.method})},"createCacheKeyRequest");async function Ld(n,e,t,r){f("policy.inbound.caching");let o=await se(r,t.cacheId,t),s=await caches.open(o),a=t?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],u=await kd(n,t),c=await s.match(u);return c||(e.addEventListener("responseSent",l=>{try{let d=t.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(n.method.toUpperCase()))return;let m=t?.expirationSecondsTtl??60,h=new Response(p.body,p);Ad.forEach(I=>h.headers.delete(I)),h.headers.set("cache-control",`s-maxage=${m}`),e.waitUntil(s.put(u,h))}catch(d){e.log.error(`Error in caching-inbound-policy '${r}': "${d.message}"`,d)}}),n)}i(Ld,"CachingInboundPolicy");var _d=i(async(n,e,t,r)=>{if(f("policy.inbound.change-method"),!t.method)throw new g(`ChangeMethodInboundPolicy '${r}' options.method must be valid HttpMethod`);return new re(n,{method:t.method})},"ChangeMethodInboundPolicy");var Nd=i(async(n,e,t)=>{f("policy.inbound.clear-headers");let r=[...t.exclude??[]],o=new Headers;return r.forEach(a=>{let u=n.headers.get(a);u&&o.set(a,u)}),new re(n,{headers:o})},"ClearHeadersInboundPolicy");var Dd=i(async(n,e,t,r)=>{f("policy.outbound.clear-headers");let o=[...r.exclude??[]],s=new Headers;return o.forEach(u=>{let c=n.headers.get(u);c&&s.set(u,c)}),new Response(n.body,{headers:s,status:n.status,statusText:n.statusText})},"ClearHeadersOutboundPolicy");var Md=i(async(n,e,t,r)=>{f("policy.inbound.clerk-jwt-auth");let o=new URL(t.frontendApiUrl.startsWith("https://")||t.frontendApiUrl.startsWith("http://")?t.frontendApiUrl:`https://${t.frontendApiUrl}`),s=new URL(o);return s.pathname="/.well-known/jwks.json",Pe(n,e,{issuer:o.href.slice(0,-1),jwkUrl:s.toString(),allowUnauthenticatedRequests:t.allowUnauthenticatedRequests},r)},"ClerkJwtInboundPolicy");var qd=i(async(n,e,t,r)=>{if(f("policy.inbound.cognito-jwt-auth"),!t.userPoolId)throw new g("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!t.region)throw new g("region must be set in the options for CognitoJwtInboundPolicy");return Pe(n,e,{issuer:`https://cognito-idp.${t.region}.amazonaws.com/${t.userPoolId}`,jwkUrl:`https://cognito-idp.${t.region}.amazonaws.com/${t.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests},r)},"CognitoJwtInboundPolicy");var or=class extends Error{static{i(this,"ValidationError")}constructor(e){super(e)}},Ii=class extends or{static{i(this,"ArgumentUndefinedError")}constructor(e){super(`The argument '${e}' is undefined.`)}},Ei=class extends or{static{i(this,"ArgumentTypeError")}constructor(e,t){super(`The argument '${e}' must be of type '${t}'.`)}};function Ud(n,e){if(Us(n))throw new Ii(e)}i(Ud,"throwIfUndefinedOrNull");function eu(n,e){if(Ud(n,e),!xe(n))throw new Ei(e,"string")}i(eu,"throwIfNotString");var xi=class{static{i(this,"InMemoryRateLimitClient")}keyValueStore;constructor(){this.keyValueStore=new Map}getCountAndUpdateExpiry(e,t){let o=Math.floor(t*60),s=Date.now()+o*1e3,a=this.keyValueStore.get(e);a?Date.now()>a.expiresAt?this.keyValueStore.set(e,{value:1,expiresAt:s}):this.keyValueStore.set(e,{value:a.value+1,expiresAt:a.expiresAt}):this.keyValueStore.set(e,{value:1,expiresAt:s});let u=this.keyValueStore.get(e);return Promise.resolve({count:u.value,ttlSeconds:Math.round((u.expiresAt-Date.now())/1e3)})}multiIncrement(e,t){throw new Error("In memory complex rate limits are not currently supported.")}multiCount(e,t){throw new Error("In memory complex rate limits are not currently supported.")}setQuota(e,t,r){throw new Error("In memory quotas are not currently supported.")}getQuota(e,t){throw new Error("In memory quotas are not currently supported.")}},Hd=500,Ti=class{constructor(e){this.clientUrl=e}static{i(this,"RemoteRateLimitClient")}static instance;async fetch({url:e,body:t,method:r,requestId:o}){eu(e,"url");let s=new AbortController;setTimeout(()=>{s.abort()},Hd);let a,u=new Headers({"content-type":"application/json"});_e(u,o);try{a=await z.fetch(`${this.clientUrl}${e}`,{method:r,body:t,signal:s.signal,headers:u})}catch(l){throw console.error("Rate limit service timed out",l),new K("Rate limiting service failed.",{cause:l})}let c=a.headers.get("Content-Type")?.includes("application/json")?await a.json():await a.text();if(a.ok)return c;throw a.status===401?new K("Rate limiting service failed with 401: Unauthorized"):new K(`Rate limiting service failed with (${a.status})`)}async multiCount(e,t){return(await this.fetch({url:"/rate-limits/check",method:"POST",body:JSON.stringify({limits:e}),requestId:t})).data}async multiIncrement(e,t){return(await this.fetch({url:"/rate-limits/increment",method:"POST",body:JSON.stringify({limits:e}),requestId:t})).data}async getCountAndUpdateExpiry(e,t,r){let o=Math.floor(t*60);return await this.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:r})}async getQuota(e,t){let r=await ct(e);return await this.fetch({url:`/quota/${r}`,method:"GET",requestId:t})}async setQuota(e,t,r){let o=await ct(e);await this.fetch({url:`/quota/${o}`,method:"POST",body:JSON.stringify(t),requestId:r})}},xt;function et(n,e){let{redisURL:t,authApiJWT:r}=y.instance;if(xt)return xt;if(!r)return e.info("Using in-memory rate limit client for local development."),xt=new xi,xt;if(!xe(t))throw new K(`RateLimitClient used in policy '${n}' - rate limit service not configured`);if(!xe(r))throw new K(`RateLimitClient used in policy '${n}' - rate limit service not configured`);return xt=new Ti(t),xt}i(et,"getRateLimitClient");var $d=i(n=>{let e=n.headers.get("x-real-ip")??n.headers.get("true-client-ip")??n.headers.get("cf-connecting-ip");if(e)return e;let t=n.headers.get("x-forwarded-for");return t?t.split(",")[0]:"127.0.0.1"},"getRealIP");function Tt(n,e){return{function:zd(e,"RateLimitInboundPolicy",n),user:Fd,ip:Zd,all:jd}[e.rateLimitBy??"ip"]}i(Tt,"getRateLimitByFunctions");var Zd=i(async n=>({key:`ip-${$d(n)}`}),"getIP"),Fd=i(async n=>({key:`user-${n.user?.sub??"anonymous"}`}),"getUser"),jd=i(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll");function zd(n,e,t){let r;if(n.rateLimitBy==="function"){if(!n.identifier)throw new g(`${e} '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!n.identifier.module||typeof n.identifier.module!="object")throw new g(`${e} '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!n.identifier.export)throw new g(`${e} '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=n.identifier.module[n.identifier.export],!r||typeof r!="function")throw new g(`${e} '${t}' - Custom rate limit function must be a valid function`)}return i(async(s,a,u)=>{let c=await r(s,a,u);if(!c||typeof c!="object"){let l=`${e} '${u}' - Custom rate limit function must return a valid object.`;throw a.log.error(l),new k(l)}if(!("key"in c)){let l=`${e} '${u}' - Custom rate limit function must return a valid key property.`;throw a.log.error(l,c),new k(l)}if(typeof c.key!="string"){let l=`${e} '${u}' - Custom rate limit function must return a valid key property of type string. Received type '${typeof c.key}'`;throw a.log.error(l),new k(l)}return c},"outerFunction")}i(zd,"wrapUserFunction");var Ct="Retry-After";var tu=be("zuplo:policies:ComplexRateLimitInboundPolicy"),Ci=Symbol("complex-rate-limit-counters"),vi=class n extends ae{static{i(this,"ComplexRateLimitInboundPolicy")}static setIncrements(e,t){let r=te.get(e,Ci)??{};Object.assign(r,t),te.set(e,Ci,t)}static getIncrements(e){return te.get(e,Ci)??{}}constructor(e,t){super(e,t),f("policy.inbound.complex-rate-limit-inbound"),W(e,t).required("rateLimitBy","string").required("timeWindowMinutes","number").required("limits","object").optional("headerMode","string").optional("throwOnFailure","boolean").optional("mode","string").optional("identifier","object"),e.identifier&&W(e.identifier,t,"policy","identifier").required("export","string").required("module","object");for(let[r,o]of Object.entries(e.limits))if(typeof o!="number")throw new g(`ComplexRateLimitInboundPolicy '${this.policyName}' - The value of the limits must be numbers. The limit ${r} is set to type '${typeof e}'.`)}async handler(e,t){let r=Date.now(),o=Q.getLogger(t),s=et(this.policyName,o),a=i((c,l)=>{if(this.options.throwOnFailure)throw new K(c,{cause:l});o.error(c,l)},"throwOrLog"),u=i((c,l)=>{let d={};return(!c||c==="retry-after")&&(d[Ct]=l.toString()),x.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l=await Tt(this.policyName,this.options)(e,t,this.policyName),d=y.instance.isTestMode||y.instance.isWorkingCopy?y.instance.build.BUILD_ID:"",p=Object.assign({},this.options.limits,l.limits),m=(l.timeWindowMinutes??this.options.timeWindowMinutes??1)*60;t.addResponseSendingFinalHook(async()=>{try{let v=n.getIncrements(t);tu(`ComplexRateLimitInboundPolicy '${this.policyName}' - increments ${JSON.stringify(v)}`);let L=Object.entries(p).map(([$])=>({key:`complex-rate-limit${d}/${this.policyName}/${l.key}/${$}`,ttlSeconds:m,increment:v[$]??0})),S=s.multiIncrement(L,t.requestId);t.waitUntil(S),await S}catch(v){o.error(v),t.log.error(v)}});let h=Object.entries(p).map(([v,L])=>({key:`complex-rate-limit${d}/${this.policyName}/${l.key}/${v}`,ttlSeconds:m,limit:L})),I=await s.multiCount(h,t.requestId);return Bd(I,h).length>0?u(this.options.headerMode??"retry-after",m):e}catch(c){return a(c.message,c),e}finally{let c=Date.now()-r;tu(`ComplexRateLimitInboundPolicy '${this.policyName}' - latency ${c}ms`)}}};function Bd(n,e){let t=[];for(let r of n){let o=e.find(s=>s.key===r.key)?.limit||0;r.count>=o&&t.push(r)}return t}i(Bd,"findOverLimits");var Gd=i(async(n,e,t,r)=>{if(f("policy.inbound.composite"),!t.policies||t.policies.length===0)throw new g(`CompositeInboundPolicy '${r}' must have valid policies defined`);let o=he.instance,s=Vt(t.policies,o?.routeData.policies);return oo(s)(n,e)},"CompositeInboundPolicy");var Vd=i(async(n,e,t,r,o)=>{if(f("policy.outbound.composite"),!r.policies||r.policies.length===0)throw new g(`CompositeOutboundPolicy '${o}' must have valid policies defined`);let s=he.instance,a=Wt(r.policies,s?.routeData.policies);return io(a)(n,e,t)},"CompositeOutboundPolicy");var Wd=i(async(n,e,t,r)=>{f("policy.inbound.curity-phantom-token-auth");let o=n.headers.get("Authorization");if(!o)return x.unauthorized(n,e,{detail:"No authorization header"});let s=Jd(o);if(!s)return x.unauthorized(n,e,{detail:"Failed to parse token from Authorization header"});let a=await se(r,void 0,t),u=new oe(a,e),c=await u.get(s);if(!c){let l=await z.fetch(t.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${t.clientId}:${t.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+s+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)c=d,u.put(s,c,t.cacheDurationSeconds??600);else return l.status>=500?(e.log.error(`Error introspecting token - ${l.status}: '${d}'`),x.internalServerError(n,e,{detail:"Problem encountered authorizing the HTTP request"})):x.unauthorized(n,e)}return n.headers.set("Authorization",`Bearer ${c}`),n},"CurityPhantomTokenInboundPolicy");function Jd(n){return n.split(" ")[0]==="Bearer"?n.split(" ")[1]:null}i(Jd,"getToken");var Kd=i(async(n,e,t,r)=>(f("policy.inbound.firebase-jwt-auth"),W(t,r).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),Pe(n,e,{issuer:`https://securetoken.google.com/${t.projectId}`,audience:t.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:t.allowUnauthenticatedRequests},r)),"FirebaseJwtInboundPolicy");var Qd=i(async(n,e,t)=>{f("policy.inbound.form-data-to-json");let r="application/x-www-form-urlencoded",o="multipart/form-data",s=n.headers.get("content-type")?.toLowerCase();if(!s||![o,r].includes(s))return t&&t.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${r}' or ${o}`,{status:400,statusText:"Bad Request"}):n;let a=await n.formData();if(t&&t.optionalHoneypotName&&a.get(t.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let u={};for(let[d,p]of a)u[d]=p.toString();let c=new Headers(n.headers);return c.set("content-type","application/json"),c.delete("content-length"),new re(n,{body:JSON.stringify(u),headers:c})},"FormDataToJsonInboundPolicy");var vt="__unknown__",Yd=i(async(n,e,t,r)=>{f("policy.inbound.geo-filter");let o={allow:{countries:At(t.allow?.countries,"allow.countries",r),regionCodes:At(t.allow?.regionCodes,"allow.regionCode",r),asns:At(t.allow?.asns,"allow.asOrganization",r)},block:{countries:At(t.block?.countries,"block.countries",r),regionCodes:At(t.block?.regionCodes,"block.regionCode",r),asns:At(t.block?.asns,"block.asOrganization",r)},ignoreUnknown:t.ignoreUnknown!==!1},s=e.incomingRequestProperties.country?.toLowerCase()??vt,a=e.incomingRequestProperties.regionCode?.toLowerCase()??vt,u=e.incomingRequestProperties.asn?.toString()??vt,c=o.ignoreUnknown&&s===vt,l=o.ignoreUnknown&&a===vt,d=o.ignoreUnknown&&u===vt,p=o.allow.countries,m=o.allow.regionCodes,h=o.allow.asns;if(p.length>0&&!p.includes(s)&&!c||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(u)&&!d)return St(n,e,r,s,a,u);let I=o.block.countries,b=o.block.regionCodes,v=o.block.asns;return I.length>0&&I.includes(s)&&!c||b.length>0&&b.includes(a)&&!l||v.length>0&&v.includes(u)&&!d?St(n,e,r,s,a,u):n},"GeoFilterInboundPolicy");function St(n,e,t,r,o,s){return e.log.debug(`Request blocked by GeoFilterInboundPolicy '${t}' (country: '${r}', regionCode: '${o}', asn: '${s}')`),x.forbidden(n,e,{geographicContext:{country:r,regionCode:o,asn:s}})}i(St,"blockedResponse");function At(n,e,t){if(typeof n=="string")return n.split(",").map(r=>r.trim().toLowerCase());if(typeof n>"u")return[];if(Array.isArray(n))return n.map(r=>r.trim().toLowerCase());throw new g(`Invalid '${e}' for GeoFilterInboundPolicy '${t}': '${n}', must be a string or string[]`)}i(At,"toLowerStringArray");var Xd=i(async(n,e,t)=>{f("policy.inbound.jwt-scope-validation");let r=n.user?.data.scope.split(" ")||[];if(!i((s,a)=>a.every(u=>s.includes(u)),"scopeChecker")(r,t.scopes)){let s={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${t.scopes}`};return new Response(JSON.stringify(s),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return n},"JWTScopeValidationInboundPolicy");var ep=i(async(n,e,t,r)=>{f("policy.inbound.mock-api");let o=e.route.raw().responses;if(!o)return Si(r,n,e,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let s=Object.keys(o),a=[];if(s.length===0)return Si(r,n,e,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(s.forEach(u=>{o[u].content&&Object.keys(o[u].content).forEach(l=>{let d=o[u].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:u,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(u=>!(t.responsePrefixFilter&&!u.responseName.startsWith(t.responsePrefixFilter)||t.contentType&&u.contentName!==t.contentType||t.exampleName&&u.exampleName!==t.exampleName)),t.random&&a.length>1){let u=Math.floor(Math.random()*a.length);return nu(a[u])}else return a.length>0?nu(a[0]):Si(r,n,e,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");function nu(n){let e=JSON.stringify(n.exampleValue,null,2),t=new Headers;switch(t.set("Content-Type",n.contentName),n.responseName){case"1XX":return new Response(e,{status:100,headers:t});case"2XX":return new Response(e,{status:200,headers:t});case"3XX":return new Response(e,{status:300,headers:t});case"4XX":return new Response(e,{status:400,headers:t});case"5XX":case"default":return new Response(e,{status:500,headers:t});default:return new Response(e,{status:Number(n.responseName),headers:t})}}i(nu,"generateResponse");var Si=i((n,e,t,r)=>{let o=`Error in policy: ${n} - On route ${e.method} ${t.route.path}. ${r}`;return x.internalServerError(e,t,{detail:o})},"getProblemDetailResponse");var tp="Incoming",np={logRequestBody:!0,logResponseBody:!0};function ru(n){let e={};return n.forEach((t,r)=>{e[r]=t}),e}i(ru,"headersToObject");function ou(){return new Date().toISOString()}i(ou,"timestamp");var Ai=new WeakMap,rp={};function op(n,e){let t=Ai.get(n);t||(t=rp);let r=Object.assign({...t},e);Ai.set(n,r)}i(op,"setMoesifContext");async function iu(n,e){let t=n.headers.get("content-type");if(t&&t.indexOf("json")!==-1)try{return await n.clone().json()}catch(o){e.log.error(o)}let r=await n.clone().text();return e.log.debug({textBody:r}),r}i(iu,"readBody");var ip={},Oi;function su(){if(!Oi)throw new k("Invalid State - no _lastLogger");return Oi}i(su,"getLastLogger");function sp(n){let e=ip[n];return e||(e=new Y("moesif-inbound",100,async t=>{let r=JSON.stringify(t);su().debug("posting",r);let o=await z.fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":n},body:r});o.ok||su().error({status:o.status,body:await o.text()})})),e}i(sp,"getDispatcher");async function ap(n,e,t,r){f("policy.inbound.moesif-analytics"),Oi=e.log;let o=ou(),s=Object.assign(np,t);if(!s.applicationId)throw new g(`Invalid configuration for MoesifInboundPolicy '${r}' - applicationId is required`);let a=s.logRequestBody?await iu(n,e):void 0;return e.addResponseSendingFinalHook(async(u,c)=>{let l=sp(s.applicationId),d=n.headers.get("true-client-ip"),p=Ai.get(e)??{},m={time:o,uri:n.url,verb:n.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:ru(n.headers)},h=s.logResponseBody?await iu(u,e):void 0,I={time:ou(),status:u.status,headers:ru(u.headers),body:h},b={request:m,response:I,user_id:p.userId??c.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:tp};l.enqueue(b),e.waitUntil(l.waitUntilFlushed())}),n}i(ap,"MoesifInboundPolicy");async function au(n,e,t,r){let o=Q.getLogger(n),{authApiJWT:s,meteringServiceUrl:a}=y.instance,u;try{let l=await z.fetch(`${a}/internal/v1/metering/${r}/subscriptions?customerKey=${e}`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":n.requestId},method:"GET"});if(l.ok)u=await l.json();else{let d=await l.json(),p=d.detail??d.title??"Unknown error on quota consumption.";n.log.error(`MonetizationInboundPolicy '${t}' - Error loading subscription. ${l.status} - ${p}`),o.error(`MonetizationInboundPolicy '${t}' - Error loading subscription.${l.status} - ${p}`)}}catch(l){o.error(`MonetizationInboundPolicy '${t}' - Error loading subscription`,l)}let c=u&&u.data&&u.data.length>0?u.data:void 0;return c&&c.length>1?c.sort((d,p)=>d.createdOn>p.createdOn?-1:1)[0]:c&&c[0]}i(au,"loadSubscription");async function uu(n,e,t,r,o){let{authApiJWT:s,meteringServiceUrl:a}=y.instance,u=Q.getLogger(n);try{let c=await z.fetch(`${a}/internal/v1/metering/${r}/subscriptions/${e}/quotas/consume`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":n.requestId},method:"POST",body:JSON.stringify({meters:o})});if(!c.ok){let l=await c.json(),d=l.detail??l.title??"Unknown error on quota consumption.";n.log.error(`MonetizationInboundPolicy '${t}' - Error updating subscription quota. ${c.status} - ${d}`),u.error(`MonetizationInboundPolicy '${t}' - Error updating subscription quota. ${c.status} - ${d}`)}}catch(c){n.log.error(`MonetizationInboundPolicy '${t}' - Error updating subscription quota.`),u.error(`MonetizationInboundPolicy '${t}' - Error updating subscription quota.`,c)}}i(uu,"consumeSubcriptionQuotas");var up=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]);function ir(n,e){try{let t=[];for(let r in n)typeof n[r]!="number"&&!(Number.isInteger(n[r])&&/^-?\d+$/.test(n[r].toString()))&&t.push(r);if(t.length>0)throw new g(t.length>1?`The values found in these properties are not integers : ${t.join(", ")}`:`The value in property '${t[0]}' is not an integer`)}catch(t){throw t instanceof g?new g(`MonetizationInboundPolicy '${e}' - The property 'meters' is invalid. ${t.message}`):t}}i(ir,"validateMeters");function cu(n,e){if(n)try{if(n.length===0)throw new g("Must set valid subscription statuses");let t=it(n),r=[];for(let o of t)up.has(o)||r.push(o);if(r.length>0)throw new g(`Found the following invalid statuses: ${r.join(", ")}`);return n}catch(t){throw t instanceof g?new g(`MonetizationInboundPolicy '${e}' - The property 'allowedSubscriptionStatuses' is invalid. ${t.message}`):t}else return["active","incomplete","trialing"]}i(cu,"parseAllowedSubscriptionStatuses");function lu(n,e){let t={},r={};for(let o in e)n.hasOwnProperty(o)?t[o]=e[o]:r[o]=e[o];return{metersInSubscription:t,metersNotInSubscription:r}}i(lu,"compareMeters");var ki=class extends ae{static{i(this,"MonetizationInboundPolicy")}static getSubscription(e){return te.get(e,$t)}static setMeters(e,t){ir(t,"setMeters");let r=te.get(e,Zt)??{};Object.assign(r,t),te.set(e,Zt,r)}constructor(e,t){super(e,t),f("policy.inbound.monetization")}async handler(e,t){W(this.options,this.policyName).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string"),this.options.meterOnStatusCodes||(this.options.meterOnStatusCodes="200-399");let r=this.options.allowRequestsOverQuota??!1,o=Ve(this.options.meterOnStatusCodes),s=te.get(t,Zt),a={...this.options.meters,...s};ir(a,this.policyName);let u=this.options.allowRequestsWithoutSubscription??!1,c=cu(this.options.allowedSubscriptionStatuses,this.policyName);t.addResponseSendingFinalHook(async(b,v,L)=>{let S=te.get(L,$t);if((this.options.allowRequestsWithoutSubscription??!1)&&!S){L.log.debug(`MonetizationInboundPolicy '${this.policyName}' - No subscription found and property 'allowRequestsWithoutSubscription' is true`);return}if(!this.options.bucketId)if(fe.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=fe.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new g(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let Z=te.get(L,Zt),q={...this.options.meters,...Z};if(ir(q,this.policyName),o.includes(b.status)&&S&&q){L.log.debug(`MonetizationInboundPolicy '${this.policyName}' - Updating subscription '${S.id}' with meters '${JSON.stringify(q)} on response status '${b.status}'`);let{metersInSubscription:A,metersNotInSubscription:H}=lu(S.meters,q);if(H&&Object.keys(H).length>0){let V=Object.keys(H);L.log.warn(`The following meters cannot be applied since they are not present in the subscription: '${V}'`)}await uu(L,S.id,this.policyName,this.options.bucketId,A)}});let l=e.user;if(!l)return u?e:x.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!this.options.bucketId)if(fe.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=fe.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new g(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let{sub:d}=l,p=await au(t,d,this.policyName,this.options.bucketId);if(!p)return t.log.warn("No valid subscription found"),u?e:x.unauthorized(e,t,{detail:"No valid subscription found"});if(!c.includes(p.status)&&!u)return t.log.warn(`Subscription '${p.id}' has status '${p.status}' which is not part of the allowed statuses.`),x.unauthorized(e,t,{detail:"No valid subscription found"});c.includes(p.status)&&(t.log.debug(`Loading subscription '${p.id}' for user sub '${d}' to ContextData`),te.set(t,$t,p));let m=te.get(t,$t);if(!m)return u?e:(t.log.warn("Subscription is not available for user"),x.paymentRequired(e,t,{detail:"Subscription is not available for user",title:"No Subscription"}));if(m&&Object.keys(m.meters).length===0)return t.log.error(`Quota is not set up for subscription '${m.id}'`),x.tooManyRequests(e,t,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let I=Object.keys(a).filter(b=>!Object.keys(m.meters).includes(b));if(I.length>0)return t.log.warn(`The following policy meters are not present in the subscription: ${I.join(", ")}`),x.tooManyRequests(e,t,{detail:`The following policy meters are not present in the subscription: ${I.join(", ")}`,title:"Quota Exceeded"});for(let b of Object.keys(a))if(m.meters[b].available<=0&&!r)return x.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${b}'`,title:"Quota Exceeded"});return e}};async function sr(n,e){let t=new URLSearchParams({client_id:n.clientId,client_secret:n.clientSecret,grant_type:"client_credentials"});n.scope&&t.append("scope",n.scope),n.audience&&t.append("audience",n.audience);let r=await we({retries:n.retries?.maxRetries??3,retryDelayMs:n.retries?.delayMs??10},n.tokenEndpointUrl,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:t});if(r.status!==200){try{let s=await r.text();e.log.error(`Error getting token from identity provider. Status: ${r.status}`,s)}catch{}throw new k("Error getting token from identity provider.")}let o=await r.json();if(o&&typeof o=="object"&&"access_token"in o&&typeof o.access_token=="string"&&"expires_in"in o&&typeof o.expires_in=="number")return{access_token:o.access_token,expires_in:o.expires_in};throw new k("Response returned from identity provider is not in the expected format.")}i(sr,"getClientCredentialsAccessToken");var Ot=class extends Error{constructor(t,r,o){super(r,o);this.code=t}static{i(this,"OpenFGAError")}},ar=class{static{i(this,"BaseOpenFGAClient")}apiUrl;storeId;authorizationModelId;constructor(e){this.apiUrl=e.apiUrl,this.storeId=e.storeId,this.authorizationModelId=e.authorizationModelId}getStoreId(e={},t=!1){let r=e?.storeId||this.storeId;if(!t&&!r)throw new g("storeId is required");return r}getAuthorizationModelId(e={}){return e?.authorizationModelId||this.authorizationModelId}async get(e,t){return this.fetch(e,"GET",t)}async put(e,t,r){return this.fetch(e,"PUT",r,t)}post(e,t,r){return this.fetch(e,"POST",r,t)}async fetch(e,t,r,o){let s=new Headers(r.headers||{});s.set("Content-Type","application/json"),s.set("Accept","application/json"),s.set("User-Agent",y.instance.systemUserAgent);let a=`${this.apiUrl}${e}`,u=new Request(a,{method:t,headers:s,body:o?JSON.stringify(o):void 0}),c=await z.fetch(u);if(c.status!==200){let l;try{l=await c.json()}catch{}throw!l||!l.code||!l.message?new Ot("unknown",`Unknown error. Status: ${c.status}`):new Ot(l.code,l.message)}return c.json()}};function cn(n,e,t){!n[e]&&t&&(n[e]=t)}i(cn,"setHeaderIfNotSet");var du="X-OpenFGA-Client-Method",pu="X-OpenFGA-Client-Bulk-Request-Id",ln=class extends ar{static{i(this,"OpenFGAClient")}async check(e,t={}){return this.post(`/stores/${this.getStoreId(t)}/check`,{tuple_key:{user:e.user,relation:e.relation,object:e.object},context:e.context,contextual_tuples:{tuple_keys:e.contextualTuples||[]},authorization_model_id:this.getAuthorizationModelId(t)},t)}async batchCheck(e,t={}){let{headers:r={}}=t;return cn(r,du,"BatchCheck"),cn(r,pu,crypto.randomUUID()),{responses:await Promise.all(e.map(async s=>this.check(s,Object.assign({},t,r)).then(a=>(a._request=s,a)).catch(a=>{if(a instanceof Ot)throw a;return{allowed:void 0,error:a,_request:s}})))}}async expand(e,t={}){return this.post(`/stores/${this.getStoreId(t)}/expand`,{authorization_model_id:this.getAuthorizationModelId(t),tuple_key:e},t)}async listObjects(e,t={}){return this.post(`/stores/${this.getStoreId(t)}/list-objects`,{authorization_model_id:this.getAuthorizationModelId(t),user:e.user,relation:e.relation,type:e.type,context:e.context,contextual_tuples:{tuple_keys:e.contextualTuples||[]}},t)}async listRelations(e,t={}){let{user:r,object:o,relations:s,contextualTuples:a,context:u}=e,{headers:c={}}=t;if(cn(c,du,"ListRelations"),cn(c,pu,crypto.randomUUID()),!s?.length)throw new Error("When calling listRelations, at least one relation must be passed in the relations field");let l=await this.batchCheck(s.map(p=>({user:r,relation:p,object:o,contextualTuples:a,context:u})),Object.assign({},t,c)),d=l.responses.find(p=>p.error);if(d)throw d.error;return{relations:l.responses.filter(p=>p.allowed).map(p=>p._request.relation)}}async listUsers(e,t={}){return this.post(`/stores/${this.getStoreId(t)}/list-users`,{authorization_model_id:this.getAuthorizationModelId(t),relation:e.relation,object:e.object,user_filters:e.user_filters,context:e.context,contextual_tuples:e.contextualTuples||[]},t)}};var mu=Symbol("openfga-authz-context-data"),kt=class extends ae{static{i(this,"BaseOpenFGAAuthZInboundPolicy")}client;authorizer;cache;static setContextChecks(e,t){let r=Array.isArray(t)?t:[t];te.set(e,mu,r)}constructor(e,t){if(super(e,t),W(e,t).required("apiUrl","string").optional("storeId","string").optional("authorizationModelId","string"),!e.credentials)throw new g(`${this.policyType} '${this.policyName}' - The 'credentials' option is required.`);if(e.credentials.method==="client-credentials")W(e.credentials,t).required("clientId","string").required("clientSecret","string").required("oauthTokenEndpointUrl","string").optional("apiAudience","string");else if(e.credentials.method==="api-token")W(e.credentials,t).required("token","string").optional("headerName","string").optional("headerValuePrefix","string");else if(e.credentials.method==="header")W(e.credentials,t).optional("headerName","string");else if(e.credentials.method!=="none")throw new g(`${this.policyType} '${this.policyName}' - The 'credentials.type' option is invalid. It must be set to either 'none', 'api-token', 'client-credentials', or 'header'.`);this.authorizer=this.getAuthorizer(e.credentials),this.client=new ln({apiUrl:e.apiUrl,storeId:e.storeId,authorizationModelId:e.authorizationModelId})}async handler(e,t){if(!this.cache){let a=await se(this.policyName,void 0,this.options);this.cache=new oe(a,t)}let r=i(a=>this.options.allowUnauthorizedRequests?e:x.forbidden(e,t,{detail:a}),"forbiddenResponse"),o=te.get(t,mu);if(!o||o.length===0)throw new k(`${this.policyType} '${this.policyName}' - No checks found in the context.`);let s=await this.authorizer(e,t);try{t.log.debug("OpenFGA checks",o);let a=await this.client.batchCheck(o,{headers:s});return t.log.debug("OpenFGA Response",a),a.responses.every(u=>u.allowed)?e:(t.log.debug(`${this.policyType} '${this.policyName}' - The request was not authorized.`,a),r("The request was not authorized."))}catch(a){return t.log.error(`${this.policyType} '${this.policyName}' - Error calling OpenFGA service`,a),x.internalServerError(e,t)}}getAuthorizer(e){if(e.method==="none")return async()=>({});if(e.method==="header")return async t=>{let r=e.headerName??"Authorization",o=t.headers.get(r);if(!o)throw new K(`${this.policyType} '${this.policyName}' - The header '${r}' is missing.`);return{[r]:o}};if(e.method==="api-token")return async()=>({[e.headerName??"Authorization"]:`${e.headerValuePrefix??"Bearer "} ${e.token}`});if(e.method==="client-credentials")return async(t,r)=>{let o=await this.cache?.get("client_credentials_token");if(o)return{Authorization:`Bearer ${o}`};let s=await sr({tokenEndpointUrl:e.oauthTokenEndpointUrl,clientId:e.clientId,clientSecret:e.clientSecret,audience:e.apiAudience},r);return this.cache?.put("client_credentials_token",s.access_token,s.expires_in),{Authorization:`Bearer ${s.access_token}`}};throw new k("Invalid state for credentials method is not valid. This should not happen.")}};var gu=["us1","eu1","au1"],Li=class extends kt{static{i(this,"OktaFGAAuthZInboundPolicy")}constructor(e,t){if(!gu.includes(e.region))throw new g(`OktaFGAAuthZInboundPolicy '${t}' - The 'region' option is invalid. Must be one of ${gu.join(", ")}.`);let r={...e,apiUrl:`https://api.${e.region}.fga.dev`,credentials:{method:"client-credentials",oauthTokenEndpointUrl:"https://fga.us.auth0.com/oauth/token",clientId:e.credentials.clientId,clientSecret:e.credentials.clientSecret,apiAudience:`https://api.${e.region}.fga.dev/`}};super(r,t),f("policy.inbound.oktafga-authz")}};var cp=i(async(n,e,t,r)=>(f("policy.inbound.okta-jwt-auth"),Pe(n,e,{issuer:t.issuerUrl,audience:t.audience,jwkUrl:`${t.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests},r)),"OktaJwtInboundPolicy");var _i=class extends kt{static{i(this,"OpenFGAAuthZInboundPolicy")}constructor(e,t){super(e,t),f("policy.inbound.openfga-authz")}};import{importSPKI as lp}from"jose";var Ni,dp=i(async(n,e,t,r)=>{if(f("policy.inbound.propel-auth-jwt-auth"),!Ni)try{Ni=await lp(t.verifierKey,"RS256")}catch(o){throw e.log.error("Could not import verifier key"),o}return Pe(n,e,{issuer:t.authUrl,secret:Ni,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests,subPropertyName:"user_id"},r)},"PropelAuthJwtInboundPolicy");var Di="quota-inbound-policy-f307056c-8c00-4f2c-b4ac-c0ac7d04eca0",fu="quota-usage-2017e968-4de8-4a63-8951-1e423df0d64b";var Mi=class n extends ae{static{i(this,"QuotaInboundPolicy")}constructor(e,t){super(e,t),f("policy.inbound.quota")}async handler(e,t){let r=this.options.debug??!1;t.log.debug({debug:r}),W(this.options,this.policyName).required("period","string").required("quotaBy","string").optional("quotaAnchorMode","string").optional("allowances","object"),n.setMeters(t,{requests:1});let o=Q.getLogger(t);try{let s=pp(this.options,this.policyName),a=s.functions.getAnchorDate(e,t,this.policyName),u=s.functions.getQuotaDetail(e,t,this.policyName),[c,l]=await Promise.all([a,u]),d=mp(l.key,this.policyName);r&&t.log.debug(`QuotaInboundPolicy: key - '${d}'`);let p=et(this.policyName,o),m=await p.getQuota(d,t.requestId);n.#e(t,this.policyName,m),r&&t.log.debug("QuotaInboundPolicy: quotaResult",m),c&&new Date(m.anchorDate).getTime()!==c.getTime()&&t.log.warn(`QuotaInboundPolicy '${this.policyName}' provided anchorDate ('${c}') did not match the stored, immutable anchorDate ('${m.anchorDate}')`);let h=Object.assign({},s.defaultAllowances);Object.assign(h,l.allowances);let I=[],b="";if(Object.entries(h).forEach(([v,L])=>{r&&(b+=`${v} - allowed: ${L} value: ${m.meters[v]??0}
-`),(m.meters[v]??0)>=L&&I.push(v)}),r&&t.log.debug("QuotaInboundPolicy: debugTable",b),I.length>0)return x.tooManyRequests(e,t,{detail:`Quota exceeded for meters '${I.join(", ")}'`});t.addResponseSendingFinalHook(async(v,L,S)=>{if(r&&S.log.debug(`QuotaInboundPolicy: backend response - ${v.status}: ${v.statusText}`),!s.quotaOnStatusCodes.includes(v.status))return;let $=te.get(S,Di),Z={config:{period:s.period,anchorDate:c?.toISOString()??""},increments:$};r&&S.log.debug("QuotaInboundPolicy: setQuotaDetails",Z);let q=p.setQuota(d,Z,S.requestId);S.waitUntil(q)})}catch(s){o.error(s),t.log.error(s)}return e}static setMeters(e,t){let r=te.get(e,Di)??{};Object.assign(r,t),te.set(e,Di,r)}static getUsage(e,t){let r=te.get(e,`${fu}-${t}`);if(r===void 0)throw new k(`QuotaInboundPolicy.getUsage was called for policy named '${t}' but the policy itself has not yet executed.`);return r}static#e(e,t,r){te.set(e,`${fu}-${t}`,r)}};function pp(n,e){let t=i(async s=>({key:`user-1385b4e8-800f-488e-b089-c197544e5801-${s.user?.sub}`,allowances:n.allowances??{}}),"getQuotaDetail"),r=i(async()=>{},"getAnchorDate");if(n.quotaBy==="function"){if(n.identifier===void 0||n.identifier.module===void 0||n.identifier.getQuotaDetailExport===void 0)throw new g(`QuotaInboundPolicy '${e}' - The property 'identifier.module' and 'identifier.getQuotaDetailExport' is required when 'quotaBy' is 'function'`);t=n.identifier.module[n.identifier.getQuotaDetailExport]}if(n.quotaAnchorMode==="function"){if(n.identifier===void 0||n.identifier.module===void 0||n.identifier.getAnchorDateExport===void 0)throw new g(`QuotaInboundPolicy '${e}' - The property 'identifier.module' and 'identifier.getAnchorDateExport' is required when 'quotaAnchorMode' is 'function'`);r=n.identifier.module[n.identifier.getAnchorDateExport]}return{period:n.period,quotaBy:n.quotaBy??"user",quotaAnchorMode:n.quotaAnchorMode??"first-api-call",quotaOnStatusCodes:Ve(n.quotaOnStatusCodes??"200-299"),defaultAllowances:Object.assign({},n.allowances),functions:{getQuotaDetail:t,getAnchorDate:r}}}i(pp,"validateAndParseOptions");function mp(n,e){return encodeURIComponent(`${e}-${n}`)}i(mp,"processKey");var hu=be("zuplo:policies:RateLimitInboundPolicy"),yu=i(async(n,e,t,r)=>{let o=Q.getLogger(e),s=i((q,A)=>{let H={};return(!q||q==="retry-after")&&(H[Ct]=A.toString()),x.tooManyRequests(n,e,void 0,H)},"rateLimited"),u=await Tt(r,t)(n,e,r),c=u.key,l=u.requestsAllowed??t.requestsAllowed,d=u.timeWindowMinutes??t.timeWindowMinutes,p=t.headerMode??"retry-after",m=et(r,o),I=`rate-limit${y.instance.isTestMode?y.instance.build.BUILD_ID:""}/${r}/${c}`,b=await se(r,void 0,t),v=new oe(b,e),L=m.getCountAndUpdateExpiry(I,d,e.requestId),S;i(async()=>{let q=await L;if(q.count>l){let A=Date.now()+q.ttlSeconds*1e3;v.put(I,A,q.ttlSeconds),hu(`RateLimitInboundPolicy '${r}' - returning 429 from redis for '${I}' (async mode)`),S=s(p,q.ttlSeconds)}},"asyncCheck")();let Z=await v.get(I);if(Z!==void 0&&Z>Date.now()){hu(`RateLimitInboundPolicy '${r}' - returning 429 from cache for '${I}' (async mode)`);let q=Math.round((Z-Date.now())/1e3);return s(p,q)}return e.addResponseSendingHook(async q=>S??q),n},"AsyncRateLimitInboundPolicyImpl");function qi(n,e){if(n===null)throw new Error(`RateLimitInboundPolicy - Invalid ${e} value: null`);if(n==="")throw new Error(`RateLimitInboundPolicy - Invalid ${e} value: empty string`);if(typeof n=="number")return n;if(typeof n!="number"){let t=Number(n);if(isNaN(t)||!Number.isInteger(t))throw new Error(`RateLimitInboundPolicy - Invalid ${e} value not of type integer: ${n}`);return t}throw new Error(`RateLimitInboundPolicy - Invalid ${e} value: ${n}`)}i(qi,"convertToNumber");var bu=be("zuplo:policies:RateLimitInboundPolicy"),gp="strict",wu=i(async(n,e,t,r)=>{if(f("policy.inbound.rate-limit"),(t.mode??gp)==="async")return yu(n,e,t,r);let s=Date.now(),a=Q.getLogger(e),u=i((l,d)=>{if(t.throwOnFailure)throw new K(l,{cause:d});a.error(l,d)},"throwOrLog"),c=i((l,d)=>{let p={};return(!l||l==="retry-after")&&(p[Ct]=d.toString()),x.tooManyRequests(n,e,void 0,p)},"rateLimited");try{let d=await Tt(r,t)(n,e,r),p=d.key,m=qi(d.requestsAllowed??t.requestsAllowed,"requestsAllowed"),h=qi(d.timeWindowMinutes??t.timeWindowMinutes,"timeWindowMinutes"),I=t.headerMode??"retry-after",b=et(r,a),L=`rate-limit${y.instance.isTestMode||y.instance.isWorkingCopy?y.instance.build.BUILD_ID:""}/${r}/${p}`,S=await b.getCountAndUpdateExpiry(L,h,e.requestId);return S.count>m?(bu(`RateLimitInboundPolicy '${r}' - returning 429 from redis for '${L}' (strict mode)`),c(I,S.ttlSeconds)):n}catch(l){return u(l.message,l),n}finally{let l=Date.now()-s;bu(`RateLimitInboundPolicy '${r}' - latency ${l}ms`)}},"RateLimitInboundPolicy");var Ui;function Ru(n){let e=[];for(let[t,r]of n)e.push({name:t,value:r});return e}i(Ru,"headersToNameValuePairs");function fp(n){let e=[];return Object.entries(n).forEach(([t,r])=>{e.push({name:t,value:r})}),e}i(fp,"queryToNameValueParis");function hp(n){if(n===null)return;let e=parseFloat(n);if(!isNaN(e))return e}i(hp,"parseIntOrUndefined");var Pu={};async function yp(n,e,t,r){f("policy.inbound.readme-metrics");let o=new Date,s=Date.now();return Ui||(Ui={name:"zuplo",version:y.instance.build.ZUPLO_VERSION,comment:`zuplo/${y.instance.build.ZUPLO_VERSION}`}),e.addResponseSendingFinalHook(async a=>{try{let u=t.userLabelPropertyPath&&n.user?He(n.user,t.userLabelPropertyPath,"userLabelPropertyPath"):n.user?.sub,c=t.userEmailPropertyPath&&n.user?He(n.user,t.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:n.headers.get("true-client-ip")??"",development:t.development!==void 0?t.development:y.instance.isWorkingCopy||y.instance.isLocalDevelopment,group:{label:u,email:c,id:n.user?.sub??"anonymous"},request:{log:{creator:Ui,entries:[{startedDateTime:o.toISOString(),time:Date.now()-s,request:{method:n.method,url:t.useFullRequestPath?new URL(n.url).pathname:e.route.path,httpVersion:"2",headers:Ru(n.headers),queryString:fp(n.query)},response:{status:a.status,statusText:a.statusText,headers:Ru(a.headers),content:{size:hp(n.headers.get("content-length"))}}}]}}},d=Pu[t.apiKey];if(!d){let p=t.apiKey;d=new Y("readme-metering-inbound-policy",10,async m=>{try{let h=t.url??"https://metrics.readme.io/request",I=await z.fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});I.status!==202&&e.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${r}'. ${I.status}: '${await I.text()}'`)}catch(h){throw e.log.error(`Error in ReadmeMeteringInboundPolicy '${r}': '${h.message}'`),h}}),Pu[p]=d}d.enqueue(l),e.waitUntil(d.waitUntilFlushed())}catch(u){e.log.error(u)}}),n}i(yp,"ReadmeMetricsInboundPolicy");var bp=i(async(n,e,t,r)=>{f("policy.inbound.remove-headers");let o=t?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new g(`RemoveHeadersInboundPolicy '${r}' options.headers must be a non-empty string array of header names`);let s=new Headers(n.headers);return o.forEach(u=>{s.delete(u)}),new re(n,{headers:s})},"RemoveHeadersInboundPolicy");var wp=i(async(n,e,t,r,o)=>{f("policy.outbound.remove-headers");let s=r?.headers;if(!s||!Array.isArray(s)||s.length===0)throw new g(`RemoveHeadersOutboundPolicy '${o}' options.headers must be a non-empty string array of header names`);let a=new Headers(n.headers);return s.forEach(c=>{a.delete(c)}),new Response(n.body,{headers:a,status:n.status,statusText:n.statusText})},"RemoveHeadersOutboundPolicy");var Rp=i(async(n,e,t,r)=>{f("policy.inbound.remove-query-params");let o=t.params;if(!o||!Array.isArray(o)||o.length===0)throw new g(`RemoveQueryParamsInboundPolicy '${r}' options.params must be a non-empty string array of header names`);let s=new URL(n.url);return o.forEach(u=>{s.searchParams.delete(u)}),new re(s.toString(),n)},"RemoveQueryParamsInboundPolicy");var Pp=i(async(n,e,t,r)=>{f("policy.outbound.replace-string");let o=await n.text(),s=r.mode==="regexp"?new RegExp(r.match,"gm"):r.match,a=o.replaceAll(s,r.replaceWith);return new Response(a,{headers:n.headers,status:n.status,statusText:n.statusText})},"ReplaceStringOutboundPolicy");var Iu=i(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),Ip=i(async(n,e,t)=>{f("policy.inbound.request-size-limit");let r=t.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(n.method))return n;let o=n.headers.get("content-length"),s=o!==null?parseInt(o):void 0;return s&&!isNaN(s)&&s>t.maxSizeInBytes?Iu():s&&r?n:(await n.clone().text()).length>t.maxSizeInBytes?Iu():n},"RequestSizeLimitInboundPolicy");var Lt=i(n=>{let e=n.route.raw();return e.parameters?e.parameters:[]},"getParametersForOperation"),_t=i((n,e,t,r,o)=>{let s=[],a=!0,u=[];return n.forEach(c=>{let l=c.required||o==="path";if(l&&!e[c.name])a=!1,s.push(`Required ${o} parameter '${c.name}' not found`);else if(!(!l&&!e[c.name])){let d=dr(t,r,o,c.name),p=he.instance.schemaValidator[d],m=p(e[c.name]),h=Hi(p.errors);m||(a=!1,u.push(`${o} parameter: ${c.name} : ${e[c.name]}`),s.push(`Invalid value for ${o} parameter: '${c.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:u,errors:s}},"validateParameters"),Oe=i((n,e,t,r,o)=>{r?n.log[e](t,r,o):n.log[e](t,o)},"logErrors"),ke=i(n=>n==="log-only"||n==="reject-and-log","shouldLog"),Le=i(n=>n==="reject-only"||n==="reject-and-log","shouldReject"),Hi=i(n=>n?.map(e=>e.instancePath===void 0||e.instancePath===""?e.message??"Unknown validation error":e.instancePath.replace("/","")+" "+e.message)??["Unknown validation error"],"getErrorsFromValidator");async function Eu(n,e,t){if(!t.validateBody||t.validateBody==="none")return;let r;try{r=await e.clone().json()}catch(h){let I=`Error in request body for method : ${e.method} in route: ${n.route.path} with content-type: ${e.headers.get("Content-Type")}`,b=x.badRequest(e,n,{detail:`${I}, see errors property for more details`,errors:`${h}`});if(ke(t.validateBody)&&Oe(n,t.logLevel??"info",I,[r],h),Le(t.validateBody))return b}if(!e.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${e.method} in route: ${n.route.path}`,I=x.badRequest(e,n,{detail:h});return ke(t.validateBody)&&Oe(n,t.logLevel??"info",h,[r],[h]),Le(t.validateBody)?I:void 0}let o=e.headers.get("Content-Type"),s=o.indexOf(";");s>-1&&(o=o.substring(0,s));let a=pr(n.route.path,e.method,o),u=he.instance.schemaValidator[a];if(!u){let h=`No schema defined for method: ${e.method} in route: ${n.route.path} with content-type: ${e.headers.get("Content-Type")}`,I=x.badRequest(e,n,{detail:h});return ke(t.validateBody)&&Oe(n,t.logLevel??"info",h,[r],[h]),Le(t.validateBody)?I:void 0}if(u(r))return;let l=u.errors,d="Request body did not pass validation",p=Hi(l),m=x.badRequest(e,n,{detail:`${d}, see errors property for more details`,errors:p});if(ke(t.validateBody)&&Oe(n,t.logLevel??"info",d,[r],p),Le(t.validateBody))return m}i(Eu,"handleBodyValidation");function xu(n,e,t){if(!t.validateHeaders||t.validateHeaders==="none")return;let r={};e.headers.forEach((a,u)=>{r[u]=a});let o=Lt(n),s=_t(o.filter(a=>a.in==="header"),r,n.route.path,e.method.toLowerCase(),"header");if(!s.isValid){let a="Header validation failed",u=x.badRequest(e,n,{detail:`${a}, see errors property for more details`,errors:s.errors});if(ke(t.validateHeaders)&&Oe(n,t.logLevel??"info",a,s.invalidValues,s.errors),Le(t.validateHeaders))return u}}i(xu,"handleHeadersValidation");function Tu(n,e,t){if(!t.validatePathParameters||t.validatePathParameters==="none")return;let r=Lt(n),o=_t(r.filter(s=>s.in==="path"),e.params,n.route.path,e.method.toLowerCase(),"path");if(!o.isValid){let s="Path parameters validation failed",a=x.badRequest(e,n,{detail:`${s}, see errors property for more details`,errors:o.errors});if(ke(t.validatePathParameters)&&Oe(n,t.logLevel??"info",s,o.invalidValues,o.errors),Le(t.validatePathParameters))return a}}i(Tu,"handlePathParameterValidation");function Cu(n,e,t){if(!t.validateQueryParameters||t.validateQueryParameters==="none")return;let r=Lt(n),o=_t(r.filter(s=>s.in==="query"),e.query,n.route.path,e.method.toLowerCase(),"query");if(!o.isValid){let s="Query parameters validation failed",a=x.badRequest(e,n,{detail:`${s}, see errors property for more details`,errors:o.errors});if(ke(t.validateQueryParameters)&&Oe(n,t.logLevel??"info",s,o.invalidValues,o.errors),Le(t.validateQueryParameters))return a}}i(Cu,"handleQueryParameterValidation");var vu=i(async(n,e,t)=>{f("policy.inbound.request-validation");let r=Cu(e,n,t);if(r!==void 0||(r=Tu(e,n,t),r!==void 0)||(r=xu(e,n,t),r!==void 0))return r;let o=await Eu(e,n,t);return o!==void 0?o:n},"RequestValidationInboundPolicy"),Ep=vu;var xp=i(async(n,e,t,r)=>{if(f("policy.inbound.require-origin"),t.origins===void 0||t.origins.length===0)throw new g(`RequireOriginInboundPolicy '${r}' configuration error - no allowed origins specified`);let o=typeof t.origins=="string"?t.origins.split(","):t.origins;o=o.map(a=>a.trim());let s=n.headers.get("origin");if(!s||!o.includes(s)){let a=t.failureDetail??"Forbidden";return x.forbidden(n,e,{detail:a})}return n},"RequireOriginInboundPolicy");var Tp=i(async(n,e,t)=>(f("policy.inbound.set-body"),new re(n,{body:t.body})),"SetBodyInboundPolicy");var Cp=i(async(n,e,t,r)=>{f("policy.inbound.set-headers");let o=t.headers;if(!o||!Array.isArray(o)||o.length==0)throw new g(`SetHeadersInboundPolicy '${r}' options.headers must be a valid array of { name, value }`);let s=new Headers(n.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new g(`SetHeadersInboundPolicy '${r}' each option.headers[] entry must have a name property`);let c=u.overwrite===void 0?!0:u.overwrite;(!s.has(u.name)||c)&&s.set(u.name,u.value)}),new re(n,{headers:s})},"SetHeadersInboundPolicy");var vp=i(async(n,e,t,r,o)=>{f("policy.outbound.set-headers");let s=r.headers;if(!s||!Array.isArray(s)||s.length==0)throw new g(`SetHeadersOutboundPolicy '${o}' options.headers must be a valid array of { name, value }`);let a=new Headers(n.headers);return s.forEach(c=>{if(!c.name||c.name.length===0)throw new g(`SetHeadersOutboundPolicy '${o}' each option.headers[] entry must have a name property`);let l=c.overwrite===void 0?!0:c.overwrite;(!a.has(c.name)||l)&&a.set(c.name,c.value)}),new Response(n.body,{headers:a,status:n.status,statusText:n.statusText})},"SetHeadersOutboundPolicy");var Sp=i(async(n,e,t,r)=>{f("policy.inbound.set-query-params");let o=t.params;if(!o||!Array.isArray(o)||o.length==0)throw new g(`SetQueryParamsInboundPolicy '${r}' options.params must be a valid array of { name, value }`);let s=new URL(n.url);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new g(`SetQueryParamsInboundPolicy '${r}' each option.params[] entry must have a name property`);let c=u.overwrite===void 0?!0:u.overwrite;(!s.searchParams.has(u.name)||c)&&s.searchParams.set(u.name,u.value)}),new re(s.toString(),n)},"SetQueryParamsInboundPolicy");var Ap=i(async(n,e,t,r,o)=>{if(f("policy.outbound.set-status"),!r.status||isNaN(r.status)||r.status<100||r.status>599)throw new g(`Invalid SetStatusOutboundPolicy '${o}' - status must be a valid number between 100 and 599, not '${r.status}'`);return new Response(n.body,{headers:n.headers,status:r.status,statusText:r.statusText??n.statusText})},"SetStatusOutboundPolicy");var Op=i(async n=>new Promise(t=>{setTimeout(t,n)}),"sleep"),kp=i(async(n,e,t,r)=>{if(f("policy.inbound.sleep"),!t||t.sleepInMs===void 0||isNaN(t.sleepInMs))throw new g(`SleepInboundPolicy '${r} must have a valid options.sleepInMs value`);return await Op(t.sleepInMs),n},"SleepInboundPolicy");var Lp=i(async(n,e,t,r)=>{f("policy.inbound.supabase-jwt-auth"),W(t,r).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let o={secret:t.secret,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests??!1},s=await Pe(n,e,o,r);if(s instanceof Response)return s;if(!(s instanceof re))throw new K("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=t.requiredClaims;if(!a)return s;let u=n.user?.data.app_metadata;if(!u)throw new k(`SupabaseJwtInboundPolicy policy '${r}' - has requiredClaims but the JWT token had no app_metadata property`);let c=Object.keys(a),l=[];return c.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(u[d])||l.push(d):p!==u[d]&&l.push(d)}),l.length>0?x.unauthorized(n,e,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):s},"SupabaseJwtInboundPolicy");var _p=i(async(n,e,t,r)=>{f("policy.inbound.upstream-azure-ad-service-auth"),W(t,r).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let o=await se(r,void 0,t),s=new oe(o,e),a=await s.get(r);if(!a){let u=await Np(t,e);s.put(r,u.access_token,u.expires_in-(t.expirationOffsetSeconds??300)),a=u.access_token}return n.headers.set("Authorization",`Bearer ${a}`),n},"UpstreamAzureAdServiceAuthInboundPolicy");async function Np(n,e){let t=new URLSearchParams({client_id:n.activeDirectoryClientId,scope:`${n.activeDirectoryClientId}/.default`,client_secret:n.activeDirectoryClientSecret,grant_type:"client_credentials"}),r=await we({retries:n.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${n.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:t});if(r.status!==200){try{let s=await r.text();e.log.error("Could not get token from Azure AD",s)}catch{}throw new k("Could not get token from Azure AD")}let o=await r.json();if(o&&typeof o=="object"&&"access_token"in o&&typeof o.access_token=="string"&&"expires_in"in o&&typeof o.expires_in=="number")return{access_token:o.access_token,expires_in:o.expires_in};throw new k("Response returned from Azure AD is not in the expected format.")}i(Np,"getAccessToken");var Su="https://accounts.google.com/o/oauth2/token",$i,Dp=i(async(n,e,t,r)=>{f("policy.inbound.upstream-firebase-admin-auth"),W(t,r).required("serviceAccountJson","string"),$i||($i=await Te.init(t.serviceAccountJson));let o={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},s=await se(r,void 0,t),a=new oe(s,e),u=await a.get(r);if(!u){let c=await De({serviceAccount:$i,audience:Su,payload:o}),l=await Un(Su,c,{retries:t.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new k("Invalid OAuth response from Firebase");u=l.access_token,a.put(r,u,(l.expires_in??3600)-(t.expirationOffsetSeconds??300))}return n.headers.set("Authorization",`Bearer ${u}`),n},"UpstreamFirebaseAdminAuthInboundPolicy");var Mp="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",qp=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Zi,Up=i(async(n,e,t,r)=>{if(f("policy.inbound.upstream-firebase-user-auth"),W(t,r).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!t.userId&&!t.userIdPropertyPath)throw new g(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${r}'.`);let o={};if(typeof t.developerClaims<"u"){for(let p in t.developerClaims)if(Object.prototype.hasOwnProperty.call(t.developerClaims,p)){if(qp.indexOf(p)!==-1)throw new g(`Developer claim "${p}" is reserved and cannot be specified.`);o[p]=t.developerClaims[p]}}Zi||(Zi=await Te.init(t.serviceAccountJson));let s=t.userId;if(!s&&!t.userIdPropertyPath){if(!n.user)throw new k("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");s=n.user?.sub}else if(t.userIdPropertyPath){if(!n.user)throw new k(`Unable to apply userIdPropertyPath '${t.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);s=He(n.user,t.userIdPropertyPath,"userIdPropertyPath")}if(!s)throw new k(`Unable to determine user from for the policy ${r}`);let a=await se(r,void 0,t),u=new oe(a,e),c={uid:s,claims:o},l=await ct(JSON.stringify(c)),d=await u.get(l);if(!d){let p=await De({serviceAccount:Zi,audience:Mp,payload:c}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${t.webApiKey}`,h=await aa(m,p,{retries:t.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new k("Invalid token response from Firebase");d=h.idToken,u.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(t.expirationOffsetSeconds??300))}return n.headers.set("Authorization",`Bearer ${d}`),n},"UpstreamFirebaseUserAuthInboundPolicy");var dn=class{static{i(this,"ZuploServices")}static async getIDToken(e,t){let r=new oe("0c13603a-a19f-4f03-a04a-50aa393f7ffa-zuplo-tokens",e),o=await se("zuplo-token",void 0,t),s=await r.get(o);if(s)return s;let{authClientId:a,authClientSecret:u,developerApiUrl:c,zuploClientAuthBucketId:l}=y.instance;if(!a||!u)throw new k("Zuplo service authentication is not enabled for this deployment. Contact support assistance.");let d=await sr({tokenEndpointUrl:`${c}/v1/client-auth/${l}/oauth/token`,clientId:a,clientSecret:u,audience:t?.audience},e);return r.put(o,d.access_token,d.expires_in-300),d.access_token}};var Au="service-account-id-token",Fi=class extends ae{static{i(this,"UpstreamGcpFederatedAuthInboundPolicy")}cacheName;normalizedWorkloadIdentityProvider;constructor(e,t){super(e,t),f("policy.inbound.upstream-gcp-federated-auth"),W(e,t).required("audience","string").required("serviceAccountEmail","string").required("workloadIdentityProvider","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number").optional("useMemoryCacheOnly","boolean").optional("tokenLifetime","number"),e.workloadIdentityProvider.startsWith("https://iam.googleapis.com/")?this.normalizedWorkloadIdentityProvider=e.workloadIdentityProvider.replace("https://iam.googleapis.com/",""):this.normalizedWorkloadIdentityProvider=e.workloadIdentityProvider}async handler(e,t){this.cacheName||(this.cacheName=await se(this.policyName,void 0,this.options));let r;this.options.useMemoryCacheOnly?r=new ze(this.cacheName):r=new oe(this.cacheName,t);let o=await r.get(Au);if(!o){let s=`https://iam.googleapis.com/${this.normalizedWorkloadIdentityProvider}`,a=await dn.getIDToken(t,{audience:s}),u=await ia(this.normalizedWorkloadIdentityProvider,a,{retries:this.options.tokenRetries??3,retryDelayMs:10});if(!u.access_token||!u.expires_in)throw new k("Invalid token response from GCP");let c=u.access_token,l=await sa({serviceAccountEmailOrIdentifier:this.options.serviceAccountEmail,audience:this.options.audience,accessToken:c},{retries:this.options.tokenRetries??3,retryDelayMs:10});if(!l.token)throw new k("Invalid token response from GCP");o=l.token,r.put(Au,c,3600-(this.options.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${o}`),e}};var ji,Hp=i(async(n,e,t,r)=>{f("policy.inbound.upstream-gcp-jwt"),W(t,r).required("audience","string").required("serviceAccountJson","string"),ji||(ji=await Te.init(t.serviceAccountJson));let o=await De({serviceAccount:ji,audience:t.audience});return n.headers.set("Authorization",`Bearer ${o}`),n},"UpstreamGcpJwtInboundPolicy");var Ou="https://www.googleapis.com/oauth2/v4/token",zi,$p=i(async(n,e,t,r)=>{f("policy.inbound.upstream-gcp-service-auth"),W(t,r).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),zi||(zi=await Te.init(t.serviceAccountJson));let o={};if(t.scopes&&t.audience)throw new g("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(t.scopes)try{let c=it(t.scopes);o.scope=c.join(" ")}catch(c){throw c instanceof g?new g(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${c.message}`):c}t.audience&&(o.target_audience=`${t.audience}`);let s=await se(r,void 0,t),a;t.useMemoryCacheOnly?a=new ze(s):a=new oe(s,e);let u=await a.get(r);if(!u){let c=await De({serviceAccount:zi,audience:Ou,payload:o}),l=await Un(Ou,c,{retries:t.tokenRetries??3,retryDelayMs:10});if(t.audience){if(!l.id_token)throw new k("Invalid token response from GCP");u=l.id_token}else{if(!l.access_token)throw new k("Invalid token response from GCP");u=l.access_token}a.put(r,u,3600-(t.expirationOffsetSeconds??300))}return n.headers.set("Authorization",`Bearer ${u}`),n},"UpstreamGcpServiceAuthInboundPolicy");var Zp=i(async(n,e,t)=>{f("policy.inbound.validate-json-schema");let r=n.clone(),o;try{o=await r.json()}catch{return x.badRequest(n,e,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(t.validator.default(o))return n;let{errors:a}=t.validator.default;if(!a)throw new K("Invalid state - validator error object is undefined even though validation failed.");let u=a.map(c=>c.instancePath===void 0||c.instancePath===""?"Body "+c.message:c.instancePath.replace("/","")+" "+c.message);return x.badRequest(n,e,{detail:"Incoming body did not pass schema validation",errors:u})},"ValidateJsonSchemaInbound");var ku=i(n=>{var e=Object.defineProperty,t=Object.getOwnPropertyNames,r=i((b,v)=>e(b,"name",{value:v,configurable:!0}),"__name"),o=i((b,v)=>i(function(){return v||(0,b[t(b)[0]])((v={exports:{}}).exports,v),v.exports},"__require"),"__commonJS"),s=o({"node_modules/fast-xml-parser/src/xmlparser/OptionsBuilder.js"(b){var v={preserveOrder:!1,attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,removeNSPrefix:!1,allowBooleanAttributes:!1,parseTagValue:!0,parseAttributeValue:!1,trimValues:!0,cdataPropName:!1,numberParseOptions:{hex:!0,leadingZeros:!0,eNotation:!0},tagValueProcessor:i(function(S,$){return $},"tagValueProcessor"),attributeValueProcessor:i(function(S,$){return $},"attributeValueProcessor"),stopNodes:[],alwaysCreateTextNode:!1,isArray:i(()=>!1,"isArray"),commentPropName:!1,unpairedTags:[],processEntities:!0,htmlEntities:!1,ignoreDeclaration:!1,ignorePiTags:!1,transformTagName:!1,transformAttributeName:!1,updateTag:i(function(S,$,Z){return S},"updateTag")},L=r(function(S){return Object.assign({},v,S)},"buildOptions");b.buildOptions=L,b.defaultOptions=v}}),a=o({"node_modules/fast-xml-parser/src/util.js"(b){"use strict";var v=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",L=v+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040",S="["+v+"]["+L+"]*",$=new RegExp("^"+S+"$"),Z=r(function(A,H){let V=[],F=H.exec(A);for(;F;){let T=[];T.startIndex=H.lastIndex-F[0].length;let E=F.length;for(let M=0;M<E;M++)T.push(F[M]);V.push(T),F=H.exec(A)}return V},"getAllMatches"),q=r(function(A){let H=$.exec(A);return!(H===null||typeof H>"u")},"isName");b.isExist=function(A){return typeof A<"u"},b.isEmptyObject=function(A){return Object.keys(A).length===0},b.merge=function(A,H,V){if(H){let F=Object.keys(H),T=F.length;for(let E=0;E<T;E++)V==="strict"?A[F[E]]=[H[F[E]]]:A[F[E]]=H[F[E]]}},b.getValue=function(A){return b.isExist(A)?A:""},b.isName=q,b.getAllMatches=Z,b.nameRegexp=S}}),u=o({"node_modules/fast-xml-parser/src/xmlparser/xmlNode.js"(b,v){"use strict";var L=class{static{i(this,"XmlNode")}static{r(this,"XmlNode")}constructor(S){this.tagname=S,this.child=[],this[":@"]={}}add(S,$){S==="__proto__"&&(S="#__proto__"),this.child.push({[S]:$})}addChild(S){S.tagname==="__proto__"&&(S.tagname="#__proto__"),S[":@"]&&Object.keys(S[":@"]).length>0?this.child.push({[S.tagname]:S.child,":@":S[":@"]}):this.child.push({[S.tagname]:S.child})}};v.exports=L}}),c=o({"node_modules/fast-xml-parser/src/xmlparser/DocTypeReader.js"(b,v){var L=a();function S(T,E){let M={};if(T[E+3]==="O"&&T[E+4]==="C"&&T[E+5]==="T"&&T[E+6]==="Y"&&T[E+7]==="P"&&T[E+8]==="E"){E=E+9;let ce=1,J=!1,X=!1,ve="";for(;E<T.length;E++)if(T[E]==="<"&&!X){if(J&&q(T,E))E+=7,[entityName,val,E]=$(T,E+1),val.indexOf("&")===-1&&(M[F(entityName)]={regx:RegExp(`&${entityName};`,"g"),val});else if(J&&A(T,E))E+=8;else if(J&&H(T,E))E+=8;else if(J&&V(T,E))E+=9;else if(Z)X=!0;else throw new Error("Invalid DOCTYPE");ce++,ve=""}else if(T[E]===">"){if(X?T[E-1]==="-"&&T[E-2]==="-"&&(X=!1,ce--):ce--,ce===0)break}else T[E]==="["?J=!0:ve+=T[E];if(ce!==0)throw new Error("Unclosed DOCTYPE")}else throw new Error("Invalid Tag instead of DOCTYPE");return{entities:M,i:E}}i(S,"readDocType"),r(S,"readDocType");function $(T,E){let M="";for(;E<T.length&&T[E]!=="'"&&T[E]!=='"';E++)M+=T[E];if(M=M.trim(),M.indexOf(" ")!==-1)throw new Error("External entites are not supported");let ce=T[E++],J="";for(;E<T.length&&T[E]!==ce;E++)J+=T[E];return[M,J,E]}i($,"readEntityExp"),r($,"readEntityExp");function Z(T,E){return T[E+1]==="!"&&T[E+2]==="-"&&T[E+3]==="-"}i(Z,"isComment"),r(Z,"isComment");function q(T,E){return T[E+1]==="!"&&T[E+2]==="E"&&T[E+3]==="N"&&T[E+4]==="T"&&T[E+5]==="I"&&T[E+6]==="T"&&T[E+7]==="Y"}i(q,"isEntity"),r(q,"isEntity");function A(T,E){return T[E+1]==="!"&&T[E+2]==="E"&&T[E+3]==="L"&&T[E+4]==="E"&&T[E+5]==="M"&&T[E+6]==="E"&&T[E+7]==="N"&&T[E+8]==="T"}i(A,"isElement"),r(A,"isElement");function H(T,E){return T[E+1]==="!"&&T[E+2]==="A"&&T[E+3]==="T"&&T[E+4]==="T"&&T[E+5]==="L"&&T[E+6]==="I"&&T[E+7]==="S"&&T[E+8]==="T"}i(H,"isAttlist"),r(H,"isAttlist");function V(T,E){return T[E+1]==="!"&&T[E+2]==="N"&&T[E+3]==="O"&&T[E+4]==="T"&&T[E+5]==="A"&&T[E+6]==="T"&&T[E+7]==="I"&&T[E+8]==="O"&&T[E+9]==="N"}i(V,"isNotation"),r(V,"isNotation");function F(T){if(L.isName(T))return T;throw new Error(`Invalid entity name ${T}`)}i(F,"validateEntityName"),r(F,"validateEntityName"),v.exports=S}}),l=o({"../../node_modules/strnum/strnum.js"(b,v){var L=/^[-+]?0x[a-fA-F0-9]+$/,S=/^([\-\+])?(0*)(\.[0-9]+([eE]\-?[0-9]+)?|[0-9]+(\.[0-9]+([eE]\-?[0-9]+)?)?)$/;!Number.parseInt&&window.parseInt&&(Number.parseInt=window.parseInt),!Number.parseFloat&&window.parseFloat&&(Number.parseFloat=window.parseFloat);var $={hex:!0,leadingZeros:!0,decimalPoint:".",eNotation:!0};function Z(A,H={}){if(H=Object.assign({},$,H),!A||typeof A!="string")return A;let V=A.trim();if(H.skipLike!==void 0&&H.skipLike.test(V))return A;if(H.hex&&L.test(V))return Number.parseInt(V,16);{let F=S.exec(V);if(F){let T=F[1],E=F[2],M=q(F[3]),ce=F[4]||F[6];if(!H.leadingZeros&&E.length>0&&T&&V[2]!==".")return A;if(!H.leadingZeros&&E.length>0&&!T&&V[1]!==".")return A;{let J=Number(V),X=""+J;return X.search(/[eE]/)!==-1||ce?H.eNotation?J:A:V.indexOf(".")!==-1?X==="0"&&M===""||X===M||T&&X==="-"+M?J:A:E?M===X||T+M===X?J:A:V===X||V===T+X?J:A}}else return A}}i(Z,"toNumber"),r(Z,"toNumber");function q(A){return A&&A.indexOf(".")!==-1&&(A=A.replace(/0+$/,""),A==="."?A="0":A[0]==="."?A="0"+A:A[A.length-1]==="."&&(A=A.substr(0,A.length-1))),A}i(q,"trimZeros"),r(q,"trimZeros"),v.exports=Z}}),d=o({"node_modules/fast-xml-parser/src/xmlparser/OrderedObjParser.js"(b,v){"use strict";var L=a(),S=u(),$=c(),Z=l(),q=class{static{i(this,"OrderedObjParser")}static{r(this,"OrderedObjParser")}constructor(P){this.options=P,this.currentNode=null,this.tagsNodeStack=[],this.docTypeEntities={},this.lastEntities={apos:{regex:/&(apos|#39|#x27);/g,val:"'"},gt:{regex:/&(gt|#62|#x3E);/g,val:">"},lt:{regex:/&(lt|#60|#x3C);/g,val:"<"},quot:{regex:/&(quot|#34|#x22);/g,val:'"'}},this.ampEntity={regex:/&(amp|#38|#x26);/g,val:"&"},this.htmlEntities={space:{regex:/&(nbsp|#160);/g,val:" "},cent:{regex:/&(cent|#162);/g,val:"\xA2"},pound:{regex:/&(pound|#163);/g,val:"\xA3"},yen:{regex:/&(yen|#165);/g,val:"\xA5"},euro:{regex:/&(euro|#8364);/g,val:"\u20AC"},copyright:{regex:/&(copy|#169);/g,val:"\xA9"},reg:{regex:/&(reg|#174);/g,val:"\xAE"},inr:{regex:/&(inr|#8377);/g,val:"\u20B9"},num_dec:{regex:/&#([0-9]{1,7});/g,val:i((C,_)=>String.fromCharCode(Number.parseInt(_,10)),"val")},num_hex:{regex:/&#x([0-9a-fA-F]{1,6});/g,val:i((C,_)=>String.fromCharCode(Number.parseInt(_,16)),"val")}},this.addExternalEntities=A,this.parseXml=E,this.parseTextData=H,this.resolveNameSpace=V,this.buildAttributesMap=T,this.isItStopNode=X,this.replaceEntitiesValue=ce,this.readStopNodeData=G,this.saveTextToParentTag=J,this.addChild=M}};function A(P){let C=Object.keys(P);for(let _=0;_<C.length;_++){let B=C[_];this.lastEntities[B]={regex:new RegExp("&"+B+";","g"),val:P[B]}}}i(A,"addExternalEntities"),r(A,"addExternalEntities");function H(P,C,_,B,N,D,ee){if(P!==void 0&&(this.options.trimValues&&!B&&(P=P.trim()),P.length>0)){ee||(P=this.replaceEntitiesValue(P));let j=this.options.tagValueProcessor(C,P,_,N,D);return j==null?P:typeof j!=typeof P||j!==P?j:this.options.trimValues?pe(P,this.options.parseTagValue,this.options.numberParseOptions):P.trim()===P?pe(P,this.options.parseTagValue,this.options.numberParseOptions):P}}i(H,"parseTextData"),r(H,"parseTextData");function V(P){if(this.options.removeNSPrefix){let C=P.split(":"),_=P.charAt(0)==="/"?"/":"";if(C[0]==="xmlns")return"";C.length===2&&(P=_+C[1])}return P}i(V,"resolveNameSpace"),r(V,"resolveNameSpace");var F=new RegExp(`([^\\s=]+)\\s*(=\\s*(['"])([\\s\\S]*?)\\3)?`,"gm");function T(P,C,_){if(!this.options.ignoreAttributes&&typeof P=="string"){let B=L.getAllMatches(P,F),N=B.length,D={};for(let ee=0;ee<N;ee++){let j=this.resolveNameSpace(B[ee][1]),U=B[ee][4],le=this.options.attributeNamePrefix+j;if(j.length)if(this.options.transformAttributeName&&(le=this.options.transformAttributeName(le)),le==="__proto__"&&(le="#__proto__"),U!==void 0){this.options.trimValues&&(U=U.trim()),U=this.replaceEntitiesValue(U);let ie=this.options.attributeValueProcessor(j,U,C);ie==null?D[le]=U:typeof ie!=typeof U||ie!==U?D[le]=ie:D[le]=pe(U,this.options.parseAttributeValue,this.options.numberParseOptions)}else this.options.allowBooleanAttributes&&(D[le]=!0)}if(!Object.keys(D).length)return;if(this.options.attributesGroupName){let ee={};return ee[this.options.attributesGroupName]=D,ee}return D}}i(T,"buildAttributesMap"),r(T,"buildAttributesMap");var E=r(function(P){P=P.replace(/\r\n?/g,`
-`);let C=new S("!xml"),_=C,B="",N="";for(let D=0;D<P.length;D++)if(P[D]==="<")if(P[D+1]==="/"){let j=w(P,">",D,"Closing Tag is not closed."),U=P.substring(D+2,j).trim();if(this.options.removeNSPrefix){let Ae=U.indexOf(":");Ae!==-1&&(U=U.substr(Ae+1))}this.options.transformTagName&&(U=this.options.transformTagName(U)),_&&(B=this.saveTextToParentTag(B,_,N));let le=N.substring(N.lastIndexOf(".")+1);if(U&&this.options.unpairedTags.indexOf(U)!==-1)throw new Error(`Unpaired tag can not be used as closing tag: </${U}>`);let ie=0;le&&this.options.unpairedTags.indexOf(le)!==-1?(ie=N.lastIndexOf(".",N.lastIndexOf(".")-1),this.tagsNodeStack.pop()):ie=N.lastIndexOf("."),N=N.substring(0,ie),_=this.tagsNodeStack.pop(),B="",D=j}else if(P[D+1]==="?"){let j=O(P,D,!1,"?>");if(!j)throw new Error("Pi Tag is not closed.");if(B=this.saveTextToParentTag(B,_,N),!(this.options.ignoreDeclaration&&j.tagName==="?xml"||this.options.ignorePiTags)){let U=new S(j.tagName);U.add(this.options.textNodeName,""),j.tagName!==j.tagExp&&j.attrExpPresent&&(U[":@"]=this.buildAttributesMap(j.tagExp,N,j.tagName)),this.addChild(_,U,N)}D=j.closeIndex+1}else if(P.substr(D+1,3)==="!--"){let j=w(P,"-->",D+4,"Comment is not closed.");if(this.options.commentPropName){let U=P.substring(D+4,j-2);B=this.saveTextToParentTag(B,_,N),_.add(this.options.commentPropName,[{[this.options.textNodeName]:U}])}D=j}else if(P.substr(D+1,2)==="!D"){let j=$(P,D);this.docTypeEntities=j.entities,D=j.i}else if(P.substr(D+1,2)==="!["){let j=w(P,"]]>",D,"CDATA is not closed.")-2,U=P.substring(D+9,j);B=this.saveTextToParentTag(B,_,N);let le=this.parseTextData(U,_.tagname,N,!0,!1,!0,!0);le==null&&(le=""),this.options.cdataPropName?_.add(this.options.cdataPropName,[{[this.options.textNodeName]:U}]):_.add(this.options.textNodeName,le),D=j+2}else{let j=O(P,D,this.options.removeNSPrefix),U=j.tagName,le=j.rawTagName,ie=j.tagExp,Ae=j.attrExpPresent,Ji=j.closeIndex;this.options.transformTagName&&(U=this.options.transformTagName(U)),_&&B&&_.tagname!=="!xml"&&(B=this.saveTextToParentTag(B,_,N,!1));let Ki=_;if(Ki&&this.options.unpairedTags.indexOf(Ki.tagname)!==-1&&(_=this.tagsNodeStack.pop(),N=N.substring(0,N.lastIndexOf("."))),U!==C.tagname&&(N+=N?"."+U:U),this.isItStopNode(this.options.stopNodes,N,U)){let Se="";if(ie.length>0&&ie.lastIndexOf("/")===ie.length-1)D=j.closeIndex;else if(this.options.unpairedTags.indexOf(U)!==-1)D=j.closeIndex;else{let lr=this.readStopNodeData(P,le,Ji+1);if(!lr)throw new Error(`Unexpected end of ${le}`);D=lr.i,Se=lr.tagContent}let cr=new S(U);U!==ie&&Ae&&(cr[":@"]=this.buildAttributesMap(ie,N,U)),Se&&(Se=this.parseTextData(Se,U,N,!0,Ae,!0,!0)),N=N.substr(0,N.lastIndexOf(".")),cr.add(this.options.textNodeName,Se),this.addChild(_,cr,N)}else{if(ie.length>0&&ie.lastIndexOf("/")===ie.length-1){U[U.length-1]==="/"?(U=U.substr(0,U.length-1),N=N.substr(0,N.length-1),ie=U):ie=ie.substr(0,ie.length-1),this.options.transformTagName&&(U=this.options.transformTagName(U));let Se=new S(U);U!==ie&&Ae&&(Se[":@"]=this.buildAttributesMap(ie,N,U)),this.addChild(_,Se,N),N=N.substr(0,N.lastIndexOf("."))}else{let Se=new S(U);this.tagsNodeStack.push(_),U!==ie&&Ae&&(Se[":@"]=this.buildAttributesMap(ie,N,U)),this.addChild(_,Se,N),_=Se}B="",D=Ji}}else B+=P[D];return C.child},"parseXml");function M(P,C,_){let B=this.options.updateTag(C.tagname,_,C[":@"]);B===!1||(typeof B=="string"&&(C.tagname=B),P.addChild(C))}i(M,"addChild"),r(M,"addChild");var ce=r(function(P){if(this.options.processEntities){for(let C in this.docTypeEntities){let _=this.docTypeEntities[C];P=P.replace(_.regx,_.val)}for(let C in this.lastEntities){let _=this.lastEntities[C];P=P.replace(_.regex,_.val)}if(this.options.htmlEntities)for(let C in this.htmlEntities){let _=this.htmlEntities[C];P=P.replace(_.regex,_.val)}P=P.replace(this.ampEntity.regex,this.ampEntity.val)}return P},"replaceEntitiesValue");function J(P,C,_,B){return P&&(B===void 0&&(B=Object.keys(C.child).length===0),P=this.parseTextData(P,C.tagname,_,!1,C[":@"]?Object.keys(C[":@"]).length!==0:!1,B),P!==void 0&&P!==""&&C.add(this.options.textNodeName,P),P=""),P}i(J,"saveTextToParentTag"),r(J,"saveTextToParentTag");function X(P,C,_){let B="*."+_;for(let N in P){let D=P[N];if(B===D||C===D)return!0}return!1}i(X,"isItStopNode"),r(X,"isItStopNode");function ve(P,C,_=">"){let B,N="";for(let D=C;D<P.length;D++){let ee=P[D];if(B)ee===B&&(B="");else if(ee==='"'||ee==="'")B=ee;else if(ee===_[0])if(_[1]){if(P[D+1]===_[1])return{data:N,index:D}}else return{data:N,index:D};else ee==="	"&&(ee=" ");N+=ee}}i(ve,"tagExpWithClosingIndex"),r(ve,"tagExpWithClosingIndex");function w(P,C,_,B){let N=P.indexOf(C,_);if(N===-1)throw new Error(B);return N+C.length-1}i(w,"findClosingIndex"),r(w,"findClosingIndex");function O(P,C,_,B=">"){let N=ve(P,C+1,B);if(!N)return;let D=N.data,ee=N.index,j=D.search(/\s/),U=D,le=!0;j!==-1&&(U=D.substring(0,j),D=D.substring(j+1).trimStart());let ie=U;if(_){let Ae=U.indexOf(":");Ae!==-1&&(U=U.substr(Ae+1),le=U!==N.data.substr(Ae+1))}return{tagName:U,tagExp:D,closeIndex:ee,attrExpPresent:le,rawTagName:ie}}i(O,"readTagExp"),r(O,"readTagExp");function G(P,C,_){let B=_,N=1;for(;_<P.length;_++)if(P[_]==="<")if(P[_+1]==="/"){let D=w(P,">",_,`${C} is not closed`);if(P.substring(_+2,D).trim()===C&&(N--,N===0))return{tagContent:P.substring(B,_),i:D};_=D}else if(P[_+1]==="?")_=w(P,"?>",_+1,"StopNode is not closed.");else if(P.substr(_+1,3)==="!--")_=w(P,"-->",_+3,"StopNode is not closed.");else if(P.substr(_+1,2)==="![")_=w(P,"]]>",_,"StopNode is not closed.")-2;else{let D=O(P,_,">");D&&((D&&D.tagName)===C&&D.tagExp[D.tagExp.length-1]!=="/"&&N++,_=D.closeIndex)}}i(G,"readStopNodeData"),r(G,"readStopNodeData");function pe(P,C,_){if(C&&typeof P=="string"){let B=P.trim();return B==="true"?!0:B==="false"?!1:Z(P,_)}else return L.isExist(P)?P:""}i(pe,"parseValue"),r(pe,"parseValue"),v.exports=q}}),p=o({"node_modules/fast-xml-parser/src/xmlparser/node2json.js"(b){"use strict";function v(q,A){return L(q,A)}i(v,"prettify"),r(v,"prettify");function L(q,A,H){let V,F={};for(let T=0;T<q.length;T++){let E=q[T],M=S(E),ce="";if(H===void 0?ce=M:ce=H+"."+M,M===A.textNodeName)V===void 0?V=E[M]:V+=""+E[M];else{if(M===void 0)continue;if(E[M]){let J=L(E[M],A,ce),X=Z(J,A);E[":@"]?$(J,E[":@"],ce,A):Object.keys(J).length===1&&J[A.textNodeName]!==void 0&&!A.alwaysCreateTextNode?J=J[A.textNodeName]:Object.keys(J).length===0&&(A.alwaysCreateTextNode?J[A.textNodeName]="":J=""),F[M]!==void 0&&F.hasOwnProperty(M)?(Array.isArray(F[M])||(F[M]=[F[M]]),F[M].push(J)):A.isArray(M,ce,X)?F[M]=[J]:F[M]=J}}}return typeof V=="string"?V.length>0&&(F[A.textNodeName]=V):V!==void 0&&(F[A.textNodeName]=V),F}i(L,"compress"),r(L,"compress");function S(q){let A=Object.keys(q);for(let H=0;H<A.length;H++){let V=A[H];if(V!==":@")return V}}i(S,"propName"),r(S,"propName");function $(q,A,H,V){if(A){let F=Object.keys(A),T=F.length;for(let E=0;E<T;E++){let M=F[E];V.isArray(M,H+"."+M,!0,!0)?q[M]=[A[M]]:q[M]=A[M]}}}i($,"assignAttributes"),r($,"assignAttributes");function Z(q,A){let{textNodeName:H}=A,V=Object.keys(q).length;return!!(V===0||V===1&&(q[H]||typeof q[H]=="boolean"||q[H]===0))}i(Z,"isLeafTag"),r(Z,"isLeafTag"),b.prettify=v}}),m=o({"node_modules/fast-xml-parser/src/validator.js"(b){"use strict";var v=a(),L={allowBooleanAttributes:!1,unpairedTags:[]};b.validate=function(w,O){O=Object.assign({},L,O);let G=[],pe=!1,P=!1;w[0]==="\uFEFF"&&(w=w.substr(1));for(let C=0;C<w.length;C++)if(w[C]==="<"&&w[C+1]==="?"){if(C+=2,C=$(w,C),C.err)return C}else if(w[C]==="<"){let _=C;if(C++,w[C]==="!"){C=Z(w,C);continue}else{let B=!1;w[C]==="/"&&(B=!0,C++);let N="";for(;C<w.length&&w[C]!==">"&&w[C]!==" "&&w[C]!=="	"&&w[C]!==`
-`&&w[C]!=="\r";C++)N+=w[C];if(N=N.trim(),N[N.length-1]==="/"&&(N=N.substring(0,N.length-1),C--),!J(N)){let j;return N.trim().length===0?j="Invalid space after '<'.":j="Tag '"+N+"' is an invalid name.",M("InvalidTag",j,X(w,C))}let D=H(w,C);if(D===!1)return M("InvalidAttr","Attributes for '"+N+"' have open quote.",X(w,C));let ee=D.value;if(C=D.index,ee[ee.length-1]==="/"){let j=C-ee.length;ee=ee.substring(0,ee.length-1);let U=F(ee,O);if(U===!0)pe=!0;else return M(U.err.code,U.err.msg,X(w,j+U.err.line))}else if(B)if(D.tagClosed){if(ee.trim().length>0)return M("InvalidTag","Closing tag '"+N+"' can't have attributes or invalid starting.",X(w,_));{let j=G.pop();if(N!==j.tagName){let U=X(w,j.tagStartPos);return M("InvalidTag","Expected closing tag '"+j.tagName+"' (opened in line "+U.line+", col "+U.col+") instead of closing tag '"+N+"'.",X(w,_))}G.length==0&&(P=!0)}}else return M("InvalidTag","Closing tag '"+N+"' doesn't have proper closing.",X(w,C));else{let j=F(ee,O);if(j!==!0)return M(j.err.code,j.err.msg,X(w,C-ee.length+j.err.line));if(P===!0)return M("InvalidXml","Multiple possible root nodes found.",X(w,C));O.unpairedTags.indexOf(N)!==-1||G.push({tagName:N,tagStartPos:_}),pe=!0}for(C++;C<w.length;C++)if(w[C]==="<")if(w[C+1]==="!"){C++,C=Z(w,C);continue}else if(w[C+1]==="?"){if(C=$(w,++C),C.err)return C}else break;else if(w[C]==="&"){let j=E(w,C);if(j==-1)return M("InvalidChar","char '&' is not expected.",X(w,C));C=j}else if(P===!0&&!S(w[C]))return M("InvalidXml","Extra text at the end",X(w,C));w[C]==="<"&&C--}}else{if(S(w[C]))continue;return M("InvalidChar","char '"+w[C]+"' is not expected.",X(w,C))}if(pe){if(G.length==1)return M("InvalidTag","Unclosed tag '"+G[0].tagName+"'.",X(w,G[0].tagStartPos));if(G.length>0)return M("InvalidXml","Invalid '"+JSON.stringify(G.map(C=>C.tagName),null,4).replace(/\r?\n/g,"")+"' found.",{line:1,col:1})}else return M("InvalidXml","Start tag expected.",1);return!0};function S(w){return w===" "||w==="	"||w===`
-`||w==="\r"}i(S,"isWhiteSpace"),r(S,"isWhiteSpace");function $(w,O){let G=O;for(;O<w.length;O++)if(w[O]=="?"||w[O]==" "){let pe=w.substr(G,O-G);if(O>5&&pe==="xml")return M("InvalidXml","XML declaration allowed only at the start of the document.",X(w,O));if(w[O]=="?"&&w[O+1]==">"){O++;break}else continue}return O}i($,"readPI"),r($,"readPI");function Z(w,O){if(w.length>O+5&&w[O+1]==="-"&&w[O+2]==="-"){for(O+=3;O<w.length;O++)if(w[O]==="-"&&w[O+1]==="-"&&w[O+2]===">"){O+=2;break}}else if(w.length>O+8&&w[O+1]==="D"&&w[O+2]==="O"&&w[O+3]==="C"&&w[O+4]==="T"&&w[O+5]==="Y"&&w[O+6]==="P"&&w[O+7]==="E"){let G=1;for(O+=8;O<w.length;O++)if(w[O]==="<")G++;else if(w[O]===">"&&(G--,G===0))break}else if(w.length>O+9&&w[O+1]==="["&&w[O+2]==="C"&&w[O+3]==="D"&&w[O+4]==="A"&&w[O+5]==="T"&&w[O+6]==="A"&&w[O+7]==="["){for(O+=8;O<w.length;O++)if(w[O]==="]"&&w[O+1]==="]"&&w[O+2]===">"){O+=2;break}}return O}i(Z,"readCommentAndCDATA"),r(Z,"readCommentAndCDATA");var q='"',A="'";function H(w,O){let G="",pe="",P=!1;for(;O<w.length;O++){if(w[O]===q||w[O]===A)pe===""?pe=w[O]:pe!==w[O]||(pe="");else if(w[O]===">"&&pe===""){P=!0;break}G+=w[O]}return pe!==""?!1:{value:G,index:O,tagClosed:P}}i(H,"readAttributeStr"),r(H,"readAttributeStr");var V=new RegExp(`(\\s*)([^\\s=]+)(\\s*=)?(\\s*(['"])(([\\s\\S])*?)\\5)?`,"g");function F(w,O){let G=v.getAllMatches(w,V),pe={};for(let P=0;P<G.length;P++){if(G[P][1].length===0)return M("InvalidAttr","Attribute '"+G[P][2]+"' has no space in starting.",ve(G[P]));if(G[P][3]!==void 0&&G[P][4]===void 0)return M("InvalidAttr","Attribute '"+G[P][2]+"' is without value.",ve(G[P]));if(G[P][3]===void 0&&!O.allowBooleanAttributes)return M("InvalidAttr","boolean attribute '"+G[P][2]+"' is not allowed.",ve(G[P]));let C=G[P][2];if(!ce(C))return M("InvalidAttr","Attribute '"+C+"' is an invalid name.",ve(G[P]));if(!pe.hasOwnProperty(C))pe[C]=1;else return M("InvalidAttr","Attribute '"+C+"' is repeated.",ve(G[P]))}return!0}i(F,"validateAttributeString"),r(F,"validateAttributeString");function T(w,O){let G=/\d/;for(w[O]==="x"&&(O++,G=/[\da-fA-F]/);O<w.length;O++){if(w[O]===";")return O;if(!w[O].match(G))break}return-1}i(T,"validateNumberAmpersand"),r(T,"validateNumberAmpersand");function E(w,O){if(O++,w[O]===";")return-1;if(w[O]==="#")return O++,T(w,O);let G=0;for(;O<w.length;O++,G++)if(!(w[O].match(/\w/)&&G<20)){if(w[O]===";")break;return-1}return O}i(E,"validateAmpersand"),r(E,"validateAmpersand");function M(w,O,G){return{err:{code:w,msg:O,line:G.line||G,col:G.col}}}i(M,"getErrorObject"),r(M,"getErrorObject");function ce(w){return v.isName(w)}i(ce,"validateAttrName"),r(ce,"validateAttrName");function J(w){return v.isName(w)}i(J,"validateTagName"),r(J,"validateTagName");function X(w,O){let G=w.substring(0,O).split(/\r?\n/);return{line:G.length,col:G[G.length-1].length+1}}i(X,"getLineNumberForPosition"),r(X,"getLineNumberForPosition");function ve(w){return w.startIndex+w[1].length}i(ve,"getPositionFromMatch"),r(ve,"getPositionFromMatch")}}),h=o({"node_modules/fast-xml-parser/src/xmlparser/XMLParser.js"(b,v){var{buildOptions:L}=s(),S=d(),{prettify:$}=p(),Z=m(),q=class{static{i(this,"XMLParser")}static{r(this,"XMLParser")}constructor(A){this.externalEntities={},this.options=L(A)}parse(A,H){if(typeof A!="string")if(A.toString)A=A.toString();else throw new Error("XML data is accepted in String or Bytes[] form.");if(H){H===!0&&(H={});let T=Z.validate(A,H);if(T!==!0)throw Error(`${T.err.msg}:${T.err.line}:${T.err.col}`)}let V=new S(this.options);V.addExternalEntities(this.externalEntities);let F=V.parseXml(A);return this.options.preserveOrder||F===void 0?F:$(F,this.options)}addEntity(A,H){if(H.indexOf("&")!==-1)throw new Error("Entity value can't have '&'");if(A.indexOf("&")!==-1||A.indexOf(";")!==-1)throw new Error("An entity must be set without '&' and ';'. Eg. use '#xD' for '&#xD;'");if(H==="&")throw new Error("An entity with value '&' is not permitted");this.externalEntities[A]=H}};v.exports=q}});let I=h();return new I(n)},"getXmlParser");var Bi=class extends Je{static{i(this,"XmlToJsonOutboundPolicy")}parser;parseOnStatusCodes;constructor(e,t){super(e,t),f("policy.outbound.xml-to-json"),W(this.options,this.policyName).optional("removeNSPrefix","boolean").optional("ignoreProcessingInstructions","boolean").optional("ignoreDeclarations","boolean").optional("ignoreAttributes","boolean").optional("stopNodes","array").optional("attributeNamePrefix","string").optional("textNodeName","string").optional("trimValues","boolean"),this.parseOnStatusCodes=e.parseOnStatusCodes?Ve(e.parseOnStatusCodes):void 0,this.parser=ku({removeNSPrefix:e?.removeNSPrefix??!0,ignorePiTags:e?.ignoreProcessingInstructions??!0,ignoreDeclaration:e?.ignoreDeclarations??!0,ignoreAttributes:e?.ignoreAttributes??!0,stopNodes:e?.stopNodes??[],attributeNamePrefix:e?.attributeNamePrefix??"@_",textNodeName:e?.textNodeName??"#text",trimValues:e?.trimValues??!0})}async handler(e,t,r){if(this.parseOnStatusCodes&&!this.parseOnStatusCodes.includes(e.status))return e;let o;try{let u=await e.text();o=this.parser.parse(u)}catch(u){let c=`XmlToJsonOutboundPolicy - Error parsing XML contents in policy '${this.policyName}'.`;throw r.log.error(c,u),new k(c)}let s=new Headers(e.headers);return s.set("content-type","application/json"),new Response(JSON.stringify(o),{status:e.status,statusText:e.statusText,headers:s})}};var Gi=class{static{i(this,"ServiceProviderImpl")}services=new Map;addService(e,t){if(this.services.get(e))throw new K(`A service with the name ${e} already exists -- you cannot have duplicate services`);this.services.set(e,t)}getService(e){return this.services.get(e)}};var Lu=10,_u=3e4,sn=class{static{i(this,"BackgroundLoader")}#e=new Map;#t;#n;#r;#o;#i={};constructor(e,t){if(typeof t=="number"){let r=t;this.#n=r*1e3,this.#o=_u,this.#r=Lu}else{let r=t;this.#n=r.ttlSeconds*1e3,this.#o=r.loaderTimeoutSeconds?r.loaderTimeoutSeconds*1e3:_u,this.#r=Lu}this.#t=e}#s(e){return e.expiry<=new Date}#a(e){let t=this.#i[e];return!(t===void 0||t===0)}#u(e){let t=this.#e.get(e);if(t&&!this.#s(t))return t.data}async get(e){let t=this.#u(e);if(t)return this.#c(e),t;if(this.#a(e))try{await Fp(()=>this.#u(e)!==void 0||!this.#a,this.#o+this.#r+1,this.#r);let r=this.#u(e);if(r)return r}catch{}return this.#l(e)}#c(e){if(!this.#a(e)){let t=this.#l(e);Ke().waitUntil(t)}}async#l(e){try{this.#i[e]===void 0&&(this.#i[e]=0),this.#i[e]++;let t=await Promise.race([this.#t(e),scheduler.wait(this.#o)]);if(t===void 0)throw new g(`BackgroundLoader: Loader timed out after ${this.#o} ms.`);return this.#e.set(e,{data:t,expiry:new Date(Date.now()+this.#n)}),t}finally{this.#i[e]--}}};async function Fp(n,e,t){let r=Date.now();for(;!n();){let o=Date.now()-r;if(o>e)throw new g(`BackgroundLoader: Timeout waiting for an on-going loader after ${o} ms.`);await scheduler.wait(t)}}i(Fp,"waitUntilTrue");var Vi=["sha-1","sha-256","sha-384","sha-512"],ur=class{static{i(this,"BaseCryptoBeta")}};var Wi=class extends ur{static{i(this,"WorkerCryptoBeta")}async digest(e,t){if(f("runtime.crypto-beta"),!Vi.includes(e.toLowerCase()))throw new k(`Algorithm ${e} is not supported. Try using ${Vi.join(", ")}`);let r=new TextEncoder().encode(t),o=await crypto.subtle.digest(e,r);return Array.from(new Uint8Array(o)).map(u=>u.toString(16).padStart(2,"0")).join("")}};export{Ho as AWSLoggingPlugin,Yo as AkamaiApiSecurityPlugin,dd as AmberfloMeteringInboundPolicy,di as AmberfloMeteringPolicy,gd as ApiAuthKeyInboundPolicy,pi as ApiKeyInboundPolicy,mi as AsertoAuthZInboundPolicy,Vo as AuditLogDataStaxProvider,Wo as AuditLogPlugin,wd as Auth0JwtInboundPolicy,yi as AuthZenInboundPolicy,ml as AwsLambdaHandlerExtensions,bi as AxiomaticsAuthZInboundPolicy,ti as AzureBlobPlugin,ni as AzureEventHubsRequestLoggerPlugin,an as BackgroundDispatcher,sn as BackgroundLoader,Pd as BasicAuthInboundPolicy,wu as BasicRateLimitInboundPolicy,Y as BatchDispatch,Pi as BrownoutInboundPolicy,Ld as CachingInboundPolicy,_d as ChangeMethodInboundPolicy,Nd as ClearHeadersInboundPolicy,Dd as ClearHeadersOutboundPolicy,Md as ClerkJwtInboundPolicy,qd as CognitoJwtInboundPolicy,vi as ComplexRateLimitInboundPolicy,Gd as CompositeInboundPolicy,Vd as CompositeOutboundPolicy,g as ConfigurationError,jr as ContentTypes,te as ContextData,Wi as CryptoBeta,Wd as CurityPhantomTokenInboundPolicy,yo as DataDogLoggingPlugin,Fo as DataDogMetricsPlugin,Oo as DynaTraceLoggingPlugin,Bo as DynatraceMetricsPlugin,Kd as FirebaseJwtInboundPolicy,Qd as FormDataToJsonInboundPolicy,Yd as GeoFilterInboundPolicy,po as GoogleCloudLoggingPlugin,Po as Handler,x as HttpProblems,An as HttpStatusCode,ri as HydrolixRequestLoggerPlugin,ae as InboundPolicy,Xd as JWTScopeValidationInboundPolicy,Lo as LokiLoggingPlugin,yt as LookupResult,oe as MemoryZoneReadThroughCache,ep as MockApiInboundPolicy,ap as MoesifInboundPolicy,ki as MonetizationInboundPolicy,Li as OktaFGAAuthZInboundPolicy,cp as OktaJwtInboundPolicy,_i as OpenFGAAuthZInboundPolicy,Pe as OpenIdJwtInboundPolicy,Je as OutboundPolicy,rt as ProblemResponseFormatter,dp as PropelAuthJwtInboundPolicy,Mi as QuotaInboundPolicy,wu as RateLimitInboundPolicy,yp as ReadmeMetricsInboundPolicy,bp as RemoveHeadersInboundPolicy,wp as RemoveHeadersOutboundPolicy,Rp as RemoveQueryParamsInboundPolicy,Pp as ReplaceStringOutboundPolicy,oi as RequestLoggerPlugin,Ip as RequestSizeLimitInboundPolicy,vu as RequestValidationInboundPolicy,xp as RequireOriginInboundPolicy,zt as ResponseSendingEvent,Bt as ResponseSentEvent,k as RuntimeError,In as SYSTEM_LOGGER,Ep as SchemaBasedRequestValidation,$e as SemanticAttributes,Gi as ServiceProviderImpl,Tp as SetBodyInboundPolicy,Cp as SetHeadersInboundPolicy,vp as SetHeadersOutboundPolicy,Sp as SetQueryParamsInboundPolicy,Ap as SetStatusOutboundPolicy,kp as SleepInboundPolicy,vr as StreamingZoneCache,ja as StripeMonetizationPlugin,un as StripeWebhookVerificationInboundPolicy,Do as SumoLogicLoggingPlugin,Lp as SupabaseJwtInboundPolicy,Fe as SystemRouteName,Ft as TelemetryPlugin,_p as UpstreamAzureAdServiceAuthInboundPolicy,Dp as UpstreamFirebaseAdminAuthInboundPolicy,Up as UpstreamFirebaseUserAuthInboundPolicy,Fi as UpstreamGcpFederatedAuthInboundPolicy,Hp as UpstreamGcpJwtInboundPolicy,$p as UpstreamGcpServiceAuthInboundPolicy,qo as VMWareLogInsightLoggingPlugin,Zp as ValidateJsonSchemaInbound,Bi as XmlToJsonOutboundPolicy,Nt as ZoneCache,re as ZuploRequest,dn as ZuploServices,sc as apiServices,gl as awsLambdaHandler,Yl as defaultGenerateHydrolixEntry,fe as environment,dr as getIdForParameterSchema,qu as getIdForRefSchema,pr as getIdForRequestBodySchema,Mu as getRawOperationDataIdentifierName,Gr as httpStatuses,Il as openApiSpecHandler,xl as redirectHandler,Uu as sanitizedIdentifierName,zr as serialize,op as setMoesifContext,f as trackFeature,vl as urlForwardHandler,Al as urlRewriteHandler,Ol as webSocketHandler,kl as webSocketPipelineHandler,Tl as zuploServiceProxy};
+${await l.text()}`;if(r)throw new Error(p);return t.log.error(p),e}let d=await l.json();if(o&&t.log.debug(`${this.policyType} '${this.policyName}' - PDP response`,d),d.decision!==!0)return this.#r(e,t,d.reason)}catch(o){if(r)throw o;t.log.error(`${this.policyType} '${this.policyName}' - Error in policy: ${o}`)}return e}#n(e,t,r){if(t){let o=`${this.policyType} '${this.policyName}' - ${r}`;if(this.options.throwOnError)throw new g(o);e.log.warn(o)}}async#r(e,t,r){return x.forbidden(e,t,{detail:r})}async#o(e){if(!this.#t){let t=await se(this.policyName,void 0,this.options);this.#t=new oe(t,e)}}static setAuthorizationPayload(e,t){ne.set(e,eu,t)}static getAuthorizationPayload(e){return ne.get(e,eu)}};var tr=class{constructor(e){this.options=e;this.authHeader=`Basic ${btoa(e.pdpUsername+":"+e.pdpPassword)}`,this.authorizationUrl=new URL("/authorize",e.pdpUrl).toString()}static{i(this,"PdpService")}authHeader;authorizationUrl;async makePdpRequest(e){let t=await z.fetch(this.authorizationUrl,{method:"POST",body:JSON.stringify(e),headers:{"Content-Type":"application/xacml+json; charset=UTF-8",[this.options.tokenHeaderName??"Authorization"]:this.authHeader}});if(!t.ok)throw new Error(`Request to PDP service failed with response status ${t.status}.`);return await t.json()}};var bi=class n extends ae{static{i(this,"AxiomaticsAuthZInboundPolicy")}pdpService;static#e;static setAuthAttributes(e,t){n.#e||(n.#e=new WeakMap),n.#e.set(e,{Request:t})}constructor(e,t){super(e,t),f("policy.inbound.axiomatics-authz"),W(e,t).required("pdpUrl","string").required("pdpUsername","string").required("pdpPassword","string"),this.pdpService=new tr(e)}async handler(e,t){let r=i(a=>this.options.allowUnauthorizedRequests?e:x.forbidden(e,t,{detail:a}),"forbiddenResponse"),o=new URL(e.url),s=n.#e?.get(t)??{Request:{}};if(this.options.includeDefaultSubjectAttributes!==!1&&e.user){let a=[{AttributeId:"request.user.sub",Value:e.user.sub}];this.addAttributesToCategory(s,"AccessSubject",a)}if(this.options.includeDefaultActionAttributes!==!1){let a=[{AttributeId:"request.method",Value:e.method}];this.addAttributesToCategory(s,"Action",a)}if(this.options.includeDefaultResourceAttributes!==!1){let a=[];a.push({AttributeId:"request.protocol",Value:o.protocol.substring(0,o.protocol.length-1)}),a.push({AttributeId:"request.host",Value:o.host}),a.push({AttributeId:"request.pathname",Value:o.pathname}),Object.entries(e.params).forEach(([u,c])=>{a.push({AttributeId:`request.params.${u}`,Value:c})}),o.searchParams.forEach((u,c)=>{a.push({AttributeId:`request.query.${c}`,Value:u})}),this.addAttributesToCategory(s,"Resource",a)}this.populateOptionAttributes({optionName:"resourceAttributes",authzRequestCategory:"Resource",authzRequest:s,context:t}),this.populateOptionAttributes({optionName:"actionAttributes",authzRequestCategory:"Action",authzRequest:s,context:t}),this.populateOptionAttributes({optionName:"accessSubjectAttributes",authzRequestCategory:"AccessSubject",authzRequest:s,context:t});try{t.log.debug("PDP Request",s);let a=await this.pdpService.makePdpRequest(s);return t.log.debug("PDP Response",a),a.Response.every(u=>u.Decision==="Permit")?e:(t.log.debug(`${this.policyType} '${this.policyName}' - The request was not authorized.`,a),r("The request was not authorized."))}catch(a){return t.log.error(`${this.policyType} '${this.policyName}' - Error calling PDP service`,a),x.internalServerError(e,t)}}populateOptionAttributes({optionName:e,authzRequestCategory:t,authzRequest:r,context:o}){let s=this.options[e];if(s){let a=[];s.forEach(u=>{u.value?a.push({AttributeId:u.attributeId,Value:u.value}):o.log.warn(`${this.policyType} '${this.policyName}' - The attribute ${u.attributeId} has no value. If using a selector, check that the selector is correct.`)}),this.addAttributesToCategory(r,t,a)}}addAttributesToCategory(e,t,r){e.Request[t]||(e.Request[t]=[]),e.Request[t].length===0?e.Request[t].push({Attribute:[]}):e.Request[t][0].Attribute=e.Request[t][0].Attribute??[],e.Request[t][0].Attribute.push(...r)}};var Ed=i(async(n,e,t)=>{f("policy.inbound.basic-auth");let r=n.headers.get("Authorization"),o="basic ",s=i(l=>x.unauthorized(n,e,{detail:l}),"unauthorizedResponse"),u=await i(async()=>{if(!r)return await s("No Authorization header");if(r.toLowerCase().indexOf(o)!==0)return await s("Invalid Basic token format for Authorization header");let l=r.substring(o.length);if(!l||l.length===0)return await s("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await s("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),I=t.accounts.find(b=>b.username===m&&b.password===h);return I||await s("Invalid username or password")},"getAccountOrRejectedResponse")();if(u instanceof Response)return t.allowUnauthenticatedRequests?n:u;let c=u.username;return n.user={sub:c,data:u.data},n},"BasicAuthInboundPolicy");function nr(n){return{second:n.getSeconds(),minute:n.getMinutes(),hour:n.getHours(),day:n.getDate(),month:n.getMonth(),weekday:n.getDay(),year:n.getFullYear()}}i(nr,"extractDateElements");function tu(n,e){return new Date(n,e+1,0).getDate()}i(tu,"getDaysInMonth");function wi(n,e){return n<=e?e-n:6-n+e+1}i(wi,"getDaysBetweenWeekdays");var rr=class{static{i(this,"Cron")}seconds;minutes;hours;days;months;weekdays;reversed;constructor({seconds:e,minutes:t,hours:r,days:o,months:s,weekdays:a}){if(!e||e.size===0)throw new Error("There must be at least one allowed second.");if(!t||t.size===0)throw new Error("There must be at least one allowed minute.");if(!r||r.size===0)throw new Error("There must be at least one allowed hour.");if(!s||s.size===0)throw new Error("There must be at least one allowed month.");if((!a||a.size===0)&&(!o||o.size===0))throw new Error("There must be at least one allowed day or weekday.");this.seconds=Array.from(e).sort((c,l)=>c-l),this.minutes=Array.from(t).sort((c,l)=>c-l),this.hours=Array.from(r).sort((c,l)=>c-l),this.days=Array.from(o).sort((c,l)=>c-l),this.months=Array.from(s).sort((c,l)=>c-l),this.weekdays=Array.from(a).sort((c,l)=>c-l);let u=i((c,l,d)=>{if(l.some(p=>typeof p!="number"||p%1!==0||p<d.min||p>d.max))throw new Error(`${c} must only consist of integers which are within the range of ${d.min} and ${d.max}`)},"validateData");u("seconds",this.seconds,{min:0,max:59}),u("minutes",this.minutes,{min:0,max:59}),u("hours",this.hours,{min:0,max:23}),u("days",this.days,{min:1,max:31}),u("months",this.months,{min:0,max:11}),u("weekdays",this.weekdays,{min:0,max:6}),this.reversed={seconds:this.seconds.map(c=>c).reverse(),minutes:this.minutes.map(c=>c).reverse(),hours:this.hours.map(c=>c).reverse(),days:this.days.map(c=>c).reverse(),months:this.months.map(c=>c).reverse(),weekdays:this.weekdays.map(c=>c).reverse()}}findAllowedHour(e,t){return e==="next"?this.hours.find(r=>r>=t):this.reversed.hours.find(r=>r<=t)}findAllowedMinute(e,t){return e==="next"?this.minutes.find(r=>r>=t):this.reversed.minutes.find(r=>r<=t)}findAllowedSecond(e,t){return e==="next"?this.seconds.find(r=>r>t):this.reversed.seconds.find(r=>r<t)}findAllowedTime(e,t){let r=this.findAllowedHour(e,t.hour);if(r!==void 0)if(r===t.hour){let o=this.findAllowedMinute(e,t.minute);if(o!==void 0)if(o===t.minute){let s=this.findAllowedSecond(e,t.second);if(s!==void 0)return{hour:r,minute:o,second:s};if(o=this.findAllowedMinute(e,e==="next"?t.minute+1:t.minute-1),o!==void 0)return{hour:r,minute:o,second:e==="next"?this.seconds[0]:this.reversed.seconds[0]}}else return{hour:r,minute:o,second:e==="next"?this.seconds[0]:this.reversed.seconds[0]};if(r=this.findAllowedHour(e,e==="next"?t.hour+1:t.hour-1),r!==void 0)return{hour:r,minute:e==="next"?this.minutes[0]:this.reversed.minutes[0],second:e==="next"?this.seconds[0]:this.reversed.seconds[0]}}else return{hour:r,minute:e==="next"?this.minutes[0]:this.reversed.minutes[0],second:e==="next"?this.seconds[0]:this.reversed.seconds[0]}}findAllowedDayInMonth(e,t,r,o){if(o<1)throw new Error("startDay must not be smaller than 1.");let s=tu(t,r),a=this.days.length!==31,u=this.weekdays.length!==7;if(!a&&!u)return o>s?e==="next"?void 0:s:o;let c;a&&(c=e==="next"?this.days.find(d=>d>=o):this.reversed.days.find(d=>d<=o),c!==void 0&&c>s&&(c=void 0));let l;if(u){let d=new Date(t,r,o).getDay(),p=e==="next"?this.weekdays.find(m=>m>=d)??this.weekdays[0]:this.reversed.weekdays.find(m=>m<=d)??this.reversed.weekdays[0];if(p!==void 0){let m=e==="next"?wi(d,p):wi(p,d);l=e==="next"?o+m:o-m,(l>s||l<1)&&(l=void 0)}}if(c!==void 0&&l!==void 0)return e==="next"?Math.min(c,l):Math.max(c,l);if(c!==void 0)return c;if(l!==void 0)return l}getNextDate(e=new Date){let t=nr(e),r=t.year,o=this.months.findIndex(a=>a>=t.month);o===-1&&(o=0,r++);let s=this.months.length*5;for(let a=0;a<s;a++){let u=r+Math.floor((o+a)/this.months.length),c=this.months[(o+a)%this.months.length],l=u===t.year&&c===t.month,d=this.findAllowedDayInMonth("next",u,c,l?t.day:1),p=l&&d===t.day;if(d!==void 0&&p){let m=this.findAllowedTime("next",t);if(m!==void 0)return new Date(u,c,d,m.hour,m.minute,m.second);d=this.findAllowedDayInMonth("next",u,c,d+1),p=!1}if(d!==void 0&&!p)return new Date(u,c,d,this.hours[0],this.minutes[0],this.seconds[0])}throw new Error("No valid next date was found.")}getNextDates(e,t){let r=[],o;for(let s=0;s<e;s++)o=this.getNextDate(o??t),r.push(o);return r}*getNextDatesIterator(e,t){let r;for(;;){if(r=this.getNextDate(e),e=r,t&&t.getTime()<r.getTime())return;yield r}}getPrevDate(e=new Date){let t=nr(e),r=t.year,o=this.reversed.months.findIndex(a=>a<=t.month);o===-1&&(o=0,r--);let s=this.reversed.months.length*5;for(let a=0;a<s;a++){let u=r-Math.floor((o+a)/this.reversed.months.length),c=this.reversed.months[(o+a)%this.reversed.months.length],l=u===t.year&&c===t.month,d=this.findAllowedDayInMonth("prev",u,c,l?t.day:31),p=l&&d===t.day;if(d!==void 0&&p){let m=this.findAllowedTime("prev",t);if(m!==void 0)return new Date(u,c,d,m.hour,m.minute,m.second);d>1&&(d=this.findAllowedDayInMonth("prev",u,c,d-1),p=!1)}if(d!==void 0&&!p)return new Date(u,c,d,this.reversed.hours[0],this.reversed.minutes[0],this.reversed.seconds[0])}throw new Error("No valid previous date was found.")}getPrevDates(e,t){let r=[],o;for(let s=0;s<e;s++)o=this.getPrevDate(o??t),r.push(o);return r}*getPrevDatesIterator(e,t){let r;for(;;){if(r=this.getPrevDate(e),e=r,t&&t.getTime()>r.getTime())return;yield r}}matchDate(e){let{second:t,minute:r,hour:o,day:s,month:a,weekday:u}=nr(e);return this.seconds.indexOf(t)===-1||this.minutes.indexOf(r)===-1||this.hours.indexOf(o)===-1||this.months.indexOf(a)===-1?!1:this.days.length!==31&&this.weekdays.length!==7?this.days.indexOf(s)!==-1||this.weekdays.indexOf(u)!==-1:this.days.indexOf(s)!==-1&&this.weekdays.indexOf(u)!==-1}};var xd={min:0,max:59},Td={min:0,max:59},vd={min:0,max:23},Cd={min:1,max:31},Sd={min:1,max:12,aliases:{jan:"1",feb:"2",mar:"3",apr:"4",may:"5",jun:"6",jul:"7",aug:"8",sep:"9",oct:"10",nov:"11",dec:"12"}},Ad={min:0,max:7,aliases:{mon:"1",tue:"2",wed:"3",thu:"4",fri:"5",sat:"6",sun:"7"}},Od={"@yearly":"0 0 1 1 *","@annually":"0 0 1 1 *","@monthly":"0 0 1 1 *","@weekly":"0 0 * * 0","@daily":"0 0 * * *","@hourly":"0 * * * *","@minutely":"* * * * *"};function lt(n,e){let t=new Set;if(n==="*"){for(let d=e.min;d<=e.max;d=d+1)t.add(d);return t}let r=n.split(",");if(r.length>1)return r.forEach(d=>{lt(d,e).forEach(m=>t.add(m))}),t;let o=i(d=>{d=e.aliases?.[d.toLowerCase()]??d;let p=parseInt(d,10);if(Number.isNaN(p))throw new Error(`Failed to parse ${n}: ${d} is NaN.`);if(p<e.min||p>e.max)throw new Error(`Failed to parse ${n}: ${d} is outside of constraint range of ${e.min} - ${e.max}.`);return p},"parseSingleElement"),s=/^((([0-9a-zA-Z]+)-([0-9a-zA-Z]+))|\*)(\/([0-9]+))?$/.exec(n);if(s===null)return t.add(o(n)),t;let a=s[1]==="*"?e.min:o(s[3]),u=s[1]==="*"?e.max:o(s[4]);if(a>u)throw new Error(`Failed to parse ${n}: Invalid range (start: ${a}, end: ${u}).`);let c=s[6],l=1;if(c!==void 0){if(l=parseInt(c,10),Number.isNaN(l))throw new Error(`Failed to parse step: ${c} is NaN.`);if(l<1)throw new Error(`Failed to parse step: Expected ${c} to be greater than 0.`)}for(let d=a;d<=u;d=d+l)t.add(d);return t}i(lt,"parseElement");function Ri(n){if(typeof n!="string")throw new TypeError("Invalid cron expression: must be of type string.");n=Od[n.toLowerCase()]??n;let e=n.split(" ");if(e.length<5||e.length>6)throw new Error("Invalid cron expression: expected 5 or 6 elements.");let t=e.length===6?e[0]:"0",r=e.length===6?e[1]:e[0],o=e.length===6?e[2]:e[1],s=e.length===6?e[3]:e[2],a=e.length===6?e[4]:e[3],u=e.length===6?e[5]:e[4];return new rr({seconds:lt(t,xd),minutes:lt(r,Td),hours:lt(o,vd),days:lt(s,Cd),months:new Set(Array.from(lt(a,Sd)).map(c=>c-1)),weekdays:new Set(Array.from(lt(u,Ad)).map(c=>c%7))})}i(Ri,"parseCronExpression");var Pi=class extends ae{static{i(this,"BrownoutInboundPolicy")}crons;constructor(e,t){if(super(e,t),f("policy.inbound.brownout"),W(e,t).optional("problem","object"),e.problem&&W(e.problem,t,"policy","problem").optional("detail","string").optional("status","string").optional("title","string"),typeof e.cronSchedule!="string"&&!(typeof e.cronSchedule=="object"&&Array.isArray(e.cronSchedule)&&!e.cronSchedule.some(r=>typeof r!="string")))throw new g(`Value of 'cronSchedule' on policy '${t}' must be of type string or string[]. Received type ${typeof e.cronSchedule}.`);typeof this.options.cronSchedule=="string"?this.crons=[Ri(this.options.cronSchedule)]:this.crons=this.options.cronSchedule.map(r=>Ri(r))}async handler(e,t){let r=new Date;if(r.setSeconds(0),r.setMilliseconds(0),this.crons.some(s=>s.matchDate(r))){let s=x.getProblemFromStatus(this.options.problem?.status??400,{detail:"This API is performing a scheduled brownout in advance of its pending deprecation. Please upgrade to a later version.",...this.options.problem});return x.format(s,e,t)}return e}};var kd=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function Ld(n){let e=new TextEncoder().encode(n),t=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(t)).map(s=>s.toString(16).padStart(2,"0")).join("")}i(Ld,"digestMessage");var _d=i(async(n,e)=>{let t=[...e.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...e.headers??[]],r=[];for(let[d,p]of n.headers.entries())t.includes(d)&&r.push({key:d.toLowerCase(),value:p});r.sort((d,p)=>d.key.localeCompare(p.key));let o=await Ld(JSON.stringify(r)),s=new URL(n.url),a=new URLSearchParams(s.searchParams);a.set("_z-hdr-dgst",o);let u=e.cacheHttpMethods?.includes(n.method.toUpperCase())&&n.method.toUpperCase()!=="GET";u&&a.set("_z-original-method",n.method);let c=`${s.origin}${s.pathname}?${a}`;return new Request(c,{method:u?"GET":n.method})},"createCacheKeyRequest");async function Nd(n,e,t,r){f("policy.inbound.caching");let o=await se(r,t.cacheId,t),s=await caches.open(o),a=t?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],u=await _d(n,t),c=await s.match(u);return c||(e.addEventListener("responseSent",l=>{try{let d=t.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(n.method.toUpperCase()))return;let m=t?.expirationSecondsTtl??60,h=new Response(p.body,p);kd.forEach(I=>h.headers.delete(I)),h.headers.set("cache-control",`s-maxage=${m}`),e.waitUntil(s.put(u,h))}catch(d){e.log.error(`Error in caching-inbound-policy '${r}': "${d.message}"`,d)}}),n)}i(Nd,"CachingInboundPolicy");var Dd=i(async(n,e,t,r)=>{if(f("policy.inbound.change-method"),!t.method)throw new g(`ChangeMethodInboundPolicy '${r}' options.method must be valid HttpMethod`);return new Y(n,{method:t.method})},"ChangeMethodInboundPolicy");var Md=i(async(n,e,t)=>{f("policy.inbound.clear-headers");let r=[...t.exclude??[]],o=new Headers;return r.forEach(a=>{let u=n.headers.get(a);u&&o.set(a,u)}),new Y(n,{headers:o})},"ClearHeadersInboundPolicy");var qd=i(async(n,e,t,r)=>{f("policy.outbound.clear-headers");let o=[...r.exclude??[]],s=new Headers;return o.forEach(u=>{let c=n.headers.get(u);c&&s.set(u,c)}),new Response(n.body,{headers:s,status:n.status,statusText:n.statusText})},"ClearHeadersOutboundPolicy");var Ud=i(async(n,e,t,r)=>{f("policy.inbound.clerk-jwt-auth");let o=new URL(t.frontendApiUrl.startsWith("https://")||t.frontendApiUrl.startsWith("http://")?t.frontendApiUrl:`https://${t.frontendApiUrl}`),s=new URL(o);return s.pathname="/.well-known/jwks.json",Pe(n,e,{issuer:o.href.slice(0,-1),jwkUrl:s.toString(),allowUnauthenticatedRequests:t.allowUnauthenticatedRequests},r)},"ClerkJwtInboundPolicy");var $d=i(async(n,e,t,r)=>{if(f("policy.inbound.cognito-jwt-auth"),!t.userPoolId)throw new g("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!t.region)throw new g("region must be set in the options for CognitoJwtInboundPolicy");return Pe(n,e,{issuer:`https://cognito-idp.${t.region}.amazonaws.com/${t.userPoolId}`,jwkUrl:`https://cognito-idp.${t.region}.amazonaws.com/${t.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests},r)},"CognitoJwtInboundPolicy");var or=class extends Error{static{i(this,"ValidationError")}constructor(e){super(e)}},Ii=class extends or{static{i(this,"ArgumentUndefinedError")}constructor(e){super(`The argument '${e}' is undefined.`)}},Ei=class extends or{static{i(this,"ArgumentTypeError")}constructor(e,t){super(`The argument '${e}' must be of type '${t}'.`)}};function Hd(n,e){if(Us(n))throw new Ii(e)}i(Hd,"throwIfUndefinedOrNull");function nu(n,e){if(Hd(n,e),!xe(n))throw new Ei(e,"string")}i(nu,"throwIfNotString");var xi=class{static{i(this,"InMemoryRateLimitClient")}keyValueStore;constructor(){this.keyValueStore=new Map}getCountAndUpdateExpiry(e,t){let o=Math.floor(t*60),s=Date.now()+o*1e3,a=this.keyValueStore.get(e);a?Date.now()>a.expiresAt?this.keyValueStore.set(e,{value:1,expiresAt:s}):this.keyValueStore.set(e,{value:a.value+1,expiresAt:a.expiresAt}):this.keyValueStore.set(e,{value:1,expiresAt:s});let u=this.keyValueStore.get(e);return Promise.resolve({count:u.value,ttlSeconds:Math.round((u.expiresAt-Date.now())/1e3)})}multiIncrement(e,t){throw new Error("In memory complex rate limits are not currently supported.")}multiCount(e,t){throw new Error("In memory complex rate limits are not currently supported.")}setQuota(e,t,r){throw new Error("In memory quotas are not currently supported.")}getQuota(e,t){throw new Error("In memory quotas are not currently supported.")}},Zd=500,Ti=class{constructor(e){this.clientUrl=e}static{i(this,"RemoteRateLimitClient")}static instance;async fetch({url:e,body:t,method:r,requestId:o}){nu(e,"url");let s=new AbortController;setTimeout(()=>{s.abort()},Zd);let a,u=new Headers({"content-type":"application/json"});_e(u,o);try{a=await z.fetch(`${this.clientUrl}${e}`,{method:r,body:t,signal:s.signal,headers:u})}catch(l){throw console.error("Rate limit service timed out",l),new K("Rate limiting service failed.",{cause:l})}let c=a.headers.get("Content-Type")?.includes("application/json")?await a.json():await a.text();if(a.ok)return c;throw a.status===401?new K("Rate limiting service failed with 401: Unauthorized"):new K(`Rate limiting service failed with (${a.status})`)}async multiCount(e,t){return(await this.fetch({url:"/rate-limits/check",method:"POST",body:JSON.stringify({limits:e}),requestId:t})).data}async multiIncrement(e,t){return(await this.fetch({url:"/rate-limits/increment",method:"POST",body:JSON.stringify({limits:e}),requestId:t})).data}async getCountAndUpdateExpiry(e,t,r){let o=Math.floor(t*60);return await this.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:r})}async getQuota(e,t){let r=await ct(e);return await this.fetch({url:`/quota/${r}`,method:"GET",requestId:t})}async setQuota(e,t,r){let o=await ct(e);await this.fetch({url:`/quota/${o}`,method:"POST",body:JSON.stringify(t),requestId:r})}},xt;function et(n,e){let{redisURL:t,authApiJWT:r}=y.instance;if(xt)return xt;if(!r)return e.info("Using in-memory rate limit client for local development."),xt=new xi,xt;if(!xe(t))throw new K(`RateLimitClient used in policy '${n}' - rate limit service not configured`);if(!xe(r))throw new K(`RateLimitClient used in policy '${n}' - rate limit service not configured`);return xt=new Ti(t),xt}i(et,"getRateLimitClient");var Fd=i(n=>{let e=n.headers.get("x-real-ip")??n.headers.get("true-client-ip")??n.headers.get("cf-connecting-ip");if(e)return e;let t=n.headers.get("x-forwarded-for");return t?t.split(",")[0]:"127.0.0.1"},"getRealIP");function Tt(n,e){return{function:Gd(e,"RateLimitInboundPolicy",n),user:zd,ip:jd,all:Bd}[e.rateLimitBy??"ip"]}i(Tt,"getRateLimitByFunctions");var jd=i(async n=>({key:`ip-${Fd(n)}`}),"getIP"),zd=i(async n=>({key:`user-${n.user?.sub??"anonymous"}`}),"getUser"),Bd=i(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll");function Gd(n,e,t){let r;if(n.rateLimitBy==="function"){if(!n.identifier)throw new g(`${e} '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!n.identifier.module||typeof n.identifier.module!="object")throw new g(`${e} '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!n.identifier.export)throw new g(`${e} '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=n.identifier.module[n.identifier.export],!r||typeof r!="function")throw new g(`${e} '${t}' - Custom rate limit function must be a valid function`)}return i(async(s,a,u)=>{let c=await r(s,a,u);if(!c||typeof c!="object"){let l=`${e} '${u}' - Custom rate limit function must return a valid object.`;throw a.log.error(l),new k(l)}if(!("key"in c)){let l=`${e} '${u}' - Custom rate limit function must return a valid key property.`;throw a.log.error(l,c),new k(l)}if(typeof c.key!="string"){let l=`${e} '${u}' - Custom rate limit function must return a valid key property of type string. Received type '${typeof c.key}'`;throw a.log.error(l),new k(l)}return c},"outerFunction")}i(Gd,"wrapUserFunction");var vt="Retry-After";var ru=be("zuplo:policies:ComplexRateLimitInboundPolicy"),vi=Symbol("complex-rate-limit-counters"),Ci=class n extends ae{static{i(this,"ComplexRateLimitInboundPolicy")}static setIncrements(e,t){let r=ne.get(e,vi)??{};Object.assign(r,t),ne.set(e,vi,t)}static getIncrements(e){return ne.get(e,vi)??{}}constructor(e,t){super(e,t),f("policy.inbound.complex-rate-limit-inbound"),W(e,t).required("rateLimitBy","string").required("timeWindowMinutes","number").required("limits","object").optional("headerMode","string").optional("throwOnFailure","boolean").optional("mode","string").optional("identifier","object"),e.identifier&&W(e.identifier,t,"policy","identifier").required("export","string").required("module","object");for(let[r,o]of Object.entries(e.limits))if(typeof o!="number")throw new g(`ComplexRateLimitInboundPolicy '${this.policyName}' - The value of the limits must be numbers. The limit ${r} is set to type '${typeof e}'.`)}async handler(e,t){let r=Date.now(),o=Q.getLogger(t),s=et(this.policyName,o),a=i((c,l)=>{if(this.options.throwOnFailure)throw new K(c,{cause:l});o.error(c,l)},"throwOrLog"),u=i((c,l)=>{let d={};return(!c||c==="retry-after")&&(d[vt]=l.toString()),x.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l=await Tt(this.policyName,this.options)(e,t,this.policyName),d=y.instance.isTestMode||y.instance.isWorkingCopy?y.instance.build.BUILD_ID:"",p=Object.assign({},this.options.limits,l.limits),m=(l.timeWindowMinutes??this.options.timeWindowMinutes??1)*60;t.addResponseSendingFinalHook(async()=>{try{let C=n.getIncrements(t);ru(`ComplexRateLimitInboundPolicy '${this.policyName}' - increments ${JSON.stringify(C)}`);let L=Object.entries(p).map(([H])=>({key:`complex-rate-limit${d}/${this.policyName}/${l.key}/${H}`,ttlSeconds:m,increment:C[H]??0})),S=s.multiIncrement(L,t.requestId);t.waitUntil(S),await S}catch(C){o.error(C),t.log.error(C)}});let h=Object.entries(p).map(([C,L])=>({key:`complex-rate-limit${d}/${this.policyName}/${l.key}/${C}`,ttlSeconds:m,limit:L})),I=await s.multiCount(h,t.requestId);return Vd(I,h).length>0?u(this.options.headerMode??"retry-after",m):e}catch(c){return a(c.message,c),e}finally{let c=Date.now()-r;ru(`ComplexRateLimitInboundPolicy '${this.policyName}' - latency ${c}ms`)}}};function Vd(n,e){let t=[];for(let r of n){let o=e.find(s=>s.key===r.key)?.limit||0;r.count>=o&&t.push(r)}return t}i(Vd,"findOverLimits");var Wd=i(async(n,e,t,r)=>{if(f("policy.inbound.composite"),!t.policies||t.policies.length===0)throw new g(`CompositeInboundPolicy '${r}' must have valid policies defined`);let o=he.instance,s=Vt(t.policies,o?.routeData.policies);return oo(s)(n,e)},"CompositeInboundPolicy");var Jd=i(async(n,e,t,r,o)=>{if(f("policy.outbound.composite"),!r.policies||r.policies.length===0)throw new g(`CompositeOutboundPolicy '${o}' must have valid policies defined`);let s=he.instance,a=Wt(r.policies,s?.routeData.policies);return io(a)(n,e,t)},"CompositeOutboundPolicy");var Kd=i(async(n,e,t,r)=>{f("policy.inbound.curity-phantom-token-auth");let o=n.headers.get("Authorization");if(!o)return x.unauthorized(n,e,{detail:"No authorization header"});let s=Qd(o);if(!s)return x.unauthorized(n,e,{detail:"Failed to parse token from Authorization header"});let a=await se(r,void 0,t),u=new oe(a,e),c=await u.get(s);if(!c){let l=await z.fetch(t.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${t.clientId}:${t.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+s+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)c=d,u.put(s,c,t.cacheDurationSeconds??600);else return l.status>=500?(e.log.error(`Error introspecting token - ${l.status}: '${d}'`),x.internalServerError(n,e,{detail:"Problem encountered authorizing the HTTP request"})):x.unauthorized(n,e)}return n.headers.set("Authorization",`Bearer ${c}`),n},"CurityPhantomTokenInboundPolicy");function Qd(n){return n.split(" ")[0]==="Bearer"?n.split(" ")[1]:null}i(Qd,"getToken");var Yd=i(async(n,e,t,r)=>(f("policy.inbound.firebase-jwt-auth"),W(t,r).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),Pe(n,e,{issuer:`https://securetoken.google.com/${t.projectId}`,audience:t.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:t.allowUnauthenticatedRequests},r)),"FirebaseJwtInboundPolicy");var Xd=i(async(n,e,t)=>{f("policy.inbound.form-data-to-json");let r="application/x-www-form-urlencoded",o="multipart/form-data",s=n.headers.get("content-type")?.toLowerCase();if(!s||![o,r].includes(s))return t&&t.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${r}' or ${o}`,{status:400,statusText:"Bad Request"}):n;let a=await n.formData();if(t&&t.optionalHoneypotName&&a.get(t.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let u={};for(let[d,p]of a)u[d]=p.toString();let c=new Headers(n.headers);return c.set("content-type","application/json"),c.delete("content-length"),new Y(n,{body:JSON.stringify(u),headers:c})},"FormDataToJsonInboundPolicy");var Ct="__unknown__",ep=i(async(n,e,t,r)=>{f("policy.inbound.geo-filter");let o={allow:{countries:At(t.allow?.countries,"allow.countries",r),regionCodes:At(t.allow?.regionCodes,"allow.regionCode",r),asns:At(t.allow?.asns,"allow.asOrganization",r)},block:{countries:At(t.block?.countries,"block.countries",r),regionCodes:At(t.block?.regionCodes,"block.regionCode",r),asns:At(t.block?.asns,"block.asOrganization",r)},ignoreUnknown:t.ignoreUnknown!==!1},s=e.incomingRequestProperties.country?.toLowerCase()??Ct,a=e.incomingRequestProperties.regionCode?.toLowerCase()??Ct,u=e.incomingRequestProperties.asn?.toString()??Ct,c=o.ignoreUnknown&&s===Ct,l=o.ignoreUnknown&&a===Ct,d=o.ignoreUnknown&&u===Ct,p=o.allow.countries,m=o.allow.regionCodes,h=o.allow.asns;if(p.length>0&&!p.includes(s)&&!c||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(u)&&!d)return St(n,e,r,s,a,u);let I=o.block.countries,b=o.block.regionCodes,C=o.block.asns;return I.length>0&&I.includes(s)&&!c||b.length>0&&b.includes(a)&&!l||C.length>0&&C.includes(u)&&!d?St(n,e,r,s,a,u):n},"GeoFilterInboundPolicy");function St(n,e,t,r,o,s){return e.log.debug(`Request blocked by GeoFilterInboundPolicy '${t}' (country: '${r}', regionCode: '${o}', asn: '${s}')`),x.forbidden(n,e,{geographicContext:{country:r,regionCode:o,asn:s}})}i(St,"blockedResponse");function At(n,e,t){if(typeof n=="string")return n.split(",").map(r=>r.trim().toLowerCase());if(typeof n>"u")return[];if(Array.isArray(n))return n.map(r=>r.trim().toLowerCase());throw new g(`Invalid '${e}' for GeoFilterInboundPolicy '${t}': '${n}', must be a string or string[]`)}i(At,"toLowerStringArray");var tp=i(async(n,e,t)=>{f("policy.inbound.jwt-scope-validation");let r=n.user?.data.scope.split(" ")||[];if(!i((s,a)=>a.every(u=>s.includes(u)),"scopeChecker")(r,t.scopes)){let s={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${t.scopes}`};return new Response(JSON.stringify(s),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return n},"JWTScopeValidationInboundPolicy");var np=i(async(n,e,t,r)=>{f("policy.inbound.mock-api");let o=e.route.raw().responses;if(!o)return Si(r,n,e,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let s=Object.keys(o),a=[];if(s.length===0)return Si(r,n,e,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(s.forEach(u=>{o[u].content&&Object.keys(o[u].content).forEach(l=>{let d=o[u].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:u,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(u=>!(t.responsePrefixFilter&&!u.responseName.startsWith(t.responsePrefixFilter)||t.contentType&&u.contentName!==t.contentType||t.exampleName&&u.exampleName!==t.exampleName)),t.random&&a.length>1){let u=Math.floor(Math.random()*a.length);return ou(a[u])}else return a.length>0?ou(a[0]):Si(r,n,e,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");function ou(n){let e=JSON.stringify(n.exampleValue,null,2),t=new Headers;switch(t.set("Content-Type",n.contentName),n.responseName){case"1XX":return new Response(e,{status:100,headers:t});case"2XX":return new Response(e,{status:200,headers:t});case"3XX":return new Response(e,{status:300,headers:t});case"4XX":return new Response(e,{status:400,headers:t});case"5XX":case"default":return new Response(e,{status:500,headers:t});default:return new Response(e,{status:Number(n.responseName),headers:t})}}i(ou,"generateResponse");var Si=i((n,e,t,r)=>{let o=`Error in policy: ${n} - On route ${e.method} ${t.route.path}. ${r}`;return x.internalServerError(e,t,{detail:o})},"getProblemDetailResponse");var rp="Incoming",op={logRequestBody:!0,logResponseBody:!0};function iu(n){let e={};return n.forEach((t,r)=>{e[r]=t}),e}i(iu,"headersToObject");function su(){return new Date().toISOString()}i(su,"timestamp");var Ai=new WeakMap,ip={};function sp(n,e){let t=Ai.get(n);t||(t=ip);let r=Object.assign({...t},e);Ai.set(n,r)}i(sp,"setMoesifContext");async function au(n,e){let t=n.headers.get("content-type");if(t&&t.indexOf("json")!==-1)try{return await n.clone().json()}catch(o){e.log.error(o)}let r=await n.clone().text();return e.log.debug({textBody:r}),r}i(au,"readBody");var ap={},Oi;function uu(){if(!Oi)throw new k("Invalid State - no _lastLogger");return Oi}i(uu,"getLastLogger");function up(n){let e=ap[n];return e||(e=new X("moesif-inbound",100,async t=>{let r=JSON.stringify(t);uu().debug("posting",r);let o=await z.fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":n},body:r});o.ok||uu().error({status:o.status,body:await o.text()})})),e}i(up,"getDispatcher");async function cp(n,e,t,r){f("policy.inbound.moesif-analytics"),Oi=e.log;let o=su(),s=Object.assign(op,t);if(!s.applicationId)throw new g(`Invalid configuration for MoesifInboundPolicy '${r}' - applicationId is required`);let a=s.logRequestBody?await au(n,e):void 0;return e.addResponseSendingFinalHook(async(u,c)=>{let l=up(s.applicationId),d=n.headers.get("true-client-ip"),p=Ai.get(e)??{},m={time:o,uri:n.url,verb:n.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:iu(n.headers)},h=s.logResponseBody?await au(u,e):void 0,I={time:su(),status:u.status,headers:iu(u.headers),body:h},b={request:m,response:I,user_id:p.userId??c.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:rp};l.enqueue(b),e.waitUntil(l.waitUntilFlushed())}),n}i(cp,"MoesifInboundPolicy");async function cu(n,e,t,r){let o=Q.getLogger(n),{authApiJWT:s,meteringServiceUrl:a}=y.instance,u;try{let l=await z.fetch(`${a}/internal/v1/metering/${r}/subscriptions?customerKey=${e}`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":n.requestId},method:"GET"});if(l.ok)u=await l.json();else{let d=await l.json(),p=d.detail??d.title??"Unknown error on quota consumption.";n.log.error(`MonetizationInboundPolicy '${t}' - Error loading subscription. ${l.status} - ${p}`),o.error(`MonetizationInboundPolicy '${t}' - Error loading subscription.${l.status} - ${p}`)}}catch(l){o.error(`MonetizationInboundPolicy '${t}' - Error loading subscription`,l)}let c=u&&u.data&&u.data.length>0?u.data:void 0;return c&&c.length>1?c.sort((d,p)=>d.createdOn>p.createdOn?-1:1)[0]:c&&c[0]}i(cu,"loadSubscription");async function lu(n,e,t,r,o){let{authApiJWT:s,meteringServiceUrl:a}=y.instance,u=Q.getLogger(n);try{let c=await z.fetch(`${a}/internal/v1/metering/${r}/subscriptions/${e}/quotas/consume`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":n.requestId},method:"POST",body:JSON.stringify({meters:o})});if(!c.ok){let l=await c.json(),d=l.detail??l.title??"Unknown error on quota consumption.";n.log.error(`MonetizationInboundPolicy '${t}' - Error updating subscription quota. ${c.status} - ${d}`),u.error(`MonetizationInboundPolicy '${t}' - Error updating subscription quota. ${c.status} - ${d}`)}}catch(c){n.log.error(`MonetizationInboundPolicy '${t}' - Error updating subscription quota.`),u.error(`MonetizationInboundPolicy '${t}' - Error updating subscription quota.`,c)}}i(lu,"consumeSubcriptionQuotas");var lp=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]);function ir(n,e){try{let t=[];for(let r in n)typeof n[r]!="number"&&!(Number.isInteger(n[r])&&/^-?\d+$/.test(n[r].toString()))&&t.push(r);if(t.length>0)throw new g(t.length>1?`The values found in these properties are not integers : ${t.join(", ")}`:`The value in property '${t[0]}' is not an integer`)}catch(t){throw t instanceof g?new g(`MonetizationInboundPolicy '${e}' - The property 'meters' is invalid. ${t.message}`):t}}i(ir,"validateMeters");function du(n,e){if(n)try{if(n.length===0)throw new g("Must set valid subscription statuses");let t=it(n),r=[];for(let o of t)lp.has(o)||r.push(o);if(r.length>0)throw new g(`Found the following invalid statuses: ${r.join(", ")}`);return n}catch(t){throw t instanceof g?new g(`MonetizationInboundPolicy '${e}' - The property 'allowedSubscriptionStatuses' is invalid. ${t.message}`):t}else return["active","incomplete","trialing"]}i(du,"parseAllowedSubscriptionStatuses");function pu(n,e){let t={},r={};for(let o in e)n.hasOwnProperty(o)?t[o]=e[o]:r[o]=e[o];return{metersInSubscription:t,metersNotInSubscription:r}}i(pu,"compareMeters");var ki=class extends ae{static{i(this,"MonetizationInboundPolicy")}static getSubscription(e){return ne.get(e,Ht)}static setMeters(e,t){ir(t,"setMeters");let r=ne.get(e,Zt)??{};Object.assign(r,t),ne.set(e,Zt,r)}constructor(e,t){super(e,t),f("policy.inbound.monetization")}async handler(e,t){W(this.options,this.policyName).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string"),this.options.meterOnStatusCodes||(this.options.meterOnStatusCodes="200-399");let r=this.options.allowRequestsOverQuota??!1,o=Ve(this.options.meterOnStatusCodes),s=ne.get(t,Zt),a={...this.options.meters,...s};ir(a,this.policyName);let u=this.options.allowRequestsWithoutSubscription??!1,c=du(this.options.allowedSubscriptionStatuses,this.policyName);t.addResponseSendingFinalHook(async(b,C,L)=>{let S=ne.get(L,Ht);if((this.options.allowRequestsWithoutSubscription??!1)&&!S){L.log.debug(`MonetizationInboundPolicy '${this.policyName}' - No subscription found and property 'allowRequestsWithoutSubscription' is true`);return}if(!this.options.bucketId)if(fe.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=fe.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new g(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let Z=ne.get(L,Zt),q={...this.options.meters,...Z};if(ir(q,this.policyName),o.includes(b.status)&&S&&q){L.log.debug(`MonetizationInboundPolicy '${this.policyName}' - Updating subscription '${S.id}' with meters '${JSON.stringify(q)} on response status '${b.status}'`);let{metersInSubscription:A,metersNotInSubscription:$}=pu(S.meters,q);if($&&Object.keys($).length>0){let V=Object.keys($);L.log.warn(`The following meters cannot be applied since they are not present in the subscription: '${V}'`)}await lu(L,S.id,this.policyName,this.options.bucketId,A)}});let l=e.user;if(!l)return u?e:x.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!this.options.bucketId)if(fe.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=fe.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new g(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let{sub:d}=l,p=await cu(t,d,this.policyName,this.options.bucketId);if(!p)return t.log.warn("No valid subscription found"),u?e:x.unauthorized(e,t,{detail:"No valid subscription found"});if(!c.includes(p.status)&&!u)return t.log.warn(`Subscription '${p.id}' has status '${p.status}' which is not part of the allowed statuses.`),x.unauthorized(e,t,{detail:"No valid subscription found"});c.includes(p.status)&&(t.log.debug(`Loading subscription '${p.id}' for user sub '${d}' to ContextData`),ne.set(t,Ht,p));let m=ne.get(t,Ht);if(!m)return u?e:(t.log.warn("Subscription is not available for user"),x.paymentRequired(e,t,{detail:"Subscription is not available for user",title:"No Subscription"}));if(m&&Object.keys(m.meters).length===0)return t.log.error(`Quota is not set up for subscription '${m.id}'`),x.tooManyRequests(e,t,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let I=Object.keys(a).filter(b=>!Object.keys(m.meters).includes(b));if(I.length>0)return t.log.warn(`The following policy meters are not present in the subscription: ${I.join(", ")}`),x.tooManyRequests(e,t,{detail:`The following policy meters are not present in the subscription: ${I.join(", ")}`,title:"Quota Exceeded"});for(let b of Object.keys(a))if(m.meters[b].available<=0&&!r)return x.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${b}'`,title:"Quota Exceeded"});return e}};async function sr(n,e){let t=new URLSearchParams({client_id:n.clientId,client_secret:n.clientSecret,grant_type:"client_credentials"});n.scope&&t.append("scope",n.scope),n.audience&&t.append("audience",n.audience);let r=await we({retries:n.retries?.maxRetries??3,retryDelayMs:n.retries?.delayMs??10},n.tokenEndpointUrl,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:t});if(r.status!==200){try{let s=await r.text();e.log.error(`Error getting token from identity provider. Status: ${r.status}`,s)}catch{}throw new k("Error getting token from identity provider.")}let o=await r.json();if(o&&typeof o=="object"&&"access_token"in o&&typeof o.access_token=="string"&&"expires_in"in o&&typeof o.expires_in=="number")return{access_token:o.access_token,expires_in:o.expires_in};throw new k("Response returned from identity provider is not in the expected format.")}i(sr,"getClientCredentialsAccessToken");var Ot=class extends Error{constructor(t,r,o){super(r,o);this.code=t}static{i(this,"OpenFGAError")}},ar=class{static{i(this,"BaseOpenFGAClient")}apiUrl;storeId;authorizationModelId;constructor(e){this.apiUrl=e.apiUrl,this.storeId=e.storeId,this.authorizationModelId=e.authorizationModelId}getStoreId(e={},t=!1){let r=e?.storeId||this.storeId;if(!t&&!r)throw new g("storeId is required");return r}getAuthorizationModelId(e={}){return e?.authorizationModelId||this.authorizationModelId}async get(e,t){return this.fetch(e,"GET",t)}async put(e,t,r){return this.fetch(e,"PUT",r,t)}post(e,t,r){return this.fetch(e,"POST",r,t)}async fetch(e,t,r,o){let s=new Headers(r.headers||{});s.set("Content-Type","application/json"),s.set("Accept","application/json"),s.set("User-Agent",y.instance.systemUserAgent);let a=`${this.apiUrl}${e}`,u=new Request(a,{method:t,headers:s,body:o?JSON.stringify(o):void 0}),c=await z.fetch(u);if(c.status!==200){let l;try{l=await c.json()}catch{}throw!l||!l.code||!l.message?new Ot("unknown",`Unknown error. Status: ${c.status}`):new Ot(l.code,l.message)}return c.json()}};function cn(n,e,t){!n[e]&&t&&(n[e]=t)}i(cn,"setHeaderIfNotSet");var mu="X-OpenFGA-Client-Method",gu="X-OpenFGA-Client-Bulk-Request-Id",ln=class extends ar{static{i(this,"OpenFGAClient")}async check(e,t={}){return this.post(`/stores/${this.getStoreId(t)}/check`,{tuple_key:{user:e.user,relation:e.relation,object:e.object},context:e.context,contextual_tuples:{tuple_keys:e.contextualTuples||[]},authorization_model_id:this.getAuthorizationModelId(t)},t)}async batchCheck(e,t={}){let{headers:r={}}=t;return cn(r,mu,"BatchCheck"),cn(r,gu,crypto.randomUUID()),{responses:await Promise.all(e.map(async s=>this.check(s,Object.assign({},t,r)).then(a=>(a._request=s,a)).catch(a=>{if(a instanceof Ot)throw a;return{allowed:void 0,error:a,_request:s}})))}}async expand(e,t={}){return this.post(`/stores/${this.getStoreId(t)}/expand`,{authorization_model_id:this.getAuthorizationModelId(t),tuple_key:e},t)}async listObjects(e,t={}){return this.post(`/stores/${this.getStoreId(t)}/list-objects`,{authorization_model_id:this.getAuthorizationModelId(t),user:e.user,relation:e.relation,type:e.type,context:e.context,contextual_tuples:{tuple_keys:e.contextualTuples||[]}},t)}async listRelations(e,t={}){let{user:r,object:o,relations:s,contextualTuples:a,context:u}=e,{headers:c={}}=t;if(cn(c,mu,"ListRelations"),cn(c,gu,crypto.randomUUID()),!s?.length)throw new Error("When calling listRelations, at least one relation must be passed in the relations field");let l=await this.batchCheck(s.map(p=>({user:r,relation:p,object:o,contextualTuples:a,context:u})),Object.assign({},t,c)),d=l.responses.find(p=>p.error);if(d)throw d.error;return{relations:l.responses.filter(p=>p.allowed).map(p=>p._request.relation)}}async listUsers(e,t={}){return this.post(`/stores/${this.getStoreId(t)}/list-users`,{authorization_model_id:this.getAuthorizationModelId(t),relation:e.relation,object:e.object,user_filters:e.user_filters,context:e.context,contextual_tuples:e.contextualTuples||[]},t)}};var fu=Symbol("openfga-authz-context-data"),kt=class extends ae{static{i(this,"BaseOpenFGAAuthZInboundPolicy")}client;authorizer;cache;static setContextChecks(e,t){let r=Array.isArray(t)?t:[t];ne.set(e,fu,r)}constructor(e,t){if(super(e,t),W(e,t).required("apiUrl","string").optional("storeId","string").optional("authorizationModelId","string"),!e.credentials)throw new g(`${this.policyType} '${this.policyName}' - The 'credentials' option is required.`);if(e.credentials.method==="client-credentials")W(e.credentials,t).required("clientId","string").required("clientSecret","string").required("oauthTokenEndpointUrl","string").optional("apiAudience","string");else if(e.credentials.method==="api-token")W(e.credentials,t).required("token","string").optional("headerName","string").optional("headerValuePrefix","string");else if(e.credentials.method==="header")W(e.credentials,t).optional("headerName","string");else if(e.credentials.method!=="none")throw new g(`${this.policyType} '${this.policyName}' - The 'credentials.type' option is invalid. It must be set to either 'none', 'api-token', 'client-credentials', or 'header'.`);this.authorizer=this.getAuthorizer(e.credentials),this.client=new ln({apiUrl:e.apiUrl,storeId:e.storeId,authorizationModelId:e.authorizationModelId})}async handler(e,t){if(!this.cache){let a=await se(this.policyName,void 0,this.options);this.cache=new oe(a,t)}let r=i(a=>this.options.allowUnauthorizedRequests?e:x.forbidden(e,t,{detail:a}),"forbiddenResponse"),o=ne.get(t,fu);if(!o||o.length===0)throw new k(`${this.policyType} '${this.policyName}' - No checks found in the context.`);let s=await this.authorizer(e,t);try{t.log.debug("OpenFGA checks",o);let a=await this.client.batchCheck(o,{headers:s});return t.log.debug("OpenFGA Response",a),a.responses.every(u=>u.allowed)?e:(t.log.debug(`${this.policyType} '${this.policyName}' - The request was not authorized.`,a),r("The request was not authorized."))}catch(a){return t.log.error(`${this.policyType} '${this.policyName}' - Error calling OpenFGA service`,a),x.internalServerError(e,t)}}getAuthorizer(e){if(e.method==="none")return async()=>({});if(e.method==="header")return async t=>{let r=e.headerName??"Authorization",o=t.headers.get(r);if(!o)throw new K(`${this.policyType} '${this.policyName}' - The header '${r}' is missing.`);return{[r]:o}};if(e.method==="api-token")return async()=>({[e.headerName??"Authorization"]:`${e.headerValuePrefix??"Bearer "} ${e.token}`});if(e.method==="client-credentials")return async(t,r)=>{let o=await this.cache?.get("client_credentials_token");if(o)return{Authorization:`Bearer ${o}`};let s=await sr({tokenEndpointUrl:e.oauthTokenEndpointUrl,clientId:e.clientId,clientSecret:e.clientSecret,audience:e.apiAudience},r);return this.cache?.put("client_credentials_token",s.access_token,s.expires_in),{Authorization:`Bearer ${s.access_token}`}};throw new k("Invalid state for credentials method is not valid. This should not happen.")}};var hu=["us1","eu1","au1"],Li=class extends kt{static{i(this,"OktaFGAAuthZInboundPolicy")}constructor(e,t){if(!hu.includes(e.region))throw new g(`OktaFGAAuthZInboundPolicy '${t}' - The 'region' option is invalid. Must be one of ${hu.join(", ")}.`);let r={...e,apiUrl:`https://api.${e.region}.fga.dev`,credentials:{method:"client-credentials",oauthTokenEndpointUrl:"https://fga.us.auth0.com/oauth/token",clientId:e.credentials.clientId,clientSecret:e.credentials.clientSecret,apiAudience:`https://api.${e.region}.fga.dev/`}};super(r,t),f("policy.inbound.oktafga-authz")}};var dp=i(async(n,e,t,r)=>(f("policy.inbound.okta-jwt-auth"),Pe(n,e,{issuer:t.issuerUrl,audience:t.audience,jwkUrl:`${t.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests},r)),"OktaJwtInboundPolicy");var _i=class extends kt{static{i(this,"OpenFGAAuthZInboundPolicy")}constructor(e,t){super(e,t),f("policy.inbound.openfga-authz")}};import{importSPKI as pp}from"jose";var Ni,mp=i(async(n,e,t,r)=>{if(f("policy.inbound.propel-auth-jwt-auth"),!Ni)try{Ni=await pp(t.verifierKey,"RS256")}catch(o){throw e.log.error("Could not import verifier key"),o}return Pe(n,e,{issuer:t.authUrl,secret:Ni,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests,subPropertyName:"user_id"},r)},"PropelAuthJwtInboundPolicy");var Di="quota-inbound-policy-f307056c-8c00-4f2c-b4ac-c0ac7d04eca0",yu="quota-usage-2017e968-4de8-4a63-8951-1e423df0d64b";var Mi=class n extends ae{static{i(this,"QuotaInboundPolicy")}constructor(e,t){super(e,t),f("policy.inbound.quota")}async handler(e,t){let r=this.options.debug??!1;t.log.debug({debug:r}),W(this.options,this.policyName).required("period","string").required("quotaBy","string").optional("quotaAnchorMode","string").optional("allowances","object"),n.setMeters(t,{requests:1});let o=Q.getLogger(t);try{let s=gp(this.options,this.policyName),a=s.functions.getAnchorDate(e,t,this.policyName),u=s.functions.getQuotaDetail(e,t,this.policyName),[c,l]=await Promise.all([a,u]),d=fp(l.key,this.policyName);r&&t.log.debug(`QuotaInboundPolicy: key - '${d}'`);let p=et(this.policyName,o),m=await p.getQuota(d,t.requestId);n.#e(t,this.policyName,m),r&&t.log.debug("QuotaInboundPolicy: quotaResult",m),c&&new Date(m.anchorDate).getTime()!==c.getTime()&&t.log.warn(`QuotaInboundPolicy '${this.policyName}' provided anchorDate ('${c}') did not match the stored, immutable anchorDate ('${m.anchorDate}')`);let h=Object.assign({},s.defaultAllowances);Object.assign(h,l.allowances);let I=[],b="";if(Object.entries(h).forEach(([C,L])=>{r&&(b+=`${C} - allowed: ${L} value: ${m.meters[C]??0}
+`),(m.meters[C]??0)>=L&&I.push(C)}),r&&t.log.debug("QuotaInboundPolicy: debugTable",b),I.length>0)return x.tooManyRequests(e,t,{detail:`Quota exceeded for meters '${I.join(", ")}'`});t.addResponseSendingFinalHook(async(C,L,S)=>{if(r&&S.log.debug(`QuotaInboundPolicy: backend response - ${C.status}: ${C.statusText}`),!s.quotaOnStatusCodes.includes(C.status))return;let H=ne.get(S,Di),Z={config:{period:s.period,anchorDate:c?.toISOString()??""},increments:H};r&&S.log.debug("QuotaInboundPolicy: setQuotaDetails",Z);let q=p.setQuota(d,Z,S.requestId);S.waitUntil(q)})}catch(s){o.error(s),t.log.error(s)}return e}static setMeters(e,t){let r=ne.get(e,Di)??{};Object.assign(r,t),ne.set(e,Di,r)}static getUsage(e,t){let r=ne.get(e,`${yu}-${t}`);if(r===void 0)throw new k(`QuotaInboundPolicy.getUsage was called for policy named '${t}' but the policy itself has not yet executed.`);return r}static#e(e,t,r){ne.set(e,`${yu}-${t}`,r)}};function gp(n,e){let t=i(async s=>({key:`user-1385b4e8-800f-488e-b089-c197544e5801-${s.user?.sub}`,allowances:n.allowances??{}}),"getQuotaDetail"),r=i(async()=>{},"getAnchorDate");if(n.quotaBy==="function"){if(n.identifier===void 0||n.identifier.module===void 0||n.identifier.getQuotaDetailExport===void 0)throw new g(`QuotaInboundPolicy '${e}' - The property 'identifier.module' and 'identifier.getQuotaDetailExport' is required when 'quotaBy' is 'function'`);t=n.identifier.module[n.identifier.getQuotaDetailExport]}if(n.quotaAnchorMode==="function"){if(n.identifier===void 0||n.identifier.module===void 0||n.identifier.getAnchorDateExport===void 0)throw new g(`QuotaInboundPolicy '${e}' - The property 'identifier.module' and 'identifier.getAnchorDateExport' is required when 'quotaAnchorMode' is 'function'`);r=n.identifier.module[n.identifier.getAnchorDateExport]}return{period:n.period,quotaBy:n.quotaBy??"user",quotaAnchorMode:n.quotaAnchorMode??"first-api-call",quotaOnStatusCodes:Ve(n.quotaOnStatusCodes??"200-299"),defaultAllowances:Object.assign({},n.allowances),functions:{getQuotaDetail:t,getAnchorDate:r}}}i(gp,"validateAndParseOptions");function fp(n,e){return encodeURIComponent(`${e}-${n}`)}i(fp,"processKey");var bu=be("zuplo:policies:RateLimitInboundPolicy"),wu=i(async(n,e,t,r)=>{let o=Q.getLogger(e),s=i((q,A)=>{let $={};return(!q||q==="retry-after")&&($[vt]=A.toString()),x.tooManyRequests(n,e,void 0,$)},"rateLimited"),u=await Tt(r,t)(n,e,r),c=u.key,l=u.requestsAllowed??t.requestsAllowed,d=u.timeWindowMinutes??t.timeWindowMinutes,p=t.headerMode??"retry-after",m=et(r,o),I=`rate-limit${y.instance.isTestMode?y.instance.build.BUILD_ID:""}/${r}/${c}`,b=await se(r,void 0,t),C=new oe(b,e),L=m.getCountAndUpdateExpiry(I,d,e.requestId),S;i(async()=>{let q=await L;if(q.count>l){let A=Date.now()+q.ttlSeconds*1e3;C.put(I,A,q.ttlSeconds),bu(`RateLimitInboundPolicy '${r}' - returning 429 from redis for '${I}' (async mode)`),S=s(p,q.ttlSeconds)}},"asyncCheck")();let Z=await C.get(I);if(Z!==void 0&&Z>Date.now()){bu(`RateLimitInboundPolicy '${r}' - returning 429 from cache for '${I}' (async mode)`);let q=Math.round((Z-Date.now())/1e3);return s(p,q)}return e.addResponseSendingHook(async q=>S??q),n},"AsyncRateLimitInboundPolicyImpl");function qi(n,e){if(n===null)throw new Error(`RateLimitInboundPolicy - Invalid ${e} value: null`);if(n==="")throw new Error(`RateLimitInboundPolicy - Invalid ${e} value: empty string`);if(typeof n=="number")return n;if(typeof n!="number"){let t=Number(n);if(isNaN(t)||!Number.isInteger(t))throw new Error(`RateLimitInboundPolicy - Invalid ${e} value not of type integer: ${n}`);return t}throw new Error(`RateLimitInboundPolicy - Invalid ${e} value: ${n}`)}i(qi,"convertToNumber");var Ru=be("zuplo:policies:RateLimitInboundPolicy"),hp="strict",Pu=i(async(n,e,t,r)=>{if(f("policy.inbound.rate-limit"),(t.mode??hp)==="async")return wu(n,e,t,r);let s=Date.now(),a=Q.getLogger(e),u=i((l,d)=>{if(t.throwOnFailure)throw new K(l,{cause:d});a.error(l,d)},"throwOrLog"),c=i((l,d)=>{let p={};return(!l||l==="retry-after")&&(p[vt]=d.toString()),x.tooManyRequests(n,e,void 0,p)},"rateLimited");try{let d=await Tt(r,t)(n,e,r),p=d.key,m=qi(d.requestsAllowed??t.requestsAllowed,"requestsAllowed"),h=qi(d.timeWindowMinutes??t.timeWindowMinutes,"timeWindowMinutes"),I=t.headerMode??"retry-after",b=et(r,a),L=`rate-limit${y.instance.isTestMode||y.instance.isWorkingCopy?y.instance.build.BUILD_ID:""}/${r}/${p}`,S=await b.getCountAndUpdateExpiry(L,h,e.requestId);return S.count>m?(Ru(`RateLimitInboundPolicy '${r}' - returning 429 from redis for '${L}' (strict mode)`),c(I,S.ttlSeconds)):n}catch(l){return u(l.message,l),n}finally{let l=Date.now()-s;Ru(`RateLimitInboundPolicy '${r}' - latency ${l}ms`)}},"RateLimitInboundPolicy");var Ui;function Iu(n){let e=[];for(let[t,r]of n)e.push({name:t,value:r});return e}i(Iu,"headersToNameValuePairs");function yp(n){let e=[];return Object.entries(n).forEach(([t,r])=>{e.push({name:t,value:r})}),e}i(yp,"queryToNameValueParis");function bp(n){if(n===null)return;let e=parseFloat(n);if(!isNaN(e))return e}i(bp,"parseIntOrUndefined");var Eu={};async function wp(n,e,t,r){f("policy.inbound.readme-metrics");let o=new Date,s=Date.now();return Ui||(Ui={name:"zuplo",version:y.instance.build.ZUPLO_VERSION,comment:`zuplo/${y.instance.build.ZUPLO_VERSION}`}),e.addResponseSendingFinalHook(async a=>{try{let u=t.userLabelPropertyPath&&n.user?$e(n.user,t.userLabelPropertyPath,"userLabelPropertyPath"):n.user?.sub,c=t.userEmailPropertyPath&&n.user?$e(n.user,t.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:n.headers.get("true-client-ip")??"",development:t.development!==void 0?t.development:y.instance.isWorkingCopy||y.instance.isLocalDevelopment,group:{label:u,email:c,id:n.user?.sub??"anonymous"},request:{log:{creator:Ui,entries:[{startedDateTime:o.toISOString(),time:Date.now()-s,request:{method:n.method,url:t.useFullRequestPath?new URL(n.url).pathname:e.route.path,httpVersion:"2",headers:Iu(n.headers),queryString:yp(n.query)},response:{status:a.status,statusText:a.statusText,headers:Iu(a.headers),content:{size:bp(n.headers.get("content-length"))}}}]}}},d=Eu[t.apiKey];if(!d){let p=t.apiKey;d=new X("readme-metering-inbound-policy",10,async m=>{try{let h=t.url??"https://metrics.readme.io/request",I=await z.fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});I.status!==202&&e.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${r}'. ${I.status}: '${await I.text()}'`)}catch(h){throw e.log.error(`Error in ReadmeMeteringInboundPolicy '${r}': '${h.message}'`),h}}),Eu[p]=d}d.enqueue(l),e.waitUntil(d.waitUntilFlushed())}catch(u){e.log.error(u)}}),n}i(wp,"ReadmeMetricsInboundPolicy");var Rp=i(async(n,e,t,r)=>{f("policy.inbound.remove-headers");let o=t?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new g(`RemoveHeadersInboundPolicy '${r}' options.headers must be a non-empty string array of header names`);let s=new Headers(n.headers);return o.forEach(u=>{s.delete(u)}),new Y(n,{headers:s})},"RemoveHeadersInboundPolicy");var Pp=i(async(n,e,t,r,o)=>{f("policy.outbound.remove-headers");let s=r?.headers;if(!s||!Array.isArray(s)||s.length===0)throw new g(`RemoveHeadersOutboundPolicy '${o}' options.headers must be a non-empty string array of header names`);let a=new Headers(n.headers);return s.forEach(c=>{a.delete(c)}),new Response(n.body,{headers:a,status:n.status,statusText:n.statusText})},"RemoveHeadersOutboundPolicy");var Ip=i(async(n,e,t,r)=>{f("policy.inbound.remove-query-params");let o=t.params;if(!o||!Array.isArray(o)||o.length===0)throw new g(`RemoveQueryParamsInboundPolicy '${r}' options.params must be a non-empty string array of header names`);let s=new URL(n.url);return o.forEach(u=>{s.searchParams.delete(u)}),new Y(s.toString(),n)},"RemoveQueryParamsInboundPolicy");var Ep=i(async(n,e,t,r)=>{f("policy.outbound.replace-string");let o=await n.text(),s=r.mode==="regexp"?new RegExp(r.match,"gm"):r.match,a=o.replaceAll(s,r.replaceWith);return new Response(a,{headers:n.headers,status:n.status,statusText:n.statusText})},"ReplaceStringOutboundPolicy");var xu=i(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),xp=i(async(n,e,t)=>{f("policy.inbound.request-size-limit");let r=t.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(n.method))return n;let o=n.headers.get("content-length"),s=o!==null?parseInt(o):void 0;return s&&!isNaN(s)&&s>t.maxSizeInBytes?xu():s&&r?n:(await n.clone().text()).length>t.maxSizeInBytes?xu():n},"RequestSizeLimitInboundPolicy");var Lt=i(n=>{let e=n.route.raw();return e.parameters?e.parameters:[]},"getParametersForOperation"),_t=i((n,e,t,r,o)=>{let s=[],a=!0,u=[];return n.forEach(c=>{let l=c.required||o==="path";if(l&&!e[c.name])a=!1,s.push(`Required ${o} parameter '${c.name}' not found`);else if(!(!l&&!e[c.name])){let d=dr(t,r,o,c.name),p=he.instance.schemaValidator[d],m=p(e[c.name]),h=$i(p.errors);m||(a=!1,u.push(`${o} parameter: ${c.name} : ${e[c.name]}`),s.push(`Invalid value for ${o} parameter: '${c.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:u,errors:s}},"validateParameters"),Oe=i((n,e,t,r,o)=>{r?n.log[e](t,r,o):n.log[e](t,o)},"logErrors"),ke=i(n=>n==="log-only"||n==="reject-and-log","shouldLog"),Le=i(n=>n==="reject-only"||n==="reject-and-log","shouldReject"),$i=i(n=>n?.map(e=>e.instancePath===void 0||e.instancePath===""?e.message??"Unknown validation error":e.instancePath.replace("/","")+" "+e.message)??["Unknown validation error"],"getErrorsFromValidator");async function Tu(n,e,t){if(!t.validateBody||t.validateBody==="none")return;let r;try{r=await e.clone().json()}catch(h){let I=`Error in request body for method : ${e.method} in route: ${n.route.path} with content-type: ${e.headers.get("Content-Type")}`,b=x.badRequest(e,n,{detail:`${I}, see errors property for more details`,errors:`${h}`});if(ke(t.validateBody)&&Oe(n,t.logLevel??"info",I,[r],h),Le(t.validateBody))return b}if(!e.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${e.method} in route: ${n.route.path}`,I=x.badRequest(e,n,{detail:h});return ke(t.validateBody)&&Oe(n,t.logLevel??"info",h,[r],[h]),Le(t.validateBody)?I:void 0}let o=e.headers.get("Content-Type"),s=o.indexOf(";");s>-1&&(o=o.substring(0,s));let a=pr(n.route.path,e.method,o),u=he.instance.schemaValidator[a];if(!u){let h=`No schema defined for method: ${e.method} in route: ${n.route.path} with content-type: ${e.headers.get("Content-Type")}`,I=x.badRequest(e,n,{detail:h});return ke(t.validateBody)&&Oe(n,t.logLevel??"info",h,[r],[h]),Le(t.validateBody)?I:void 0}if(u(r))return;let l=u.errors,d="Request body did not pass validation",p=$i(l),m=x.badRequest(e,n,{detail:`${d}, see errors property for more details`,errors:p});if(ke(t.validateBody)&&Oe(n,t.logLevel??"info",d,[r],p),Le(t.validateBody))return m}i(Tu,"handleBodyValidation");function vu(n,e,t){if(!t.validateHeaders||t.validateHeaders==="none")return;let r={};e.headers.forEach((a,u)=>{r[u]=a});let o=Lt(n),s=_t(o.filter(a=>a.in==="header"),r,n.route.path,e.method.toLowerCase(),"header");if(!s.isValid){let a="Header validation failed",u=x.badRequest(e,n,{detail:`${a}, see errors property for more details`,errors:s.errors});if(ke(t.validateHeaders)&&Oe(n,t.logLevel??"info",a,s.invalidValues,s.errors),Le(t.validateHeaders))return u}}i(vu,"handleHeadersValidation");function Cu(n,e,t){if(!t.validatePathParameters||t.validatePathParameters==="none")return;let r=Lt(n),o=_t(r.filter(s=>s.in==="path"),e.params,n.route.path,e.method.toLowerCase(),"path");if(!o.isValid){let s="Path parameters validation failed",a=x.badRequest(e,n,{detail:`${s}, see errors property for more details`,errors:o.errors});if(ke(t.validatePathParameters)&&Oe(n,t.logLevel??"info",s,o.invalidValues,o.errors),Le(t.validatePathParameters))return a}}i(Cu,"handlePathParameterValidation");function Su(n,e,t){if(!t.validateQueryParameters||t.validateQueryParameters==="none")return;let r=Lt(n),o=_t(r.filter(s=>s.in==="query"),e.query,n.route.path,e.method.toLowerCase(),"query");if(!o.isValid){let s="Query parameters validation failed",a=x.badRequest(e,n,{detail:`${s}, see errors property for more details`,errors:o.errors});if(ke(t.validateQueryParameters)&&Oe(n,t.logLevel??"info",s,o.invalidValues,o.errors),Le(t.validateQueryParameters))return a}}i(Su,"handleQueryParameterValidation");var Au=i(async(n,e,t)=>{f("policy.inbound.request-validation");let r=Su(e,n,t);if(r!==void 0||(r=Cu(e,n,t),r!==void 0)||(r=vu(e,n,t),r!==void 0))return r;let o=await Tu(e,n,t);return o!==void 0?o:n},"RequestValidationInboundPolicy"),Tp=Au;var vp=i(async(n,e,t,r)=>{if(f("policy.inbound.require-origin"),t.origins===void 0||t.origins.length===0)throw new g(`RequireOriginInboundPolicy '${r}' configuration error - no allowed origins specified`);let o=typeof t.origins=="string"?t.origins.split(","):t.origins;o=o.map(a=>a.trim());let s=n.headers.get("origin");if(!s||!o.includes(s)){let a=t.failureDetail??"Forbidden";return x.forbidden(n,e,{detail:a})}return n},"RequireOriginInboundPolicy");var Cp=i(async(n,e,t)=>(f("policy.inbound.set-body"),new Y(n,{body:t.body})),"SetBodyInboundPolicy");var Sp=i(async(n,e,t,r)=>{f("policy.inbound.set-headers");let o=t.headers;if(!o||!Array.isArray(o)||o.length==0)throw new g(`SetHeadersInboundPolicy '${r}' options.headers must be a valid array of { name, value }`);let s=new Headers(n.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new g(`SetHeadersInboundPolicy '${r}' each option.headers[] entry must have a name property`);let c=u.overwrite===void 0?!0:u.overwrite;(!s.has(u.name)||c)&&s.set(u.name,u.value)}),new Y(n,{headers:s})},"SetHeadersInboundPolicy");var Ap=i(async(n,e,t,r,o)=>{f("policy.outbound.set-headers");let s=r.headers;if(!s||!Array.isArray(s)||s.length==0)throw new g(`SetHeadersOutboundPolicy '${o}' options.headers must be a valid array of { name, value }`);let a=new Headers(n.headers);return s.forEach(c=>{if(!c.name||c.name.length===0)throw new g(`SetHeadersOutboundPolicy '${o}' each option.headers[] entry must have a name property`);let l=c.overwrite===void 0?!0:c.overwrite;(!a.has(c.name)||l)&&a.set(c.name,c.value)}),new Response(n.body,{headers:a,status:n.status,statusText:n.statusText})},"SetHeadersOutboundPolicy");var Op=i(async(n,e,t,r)=>{f("policy.inbound.set-query-params");let o=t.params;if(!o||!Array.isArray(o)||o.length==0)throw new g(`SetQueryParamsInboundPolicy '${r}' options.params must be a valid array of { name, value }`);let s=new URL(n.url);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new g(`SetQueryParamsInboundPolicy '${r}' each option.params[] entry must have a name property`);let c=u.overwrite===void 0?!0:u.overwrite;(!s.searchParams.has(u.name)||c)&&s.searchParams.set(u.name,u.value)}),new Y(s.toString(),n)},"SetQueryParamsInboundPolicy");var kp=i(async(n,e,t,r,o)=>{if(f("policy.outbound.set-status"),!r.status||isNaN(r.status)||r.status<100||r.status>599)throw new g(`Invalid SetStatusOutboundPolicy '${o}' - status must be a valid number between 100 and 599, not '${r.status}'`);return new Response(n.body,{headers:n.headers,status:r.status,statusText:r.statusText??n.statusText})},"SetStatusOutboundPolicy");var Lp=i(async n=>new Promise(t=>{setTimeout(t,n)}),"sleep"),_p=i(async(n,e,t,r)=>{if(f("policy.inbound.sleep"),!t||t.sleepInMs===void 0||isNaN(t.sleepInMs))throw new g(`SleepInboundPolicy '${r} must have a valid options.sleepInMs value`);return await Lp(t.sleepInMs),n},"SleepInboundPolicy");var Np=i(async(n,e,t,r)=>{f("policy.inbound.supabase-jwt-auth"),W(t,r).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let o={secret:t.secret,allowUnauthenticatedRequests:t.allowUnauthenticatedRequests??!1},s=await Pe(n,e,o,r);if(s instanceof Response)return s;if(!(s instanceof Y))throw new K("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=t.requiredClaims;if(!a)return s;let u=n.user?.data.app_metadata;if(!u)throw new k(`SupabaseJwtInboundPolicy policy '${r}' - has requiredClaims but the JWT token had no app_metadata property`);let c=Object.keys(a),l=[];return c.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(u[d])||l.push(d):p!==u[d]&&l.push(d)}),l.length>0?x.unauthorized(n,e,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):s},"SupabaseJwtInboundPolicy");var Dp=i(async(n,e,t,r)=>{f("policy.inbound.upstream-azure-ad-service-auth"),W(t,r).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let o=await se(r,void 0,t),s=new oe(o,e),a=await s.get(r);if(!a){let u=await Mp(t,e);s.put(r,u.access_token,u.expires_in-(t.expirationOffsetSeconds??300)),a=u.access_token}return n.headers.set("Authorization",`Bearer ${a}`),n},"UpstreamAzureAdServiceAuthInboundPolicy");async function Mp(n,e){let t=new URLSearchParams({client_id:n.activeDirectoryClientId,scope:`${n.activeDirectoryClientId}/.default`,client_secret:n.activeDirectoryClientSecret,grant_type:"client_credentials"}),r=await we({retries:n.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${n.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:t});if(r.status!==200){try{let s=await r.text();e.log.error("Could not get token from Azure AD",s)}catch{}throw new k("Could not get token from Azure AD")}let o=await r.json();if(o&&typeof o=="object"&&"access_token"in o&&typeof o.access_token=="string"&&"expires_in"in o&&typeof o.expires_in=="number")return{access_token:o.access_token,expires_in:o.expires_in};throw new k("Response returned from Azure AD is not in the expected format.")}i(Mp,"getAccessToken");var Ou="https://accounts.google.com/o/oauth2/token",Hi,qp=i(async(n,e,t,r)=>{f("policy.inbound.upstream-firebase-admin-auth"),W(t,r).required("serviceAccountJson","string"),Hi||(Hi=await Te.init(t.serviceAccountJson));let o={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},s=await se(r,void 0,t),a=new oe(s,e),u=await a.get(r);if(!u){let c=await De({serviceAccount:Hi,audience:Ou,payload:o}),l=await Un(Ou,c,{retries:t.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new k("Invalid OAuth response from Firebase");u=l.access_token,a.put(r,u,(l.expires_in??3600)-(t.expirationOffsetSeconds??300))}return n.headers.set("Authorization",`Bearer ${u}`),n},"UpstreamFirebaseAdminAuthInboundPolicy");var Up="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",$p=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Zi,Hp=i(async(n,e,t,r)=>{if(f("policy.inbound.upstream-firebase-user-auth"),W(t,r).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!t.userId&&!t.userIdPropertyPath)throw new g(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${r}'.`);let o={};if(typeof t.developerClaims<"u"){for(let p in t.developerClaims)if(Object.prototype.hasOwnProperty.call(t.developerClaims,p)){if($p.indexOf(p)!==-1)throw new g(`Developer claim "${p}" is reserved and cannot be specified.`);o[p]=t.developerClaims[p]}}Zi||(Zi=await Te.init(t.serviceAccountJson));let s=t.userId;if(!s&&!t.userIdPropertyPath){if(!n.user)throw new k("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");s=n.user?.sub}else if(t.userIdPropertyPath){if(!n.user)throw new k(`Unable to apply userIdPropertyPath '${t.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);s=$e(n.user,t.userIdPropertyPath,"userIdPropertyPath")}if(!s)throw new k(`Unable to determine user from for the policy ${r}`);let a=await se(r,void 0,t),u=new oe(a,e),c={uid:s,claims:o},l=await ct(JSON.stringify(c)),d=await u.get(l);if(!d){let p=await De({serviceAccount:Zi,audience:Up,payload:c}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${t.webApiKey}`,h=await aa(m,p,{retries:t.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new k("Invalid token response from Firebase");d=h.idToken,u.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(t.expirationOffsetSeconds??300))}return n.headers.set("Authorization",`Bearer ${d}`),n},"UpstreamFirebaseUserAuthInboundPolicy");var dn=class{static{i(this,"ZuploServices")}static async getIDToken(e,t){let r=new oe("0c13603a-a19f-4f03-a04a-50aa393f7ffa-zuplo-tokens",e),o=await se("zuplo-token",void 0,t),s=await r.get(o);if(s)return s;let{authClientId:a,authClientSecret:u,developerApiUrl:c,zuploClientAuthBucketId:l}=y.instance;if(!a||!u)throw new k("Zuplo service authentication is not enabled for this deployment. Contact support assistance.");let d=await sr({tokenEndpointUrl:`${c}/v1/client-auth/${l}/oauth/token`,clientId:a,clientSecret:u,audience:t?.audience},e);return r.put(o,d.access_token,d.expires_in-300),d.access_token}};var ku="service-account-id-token",Fi=class extends ae{static{i(this,"UpstreamGcpFederatedAuthInboundPolicy")}cacheName;normalizedWorkloadIdentityProvider;constructor(e,t){super(e,t),f("policy.inbound.upstream-gcp-federated-auth"),W(e,t).required("audience","string").required("serviceAccountEmail","string").required("workloadIdentityProvider","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number").optional("useMemoryCacheOnly","boolean").optional("tokenLifetime","number"),e.workloadIdentityProvider.startsWith("https://iam.googleapis.com/")?this.normalizedWorkloadIdentityProvider=e.workloadIdentityProvider.replace("https://iam.googleapis.com/",""):this.normalizedWorkloadIdentityProvider=e.workloadIdentityProvider}async handler(e,t){this.cacheName||(this.cacheName=await se(this.policyName,void 0,this.options));let r;this.options.useMemoryCacheOnly?r=new ze(this.cacheName):r=new oe(this.cacheName,t);let o=await r.get(ku);if(!o){let s=`https://iam.googleapis.com/${this.normalizedWorkloadIdentityProvider}`,a=await dn.getIDToken(t,{audience:s}),u=await ia(this.normalizedWorkloadIdentityProvider,a,{retries:this.options.tokenRetries??3,retryDelayMs:10});if(!u.access_token||!u.expires_in)throw new k("Invalid token response from GCP");let c=u.access_token,l=await sa({serviceAccountEmailOrIdentifier:this.options.serviceAccountEmail,audience:this.options.audience,accessToken:c},{retries:this.options.tokenRetries??3,retryDelayMs:10});if(!l.token)throw new k("Invalid token response from GCP");o=l.token,r.put(ku,c,3600-(this.options.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${o}`),e}};var ji,Zp=i(async(n,e,t,r)=>{f("policy.inbound.upstream-gcp-jwt"),W(t,r).required("audience","string").required("serviceAccountJson","string"),ji||(ji=await Te.init(t.serviceAccountJson));let o=await De({serviceAccount:ji,audience:t.audience});return n.headers.set("Authorization",`Bearer ${o}`),n},"UpstreamGcpJwtInboundPolicy");var Lu="https://www.googleapis.com/oauth2/v4/token",zi,Fp=i(async(n,e,t,r)=>{f("policy.inbound.upstream-gcp-service-auth"),W(t,r).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),zi||(zi=await Te.init(t.serviceAccountJson));let o={};if(t.scopes&&t.audience)throw new g("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(t.scopes)try{let c=it(t.scopes);o.scope=c.join(" ")}catch(c){throw c instanceof g?new g(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${c.message}`):c}t.audience&&(o.target_audience=`${t.audience}`);let s=await se(r,void 0,t),a;t.useMemoryCacheOnly?a=new ze(s):a=new oe(s,e);let u=await a.get(r);if(!u){let c=await De({serviceAccount:zi,audience:Lu,payload:o}),l=await Un(Lu,c,{retries:t.tokenRetries??3,retryDelayMs:10});if(t.audience){if(!l.id_token)throw new k("Invalid token response from GCP");u=l.id_token}else{if(!l.access_token)throw new k("Invalid token response from GCP");u=l.access_token}a.put(r,u,3600-(t.expirationOffsetSeconds??300))}return n.headers.set("Authorization",`Bearer ${u}`),n},"UpstreamGcpServiceAuthInboundPolicy");var jp=i(async(n,e,t)=>{f("policy.inbound.validate-json-schema");let r=n.clone(),o;try{o=await r.json()}catch{return x.badRequest(n,e,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(t.validator.default(o))return n;let{errors:a}=t.validator.default;if(!a)throw new K("Invalid state - validator error object is undefined even though validation failed.");let u=a.map(c=>c.instancePath===void 0||c.instancePath===""?"Body "+c.message:c.instancePath.replace("/","")+" "+c.message);return x.badRequest(n,e,{detail:"Incoming body did not pass schema validation",errors:u})},"ValidateJsonSchemaInbound");var _u=i(n=>{var e=Object.defineProperty,t=Object.getOwnPropertyNames,r=i((b,C)=>e(b,"name",{value:C,configurable:!0}),"__name"),o=i((b,C)=>i(function(){return C||(0,b[t(b)[0]])((C={exports:{}}).exports,C),C.exports},"__require"),"__commonJS"),s=o({"node_modules/fast-xml-parser/src/xmlparser/OptionsBuilder.js"(b){var C={preserveOrder:!1,attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,removeNSPrefix:!1,allowBooleanAttributes:!1,parseTagValue:!0,parseAttributeValue:!1,trimValues:!0,cdataPropName:!1,numberParseOptions:{hex:!0,leadingZeros:!0,eNotation:!0},tagValueProcessor:i(function(S,H){return H},"tagValueProcessor"),attributeValueProcessor:i(function(S,H){return H},"attributeValueProcessor"),stopNodes:[],alwaysCreateTextNode:!1,isArray:i(()=>!1,"isArray"),commentPropName:!1,unpairedTags:[],processEntities:!0,htmlEntities:!1,ignoreDeclaration:!1,ignorePiTags:!1,transformTagName:!1,transformAttributeName:!1,updateTag:i(function(S,H,Z){return S},"updateTag")},L=r(function(S){return Object.assign({},C,S)},"buildOptions");b.buildOptions=L,b.defaultOptions=C}}),a=o({"node_modules/fast-xml-parser/src/util.js"(b){"use strict";var C=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",L=C+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040",S="["+C+"]["+L+"]*",H=new RegExp("^"+S+"$"),Z=r(function(A,$){let V=[],F=$.exec(A);for(;F;){let T=[];T.startIndex=$.lastIndex-F[0].length;let E=F.length;for(let M=0;M<E;M++)T.push(F[M]);V.push(T),F=$.exec(A)}return V},"getAllMatches"),q=r(function(A){let $=H.exec(A);return!($===null||typeof $>"u")},"isName");b.isExist=function(A){return typeof A<"u"},b.isEmptyObject=function(A){return Object.keys(A).length===0},b.merge=function(A,$,V){if($){let F=Object.keys($),T=F.length;for(let E=0;E<T;E++)V==="strict"?A[F[E]]=[$[F[E]]]:A[F[E]]=$[F[E]]}},b.getValue=function(A){return b.isExist(A)?A:""},b.isName=q,b.getAllMatches=Z,b.nameRegexp=S}}),u=o({"node_modules/fast-xml-parser/src/xmlparser/xmlNode.js"(b,C){"use strict";var L=class{static{i(this,"XmlNode")}static{r(this,"XmlNode")}constructor(S){this.tagname=S,this.child=[],this[":@"]={}}add(S,H){S==="__proto__"&&(S="#__proto__"),this.child.push({[S]:H})}addChild(S){S.tagname==="__proto__"&&(S.tagname="#__proto__"),S[":@"]&&Object.keys(S[":@"]).length>0?this.child.push({[S.tagname]:S.child,":@":S[":@"]}):this.child.push({[S.tagname]:S.child})}};C.exports=L}}),c=o({"node_modules/fast-xml-parser/src/xmlparser/DocTypeReader.js"(b,C){var L=a();function S(T,E){let M={};if(T[E+3]==="O"&&T[E+4]==="C"&&T[E+5]==="T"&&T[E+6]==="Y"&&T[E+7]==="P"&&T[E+8]==="E"){E=E+9;let ce=1,J=!1,ee=!1,Ce="";for(;E<T.length;E++)if(T[E]==="<"&&!ee){if(J&&q(T,E))E+=7,[entityName,val,E]=H(T,E+1),val.indexOf("&")===-1&&(M[F(entityName)]={regx:RegExp(`&${entityName};`,"g"),val});else if(J&&A(T,E))E+=8;else if(J&&$(T,E))E+=8;else if(J&&V(T,E))E+=9;else if(Z)ee=!0;else throw new Error("Invalid DOCTYPE");ce++,Ce=""}else if(T[E]===">"){if(ee?T[E-1]==="-"&&T[E-2]==="-"&&(ee=!1,ce--):ce--,ce===0)break}else T[E]==="["?J=!0:Ce+=T[E];if(ce!==0)throw new Error("Unclosed DOCTYPE")}else throw new Error("Invalid Tag instead of DOCTYPE");return{entities:M,i:E}}i(S,"readDocType"),r(S,"readDocType");function H(T,E){let M="";for(;E<T.length&&T[E]!=="'"&&T[E]!=='"';E++)M+=T[E];if(M=M.trim(),M.indexOf(" ")!==-1)throw new Error("External entites are not supported");let ce=T[E++],J="";for(;E<T.length&&T[E]!==ce;E++)J+=T[E];return[M,J,E]}i(H,"readEntityExp"),r(H,"readEntityExp");function Z(T,E){return T[E+1]==="!"&&T[E+2]==="-"&&T[E+3]==="-"}i(Z,"isComment"),r(Z,"isComment");function q(T,E){return T[E+1]==="!"&&T[E+2]==="E"&&T[E+3]==="N"&&T[E+4]==="T"&&T[E+5]==="I"&&T[E+6]==="T"&&T[E+7]==="Y"}i(q,"isEntity"),r(q,"isEntity");function A(T,E){return T[E+1]==="!"&&T[E+2]==="E"&&T[E+3]==="L"&&T[E+4]==="E"&&T[E+5]==="M"&&T[E+6]==="E"&&T[E+7]==="N"&&T[E+8]==="T"}i(A,"isElement"),r(A,"isElement");function $(T,E){return T[E+1]==="!"&&T[E+2]==="A"&&T[E+3]==="T"&&T[E+4]==="T"&&T[E+5]==="L"&&T[E+6]==="I"&&T[E+7]==="S"&&T[E+8]==="T"}i($,"isAttlist"),r($,"isAttlist");function V(T,E){return T[E+1]==="!"&&T[E+2]==="N"&&T[E+3]==="O"&&T[E+4]==="T"&&T[E+5]==="A"&&T[E+6]==="T"&&T[E+7]==="I"&&T[E+8]==="O"&&T[E+9]==="N"}i(V,"isNotation"),r(V,"isNotation");function F(T){if(L.isName(T))return T;throw new Error(`Invalid entity name ${T}`)}i(F,"validateEntityName"),r(F,"validateEntityName"),C.exports=S}}),l=o({"../../node_modules/strnum/strnum.js"(b,C){var L=/^[-+]?0x[a-fA-F0-9]+$/,S=/^([\-\+])?(0*)(\.[0-9]+([eE]\-?[0-9]+)?|[0-9]+(\.[0-9]+([eE]\-?[0-9]+)?)?)$/;!Number.parseInt&&window.parseInt&&(Number.parseInt=window.parseInt),!Number.parseFloat&&window.parseFloat&&(Number.parseFloat=window.parseFloat);var H={hex:!0,leadingZeros:!0,decimalPoint:".",eNotation:!0};function Z(A,$={}){if($=Object.assign({},H,$),!A||typeof A!="string")return A;let V=A.trim();if($.skipLike!==void 0&&$.skipLike.test(V))return A;if($.hex&&L.test(V))return Number.parseInt(V,16);{let F=S.exec(V);if(F){let T=F[1],E=F[2],M=q(F[3]),ce=F[4]||F[6];if(!$.leadingZeros&&E.length>0&&T&&V[2]!==".")return A;if(!$.leadingZeros&&E.length>0&&!T&&V[1]!==".")return A;{let J=Number(V),ee=""+J;return ee.search(/[eE]/)!==-1||ce?$.eNotation?J:A:V.indexOf(".")!==-1?ee==="0"&&M===""||ee===M||T&&ee==="-"+M?J:A:E?M===ee||T+M===ee?J:A:V===ee||V===T+ee?J:A}}else return A}}i(Z,"toNumber"),r(Z,"toNumber");function q(A){return A&&A.indexOf(".")!==-1&&(A=A.replace(/0+$/,""),A==="."?A="0":A[0]==="."?A="0"+A:A[A.length-1]==="."&&(A=A.substr(0,A.length-1))),A}i(q,"trimZeros"),r(q,"trimZeros"),C.exports=Z}}),d=o({"node_modules/fast-xml-parser/src/xmlparser/OrderedObjParser.js"(b,C){"use strict";var L=a(),S=u(),H=c(),Z=l(),q=class{static{i(this,"OrderedObjParser")}static{r(this,"OrderedObjParser")}constructor(P){this.options=P,this.currentNode=null,this.tagsNodeStack=[],this.docTypeEntities={},this.lastEntities={apos:{regex:/&(apos|#39|#x27);/g,val:"'"},gt:{regex:/&(gt|#62|#x3E);/g,val:">"},lt:{regex:/&(lt|#60|#x3C);/g,val:"<"},quot:{regex:/&(quot|#34|#x22);/g,val:'"'}},this.ampEntity={regex:/&(amp|#38|#x26);/g,val:"&"},this.htmlEntities={space:{regex:/&(nbsp|#160);/g,val:" "},cent:{regex:/&(cent|#162);/g,val:"\xA2"},pound:{regex:/&(pound|#163);/g,val:"\xA3"},yen:{regex:/&(yen|#165);/g,val:"\xA5"},euro:{regex:/&(euro|#8364);/g,val:"\u20AC"},copyright:{regex:/&(copy|#169);/g,val:"\xA9"},reg:{regex:/&(reg|#174);/g,val:"\xAE"},inr:{regex:/&(inr|#8377);/g,val:"\u20B9"},num_dec:{regex:/&#([0-9]{1,7});/g,val:i((v,_)=>String.fromCharCode(Number.parseInt(_,10)),"val")},num_hex:{regex:/&#x([0-9a-fA-F]{1,6});/g,val:i((v,_)=>String.fromCharCode(Number.parseInt(_,16)),"val")}},this.addExternalEntities=A,this.parseXml=E,this.parseTextData=$,this.resolveNameSpace=V,this.buildAttributesMap=T,this.isItStopNode=ee,this.replaceEntitiesValue=ce,this.readStopNodeData=G,this.saveTextToParentTag=J,this.addChild=M}};function A(P){let v=Object.keys(P);for(let _=0;_<v.length;_++){let B=v[_];this.lastEntities[B]={regex:new RegExp("&"+B+";","g"),val:P[B]}}}i(A,"addExternalEntities"),r(A,"addExternalEntities");function $(P,v,_,B,N,D,te){if(P!==void 0&&(this.options.trimValues&&!B&&(P=P.trim()),P.length>0)){te||(P=this.replaceEntitiesValue(P));let j=this.options.tagValueProcessor(v,P,_,N,D);return j==null?P:typeof j!=typeof P||j!==P?j:this.options.trimValues?pe(P,this.options.parseTagValue,this.options.numberParseOptions):P.trim()===P?pe(P,this.options.parseTagValue,this.options.numberParseOptions):P}}i($,"parseTextData"),r($,"parseTextData");function V(P){if(this.options.removeNSPrefix){let v=P.split(":"),_=P.charAt(0)==="/"?"/":"";if(v[0]==="xmlns")return"";v.length===2&&(P=_+v[1])}return P}i(V,"resolveNameSpace"),r(V,"resolveNameSpace");var F=new RegExp(`([^\\s=]+)\\s*(=\\s*(['"])([\\s\\S]*?)\\3)?`,"gm");function T(P,v,_){if(!this.options.ignoreAttributes&&typeof P=="string"){let B=L.getAllMatches(P,F),N=B.length,D={};for(let te=0;te<N;te++){let j=this.resolveNameSpace(B[te][1]),U=B[te][4],le=this.options.attributeNamePrefix+j;if(j.length)if(this.options.transformAttributeName&&(le=this.options.transformAttributeName(le)),le==="__proto__"&&(le="#__proto__"),U!==void 0){this.options.trimValues&&(U=U.trim()),U=this.replaceEntitiesValue(U);let ie=this.options.attributeValueProcessor(j,U,v);ie==null?D[le]=U:typeof ie!=typeof U||ie!==U?D[le]=ie:D[le]=pe(U,this.options.parseAttributeValue,this.options.numberParseOptions)}else this.options.allowBooleanAttributes&&(D[le]=!0)}if(!Object.keys(D).length)return;if(this.options.attributesGroupName){let te={};return te[this.options.attributesGroupName]=D,te}return D}}i(T,"buildAttributesMap"),r(T,"buildAttributesMap");var E=r(function(P){P=P.replace(/\r\n?/g,`
+`);let v=new S("!xml"),_=v,B="",N="";for(let D=0;D<P.length;D++)if(P[D]==="<")if(P[D+1]==="/"){let j=w(P,">",D,"Closing Tag is not closed."),U=P.substring(D+2,j).trim();if(this.options.removeNSPrefix){let Ae=U.indexOf(":");Ae!==-1&&(U=U.substr(Ae+1))}this.options.transformTagName&&(U=this.options.transformTagName(U)),_&&(B=this.saveTextToParentTag(B,_,N));let le=N.substring(N.lastIndexOf(".")+1);if(U&&this.options.unpairedTags.indexOf(U)!==-1)throw new Error(`Unpaired tag can not be used as closing tag: </${U}>`);let ie=0;le&&this.options.unpairedTags.indexOf(le)!==-1?(ie=N.lastIndexOf(".",N.lastIndexOf(".")-1),this.tagsNodeStack.pop()):ie=N.lastIndexOf("."),N=N.substring(0,ie),_=this.tagsNodeStack.pop(),B="",D=j}else if(P[D+1]==="?"){let j=O(P,D,!1,"?>");if(!j)throw new Error("Pi Tag is not closed.");if(B=this.saveTextToParentTag(B,_,N),!(this.options.ignoreDeclaration&&j.tagName==="?xml"||this.options.ignorePiTags)){let U=new S(j.tagName);U.add(this.options.textNodeName,""),j.tagName!==j.tagExp&&j.attrExpPresent&&(U[":@"]=this.buildAttributesMap(j.tagExp,N,j.tagName)),this.addChild(_,U,N)}D=j.closeIndex+1}else if(P.substr(D+1,3)==="!--"){let j=w(P,"-->",D+4,"Comment is not closed.");if(this.options.commentPropName){let U=P.substring(D+4,j-2);B=this.saveTextToParentTag(B,_,N),_.add(this.options.commentPropName,[{[this.options.textNodeName]:U}])}D=j}else if(P.substr(D+1,2)==="!D"){let j=H(P,D);this.docTypeEntities=j.entities,D=j.i}else if(P.substr(D+1,2)==="!["){let j=w(P,"]]>",D,"CDATA is not closed.")-2,U=P.substring(D+9,j);B=this.saveTextToParentTag(B,_,N);let le=this.parseTextData(U,_.tagname,N,!0,!1,!0,!0);le==null&&(le=""),this.options.cdataPropName?_.add(this.options.cdataPropName,[{[this.options.textNodeName]:U}]):_.add(this.options.textNodeName,le),D=j+2}else{let j=O(P,D,this.options.removeNSPrefix),U=j.tagName,le=j.rawTagName,ie=j.tagExp,Ae=j.attrExpPresent,Ji=j.closeIndex;this.options.transformTagName&&(U=this.options.transformTagName(U)),_&&B&&_.tagname!=="!xml"&&(B=this.saveTextToParentTag(B,_,N,!1));let Ki=_;if(Ki&&this.options.unpairedTags.indexOf(Ki.tagname)!==-1&&(_=this.tagsNodeStack.pop(),N=N.substring(0,N.lastIndexOf("."))),U!==v.tagname&&(N+=N?"."+U:U),this.isItStopNode(this.options.stopNodes,N,U)){let Se="";if(ie.length>0&&ie.lastIndexOf("/")===ie.length-1)D=j.closeIndex;else if(this.options.unpairedTags.indexOf(U)!==-1)D=j.closeIndex;else{let lr=this.readStopNodeData(P,le,Ji+1);if(!lr)throw new Error(`Unexpected end of ${le}`);D=lr.i,Se=lr.tagContent}let cr=new S(U);U!==ie&&Ae&&(cr[":@"]=this.buildAttributesMap(ie,N,U)),Se&&(Se=this.parseTextData(Se,U,N,!0,Ae,!0,!0)),N=N.substr(0,N.lastIndexOf(".")),cr.add(this.options.textNodeName,Se),this.addChild(_,cr,N)}else{if(ie.length>0&&ie.lastIndexOf("/")===ie.length-1){U[U.length-1]==="/"?(U=U.substr(0,U.length-1),N=N.substr(0,N.length-1),ie=U):ie=ie.substr(0,ie.length-1),this.options.transformTagName&&(U=this.options.transformTagName(U));let Se=new S(U);U!==ie&&Ae&&(Se[":@"]=this.buildAttributesMap(ie,N,U)),this.addChild(_,Se,N),N=N.substr(0,N.lastIndexOf("."))}else{let Se=new S(U);this.tagsNodeStack.push(_),U!==ie&&Ae&&(Se[":@"]=this.buildAttributesMap(ie,N,U)),this.addChild(_,Se,N),_=Se}B="",D=Ji}}else B+=P[D];return v.child},"parseXml");function M(P,v,_){let B=this.options.updateTag(v.tagname,_,v[":@"]);B===!1||(typeof B=="string"&&(v.tagname=B),P.addChild(v))}i(M,"addChild"),r(M,"addChild");var ce=r(function(P){if(this.options.processEntities){for(let v in this.docTypeEntities){let _=this.docTypeEntities[v];P=P.replace(_.regx,_.val)}for(let v in this.lastEntities){let _=this.lastEntities[v];P=P.replace(_.regex,_.val)}if(this.options.htmlEntities)for(let v in this.htmlEntities){let _=this.htmlEntities[v];P=P.replace(_.regex,_.val)}P=P.replace(this.ampEntity.regex,this.ampEntity.val)}return P},"replaceEntitiesValue");function J(P,v,_,B){return P&&(B===void 0&&(B=Object.keys(v.child).length===0),P=this.parseTextData(P,v.tagname,_,!1,v[":@"]?Object.keys(v[":@"]).length!==0:!1,B),P!==void 0&&P!==""&&v.add(this.options.textNodeName,P),P=""),P}i(J,"saveTextToParentTag"),r(J,"saveTextToParentTag");function ee(P,v,_){let B="*."+_;for(let N in P){let D=P[N];if(B===D||v===D)return!0}return!1}i(ee,"isItStopNode"),r(ee,"isItStopNode");function Ce(P,v,_=">"){let B,N="";for(let D=v;D<P.length;D++){let te=P[D];if(B)te===B&&(B="");else if(te==='"'||te==="'")B=te;else if(te===_[0])if(_[1]){if(P[D+1]===_[1])return{data:N,index:D}}else return{data:N,index:D};else te==="	"&&(te=" ");N+=te}}i(Ce,"tagExpWithClosingIndex"),r(Ce,"tagExpWithClosingIndex");function w(P,v,_,B){let N=P.indexOf(v,_);if(N===-1)throw new Error(B);return N+v.length-1}i(w,"findClosingIndex"),r(w,"findClosingIndex");function O(P,v,_,B=">"){let N=Ce(P,v+1,B);if(!N)return;let D=N.data,te=N.index,j=D.search(/\s/),U=D,le=!0;j!==-1&&(U=D.substring(0,j),D=D.substring(j+1).trimStart());let ie=U;if(_){let Ae=U.indexOf(":");Ae!==-1&&(U=U.substr(Ae+1),le=U!==N.data.substr(Ae+1))}return{tagName:U,tagExp:D,closeIndex:te,attrExpPresent:le,rawTagName:ie}}i(O,"readTagExp"),r(O,"readTagExp");function G(P,v,_){let B=_,N=1;for(;_<P.length;_++)if(P[_]==="<")if(P[_+1]==="/"){let D=w(P,">",_,`${v} is not closed`);if(P.substring(_+2,D).trim()===v&&(N--,N===0))return{tagContent:P.substring(B,_),i:D};_=D}else if(P[_+1]==="?")_=w(P,"?>",_+1,"StopNode is not closed.");else if(P.substr(_+1,3)==="!--")_=w(P,"-->",_+3,"StopNode is not closed.");else if(P.substr(_+1,2)==="![")_=w(P,"]]>",_,"StopNode is not closed.")-2;else{let D=O(P,_,">");D&&((D&&D.tagName)===v&&D.tagExp[D.tagExp.length-1]!=="/"&&N++,_=D.closeIndex)}}i(G,"readStopNodeData"),r(G,"readStopNodeData");function pe(P,v,_){if(v&&typeof P=="string"){let B=P.trim();return B==="true"?!0:B==="false"?!1:Z(P,_)}else return L.isExist(P)?P:""}i(pe,"parseValue"),r(pe,"parseValue"),C.exports=q}}),p=o({"node_modules/fast-xml-parser/src/xmlparser/node2json.js"(b){"use strict";function C(q,A){return L(q,A)}i(C,"prettify"),r(C,"prettify");function L(q,A,$){let V,F={};for(let T=0;T<q.length;T++){let E=q[T],M=S(E),ce="";if($===void 0?ce=M:ce=$+"."+M,M===A.textNodeName)V===void 0?V=E[M]:V+=""+E[M];else{if(M===void 0)continue;if(E[M]){let J=L(E[M],A,ce),ee=Z(J,A);E[":@"]?H(J,E[":@"],ce,A):Object.keys(J).length===1&&J[A.textNodeName]!==void 0&&!A.alwaysCreateTextNode?J=J[A.textNodeName]:Object.keys(J).length===0&&(A.alwaysCreateTextNode?J[A.textNodeName]="":J=""),F[M]!==void 0&&F.hasOwnProperty(M)?(Array.isArray(F[M])||(F[M]=[F[M]]),F[M].push(J)):A.isArray(M,ce,ee)?F[M]=[J]:F[M]=J}}}return typeof V=="string"?V.length>0&&(F[A.textNodeName]=V):V!==void 0&&(F[A.textNodeName]=V),F}i(L,"compress"),r(L,"compress");function S(q){let A=Object.keys(q);for(let $=0;$<A.length;$++){let V=A[$];if(V!==":@")return V}}i(S,"propName"),r(S,"propName");function H(q,A,$,V){if(A){let F=Object.keys(A),T=F.length;for(let E=0;E<T;E++){let M=F[E];V.isArray(M,$+"."+M,!0,!0)?q[M]=[A[M]]:q[M]=A[M]}}}i(H,"assignAttributes"),r(H,"assignAttributes");function Z(q,A){let{textNodeName:$}=A,V=Object.keys(q).length;return!!(V===0||V===1&&(q[$]||typeof q[$]=="boolean"||q[$]===0))}i(Z,"isLeafTag"),r(Z,"isLeafTag"),b.prettify=C}}),m=o({"node_modules/fast-xml-parser/src/validator.js"(b){"use strict";var C=a(),L={allowBooleanAttributes:!1,unpairedTags:[]};b.validate=function(w,O){O=Object.assign({},L,O);let G=[],pe=!1,P=!1;w[0]==="\uFEFF"&&(w=w.substr(1));for(let v=0;v<w.length;v++)if(w[v]==="<"&&w[v+1]==="?"){if(v+=2,v=H(w,v),v.err)return v}else if(w[v]==="<"){let _=v;if(v++,w[v]==="!"){v=Z(w,v);continue}else{let B=!1;w[v]==="/"&&(B=!0,v++);let N="";for(;v<w.length&&w[v]!==">"&&w[v]!==" "&&w[v]!=="	"&&w[v]!==`
+`&&w[v]!=="\r";v++)N+=w[v];if(N=N.trim(),N[N.length-1]==="/"&&(N=N.substring(0,N.length-1),v--),!J(N)){let j;return N.trim().length===0?j="Invalid space after '<'.":j="Tag '"+N+"' is an invalid name.",M("InvalidTag",j,ee(w,v))}let D=$(w,v);if(D===!1)return M("InvalidAttr","Attributes for '"+N+"' have open quote.",ee(w,v));let te=D.value;if(v=D.index,te[te.length-1]==="/"){let j=v-te.length;te=te.substring(0,te.length-1);let U=F(te,O);if(U===!0)pe=!0;else return M(U.err.code,U.err.msg,ee(w,j+U.err.line))}else if(B)if(D.tagClosed){if(te.trim().length>0)return M("InvalidTag","Closing tag '"+N+"' can't have attributes or invalid starting.",ee(w,_));{let j=G.pop();if(N!==j.tagName){let U=ee(w,j.tagStartPos);return M("InvalidTag","Expected closing tag '"+j.tagName+"' (opened in line "+U.line+", col "+U.col+") instead of closing tag '"+N+"'.",ee(w,_))}G.length==0&&(P=!0)}}else return M("InvalidTag","Closing tag '"+N+"' doesn't have proper closing.",ee(w,v));else{let j=F(te,O);if(j!==!0)return M(j.err.code,j.err.msg,ee(w,v-te.length+j.err.line));if(P===!0)return M("InvalidXml","Multiple possible root nodes found.",ee(w,v));O.unpairedTags.indexOf(N)!==-1||G.push({tagName:N,tagStartPos:_}),pe=!0}for(v++;v<w.length;v++)if(w[v]==="<")if(w[v+1]==="!"){v++,v=Z(w,v);continue}else if(w[v+1]==="?"){if(v=H(w,++v),v.err)return v}else break;else if(w[v]==="&"){let j=E(w,v);if(j==-1)return M("InvalidChar","char '&' is not expected.",ee(w,v));v=j}else if(P===!0&&!S(w[v]))return M("InvalidXml","Extra text at the end",ee(w,v));w[v]==="<"&&v--}}else{if(S(w[v]))continue;return M("InvalidChar","char '"+w[v]+"' is not expected.",ee(w,v))}if(pe){if(G.length==1)return M("InvalidTag","Unclosed tag '"+G[0].tagName+"'.",ee(w,G[0].tagStartPos));if(G.length>0)return M("InvalidXml","Invalid '"+JSON.stringify(G.map(v=>v.tagName),null,4).replace(/\r?\n/g,"")+"' found.",{line:1,col:1})}else return M("InvalidXml","Start tag expected.",1);return!0};function S(w){return w===" "||w==="	"||w===`
+`||w==="\r"}i(S,"isWhiteSpace"),r(S,"isWhiteSpace");function H(w,O){let G=O;for(;O<w.length;O++)if(w[O]=="?"||w[O]==" "){let pe=w.substr(G,O-G);if(O>5&&pe==="xml")return M("InvalidXml","XML declaration allowed only at the start of the document.",ee(w,O));if(w[O]=="?"&&w[O+1]==">"){O++;break}else continue}return O}i(H,"readPI"),r(H,"readPI");function Z(w,O){if(w.length>O+5&&w[O+1]==="-"&&w[O+2]==="-"){for(O+=3;O<w.length;O++)if(w[O]==="-"&&w[O+1]==="-"&&w[O+2]===">"){O+=2;break}}else if(w.length>O+8&&w[O+1]==="D"&&w[O+2]==="O"&&w[O+3]==="C"&&w[O+4]==="T"&&w[O+5]==="Y"&&w[O+6]==="P"&&w[O+7]==="E"){let G=1;for(O+=8;O<w.length;O++)if(w[O]==="<")G++;else if(w[O]===">"&&(G--,G===0))break}else if(w.length>O+9&&w[O+1]==="["&&w[O+2]==="C"&&w[O+3]==="D"&&w[O+4]==="A"&&w[O+5]==="T"&&w[O+6]==="A"&&w[O+7]==="["){for(O+=8;O<w.length;O++)if(w[O]==="]"&&w[O+1]==="]"&&w[O+2]===">"){O+=2;break}}return O}i(Z,"readCommentAndCDATA"),r(Z,"readCommentAndCDATA");var q='"',A="'";function $(w,O){let G="",pe="",P=!1;for(;O<w.length;O++){if(w[O]===q||w[O]===A)pe===""?pe=w[O]:pe!==w[O]||(pe="");else if(w[O]===">"&&pe===""){P=!0;break}G+=w[O]}return pe!==""?!1:{value:G,index:O,tagClosed:P}}i($,"readAttributeStr"),r($,"readAttributeStr");var V=new RegExp(`(\\s*)([^\\s=]+)(\\s*=)?(\\s*(['"])(([\\s\\S])*?)\\5)?`,"g");function F(w,O){let G=C.getAllMatches(w,V),pe={};for(let P=0;P<G.length;P++){if(G[P][1].length===0)return M("InvalidAttr","Attribute '"+G[P][2]+"' has no space in starting.",Ce(G[P]));if(G[P][3]!==void 0&&G[P][4]===void 0)return M("InvalidAttr","Attribute '"+G[P][2]+"' is without value.",Ce(G[P]));if(G[P][3]===void 0&&!O.allowBooleanAttributes)return M("InvalidAttr","boolean attribute '"+G[P][2]+"' is not allowed.",Ce(G[P]));let v=G[P][2];if(!ce(v))return M("InvalidAttr","Attribute '"+v+"' is an invalid name.",Ce(G[P]));if(!pe.hasOwnProperty(v))pe[v]=1;else return M("InvalidAttr","Attribute '"+v+"' is repeated.",Ce(G[P]))}return!0}i(F,"validateAttributeString"),r(F,"validateAttributeString");function T(w,O){let G=/\d/;for(w[O]==="x"&&(O++,G=/[\da-fA-F]/);O<w.length;O++){if(w[O]===";")return O;if(!w[O].match(G))break}return-1}i(T,"validateNumberAmpersand"),r(T,"validateNumberAmpersand");function E(w,O){if(O++,w[O]===";")return-1;if(w[O]==="#")return O++,T(w,O);let G=0;for(;O<w.length;O++,G++)if(!(w[O].match(/\w/)&&G<20)){if(w[O]===";")break;return-1}return O}i(E,"validateAmpersand"),r(E,"validateAmpersand");function M(w,O,G){return{err:{code:w,msg:O,line:G.line||G,col:G.col}}}i(M,"getErrorObject"),r(M,"getErrorObject");function ce(w){return C.isName(w)}i(ce,"validateAttrName"),r(ce,"validateAttrName");function J(w){return C.isName(w)}i(J,"validateTagName"),r(J,"validateTagName");function ee(w,O){let G=w.substring(0,O).split(/\r?\n/);return{line:G.length,col:G[G.length-1].length+1}}i(ee,"getLineNumberForPosition"),r(ee,"getLineNumberForPosition");function Ce(w){return w.startIndex+w[1].length}i(Ce,"getPositionFromMatch"),r(Ce,"getPositionFromMatch")}}),h=o({"node_modules/fast-xml-parser/src/xmlparser/XMLParser.js"(b,C){var{buildOptions:L}=s(),S=d(),{prettify:H}=p(),Z=m(),q=class{static{i(this,"XMLParser")}static{r(this,"XMLParser")}constructor(A){this.externalEntities={},this.options=L(A)}parse(A,$){if(typeof A!="string")if(A.toString)A=A.toString();else throw new Error("XML data is accepted in String or Bytes[] form.");if($){$===!0&&($={});let T=Z.validate(A,$);if(T!==!0)throw Error(`${T.err.msg}:${T.err.line}:${T.err.col}`)}let V=new S(this.options);V.addExternalEntities(this.externalEntities);let F=V.parseXml(A);return this.options.preserveOrder||F===void 0?F:H(F,this.options)}addEntity(A,$){if($.indexOf("&")!==-1)throw new Error("Entity value can't have '&'");if(A.indexOf("&")!==-1||A.indexOf(";")!==-1)throw new Error("An entity must be set without '&' and ';'. Eg. use '#xD' for '&#xD;'");if($==="&")throw new Error("An entity with value '&' is not permitted");this.externalEntities[A]=$}};C.exports=q}});let I=h();return new I(n)},"getXmlParser");var Bi=class extends Je{static{i(this,"XmlToJsonOutboundPolicy")}parser;parseOnStatusCodes;constructor(e,t){super(e,t),f("policy.outbound.xml-to-json"),W(this.options,this.policyName).optional("removeNSPrefix","boolean").optional("ignoreProcessingInstructions","boolean").optional("ignoreDeclarations","boolean").optional("ignoreAttributes","boolean").optional("stopNodes","array").optional("attributeNamePrefix","string").optional("textNodeName","string").optional("trimValues","boolean"),this.parseOnStatusCodes=e.parseOnStatusCodes?Ve(e.parseOnStatusCodes):void 0,this.parser=_u({removeNSPrefix:e?.removeNSPrefix??!0,ignorePiTags:e?.ignoreProcessingInstructions??!0,ignoreDeclaration:e?.ignoreDeclarations??!0,ignoreAttributes:e?.ignoreAttributes??!0,stopNodes:e?.stopNodes??[],attributeNamePrefix:e?.attributeNamePrefix??"@_",textNodeName:e?.textNodeName??"#text",trimValues:e?.trimValues??!0})}async handler(e,t,r){if(this.parseOnStatusCodes&&!this.parseOnStatusCodes.includes(e.status))return e;let o;try{let u=await e.text();o=this.parser.parse(u)}catch(u){let c=`XmlToJsonOutboundPolicy - Error parsing XML contents in policy '${this.policyName}'.`;throw r.log.error(c,u),new k(c)}let s=new Headers(e.headers);return s.set("content-type","application/json"),new Response(JSON.stringify(o),{status:e.status,statusText:e.statusText,headers:s})}};var Gi=class{static{i(this,"ServiceProviderImpl")}services=new Map;addService(e,t){if(this.services.get(e))throw new K(`A service with the name ${e} already exists -- you cannot have duplicate services`);this.services.set(e,t)}getService(e){return this.services.get(e)}};var Nu=10,Du=3e4,sn=class{static{i(this,"BackgroundLoader")}#e=new Map;#t;#n;#r;#o;#i={};constructor(e,t){if(typeof t=="number"){let r=t;this.#n=r*1e3,this.#o=Du,this.#r=Nu}else{let r=t;this.#n=r.ttlSeconds*1e3,this.#o=r.loaderTimeoutSeconds?r.loaderTimeoutSeconds*1e3:Du,this.#r=Nu}this.#t=e}#s(e){return e.expiry<=new Date}#a(e){let t=this.#i[e];return!(t===void 0||t===0)}#u(e){let t=this.#e.get(e);if(t&&!this.#s(t))return t.data}async get(e){let t=this.#u(e);if(t)return this.#c(e),t;if(this.#a(e))try{await zp(()=>this.#u(e)!==void 0||!this.#a,this.#o+this.#r+1,this.#r);let r=this.#u(e);if(r)return r}catch{}return this.#l(e)}#c(e){if(!this.#a(e)){let t=this.#l(e);Ke().waitUntil(t)}}async#l(e){try{this.#i[e]===void 0&&(this.#i[e]=0),this.#i[e]++;let t=await Promise.race([this.#t(e),scheduler.wait(this.#o)]);if(t===void 0)throw new g(`BackgroundLoader: Loader timed out after ${this.#o} ms.`);return this.#e.set(e,{data:t,expiry:new Date(Date.now()+this.#n)}),t}finally{this.#i[e]--}}};async function zp(n,e,t){let r=Date.now();for(;!n();){let o=Date.now()-r;if(o>e)throw new g(`BackgroundLoader: Timeout waiting for an on-going loader after ${o} ms.`);await scheduler.wait(t)}}i(zp,"waitUntilTrue");var Vi=["sha-1","sha-256","sha-384","sha-512"],ur=class{static{i(this,"BaseCryptoBeta")}};var Wi=class extends ur{static{i(this,"WorkerCryptoBeta")}async digest(e,t){if(f("runtime.crypto-beta"),!Vi.includes(e.toLowerCase()))throw new k(`Algorithm ${e} is not supported. Try using ${Vi.join(", ")}`);let r=new TextEncoder().encode(t),o=await crypto.subtle.digest(e,r);return Array.from(new Uint8Array(o)).map(u=>u.toString(16).padStart(2,"0")).join("")}};export{$o as AWSLoggingPlugin,Yo as AkamaiApiSecurityPlugin,md as AmberfloMeteringInboundPolicy,di as AmberfloMeteringPolicy,hd as ApiAuthKeyInboundPolicy,pi as ApiKeyInboundPolicy,mi as AsertoAuthZInboundPolicy,Vo as AuditLogDataStaxProvider,Wo as AuditLogPlugin,Pd as Auth0JwtInboundPolicy,yi as AuthZenInboundPolicy,fl as AwsLambdaHandlerExtensions,bi as AxiomaticsAuthZInboundPolicy,ti as AzureBlobPlugin,ni as AzureEventHubsRequestLoggerPlugin,an as BackgroundDispatcher,sn as BackgroundLoader,Ed as BasicAuthInboundPolicy,Pu as BasicRateLimitInboundPolicy,X as BatchDispatch,Pi as BrownoutInboundPolicy,Nd as CachingInboundPolicy,Dd as ChangeMethodInboundPolicy,Md as ClearHeadersInboundPolicy,qd as ClearHeadersOutboundPolicy,Ud as ClerkJwtInboundPolicy,$d as CognitoJwtInboundPolicy,Ci as ComplexRateLimitInboundPolicy,Wd as CompositeInboundPolicy,Jd as CompositeOutboundPolicy,g as ConfigurationError,jr as ContentTypes,ne as ContextData,Wi as CryptoBeta,Kd as CurityPhantomTokenInboundPolicy,yo as DataDogLoggingPlugin,Fo as DataDogMetricsPlugin,Oo as DynaTraceLoggingPlugin,Bo as DynatraceMetricsPlugin,Yd as FirebaseJwtInboundPolicy,Xd as FormDataToJsonInboundPolicy,ep as GeoFilterInboundPolicy,po as GoogleCloudLoggingPlugin,Po as Handler,x as HttpProblems,An as HttpStatusCode,ri as HydrolixRequestLoggerPlugin,ae as InboundPolicy,tp as JWTScopeValidationInboundPolicy,Lo as LokiLoggingPlugin,yt as LookupResult,oe as MemoryZoneReadThroughCache,np as MockApiInboundPolicy,cp as MoesifInboundPolicy,ki as MonetizationInboundPolicy,Li as OktaFGAAuthZInboundPolicy,dp as OktaJwtInboundPolicy,_i as OpenFGAAuthZInboundPolicy,Pe as OpenIdJwtInboundPolicy,Je as OutboundPolicy,rt as ProblemResponseFormatter,mp as PropelAuthJwtInboundPolicy,Mi as QuotaInboundPolicy,Pu as RateLimitInboundPolicy,wp as ReadmeMetricsInboundPolicy,Rp as RemoveHeadersInboundPolicy,Pp as RemoveHeadersOutboundPolicy,Ip as RemoveQueryParamsInboundPolicy,Ep as ReplaceStringOutboundPolicy,oi as RequestLoggerPlugin,xp as RequestSizeLimitInboundPolicy,Au as RequestValidationInboundPolicy,vp as RequireOriginInboundPolicy,zt as ResponseSendingEvent,Bt as ResponseSentEvent,k as RuntimeError,In as SYSTEM_LOGGER,Tp as SchemaBasedRequestValidation,He as SemanticAttributes,Gi as ServiceProviderImpl,Cp as SetBodyInboundPolicy,Sp as SetHeadersInboundPolicy,Ap as SetHeadersOutboundPolicy,Op as SetQueryParamsInboundPolicy,kp as SetStatusOutboundPolicy,_p as SleepInboundPolicy,Cr as StreamingZoneCache,Ba as StripeMonetizationPlugin,un as StripeWebhookVerificationInboundPolicy,Do as SumoLogicLoggingPlugin,Np as SupabaseJwtInboundPolicy,Fe as SystemRouteName,Ft as TelemetryPlugin,Dp as UpstreamAzureAdServiceAuthInboundPolicy,qp as UpstreamFirebaseAdminAuthInboundPolicy,Hp as UpstreamFirebaseUserAuthInboundPolicy,Fi as UpstreamGcpFederatedAuthInboundPolicy,Zp as UpstreamGcpJwtInboundPolicy,Fp as UpstreamGcpServiceAuthInboundPolicy,qo as VMWareLogInsightLoggingPlugin,jp as ValidateJsonSchemaInbound,Bi as XmlToJsonOutboundPolicy,Nt as ZoneCache,Y as ZuploRequest,dn as ZuploServices,uc as apiServices,hl as awsLambdaHandler,ed as defaultGenerateHydrolixEntry,fe as environment,dr as getIdForParameterSchema,$u as getIdForRefSchema,pr as getIdForRequestBodySchema,Uu as getRawOperationDataIdentifierName,Gr as httpStatuses,xl as openApiSpecHandler,vl as redirectHandler,Hu as sanitizedIdentifierName,zr as serialize,sp as setMoesifContext,f as trackFeature,Al as urlForwardHandler,kl as urlRewriteHandler,Ll as webSocketHandler,_l as webSocketPipelineHandler,Cl as zuploServiceProxy};
 /*! For license information please see index.js.LEGAL.txt */